Email or username:

Password:

Forgot your password?
GrapheneOS's posts Post Back to profile
Top-level
thomzane

@GrapheneOS @josh Not you too! E2EE without the ability to manage your own keys and verify the mechanisms of encryption means that Apple can introduce more ghost keys behind the scenes allowing themselves and others to be included in who can decrypt the information.

Then there is the whole notifications issue where Apple and Google were leaking that which should be local. reuters.com/technology/cyberse

I don't trust Apple.

9 November at 14:03 | Wall-to-wall | Open on daedal.io
2 comments
GrapheneOS replied to thomzane

@thomzane @josh

We never said they had best in class end-to-end encryption support, only better support for it than Google does. Google does have E2EE for certain Android services but it's a lot more limited and has a very limited security model.

> Then there is the whole notifications issue where Apple and Google were leaking that which should be local.

No, you're entirely misunderstanding this. It was about push messaging registration metadata and nothing was being leaked.

9 November at 20:20 | Open on grapheneos.social
GrapheneOS replied to GrapheneOS

@thomzane That story is not about apps sending notifications locally. That story is about apps which chose to use their push messaging services to send messages to the device through APNS or FCM. On Android, FCM is optional and alternative push mechanisms can be used. Apps are choosing to use it. For both APNS and FCM, apps can end-to-end encrypt the messages. For FCM, they can also send empty messages to wake the app and then fetch the data themselves. It's not about local notifications.

9 November at 20:22 | Open on grapheneos.social
Go Up