Report: iCloud plan puts China's Apple users at risk

Originally published at: https://boingboing.net/2018/02/20/report-icloud-plan-puts-china.html

…

All the usual caveats about walled gardens obviously go triple in a place like China.

Why the fuck you would use anything but android is beyond me. Oh wait, keeping up with the Joneses.

Because google?

Part of being a confident and secure person (imo) is the ability to say “no” under pressure. Same goes for companies. If Apple’s bottom line is so dependent on pleasing bowing to some other nation, then they’re neither confident nor secure about their own future.

It’s at least possible to use android without a gmail account and sideload apks.

Is there such a thing as a confident and secure multinational corporation? I would expect such a thing to be indifferent about chasing ever-increasing profits to please the shareholders at the expense of everything else.

Apple is emboldening China to become even more authoritarian than it already is. Can’t wait to see what happens when the PRC buys Apple, Inc right off the shelf.

Dude.

I mean, I guess technically I don’t know what emotions Apple felt when it voluntarily posted this easy-to-find document, but it does spell out pretty clearly what information they can read. Basically, they (and therefore China) know who communicates with whom, but they can’t read any of the content, except with email, as is the case for anyone not using PGP or similar.

End-to-end encryption is a function of the phone, not the server farm, so to read actual messages or documents they’d have to have Chinese users use a different version of iOS.

So much for the “Think Different” anti-authoritarian ethos of Silicon Valley. Give these companies a big enough market and suddenly the most authoritarian nation-state becomes a potential partner instead of something that will be wiped away by the rise of personal technology and/or the trans-national companies that make them.

Except for the Huawei and ZTE handsets that’s apparently so packed with Chinese spyware that U.S. intelligence officials are warning Americans against buying them.

Otherwise, I don’t see much point for anyone with tech-fu to buy a locked-down but pretty device like the iPhone beyond signalling one’s ability to pay a hefty premium.

The article ignorantly makes it sound like Apple is betraying its users in “a dick move”, but this is all required by the new Chinese cybersecurity laws. Just Google “China data center law” and find out for yourself. And everyone’s in the same boat, from social media to connected car services. Other companies will all have to do the same thing.

First, you’re required to keep data about Chinese people in China.

Second, in order to do that, you must have your data center in China.

Third, in order to do that, you must either enter into a JV that will, like all China JVs with foreign companies, be majority-owned by a local Chinese partner (this is what Apple is doing), or lease services from a local Chinese partner.

They get you coming and going. That’s always been the Chinese business model for dealing with foreign corporations.

When was the last time you visited China?

Android phones may be a bit less infected by google spyware in China than they are in the west, but they do not count as “free” either. To put in mildly, Chinese people have much worse problems than being banned from instaling VPN on their phones.

There, courtesy of your friendly hacker’s congress:

and, on top of that, China is evolving very fast. For example, according to Chinese people I know, it has become almost impossible to buy anything without paying with a smartphone in Shanghai. alipay has a de-facto monopoly.

Exactly.

On top of that, Chinese smartphones and required apps do spy on you on behalf of the Chinese government. And it has become difficult for a Chinese citizen to do anything without a smartphone. In the west, we worry about Google, Facebook and Apple. The Chinese government is like all 3 of them on steroids.

I doubt that Apple is betraying its current core values, either. Whatever anti-authoritarian California hippie values that informed Silicon Valley’s hacker culture have either been turned into empty marketing husks or disposed with altogether.

They frequently spring the partner on you late in the game, sometimes to hilarious effect. I always think of the all-American conservative capitalist businessman I know who arrived at the venture’s kick-off meeting in Shanghai to discover that his new business partner was the People’s Liberation Army.

(Some) top reasons to own an Iphone:

Because you want to own a phone that will actually get software updates for the entire time you are likely to own it.

Because you don’t want to give any support to Google’s insatiable thirst for invading your privacy.

Because you don’t want another computing device to sysadmin and configure, you just want an appliance that does its job without fuss.

Because you want a device that has a vast network of conveniently located retail stores where you can take it for troubleshooting or repair.

Because you want a device that will retain its resale value.

Because you’ve looked at the evil empire of Apple and the evil empire of Google and decided that you find the evil of Google (and/or Samsung/whoever) to be more offensive than the evil of Apple.

iOS 12 feature list (proposed)

• In transit/at rest encryption on all iCloud data.
• Private keys stay on iDevice, and must be manually moved/keyed.
• VPN Toolbox is native to iOS (no VPN apps required.)
• Real application based firewall to limit code/data infiltration/exfiltration (e.g. give state apps NO PERMISSIONS to execute.)

(Let me know if I have missed any others. )

I agree that the iPhone is great for people who aren’t tech savvy. I wouldn’t recommend an Android phone to my mother, admittedly in part because when she asks me to help her fix something on it or her Mac my response is usually “don’t worry, just take it to the Apple Store and they’ll fix it.” It’s also the only choice for people who’ve bought into Apple’s own (make no mistake privacy-invading) app and messaging ecosystem.

For someone like me, who can bung a custom ROM onto a rooted and unlocked 2-year old “new” phone and then maintain it while runing it into the ground for 3-4 years, an Android phone makes a lot more sense. Being the “tech guy with the old Android phone that can do more than your brand new iPhone can” has become part of my trademark.

Getting back on-topic, I suspect that one way or another that so long as China is the site of your device’s manufacture, it’s going to find a way to extract private data from whatever brand you’re using.

You misread me. I was listing reasons why a tech savvy person would want an Iphone. Fundamentally, it boils down to two things:

1, Apple has a better track record for privacy than Google.
2, Yes, you can bung custom ROMs and so forth, but why should you spend your valuable time sysadmining your phone?

Back in the 00’s i spent hours tweaking my computer, to the point where I’d break something and decide to reinstall the OS. It was fun. And then I stopped doing that because I wanted to spend my limited time doing other things.

My partner worked as a computer programmer in the early 90’s. But when we moved in together in 1998, she delegated all responsibility for the care and feeding of our computers to me. Because she didn’t want to deal with that stuff any more. And at this point, neither do I. I don’t want to spend my limited time feeding and diapering a computer. I just want to use one. Which is why I buy IOS devices instead of Android, and why I use Windows and Mac OS instead of Linux.

It feels like a real dick move for a company that refused to provide U.S. authorities with a back door to iPhones, iPads and Macs and makes me wonder if concessions in the name of selling more

Oh they had no problem providing the US government with backdoors to their customers data as long as no one knew. That changed when Snowden leaked the details of PRISM in 2013. Apple (and MS, Google et al) only turned “privacy crusaders” after the news got out and they feared for their bottom line.

Government agencies requesting/ordering access to customer data isn’t something unique to China…

prism-slide-51700×525 84.8 KB

I suspect that “staying the hell away from Chinese Android builds” may be a motive as well.

Assembled by outfits at least as cooperative with the state as Apple; and vastly less competent. It’s honestly a bit baffling how terrible it is.

Similar issues with the US government apply as well. I back up my data to an encrypted USB drive for this reason.