Apple seems to be investing heavily in security and privacy, but I'm curious to see if they can actually convince the average consumer to care (and/or buy into their security narrative, depending on your level of cynicism). So far, the convenience and features offered by their competition (at the expense of user privacy) seem to be a stronger draw.<p>I figure either (A) they're trying to carve out a niche of hardcore consumers who do care, or (B) they're trying to play a long game, hoping that broad sentiment shifts towards valuing electronic privacy. If it's the former case, I think they're doing fine; these kinds of whitepapers will reach most of those who care, and periodic news articles ("Terrorist iPhone unable to be unlocked!") will reach the rest.<p>If it's the latter, I think it's a pretty big risk given the scale of their re-education task (the pool of users willing to sacrifice personal privacy for other benefits, i.e. Google and Facebook's bread and butter) and the potential pushback they'll receive/have been receiving from governmental sources.<p>What does HN think? Is this a viable business differentiator for them, long term? Or will they have to shift to the 'dark side' of personalized data and services to remain competitive in the future?
I hope Apple will begin to spin privacy and security as part of their "premium lifestyle". Because if privacy and security will be associated with premiumness, other companies will have an incentive to implement similar measures in their products. People will actually care about their digital privacy for the first time! (though not because of the benefits of privacy, but to show off to others that they can afford a <i>premium</i> product with privacy)<p>Sort of like how companies suddenly started caring about their mobile phones' package design after the iPhone was released with its sleek packaging.
Apple security is confusing. For example, Find My Mac does not require 2FA even when 2FA is enabled. An attacker can remotely wipe your MacBook with just your iCloud password.<p>Another example: apparently there is a distinction between "two-factor authentication" and "two-step authentication", the later being a deprecated, but active system. Reading the docs for the older system, you'll soon discover differences in things such as account access and recovery that lead to an entirely different set of consequences and caveats for security. You'll find out that in certain scenarios you could permanently lose access to your iCloud account and iTunes purchases under "two-step authentication*, but not the newer "two-factor authentication". If a user confused the two while reading the Apple online support pages, it could have grave consequences.<p>Security is something that needs to be documented and marketed in clear terms. Why Apple would adopt names so similar for two distinct implementations of a security mechanism that they could arbitrarily describe either is incoherent with Apple's supposed model of user friendliness. It's what Microsoft does with its products, not Apple. Additionally, all facets of a security feature should be documented, and documented well. It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well.
I certainly appreciate this effort, whatever their long term intention or strategy is with this in a commercial way (or not), it’s in line with what I expect when it comes to my privacy and security.<p>Some of the google/Android “features” and what they do with your data, make old school keyloggers look like a joke.
"The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using a shared key provisioned for each Touch ID sensor and its corresponding Secure Enclave at the factory."<p>> "at the factory"<p>I suppose the secret key is erased at the factory, however, what if it isn't? Or, is the secret key generated on-chip via a random number generator? If it were stored at the factory somewhere then it would be possible to link it to each iPhone. I'm not familiar with cryptography, so I think it's just a misunderstanding on my part, and I'm not sure if this would be a weakness in the Touch ID sensor.
I am wondering if someone could explain Chinese iCloud accounts transfer implications.<p>I see that iCloud Keychain is still secure, but pretty much everything is fucked up, right?
Could you please add (PDF) to the title? Didn't HN used to do this automatically? Or did the trailing "?" in the URL break that functionality?
iCloud Keychain may be surprising for some folks. For example, it can be restored from an iCloud backup only to the same machine. Also, you have no ability to recover your iCloud keychain from your own time machine backups.<p>The reasons, as the document outlines, are for added security. But, having recently wiped my iCloud keychain by resetting Safari's privacy settings and inadvertently loosing all my passwords, I was surprised to discover that I couldn't restore my passwords from my own backups. The upside is a compromised iCloud password doesn't also leak all the keychain passwords.
> "The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using a shared key provisioned for each Touch ID sensor and its corresponding Secure Enclave at the factory."<p>If I understand this correctly, IF they're using Diffie Hellman key exchange to generate the shared session key for every chip, doesn't this mean Apple also owns the session key for every single iDevice out there and can crack into them if they wanted to?<p>Does this mean the "security" only protects users from men-in-the-middle, but not from Apple (or NSA if they come after them)?
Regarding iCloud accounts, Apple seems to be forcing the usage of phone numbers for 2FA and account recovery without an option to disable it. I switched from an Android device to an iPhone recently and was asked to setup an iCloud account. I went through the setup process and realized that my phone number was setup as a 2nd factor with no option to disable it [0]. For all the talk about Apple devices being the most secure, not many people seem to be complaining about how Apple forces a phone number as a 2nd factor + account recovery method. Most people backup very personal data to their iCloud accounts and forcing users to use a phone number for 2FA and account recovery is ridiculous. IMO Google gets 2FA right : I can setup a Yubikey + Authenticator + backup codes and remove my phone number as a 2FA method. And I also realized that there's no way to delete an iCloud account. I assumed all the big companies will have an option to delete accounts. I hope there's a law mandating all online accounts need to have a clearly defined lifecycle with an option to delete accounts and personal data if users want to.<p>(First time using an Apple device, so I might be misunderstanding the 2FA situation, correct me if I'm wrong.)<p>[0] <a href="https://support.apple.com/en-us/HT204915" rel="nofollow">https://support.apple.com/en-us/HT204915</a>
Is this chain-of-trust implementation the reason my backlit-keyboard on my macbook pro won't light up whilst asking me for my password on coldboot? It's a giant pain in the rear to get up and flip on a light when you're in bed programming at night... ( sigh )
This looks like a great example of insecurity through security.<p>Given that Apple is not trustworthy and you need to be able to change and/or inspect a device to have a chance at security, this is a solid strike for a human-thought-free insecure world.
>The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID)<p>I would love to know the likelihood of this in reality. For example, What about people who look like you? You don't tend to hang around with completely random people, its often parents and siblings who, unlike fingerprints, may bare facial resemblance enough to trick it