Well, they can reset your Apple ID password to something they know and then get the data, so it's not "impossible", but if they do that then you'll know it has happened.
Bar that, however, I think they set it up so that they couldn't decrypt the data any other way, even when pressed with a court order.
They know the hash of your password and can reset it, but they otherwise don't know what your password is.
They could reset it to something they know, but you'd know they had done this, and they could also add a device controlled by them (or the FBI) to your send list, but this would also be evident to the end user (at least, to a security researcher).
They set up iMessage like that deliberately so that they could promote the fact that they can't decrypt the messages themselves as a feature of the system.
Obviously since they control the system (i.e., they can reset your password) it's not *totally* secure if they were really determined to decrypt the data, but they way it is designed right now it's about as good as they could make it for a system that you do not control. From what I understand from people with more knowledge than I about how it works, there are very limited ways that they could get the data without you knowing that they had done so (barring the lack of some giant, hidden backdoor in the system).
Android uses regular SMS for texts, which was never encrypted on any OS. The FBI would be asking the carriers for copies of those, unless it's over the Google Hangouts app using a Google Voice number, in which case they'd have to ask Google.
Apple runs the iPhone texts over their own iMessage service, which has a gateway to SMS for messages sent to non-iPhone users. (Which is also a problem since if you used to have an iPhone but switched to any other phone, Apple keeps iMessage texts sent to you within iMessage and blackholes them to a non-existant iPhone, instead of forwarding them over the SMS gateway to your new phone. Part of their user lock-in strategy. They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.)
No they're not - they have a website you can go to that will de-register your number and fix the problem of vanishing SMS messages if you move to a non-iOS phone if you don't switch off the iMessage system on that number before changing phone.
It takes about 5 minutes and you receive a text message when it completes.
The official method to shut off iMessage is to do it before you stop using the iPhone, and that used to be the only way (leaving people stuck, since it's easy to forget to do it), but the website has been around for some time now.
There's no "fighting in court" or "not fixing it" because they fixed it, a long time ago, and the system to fix it is very quick and easy to use and fixes the problem immediately.
No way would the FBI want to do this, since it would set the precedent that surrendering the encryption key to that data would be self incrimination.
They have a vested interest in the encrypted data being treated as legally the same as the unencrypted data, since they don't want legal precedent for a fifth amendment defence on encryption keys being ruled on by a court. There's no solid case law on that one way or the other right now.
Apple have stated in the past that one of the features of iMessage is that they can't decrypt them and the fact that this court case exists seems to suggest they weren't just saying that (also, if they're caught in that lie, assuming it is one, the PR fallout would be enormous).
I'm not sure how they can't decrypt them, since iMessages are synced quickly and easily across all devices that share the same Apple ID (if you want them to), so you'd just assume that since Apple knows your ID it would be able to decrypt the messages themselves that clearly pass through their servers.
What I assume must be the case is that they don't know what your Apple ID password is, only the hash of it, and the only thing they can do it reset it. Now, this would mean that if they wanted to they could reset the password to something they know and then be able to decrypt your iMessages, but you'd obviously know if they did this.
I'm not knowledgeable enough to know if an end-to-end encryption system set up by a third party that is locked by an account and password can be designed to be totally secure (in content terms) from the system owner, akin to having Apple send messages inside locked safes between different users and being able to provide you with a way to make a key that can open them without having the ability to use that key itself.
Right, but who said anything about changing that? They just want to make iOS devices work more effectively in an enterprise setting - that means tablets, phones etc.
There's no reason that iPads (for example) couldn't be used as handy video conference devices, especially at remote/off-site/smaller sites alongside all the current IT infrastructure.
Funny, you seem to think that products can only be bought for personal use.
What, I wonder, do you think this deal is designed to address? Perhaps it has something to do with wanting to make iOS devices more enterprise-friendly (they already have rudimentary enterprise support with curated app stores and local app deployment, but you think this chicken and egg problem shouldn't be solved because they're "consumer devices".
Whoever would buy an automobile! The roads are designed for horses and carts! There are hay stops and water troughs for the horses! Cars are nit designed for that! Pity the thought!
The filesystem doesn't use the same model that a PC does, but you know that going into the purchase and would decide such a device is not for you and buy an Android device instead.
You're criticising the iPhone for not doing things you think it should be able to do. If it doesn't work the way you want it to then there are other smartphones that do.
Do you expect that Apple should make the iPhone work the way you want it to, just because?
That's no different than expecting all Android phones working the same way as iPhones.
Concorde holds the record for the longest time spent operationally in supercruise of any aircraft in history and likely will hold that record for some time to come.
It spent the bulk of the trip across the Atlantic in supercruise.
It didn't go supersonic over land on either side of the world. They waited until they were out over water before doing so for the sake of the people on the ground.
There was no getting away from the fact that it was a noisy aircraft though - 4 large turbojets will do that.
The Concorde also changed size (considerably) when in supercruise due to thermal expansion and it didn't leak, but it also wasn't built entirely of titanium and only had to consider mach 2, not mach 3 and beyond that made the SR-71 such a remarkable aircraft for the time.
Since Google has patched the exploit in the main Android distribution, the announcement is to "encourage" OEMs who haven't yet pushed that fix to still-vulnerable devices.
The GP is using the Kerbal Space Program value - it takes 800-900 m/s to get to Mun from low Kerbin orbit, but the Kerbal solar system is scaled down by about a factor of ten while the values for gravity are similar to the real solar system - Kerbin has the same gravity as the Earth but is ten times smaller, for example.
My quote specifically mentioned Spotify, Beats and Apple Music, and while it didn't mention other services like Tidal directly, those also exist. It specifically applied to more than just Apple music - I looked for a quote that encompassed more than just Apple (I assume you actually read the quote and/or article and didn't just look at the URL and draw your conclusions?)
I'm also amazed that you're putting so much stock in a slashdot UI thing that I had totally forgotten existed in the ten years since I started using this site. I have nothing against you personally here, but you sure seem to be very sensitive about how you're perceived. I'm not the one here trying to "evade" the topic. I'm also not the one trying to make this personal.
You made an assumption, I corrected it with a sourced quote that covered multiple music streaming services, then also performed a network test on one of them (I don't have accounts for the others) to confirm that the advertised streaming rate was accurate.
This is all on the back of a story about Neil Young pulling his music from all streaming services over his belief that they are lower quality than any other music distribution system invented since he was alive, including AM radio and 8 track tape.
I'm not sure how you can draw the conclusion that I "[don't] know something about" this topic. If you can point out where I've made a factual error worthy of classifying my comments as "ignorant noise" then I'm all ears.
Foe? What? If I've clicked anything on the slashdot UI that marked that then it was entirely by accident - I've had this account for over a decade, but I don't use the friend or foe thing. Assuming it's the icon next to your UID it is orange on my screen and titled "freak" so I have no idea what that means, I certainly didn't set that up, or if I did it was ten years ago when I first registered and I was testing out what the buttons did - I've never actually used it to keep a list of "enemies".
Like I said, I have no idea who you are.
As far as streaming rates go - Young is pulling his music from all streaming services due to "audio quality", and all of the major ones except Pandora are 256k or better. Tidal is lossless, yet he is claiming that he'll be back if they approach the quality of AM radio or 8 track tapes.
I know you desperately want to find some way of putting me down, but how about forgetting about who I am and just looking at network activity when one of these streaming services is running?
Who are you exactly? I'd have to know who you were before forgetting who you are, other than someone who is now changing their argument because they got called out.
I did actually test Apple Music's bitrate - I picked a random song I don't own and looked at the network traffic. It downloaded approximately 6 MB of data in a burst in the first few seconds of the song which was 3:08 long, which comes to *does calculation* about 256 kbit/s.
So, what am I looking for here exactly? Other than perhaps trying to figure out who you are maybe? Does that come from analysing my network traffic to determine that Apple's posted bitrate is accurate?
Slashdot Mirror
Yes, but the private key is generated by the Apple ID password, or has some role in its creation.
Well, they can reset your Apple ID password to something they know and then get the data, so it's not "impossible", but if they do that then you'll know it has happened.
Bar that, however, I think they set it up so that they couldn't decrypt the data any other way, even when pressed with a court order.
They know the hash of your password and can reset it, but they otherwise don't know what your password is.
They could reset it to something they know, but you'd know they had done this, and they could also add a device controlled by them (or the FBI) to your send list, but this would also be evident to the end user (at least, to a security researcher).
They set up iMessage like that deliberately so that they could promote the fact that they can't decrypt the messages themselves as a feature of the system.
Obviously since they control the system (i.e., they can reset your password) it's not *totally* secure if they were really determined to decrypt the data, but they way it is designed right now it's about as good as they could make it for a system that you do not control. From what I understand from people with more knowledge than I about how it works, there are very limited ways that they could get the data without you knowing that they had done so (barring the lack of some giant, hidden backdoor in the system).
Android uses regular SMS for texts, which was never encrypted on any OS. The FBI would be asking the carriers for copies of those, unless it's over the Google Hangouts app using a Google Voice number, in which case they'd have to ask Google.
Apple runs the iPhone texts over their own iMessage service, which has a gateway to SMS for messages sent to non-iPhone users. (Which is also a problem since if you used to have an iPhone but switched to any other phone, Apple keeps iMessage texts sent to you within iMessage and blackholes them to a non-existant iPhone, instead of forwarding them over the SMS gateway to your new phone. Part of their user lock-in strategy. They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.)
No they're not - they have a website you can go to that will de-register your number and fix the problem of vanishing SMS messages if you move to a non-iOS phone if you don't switch off the iMessage system on that number before changing phone.
It takes about 5 minutes and you receive a text message when it completes.
The official method to shut off iMessage is to do it before you stop using the iPhone, and that used to be the only way (leaving people stuck, since it's easy to forget to do it), but the website has been around for some time now.
There's no "fighting in court" or "not fixing it" because they fixed it, a long time ago, and the system to fix it is very quick and easy to use and fixes the problem immediately.
No way would the FBI want to do this, since it would set the precedent that surrendering the encryption key to that data would be self incrimination.
They have a vested interest in the encrypted data being treated as legally the same as the unencrypted data, since they don't want legal precedent for a fifth amendment defence on encryption keys being ruled on by a court. There's no solid case law on that one way or the other right now.
Apple have stated in the past that one of the features of iMessage is that they can't decrypt them and the fact that this court case exists seems to suggest they weren't just saying that (also, if they're caught in that lie, assuming it is one, the PR fallout would be enormous).
I'm not sure how they can't decrypt them, since iMessages are synced quickly and easily across all devices that share the same Apple ID (if you want them to), so you'd just assume that since Apple knows your ID it would be able to decrypt the messages themselves that clearly pass through their servers.
What I assume must be the case is that they don't know what your Apple ID password is, only the hash of it, and the only thing they can do it reset it. Now, this would mean that if they wanted to they could reset the password to something they know and then be able to decrypt your iMessages, but you'd obviously know if they did this.
I'm not knowledgeable enough to know if an end-to-end encryption system set up by a third party that is locked by an account and password can be designed to be totally secure (in content terms) from the system owner, akin to having Apple send messages inside locked safes between different users and being able to provide you with a way to make a key that can open them without having the ability to use that key itself.
So Apple is a software company now?
Also, what do you think this partnership is, exactly, if not to improve third-party iOS integration?
Ah, so your on;y criterion for a device being a "full computing device" is filesystem access.
Thus, in your world, the Creative Rio mp3 player is more of a "full computing device" than an iPhone because the former gives you filesystem access.
Interesting, but whatever works for you I guess. How do you check your email on that Rio? It must get annoying to read it 2 lines at a time, surely?
Right, but who said anything about changing that? They just want to make iOS devices work more effectively in an enterprise setting - that means tablets, phones etc.
There's no reason that iPads (for example) couldn't be used as handy video conference devices, especially at remote/off-site/smaller sites alongside all the current IT infrastructure.
Funny, you seem to think that products can only be bought for personal use.
What, I wonder, do you think this deal is designed to address? Perhaps it has something to do with wanting to make iOS devices more enterprise-friendly (they already have rudimentary enterprise support with curated app stores and local app deployment, but you think this chicken and egg problem shouldn't be solved because they're "consumer devices".
Whoever would buy an automobile! The roads are designed for horses and carts! There are hay stops and water troughs for the horses! Cars are nit designed for that! Pity the thought!
So you don't own a car at all then, I take it?
I mean, if contains vendor-locked software.
Same with your TV I assume that you don't own.
You mean like the jailbreak exploit that left an open SSH listen with a default root username and password?
Mm. Super secure, just like before it was rooted.
There are no non-privileged files on the iPhone.
The filesystem doesn't use the same model that a PC does, but you know that going into the purchase and would decide such a device is not for you and buy an Android device instead.
You're criticising the iPhone for not doing things you think it should be able to do. If it doesn't work the way you want it to then there are other smartphones that do.
Do you expect that Apple should make the iPhone work the way you want it to, just because?
That's no different than expecting all Android phones working the same way as iPhones.
Choices exist for a reason.
Concorde holds the record for the longest time spent operationally in supercruise of any aircraft in history and likely will hold that record for some time to come.
It spent the bulk of the trip across the Atlantic in supercruise.
It didn't go supersonic over land on either side of the world. They waited until they were out over water before doing so for the sake of the people on the ground.
There was no getting away from the fact that it was a noisy aircraft though - 4 large turbojets will do that.
Could it do those things with 100 passengers on board?
(I think the comparison between the design briefs of the two aircraft is somewhat silly).
The Concorde also changed size (considerably) when in supercruise due to thermal expansion and it didn't leak, but it also wasn't built entirely of titanium and only had to consider mach 2, not mach 3 and beyond that made the SR-71 such a remarkable aircraft for the time.
The basic economics point would be if you value scientific knowledge (lofty yet immeasurable) then you should pay for it.
As I said, the MBA first day message is "if it has no short term immediate profit, it is worthless and should not have any money spent on it".
space exploration returns next to nothing, its basic economics
Only if you assign a zero value to scientific and engineering knowledge.
But that's day one in MBA school I think.
Since Google has patched the exploit in the main Android distribution, the announcement is to "encourage" OEMs who haven't yet pushed that fix to still-vulnerable devices.
They already get a massive amount of money.
Ahahahahahahahahahah hahahahahahahahahahahahahahahaha.
Oh wait, you were serious?
Let me laugh even harder.
The GP is using the Kerbal Space Program value - it takes 800-900 m/s to get to Mun from low Kerbin orbit, but the Kerbal solar system is scaled down by about a factor of ten while the values for gravity are similar to the real solar system - Kerbin has the same gravity as the Earth but is ten times smaller, for example.
My quote specifically mentioned Spotify, Beats and Apple Music, and while it didn't mention other services like Tidal directly, those also exist. It specifically applied to more than just Apple music - I looked for a quote that encompassed more than just Apple (I assume you actually read the quote and/or article and didn't just look at the URL and draw your conclusions?)
I'm also amazed that you're putting so much stock in a slashdot UI thing that I had totally forgotten existed in the ten years since I started using this site. I have nothing against you personally here, but you sure seem to be very sensitive about how you're perceived. I'm not the one here trying to "evade" the topic. I'm also not the one trying to make this personal.
You made an assumption, I corrected it with a sourced quote that covered multiple music streaming services, then also performed a network test on one of them (I don't have accounts for the others) to confirm that the advertised streaming rate was accurate.
This is all on the back of a story about Neil Young pulling his music from all streaming services over his belief that they are lower quality than any other music distribution system invented since he was alive, including AM radio and 8 track tape.
I'm not sure how you can draw the conclusion that I "[don't] know something about" this topic. If you can point out where I've made a factual error worthy of classifying my comments as "ignorant noise" then I'm all ears.
Foe? What? If I've clicked anything on the slashdot UI that marked that then it was entirely by accident - I've had this account for over a decade, but I don't use the friend or foe thing. Assuming it's the icon next to your UID it is orange on my screen and titled "freak" so I have no idea what that means, I certainly didn't set that up, or if I did it was ten years ago when I first registered and I was testing out what the buttons did - I've never actually used it to keep a list of "enemies".
Like I said, I have no idea who you are.
As far as streaming rates go - Young is pulling his music from all streaming services due to "audio quality", and all of the major ones except Pandora are 256k or better. Tidal is lossless, yet he is claiming that he'll be back if they approach the quality of AM radio or 8 track tapes.
In other words, he is talking nonsense.
I know you desperately want to find some way of putting me down, but how about forgetting about who I am and just looking at network activity when one of these streaming services is running?
Who are you exactly? I'd have to know who you were before forgetting who you are, other than someone who is now changing their argument because they got called out.
I did actually test Apple Music's bitrate - I picked a random song I don't own and looked at the network traffic. It downloaded approximately 6 MB of data in a burst in the first few seconds of the song which was 3:08 long, which comes to *does calculation* about 256 kbit/s.
So, what am I looking for here exactly? Other than perhaps trying to figure out who you are maybe? Does that come from analysing my network traffic to determine that Apple's posted bitrate is accurate?
If so I'm not seeing how.