Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This still runs on external hardware which can be spoofed at the demand of authorities. It may be private as in they themselves won’t monetize it but your data certainly won’t be safe


Ahhh cool encryption doesn't exist, MTLS doesn't exist i forgot


I can't speak towards Apple's or $your_government's trustworthiness, but MTLS wouldn't protect against an attack where Apple collaborates with a data requester.

There are people and orgs out there who (justifiably or not) are paranoid enough that they factor this into their threat model.

This is a bit academic right now, but it's also worth mentioning that in the coming years, as quantum computing becomes more and more practical, snapshots of data encrypted using quantum-unsafe cryptography, or with symmetric keys protected by quantum-unsafe crypto (like most Diffie-Hellman schemes) will be decryptable much more easily. Whether a motivated bad actor has access to the quantum infrastructure needed to do this at scale is another question, though.


How about you Google DMA Memory Attacks, VM Escape attacks, Memory scraping and sniffing, Memory Bus Snooping and so on.

As long as the data is processed externally, no software solutions make it safe, unless you yourself are in control of the premises.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: