My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/
ACLU is suing the FBI over its efforts to break into encrypted devices. https://t.co/TN8X0Slmnf
— Zack Whittaker (@zackwhittaker) December 22, 2020
Authorities don’t need to break phone encryption in most cases, because modern phone encryption sort of sucks. 3/
So if they can’t crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? 6/
When you turn your phone on and enter the passcode in the morning, you switch your phone from BFU->AFU. 8/
All of the other keys stay in memory. 10/
(This is all well-known so far BTW.) 11/
So it seems that Apple is actually protecting *less* data now than in 2012. Yikes. 16/
Mail (which probably already exists on a server that police can subpoena, so who cares.)
App launch data (🤷♂️)
That’s not great. 18/
Photos
Texts
Notes
Possibly some location data
Most of what cops want. 19/
Why is so little of this data encrypted when your phone is AFU and locked? And the answer to that is probably obvious to anyone who develops software, but it still sucks. 22/
When you protect files using the strongest protection class and the phone locks, the app can’t do this stuff. It gets an error. 23/
But for the most part it’s annoying for software devs, so they lower protections. And if Apple *isn’t* using strong protection for its in-house apps, who will? 24/
Maybe Apple’s lawyers prefer it this way, but it’s courting disaster. 25/
This will be on a pretty website soon. Thanks for not blocking me after this thread. // fin
More from Crime
1. News: Wife of Georgia Democrat Raphael Warnock Accuses Him of Running Over Her Foot, Calls Him a “GREAT ACTOR” in Police Interview -Thread 12.24.20 https://t.co/q9lN8GVdGM #Georgia #Runoff #Tucker
2. News: Arizona School Board Member Indicted for Ballot Harvesting Voter Fraud in Yuma County
3. News: Biden Education Secretary Oversaw Creation of Critical Theory Class for High Schoolers
4. News: Trump Administration Finds Historic Success Rescuing American Hostages 👏👏👏https://t.co/JCpdTbdWDI #BRAVO
5. News: Ossoff Refuses to Release ‘Further Financial Information’ After Controversial Payments Surface - CASHING CHECKS FROM CHINA https://t.co/D4qvHPFGa5 #Georgia #Runoff
2. News: Arizona School Board Member Indicted for Ballot Harvesting Voter Fraud in Yuma County
3. News: Biden Education Secretary Oversaw Creation of Critical Theory Class for High Schoolers
4. News: Trump Administration Finds Historic Success Rescuing American Hostages 👏👏👏https://t.co/JCpdTbdWDI #BRAVO
5. News: Ossoff Refuses to Release ‘Further Financial Information’ After Controversial Payments Surface - CASHING CHECKS FROM CHINA https://t.co/D4qvHPFGa5 #Georgia #Runoff
You May Also Like
BREAKING: @CommonsCMS @DamianCollins just released previously sealed #Six4Three @Facebook documents:
Some random interesting tidbits:
1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition
2) Facebook engineered ways to access user's call history w/o alerting users:
Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.
3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.
4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.
https://t.co/PwiRIL3v9x
Some random interesting tidbits:
1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition
2) Facebook engineered ways to access user's call history w/o alerting users:
Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.
3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.
4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.
https://t.co/PwiRIL3v9x