I received an imminent advanced security threat notification back in January 2019. Urging me to get one of those 2fa dongles (which I did). And just as well, because the next month my account was locked due to an attempted unathorized access.
The Google warning page can be viewed by anyone, but they do specifically tell targeted individuals through other channels (a big red warning message at the top of Gmail, for example): https://myaccount.google.com/stateattackwarning
Apple is like the last company in that space to do this. Google has had these warnings since 2012. Facebook, Microsoft and Twitter since 2015.
(I agree that it's great that Apple is finally doing this. But it seems entirely par for the course for them to be a decade late and still get the credit.)
I have never seen any warnings from Google or Facebook if I automate against my own accounts, and dumping the data. Only on sign-in attempts. That kind of warning is very limited, and Apple also have them.
It seems like Apple now have introduced ‘honey pots’ and other techniques to discover if there already is someone with access to your account/device, and that is a big deal and good news.
And something I have never seen from any of the other big companies.
I might care if Apple had a history of protecting US citizens from their own government, or shielding Chinese users from their own tyrannical surveillance systems.
No, I'm referring to Apple's continued cooperation with surveillance agencies across the United States and all associated governments through the FIVE EYES program. The fact that your Macbook's security keys are trivial for the government to acquire is besides the point, but potentially germane if you, well, trusted your laptop in the first place.
Apple's cooperation with PRISM[0] is well documented[1], but if you want to find the particularly damning details you'll need to do your own research. The dust has settled since the Snowden revelations, and many mentions of the program have been sterilized.
> Also how they are different from any other tech company?
It's not. But the claim that Apple puts extra effort into protecting you from your government is comical, especially if you live in a first-world country. It's also a false dichotomy, since there are definitely more secure devices you could be using. They're just not being manufactured by the largest, most valuable companies in the world.
> My MacBooks security keys are not trivial to acquire because they aren’t in icloud.
That is indeed what the US would like you to think. It's no coincidence that Macbooks force you to use NIST-designed crypto for all of their services though, and if you've got a healthy degree of skepticism towards the same institute that backdoored Dual_EC_DRBG, it's safe to assume the rest of these ciphers are also vulnerable to differential cryptanalysis. Or just take what the NSA says at face value, that certainly won't cause any problems in the future. /s
> But what do 5 eyes have to do with Chinese users?
Also nothing, they have their own bespoke surveillance program since China cannot cooperate with the US like Britain or Canada can. In lieu of being able to break their encryption, China demanded that all of Apple's domestic data get stored on domestic servers. While Google, Microsoft, Yahoo and every other big tech company shied away from that kind of compliance with a known abuser of human rights, Apple happily complied with the request.
I shouldn't be arguing with the trolls - but in case anyone was curious about these (nonsense) allegations:
Your links do not document cooperation with PRISM other than that the NSA believed they got information from them, which is very different. For all we know, it could have been the NSA abusing an API endpoint. Also, it said that it got lots of stuff like email, address, and so on when all of these services were combined which made it PRISM.
For all we know, it could have been checking the emails from Apple (because of FaceTime), getting address from Facebook, using address to look up other info on LinkedIn, and so forth. If anything, PRISM shows NSA abuse of services more than intentional compliance.
> definitely more secure devices you could be using.
I hate that I have to say this, but Linux phones are not more secure. They do have a company they don't phone-home to, but if a Linux phone was found on the side of the road, I have no doubt that the NSA would find a way in (unlike the iPhone, which as lately as the Rittenhouse trial, the latest model has not been cracked and the government ultimately struck a deal with the defense for a PIN code).
Linux phones are only secure by obscurity in that less research has been done on them and they are less common - but if government agencies were (or are) putting some research cash into them, I would not be surprised if they burst open from a million attacks that iPhones and Androids have found and fixed over the last decade.
> It's no coincidence that MacBooks force you to use NIST-designed crypto
Stop being conspiratorial - almost everyone, including many companies outside the US, use Curve25519 or P-256, and a big reason why is that the algorithm is very fast to calculate while being reasonably secure, which is a plus for fast encryption. Also, nobody has seriously alleged that Curve25519 is backdoor, unlike Dual_EC_DRBG which was suspect almost immediately. Also, NIST did not invent Dual_EC_DRBG. The NSA did and submitted it to NIST as a standard which NIST reluctantly accepted.
> Shied away from that kind of compliance with a known abuser of human rights
Yes - but Microsoft, Google, etc still make their phones in the same factories, and the reason they didn't hand over the server keys was because they don't really offer any services in China. Google doesn't work in China, and Microsoft's involvement is minor and China doesn't care because Windows doesn't encrypt data unless you have the Pro version and it's switched on. Also, your bias is showing in your use of Apple "happily" complying. How do you know that?
We have known what PRISM is for almost a decade now (since we saw Snowden's slides for it), and it is neither what you nor smoldesu claim it to be. The FBI issues a court order to tap a particular account, and the company complies by forwarding that account's email and messages. Then PRISM ingests that data into NSA databases.
> Then PRISM ingests that data into NSA databases.
And if I'm not mistaken it's illegal for an US business entity to directly say that they are co-operating with the NSA or other such US institutions, so Apple actually sending messages to their users warning them about such co-operation might be also illegal (I also feel that the canary tests have failed their intended mission, nobody has time to decipher those messages in the minutest of details).
I'd like to discuss with you in Good faith. But your points seem to be made in bad faith.
PRISM wasn't really a cooperative program, it was a highjacking of the internet backbone wasn't it? Your citation doesn't confirm any kind of cooperation.
I didn't really make any claim about Apple doing extra, I was challenging the idea that they some how do worse. They seem to play as fair as you can in the given political environments across the various nations they work in.
Not knowing what kind of keys or encryption I use on my device, I'm not sure you can make any reasonable comment on what I think, or what the US wants me to think. MacBooks don't force any particular type of crypto, you can kind of do whatever you like. Are you referring to something in particular?
Domestic data sovereignty is not unique to china. A number of countries ask for that. I agree it's not ideal, and mandated backdoors (which Countries like Australia have) add to the problem here. Google don't service the Chinese market directly, Microsoft have in country storage, as do Yahoo, so not sure your point there. "Every other big tech company"? Tencent/Alibaba are obviously also in china. I'm not sure what the alternative to compliance with countries laws are. Do you think it's better if companies do not obey local laws?
A lot of countries are "Known abusers of human rights"... if you made a prerequisite of not working with those countries, you'd be out of business pretty quick. Agree that's not ideal... but it is the reality.
Not the OP, but afaik directly saying you're co-operating with the NSA as a US business entity might be illegal, so Apple not saying it doesn't mean they didn't, quite the contrary (especially taking into consideration Snowden's revelations).
Other companies should take note. More of this, please!