BiteofanApple Archive About Code Microblog Photos
by Brian Schrader

iMessage Security

Posted on Sun, 24 Apr 2016 at 10:29 AM

For a recent post, Rich Mogull talked with Apple about iMessage and security. I always love to hear about cool engineering designs, and iMessage is full them.

Here’s a simplified overview of how iMessage security works:

  • Each device tied to your iCloud account generates its own public/private key pair, and sends the public key to an Apple directory server. The private key never leaves the device, and is protected by the device’s Data Protection encryption scheme (the one getting all the attention lately).
  • When you send an iMessage, your device checks Apple’s directory server for the public keys of all the recipients (across all their devices) based on their Apple ID (iCloud user ID) and phone number.
  • Your phone encrypts a copy of the message to each recipient device, using its public key. I currently have five or six devices tied to my iCloud account, which means if you send me a message, your phone actually creates five or six copies, each encrypted with the public key for one device.
  • For you non-security readers, a public/private keypair means that if you encrypt something with the public key, it can only be decrypted with the private key (and vice-versa). I never share my private key, so I can make my public key… very public. Then people can encrypt things which only I can read using my public key, knowing nobody else has my private keys.
  • Apple’s Push Notification Service (APN) then sends each message to its destination device.
  • If you have multiple devices, you also encrypt and send copies to all your own devices, so each shows what you sent in the thread.

How iMessage distributes security to block “phantom devices” →

Re: Voting Systems

Posted on Fri, 15 Apr 2016 at 05:41 PM

This being an election year in the U.S., I've had a lot of conversations with friends and coworkers about various parts of the political process, voting, and of course the candidates. During these conversations I inevitably mention some point from CGP Grey's fantastic voting systems videos. If you haven't seen them already (links below), Grey explains how some of the weird quirks and pitfalls in our modern political systems are actually not at all related to the representatives or candidates, but to the underlying method that we use to elect them.

Politics and Law are always interesting because their results are so heavily influenced by the way they are developed and enacted. The legal system, for example is not about the specific intent of any given law, but about how that law can be used to enact future laws and the precedent it sets. Politics works in the same way: The method we use to elect our officials affects how the officials run for office and what issues they bring up. The voting system is the lens through which we see and conduct our democracy, and, like every lens, it's not perfect.

CGP Grey: Politics in the Animal Kingdom →

CGP Grey: Foonnote *: I, Phone →


I'm also happy to see that Grey, against his reservations, published his videos about the iPhone encryption debate.

Can we save the open web?

Posted on Sat, 19 Mar 2016 at 02:26 PM

Dries Buytaert on the dominance of large corporations and their algorithms:

[T]he internet has changed drastically over the last decade. It's become a more closed web. Rather than a decentralized and open landscape, many people today primarily interact with a handful of large platform companies online, such as Google or Facebook. To many users, Facebook and Google aren't part of the internet -- they are the internet.

According to a recent study from the American Institute for Behavioral Research and Technology, information displayed in Google could shift voting preferences for undecided voters by 20 percent or more -- all without their knowledge...

It's possible that we're reaching the point where we need oversight for consumer-facing algorithms. Perhaps it's time to consider creating an oversight committee. Similar to how the FDA monitors the quality and safety of food and drugs, this regulatory body could audit algorithms.

Just my initial thoughts, but I like the idea of having some agency oversee these large corporate algorithms. They play such a huge roll in our lives, and there's a large incentive for companies to manipulate their users to their own benefit. Facebook and Google especially have proven that they can do this extremely effectively, and like Dries' says, "without their knowledge". If we're going to allow these kinds of algorithms to be such a huge part of our lives, which I don't believe is necessarily a bad thing, then they should at least be subject to some sort oversight. At the very least, we could enforce a sort of Programmer's Hypocratic Oath or something.

Can we save the open web? →

Blog when you disagree

Posted on Mon, 14 Mar 2016 at 07:57 PM

Manton Reece (emphasis mine):

When you disagree, that’s what you should write about, and you should post it to your blog. 140 characters thrown against wave after wave of mainstream opinion tweets will be drowned out. A blog post isn’t a cheap opinion; it’s a statement that what you think matters.

Blog when you disagree →

Overcast 2.5 Update

Posted on Mon, 14 Mar 2016 at 07:51 PM

A much appreciated update to my favorite podcast player. Marco has spent a lot of time on the various battery improvements and fine tuning the features that make Overcast special. My favorite new feature: dark mode.

A dark theme has been Overcast’s most requested feature since 2.0 knocked streaming off the list. I also wanted to offer patrons something special for supporting Overcast...

It features Apple’s new San Francisco font and a modern blue accent color for a fresh new look that’s still distinctly Overcast.

Another feature I'm looking forward to trying out is the new private uploads feature.

I also often get requests for Overcast to play files outside of podcast feeds, such as lecture recordings, audiobooks, and privately distributed podcasts.

I can't wait to have my audiobooks in Overcast as well.

Overcast 2.5 →

Archive

RSS

Creative Commons License