Extraordinary claims require extraordinary evidence. If you really have access to secret information of that significance and you really are under an NDA that prohibits you from talking about it then why are you casually posting innuendo about it on HN?
To point out that your data isn't safe from law enforcement. Quite the contrary. I think everyone should be aware of the state we are in. And while I can't go into detail about how I know, I want others to be aware that anything on their devices is fair game. Now a day's with or without a warrant. Three letter agencies are operating with impunity. Using this very tech.
Again - extraordinary claims require extraordinary evidence.
It's no secret that there are groups actively looking for new exploits and that sometimes vulnerabilities are discovered that become zero days. It's a good bet that police and security services take an active interest in those vulnerabilities when they are found.
But that's very different to claiming the police can easily unlock any device any time they want to and there is a range of private companies around who provide that service to them.
It's not extraordinary at all. Ron Wyden, a US Senator subject to special briefings, basically repeated the same thing when asked about federal backdoors:
"As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information," Wyden wrote.
Push notifications for e2e messaging apps carry e2e encrypted payload, which can’t be decrypted unless Apple reads the private keys from those apps sandboxes…
That document appears to be over 4 years old, predating the availability of Apple's Advanced Data Protection system that claims to provide proper E2EE on most iCloud back-ups. The latter was controversially the subject of a specific legal attack by the British government using the Investigatory Powers Act resulting in Apple withdrawing the feature entirely from the UK market rather than compromise the security of their system - according to public reports anyway. Before ADP much of the data stored in iCloud backups was not fully end-to-end encrypted and Apple itself did not claim otherwise.
I'm going to assume they are referring to any cloud backups of said devices. Since they are stored on servers managed by not you and are unencrypted, able to be accessed for "national security reasons".
There is nothing extraordinary about a claim that multiple commercial organisations routinely and reliably defeat the security of modern devices on behalf of law enforcement - something that would clearly undermine numerous public claims about the security and privacy of those devices made by their manufacturer? You and I have very different ideas of what is extraordinary!
Multiple vendors advertise and sell devices and software to crack iPhones, they have for years. In the US, any decent size city or county sheriff has access to one. State level forensics labs probably have several types.
The manufacturer provides the means to bypass many of the cheaper tools, but few people use them.
There are more exotic tools that can bypass security controls. These are more niche and not generally available to law enforcement. There may be some crossover when counter-intelligence interfaces with law enforcement. (Ie. FBI, DEA, RCMP, ICE, etc)
There are a lot of things that are publicly known but if he's signed an NDA he can't point at them or acknowledge their authenticity. Anyway Pegasus isn't even the correct ballpark lol.
Just about every confidentiality clause or NDA I've ever signed had a provision specifically excluding information independently in the public domain from its scope. I find it strange to the point of lacking credibility that someone working in a security-related field would have an NDA that required them to pretend to ignore even public domain information yet permitted them to post the kind of innuendo seen in this discussion.
Why should I disclose public domain knowledge when it’s public? The whole point was to point out there’s ways that aren’t public being used.
Believe it or not, I actually care about privacy. Innuendo is not my intent, no maliciousness here, only stating there are programs that have access to your data. Telegram/Signal/Encrypted or not. They don’t need access to your device. Only access to the Internet.
The whole point was to point out there’s ways that aren’t public being used.
For which you have provided not a shred of evidence here beyond the same type of innuendo you've been posting all along - even while implying that some of this is public knowledge that you could therefore cite to establish at least some credibility.
Your claims in combination appear to require that the technical foundation on which almost all serious security on Apple devices is built must be fundamentally flawed and yet somehow this hasn't leaked. That's like saying someone found an efficient solution to the discrete logarithm problem and it's in widespread use among the intelligence community but no-one outside has realised. It's theoretically possible but the chance of something so big staying secret for very long is tiny.
As I said before - extraordinary claims require extraordinary evidence. Thank you for the discussion but there seems little reason to continue it unless you're able to provide some.
