this post was submitted on 20 Jun 2024

352 points (98.4% liked)

Privacy

29764 readers

735 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

352

Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops (www.404media.co)

submitted 1 week ago by [email protected] to c/[email protected]

58 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] root 17 points 1 week ago (2 children)

Very disappointing. Does Apple sell Air Tag data to 3rd parties?

[–] [email protected] 13 points 1 week ago (3 children)

Apple cannot sell your AirTag data, because they don’t know it. It’s all encrypted.

[–] olafurp 15 points 1 week ago (1 children)

Sure, it's encrypted, but there might be a way for them to decrypt it.

[–] Telodzrum 3 points 1 week ago

It lives in the same place as your other inaccessible data, which Apple has been unable to produce when served with warrants for iCloud data and the like.

[–] [email protected] 10 points 1 week ago (2 children)

They say the same thing about some of the other data that they encrypt, but then they store the encryption private keys on their servers.

Encryption doesn't mean they can't see the data. It means only the people with the private keys (and those who can crack the private keys or a device with the private keys) can see the data.

One must know if the data is encrypted both at rest and in transit. What type of encryption is used. Where the private key is stored. And what are the protections in-place where the key is stored

[–] [email protected] 11 points 1 week ago (1 children)

They do outline all of that, explaining how it works. The private key pair and secret are never sent to Apple. And yes, it’s end-to-end encrypted of course.

https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

Page 202 of you care to learn how it works.

[–] [email protected] 6 points 1 week ago (1 children)

Is the source code public so we can verify the implementation matches the spec?

[–] [email protected] 3 points 1 week ago

It's not open source if that's what you mean. If you think that stops people looking at code then I'll have some of what you're smoking please.

If you're genuinely interested in how the Find My system works Here's a good paper on it. The papers publishers even have an open source tool to connect to Apples Find My network which is neat.

[–] [email protected] 2 points 1 week ago

With proprietary software you have no way of knowing. Also avoid SaSS (service as a software substitute)

[–] [email protected] 9 points 1 week ago (1 children)

You read the leaflet. Nice.

[–] VelvetStorm -2 points 1 week ago (2 children)

Yes. They all do.

[–] efstajas 18 points 1 week ago* (last edited 1 week ago) (1 children)

They sell AirTag location data? I honestly find that hard to believe. What's your source on this other than big tech bad?

[–] IsThisAnAI 11 points 1 week ago

They don't have one. It's the new "Alexa is spying on you".

[–] [email protected] 7 points 1 week ago (1 children)

AirTag location data is encrypted. Apple doesn’t know where they are.

[–] VelvetStorm 9 points 1 week ago (1 children)

Right, apple definitely doesn't have access to the info on the products they make and sell to the public.

[–] [email protected] 6 points 1 week ago (2 children)

Do you know how encryption works?

[–] LordKitsuna 19 points 1 week ago (4 children)

Have you verified their encryption method? Where is the source code? Where is the third party public audit that verifies that it's implemented properly with no other means of access?

Blindly trusting that they say it's encrypted is basically the same as no encryption

[–] [email protected] 2 points 1 week ago (1 children)

Here is the documentation regarding third party verification of their security claims.

https://support.apple.com/en-ca/guide/certifications/apc3cea61877b/web

I’m assuming for some reason this is not good enough for you?

[–] LordKitsuna 0 points 1 week ago

I mean, None of these appeared to specifically be about the air tag. But it is at least does help show a general overall commitment to security. So it's not as if it's not a huge point in favor of trusting that the airtag data is safe

[–] [email protected] 2 points 1 week ago (1 children)

On top of being privacy focused themselves, they are only working with AI parters who also pass a third party code review verifying that zero user data is stored.

Shit on Apple for not being repairable, sure. Shit on Apple for their walled garden, sure. But shitting on Apple over privacy is insane. They are they only big tech company that actually cares.

[–] [email protected] 2 points 1 week ago

I used to hold the same opinion you do, but after reading this article, reality caught up with me:

https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html

If you want a shorter version of this that puts the consequences into perspective, I recommend one of Cory Doctorow's blog posts: https://pluralistic.net/2021/05/18/unhealthy-balance-sheet/#think-manorialism

Taking the above behavior into account, Apple's value proposition for anyone that cares about digital sovereignty is extremely brittle. I've decided not to invest any further into their tech. Is it the worst evil that roams earth? No. But does it logically follow that you should defend all their practices? Also no.

After reading the above, it shouldn't surprise your that Apple spies on their users too, if only a bit less than, say, Facebook/Meta: https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Hope you can approach this with an open mind. I know it's hard, I certainly didn't want to start doubting what I thought was a valiant defender of consumer privacy. Cases like the San Bernardino shooter were testaments for Apple's commitment to me. It turns out that's only half the story though.

[–] IsThisAnAI -4 points 1 week ago

This is made up fantasy land paranoia. Charlie Day with a big board shit.

Yep apple is secretly grabbing data that not one privacy expert has found. Just like those sneaky Alexas that are always listening to me.

[–] olafurp 7 points 1 week ago (1 children)

Do you know how decryption works?

[–] [email protected] 1 points 1 week ago (2 children)

Yes, only the person with the key can decrypt. Apple doesn’t have the keys.

[–] [email protected] 4 points 1 week ago

That's what the NSA said about DES. Fun fact: they were lying.

Learn your crypto war history.

[–] olafurp 2 points 1 week ago (1 children)

They also "Didn't have them" in the past and then gave them to the NSA. 🙃

[–] [email protected] 1 points 1 week ago

Source? As far as I know they didn’t claim to not know location until iOS 17 release. Up until then they could access that info, and were required to give it up provided with warrants. This has been a reason Apple has actively been limiting the data they have access to. They cannot be compelled to give up data they have no way of accessing.