Remember, Communication Services Cannot Guarantee Privacy

Originally published at: Remember, Communication Services Cannot Guarantee Privacy - TidBITS

No matter how private a communication service may claim to be, it’s only as private as its weakest link, as two recent stories illustrate.


Or, in other words, “A secret known by more than one person is no secret”.

Or as Benjamin Franklin once said: “Three can keep a secret, if two of them are dead.”


And the modern version, from The Pierces. :slight_smile:


Many people saw Apple’s recently bungled CSAM detection as an indication

Fixed that for you. The announcement wasn’t the problem. What they announced was.

1 Like

That is a little harsh. That material is illegal and they need to help root it out if they can. The really big issue is that they were going to do it on device…and that’s an invasion of privacy…I don’t think there would have been nearly as much outrage if they said they were going to scan on their end…and gave clear notice of how to opt out of that…and if you had photos to iCloud off and turned it on a prompt telling you that uploaded mights would be scanned for illegal material. Part of it is Apple looking at the legislative and judicial tea leaves and trying their best to mitigate any really bad ideas like banning encryption. Telling users your phone is private but material put on iCloud might not be solves the issue but doesn’t invade user device privacy. Unless iCloud got full E2EE…nothing on the cloud is really secret. As Steve Gibson of Security Now says…TNO…Trust No One…and PIE…Pre Internet Encryption…is the only way to adequately ensure privacy and security.

People would have still complained bout server side scanning…but less vigorously and Apple would have a much more defensible position.

Let’s try to keep this thread focused on the WhatsApp and ProtonMail examples and on the general issue of privacy with Internet communication services rather than getting back into the CSAM detection debate.