I know this is a tangent but honestly, this is why the Google decision to de-openify Android is insane even from Google's point of view. Who would want to be an iron clad gate keeper when the world is descending into authoritarianism? You just paint a giant target on your back for the authoritarians to come after.
If Apple had supported open iCloud alternatives for backup and other services from day one, it woudn't even be a discussion now. The UK probably wouldn't have thought of the idea of mandating against E2E encryption because it would be self evident it would actually just churn people to alternatives where they have less leverage and visibility. But Apple couldn't resist bricking up the walled garden and now it's hostile to both them and their users, and to be honest, everyone on the planet since it is obvious that once this happens in the UK it will be silly for every government everywhere not to follow suit.
Who would want to be an iron clad gate keeper when the world is descending into authoritarianism?
Powerful people don't think this way. They think they can leverage the authoritarian regime to their own advantage. They're biased to ignore risks and seek out opportunities. That's what got them to their position of success!
They are until they aren’t. Look at the Russian regime. Even billionaires could find themselves on the outs. All that money and to live in fear of open windows.
Yeah there was this great cartoon many years back where a guy is on his computer and the FBI is looking over his shoulder at his screen. A character named 'Facebook' is pushing him aside and says "Let me show you how to do it". When you look at the cartoon for a minute or so you see in the shadow in the back of the room this robot labeled 'Google' and he's just quietly observing.
I think the fact that Apple is having to fight this fight is evidence of why they were right to make a secure walled garden. I don’t know of any other service I would recommend my mother use for securely backing up her phone.
I think the UK is ultimately going to roll back this law. I don’t think this means that iCloud E2E is hostile to Apple or its users. I think Apple is going to win.
yeah guys, we don’t win by using free and open technologies, we win if we all buy {NAMECORP} devices, that’s true victory right there, backed by a real warranty, that’s what grandma wants
This whole idea of conflating a closed system like Apple has created with authoritarianism is silly. If anything authoritarianism is the UK trying to force Apple to open up (so they exploit it to monitor their citizens).
Apple created a product, not just the iPhone but a whole ecosystem that’s supposed to help the user feel secure. There’s isn’t the only product out there and as long as they’re not preventing new competitors, everyone needs to back off.
Android has been a fraud for a long time now. Let's not pretend that the "open-source" mobile OS that was supposed to free us all from vendor and telco tyranny ever approached that promise.
Did they even really try?
As far as iCloud "alternatives" go... Android doesn't offer ANY legitimate syncing infrastructure to compete with iCloud, open or not.
Chances are the UK government would require them to create that backdoor for them, and Apple would publicize that (implicitly, if the UK government would also forbid them to tell it explicitly)
simply i will be starting using Linux distributions on the devices which support them. Usually the gsm wcda etc are too much buried in patents and mostly closed source, but eventually how android bloomed initially as it was open source. I believe one day Linux will be there and again google and apple can have something to worry about and they will again open. One major thing is why google allowing people to use Linux apps on their android 16-17 by default i guess is because of this.
I mean, I think the answer to this is the very simple: they think it will lead to more money.
I'm sure someone in a board meeting saw something about GrapheneOS and LineageOS and Cyanogen and feels like if they de-open Android, some (or most) of those users will move to vanilla Android, and that will lead to profits.
I'm not saying that they're right about this; I think ultimately very few (if any) people actually know how to run businesses and it's all about giving an appearance of maximizing profitability, and as long as it leads to a potential short term stock boost then these executives get their huge bonuses and they can just blame the next guy when things break.
This isn't really theoretical; look at how Jack Welch took one of the most respected companies in the world, more or less integrated ponzinomics to temporarily bump the stock prices, and 20+ years later GE is kind of a joke and isn't even on the S&P500 anymore.
I don't have exact numbers, but I'm sure Graphene, Lineage, and all of the mods combined are much less than 1% of all android users; as well as these customers being less profitable than average as a marketing target.
I don't dispute that at all. I don't think it matters, it just needs to look like they're doing something to avoid forks and the like.
That said, there might be stuff that's actually using open source Android for profit. For example, the Nook Glowlight Plus, which runs a modded version of Android, doesn't appear to have any direct or even indirect references to Android anywhere (and I had to contribute a bit to the discourse to even get the rooting to work [1]). I have no ideas about the inner dealings of Barnes and Noble, but it wouldn't surprise me if they're running a completely forked version of FOSS Android and aren't paying a dime to Google for it.
I suspect these are the things that Google is trying to crack down on.
The phone was the end of open computing, the tech companies obtained an iron grip on the platform, this time with fully accepted total monitoring and data collection down to everything you say, hear, everywhere you go, and with smartwatch biosensors, everything you feel. The only thing left is to get smart glasses and they will know everything you see. Smell they can probably interpolate.
It happened over a decade ago, and that might as well be 100 years ago in modern attention spans. All the governments have to do is pay the companies money, or simply force-legislate, or threaten under the table for all that info, and for permanent forever access to active tracking and monitoring.
AI provides all the analysis they need to watch the firehose. It's all there.
At this point it doesn't matter if an alternative comes. It'll be such the minority, that the social graph will fill all the holes. And they can simply track your IMEI regardless from the towers, listen in with other nearby microphones/phones. There is no escape.
All that remains is for the key to be turned for worse-than-1984 authoritarianism. It's right there, ready for the AI-empowered 50% of consumption controlled, 90% of stocks owned oligarchy to use.
Open computing still exists. It's just overshadowed by the prevalence of locked mobile devices because those are convenient and good enough for the vast majority, who would rather use those than a less convenient desktop, laptop, or even raspberrypi.
Surveillance on the internet is challenging to avoid, but internet surveillance and tracking doesn't extend to (outside-of-browser) local compute.
Taking inspiration from the East India Company, Apple should colonize the UK and take over the government - the iGovernment, if you will.
Citizens will regain their right to e2ee privacy, they will not have to deal with voting for mediocre politicians to lead them. Instead, Tim Cook will be their new leader, and every morning over the mandatory installation of HomePods in each home, citizens will be greeted with an ecstatic "Good morning!" to get them energized for the day ahead.
Voting will be done via iPhones, where FaceID will verify the eligibility of the voter before the vote has been submitted.
I have wondered why the likes of McKinsey, KPMG, and PWC do not put up candidates (don't even sponsor them, just say you're electing _well known consultancy_).
1. Why would McKinsey etc be interested in a well-functioning government? Best argument I have is that if the economy grows then government (and private) spending on consulting may grow.
2. Note that the consulting firms already managed to get the legislation they most cared about – creation of the LLP as a kind of entity – despite not having any candidates
3. If the government is too associated with a big consultancy then (a) they may be pressured out of giving them contracts (not good for McKinsey!) and (b) failures by that consultancy will be highlighted more than usual in the news (also not good!)
4. I mean plenty of people would go through the consultancy meat-grinder before becoming politicians. If you are training juniors to think similarly then that may carry over after they leave.
That was basically Rishi Sunak, but going beyond that voters really hate it when you make the corporate control obvious.
However, they don't ask questions, so one layer of money laundering is completely fine. Nobody asks where the funding for Farage's various projects comes from, for example.
“This year, we’ve completely redesigned your governmental doctrines from the ground up - increasing governmental synergies by 700% compared to the M1 chip…”
Our plan is to install our government under the tyrannical rule of a dictator, then fire that dictator, slowly collapse for a dozen years, and then rehire the dictator. Then we just sit back and let him cook.
The very Wikipedia page you link explains in great detail why, although we can never know for sure, it's actually unlikely that he committed suicide, and more likely that his death was an accident.
The suicide story will probably never go away, because it's too good a story. It fits so neatly into popular culture.
I read that section word by word and I honestly don't think it "explains that it's actually unlikely that he committed suicide." The opinions are diverse at best.
Even if he didn't kill himself and even if it was an accident, he still was very much fucked over by the British government. They stripped his security clearance and made him a felon and made him take female hormones. This guy cracked the uncrackable code and basically (co)invented Computer Science, but all they cared about who he had sex with.
From the wikipedia article:
> Turing may have inhaled cyanide fumes from an electroplating experiment in his spare room
How would he have put himself quietly to bed if he had gotten a fatal dose of cyanide in the spare room where the electroplating was taking place? Wouldn't there be very fast respiratory distress?
A highly acute dose could kill in seconds, but a lower dose can cause confusion, headaches, dizziness and more prior to inducing a coma and death.
It is not outside the realm of possibility that he became confused and in pain, decided to lie down to sleep it off, then died in his sleep. My own father in law suffered a significant blow to the head and, despite knowing all the signs of a concussion and what to do about them, got up and slept it off- the very last thing one should do. He was simply too confused to do anything else.
His story had a happier ending than Alan's, but it goes to show that the accidental death theory isn't implausible.
> While it is common advice that someone who is concussed should not be allowed to fall asleep in case they go into a coma, for general cases this is not supported by current evidence.
> Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
I don't understand the core of this advice. So if you're in the UK and do all the above, can you suddenly get similar E2EE cloud storage from a different provider without a UK government-mandated backdoor?
The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Not that there aren't other reasons to be skeptical of American companies' right, but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
> but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
Right. This, right now, is 100% a UK problem. De-Americanising your tech stack isn't going to fix the political issues domestically. Hence Apple pulling ADP out, they made the choice of not complying with the UK and not offering the service instead of compromising the service for everyone else in the world.
UK citizens need to direct their attention inwards against their own government.
Last time I was in the UK, the news (BBC) was bizarrely 90% American politics. Trump this, Trump did that, etc. People there knew American politicians better than the people who actually represent them.
> There is no European alternative that is any safer
How do you figure that? If you're worried about your privacy in the UK, keeping your data in a Five Eyes country cloud provider is a very bad idea, arguably even worse than keeping it in a UK cloud provider where it becomes a domestic legal matter where you at least get a day in court, not a foreign intelligence matter where you don't. And the US is a pretty bad place for anyone's data given a) its lack of robust privacy laws (and large commercial data-trafficking ecosystem) and b) the National Security Letter system.
While there is no perfect country, somewhere like Germany or the Netherlands seems a much better bet.
>The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Disagree. Australia and also likely Canada have identical these laws. And once the capability is in place, its likely that the US can all writs access to the same tool. Apple is unique in that it has a semi legal canary, in choosing to withdraw the services instead of complying.
You cant trust any tech company that remains located in the 5 eyes nations.
I am not aware of good alternatives, but worst case you can run up a VPS with Owncloud or something.
It's not a backdoor per se. UK just banned using E2EE (at least for Apple users' data). I don't think though they can ban E2EE in general - like, if I upload a binary blob to a data store, how would they know whether it's encrypted or not? Short of banning all strong encryption completely (which even UK yet is not stupid enough to do) it's not possible to prevent. But they did not build a "backdoor" into encryption - they demanded that, and Apple refused, so there's now no encryption at all for UK users. There's no door.
They are just going for service providers that make E2EE easy for users - clearly betting on the fact that people they want to surveil would be too lazy/incompetent to use a custom solution providing strong E2EE encryption. And they may be right - most iphone users would keep using the same services even with the knowledge that the data is now widely open - and eventually of course will be breached and available to every kind of criminal, as it happened many times already with other massive data warehouses.
But I believe even is the UK you still can encrypt your own backup and upload it, e.g., to rsync.net and nobody would be able to stop you. Just most people won't.
E2EE cloud storage is not some kind of magic that only tech bigcorps can provide. I de-Dropboxed a few years ago, replacing it with Syncthing running on a local NAS with e2ee backups in Backblaze and Wireguard VPN out to my mobile devices. Sure, this is not the sort of thing most people can set up for themselves, but I don't think that's particularly relevant in context.
Syncthing and e2e is great but the issue is that the law force you to give away your phone and your password if asked. Meaning, they have the encrypted data on your phone and the password to unlock it.. same for computer ofc.
If you're in England and have to keep things secured (including from government eyes), i have no idea how you can do. They soon will be allowed to put a camera in your small room and watch you take a dump.
Memorize a long passphrase for encryption, dont keep it anywhere and when forced to give it up, say "I forgot it". This is partly a joke but only partly.
My new high-privacy, high-control data management solution revolves around pen & paper. As far as I am aware, these implements have not yet been banned in the UK.
I don't know why everything must be digital. If you don't put it on a computer, it's almost as if it doesn't exist. If you do this often enough, it is almost as if you don't exist.
In the latest Janus Cycle video he explained how he started carrying an IBM WorkPad c3 around to manage his contacts and appointments. I found that a great idea for people like me that struggle with deciphering their handwriting an hour later.
I've thought of going back to a palm pilot for the same thing. There are tons of Handspring and Palm Pilot Tungsten versions on ebay for under $40.
I believe the Palm T2 and T3 had bluetooth so would be interesting if you could connect the two to keep contacts and appointments off your smartphone. I'm seeing Handspring Treo 650's for under $100 as well.
Party members were supposed not to go into ordinary shops ('dealing on the free market', it was called), but the rule was not strictly kept, because there were various things, such as shoelaces and razor blades, which it was impossible to get hold of in any other way. He had given a quick glance up and down the street and then had slipped inside and bought the book for two dollars fifty. At the time he was not conscious of wanting it for any particular purpose. He had carried it guiltily home in his briefcase. Even with nothing written in it, it was a compromising possession.
The thing that he was about to do was to open a diary. This was not illegal (nothing was illegal, since there were no longer any laws), but if detected it was reasonably certain that it would be punished by death, or at least by twenty-five years in a forced-labour camp. Winston fitted a nib into the penholder and sucked it to get the grease off. The pen was an archaic instrument, seldom used even for signatures, and he had procured one, furtively and with some difficulty, simply because of a feeling that the beautiful creamy paper deserved to be written on with a real nib instead of being scratched with an ink-pencil. Actually he was not used to writing by hand. Apart from very short notes, it was usual to dictate everything into the speak-write which was of course impossible for his present purpose. He dipped the pen into the ink and then faltered for just a second. A tremor had gone through his bowels. To mark the paper was the decisive act. In small clumsy letters he wrote:
Because no US corp can promise you true E2EE. Even an app like Signal - are you sure the version you're getting from the App Store is always the one with "unbreakable E2EE"?
With Signal they provide a toolkit you can use to verify that the checksum for your App Store download matches that of the public build or one that you compile yourself.
edit: This is apparently currently not working for Apple and MS builds.
If you're making money in the UK, they have a lot of legal authority over you.
If you're based in the UK, they have a lot of legal authority over you.
If you're neither of those things, they might complain, but the actual consequences are close to nil.
And they're not banning the tools (this is arguable, but they "can't" logically, as you point out). They're banning businesses from providing the tools.
Thats reassuring...but still frightening, just less so I guess.
Most of my homelab is self-hosted (Cloudflare and Tailscale stop me short of saying it's 100%, plus an Oracle VPS for a Minecraft server if you count the WHOLE stack I guess)...and you tell yourself its 'better to own your own data' or whatever your personal mantra is, but it's bizarre to see this play out
You may think you're being sarcastic, but you are just stating a true fact here. For about 99.9% of this planet's population, it's not just hard, it's something they'd never ever know how to do and have no intention to ever learn. Like it or hate it, but that's what it is.
And, for 99.9% of people who know how to do that, they'd still be too lazy to do it properly (hint: where do you keep secret.txt exactly? What happens if your dog eats it?) and will use some third-party solution instead.
Reminds me of using Ansible Vault and preciously encrypting every secret (so we can say that repos doesn't contain any secrets), then just putting ~/.vault_pass in plaintext on every Ansible controller to be taken by anyone with access to the servers.
The author of AGE has a great point in the below blog post [0]:
If you use something like SOPS or just check age secrets into a git repository next to source code, you need an authentication story for the whole repository. Having authentication for the secrets will do nothing if the attacker can change the source code that decrypts and uses them.
That story can simply be “we trust GitHub” like most projects. Encrypting secrets with age will keep them confidential even if the project is Open Source, and anyone wanting to replace them will have to make a PR even if they can generate a new valid age file.
There are hundreds of millions of people who have memorized megabytes of baseball statistics, pop song lyrics, celebrity relationship trivia, vehicle model data, sitcom character biographies, comic book plots, makeup shades, travel routes, mixed drink recipes, MtG card modifiers, etc.
At a certain point, one has to realize that pulling the "normie card" is not a viable excuse, given the wide array of knowledge that humans routinely pack into their brains.
Hidden. Encrypted. And the passphrase is: at 5,21 which is the 5th line on page 21 of your favorite book. Which you have more than one copy of, because you like it that much. And you need copies to lend. Or you have the PDF from Gutenberg.org?
And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
It might be a favorite quote, like "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Augmented by the above date if needed?
Hidden where? Are you writing it on a post-it and putting it on top of your screen? Are you keeping it in your wallet? In a safe? What if you lose it or your house is flooded?
> And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
How sure are you that you'd remember all that scheme for 20 years? How about 50 years? Some documents may be relevant for a very long time. What about if you need more than one key? What about if you need to give access to one document to specific set of persons?
Once you consider all the scenarios that can happen through a lifetime, you start to understand why managing all those complexities correctly is not trivial. And that's why people pay third parties to do it for them. It's not because encrypting a bag of bytes is hard. It's because of all the things that surround it.
Some people are lucky with memory that works extremely well with numbers. My memory is average but when it comes to numbers, I remember serial numbers of certain products, enrollment numbers etc from more than a decade ago.
HP-L170 (A monitor I bought)
QW4HD-DQCRG-HM64M-6GJRK-8K83T (Windows XP key)
10396-9 (My enrollment number for board exam)
I remember a bunch of long-ago-abandoned phone numbers as well.
As of now I have to care for my (digital) backups, that is, I cannot ignore them for N years. I had to copy things from discettes to magnetic tape, from tape to hard drives, etc. I have to periodically check my backups if they are restorable. That's life.
It's the same for documents, as for secrets, which I have to transfer from one medium to another, I have to check that I remember secrets and passphrases. And places. As I already said, that's life.
The double entendre occurred to me, I don't disagree.
But the relative ease does not merely apply to users, but to the barrier of entry for alt products as well.
Consider that the current paradigm is contingent on the "blind trust" users have held in tech for a long time. It's possible that a new kind of app will thrive in a different paradigm.
For example, is there any reason we couldn't have a simple "message wrapper" which only sends encrypted payloads via SMS or Email and decrypts on the fly in a secure sandbox? Easy for the user and hard to regulate.
Threat modeling is important of course. The UK government does have tools with which to punish people who don't turn over the cleartext of targeted documents once it's directly investigating them, but that's not scalable. The method the grandparent comment proposes greatly reduces one's exposure to mass surveillance, criminals, and abusive service providers.
>Not all of those companies will loudly object in the way Apple does.
This assumes that Apple has loudly objected to every government request for backdoor access and also that they have never acquiesced to any of those requests.
Hopefully pretty soon Apple will have to provide the same functionality iCloud monopolizes so you can have an equivalent service. But right now you can do an encrypted transmission to a privately-owned NAS like Synology and then E2E cloud storage provider of your choice, with the caveat that things like background syncing are strategically monopolized and no app may backup your full phone.
It's a bit like the famous HN post where somebody said that Dropbox is not needed if you have rsync and friends.
Technically this can even be correct. You can build and operate a good, secure solution for yourself if you have time and skill to build. Could make sense for a company handling sensitive data. Would hardly make sense for most individuals who are not professional SREs / SWEs. (To check how it feels, an engineer can try to sew themself a pair of pants to wear daily, or do something similarly mundane in what they are not skilled.)
A solution that can reliably work for non-experts is very important.
Sure but in this case most of the difficulties are artificially imposed by Apple, depending on how the tribunal responds to their alleged iCloud monopoly it could become as simple as choosing a compatible provider and putting your username/password in.
And as soon as you have "a provider" as a business entity, UK government can ban them from providing E2EE solutions to Apple users the same way they did ban Apple. Or the provider would just silently bend over hand hand all the keys to the UK govt.
They can't police every online server you can possibly rent, and they can't police them "all at once" like they can with the Google/Apple duopoly, all they can do is go after them one-by-one as they need access and as we see with 4chan, rejecting their assertions on jurisdiction is certainly an option.
They can't. But they can police any service that has substantial number of users. And that's what most of the people would use. So, the hardened criminals would use their own underground darknet services which the government couldn't breach, but the regular people would have no privacy at all.
> 4chan, rejecting their assertions on jurisdiction is certainly an option.
4chan can tell UK regulators to take hike because 4chan has no business presence in the UK. Any service that does want to serve UK users and is successful in doing so, will eventually find itself in UK regulators' crosshairs. For services that are based outside UK, they'd just stop serving UK users because that's the easiest way to handle it. Which is completely fine with UK regulators, in fact, that's exactly what they want - so that nobody would be able to provide privacy to UK subjects.
On personal level, you have to choose whether your priority is privacy or convenience. If its privacy, no whining about 'I want this and that and I am too lazy to rollback' is relevant.
Never trust US services, 3-letter agencies are endlessly greedy to fill your profile with another tens of thousands of data points. As do all advertisers all around the globe. As do (with various success) all other governments and private companies who have something to gain, HDD storage has never been cheaper and all personal data are worth gold and beyond.
Or if you have to use them, use your own encryption with strength to not be broken for next few hundreds of years, to stand a chance. That is, if you actually have something to hide, but I have never met a person who really doesn't :)
It seems like the real solution is de-UK'ing, a wise move for a number of reasons. Move to the continent, to Ireland, or the US (or Australia for that classic British expat experience), but leave the sinking ship. Ideally the time to leave was when the passport was still in the EU, but now is better than never.
I have done all this. All inhad to do was provide my passport scans, fingerprints, photos of my face, phone number so now I can use tencent cloud in china! /s
It's more likely to be a problem with Apple (and Google) because they have put themselves in a position where they are a gateway to everybody. There are multitudes of online storage providers outside of the UK's reach and jurisdiction but 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
Allegedly it's deliberate, according to a pair of legal actions they face in the UK (hearing in 9 days) and US (hearing in August 2026).
> 13.1 a set of technical restrictions and practices that prevent users of iOS from storing certain key file types (known as “Restricted Files”) on any cloud storage service other than its own iCloud and thus ensuring that users have no choice but to use iCloud (a complete monopolist in respect of these Restricted Files) if they wish to meet all their cloud storage and/or back up needs, in particular in order to conduct a complete back-up of the device (“the Restricted File Conduct”); and/or
> 13.2 an unfair choice architecture, which individually and cumulatively steer iOS Users towards using and purchasing iCloud rather than other cloud storage services, and/or limit their effective choice, and/or exclude or disadvantage rivals or would- be rivals ( “the Choice Architecture Conduct ”). See further paragraphs 6 to 9 and 97 to 132 of the CPCF.
> 30. By sequestering Restricted Files, and denying all other cloud providers access to them, Apple prevents rival cloud platforms from offering a full-service cloud solution that can compete effectively against iCloud. The cloud products that rivals can offer are, by virtue of Apple’s restraints, fundamentally diminished because they can only host Accessible Files. Users who want to back up all of their files—including the basic Restricted Files needed to restore their device at replacement—have but one option in the marketplace: iCloud.
> 31. There is no technological or security justification for Apple mandating the use of iCloud
for Restricted Files. Apple draws this distinction only to curtail competition and advantage its iCloud
product over rival cloud platforms.
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
Not according to the UK, lately. The problem is still domestic. UK wants to exert this control over any service a UK citizens happens to use, whether they have a UK presence or not. Same with the ID/Age verification stuff.
Moving away from Apple and Google probably is something they should do, but it's not going to be a solution to the problem of the UK government's overreach.
UK citizens need to turn their attention inward against their government.
To be clear, Apple and Google both have huge UK presence. I don't know the extent of Google, but Apple has offices with thousands of people working in them. Compliance with what the UK wants in this regard is not optional.
What the original poster does is completely misplace blame under the guise of "clever" writing - blame should be assigned squarely on the idiotic policies of the UK government.
They are, and most time this allows them to abuse you. But what do you think happens once you that gateway is blown open, isn't your front door next?
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
What I said above means that once you normalize the situation that providers have to open the gate to your yard whenever the state comes knocking, the state will just come knocking directly at your door. In other words I'm not sure the state will stop in its pursuit of access to your data when it can just incriminate trying to evade the law by storing it out of reach.
> But what do you think happens once you that gateway is blown open, isn't your front door next?
Yes this is the way policing should work, if they think you have done something they knock on your door rather than go to Apple and Google and compromise the entire population all at once through the convenience of their monopolies. Bonus points if a judge needs to grant them the privilege of knocking on your door too.
> Yes this is the way policing should work, if they think you have done something they knock on your door [...] Bonus points if a judge needs to grant them the privilege
How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"? They went after the gatekeepers because they wanted a one stop shop for accessing people's data. They will look to take the same easy road in the future and there's nothing easier then framing any attempts to keep data out of UK's reach as a crime. They get your data or get you for not providing the data.
The law will be "stupid", tech savvy people will find ways around it. But it's enough to throw a or a noose around as many people as possible and tighten as time goes by. Authoritarianism 101.
> How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"?
By suspecting you of a crime first, then they can establish access to your device through legal due process and access the data on your device or imprison you for not facilitating it. Same thing they do with computer passwords and whatnot.
Although effective, this particular technique does not scale very well. Even if the UK had 100,000 kidnapping wrench torturers, it would take ~2 years for them to get through to pulling everyone in the UK’s teeth.
People need to hold the UK government responsible for its crimes against humanity. Until the AUMF which resulted in the utterly reprehensible "War on Terror" is rescinded and the crimes committed under its enactment fully prosecuted, the authoritarianism will continue.
Remember, people, these are WAR CRIMINALS driving these policies forward. To expect this class of individuals to adhere to democratic, western values, is naive in the extreme.
The same people who have no problem with genociding a million people in the middle east enemy-state-de-jour are not going to give one fig of care to the local human rights violations that they are also getting away with.
The West has a war criminal problem. Until we solve that we cannot do a damn thing about our human rights problem.
Ah yes, 70 million people find a country they are eligible to move to, quitting their jobs, uprooting their families. Definitely the most straightforward fix. Thankfully other countries have no problems either, or they'd have to leave from those too!
The actual straightforward fix isn't available to us - namely, we aren't due a general election until 2029 and right now the "good guys" are in power, so it's not at all clear that anyone would even offer to reverse this TCN if they were elected instead, in 4 years time.
* They offered local councils the chance to request it if they were going through a reorganisation or devolution process.
* 18 councils requested and 9 were accepted as justified.
* And even those are only delayed until May next year (one year after the rest of the UK).
So to be clear the UK government not only didn't postpone the general elections but half the councils who requested the local elections were postponed were denied, with the other half having reasons and still doing it a year later anyway.
And all that is actually covered in the page you link to.
Fact check - the UK hasn't postponed the general election.
Your link points to _some_ local council elections (the people responsible for bin collections, parks and care homes) and the extension has been requested by the local councils themselves.
I wish they would help get as many reform councils as possible. Given how incompetent they have been in the ones they did get elected, I think it would put a damper on the enthusiasm of their supporters.
> You need to start that because, as we recently learned, at some point in the very near future Apple is withdrawing its Advanced Data Protection (ADP) feature from the UK altogether as a result of the Home Office TCN through the Investigatory Powers Act.
So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I can encrypt anything and store it in anything that provides storage. Why are people acting like "end to end encryption" is a feature you need a cloud service to provide to you. Rather the opposite - it's really something you can only do yourself.
The closest I've found is VeraCrypt, which is near the edge of what I'd call layperson-friendly. But if you store a VeraCrypt drive on the cloud, you'll need to re-upload the entire encrypted file--usually quite large--every time you change anything at all. That's a _lot_ of bandwidth, and likely to be quite slow to sync.
In the extremely unlikely event that I'm compelled to by a judge, yes. Or if someone chooses to beat me with five dollar wrench, of course. And even then A) it can't happen without my knowledge and B) I have the option of refusing and bearing the consequences.
I didn't say it solves every problem, just that it's the only way to have proper end-to-end encryption.
This seems like a job for a truecrypt style system. Either you do it at a file-level, or you have it split into (say) 10MB file chunks, and if you want to access a certain file you have an encrypted local db that acts as a magic decoder ring ("file test.csv is spread across CLOUD1.DB CLOUD3443.DB CLOUD132.DB").
Combine that with steganography (Enter real_password, and test.csv is a list of bank accounts, enter fake_password, and test.csv is a list of apple store locations, enter random_password, and it decodes junk). Maybe combine that with multiple layers of passwords (one ring to rule them all, except certain files).
Obviously, you'd want to steganographize the decoder ring as well.
> So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I suspect it's because whilst other services would be affected we only know about Apple currently and, thanks to iOS and Mac, a large percentage of the population will be using Apple by default for the services impacted. Only Google (Android) and Microsoft (Windows) really overlap in that regard.
> it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
From the linked article:
> I’m not going to tell you where to move your stuff other than to say that if you’re moving it from one big tech company to another, you’re just being daft. Likewise, if you’re moving your stuff to a non-e2ee service, don’t bother. If you need an e2ee service try Proton. They have a Black Friday sale on.
The title felt like there was a greater issue with Apple specifically. There wasn't. There was a greater issue with the new UK laws and cloud storage systems. I think people deserved a clarification before getting wound up about it before reading the article.
Yes, it's nothing to do with Apple per se - any major E2E provider would be under the same attack. The problem here is UK government is drunk with power and doesn't want their citizens to have any privacy rights, and UK citizens are largely ok with that, as evidenced by them keeping to elect such governments. Apple is just the most prominent target of the attack - eventually, they will try to attack smaller targets still, and make usage of the strong encryption as hard as possible, maybe outlaw it completely and mandate government key escrow. They already tried it in many countries, and UK seems to be very ripe to try again.
> UK citizens are largely ok with that, as evidenced by them keeping to elect such governments
I don't think that's true. I think plenty of UK citizens do want better privacy rights and data protection, as evidenced by the very large petition against national ID cards for example.
It doesn't win the vote because it's not the most important factor when it comes to voting, because there are bigger issues people care about more.
Many people are somewhat despondent, due to economic decline, ever-increasing pressures and poor prospects for so many people. There's no choice of party which simultaneously supports privacy rights at the same time as other things most UK citizens appear to care about more, which can also survive the intense tactical voting pressure under the FPTP voting system. Consider that most people who voted Labour in the "landslide" last election appear to have done it tactically to "get the Tories out".
So issues like privacy which aren't at the top of people's concerns, end up not having much influence over voting decisions.
The Lib Dems and Greens are the nearest to that, imho. Of the major parties, they seem the most aligned with privacy rights in their DNA, as far as I can tell.
Reform are getting some political benefit from talking up privacy at the moment, and they stand a real chance of winning next time. But I doubt very much if Reform would ever implement real privacy rights. I think it's just opportunistic dodgy politician talk in their case, and that real privacy isn't in their DNA at all, because they don't believe in universality of human rights. They are openly eager to remove the Human Rights Act and strip many people of those rights, after all. Strong online privacy also clashes with one of their core missions, to find and deport vastly more people than before; privacy clashes with that both on grounds of investigative capabilities, and on grounds of principles and rights. I could imagine Reform trying to offer strong privacy only for approved citizens, alongside mandatory reporting on other users, but the contradictions in that are too much.
> It doesn't win the vote because it's not the most important factor when it comes to voting,
This implies there's a vote for and against it, but is there? I didn't see any party or serious political movement raise this as an important issue. Why? Because they assume it won't bring them any additional votes, because their potential voters don't care. If they don't care, they get what they get.
> So issues like privacy which aren't at the top of people's concerns
So, you are agreeing with me. If you say "sure, I'd like some privacy, maybe, but I don't care enough about this to bother to tell my rep that I'm even interested in this" - then you are "ok with that" as I said.
The issue is with Apple specifically in the sense that they have been offering a superior E2EE cloud storage service that will soon be denied to UK residents (IIUC, E2EE isn't offered by their competition e.g. Google, Microsoft). But the article goes out of its way in its first section to note that Apple isn't in the wrong at all here:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
It is, if you care about the issues the author evidently cares about, "time to start de-Appling". I am a satisfied ongoing customer of Apple and I didn't find this headline to be the least bit inflammatory. It is, at worst, minor clickbait—but it's not really bait at all, since the contents of the article match the headline.
FYI, this is not about a law, this is about a Technical Capability Notice. This is a thing the UK government is able to issue to a specific company or companies, that require them to implement technical measures to enable data collection. This applies only to the company/ies that the notice is issued to.
That could be one of them, some of them or all of them, but it's not really a law that automatically applies to all of them.
Everything a government does is about a law, but, even if only Apple had received this notice, why would it change the unfairness of singling out Apple? Did UK government issue this request as their final request of this kind? Did they forbid any further requests to be made? Did they single out Apple out of something specific to Apple Inc (or, say, United States) or did Apple happen to be just too visible?
Singling out Apple in the article's title sends the wrong message here. The author should have gone with something along the lines of "UK residents should stop using E2EE cloud services". Current title implies there might be a safe E2EE service in the UK. Heck, they even claim that in the article: "If you need an e2ee service try Proton" as if Proton is exempt from getting a notice from the UK. It's not.
No, you got it right. Anti-Americanism is one of the few canards that the UK government can use as a boogieman to force through their most questionable policies.
One of the most shocking things about Europe when I have visited is what your average European (or Brit, since I guess they don't call themselves European anymore) thinks the US is like (even ignoring politics, just basic standard of living stuff). They've never been and probably will never be able to visit so all they know is what they've been told. When they do visit, they return with a much poorer opinion of how their country is doing. That's why the "I was lied to..." clickbait is so common in European made US travel videos now.
What are they being told, and how can it take hold, when there are so many movies, YouTube videos, tv shows, news outlets, etc that show what it’s like in the US?
Unfortunately the user friendly non-Apple alternatives like Google devices and services are dramatically worse than Apple’s when it comes to privacy.
Years ago when I was still giving Android a chance I found that things like banking apps refused to work if I loaded a custom ROM or IIRC even if I enabled superuser access on the stock ROM. Those things are probably even more tightly controlled now, so de-Googled Android doesn’t seem worth trying again.
Too bad other truly OSS mobile options are in their infancy, heck I couldn’t even get all the drivers configured stably on a work provided laptop with Linux support supposedly validated by the manufacturer. It could be years before we get good OSS phone and tablet software, if it ever comes at all.
Both Apple and Google guarantee you a total _breach_ of your privacy: They are known to share most or all of your data, that's on their servers / comm lines, with branches of the US government, en masse, pursuant to agreements or compelling arrangements. This is the PRISM program, revealed last decade by CIA whistleblower Edward Snowden.
As for other uses of your data, and what they "send back home", there you might be right about the differences between Apple and Google, but I would again not put faith in either.
.site-content .post has `overflow: hidden;`, .site-content .entry-content has `max-width: 965px;`, and .wide-content has `margin-right: -34.0740%;` Disabling the margin-right or, preferably, the max-width rule will fix the layout. Or make your browser less than 1700px wide.
(Crazy rats nest of CSS rules, I assume this is a wordpress/wordpress template thing.)
Ahh, just saw this after posting my comment. Yes, it appears that at 1700px or greater it cuts off text. Shown in this video: https://cs.joshstrange.com/BB60xzBW
Unlike most writing about politics, the article isn't arguing that 'those are the bad people over there'. The article describes a current aspect of reality and how it came about, and suggests a way of responding to that reality.
The right way to respond to this reality would be to stop UK government from being insane by electing a more sane government. Stopping using iphones is going to help only for a short term - once encryption is de-legalized, they will come for everybody who they deem worth coming for, sooner or later. If it'll require introducing licenses to run encryption software and mandating key escrow, they'd do that. Yes, you still would be able to sneak in encrypting software on USB drive hidden in your... let's say, pocket. But the mere fact of using it would make you a criminal then. That's the natural progression of where it is going, unfortunately.
UK government had been consistently working in this direction for decades. It's not "on a whim", it's a known and consistent policy, and yet there's no substantial resistance and pushback. The only reasonable conclusion is that the majority of the population is OK with what's going on.
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
I don't think there's any blaming of Apple going on here. This is about dealing with the practical realities of the circumstances for people in the UK.
Wrong or painfully naive. Politics has to deal with realities. If the net wasn't engineered to be resistant to censorship, we probably wouldn't even be talking accross borders right now.
It must be nice to live somewhere that has politicians that represent the will of the people enough to have a take like this. Where I live, your vote only counts if you have enough money.
My peaceful, law abiding neighbors were taken away by ICE thugs in a totally unnecessary military style raid in my upper-middle-class suburb. Absolutely no due process. Their autistic, profoundly disabled child was left alone, scared and unable to understand what was happening. After over a month of detention, the neighbors were released. Turns out they weren’t so dangerous after all.
Not Vietnam, Iraq, Afghanistan, Ukraine, Palestine, the actual German Holocaust, or anything else, that's for sure, right? My life was never impacted by any of those.
What a completely selfish and myopic view of politics. Do you not watch the news? Also a very bad reading of history, thinking all those bad things like 1930s Germany can't happen here when enough people let it happen.
Because no matter who they vote for, they get this. The previous ruling party hasn't had a real primary since 2008 (and didn't even go through the motions in 2024.) H. Clinton makes a fairly good case that even that one was fixed (because they knew the best horse to bet on.)
No matter who you vote for you get Hillary Clinton's governance, though. She's become very complimentary about Trump's foreign policy.
If I get up in the morning and say "time to get out of the house" I am not blaming my house for anything; I am simply articulating that I want or need to be somewhere else, for whatever reason.
Eh, the whole "de-Brand" lingo comes from "de-Googling" which has unambiguously blamed Google for the act. The use of the same type of terminology automatically implies the same set of circumstances.
When you say "time to de-CocaCola" while all soda products are susceptible to a certain health hazard, you can't say "Obviously, CocaCola isn't being blamed here".
The analog of your example would be "time to get out of the cloud" for the article.
> the whole "de-Brand" lingo comes from "de-Googling"
Which no doubt stems from more practical usage, like "de-worming". That does not imply that there is blame to go around. You are not blaming the worm — you just want rid of it because it is not something that is working for you.
The issue is specific to Apple! IIUC they're the only mainstream cloud storage provider that provides E2EE, and I'm sure many of their customers chose them over their competitors for that reason.
I does not in the slightest. Rather, It suggests it's time to start removing Apple entanglements from your digital life, for reasons that are described in the article.
England has been speedrunning the dystopian surveillance police state for a while now, through numerous governments. Voting is pointless.
Same (but different) in Denmark where politicians vote to give themselves more money[1], snoop on everything[2], violate our constitution unpunished[3], delete evidence of corruption[4], open the borders[5], etc. etc. etc. I used to care - a lot - I really did. But I'm done.
In general, if voting had the power to change much, it would be illegal. Rulers allow voting to change a few things, but never the things that benefit themselves.
Might come across as pedantic, but its important, "the UK" not "England". Confusing the two can upset people, especially those from the rest of the UK.
Personally I do not think its just the UK and Denmark, its pretty much everywhere.
The surveillance laws are all UK wide AFAIK. Some policy with regard to policing is devolved so there might be some small differences in how they are applied, but it is essentially just as bad.
Did you read the article? She doesn't blame Apple.
Sixth paragraph: "But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me."
I don't understand. Apple is being forced to disable E2EE due to UK legislation. This legislation does not just apply to Apple, so presumably any service you switch to (e.g. Proton was suggested in the article) will be subject to such orders as well.
Seems like it is time to de-Britain, rather than de-Apple.
De-Appleing is very difficult if you have a family using iCloud Photos, music, drive etc.
Looking at the list, perhaps moving documents off iCloud Drive (to where? Dropbox? That isn’t E2E is it?) and Notes is enough.
Do I really care if my photos are E2E encrypted? Most of my photos are in Lightroom cloud so those are not anyway.
I don’t use reminders or Freeform or voice memos, and I couldn’t care less about safari bookmarks. If I move off Drive and Notes, I don’t really care about iCloud backup either.
Is this sufficient? My notes will go to Obsidian (except some disposable shared ones) but where do I move my documents if not on iCloud Drive? Is Dropbox any better?
> De-Appleing is very difficult if you have a family using iCloud Photos, music, drive etc.
Although this is just anecdata, I moved my senior parents from iCloud Photos to Immich recently and their response was something like:
"Wow, the new Photos program on the iPad looks nice!"
For them it works out fine, since their use-cases are checking out vacation photos by scrolling the timeline and also occasionally clicking on the "memories" from N years ago. Helps that the app icon is very similar, too.
Ok, I was going to ask, but taking "yes, that one" seriously I suppose confirms the author is the actress Heather Burns best known for playing the best friend role in a string of successful romantic comedies.
She might be, but it might also be the case that there are so many actors, to be "well known", you need to be in the 0.001%
I probably have seen movies with her in it, but I have no recollection of her as an actor. I did recognize her husband as Samir from Office Space, though I couldn't tell you his name.
I don’t think you have to go that far backward. You can get a QNAP or Synology NAS, a storage VPS and use syncthing. I don’t even have the NAS yet, just a Pi with an external drive and I’ve gotten pretty far.
The part I haven’t been able to crack is syncing the Documents folder on my iPhone. All the syncthing apps for iOS are abysmal because there’s no real background sync. You can add a SMB share in the Files app, but that doesn’t get you offline access.
> you learn that physical media has a limited shelf life.
Their point is that physical media itself has a limited lifespan.
You need to continuously "refresh" it every 1 to 10 years, depending on the physical media you choose, or it's most likely corrupted. I've lost many HDD, SSD, SD cards, and about 50 "archival quality" DVD/CD to time, with all manufacturers having somewhere around 3x to 20x exaggerated claim of longevity. I'm guessing their numbers are based on some temperature/humidity controlled marketing BS, rather than anything resembling reality.
SD Cards are the saddest. I've seen many older members of my family shed tears when they pull out their SD cars they carefully stored in a drawer/safe, and they're junk. Charge drift be a harsh mistress.
Apparently she's so thoroughly de-Googled and de-Appled that the page doesn't display correctly on Chrome on MacOS on my machine, cutting off part of the text on the right margin (manages to render correctly if I resize the window to a smaller width however)
We need to make it easier to work with client-side encryption. Keys on the devices, ciphertext in cloud storage.
I was using CloudMounter to do this, but the software was unfortunately a bit rough around the edges and didn't feel as reliable and seamless as the other options.
These days I have some hacked together tar + PGP scripts for encrypted backups, but still rely on iCloud + ADP for the rest.
UK Govt. stupidity aside, Apple could allow iOS users to switch their backup provider from iCloud to other services or backup targets. But they won't because they want to continue to grow their services revenue.
Isn't Apple taking UK gov't to court over this, and the reason they have abandoned encryption for everybody is to avoid being forced to provide backdoors. On this you should be on their side, not against them.
If Apple was transparent, I would be. But they are user-hostile and trust the federal government more than their customers. Apple is on-record[0] admitting that the US government requires them to their cover-up cooperation with surveillance. After decades of users demanding proper accountability from Apple, this is exactly what they warned would happen.
You have no right to demand that I take their side - Apple's disregard for privacy nauseates me. Everyone who sincerely trusted Apple to protect them against the fed is a lost cause. Go ask Apple to save you.
You can de-Google, de-Apple, de-Microsoft, de-bank, de-whatever, go live off-grid in a thatched hut in Sherwood Forest. But the government will spy on you all the same.
Recent history of Apple vs. sovereign states is a real time vindication of Polanyi. Capital is always subordinate to the state (even if it proclaims to be the opposite).
the international monetary fund has every state in debt. some third-world countries become subordinate to it, when they're not able to pay the interest payments.
ADP means that you own the encryption key to the data and Apple can’t access it, so Apple being able to turn ADP off by itself would invalidate the whole point of the system.
In theory, sure, but that theory surviving practice (e.g. a G20 government bearing against it) is meaningful. E.g. they could push an OS update to automatically turn off ADP for impacted users, but they aren't.
IMHO Apple is actually being honest here. They cannot legally operate in the UK without providing a back door, so they are dropping the claim of ADP in the UK. This is letting the user know what's up, and might also help inspire a backlash against these laws. Apple needs to make it clear that they are being forced by UK law to degrade service.
Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
I'm sure there's services out there that will secretly comply and still claim to be secure.
There's also a lot of companies that will simply abandon security features like ADP or never develop them. Apple is going to the trouble of disabling it only for UK people not everyone, instead of just deprecating it. The latter would be less expensive and expose them to less legal risk.
If you really want security in the UK now you have to roll your own and do the encryption yourself. Honestly that's always the best security, since you can never be 100% sure a closed cloud or software vendor isn't messing with you.
> Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
It is also maybe a good thing? Corporations should not be stewards of our rights, we do not want to be governed by tech-barons.
The problem here lies clearly in UK's laws and government and they cannot be fixed by Apple. The West in general is in this crumbling state, where we take corrupt bastards chewing off our rights for a law of nature, instead of getting furious. France is the only western country where people dare to really protest.
It's unfortunate that gross government overreach and corporate cooperation with it is what it takes for people to even recognize the concept of data privacy and data ownership is a thing, much less that they should do something about it and that their data is and never was "safe" in the cloud, no matter which corporate overlords walled garden you called home. Apple has never been an exception to this rule.
this is an article about why you shouldn't live in the UK. I always think right-wing news makes it sound worse than it is.. I have a feeling it's truer than not.
I have a new device for you guys it’s cheap it’s better than your iphone and there’s no wait period once I release it. It’ll be ready in 2 months no pre order needed.
the people are a lot stupider than the politicians. sorry but it needs to be said.
as for the MPs, theyre ok. not as stupid as most think. they are very self-interested and not in the business of 'rocking the boat'. strongly prefer managed decline than any risk taking that could result in things going sideways.
its easy to critique but truthfully the UK is structurally in a dead end (well ok, maybe not... but it does feel that way). but things could be a lot worse, and many don't appreciate that reality. having clean tap water and paved roads is pretty damn good for a country held up by fintech and scraps of last century's industry.
people calling for reforms have no idea what they're in for. Thankfully Reform was deployed together with Nigel Farage, God bless him, rolled in to do narrative control and provide a safe and controlled sponge for dissent. That guy is a 'fixer' for UK political radicalism - every time the crowd starts to have funny ideas, he magically appears and slowly but surely everyone goes back to their £32k/year jobs. I think he's 'retired' from politics thrice now.
truthfully, nobody does politics better than the Brits. but then again, they invented this game to begin with!
Just to clarify, she's advocating people stop using Apple, quite literally the only big tech company with a slightly better focus on privacy compared to all the others and with a reputation for saying no to the latest authoritarian power grab by the UK government?
No, she's saying that due to UK legislation that Apple will no longer be allowed to offer e2ee and it's time to start moving your data off of their cloud services before you're forced to turn off ADP.
It's not an article about advocacy so much as the pragmatics an upcoming data migration.
Yes, she's advocating people stop using them for a few services if they require e2ee for those services. Why? Because apple will be removing e2ee for those services. She is also clearly advocating not to use another big tech company for those services. Source: TFA
Maybe this was intentional by the author to annoy Mac users, but the word/line wrapping is broken on the latest Firefox on the latest macOS: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0
> please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
That's the message. It's high time. We can what-about-argume about what's E2EE and what Apple "pinky promises" isn't used or sold but the reality is that anything seated in the US may as well be a publicly open http for the right buyer (be it the US government, Saudi Arabia, Israel or whatever...)
Especially if you're in charge of customer data, you can't "just" setup something on a EU server if the corp is based in the US, those days are over now. You need to do the legwork.
De-appling is easy. I just don't have anything from them. Apart from the work laptop, but that is a problem for my employer, not me.
De-googling however is extremely hard. I have been slowly chipping away at it, but there are things I just have no decent option to (such as Waze and Android Auto).
Android itself is another problem. I have high hopes for a Graphene device.
De-Googling is also extremely easy, I haven't had a Google account in 10 years, I use uBlock to block the ads, DuckDuckGo for search and a Youtube app that downloads from it instead of using the website.
Perhaps the only thing I use directly is Recaptcha.
It's easy to use a different calendar, search engine, etc, but it's far from easy to use an Android device without Google Services. Can be done, but banking apps, contactless payments, etc, become painful or impossible.
this is not practical or desirable in my view: de-google, de-apple, de-meta, de-aws etc etc etc
What next, become stone masons? nah, that's too corporate, pick berries instead ;)
Come on, what happened to moderation, discipline and planning? How about use what you need, hedge your risks (mix providers, products), be more proactive than reactive to demands for consumption?
Make intentional, rational, specific decisions about which people and companies to support with your hard earned cash based on alignment of values and interests.
its entering another country that suddenly becomes a real problem, and ofcourse, if you're in the UK, the only country worth moving to at that point is the US with (as I understand) quite stringent immigration restrictions.
in reality, if the US were to open their doors to the UK, holy moly - this entire country would turn into Ukraine overnight, with nobody but pensioners left. which actually isn't in either governments interest: obviously not the UK, but infact, the UK presents a source of cheap labour for the US: read any hackernews thread concerning tech wages in the UK, the comments are hysterical/diabolical ("you make HOW much!?" - "A fast food worker makes more..." - etc.)
so, the current state of affairs is probably a good business arrangement for both parties involved, and aren't gonna change any time soon.
No need to leave, move up north and wait for all the shenanigans to blow over. Hard to be annoyed at the government and the corporations when you're walking through the Yorkshire dales on a sunny day
Not as many easy paths anymore for a British worker, tech or otherwise, thanks to The Foolishness.
And the most popular choice -- the USA -- is off the table for the majority of Brits, I think, who cannot comprehend The Other Foolishness. (Mind you, the ones it encourages... I hope they follow their hearts)
That is straightforward to the point that a British citizen can just go there and work, even go there and freelance.
(I have given it some consideration myself.)
Generally speaking, though, it's not a route Brits take in huge numbers, for legacy reasons. Though plenty investigated their potential for citizenship.
From the article, I'm suprised at this unusual twist:
> What about that second TCN?
> On the 1st of October, the Home Office issued a second TCN against Apple for the same as before, but only for _British citizens’_ data. World-leading!
> Those who follow my work know that this phrase made me spew a double barrel of Glaswegian swearing. British citizens’ data, as opposed to British users’ data? The dividing line here is not e.g. being located in the UK or having registered an account here, but what it says on your passport? How is Apple going to know that, much less roll it out? (/s)
> Did Apple just publicly state that they’re going to be removing a security layer and adding a nationality check layer?
> We don’t know.
> We don’t know because as with the first TCN, that information only became available in the public domain due to someone leaking it to the media. That’s all there is to know. Everything else is confidential and NCND. There is nothing else to say because nothing else is known. If someone who did know something was sitting across from me right now, and they told me, they would be committing a crime.
Does that mean my non-UK citizen friends who are resident in the UK now have better privacy rights than UK citizens in the UK? Does it mean it's better to remain only a resident, than to attempt to obtain citizenship in the long run?
I know this is a tangent but honestly, this is why the Google decision to de-openify Android is insane even from Google's point of view. Who would want to be an iron clad gate keeper when the world is descending into authoritarianism? You just paint a giant target on your back for the authoritarians to come after.
If Apple had supported open iCloud alternatives for backup and other services from day one, it woudn't even be a discussion now. The UK probably wouldn't have thought of the idea of mandating against E2E encryption because it would be self evident it would actually just churn people to alternatives where they have less leverage and visibility. But Apple couldn't resist bricking up the walled garden and now it's hostile to both them and their users, and to be honest, everyone on the planet since it is obvious that once this happens in the UK it will be silly for every government everywhere not to follow suit.
Who would want to be an iron clad gate keeper when the world is descending into authoritarianism?
Powerful people don't think this way. They think they can leverage the authoritarian regime to their own advantage. They're biased to ignore risks and seek out opportunities. That's what got them to their position of success!
They ARE the authoritarian regime.
This myth that capitalist perpetuate that the rich are not the government is the best lie out there.
The rich are the government. They are the national interests, countries' industries' is their property.
They are until they aren’t. Look at the Russian regime. Even billionaires could find themselves on the outs. All that money and to live in fear of open windows.
Yeah there was this great cartoon many years back where a guy is on his computer and the FBI is looking over his shoulder at his screen. A character named 'Facebook' is pushing him aside and says "Let me show you how to do it". When you look at the cartoon for a minute or so you see in the shadow in the back of the room this robot labeled 'Google' and he's just quietly observing.
I think the fact that Apple is having to fight this fight is evidence of why they were right to make a secure walled garden. I don’t know of any other service I would recommend my mother use for securely backing up her phone.
I think the UK is ultimately going to roll back this law. I don’t think this means that iCloud E2E is hostile to Apple or its users. I think Apple is going to win.
The war isn’t won by telling people to use GPG https://moxie.org/2015/02/24/gpg-and-me.html
> I think the fact that Apple is having to fight this fight is evidence of why they were right to make a secure walled garden
Would you mind explaining? I don't see how that's evidence.
yeah guys, we don’t win by using free and open technologies, we win if we all buy {NAMECORP} devices, that’s true victory right there, backed by a real warranty, that’s what grandma wants
This whole idea of conflating a closed system like Apple has created with authoritarianism is silly. If anything authoritarianism is the UK trying to force Apple to open up (so they exploit it to monitor their citizens).
Apple created a product, not just the iPhone but a whole ecosystem that’s supposed to help the user feel secure. There’s isn’t the only product out there and as long as they’re not preventing new competitors, everyone needs to back off.
> Who would want to be an iron clad gate keeper when the world is descending into authoritarianism
The gatekeepers.
Android has been a fraud for a long time now. Let's not pretend that the "open-source" mobile OS that was supposed to free us all from vendor and telco tyranny ever approached that promise.
Did they even really try?
As far as iCloud "alternatives" go... Android doesn't offer ANY legitimate syncing infrastructure to compete with iCloud, open or not.
You can install syncthing-fork or nextcloud
Neither are legitimate competitors to iCloud
In some instances, nextcloud is better than icloud
I switched to Android from iPhone because the sync options for iPhone are garbage.
You can sync a backup over webdav on GrapheneOS.
> If Apple had supported open iCloud alternatives for backup and other services from day one, it woudn't even be a discussion now.
You think the OS vendor is unable to snoop on data written to 3rd party clouds from their devices?
If they leave backdoors they will eventually be known.
Chances are the UK government would require them to create that backdoor for them, and Apple would publicize that (implicitly, if the UK government would also forbid them to tell it explicitly)
simply i will be starting using Linux distributions on the devices which support them. Usually the gsm wcda etc are too much buried in patents and mostly closed source, but eventually how android bloomed initially as it was open source. I believe one day Linux will be there and again google and apple can have something to worry about and they will again open. One major thing is why google allowing people to use Linux apps on their android 16-17 by default i guess is because of this.
I mean, I think the answer to this is the very simple: they think it will lead to more money.
I'm sure someone in a board meeting saw something about GrapheneOS and LineageOS and Cyanogen and feels like if they de-open Android, some (or most) of those users will move to vanilla Android, and that will lead to profits.
I'm not saying that they're right about this; I think ultimately very few (if any) people actually know how to run businesses and it's all about giving an appearance of maximizing profitability, and as long as it leads to a potential short term stock boost then these executives get their huge bonuses and they can just blame the next guy when things break.
This isn't really theoretical; look at how Jack Welch took one of the most respected companies in the world, more or less integrated ponzinomics to temporarily bump the stock prices, and 20+ years later GE is kind of a joke and isn't even on the S&P500 anymore.
I don't have exact numbers, but I'm sure Graphene, Lineage, and all of the mods combined are much less than 1% of all android users; as well as these customers being less profitable than average as a marketing target.
Posting this from my lineage phone.
I don't dispute that at all. I don't think it matters, it just needs to look like they're doing something to avoid forks and the like.
That said, there might be stuff that's actually using open source Android for profit. For example, the Nook Glowlight Plus, which runs a modded version of Android, doesn't appear to have any direct or even indirect references to Android anywhere (and I had to contribute a bit to the discourse to even get the rooting to work [1]). I have no ideas about the inner dealings of Barnes and Noble, but it wouldn't surprise me if they're running a completely forked version of FOSS Android and aren't paying a dime to Google for it.
I suspect these are the things that Google is trying to crack down on.
[1] https://www.mobileread.com/forums/showthread.php?t=360563&pa...
Yes. They have 99.9% of the mobile phones.
The phone was the end of open computing, the tech companies obtained an iron grip on the platform, this time with fully accepted total monitoring and data collection down to everything you say, hear, everywhere you go, and with smartwatch biosensors, everything you feel. The only thing left is to get smart glasses and they will know everything you see. Smell they can probably interpolate.
It happened over a decade ago, and that might as well be 100 years ago in modern attention spans. All the governments have to do is pay the companies money, or simply force-legislate, or threaten under the table for all that info, and for permanent forever access to active tracking and monitoring.
AI provides all the analysis they need to watch the firehose. It's all there.
At this point it doesn't matter if an alternative comes. It'll be such the minority, that the social graph will fill all the holes. And they can simply track your IMEI regardless from the towers, listen in with other nearby microphones/phones. There is no escape.
All that remains is for the key to be turned for worse-than-1984 authoritarianism. It's right there, ready for the AI-empowered 50% of consumption controlled, 90% of stocks owned oligarchy to use.
Open computing still exists. It's just overshadowed by the prevalence of locked mobile devices because those are convenient and good enough for the vast majority, who would rather use those than a less convenient desktop, laptop, or even raspberrypi.
Surveillance on the internet is challenging to avoid, but internet surveillance and tracking doesn't extend to (outside-of-browser) local compute.
The tech bros are of the opinion that they can ride the rising authoritarianism like a Fremen riding a sandworm.
lol
Tech bros helped Israel genocide Gaza. Tech bros are pro-authoritarianism.
Lulz! You've been conned! Hamas started the war, and Israel taught arabia a lesson that it doesn't work. Go team yahweh, they crushed the opposition!
Taking inspiration from the East India Company, Apple should colonize the UK and take over the government - the iGovernment, if you will.
Citizens will regain their right to e2ee privacy, they will not have to deal with voting for mediocre politicians to lead them. Instead, Tim Cook will be their new leader, and every morning over the mandatory installation of HomePods in each home, citizens will be greeted with an ecstatic "Good morning!" to get them energized for the day ahead.
Voting will be done via iPhones, where FaceID will verify the eligibility of the voter before the vote has been submitted.
Wanted to go shopping but iPass wouldn't open the gate on account of insufficient prostrations before the Steve Jobs iShrine.
Should have gotten a multi-pass.
Leeloo, is that you?
Either way we’re totally cooked
Tim Cook'd
I have wondered why the likes of McKinsey, KPMG, and PWC do not put up candidates (don't even sponsor them, just say you're electing _well known consultancy_).
1. Why would McKinsey etc be interested in a well-functioning government? Best argument I have is that if the economy grows then government (and private) spending on consulting may grow.
2. Note that the consulting firms already managed to get the legislation they most cared about – creation of the LLP as a kind of entity – despite not having any candidates
3. If the government is too associated with a big consultancy then (a) they may be pressured out of giving them contracts (not good for McKinsey!) and (b) failures by that consultancy will be highlighted more than usual in the news (also not good!)
4. I mean plenty of people would go through the consultancy meat-grinder before becoming politicians. If you are training juniors to think similarly then that may carry over after they leave.
This is basically Pete Buttigieg
* 2007-2010 3 years at McKinsey * 2009-2017 8 years in US Navy, including deployment to Afghanistan
Not that much McKinsey imo
Mitt Romney had a lot more years at BCG (22 years), including being VP + co-founder of Bain Capital.
They all absolutely do. All capitalist parties are heavily funded by industry of some sort.
That was basically Rishi Sunak, but going beyond that voters really hate it when you make the corporate control obvious.
However, they don't ask questions, so one layer of money laundering is completely fine. Nobody asks where the funding for Farage's various projects comes from, for example.
maybe they do?
you just don't hear about which candidates are theirs
That sounds like a nightmare.
"Here is my 300 slide pack to explain why you should vote for me"
and that is how we got the "theys tells its likes it is" candidates.
Because they can milk either side. Gov needs private partnerships as much as the privates need their money.
What's the catch?
Could be a good short story.
“This year, we’ve completely redesigned your governmental doctrines from the ground up - increasing governmental synergies by 700% compared to the M1 chip…”
“Introducing, Apple Governance, a truly magical experience, and the best government Apple has ever made!”
Our plan is to install our government under the tyrannical rule of a dictator, then fire that dictator, slowly collapse for a dozen years, and then rehire the dictator. Then we just sit back and let him cook.
Very clever image and caption (right at the bottom of the page)
> Header image by me: Alan Turing memorial, Manchester, where he reminds you why keeping data private can be a matter of life and death.
The image shows a close up of a statue of Alan Turing, his hand holding an apple.
https://en.wikipedia.org/wiki/Alan_Turing#Death
The very Wikipedia page you link explains in great detail why, although we can never know for sure, it's actually unlikely that he committed suicide, and more likely that his death was an accident.
The suicide story will probably never go away, because it's too good a story. It fits so neatly into popular culture.
I read that section word by word and I honestly don't think it "explains that it's actually unlikely that he committed suicide." The opinions are diverse at best.
Even if he didn't kill himself and even if it was an accident, he still was very much fucked over by the British government. They stripped his security clearance and made him a felon and made him take female hormones. This guy cracked the uncrackable code and basically (co)invented Computer Science, but all they cared about who he had sex with.
From the wikipedia article: > Turing may have inhaled cyanide fumes from an electroplating experiment in his spare room
How would he have put himself quietly to bed if he had gotten a fatal dose of cyanide in the spare room where the electroplating was taking place? Wouldn't there be very fast respiratory distress?
A highly acute dose could kill in seconds, but a lower dose can cause confusion, headaches, dizziness and more prior to inducing a coma and death.
It is not outside the realm of possibility that he became confused and in pain, decided to lie down to sleep it off, then died in his sleep. My own father in law suffered a significant blow to the head and, despite knowing all the signs of a concussion and what to do about them, got up and slept it off- the very last thing one should do. He was simply too confused to do anything else.
His story had a happier ending than Alan's, but it goes to show that the accidental death theory isn't implausible.
> While it is common advice that someone who is concussed should not be allowed to fall asleep in case they go into a coma, for general cases this is not supported by current evidence.
https://en.wikipedia.org/wiki/Concussion
I recommend reading his nephew's biography, Prof. He makes a strong case for why it was probably suicide.
From the article:
> Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
I don't understand the core of this advice. So if you're in the UK and do all the above, can you suddenly get similar E2EE cloud storage from a different provider without a UK government-mandated backdoor?
The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Not that there aren't other reasons to be skeptical of American companies' right, but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
> but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
Right. This, right now, is 100% a UK problem. De-Americanising your tech stack isn't going to fix the political issues domestically. Hence Apple pulling ADP out, they made the choice of not complying with the UK and not offering the service instead of compromising the service for everyone else in the world.
UK citizens need to direct their attention inwards against their own government.
Oh yes, the UK is very keen on Reform. Reform in this case however is the death rattle of a long dead empire.
“Death rattle”? More like “zombie groan”.
Last time I was in the UK, the news (BBC) was bizarrely 90% American politics. Trump this, Trump did that, etc. People there knew American politicians better than the people who actually represent them.
Why “bizarrely”? The US has enormous influence on many countries, Trump’s actions are newsworthy in many places.
If the UK news is made up of 90% US politics, and 10% UK politics, then I would say that is definitely bizarre.
Knew American politicians better or the BBC's manipulative image of them?
> There is no European alternative that is any safer
How do you figure that? If you're worried about your privacy in the UK, keeping your data in a Five Eyes country cloud provider is a very bad idea, arguably even worse than keeping it in a UK cloud provider where it becomes a domestic legal matter where you at least get a day in court, not a foreign intelligence matter where you don't. And the US is a pretty bad place for anyone's data given a) its lack of robust privacy laws (and large commercial data-trafficking ecosystem) and b) the National Security Letter system.
While there is no perfect country, somewhere like Germany or the Netherlands seems a much better bet.
>The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Disagree. Australia and also likely Canada have identical these laws. And once the capability is in place, its likely that the US can all writs access to the same tool. Apple is unique in that it has a semi legal canary, in choosing to withdraw the services instead of complying.
You cant trust any tech company that remains located in the 5 eyes nations.
I am not aware of good alternatives, but worst case you can run up a VPS with Owncloud or something.
It's not a backdoor per se. UK just banned using E2EE (at least for Apple users' data). I don't think though they can ban E2EE in general - like, if I upload a binary blob to a data store, how would they know whether it's encrypted or not? Short of banning all strong encryption completely (which even UK yet is not stupid enough to do) it's not possible to prevent. But they did not build a "backdoor" into encryption - they demanded that, and Apple refused, so there's now no encryption at all for UK users. There's no door.
They are just going for service providers that make E2EE easy for users - clearly betting on the fact that people they want to surveil would be too lazy/incompetent to use a custom solution providing strong E2EE encryption. And they may be right - most iphone users would keep using the same services even with the knowledge that the data is now widely open - and eventually of course will be breached and available to every kind of criminal, as it happened many times already with other massive data warehouses.
But I believe even is the UK you still can encrypt your own backup and upload it, e.g., to rsync.net and nobody would be able to stop you. Just most people won't.
> banning all strong encryption completely (which even UK yet is not stupid enough to do)
What we have in effect today (ban of E2EE, chat control) was laughably impossible to conceive just five years ago.
ttyl
E2EE cloud storage is not some kind of magic that only tech bigcorps can provide. I de-Dropboxed a few years ago, replacing it with Syncthing running on a local NAS with e2ee backups in Backblaze and Wireguard VPN out to my mobile devices. Sure, this is not the sort of thing most people can set up for themselves, but I don't think that's particularly relevant in context.
Syncthing and e2e is great but the issue is that the law force you to give away your phone and your password if asked. Meaning, they have the encrypted data on your phone and the password to unlock it.. same for computer ofc.
If you're in England and have to keep things secured (including from government eyes), i have no idea how you can do. They soon will be allowed to put a camera in your small room and watch you take a dump.
Memorize a long passphrase for encryption, dont keep it anywhere and when forced to give it up, say "I forgot it". This is partly a joke but only partly.
Unfortunately for the vast majority of people, it absolutely is some kind of magic.
My new high-privacy, high-control data management solution revolves around pen & paper. As far as I am aware, these implements have not yet been banned in the UK.
I don't know why everything must be digital. If you don't put it on a computer, it's almost as if it doesn't exist. If you do this often enough, it is almost as if you don't exist.
In the latest Janus Cycle video he explained how he started carrying an IBM WorkPad c3 around to manage his contacts and appointments. I found that a great idea for people like me that struggle with deciphering their handwriting an hour later.
I've thought of going back to a palm pilot for the same thing. There are tons of Handspring and Palm Pilot Tungsten versions on ebay for under $40.
I believe the Palm T2 and T3 had bluetooth so would be interesting if you could connect the two to keep contacts and appointments off your smartphone. I'm seeing Handspring Treo 650's for under $100 as well.
Party members were supposed not to go into ordinary shops ('dealing on the free market', it was called), but the rule was not strictly kept, because there were various things, such as shoelaces and razor blades, which it was impossible to get hold of in any other way. He had given a quick glance up and down the street and then had slipped inside and bought the book for two dollars fifty. At the time he was not conscious of wanting it for any particular purpose. He had carried it guiltily home in his briefcase. Even with nothing written in it, it was a compromising possession.
The thing that he was about to do was to open a diary. This was not illegal (nothing was illegal, since there were no longer any laws), but if detected it was reasonably certain that it would be punished by death, or at least by twenty-five years in a forced-labour camp. Winston fitted a nib into the penholder and sucked it to get the grease off. The pen was an archaic instrument, seldom used even for signatures, and he had procured one, furtively and with some difficulty, simply because of a feeling that the beautiful creamy paper deserved to be written on with a real nib instead of being scratched with an ink-pencil. Actually he was not used to writing by hand. Apart from very short notes, it was usual to dictate everything into the speak-write which was of course impossible for his present purpose. He dipped the pen into the ink and then faltered for just a second. A tremor had gone through his bowels. To mark the paper was the decisive act. In small clumsy letters he wrote:
April 4th, 1984.
Because no US corp can promise you true E2EE. Even an app like Signal - are you sure the version you're getting from the App Store is always the one with "unbreakable E2EE"?
With Signal they provide a toolkit you can use to verify that the checksum for your App Store download matches that of the public build or one that you compile yourself.
edit: This is apparently currently not working for Apple and MS builds.
https://github.com/signalapp/Signal-Desktop/blob/main/reprod...
Why compromise Signal when Apple is an American company
I'm sort of out of the loop as a US citizen....Does the UK really have the ability to enforce every E2EE storage solution on GitHub to comply?
Even if you monitor downloads, every VPN, every ISP..... can't I copy paste the source code?
Isn't SFTP already E2EE? They're not going to come down on SFTP....right? I really hope not...
The simple answer is: Money.
If you're making money in the UK, they have a lot of legal authority over you.
If you're based in the UK, they have a lot of legal authority over you.
If you're neither of those things, they might complain, but the actual consequences are close to nil.
And they're not banning the tools (this is arguable, but they "can't" logically, as you point out). They're banning businesses from providing the tools.
Thats reassuring...but still frightening, just less so I guess.
Most of my homelab is self-hosted (Cloudflare and Tailscale stop me short of saying it's 100%, plus an Oracle VPS for a Minecraft server if you count the WHOLE stack I guess)...and you tell yourself its 'better to own your own data' or whatever your personal mantra is, but it's bizarre to see this play out
The UK (same as the US) has lots of extra territorial laws. Enforcing them is another matter.
It’s easy to make Apple budge because they have money ties to the Uk.
This works less well for unsavory websites not complying with UK law. See https://prestonbyrne.com/2025/10/16/the-ofcom-files/
# Encrypt a file openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc
# Decrypt openssl enc -d -aes-256-cbc -in secret.enc -out secret.txt
Wow that was hard.
You may think you're being sarcastic, but you are just stating a true fact here. For about 99.9% of this planet's population, it's not just hard, it's something they'd never ever know how to do and have no intention to ever learn. Like it or hate it, but that's what it is.
And, for 99.9% of people who know how to do that, they'd still be too lazy to do it properly (hint: where do you keep secret.txt exactly? What happens if your dog eats it?) and will use some third-party solution instead.
> where do you keep secret.txt
Reminds me of using Ansible Vault and preciously encrypting every secret (so we can say that repos doesn't contain any secrets), then just putting ~/.vault_pass in plaintext on every Ansible controller to be taken by anyone with access to the servers.
The author of AGE has a great point in the below blog post [0]:
0 - https://words.filippo.io/age-authentication/> it's something they'd never ever know how to do
There are hundreds of millions of people who have memorized megabytes of baseball statistics, pop song lyrics, celebrity relationship trivia, vehicle model data, sitcom character biographies, comic book plots, makeup shades, travel routes, mixed drink recipes, MtG card modifiers, etc.
At a certain point, one has to realize that pulling the "normie card" is not a viable excuse, given the wide array of knowledge that humans routinely pack into their brains.
>where do you keep secret.txt exactly?
Hidden. Encrypted. And the passphrase is: at 5,21 which is the 5th line on page 21 of your favorite book. Which you have more than one copy of, because you like it that much. And you need copies to lend. Or you have the PDF from Gutenberg.org?
And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
It might be a favorite quote, like "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Augmented by the above date if needed?
Hidden where? Are you writing it on a post-it and putting it on top of your screen? Are you keeping it in your wallet? In a safe? What if you lose it or your house is flooded?
> And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
How sure are you that you'd remember all that scheme for 20 years? How about 50 years? Some documents may be relevant for a very long time. What about if you need more than one key? What about if you need to give access to one document to specific set of persons?
Once you consider all the scenarios that can happen through a lifetime, you start to understand why managing all those complexities correctly is not trivial. And that's why people pay third parties to do it for them. It's not because encrypting a bag of bytes is hard. It's because of all the things that surround it.
> And the passphrase is: at 5,21 which is the 5th line on page 21 of your favorite book
Yeah, it's one of those things that you'll forget in N years. That's exactly what prompted "where do you keep secret.txt" question.
Some people are lucky with memory that works extremely well with numbers. My memory is average but when it comes to numbers, I remember serial numbers of certain products, enrollment numbers etc from more than a decade ago.
HP-L170 (A monitor I bought) QW4HD-DQCRG-HM64M-6GJRK-8K83T (Windows XP key) 10396-9 (My enrollment number for board exam)
I remember a bunch of long-ago-abandoned phone numbers as well.
As of now I have to care for my (digital) backups, that is, I cannot ignore them for N years. I had to copy things from discettes to magnetic tape, from tape to hard drives, etc. I have to periodically check my backups if they are restorable. That's life.
It's the same for documents, as for secrets, which I have to transfer from one medium to another, I have to check that I remember secrets and passphrases. And places. As I already said, that's life.
The double entendre occurred to me, I don't disagree.
But the relative ease does not merely apply to users, but to the barrier of entry for alt products as well.
Consider that the current paradigm is contingent on the "blind trust" users have held in tech for a long time. It's possible that a new kind of app will thrive in a different paradigm.
For example, is there any reason we couldn't have a simple "message wrapper" which only sends encrypted payloads via SMS or Email and decrypts on the fly in a secure sandbox? Easy for the user and hard to regulate.
I think that's what Silence was (for SMS): https://f-droid.org/packages/org.smssecure.smssecure/
I'm reminded of the infamous HN Dropbox comment.
Reference: https://news.ycombinator.com/item?id=9224
Yeesh, this seems like a good example of the fact that a feature (encrypting a file) is not a product (an E2E encrypted storage solution.)
Re: rubber hose attack on cryptography.
Threat modeling is important of course. The UK government does have tools with which to punish people who don't turn over the cleartext of targeted documents once it's directly investigating them, but that's not scalable. The method the grandparent comment proposes greatly reduces one's exposure to mass surveillance, criminals, and abusive service providers.
Probably easy to do with a Mac, but iOS is a different question. Way too restrictive if you don't use iCloud.
Yes, but you'll have to trust that they haven't been issued a secret government order to implement a backdoor.
Not all of those companies will loudly object in the way Apple does.
>Not all of those companies will loudly object in the way Apple does.
This assumes that Apple has loudly objected to every government request for backdoor access and also that they have never acquiesced to any of those requests.
Hopefully pretty soon Apple will have to provide the same functionality iCloud monopolizes so you can have an equivalent service. But right now you can do an encrypted transmission to a privately-owned NAS like Synology and then E2E cloud storage provider of your choice, with the caveat that things like background syncing are strategically monopolized and no app may backup your full phone.
https://www.catribunal.org.uk/cases/16897724-consumers-assoc... (hearing in 9 days)
It's a bit like the famous HN post where somebody said that Dropbox is not needed if you have rsync and friends.
Technically this can even be correct. You can build and operate a good, secure solution for yourself if you have time and skill to build. Could make sense for a company handling sensitive data. Would hardly make sense for most individuals who are not professional SREs / SWEs. (To check how it feels, an engineer can try to sew themself a pair of pants to wear daily, or do something similarly mundane in what they are not skilled.)
A solution that can reliably work for non-experts is very important.
Sure but in this case most of the difficulties are artificially imposed by Apple, depending on how the tribunal responds to their alleged iCloud monopoly it could become as simple as choosing a compatible provider and putting your username/password in.
And as soon as you have "a provider" as a business entity, UK government can ban them from providing E2EE solutions to Apple users the same way they did ban Apple. Or the provider would just silently bend over hand hand all the keys to the UK govt.
They can't police every online server you can possibly rent, and they can't police them "all at once" like they can with the Google/Apple duopoly, all they can do is go after them one-by-one as they need access and as we see with 4chan, rejecting their assertions on jurisdiction is certainly an option.
They can't. But they can police any service that has substantial number of users. And that's what most of the people would use. So, the hardened criminals would use their own underground darknet services which the government couldn't breach, but the regular people would have no privacy at all.
> 4chan, rejecting their assertions on jurisdiction is certainly an option.
4chan can tell UK regulators to take hike because 4chan has no business presence in the UK. Any service that does want to serve UK users and is successful in doing so, will eventually find itself in UK regulators' crosshairs. For services that are based outside UK, they'd just stop serving UK users because that's the easiest way to handle it. Which is completely fine with UK regulators, in fact, that's exactly what they want - so that nobody would be able to provide privacy to UK subjects.
On personal level, you have to choose whether your priority is privacy or convenience. If its privacy, no whining about 'I want this and that and I am too lazy to rollback' is relevant.
Never trust US services, 3-letter agencies are endlessly greedy to fill your profile with another tens of thousands of data points. As do all advertisers all around the globe. As do (with various success) all other governments and private companies who have something to gain, HDD storage has never been cheaper and all personal data are worth gold and beyond.
Or if you have to use them, use your own encryption with strength to not be broken for next few hundreds of years, to stand a chance. That is, if you actually have something to hide, but I have never met a person who really doesn't :)
It seems like the real solution is de-UK'ing, a wise move for a number of reasons. Move to the continent, to Ireland, or the US (or Australia for that classic British expat experience), but leave the sinking ship. Ideally the time to leave was when the passport was still in the EU, but now is better than never.
>when you have time, clarity, and focus to do it.
i thought this a joke, lol
I have done all this. All inhad to do was provide my passport scans, fingerprints, photos of my face, phone number so now I can use tencent cloud in china! /s
Sounds more like people need to de-UK. It's going to be a problem with any company or technology.
It's more likely to be a problem with Apple (and Google) because they have put themselves in a position where they are a gateway to everybody. There are multitudes of online storage providers outside of the UK's reach and jurisdiction but 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
> 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
To clarify, by "technical limitations" here you don't mean "it's not possible with our current technology", you mean "Apple purposely blocks this".
Allegedly it's deliberate, according to a pair of legal actions they face in the UK (hearing in 9 days) and US (hearing in August 2026).
> 13.1 a set of technical restrictions and practices that prevent users of iOS from storing certain key file types (known as “Restricted Files”) on any cloud storage service other than its own iCloud and thus ensuring that users have no choice but to use iCloud (a complete monopolist in respect of these Restricted Files) if they wish to meet all their cloud storage and/or back up needs, in particular in order to conduct a complete back-up of the device (“the Restricted File Conduct”); and/or
> 13.2 an unfair choice architecture, which individually and cumulatively steer iOS Users towards using and purchasing iCloud rather than other cloud storage services, and/or limit their effective choice, and/or exclude or disadvantage rivals or would- be rivals ( “the Choice Architecture Conduct ”). See further paragraphs 6 to 9 and 97 to 132 of the CPCF.
https://www.catribunal.org.uk/cases/16897724-consumers-assoc... (via summary of ruling of the chair)
> 30. By sequestering Restricted Files, and denying all other cloud providers access to them, Apple prevents rival cloud platforms from offering a full-service cloud solution that can compete effectively against iCloud. The cloud products that rivals can offer are, by virtue of Apple’s restraints, fundamentally diminished because they can only host Accessible Files. Users who want to back up all of their files—including the basic Restricted Files needed to restore their device at replacement—have but one option in the marketplace: iCloud.
> 31. There is no technological or security justification for Apple mandating the use of iCloud for Restricted Files. Apple draws this distinction only to curtail competition and advantage its iCloud product over rival cloud platforms.
https://www.courtlistener.com/docket/68303306/felix-gamboa-v... (via document 1 the complaint)
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
Not according to the UK, lately. The problem is still domestic. UK wants to exert this control over any service a UK citizens happens to use, whether they have a UK presence or not. Same with the ID/Age verification stuff.
Moving away from Apple and Google probably is something they should do, but it's not going to be a solution to the problem of the UK government's overreach.
UK citizens need to turn their attention inward against their government.
To be clear, Apple and Google both have huge UK presence. I don't know the extent of Google, but Apple has offices with thousands of people working in them. Compliance with what the UK wants in this regard is not optional.
What the original poster does is completely misplace blame under the guise of "clever" writing - blame should be assigned squarely on the idiotic policies of the UK government.
Google has been building a huge new office in London for a bit now, with the apparent intent to move most of their EU presence there.
> they are a gateway to everybody
They are, and most time this allows them to abuse you. But what do you think happens once you that gateway is blown open, isn't your front door next?
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
What I said above means that once you normalize the situation that providers have to open the gate to your yard whenever the state comes knocking, the state will just come knocking directly at your door. In other words I'm not sure the state will stop in its pursuit of access to your data when it can just incriminate trying to evade the law by storing it out of reach.
> But what do you think happens once you that gateway is blown open, isn't your front door next?
Yes this is the way policing should work, if they think you have done something they knock on your door rather than go to Apple and Google and compromise the entire population all at once through the convenience of their monopolies. Bonus points if a judge needs to grant them the privilege of knocking on your door too.
> Yes this is the way policing should work, if they think you have done something they knock on your door [...] Bonus points if a judge needs to grant them the privilege
How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"? They went after the gatekeepers because they wanted a one stop shop for accessing people's data. They will look to take the same easy road in the future and there's nothing easier then framing any attempts to keep data out of UK's reach as a crime. They get your data or get you for not providing the data.
The law will be "stupid", tech savvy people will find ways around it. But it's enough to throw a or a noose around as many people as possible and tighten as time goes by. Authoritarianism 101.
> How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"?
By suspecting you of a crime first, then they can establish access to your device through legal due process and access the data on your device or imprison you for not facilitating it. Same thing they do with computer passwords and whatnot.
Thankfully my predecessors de-UK’ed for me!
It's an Apple problem, because with libre tools you can run your own software to circumvent this law.
You can run your own software, but if asked by UK authorities to provide the keys/password and you don't comply you face prison time.
You can safely leave it to FOSS to implement ways around that.
How does FOSS prevent someone from pulling your teeth out with a wrench to get your passphrase?
Rust solves this.
You give them access to a fake account.
Although effective, this particular technique does not scale very well. Even if the UK had 100,000 kidnapping wrench torturers, it would take ~2 years for them to get through to pulling everyone in the UK’s teeth.
The majority of apple and android users can't run their own libre software, until libre software is as easy and seamless to use as the comparables.
People need to hold the UK government responsible for its crimes against humanity. Until the AUMF which resulted in the utterly reprehensible "War on Terror" is rescinded and the crimes committed under its enactment fully prosecuted, the authoritarianism will continue.
Remember, people, these are WAR CRIMINALS driving these policies forward. To expect this class of individuals to adhere to democratic, western values, is naive in the extreme.
The same people who have no problem with genociding a million people in the middle east enemy-state-de-jour are not going to give one fig of care to the local human rights violations that they are also getting away with.
The West has a war criminal problem. Until we solve that we cannot do a damn thing about our human rights problem.
There's more good reasons to de-Apple besides just residing in UK.
Ah yes, 70 million people find a country they are eligible to move to, quitting their jobs, uprooting their families. Definitely the most straightforward fix. Thankfully other countries have no problems either, or they'd have to leave from those too!
The actual straightforward fix isn't available to us - namely, we aren't due a general election until 2029 and right now the "good guys" are in power, so it's not at all clear that anyone would even offer to reverse this TCN if they were elected instead, in 4 years time.
If there was a general election today, who exactly could we vote for?
Trade union organising with the threat of nationwide industrial action would work regardless of which flavour of Tory is in power, though.
At least the US hasn't postponed the general elections to keep the unpopular party in power.
https://www.local.gov.uk/our-support/devolution-and-lgr-hub/...
Neither has the UK government.
* It wasn't the general election.
* They offered local councils the chance to request it if they were going through a reorganisation or devolution process.
* 18 councils requested and 9 were accepted as justified.
* And even those are only delayed until May next year (one year after the rest of the UK).
So to be clear the UK government not only didn't postpone the general elections but half the councils who requested the local elections were postponed were denied, with the other half having reasons and still doing it a year later anyway.
And all that is actually covered in the page you link to.
Fact check - the UK hasn't postponed the general election.
Your link points to _some_ local council elections (the people responsible for bin collections, parks and care homes) and the extension has been requested by the local councils themselves.
I wish they would help get as many reform councils as possible. Given how incompetent they have been in the ones they did get elected, I think it would put a damper on the enthusiasm of their supporters.
> and right now the "good guys" are in power, so
So close and yet so far.
Granted it would be more impactful that to stop using Google and Apple services.
> You need to start that because, as we recently learned, at some point in the very near future Apple is withdrawing its Advanced Data Protection (ADP) feature from the UK altogether as a result of the Home Office TCN through the Investigatory Powers Act.
So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I can encrypt anything and store it in anything that provides storage. Why are people acting like "end to end encryption" is a feature you need a cloud service to provide to you. Rather the opposite - it's really something you can only do yourself.
Sure, but almost no one is managing their own keys and knows enough about the various e2ee algorithms to make these decisions on their own.
Do you know of a good piece of software or tool that lets a layperson interface with any cloud storage provider?
https://cryptomator.org/
The closest I've found is VeraCrypt, which is near the edge of what I'd call layperson-friendly. But if you store a VeraCrypt drive on the cloud, you'll need to re-upload the entire encrypted file--usually quite large--every time you change anything at all. That's a _lot_ of bandwidth, and likely to be quite slow to sync.
https://github.com/restic/restic
not exactly for a "layperson", to be honest, but easy enough for someone familiar with a command line
Sparsebundles
And you must then give the password to your data.
https://thblegal.com/news/can-i-be-prosecuted-for-failing-to...
https://www.ilfattoquotidiano.it/in-edicola/articoli/2025/01...
etc.
In the extremely unlikely event that I'm compelled to by a judge, yes. Or if someone chooses to beat me with five dollar wrench, of course. And even then A) it can't happen without my knowledge and B) I have the option of refusing and bearing the consequences.
I didn't say it solves every problem, just that it's the only way to have proper end-to-end encryption.
This seems like a job for a truecrypt style system. Either you do it at a file-level, or you have it split into (say) 10MB file chunks, and if you want to access a certain file you have an encrypted local db that acts as a magic decoder ring ("file test.csv is spread across CLOUD1.DB CLOUD3443.DB CLOUD132.DB").
Combine that with steganography (Enter real_password, and test.csv is a list of bank accounts, enter fake_password, and test.csv is a list of apple store locations, enter random_password, and it decodes junk). Maybe combine that with multiple layers of passwords (one ring to rule them all, except certain files).
Obviously, you'd want to steganographize the decoder ring as well.
> So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I suspect it's because whilst other services would be affected we only know about Apple currently and, thanks to iOS and Mac, a large percentage of the population will be using Apple by default for the services impacted. Only Google (Android) and Microsoft (Windows) really overlap in that regard.
> So, a UK-only advice
Not for long
Other countries have very similar regimes these days.
> So, a UK-only advice
So what?
> it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
From the linked article:
> I’m not going to tell you where to move your stuff other than to say that if you’re moving it from one big tech company to another, you’re just being daft. Likewise, if you’re moving your stuff to a non-e2ee service, don’t bother. If you need an e2ee service try Proton. They have a Black Friday sale on.
> So what?
The title felt like there was a greater issue with Apple specifically. There wasn't. There was a greater issue with the new UK laws and cloud storage systems. I think people deserved a clarification before getting wound up about it before reading the article.
Yes, it's nothing to do with Apple per se - any major E2E provider would be under the same attack. The problem here is UK government is drunk with power and doesn't want their citizens to have any privacy rights, and UK citizens are largely ok with that, as evidenced by them keeping to elect such governments. Apple is just the most prominent target of the attack - eventually, they will try to attack smaller targets still, and make usage of the strong encryption as hard as possible, maybe outlaw it completely and mandate government key escrow. They already tried it in many countries, and UK seems to be very ripe to try again.
> UK citizens are largely ok with that, as evidenced by them keeping to elect such governments
I don't think that's true. I think plenty of UK citizens do want better privacy rights and data protection, as evidenced by the very large petition against national ID cards for example.
It doesn't win the vote because it's not the most important factor when it comes to voting, because there are bigger issues people care about more.
Many people are somewhat despondent, due to economic decline, ever-increasing pressures and poor prospects for so many people. There's no choice of party which simultaneously supports privacy rights at the same time as other things most UK citizens appear to care about more, which can also survive the intense tactical voting pressure under the FPTP voting system. Consider that most people who voted Labour in the "landslide" last election appear to have done it tactically to "get the Tories out".
So issues like privacy which aren't at the top of people's concerns, end up not having much influence over voting decisions.
The Lib Dems and Greens are the nearest to that, imho. Of the major parties, they seem the most aligned with privacy rights in their DNA, as far as I can tell.
Reform are getting some political benefit from talking up privacy at the moment, and they stand a real chance of winning next time. But I doubt very much if Reform would ever implement real privacy rights. I think it's just opportunistic dodgy politician talk in their case, and that real privacy isn't in their DNA at all, because they don't believe in universality of human rights. They are openly eager to remove the Human Rights Act and strip many people of those rights, after all. Strong online privacy also clashes with one of their core missions, to find and deport vastly more people than before; privacy clashes with that both on grounds of investigative capabilities, and on grounds of principles and rights. I could imagine Reform trying to offer strong privacy only for approved citizens, alongside mandatory reporting on other users, but the contradictions in that are too much.
> It doesn't win the vote because it's not the most important factor when it comes to voting,
This implies there's a vote for and against it, but is there? I didn't see any party or serious political movement raise this as an important issue. Why? Because they assume it won't bring them any additional votes, because their potential voters don't care. If they don't care, they get what they get.
> So issues like privacy which aren't at the top of people's concerns
So, you are agreeing with me. If you say "sure, I'd like some privacy, maybe, but I don't care enough about this to bother to tell my rep that I'm even interested in this" - then you are "ok with that" as I said.
The issue is with Apple specifically in the sense that they have been offering a superior E2EE cloud storage service that will soon be denied to UK residents (IIUC, E2EE isn't offered by their competition e.g. Google, Microsoft). But the article goes out of its way in its first section to note that Apple isn't in the wrong at all here:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
It is, if you care about the issues the author evidently cares about, "time to start de-Appling". I am a satisfied ongoing customer of Apple and I didn't find this headline to be the least bit inflammatory. It is, at worst, minor clickbait—but it's not really bait at all, since the contents of the article match the headline.
FYI, this is not about a law, this is about a Technical Capability Notice. This is a thing the UK government is able to issue to a specific company or companies, that require them to implement technical measures to enable data collection. This applies only to the company/ies that the notice is issued to.
That could be one of them, some of them or all of them, but it's not really a law that automatically applies to all of them.
Everything a government does is about a law, but, even if only Apple had received this notice, why would it change the unfairness of singling out Apple? Did UK government issue this request as their final request of this kind? Did they forbid any further requests to be made? Did they single out Apple out of something specific to Apple Inc (or, say, United States) or did Apple happen to be just too visible?
Singling out Apple in the article's title sends the wrong message here. The author should have gone with something along the lines of "UK residents should stop using E2EE cloud services". Current title implies there might be a safe E2EE service in the UK. Heck, they even claim that in the article: "If you need an e2ee service try Proton" as if Proton is exempt from getting a notice from the UK. It's not.
> > Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
So American companies are complying UK laws, and the conclusion is that UK citizens should "de-American"...?
Am I reading it wrong?
No, you got it right. Anti-Americanism is one of the few canards that the UK government can use as a boogieman to force through their most questionable policies.
One of the most shocking things about Europe when I have visited is what your average European (or Brit, since I guess they don't call themselves European anymore) thinks the US is like (even ignoring politics, just basic standard of living stuff). They've never been and probably will never be able to visit so all they know is what they've been told. When they do visit, they return with a much poorer opinion of how their country is doing. That's why the "I was lied to..." clickbait is so common in European made US travel videos now.
What are they being told, and how can it take hold, when there are so many movies, YouTube videos, tv shows, news outlets, etc that show what it’s like in the US?
Unfortunately the user friendly non-Apple alternatives like Google devices and services are dramatically worse than Apple’s when it comes to privacy.
Years ago when I was still giving Android a chance I found that things like banking apps refused to work if I loaded a custom ROM or IIRC even if I enabled superuser access on the stock ROM. Those things are probably even more tightly controlled now, so de-Googled Android doesn’t seem worth trying again.
Too bad other truly OSS mobile options are in their infancy, heck I couldn’t even get all the drivers configured stably on a work provided laptop with Linux support supposedly validated by the manufacturer. It could be years before we get good OSS phone and tablet software, if it ever comes at all.
Both Apple and Google guarantee you a total _breach_ of your privacy: They are known to share most or all of your data, that's on their servers / comm lines, with branches of the US government, en masse, pursuant to agreements or compelling arrangements. This is the PRISM program, revealed last decade by CIA whistleblower Edward Snowden.
As for other uses of your data, and what they "send back home", there you might be right about the differences between Apple and Google, but I would again not put faith in either.
Something's wrong with the CSS on this page. The end of every line is cut off.
.site-content .post has `overflow: hidden;`, .site-content .entry-content has `max-width: 965px;`, and .wide-content has `margin-right: -34.0740%;` Disabling the margin-right or, preferably, the max-width rule will fix the layout. Or make your browser less than 1700px wide.
(Crazy rats nest of CSS rules, I assume this is a wordpress/wordpress template thing.)
Ahh, just saw this after posting my comment. Yes, it appears that at 1700px or greater it cuts off text. Shown in this video: https://cs.joshstrange.com/BB60xzBW
Yes, same issue for me. The negative margin-right is causing the issue:
If you resize the window to a narrower width, it will wrap more normally.
A bit weird that it's necessary but thank you for pointing it out.
Same for me. You can get around it by zooming in.
Apple obeys the law. Policians set the law. You vote for politicians.
So nu, it makes no sense to blame Apple here.
Unlike most writing about politics, the article isn't arguing that 'those are the bad people over there'. The article describes a current aspect of reality and how it came about, and suggests a way of responding to that reality.
The right way to respond to this reality would be to stop UK government from being insane by electing a more sane government. Stopping using iphones is going to help only for a short term - once encryption is de-legalized, they will come for everybody who they deem worth coming for, sooner or later. If it'll require introducing licenses to run encryption software and mandating key escrow, they'd do that. Yes, you still would be able to sneak in encrypting software on USB drive hidden in your... let's say, pocket. But the mere fact of using it would make you a criminal then. That's the natural progression of where it is going, unfortunately.
That isn't a reasonable response because governments can't be changed in a whim and aren't controlled by a single person, two good things.
UK government had been consistently working in this direction for decades. It's not "on a whim", it's a known and consistent policy, and yet there's no substantial resistance and pushback. The only reasonable conclusion is that the majority of the population is OK with what's going on.
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
I don't think there's any blaming of Apple going on here. This is about dealing with the practical realities of the circumstances for people in the UK.
Wrong or painfully naive. Politics has to deal with realities. If the net wasn't engineered to be resistant to censorship, we probably wouldn't even be talking accross borders right now.
It must be nice to live somewhere that has politicians that represent the will of the people enough to have a take like this. Where I live, your vote only counts if you have enough money.
You're asking for a monkey's paw.
The current ruling party in the US has given its voters exactly what they think they wanted, and it's a fucking disaster.
My day-to-day life has never been impacted by who is in the White House. Where is the disaster?
My peaceful, law abiding neighbors were taken away by ICE thugs in a totally unnecessary military style raid in my upper-middle-class suburb. Absolutely no due process. Their autistic, profoundly disabled child was left alone, scared and unable to understand what was happening. After over a month of detention, the neighbors were released. Turns out they weren’t so dangerous after all.
This, to me, is a fucking disaster.
I saw this all the time to people. What happens in the white house doesn't affect people nearly as much as what happens locally, but its a 'disaster'?
Not Vietnam, Iraq, Afghanistan, Ukraine, Palestine, the actual German Holocaust, or anything else, that's for sure, right? My life was never impacted by any of those.
Yes yes, it's only a problem if it affects you.
Utterly tedious.
What a completely selfish and myopic view of politics. Do you not watch the news? Also a very bad reading of history, thinking all those bad things like 1930s Germany can't happen here when enough people let it happen.
I take it you consume BBC "content"?
Is the BBC the only news media organization reporting negatively on the current US administration?
What specifically are you referring to here?
Because no matter who they vote for, they get this. The previous ruling party hasn't had a real primary since 2008 (and didn't even go through the motions in 2024.) H. Clinton makes a fairly good case that even that one was fixed (because they knew the best horse to bet on.)
No matter who you vote for you get Hillary Clinton's governance, though. She's become very complimentary about Trump's foreign policy.
The writer isn't blaming Apple.
The title certainly disagrees.
No, it doesn't.
If I get up in the morning and say "time to get out of the house" I am not blaming my house for anything; I am simply articulating that I want or need to be somewhere else, for whatever reason.
Eh, the whole "de-Brand" lingo comes from "de-Googling" which has unambiguously blamed Google for the act. The use of the same type of terminology automatically implies the same set of circumstances.
When you say "time to de-CocaCola" while all soda products are susceptible to a certain health hazard, you can't say "Obviously, CocaCola isn't being blamed here".
The analog of your example would be "time to get out of the cloud" for the article.
> the whole "de-Brand" lingo comes from "de-Googling"
Which no doubt stems from more practical usage, like "de-worming". That does not imply that there is blame to go around. You are not blaming the worm — you just want rid of it because it is not something that is working for you.
The issue is specific to Apple! IIUC they're the only mainstream cloud storage provider that provides E2EE, and I'm sure many of their customers chose them over their competitors for that reason.
I does not in the slightest. Rather, It suggests it's time to start removing Apple entanglements from your digital life, for reasons that are described in the article.
See my sibling comment.
The frog refusing to carry the scorpion is not to blame the scorpion for their condition but to recognize that they are a scorpion and behave thusly.
Apple obeys the law. They operate in countries where you can not vote.
England has been speedrunning the dystopian surveillance police state for a while now, through numerous governments. Voting is pointless.
Same (but different) in Denmark where politicians vote to give themselves more money[1], snoop on everything[2], violate our constitution unpunished[3], delete evidence of corruption[4], open the borders[5], etc. etc. etc. I used to care - a lot - I really did. But I'm done.
[1]https://www.dr.dk/nyheder/politik/ny-aftale-politikeres-loen... [2]https://www.justitsministeriet.dk/pressemeddelelse/i-dag-tra... [3]https://www.information.dk/indland/2020/12/jurister-ja-grund... [4]https://www.dr.dk/nyheder/politik/politisk-flertal-presser-m... [5]https://integrationsbarometer.dk/tal-og-analyser/INTEGRATION...
In general, if voting had the power to change much, it would be illegal. Rulers allow voting to change a few things, but never the things that benefit themselves.
it keeps people divided and against each other, rather than united against the rulers
Might come across as pedantic, but its important, "the UK" not "England". Confusing the two can upset people, especially those from the rest of the UK.
Personally I do not think its just the UK and Denmark, its pretty much everywhere.
I specified England because I don't know what's going on in the rest of the Kingdom. Might be just as bad, I dunno.
The surveillance laws are all UK wide AFAIK. Some policy with regard to policing is devolved so there might be some small differences in how they are applied, but it is essentially just as bad.
>I dunno
That came across in your first comment.
Did you read the article? She doesn't blame Apple.
Sixth paragraph: "But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me."
> Apple obeys the law
No, they don't:
https://news.ycombinator.com/item?id=45854441
https://news.ycombinator.com/item?id=44529061
https://news.ycombinator.com/item?id=45492410
it does if you're clickbaiting via ragebait, like she is?
I think it’s a stretch to say the author is blaming Apple in the title and she explicitly calls out in the very first section:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
I do not believe she is, in fact, "that one".
https://www.google.com/search?q=heather+burns
https://en.wikipedia.org/wiki/Heather_Burns
It’s a joke
The article text does not display properly on Firefox for me. The text gets cut off.
Same with me on Safari.
I don't understand. Apple is being forced to disable E2EE due to UK legislation. This legislation does not just apply to Apple, so presumably any service you switch to (e.g. Proton was suggested in the article) will be subject to such orders as well.
Seems like it is time to de-Britain, rather than de-Apple.
De-Appleing is very difficult if you have a family using iCloud Photos, music, drive etc.
Looking at the list, perhaps moving documents off iCloud Drive (to where? Dropbox? That isn’t E2E is it?) and Notes is enough.
Do I really care if my photos are E2E encrypted? Most of my photos are in Lightroom cloud so those are not anyway.
I don’t use reminders or Freeform or voice memos, and I couldn’t care less about safari bookmarks. If I move off Drive and Notes, I don’t really care about iCloud backup either.
Is this sufficient? My notes will go to Obsidian (except some disposable shared ones) but where do I move my documents if not on iCloud Drive? Is Dropbox any better?
> De-Appleing is very difficult if you have a family using iCloud Photos, music, drive etc.
Although this is just anecdata, I moved my senior parents from iCloud Photos to Immich recently and their response was something like:
"Wow, the new Photos program on the iPad looks nice!"
For them it works out fine, since their use-cases are checking out vacation photos by scrolling the timeline and also occasionally clicking on the "memories" from N years ago. Helps that the app icon is very similar, too.
> Hi, I'm Heather Burns — yes, that one.
Ok, I was going to ask, but taking "yes, that one" seriously I suppose confirms the author is the actress Heather Burns best known for playing the best friend role in a string of successful romantic comedies.
https://www.imdb.com/name/nm0122688/
https://en.wikipedia.org/wiki/Heather_Burns
Kind of weird to be reading some blog post about tech privacy from such a well known actress.
Am I missing something?
The author is a different Heather Burns from the actress.
https://heatherburns.tech/about/
If you scroll down you’ll see an image of the author.
It's not that one.
> Am I missing something?
A joke? A fun tagline? A little zing for under the heading?
https://heatherburns.tech/
I wouldn't classify "best known for playing a side character in some 90s movies" as a well known actress. Also, different Heather Burns.
I'd put her in the top 1% of actors.
She might be, but it might also be the case that there are so many actors, to be "well known", you need to be in the 0.001%
I probably have seen movies with her in it, but I have no recollection of her as an actor. I did recognize her husband as Samir from Office Space, though I couldn't tell you his name.
Maybe it is better to de-tech a bit. Go back to some older decentralised stuff.
Like buy cd's and blu-rays instead of digital/drm locked/streaming service shit. Be an owner again instead of a renter.
I don’t think you have to go that far backward. You can get a QNAP or Synology NAS, a storage VPS and use syncthing. I don’t even have the NAS yet, just a Pi with an external drive and I’ve gotten pretty far.
The part I haven’t been able to crack is syncing the Documents folder on my iPhone. All the syncthing apps for iOS are abysmal because there’s no real background sync. You can add a SMB share in the Files app, but that doesn’t get you offline access.
It's all fun and games until you learn that physical media has a limited shelf life.
It’s why you archive the things you buy on physical media.
> you learn that physical media has a limited shelf life.
Their point is that physical media itself has a limited lifespan.
You need to continuously "refresh" it every 1 to 10 years, depending on the physical media you choose, or it's most likely corrupted. I've lost many HDD, SSD, SD cards, and about 50 "archival quality" DVD/CD to time, with all manufacturers having somewhere around 3x to 20x exaggerated claim of longevity. I'm guessing their numbers are based on some temperature/humidity controlled marketing BS, rather than anything resembling reality.
SD Cards are the saddest. I've seen many older members of my family shed tears when they pull out their SD cars they carefully stored in a drawer/safe, and they're junk. Charge drift be a harsh mistress.
so does digital..
On a 1700px or wider screen your text is cut off on the right-hand side: https://cs.joshstrange.com/BB60xzBW
It really is getting to the point where the crypto gang is right „not your keys not your bitcoin“…except for encryption keys.
DIY is pretty hard though even for the reasonably skilled. Even if you go full nextcloud or whatever - that’s not exactly risk free either
Apparently she's so thoroughly de-Googled and de-Appled that the page doesn't display correctly on Chrome on MacOS on my machine, cutting off part of the text on the right margin (manages to render correctly if I resize the window to a smaller width however)
We need to make it easier to work with client-side encryption. Keys on the devices, ciphertext in cloud storage.
I was using CloudMounter to do this, but the software was unfortunately a bit rough around the edges and didn't feel as reliable and seamless as the other options.
These days I have some hacked together tar + PGP scripts for encrypted backups, but still rely on iCloud + ADP for the rest.
just noticed your CSS has an issue on wide screens that cuts off some of the words at the end of a line, here's the culprit:
``` @media screen and (min-width: 1200px) { .site-content .entry-content .wide-content, .alignwide, .alignfull { margin-right: -34.0740%; } } ```
that margin-right is causing some of the content to move too far to the right and gets hidden in `.entry-content`
UK Govt. stupidity aside, Apple could allow iOS users to switch their backup provider from iCloud to other services or backup targets. But they won't because they want to continue to grow their services revenue.
Isn't Apple taking UK gov't to court over this, and the reason they have abandoned encryption for everybody is to avoid being forced to provide backdoors. On this you should be on their side, not against them.
> On this you should be on their side
If Apple was transparent, I would be. But they are user-hostile and trust the federal government more than their customers. Apple is on-record[0] admitting that the US government requires them to their cover-up cooperation with surveillance. After decades of users demanding proper accountability from Apple, this is exactly what they warned would happen.
You have no right to demand that I take their side - Apple's disregard for privacy nauseates me. Everyone who sincerely trusted Apple to protect them against the fed is a lost cause. Go ask Apple to save you.
[0] https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
You can de-Google, de-Apple, de-Microsoft, de-bank, de-whatever, go live off-grid in a thatched hut in Sherwood Forest. But the government will spy on you all the same.
Why would the UK government continue to allow e2e iMessage? Is it because they have an existing wiretap law?
https://archive.is/8SI66 (to bypass HN hug of death)
Recent history of Apple vs. sovereign states is a real time vindication of Polanyi. Capital is always subordinate to the state (even if it proclaims to be the opposite).
> Capital is always subordinate to the state
the international monetary fund has every state in debt. some third-world countries become subordinate to it, when they're not able to pay the interest payments.
> Apple cannot disable ADP automatically for these users
Extremely interesting.
ADP means that you own the encryption key to the data and Apple can’t access it, so Apple being able to turn ADP off by itself would invalidate the whole point of the system.
In theory, sure, but that theory surviving practice (e.g. a G20 government bearing against it) is meaningful. E.g. they could push an OS update to automatically turn off ADP for impacted users, but they aren't.
IMHO Apple is actually being honest here. They cannot legally operate in the UK without providing a back door, so they are dropping the claim of ADP in the UK. This is letting the user know what's up, and might also help inspire a backlash against these laws. Apple needs to make it clear that they are being forced by UK law to degrade service.
Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
I'm sure there's services out there that will secretly comply and still claim to be secure.
There's also a lot of companies that will simply abandon security features like ADP or never develop them. Apple is going to the trouble of disabling it only for UK people not everyone, instead of just deprecating it. The latter would be less expensive and expose them to less legal risk.
If you really want security in the UK now you have to roll your own and do the encryption yourself. Honestly that's always the best security, since you can never be 100% sure a closed cloud or software vendor isn't messing with you.
> Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
It is also maybe a good thing? Corporations should not be stewards of our rights, we do not want to be governed by tech-barons.
The problem here lies clearly in UK's laws and government and they cannot be fixed by Apple. The West in general is in this crumbling state, where we take corrupt bastards chewing off our rights for a law of nature, instead of getting furious. France is the only western country where people dare to really protest.
"— yes, that one."
? Who is this person?
The person whom you went out of your way to reach out to.
> We are all liabilities to our own opsec now.
Always have been.
It's unfortunate that gross government overreach and corporate cooperation with it is what it takes for people to even recognize the concept of data privacy and data ownership is a thing, much less that they should do something about it and that their data is and never was "safe" in the cloud, no matter which corporate overlords walled garden you called home. Apple has never been an exception to this rule.
this is an article about why you shouldn't live in the UK. I always think right-wing news makes it sound worse than it is.. I have a feeling it's truer than not.
Brexit was the tipping point.
I have a new device for you guys it’s cheap it’s better than your iphone and there’s no wait period once I release it. It’ll be ready in 2 months no pre order needed.
Maybe people in UK should de-stupidify their politicians.
the people are a lot stupider than the politicians. sorry but it needs to be said.
as for the MPs, theyre ok. not as stupid as most think. they are very self-interested and not in the business of 'rocking the boat'. strongly prefer managed decline than any risk taking that could result in things going sideways.
its easy to critique but truthfully the UK is structurally in a dead end (well ok, maybe not... but it does feel that way). but things could be a lot worse, and many don't appreciate that reality. having clean tap water and paved roads is pretty damn good for a country held up by fintech and scraps of last century's industry.
people calling for reforms have no idea what they're in for. Thankfully Reform was deployed together with Nigel Farage, God bless him, rolled in to do narrative control and provide a safe and controlled sponge for dissent. That guy is a 'fixer' for UK political radicalism - every time the crowd starts to have funny ideas, he magically appears and slowly but surely everyone goes back to their £32k/year jobs. I think he's 'retired' from politics thrice now.
truthfully, nobody does politics better than the Brits. but then again, they invented this game to begin with!
> truthfully, nobody does politics better than the Brits. but then again, they invented this game to begin with!
I'm sure the Romans would have had something to say about that.
It's doubtful that we can, the "good guys" are in power right now.
The two major parties are both supporters of the nanny state.
Just to clarify, she's advocating people stop using Apple, quite literally the only big tech company with a slightly better focus on privacy compared to all the others and with a reputation for saying no to the latest authoritarian power grab by the UK government?
No, she's saying that due to UK legislation that Apple will no longer be allowed to offer e2ee and it's time to start moving your data off of their cloud services before you're forced to turn off ADP.
It's not an article about advocacy so much as the pragmatics an upcoming data migration.
Yes, she's advocating people stop using them for a few services if they require e2ee for those services. Why? Because apple will be removing e2ee for those services. She is also clearly advocating not to use another big tech company for those services. Source: TFA
apple privacy has always been marketing
If you don't have it locally you dont have it.
Move away from the UK. This is a UK law forcing Apple to share your data if you live in the UK.
Maybe this was intentional by the author to annoy Mac users, but the word/line wrapping is broken on the latest Firefox on the latest macOS: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0
> please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
That's the message. It's high time. We can what-about-argume about what's E2EE and what Apple "pinky promises" isn't used or sold but the reality is that anything seated in the US may as well be a publicly open http for the right buyer (be it the US government, Saudi Arabia, Israel or whatever...)
Especially if you're in charge of customer data, you can't "just" setup something on a EU server if the corp is based in the US, those days are over now. You need to do the legwork.
De-appling is easy. I just don't have anything from them. Apart from the work laptop, but that is a problem for my employer, not me.
De-googling however is extremely hard. I have been slowly chipping away at it, but there are things I just have no decent option to (such as Waze and Android Auto).
Android itself is another problem. I have high hopes for a Graphene device.
De-Googling is also extremely easy, I haven't had a Google account in 10 years, I use uBlock to block the ads, DuckDuckGo for search and a Youtube app that downloads from it instead of using the website.
Perhaps the only thing I use directly is Recaptcha.
The bigger problem is doing both.
It's easy to use a different calendar, search engine, etc, but it's far from easy to use an Android device without Google Services. Can be done, but banking apps, contactless payments, etc, become painful or impossible.
The point is that avoiding Android is also easy. I never had an Android device and have no interest.
Once again: The only problem is avoiding both platforms.
this is not practical or desirable in my view: de-google, de-apple, de-meta, de-aws etc etc etc
What next, become stone masons? nah, that's too corporate, pick berries instead ;)
Come on, what happened to moderation, discipline and planning? How about use what you need, hedge your risks (mix providers, products), be more proactive than reactive to demands for consumption?
Make intentional, rational, specific decisions about which people and companies to support with your hard earned cash based on alignment of values and interests.
Seeing as the UK is part of the 5 eyes alliance I wonder how long until this is attempted in the other countries
While waiting for this site to come back up can someone explain the word “appling”? Is that a typo?
In the context of the article de-appling is what you should do after de-googling.
'Appling' - using Apple products. In this case iCloud SaaS products I believe.
https://archive.is/8SI66 if you don't want to wait
"Apple-ing"
turning a name into a verb is common these days
You mean verbing a noun ?
Verbing weirds language.
The trees are really sneezing today.
Wouldn’t it be easier to just move away from the UK? (I jest, but actually…)
nobody is going to stop you leaving the UK.
its entering another country that suddenly becomes a real problem, and ofcourse, if you're in the UK, the only country worth moving to at that point is the US with (as I understand) quite stringent immigration restrictions.
in reality, if the US were to open their doors to the UK, holy moly - this entire country would turn into Ukraine overnight, with nobody but pensioners left. which actually isn't in either governments interest: obviously not the UK, but infact, the UK presents a source of cheap labour for the US: read any hackernews thread concerning tech wages in the UK, the comments are hysterical/diabolical ("you make HOW much!?" - "A fast food worker makes more..." - etc.)
so, the current state of affairs is probably a good business arrangement for both parties involved, and aren't gonna change any time soon.
> ofcourse, if you're in the UK, the only country worth moving to at that point is the US
I don't even know where to begin with this remarkably dreadful take.
No need to leave, move up north and wait for all the shenanigans to blow over. Hard to be annoyed at the government and the corporations when you're walking through the Yorkshire dales on a sunny day
Not as many easy paths anymore for a British worker, tech or otherwise, thanks to The Foolishness.
And the most popular choice -- the USA -- is off the table for the majority of Brits, I think, who cannot comprehend The Other Foolishness. (Mind you, the ones it encourages... I hope they follow their hearts)
What about the Republic of Ireland?
That is straightforward to the point that a British citizen can just go there and work, even go there and freelance.
(I have given it some consideration myself.)
Generally speaking, though, it's not a route Brits take in huge numbers, for legacy reasons. Though plenty investigated their potential for citizenship.
Is it now effectively illegal in the UK for a company to provide end-to-end encrypted services to users?
From the article, I'm suprised at this unusual twist:
> What about that second TCN?
> On the 1st of October, the Home Office issued a second TCN against Apple for the same as before, but only for _British citizens’_ data. World-leading!
> Those who follow my work know that this phrase made me spew a double barrel of Glaswegian swearing. British citizens’ data, as opposed to British users’ data? The dividing line here is not e.g. being located in the UK or having registered an account here, but what it says on your passport? How is Apple going to know that, much less roll it out? (/s)
> Did Apple just publicly state that they’re going to be removing a security layer and adding a nationality check layer?
> We don’t know.
> We don’t know because as with the first TCN, that information only became available in the public domain due to someone leaking it to the media. That’s all there is to know. Everything else is confidential and NCND. There is nothing else to say because nothing else is known. If someone who did know something was sitting across from me right now, and they told me, they would be committing a crime.
Does that mean my non-UK citizen friends who are resident in the UK now have better privacy rights than UK citizens in the UK? Does it mean it's better to remain only a resident, than to attempt to obtain citizenship in the long run?