[messaging] EFF Secure Messaging Scorecard

Mike Hearn mike at plan99.net
Thu Nov 6 08:09:09 PST 2014


>
> iMessages does not meet (1) as has been stated multiple times now
>

Alright, let me clarify my statement a little bit - iMessages meets (1)
assuming you decide to actually use it in that way, and I think it's
reasonable to assume that people understand "backing up my messages to
Apple" means Apple gets to read them. I'd be surprised if that caused real
users any confusion.

I don't think an app should be dinged for not being fully end to end out of
the box, if you can make it so with a single tap.


> Yes, that is true, but that is also orthogonal to what is being discussed
> here.
>

I don't agree, it seems fundamental rather than orthogonal. If resistance
against malicious providers giving you bogus software is a requirement to
be considered end to end then no such technology has ever been successfully
deployed, given the vanishingly tiny number of people who only use programs
they compiled themselves from audited source snapshots.


> 2. Whether EFF is intentionally or unintentionally misleading their
> readers when they say that Apple is (a) unable to read messages, and (b)
> keeps past comms secure from the provider.
>
> (Yes, I am convinced they are.)
>

Why? You haven't shown that. EFF assumes some modicum of understanding on
the behalf of the user, and under that assumption iMessages appears to be
safe against reading of past messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141106/69dd9f41/attachment.html>


More information about the Messaging mailing list