“But iMessage is end-to-end encrypted!”
Also I think it’s amazing that in five years we’ve gone from “if you haven’t committed a crime you don’t need encryption” to “US opposition lawmakers have their texts searched.”
Quick reminder: Apple could fix this in a heartbeat by adding an “end to end encryption for iCloud backup” setting (the tech is already in place), but they don’t. Even for those who want it.
Good reporting on why: google.com/amp/s/mobile.r…
Also, I understand the legal situation. But imagine being a lawyer and knowing that the White House is spying on the House Intelligence Committee, but being duty bound to keep that secret for three years.
I guess what I’m saying is that if you come out of that with any reverence at all for the way US law works in this area, you’re a stronger person than I am. And that’s not a compliment.
This is how our country works now, and (very probably) will again in the future.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

12 Jun
Reporters: when Apple says it hands over “metadata”, ask them what the hell that means.
Every time you start an iMessage conversation with someone, Apple logs the phone number. That’s “metadata”.

Did Apple turn that metadata over in this case?
Ok, following some research. It appears there are three orders that courts/law enforcement can use to obtain metadata. This is complex. Sheesh. 1/
Read 12 tweets
12 Jun
This is where we’re at. The responsibility for fighting surveillance abuse falls to tech companies, because nobody even pretends that the Federal government and courts are functional moral actors. Image
I have to assume that right now Apple and other tech companies are developing procedures to identify subpoenas that are aimed at Congress, on the assumption that the DoJ can’t be trusted to tell them.
“Well, we only handed over metadata, not content.”

You handed over a list that could contain every phone number House Intelligence Committee members ever spoke to or texted with, and you think that makes it ok?
Read 4 tweets
9 Jun
Oh wow, how did I miss this one. Tricking browsers into uploading their secret cookies to FTP sites, because the two servers share a TLS certificate.
Really in-the-weeds technical discussion of mitigations by @FiloSottile.
I’m going to forget about TLS here for a moment, and point out that the best way to mitigate a lot of these attacks is just to replace cookies entirely.
Read 4 tweets
7 Jun
Oh good the FBI recovered the Colonial Pipeline ransom by tracing the wallet. Ransomware is solved!
Narrator voice: ransomware was not solved.
Looks like ransomware operators are going to have to do more than, well, the barest minimum in order to protect the privacy of their payments.
Read 12 tweets
7 Jun
The FSB’s encryption software seems to be pretty much in character. krebsonsecurity.com/2021/06/advent…
I know this is a bit of a stereotype, but why is Russian crypto always so weird?
“We don’t use a normal random number generator, we use a gerbil connected to a hot cup of tea. Also use our ciphers where the S-Boxes are ‘random’ meaning they actually aren’t.”
Read 4 tweets
3 Jun
Dear researchers: the hard part of problems like “traceability” is not the part where you build a mass surveillance system. Building mass surveillance systems is *easy*.
The hard part is building systems that don’t utterly shatter the security guarantees that the private system offered, and don’t have caveats like “obviously this can be abused, stopping that is future work.”
When I go out to see what our research community has been doing in this area, I expect them to understand what makes this research problem hard. Not to find slides like this one.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(