[messaging] EFF Secure Messaging Scorecard

Tao Effect contact at taoeffect.com
Thu Nov 6 07:58:28 PST 2014 

On Nov 6, 2014, at 3:47 AM, Mike Hearn <mike at plan99.net> wrote:
> It may be worth coming up with new terminology here because we have two types of end-to-end:
> 
> 1) Can the provider read messages you sent in the past if they decide they want to today
> 2) Can the provider read messages you will send in the future, if they decide they want to today
> 
> iMessages, according to all public knowledge, meets (1).

iMessages does not meet (1) as has been stated multiple times now [1,2]; by default they can read messages you sent in the past.

[1] https://twitter.com/taoeffect/status/529852246125981696
[2] https://moderncrypto.org/mail-archive/messaging/2014/001064.html

> It does not meet (2) but in practice no existing reasonably user friendly platform meets (2)


Yes, that is true, but that is also orthogonal to what is being discussed here.

The concern is twofold:

1. Whether Apple is intentionally or unintentionally misleading their customers when they say on their website "we wouldn’t be able to comply with a wiretap order even if we wanted to" [3,4].

(Yes, I am convinced they are.)

2. Whether EFF is intentionally or unintentionally misleading their readers when they say that Apple is (a) unable to read messages, and (b) keeps past comms secure from the provider.

(Yes, I am convinced they are.)

Change the definitions, change the argument being made, w/e you want, _just do it on Apple's website and EFF's website_, not here.

[3] https://www.apple.com/privacy/privacy-built-in/
[4] https://twitter.com/taoeffect/status/529841963378671618

Kind regards,
Greg Slepak


--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141106/565a5d19/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141106/565a5d19/attachment.sig>

More information about the Messaging mailing list