Follow

threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers.

support.apple.com/en-us/HT2129

· · Web · 1 · 0 · 1

@emanuele Meanwhile, the worst state-sponsored threat is the US government, which they bend over for on demand.

@freakazoid @emanuele

My thought is.. how this notification can be generated?

It must means there's a constant monitoring

@neetx @freakazoid my humble idea? Since the effects on iOS devices are known it's pretty easy to verify if any of those files are present inside an iCloud backup (which it's not encrypted). That's similar to an user using github.com/mvt-project/mvt on his own local backup.

@emanuele @neetx Yeah I imagine they just scan for specific known tools rather than actively monitoring on an ongoing basis. If nothing else it’s cheaper

@neetx @emanuele Don't forget they do scan your photos for (known) "child exploitation material" though, at least if you have it set to sync to iCloud (I sync mine to MEGA but just because iCloud isn't encrypted, not because I don't trust their algorithm). And for child accounts they scan for any nudity at all. In the latter case all they do AFAIK is inform the parent contact.

@freakazoid @neetx AFAIK right now the project has been paused/postponed.

@emanuele @neetx Interesting! I hadn't heard that. I am failing at web search, though. Do you have a reference handy?

@emanuele @neetx While on the one hand fuck NSO Group, on the other hand this has potentially worrying implications for the right to repair and to use your own phone that you bought in any way you see fit.

@freakazoid @neetx what do you mean? How can this impact the right to repair it?

@emanuele @neetx It depends on what grounds they're using to sue NSO Group and how any decision in their favor is worded. If it establishes precedent for going after anyone who helps another person with "circumvention" then that would be very bad.

It impacts the right to repair because companies often include "features" in their devices that detect when "unauthorized" components are used and refuse to work with them. John Deere is notorious for this.

@emanuele @neetx Another one is printers that don't let you refill their ink cartridges or use third party ink cartridges. Heck, there are even coffee makers that don't let you use third party coffee.

@emanuele @neetx An ideal victory would be a narrow one in which NSO Group gets nailed for circumventing device features for the purpose of causing the device to work in a manner not intended by the user. In other words, the goal should be to protect the user, not Apple.

@freakazoid @neetx afaik right now they are arguing that NSO Group broke the license agreement you have to comply with when using an Apple account (daringfireball.net/linked/2021). Nothing related to the hardware usage.

@emanuele @neetx Wouldn't that apply equally for anyone who, say, posts information about how to root your phone?

@neetx @freakazoid «The controversial CSAM photo scanning is not part of iOS 15.2, but may still come later».

@emanuele @freakazoid

Oh I read days ago about these 2 features in ios 15.2 beta in an article in my language, I should have checked better sorry

@freakazoid @neetx «The company found that NSO’s engineers had created more than 100 fake Apple IDs to carry out their attacks». Apple is attacking this, not the/their ability to root the phone (later in the process).

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!