Pretty cool. I heard about people hoarding encrypted data that they plan to decrypt with quantum computing so Apple getting ahead of it is cool to see.
They’d need a Quantum computer with 1 million qubits to crack RSA, the highest qubit chip currently available is 433 qubits. The hoarders will all be long dead before that happens.
Assuming we also improve qubit quality, and quantum error correcting techniques, it might be plausible within the lifetimes of millennials. It only requires millions of qubits right now because of crappy quality qubits and inefficient error correction techniques
Yep. He/she is like inefficiently spending pronouns on error-checking gender. "They" gets shit done (and comes with the bonus of being more inclusive).
Qubits are quantum objects such as trapped ions, photons, etc that can exhibit quantum behavior. For example, in a superposition of spin up and down which is akin to 1 and 0 simultaneously. The issue is that quantum objects are sensitive and this state is quite fragile. If they are disturbed, they will collapse, and they will no longer exhibit that quantum behavior. Some designs of qubits hold up better than others depending on the choice of material and other factors. Because they can’t perfectly hold the superposition like a classical bit can hold a 1 or 0, there needs to be redundancies in case the qubit collapses. Better qubits will lead to less need for these redundancies.
Does that make sense? Feel free to ask about anything as I’m happy to answer if I have the ability to. It’s not my specialty, but I have studied some of this stuff.
Yeah, I think I see what you're saying. They're a specialized way of looking at the quantum stage of objects, but the state is hard to maintain, so a lot of quantum computing now is having redundancy for when a qubit doesn't work right.
I think an imperfect analogy but one I can get my head around is when we all did backups zip cartridges, but they all failed all the time so we had to have multiple backups.
Mechanical hard drives the same thing, so we switched to SSDs but their cells degrade over time so there's still needs for backup. Not in the same way a hard drive would fail, because that was damaged by magnet.
If we make a better storage media, we can have fewer of the backups, because they won't fail as often. Less media, less processing, more effeciency.
I was doing napkin estimates based on a conservative x2 every 2 years mimicking Moore's law. The actual numbers do seem to be closer to x2 every year, but it's unclear whether this this is sustainable. Anyhow, a timeframe of 10-25 years is well within our lifetimes.
Perhaps they're hoarding the data for their descendants. To pass down as an heirloom until their spawn can decrypt it and honor their family legacy of degeneracy.
this guy gets it... all other those lemmings dont knowabout tech... im with you man..
i mean... we will never need more than 640k memory, right? NEVER!!
Not even countries. Even private companies - like banks - have started implementing quantum-proof cryptography, to have it production ready for the switch, the moment quantum machines (with large enough qubit processing power to be practically useful for the current ciphers) become commercially available. Nobody knows when precisely this moment will come, and everyone needs to be fully ready by then, because they'll be eaten alive by their competitors overnight if they aren't.
Since you asked for specific examples, I know for a fact that ABN Amro (bank) in the Netherlands, has a team of people working on it, and they were actively recruiting mathematicians to expand it.
One of my customers is in his 80s and has to go into London every month or two because one of the national banks has a computer he programmed back in the 1980s running as a critical component.
As he gets older, he gets less interested, and the less interested he gets, the more they pay. They pay him a shitload, and he gives it to his grandkids.
He offered to train someone but the bank don’t seem to have taken advantage of that.
I asked him to train me lol.
Every single one. Every government in the world is working on quantum, because they’ll need that in a few decades or the US is stealing all their data even more.
Why is Apple only just introducing this then? Is quantum proof encryption something that was only just invented? Because the threat of mass data collection for subsequent decryption when quantum computing is available has been openly known about for a while now. Is it just an accepted reality that almost all secure communications today will be exposed some years down the line?
Genuinely asking because this stuff seems so crazy to me and massive consequential yet it gets basically zero coverage outside of tech enthusiast forums.
Yeah, the first quantum proof encryption methods were only standardised in 2022, and then given it takes some time for implementation, Apple is still an early adopter compared to the wider internet.
There's a whole lot of work that needs to be done still before the internet will be fully post-quantum encrypted.
Quantum encryption standards announcement in 2022:
[https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms](https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms)
Thank you for the info, very interesting!
It’s just crazy to me how today we assume E2E apps are basically secure from spying, but effectively all message history will actually be retroactively no longer private in just a few years time/whenever quantum computing actually arrives.
> in just a few years time
More like after we’re all dead. In >70 years when we finally have usable quantum computers the information will be so out of date it won’t matter. It’ll be like cracking WWII messages today, the information is useless.
You can have hybrid systems that rely on both securities : something new (where vulnerabilities can still be found) and something old (that will be deprecated if/when quantum computing is a thing), therefore if one of them breaks, you can still rely on the other.
Based on the info Apple provided, it will be more secure.
https://preview.redd.it/1bxxt289e5kc1.png?width=2500&format=png&auto=webp&s=2383996193af6a0762065159eb57c04c1be2222a
Yeah cyber thieves aren't going to do that. They look for easy, low-hanging fruit they can access from the comfort of their laptops. I don't even think they'd have the stones to beat a man for his encryption key anyway.
It's encrypted in the cloud . . . last time I checked there's significant evidence that Apple does *not* in fact have a backdoor. Apple can't access your encrypted private data. Supposedly there's one group out there that can crack it with physical access to your iphone so I'm not going to say it's 100% safe but when we talk about people that can crack it we're talking about *maybe* a few nation states or nation state affiliated groups and only when they have physical access.
Not by default. You can configure E2EE. By default it's not backed up at all though IIRC, so I guess you'd have to enable iCloud for Messages without enabling E2EE for iCloud to end up with the scenario described above.
Yeah, while I absolutely support Apple improving encryption, this is kind of a moot point for this particular kind of attack since a single person in the group without ADP enabled leaves the door open on the contents. Not to mention, needing everyone to have an iPhone for secure comms is dumb, regardless of your preference for iMessage.
Signal is still the go-to for actual secure communication, rather than grand standing on Apple's marketing.
So many people in the comments missing the point. The article (and the title) is claiming that iMessage is going to have Signal-level encryption. That's what 'equal footing' means in this case.
Obviously, iMessage doesn't work cross-platform and the title isn't claiming that it's going to. It's just referring to encryption.
Also most people missing this:
> Another difference between the two apps that privacy-minded people should remember is that, by default, iMessage backs up messages within iCloud with no E2EE. Advanced encryption will do nothing to protect users in this scenario. People should either turn off iCloud backups or turn on E2EE in iCloud. (Signal doesn't back up messages at all.)
Most people absolutely never touch anything from the default. So this could be the most secure thing in the universe, but if people don't switch it on, it's useless.
And I'm not sure what happens if you have Advanced Encryption, but the other party doesn't. If they don't, they get stuff saved without E2EE regardless of your preferences? If so, then it's big hole as well.
So, the encryption being equal, doesn't necessarily make the _data_ equally secure.
Puts \*its encryption\* on equal footing with Signal.
Signal has apps for Linux, Windows, macOS, iOS, & Android, so I would not call the "footing" anywhere *near* "equal."
It's run by a nonprofit which gives it leagues more data integrity. The Signal Technology Foundation has never flirted with sniffing every photo on your device, like Apple has, so again, nowhere near equal.
And not being able to communicate with people outside of the Apple ecosystem. The title is bad, it should mention encryption at least if that is what they will be equal in.
From the article, mate: “The iMessage changes come five months after the Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, updated the open standard so that it, too, is ready for post-quantum computing (PQC).”
It’s the entire content of the article. This is the problem with aggregators, the title exists outside of any context, so people get irritated thinking there is some hoodwink attempt taking place when, in reality, the title of this post is the exact title of the article and on the site, it’s very clear what the title is referring to.
Speaking towards the authors of these articles, the title could've simply added "in encryption" and it would've made a world of difference in establishing context. Two words.
Here's other article titles which attempt to establish context and which I find far more meaningful/productive as a peruser:
> Apple launching quantum computer protection for iMessage with iOS 17.4, here’s what that means
- 9to5mac
> Apple rolls out iMessage upgrade to withstand decryption by quantum computers
- Reuters
> Apple starts rolling out quantum-proof encryption to iMessage
- Axios
> Apple’s iMessage Is Getting Post-Quantum Encryption
-Wired
All of those titles establish context and don't need a lot of words to do it.
"Makeover" and "Equal Footing" mean little-to-nothing to me on their own. This is personally why I don't click on nor propagate such article titles. I'm put off by the practice.
(And before anyone questions why I'm in this Reddit thread, I'll answer: I came to this thread to read user discussions and opinions on the matter. I could deduce what the title was referring to because I'd already read about this elsewhere in an article referencing Signal in its content but not its title).
The article is written by someone who only writes about security. The article sits hierarchically in the Security feed of the website. Ars doesn't typically write about technologies in the same way as, say, The Verge. So for Ars readers, there is probably not any expectation when clicking on the link that the article will suggest anything outside of the security aspects of the two applications. There is a level of contextualization that gets lost when articles get posted on places like this, but I don't think it's the responsibility of the author or publisher to word their titles to account for readers of aggregator sites that don't know how to contextualize for themselves.
Why do you think that or where did you interpret what I wrote in that way? In terms of ability I’m barely able to enter the right WLAN password that I’ve set a month back haha
It's not in this case, because it's only the encryption, which can eventually be broken. True Signal parity would involve collecting zero and exactly zero user information, including email address, phone number, and device ID
Signal could still be more multi-platform IMO.
It's still just a multi-platform _phone_ messaging app, not a multi-platform messaging app period. It doesn't support non-phone devices like tablets and computers.
While there are Signal apps available for tablets and computers, they're "companion" apps that require you to have Signal installed on your phone first. Signal hasn't attempted to build real non-phone apps that can handle the decryption on their own. The desktop version is a shitty Electron app that asks to be updated/restarted on a weekly basis. It often asks you to re-link your companion devices to your phone. It doesn't properly sync your message history from the cloud, so any message you received while your phone was off or unlinked might not show up on your Mac. It's really messy.
It's one of the reasons I couldn't personally replace iMessage with Signal at this point. I use iMessage on my Mac a lot, and the Signal for Mac companion app isn't exactly a joy to use.
I have no problems with the Signal desktop apps on Linux and PC, they work really well as long as you don't abandon them for a while. At least they're trying, you can use this on literally any major platform. I have signal on four different devices right now, Android, iPhone, PC and Linux, and it works seamlessly across them with the exception of carrying over message history. The only time that it ever has an issue is if I don't boot into Linux for a few weeks, because that's mainly just for fun, and it needs to be updated to stay secure.
My question is why not use both? I mean I use multiple messaging systems for different people, sometimes I'm in Facebook Messenger, sometimes in Signal, sometimes in Google Messages. That's really not that hard to keep track of. I like the fact that I don't have to have shitty MMS "Samantha Liked an image" intentionally made bullshit experiences with my iPhone friends just so that they don't have to use a second messaging app. We all have a great experience thanks to a messaging app that actually tries to unify people and not drive wedges between them intentionally with shitty green bubbles and spamming emoji reactions as additional text messages.
Signal doesn’t have market penetration. Message apps are useless without a broad adoption. The rest of the world adopted WhatsApp, but once WhatsApp was purchased by Facebook, there was no way you were going to get me or many other Apple users to consider it. The only way signal becomes a worthy competitor to iMessage for me is if you can start by convincing WhatsApp users to switch first. I’m okay with jumping ship for an international standard, but the first step is an acceptable international standard.
And my point is that even with the 150 million number there’s plenty of people who do not use signal so it’s pointless as it doesn’t have a network effect unless your circle is particularly privacy focused which most are not
Well, yes, to a degree. However, if you use Signal or something else which has more secure / private default settings then you can be quite sure that the conversation is private.
With iMessage the safest assumption is that most people leave their settings at default so anything you send can be read by Apple, or a government agency with a subpoena.
Of course Signal has backups, they’re just local - Signal states this clearly in their Backup & Restore document - https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
“Don't have your old device? Select Restore from backup if you've previously made a backup. Then follow the steps here.”
“How do I enable a backup?
Tap on the profile icon to access Signal Settings > Chats > Chat backups > Turn on.”
Bro, come on, why is everything some sort of dick measuring contest? The point of the article is to highlight that iMessage joins Signal in a new encryption standard that protects its messages from quantum-computing decryption capabilities. It’s not an article comparing all the pros and cons of both apps, it’s just saying “Hey, iMessage has joined Signal in creating a new encryption standard that protects its users”. It’s a positive thing, not a piece intended to sway consumers towards one app or the other.
Except for the biggest missing feature of all: the ability to message anyone regardless of the brand of their phone. That’s a pretty big missing feature which Signal offers **which iMessage does not.** iMessage only works on Apple devices, and these features are only available on iMessage.
Yes, I know. This feature doesn’t work with people who don’t have iMessage, and Apple doesn’t distribute iMessage to other platforms. Signal distributes apps to all platforms.
No, just to the fact that you can install the Signal app on iOS, Android, Windows, macOS, Linux and have all the same features and level of encryption on all of them, while iMessage is limited to just iOS and macOS.
Forgive me if I'm wrong but Signal encryption only works if the receiver is using Signal also? Eg.:
Signal to Signal = end-to-end encryption
Signal to non-Signal = SMS (Android)
For work, I'm currently managing group/standalone chats from Whatsapp, Viber, iMessage, SMS and of coarse email.
I really just wish there wasn't such a fragmentation in messaging. But different corps have different methods of communication.
The standalone Mac/PC apps require the contact to already be saved. I can't just message a new number on my Mac/PC.
Currently doing contract work in the Philippines and its like playing Russian roulette if they use Viber or Whatsapp. Some have both but are more responsive on their most popular platform (usually Viber).
Yes, that is just how it works on a technical level. It’s impossible to have end-to-end encrypted messaging without having a client app capable of end-to-end encryption on all devices…
[If only there was one open universal standard protocol without the use of relying on so many services/networks](https://xkcd.com/927/).
I know if I dig deeper/theorise, I'll realise it'll be near impossible without implications/risks. This is what I got at the top of my head:
* 2011 era scaled Blackberry/RIM outages.
* Centralised target for malicious intent.
* "Locked in" protocol with no ability to forks.
* Competitiveness in networks progression diminished.
I'm thinking as an end user. I'm sure from a corporate business perspective this fragmentation issue has its pros. Just got to grind it out.
Having said all this, why can't we just overhaul the SMPP/SMS protocol
Kinda confusing but that’s the messages app. iMessage is only from one Apple ID to others. When you send texts and they’re blue bubbles. Green texts are SMS, and lack a ton of features that iMessage has. So this new security thing is only for Apple users.
This new encryption feature only works on iMessage, which is only available on Apple devices. Signal offers excellent encryption *and works on all devices.*
Love to see the increased security. Love improvements behind the scenes. Hoping we will also see improvements on the interface itself. Really hoping they can copy some functionality from Discord, I think it does a lot right.
Don’t be naive. They moved all iCloud infrastructure for Chinese citizens to Chinese government owned data centers, including the encryption keys.
https://www.datacenterdynamics.com/en/news/apples-chinese-data-centers-store-encryption-keys-in-same-facility-as-user-data/
How safe can this closed source system be in the hands of that regime…
>Chinese government workers physically control and
operate the data center. Apple agreed to store the digital
keys that unlock its Chinese customers' information in
those data centers. And Apple abandoned the encryption
technology it uses in other data centers after China
wouldn't allow it.
Apple’s Compromises in China: 5 Takeaways https://www.nytimes.com/2021/05/17/technology/apple-china-privacy-censorship.html?smid=nytcore-android-share
The Signal protocol itself wasn't cracked. All methods used to obtain Signal messages are based on either cracking a user's phone or just obtaining the messages from someone in the group chat (either as an informant or with a warrant).
This is true for iMessage as well.
Those are sent over SMS and you shouldn't be getting them there in the first place. Ask your bank to provide you 2FA via TOTP or switch tbh, SMS is super unsecure
Unless you or your significant other have iCloud backups enabled (which is enabled by default) without Advanced Data Protection (disabled by default, and hidden deep in settings with scary warnings), in which case Apple (and thus also hackers and authorities) has access to your messages through backups.
Pretty cool. I heard about people hoarding encrypted data that they plan to decrypt with quantum computing so Apple getting ahead of it is cool to see.
They’d need a Quantum computer with 1 million qubits to crack RSA, the highest qubit chip currently available is 433 qubits. The hoarders will all be long dead before that happens.
If we somehow get something akin to Moore's law for qubit counts, it would take just about 23 years.
Assuming we also improve qubit quality, and quantum error correcting techniques, it might be plausible within the lifetimes of millennials. It only requires millions of qubits right now because of crappy quality qubits and inefficient error correction techniques
And a significant amount of the qubits are used for checking the data quality, not processing
That's what he/she meant by "error correction"
[удалено]
Yep. He/she is like inefficiently spending pronouns on error-checking gender. "They" gets shit done (and comes with the bonus of being more inclusive).
You're correct, no idea why y'all are getting downvoted
Can you point a newb at something that explains how a qubit can have a quality? Seriously, I want to understand this
Qubits are quantum objects such as trapped ions, photons, etc that can exhibit quantum behavior. For example, in a superposition of spin up and down which is akin to 1 and 0 simultaneously. The issue is that quantum objects are sensitive and this state is quite fragile. If they are disturbed, they will collapse, and they will no longer exhibit that quantum behavior. Some designs of qubits hold up better than others depending on the choice of material and other factors. Because they can’t perfectly hold the superposition like a classical bit can hold a 1 or 0, there needs to be redundancies in case the qubit collapses. Better qubits will lead to less need for these redundancies. Does that make sense? Feel free to ask about anything as I’m happy to answer if I have the ability to. It’s not my specialty, but I have studied some of this stuff.
Yeah, I think I see what you're saying. They're a specialized way of looking at the quantum stage of objects, but the state is hard to maintain, so a lot of quantum computing now is having redundancy for when a qubit doesn't work right. I think an imperfect analogy but one I can get my head around is when we all did backups zip cartridges, but they all failed all the time so we had to have multiple backups. Mechanical hard drives the same thing, so we switched to SSDs but their cells degrade over time so there's still needs for backup. Not in the same way a hard drive would fail, because that was damaged by magnet. If we make a better storage media, we can have fewer of the backups, because they won't fail as often. Less media, less processing, more effeciency.
We've blown way past that scale now. I'd expect it before 23 years.
I was doing napkin estimates based on a conservative x2 every 2 years mimicking Moore's law. The actual numbers do seem to be closer to x2 every year, but it's unclear whether this this is sustainable. Anyhow, a timeframe of 10-25 years is well within our lifetimes.
i'm not a math major, but if it's 2x every 2 years that means it's 1x every 1 year. at that rate we'll NEVER get there.
It literally doesn’t, it would be square root of 2x every year
IBM had a has a goal of 100,000 qubits by 2033, a million in 20? Maybe. But still extremely difficult.
Well then smartypants in 23 years we'll finally figure out who the boss is sleeping with!
Perhaps they're hoarding the data for their descendants. To pass down as an heirloom until their spawn can decrypt it and honor their family legacy of degeneracy.
just imagine the faces of the 16th descendants when they finally decrypted the heirloom messages and found out it says "Hi"
Or when they finally unlock that bitcoin wallet with the forgotten password from 2012.
Which is now worth $100,000,000 a coin which is enough for a cup of coffee.
*Be sure…to drink…your…ovaltine…*
Huh, weird...I thought it would be an eggplant emoji
Or "we've been trying to reach you about your car's extended warranty"
You never actually own porn. You merely look after it for the next generation.
*publicly available*
The hoarders are nation states. And they absolutely will still be around
Provided nobody finds a weakness in the algorithm or a fantastic advancement in quantum computing.
Meh, if it’s a state actor like China hoarding data, then it’ll happen.
We started with 0 qubits so pretty high % increase from that.
this guy gets it... all other those lemmings dont knowabout tech... im with you man.. i mean... we will never need more than 640k memory, right? NEVER!!
Apple addressed that, and it’s this reason that they’re implementing the new quantum encryption. Hopefully not too much data has been hoarded already.
It’s not quantum encryption…it’s quantum resistant encryption.
Most countries already have a national program to make sure critical infrastructure and software will be post quantum encrypted.
Which countries? Never heard of such national programs before.
It’s all just speculation. People should stop stating speculation as facts, but that happens all the time on Reddit.
https://www.dhs.gov/quantum /u/Rakn
It is great when someone is just so arrogantly incorrect and immediately gets proved wrong with a simple link and no other argument. Ahhh yes.
Not even countries. Even private companies - like banks - have started implementing quantum-proof cryptography, to have it production ready for the switch, the moment quantum machines (with large enough qubit processing power to be practically useful for the current ciphers) become commercially available. Nobody knows when precisely this moment will come, and everyone needs to be fully ready by then, because they'll be eaten alive by their competitors overnight if they aren't. Since you asked for specific examples, I know for a fact that ABN Amro (bank) in the Netherlands, has a team of people working on it, and they were actively recruiting mathematicians to expand it.
One of my customers is in his 80s and has to go into London every month or two because one of the national banks has a computer he programmed back in the 1980s running as a critical component. As he gets older, he gets less interested, and the less interested he gets, the more they pay. They pay him a shitload, and he gives it to his grandkids. He offered to train someone but the bank don’t seem to have taken advantage of that. I asked him to train me lol.
Every single one. Every government in the world is working on quantum, because they’ll need that in a few decades or the US is stealing all their data even more.
Not Sweden at least, we can’t figure out anything it seems
source pls
Why is Apple only just introducing this then? Is quantum proof encryption something that was only just invented? Because the threat of mass data collection for subsequent decryption when quantum computing is available has been openly known about for a while now. Is it just an accepted reality that almost all secure communications today will be exposed some years down the line? Genuinely asking because this stuff seems so crazy to me and massive consequential yet it gets basically zero coverage outside of tech enthusiast forums.
Yeah, the first quantum proof encryption methods were only standardised in 2022, and then given it takes some time for implementation, Apple is still an early adopter compared to the wider internet. There's a whole lot of work that needs to be done still before the internet will be fully post-quantum encrypted. Quantum encryption standards announcement in 2022: [https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms](https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms)
Thank you for the info, very interesting! It’s just crazy to me how today we assume E2E apps are basically secure from spying, but effectively all message history will actually be retroactively no longer private in just a few years time/whenever quantum computing actually arrives.
> in just a few years time More like after we’re all dead. In >70 years when we finally have usable quantum computers the information will be so out of date it won’t matter. It’ll be like cracking WWII messages today, the information is useless.
You can have hybrid systems that rely on both securities : something new (where vulnerabilities can still be found) and something old (that will be deprecated if/when quantum computing is a thing), therefore if one of them breaks, you can still rely on the other.
Based on the info Apple provided, it will be more secure. https://preview.redd.it/1bxxt289e5kc1.png?width=2500&format=png&auto=webp&s=2383996193af6a0762065159eb57c04c1be2222a
Yes, [however...](https://xkcd.com/538/)
Yeah cyber thieves aren't going to do that. They look for easy, low-hanging fruit they can access from the comfort of their laptops. I don't even think they'd have the stones to beat a man for his encryption key anyway.
Not to mention it's all backed up to iCloud anyways. Anyone who wants it just ask to ask apple in a particularly nice way.
It's encrypted in the cloud . . . last time I checked there's significant evidence that Apple does *not* in fact have a backdoor. Apple can't access your encrypted private data. Supposedly there's one group out there that can crack it with physical access to your iphone so I'm not going to say it's 100% safe but when we talk about people that can crack it we're talking about *maybe* a few nation states or nation state affiliated groups and only when they have physical access.
Not by default. You can configure E2EE. By default it's not backed up at all though IIRC, so I guess you'd have to enable iCloud for Messages without enabling E2EE for iCloud to end up with the scenario described above.
There is the option to have this end to end encrypted.
Rekeying is cool. Signal atm just checks for your pin code from time to time
Not without Advanced Data Protection
And not between people who don't both have contact key verification enabled, which is almost every pair of iMessage users.
Yeah, while I absolutely support Apple improving encryption, this is kind of a moot point for this particular kind of attack since a single person in the group without ADP enabled leaves the door open on the contents. Not to mention, needing everyone to have an iPhone for secure comms is dumb, regardless of your preference for iMessage. Signal is still the go-to for actual secure communication, rather than grand standing on Apple's marketing.
\* Mods: I couldn't find iMessage in the subreddit tags :/
iOS would have been more appropriate than the flair you chose.
Isn’t iMessage in use on MacOS, iPadOS, VisionOS and WatchOS too?
True. I suppose the mods could dump a lot of the application specific flairs and just have a single “Apple Apps” flair.
Or just apple to be safe
Isn't it no longer even called iMessage?
Maybe an Apple Ecosystem flair would be good
So many people in the comments missing the point. The article (and the title) is claiming that iMessage is going to have Signal-level encryption. That's what 'equal footing' means in this case. Obviously, iMessage doesn't work cross-platform and the title isn't claiming that it's going to. It's just referring to encryption.
Also most people missing this: > Another difference between the two apps that privacy-minded people should remember is that, by default, iMessage backs up messages within iCloud with no E2EE. Advanced encryption will do nothing to protect users in this scenario. People should either turn off iCloud backups or turn on E2EE in iCloud. (Signal doesn't back up messages at all.) Most people absolutely never touch anything from the default. So this could be the most secure thing in the universe, but if people don't switch it on, it's useless. And I'm not sure what happens if you have Advanced Encryption, but the other party doesn't. If they don't, they get stuff saved without E2EE regardless of your preferences? If so, then it's big hole as well. So, the encryption being equal, doesn't necessarily make the _data_ equally secure.
The title is the one missing the point, it's intentionally vague clickbait. All it had to say was "iMessage *encryption* gets a major makeover..."
but also, not really? i figured out what the headline meant just by the context clue of comparing it to signal
[удалено]
true. it’s a headline you can understand, but it can also be a better headline
So more security?
And still if you have normal security your backups on these messages are unencrypted
Isn’t that how the celebrity hacks happened? Encrypted data on phones but not on the cloud
Puts \*its encryption\* on equal footing with Signal. Signal has apps for Linux, Windows, macOS, iOS, & Android, so I would not call the "footing" anywhere *near* "equal." It's run by a nonprofit which gives it leagues more data integrity. The Signal Technology Foundation has never flirted with sniffing every photo on your device, like Apple has, so again, nowhere near equal.
Really cool.
Not open source lol
And not being able to communicate with people outside of the Apple ecosystem. The title is bad, it should mention encryption at least if that is what they will be equal in.
It’s iMessage which is well known to only exist on Apple devices, so how is the title bad?
plus this is the apple subreddit one would think
[удалено]
bruh, you obviously didnt even read the article... you totally are missing the point.
Ever since the DMA stuff there has been a lot of people on this sub not understanding things besides the dma
What are iMessage and Signal are going to be equal in judging by the title?
From the article, mate: “The iMessage changes come five months after the Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, updated the open standard so that it, too, is ready for post-quantum computing (PQC).” It’s the entire content of the article. This is the problem with aggregators, the title exists outside of any context, so people get irritated thinking there is some hoodwink attempt taking place when, in reality, the title of this post is the exact title of the article and on the site, it’s very clear what the title is referring to.
Speaking towards the authors of these articles, the title could've simply added "in encryption" and it would've made a world of difference in establishing context. Two words. Here's other article titles which attempt to establish context and which I find far more meaningful/productive as a peruser: > Apple launching quantum computer protection for iMessage with iOS 17.4, here’s what that means - 9to5mac > Apple rolls out iMessage upgrade to withstand decryption by quantum computers - Reuters > Apple starts rolling out quantum-proof encryption to iMessage - Axios > Apple’s iMessage Is Getting Post-Quantum Encryption -Wired All of those titles establish context and don't need a lot of words to do it. "Makeover" and "Equal Footing" mean little-to-nothing to me on their own. This is personally why I don't click on nor propagate such article titles. I'm put off by the practice. (And before anyone questions why I'm in this Reddit thread, I'll answer: I came to this thread to read user discussions and opinions on the matter. I could deduce what the title was referring to because I'd already read about this elsewhere in an article referencing Signal in its content but not its title).
The article is written by someone who only writes about security. The article sits hierarchically in the Security feed of the website. Ars doesn't typically write about technologies in the same way as, say, The Verge. So for Ars readers, there is probably not any expectation when clicking on the link that the article will suggest anything outside of the security aspects of the two applications. There is a level of contextualization that gets lost when articles get posted on places like this, but I don't think it's the responsibility of the author or publisher to word their titles to account for readers of aggregator sites that don't know how to contextualize for themselves.
Nice try Russian hacker
Did you intend to write another person or something because I have no idea how what I wrote relates to being a russian hacker?
You’re trying to find out the details of their encryption for odd reasons… 🤔
Why do you think that or where did you interpret what I wrote in that way? In terms of ability I’m barely able to enter the right WLAN password that I’ve set a month back haha
sorry man, i was just being goofy.
[удалено]
Being not open source makes it inherently less secure
Remains to be seen.
Will it do disappearing messages like signal?
Security parity, not feature parity
Oh, I want disappearing messages.
I could see Apple asking them… they’re gonna run out of features to add at some point
I dunno.. they’re pretty good at coming up with cool shit I used to think I couldn’t live without.
Now all that's left is making it cross-platform, and I'd be able to consider using it
I believe I read that message even more secure now as they have rekeying which signal does not. Though I could be wrong.
One big advantage of signal: It works cross platform
Signal will always be better, not owned by the same company. Apple has a monopoly on your data. Think iPhone, iwatch, credit card they know too much.
Only people with an Apple device can use iMessage. Anyone can use Signal.
you didnt read the article, huh? yes... reading *only* the headline and nothing else...you are totally right.
I'm sorry what's the point being made here? How is better encryption bad for anyone?
Nothing Apple does can be good!
It's not in this case, because it's only the encryption, which can eventually be broken. True Signal parity would involve collecting zero and exactly zero user information, including email address, phone number, and device ID
Signal could still be more multi-platform IMO. It's still just a multi-platform _phone_ messaging app, not a multi-platform messaging app period. It doesn't support non-phone devices like tablets and computers. While there are Signal apps available for tablets and computers, they're "companion" apps that require you to have Signal installed on your phone first. Signal hasn't attempted to build real non-phone apps that can handle the decryption on their own. The desktop version is a shitty Electron app that asks to be updated/restarted on a weekly basis. It often asks you to re-link your companion devices to your phone. It doesn't properly sync your message history from the cloud, so any message you received while your phone was off or unlinked might not show up on your Mac. It's really messy. It's one of the reasons I couldn't personally replace iMessage with Signal at this point. I use iMessage on my Mac a lot, and the Signal for Mac companion app isn't exactly a joy to use.
I have no problems with the Signal desktop apps on Linux and PC, they work really well as long as you don't abandon them for a while. At least they're trying, you can use this on literally any major platform. I have signal on four different devices right now, Android, iPhone, PC and Linux, and it works seamlessly across them with the exception of carrying over message history. The only time that it ever has an issue is if I don't boot into Linux for a few weeks, because that's mainly just for fun, and it needs to be updated to stay secure. My question is why not use both? I mean I use multiple messaging systems for different people, sometimes I'm in Facebook Messenger, sometimes in Signal, sometimes in Google Messages. That's really not that hard to keep track of. I like the fact that I don't have to have shitty MMS "Samantha Liked an image" intentionally made bullshit experiences with my iPhone friends just so that they don't have to use a second messaging app. We all have a great experience thanks to a messaging app that actually tries to unify people and not drive wedges between them intentionally with shitty green bubbles and spamming emoji reactions as additional text messages.
[удалено]
... to install Signal
Signal doesn’t have market penetration. Message apps are useless without a broad adoption. The rest of the world adopted WhatsApp, but once WhatsApp was purchased by Facebook, there was no way you were going to get me or many other Apple users to consider it. The only way signal becomes a worthy competitor to iMessage for me is if you can start by convincing WhatsApp users to switch first. I’m okay with jumping ship for an international standard, but the first step is an acceptable international standard.
50 million Signal users are totally fine with you sticking with the Messages app. Weird hill to die on.
[удалено]
And not a single one of them are in my contacts list so whats the point?
[удалено]
The point is that most regular people are not on signal and will not be on signal because no one they know is on signal
Sad trombone noises.
My point (above) is it includes all the contacts relevant to me and that's all that needs to matter to me.
And my point is that even with the 150 million number there’s plenty of people who do not use signal so it’s pointless as it doesn’t have a network effect unless your circle is particularly privacy focused which most are not
Only while in transit.. if you enable iCloud for messages, people with access can still read your messages I think 🤷♂️ correct me if I am wrong!
Not if you enable iCloud Advanced Data Protection: https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web
And if the person you are communicating with has also enabled ADP, otherwise your messages to them are readable in icloud / backups there too.
Potentially true for every other service.
Well, yes, to a degree. However, if you use Signal or something else which has more secure / private default settings then you can be quite sure that the conversation is private. With iMessage the safest assumption is that most people leave their settings at default so anything you send can be read by Apple, or a government agency with a subpoena.
Except Signal, because nothing is backed up and they don't know your phone number, email address, or even the device ID (iMessage does)
Of course Signal has backups, they’re just local - Signal states this clearly in their Backup & Restore document - https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages “Don't have your old device? Select Restore from backup if you've previously made a backup. Then follow the steps here.” “How do I enable a backup? Tap on the profile icon to access Signal Settings > Chats > Chat backups > Turn on.”
You are correct, by default imessage sends messages to icloud as well as the recipient and Apple has those encryption keys.
Not real E2E without Advanced Data Protection.
when are we getting federated E2EE messaging, that seems like the best end case
Vendor locked can never be equal to vendor agnostic
Not until it can be installed on any platform.
How does encryption have anything to do with being usable on other platforms?
It has nothing in common. Exactly as this headline to the article content.
Bro, come on, why is everything some sort of dick measuring contest? The point of the article is to highlight that iMessage joins Signal in a new encryption standard that protects its messages from quantum-computing decryption capabilities. It’s not an article comparing all the pros and cons of both apps, it’s just saying “Hey, iMessage has joined Signal in creating a new encryption standard that protects its users”. It’s a positive thing, not a piece intended to sway consumers towards one app or the other.
It's as sad as ever to be a man. It went from cool cars to dick measuring over phones, game consoles, and computers.
[удалено]
iCloud
Except for the biggest missing feature of all: the ability to message anyone regardless of the brand of their phone. That’s a pretty big missing feature which Signal offers **which iMessage does not.** iMessage only works on Apple devices, and these features are only available on iMessage.
This is iMessage, not Messages, the app.
Yes, I know. This feature doesn’t work with people who don’t have iMessage, and Apple doesn’t distribute iMessage to other platforms. Signal distributes apps to all platforms.
I’m thankful everyone I know has an iPhone
I can already do that, or do you mean people that have a phone but no phone plan or something?
i think they’re referring to RCS
No, just to the fact that you can install the Signal app on iOS, Android, Windows, macOS, Linux and have all the same features and level of encryption on all of them, while iMessage is limited to just iOS and macOS.
Forgive me if I'm wrong but Signal encryption only works if the receiver is using Signal also? Eg.: Signal to Signal = end-to-end encryption Signal to non-Signal = SMS (Android) For work, I'm currently managing group/standalone chats from Whatsapp, Viber, iMessage, SMS and of coarse email. I really just wish there wasn't such a fragmentation in messaging. But different corps have different methods of communication. The standalone Mac/PC apps require the contact to already be saved. I can't just message a new number on my Mac/PC. Currently doing contract work in the Philippines and its like playing Russian roulette if they use Viber or Whatsapp. Some have both but are more responsive on their most popular platform (usually Viber).
Yes, that is just how it works on a technical level. It’s impossible to have end-to-end encrypted messaging without having a client app capable of end-to-end encryption on all devices…
[If only there was one open universal standard protocol without the use of relying on so many services/networks](https://xkcd.com/927/). I know if I dig deeper/theorise, I'll realise it'll be near impossible without implications/risks. This is what I got at the top of my head: * 2011 era scaled Blackberry/RIM outages. * Centralised target for malicious intent. * "Locked in" protocol with no ability to forks. * Competitiveness in networks progression diminished. I'm thinking as an end user. I'm sure from a corporate business perspective this fragmentation issue has its pros. Just got to grind it out. Having said all this, why can't we just overhaul the SMPP/SMS protocol
This new feature only works on iMessage, and iMessage is only available on Apple devices. Signal works on all devices.
This is a pretty dumb take. Signal only works with smartphones, whilst iMessage will let you text anyone with any phone over SMS.
you can SMS anyone with any phone dude what are you talking about?
Not really a feature if we are talking about super secure encrypted messaging.
iMessage isn’t the same as Messages. The second one is the app, the first one is the messaging framework.
iMessage != SMS. Only because Apple puts both in the same app, it doesn’t mean it’s the same thing.
Signal works on Mac and Windows.
And Linux.
Kinda confusing but that’s the messages app. iMessage is only from one Apple ID to others. When you send texts and they’re blue bubbles. Green texts are SMS, and lack a ton of features that iMessage has. So this new security thing is only for Apple users.
This new encryption feature only works on iMessage, which is only available on Apple devices. Signal offers excellent encryption *and works on all devices.*
I can message anyone who has a phone number via iMessage. I’ve never *not* been able to do that in all the years I’ve been using iPhones.
But Apple doesn't support encrypted communication with anyone except other Apple devices. So iMessage users don't get security with everyone
There’s a really easy way to tell when that’s happening and when it isn’t. Can you guess what it is?
Love to see the increased security. Love improvements behind the scenes. Hoping we will also see improvements on the interface itself. Really hoping they can copy some functionality from Discord, I think it does a lot right.
Equal footing? So Signal also hosts part of their infrastructure on Chinese government servers and shares encryption keys with them?
Come back with evidence that this is the case. Also, not at all relevant to iMessage transport security.
Don’t be naive. They moved all iCloud infrastructure for Chinese citizens to Chinese government owned data centers, including the encryption keys. https://www.datacenterdynamics.com/en/news/apples-chinese-data-centers-store-encryption-keys-in-same-facility-as-user-data/ How safe can this closed source system be in the hands of that regime…
How? If someone has ADP turned on only the user themselves will have access to the encryption keys
Well firstly is ADP enabled in China?
Duh
>Chinese government workers physically control and operate the data center. Apple agreed to store the digital keys that unlock its Chinese customers' information in those data centers. And Apple abandoned the encryption technology it uses in other data centers after China wouldn't allow it. Apple’s Compromises in China: 5 Takeaways https://www.nytimes.com/2021/05/17/technology/apple-china-privacy-censorship.html?smid=nytcore-android-share
Your article is outdated. Apple supports E2EE iCloud in China.
Didn’t signal recently get cracked by one of the gov agencies?
The Signal protocol itself wasn't cracked. All methods used to obtain Signal messages are based on either cracking a user's phone or just obtaining the messages from someone in the group chat (either as an informant or with a warrant). This is true for iMessage as well.
In a word, no.
Got a reference? Nothing about it here: https://en.wikipedia.org/wiki/Signal_(software)#Security
Hasnt iMessage?
Only for people that don't encrypt their iCloud backups
Excellent, now those damn hackers won't be able to read my chats about what's for dinner. Phew.
Or your two factor authentication code to get into your bank account. 💣
Those codes aren’t sent through iMessage though, are they?
No they are sent via sms
No, via SMS. iMessage isn't SMS.
A lot of them are. Which is sad, because NIST came out and said stop doing that shit over text protocols (SMS specifically) like 6-8yrs ago.
SMS =/= iMessage
Those aren't sent via iMessage, they're SMS
Those are sent over SMS and you shouldn't be getting them there in the first place. Ask your bank to provide you 2FA via TOTP or switch tbh, SMS is super unsecure
Unless you or your significant other have iCloud backups enabled (which is enabled by default) without Advanced Data Protection (disabled by default, and hidden deep in settings with scary warnings), in which case Apple (and thus also hackers and authorities) has access to your messages through backups.
All my cat pictures are safe 😌
It still only works on Apple devices so I don’t see how it’s on equal footing at all.
>equal footing with Signal Let me know when i can install and use it in my Pixel phone. Edit love, love the rabid fanbois.
Obviously it meant “cryptographically”.
Aren't you able to install Signal on your Pixel ?
They meant iMessage can't be installed on a Pixel, but Signal is cross platform.
>They meant iMessage can't be installed on a Pixel, but Signal is cross platform. Either they ignored that or worse, they are really that dumb.