Apple Updates iMessage with Post Quantum Encryption
Вставка
- Опубліковано 18 бер 2024
- In this video I discuss how Apple added post quantum encryption to their message app. iMessage is still proprietary, and still only works on Apples proprietary hardware, so while iMessage with PQ3 is technically more secure than Signal messenger, it requires you to put a great deal of trust in Apple which still makes it a less private and secure messaging app in comparison to open source alternatives.
read more about PQ3 in iMessage here
security.apple.com/blog/imess...
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@AlphaNerd:8
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF - Наука та технологія
Now nothing can break them except the backdoors!
This
For your safety!
but backdoors are for enhAnced performance
@@smallcube-zn2mm and "privacy" man!
You mean the back door that the feds couldn’t get through? The one that almost got Apple sued/prosecuted because they refused to help the feds unlock a terrorist’s phone?
Funny how open-source pretty much dictates the change in the software industry, contrary to what the big tech tells you
Why bother inventing a new type of wheel when some unkempt guy in mom's basement will code one for free out of the goodness of his heart? Mimic the algorithm, slap a brand name on it, make it closed source, and wowzers, look at this cutting edge software using the latest technology! We're the first guys!
Big tech is the main contributor for open-source, like it or not.
@@ShadowManceri in what way? almost all big tech product are proprietary
can we stop calling it "open source"?
@@Heisenberg355they make use of a wide variety of free software libraries constantly, even developing their own (e.g. Meta developed React)
The safest way to get spied on by the FBI
But I've got nothing to hide!
Bro if the FBI wants to spy on you, they’re doing it no matter what. They got into Tucker Carlson’s Signal messages, even. There’s nothing you can do to stop the government from digging into your shit.
If the FBI wants to spy on you, you’re not going to stop them. Even Signal’s been compromised at this point.
I've got nothing to share either
So all iMessage users will get spied on? That would actually be great since it would totally exceed their capacity, making the one individual who really has something to hide harder to catch. I see this as an absolute win..!
Apple: as you can see we are at the top of this very important chart. Buy our product.
That's standard marketing practice. And Apple is really good at it. Why do people pretend like that's something special exclusive to Apple 😹?
@@Luckyluckylucdont make me mock you
@@dabqu what? This is fax...
I buy it regardless
Its free
The Quantum Encryption basically means it's Secure and Not-Secure at the same time until FBI makes an Observation.
schroedingers encryption
Apple never decrypted for the FBI...
FBI or anyone else stumbling upon the backdoor
LOL - absolutely......err, I think. Lemme ask my cat...
pretty sure apple actually refused the feds for user privacy reasons
Signal is level 4, the source is also protected against backdoors as it's open source.
I said that Apple was 2 and Signal 3. Based on your definition, Level 2 does not exist.
Please have a look at the "The Underhanded C Contest". ;)
PS: There are similar contests in your favorite language or whatever you want, just search "underhanded" + + "contest". Sorry for causing paranoia. ;-)
@@novaTopFlexlevel 2 would still exist but no companies would currently fall under its umbrella. If a company updated to end-to-end post-quantum encryption without rotating keys and remaining closed source, they would be level 2.
If Signal wasn't in level 2 it wouldn't mean it doesn't exist but who cares, it's a marketing deceiving chart made by apple
@@C1yde902 I agree. Only open-source is ethical in any form.
Apple: “Signal did this first?
We did this first. “
nEw aPpLe iNnoVatiVE tEcHnoLoGy !1!111!1
Think different... like signal.
...huh?? that's not what they're claiming.
@@milesfarberApple Antis are making up reasons to be mad at this point lol
@@milesfarber its just a jab at how apple will claim to be the inventor or first to do some given tech when others have been doing/using that same tech for half a decade prior.
And they hold the decryption keys 😉
lol right, and will willingly hand it over
their icloud or whatever is less encrypted than these messages 😅
@@JacobJake7only if you glow bright enough
...and have already handed over said keys to the CCP.
@@davidyoder5890baseless claim, provide a source
IT EVEN COMES WITH THE DECRPTION KEY
If you want to believe that...
@@Luckyluckyluc It's not really hard to believe... Just remember what Edward Snowden published
@@myce-liam Yeah, and I remember every instance where the feds wanted Apple to break their encryption and they never did. Snowden exposing the spying tech companies are doing on your cleartext data has nothing to do with this...
@@Luckyluckylucswoosh
@@Luckyluckyluc Technically it has a higher chance compared to Signal so yeah...
Dang, now the quantum computer I keep in my basement won't be able to crack some random iMessages of people speaking purely through emoji and gifs.
😢
😱🥺🙁😔👎
i won't ever be able to see an invitation to play 8-ball😢😢😢
Sorry bro, I looked at your Quantum Processor and it bricked
My bad
Gonna need some alien tech to decypher zoomer slang.
I thought 3 is the number of backdoors it has.
Lmao
lowball estimate says my gut
FBI, CIA, NSA
Only that this never happened... I mean, it's okay to be a little schitzo but when all the evidence is againt it I think it's pretty laughable...
@@Luckyluckyluc I think it's safe to say neither you nor I know whether or not iOS has at least one backdoor.
Do you choose to sit on the fence here? Assume benevolence?
(Trying to understand your mentality).
I communicate purely through the astral plane with my friends. Get on my level
I communicate with my friends through telepathy that travels at the speed of light
Based
Virgin cyberspace user vs chad noosphere enjoyer.
Hahahahaha😂
@@_RyzenCoreI've already captured and decrypted these telepathic light messages, send 600 BTC or I'll release them and the world would know your secrets
As far as I know, Line is THE messaging app in Japan (a nation 1/3 the size of the U.S.) and much more: payment processor, social media platform, etc. Not just some random app.
WeChat is basically that in china
Facts. When I used to live there, it was my go to app
Can confirm, living here for a few years.
It's also known for it's games, manga service and music streaming service too.
Mullvad has had quantum resistant tunneling for awhile now
Apple giving Signal free advertising
True
Tucker Carlson’s signal app got hacked by cia when he went to Russia to interview Putin
Lmao people think Signal is any more private? Try doing anything the FBI needs to view in Signal and see how private that chat stays😘🤣
@@katielowen Yes we get it. Given enough motivation. They could just compromise the endpoint device. But this is an issue regardless of the app.
@@NFvidoJagg2 totally agree and didn’t mean to pick on you individually; I think the amount of commenters that trash on a company like Apple, and then tout Signal, Telegram, etc as being a much better solution are silly.
The 3 stands for the amount of Infinity stones that Apple gives to the letter boys. NSA, CIA, and the FBI.
not quite sure what the point of any of this encryption is, if they're just gonna bake in NSA backdoors anyway
Maaan, MO, you just don't know how much I appreciate your videos. You make news from the privacy sector so much more understandable and summarize them precisely, that I hope you're gonna crack the million subscriber mark very soon! Much love from Germany my brother
But they won't stop snooping via Notification Access 🙈
notifications, which ones? classify them because you're talking about a wider range of radio channels than just one
Via notifications you receive on your phone with iOS such as iMessages, signal, I believe notifications aren’t encrypted. So they can see what apps you’re using and who’s messaging you because sometimes notifications will provide that information.
Loved that analogy at the end. Works perfectly
"Maybe they are more popular than LINE"... Line is incredibly popular in east Asia, pretty sure it's basically the default messenger in Japan. Signal is kind of niche compared to something like Line
It's strange, Japan uses line, Thailand uses line, Cambodia uses telegram, Laos uses line, signal, telegram, whatsapp...etc
its the same 3-5 companies for 90% of calls and texts just with different names depending on the region they pay taxes to
Seems like they want competition with signal 😳🤨
For them its just one more reason they can give to justify green bubbles
@@jaydeep-p I agree for one I use apple products but even I know apple is desperate atm because innovation over there seems lack luster
@@Guar_dianThey’d kill if they came out with a phone that charged as fast as a Xiaomi phone, or one that had a bigger battery, or if they found some way to get wireless charging without the dumbass glass back.
Signal being open source is a great reason for Apple to throw them under the bus, because open source is the antithesis to Apples business model. All this despite the fact that Apple regularly uses open source to their own benefit.
Open source doesn't mean free if you create software you should have the right to charge people and I don't want open source developers to have to spend lots of time and get no monetary compensation that's why I think people who create good software should make money for it. Or at least work for a company that's able to compensate you with a job so you can continue creating your software.
MacOS & iOS are quite literally built on FreeBSD. Their refusal to officially support FOSS, especially on iOS, is like that time the Sony used pirated music in an anti-piracy ad.
@@SansaStarks nobody talked about free stuff, why did you bring it up?
Now to answer to what you said without.evading the question: in a sane world, especially one where laws exist to protect citizens instead of companies, open source wouldn't even have to exist, because when a company would say "we respect your privacy", you can be 100% sure they do, because if they don't, they will receive a fine so big for false marketing that they would go bankrupt instantly.
Unfortunately, we don't live in such a world (because politicians are corrupt, because they're stupid, because they think doing that would collapse the economy, which could be in the reason of "they're stupid", I don't know, I'm sure you can figure it out), so you can't trust any company, meaning we have to rely on open source (if you want any form of true privacy).
It's not the only benefit of open source and where it fills the gaps of the legislation, but in that case, that's the reason.
Of course, who wouldn't want developers to be paid for their work?? Nobody. But the nature of open source make it much more tricky for them to be paid, though it's not impossible and you can live off developing open source. Everybody know it's a problem.
So stop trying to make yourself appear so moral and blame people for wanting actually trustworthy and privacy respecting app only because they can't trust companies due to the cowardice of politicians when it comes to have actual powerful laws and the only way to have that is to turn towards open source.
Such is the circle of life
@@MmntechCayou’re using a device designed by thousands of people before you and the education you are given. Do you want to give all of your income away as a result? Since you wouldn’t be able to earn your income without your education or language. See how grunting in an interview goes. Point is yes you benefit massively from it, but it’s a part of you. You’re not a part of it. You’re more just as mac os is more than bsd
LINE is the default messaging app in Japan, Taiwan and Thailand
How do you know that do you have friends in Japan or Taiwan that use Line?
@@SansaStarksyes and i speak the languages
@@SansaStarksI used to live there and we used Line a lot
Didn't know countries other than S.K where NAVER is and for some reason being the Single Giant Messenger in Japan be using this.
It would be awesome if you made a video on how to add PQE to wireguard.
I've seen one implementation in Rust github.com/qkniep/pqwg-rust
and one in Go github.com/kudelskisecurity/pq-wireguard
but neither one appears to be maintained :(
Doesn't using a psk take care of that already?
Not sure WhatsApp started out as proprietary version of Signal. One of the WhatsApp founders has joined Signal. And because of EU law about big services needing interoperability, WhatsApp is compatible with Signal encrypted messaging so you could move your messaging to Signal and other services using that encryption, thereby it would make sense for WhatsApp to not just have regular Signal encryption but also the Quantum Computing encryption.
The founder of WhatsApp also founded Signal after FB basically did everything they said they wouldn’t to WhatsApp when they purchased it.
@@apersonontheinternet8006 Signal existed before he joined but they did change their name to Signal around the same time as he joined. I am not sure if he had any part in the name change.
Line is basically the messaging app in Japan, so it is fairly big, lol.
rly great stuff, clear and efficient thank you!!
This was such a good post-quantum video that I just had to leave a post-quantum comment.
Great video, thank you for sharing. 🍻
Thanks for the info.
Great coverage and journalism.
Could you talk abt session? It collects even less data and needs no phone number at all. I think it might interest you especially their safety protocolls and precausions
I've heard about the UA-camr say it doesn't have four secrecy but in my opinion I still like session.
every phone has phone numbers and identifiers used for all sorts of stuff you arent aware of. For example Serial numbers, ESIM, imei, imen, fingerprinting, release ids, mac address, UUIDs, just ti name a few. Unless u live in a remote place not able to get ANY radio whatsoever, your phones are provisioned and they know who to bill
Who would have thought that all this evolution has come in such a short time? incredible.
I have some bad news to tell you I think it's best to stay cautious and vigilant look at the documentation and read the source code and stay up to date with what signal is doing
Is it really such a short time? If you’ve been paying attention, quantum computing has been building to this level for decades
@@cara-setun but it is relatively 'fast', electricity become useful after 400+ years after discovered.
@@felizcactus the Greeks discovered electricity 2000+ years ago. The word itself comes from elektron, meaning amber, because that was a material which generated static electricity
@@cara-setun so, it's really very impressive how fast thing is going 🙂
Great now we can be spied on more securely!
Nice video, good info covered, very interesting and worth a watch
The most secure way to make sure nobody finds out what you say is to just not talk to anyone
House A was built based on the backdoor
House B was built with the finest open(source) layout
Both have walls of steel
Which do you choose?
Neither... Who would want to live in a gawd damn house made of sheets of steel?
@@GegoXaren😂 bruuuh
House B all the way.
@@GegoXaren Fair enough, maybe its really nicely painted though :o
@@GegoXaren that’s just living on a ship!
Remember the recent exit scam of a dark webmarket place where they went "lol u just used our enc lmao cya later bro"?
Good.
They do that pretty routinely. It’s the entire business model for those markets. They make a little bit on transaction fees, but most of the money comes from running an exit scam after they’ve built up enough trust.
You’re one of the best Linux and security hackers we know, thanks for this video.
Lol, them mentioning signal so much made me interested in it when I didn’t know about it before
Thanks for the news!
Small note ETH Zurich is Swiss and you said " apple paid a bunch of german professors". I haven't read the article and did no background check, maybe they are german but now in Switzerland. Just wanted to say this as a German.👍
I'm surprised people from other countries watch his channel
@@SansaStarks don't be surprised there's a lot of non-US viewers, including myself
Yeah, no, lots of people who aren't American, myself included.
@@SansaStarks average american thinking everyone else is still a caveman (spoiler: no)
Apple is SUCH an American brand. "Wooo, we're #1!!!1!1"
Delusional
@@sendlocation8476 👈🏻 Braindead.
Apple: We have the BEST security... Quantum Sec.
We the people: Cool, show us!
Apple: Ufffff...a.aaa.a..aaa......... just trust me :)
Apple invents the Rolling Key. F’ing mind blowing 🤯
Absolutely proprietary!
Great content; thank you
Preach brutha, preach!
👏🏻👏🏻👏🏻
The only thing to be worried about is if there is a backdoor or not.
Or some other subtle weakness against conventional attack.
There definitely is!
@@kiiiwaa8113 There never has; I doubt there would be now...
All consumer hardware has backdoors. Most consumer software has backdoors. Signal doesn’t have backdoors, but iMessage will still be better than WhatsApp, which is what most of the world seems to use. Then there’s Facebook messenger, which doesn’t even pretend to have privacy, yet I’ve known dozens of people who use it as their default messenger.
@@sigiligus I agree that Signal probably has no backdoor but how do you know? At the end it's just an app you download from the AppStore. How do you know the promised open source code is actually being used?
SimpleX Chat has better post quantum encryption than both Signal and iMessage. You should make a video about it :)
Yeah I totally trust it 💡
i love how they are making as think they care about our privacy but every one of this fucking apps are only client server client not client client
Big tech & govco fought hard against powerful encryption for public.
Pgp is the only way to get client client encryption or a private mesh network..
Huh?
I agree that direct P2P messaging is more private, but it's also very much less convenient. From weird setups to bypass all the network shenanigans happening within each peer's routers, to the problem of delivering messages when a peer is offline.
Tox is great, but there's a reason why barely anyone uses it.
While I do agree that p2p is great and surely reduces the ability of a provider of said client to gather data, I would also argue that it does not really matter while not in a closed-off network.
After all, client client, in global communication, really means client router isp that one cable going through the pentagon isp router client (and whatever else lies inbetween, pun intended) ... (or does it not?)
Unfortunately that's not really possible with the current state of residential internet connections where ipv4-adresses beeing behind double NAT. And ipv6 is not really being rolled out, and routers by default block incoming traffik
I am using my own satelite to talk with my grandpa, break that level of privacy 'apple'. 🥴
We'll see about that son what satellite is it?
I made the same protocol this weekend, key exchange size checks out. You also need 1.5k for the ratchet state. It contains all the secrets that apple can replicate on their serve and view the messages, great stuff
You know the code is good when it's closed source and uses a lot of magic numbers.
Just Apple reinventing the wheel again to take credit
I would really appreciate it if you made a video showing us how to encrypt the rootfs of gentoo. I read the docs but I just can’t figure out how to do it and probably won’t use gentoo until I can figure it out.
Unless you are messing with the kernel, it is literally just following the wiki / copy pasting the commands.
if you really need to ask it you should probably be using ubuntu
Just for interest sake, have either of you install gentoo with an encrypted rootfs? I have installed both gentoo and arch without rootfs encryption, but doing it with encryption always confuses me.
@@fss1704 You're embarrassing.
Encryption against everyone except us of course 😂
Apple: we are Post Quantum secure!
Moxie Marlinspike: Hold my beer
Classic case of first-mover advantage; when a company (apple) can significantly increase its market share by being the first to the market with a new competitive advantage (PQ encryption).
The biggest problem with trusting open source software to provide better security is that you have no way of verifying that it is what is actually running on the proprietary hardware.
brilliant, Love you
Great Content Mental Outlaw ...
Its actually a minding your ps and qs reference
Great vid!
Too bad they back them up to the cloud where they hold the keys to decrypt.
This reminds me of the incredibly vague Apple's M2 vs PC performance/power graph they showed once.
A closed sourced app + closed sourced OS should be an automatic -3 points on their benchmark.
Not if it works better, which it does.
I may not be an Apple fan but even I know they didn’t lie on their benchmarks using some fake closed sourced custom app.
They used geekbench, unless that’s some apple make app now, it’s legit.
It does perform just as well on your conventional use cases like rendering in a video software etc. So why would their method of benchmarking matter?
Coming from a phone that can be hacked with just a text message with no user interaction? Yes okay. Pq3
What's my phone are you using and why wouldn't that type of vulnerability work on your phone?
I'm curious what smartphone are you using
@@SansaStarksAndroid didnt have such a backdoor like Apple did with Pegasus yet
13:20 I agree....fair. trust, but verify
More Libre Podcasts please ❤️
Thanks
Line is just really popular in Japan
They are far superior than signal even have multiple sets of keys, one for them so that tim can read your messages, one for mr.hoover so that the FBI glowies can read your message and one for the other glow agency that doesn't want to admit the existence of the former one...
While this all sounds good and I am pretty ignorant when it comes to protocols, isn’t iMessage built on top of the Push Notification Service that Apple has?
And since Google and Apple have been found to be forwarding Push Notifications to various governments, wouldn’t it be possible that they encrypt the message, but copy the message to a push notification that they just forward to someone else anyways?
I wonder how likely that is someone probably needs to look into it
corpo having to out-glaze the free software is crazy
Honest question about using open source software as a user: would it not be easier for a hacker to "practise" hacking something open source, since he knows what he's up against? Compared to hacking something proprietary that you'd have to reverse engineer?
That is the security by obscurity fallacy. . . Look it up
Yes
Yep, that won't change anything if it's still proprietary. It's already well-known that Apple can share messages backed up to iCloud to law enforcement if requested...
Nice to see apple actually being innovative for once!
They're just copying.
Is it giving me even more reason to get myself an iPhone
But they copied after only a few months instead of a few years. That's innovative!
@@redstonegenius2609 :D
I been able to use iMessage in a MacOS VM
Everything going on with Apple today, John McAfee warned about in 2016
Very based and open pilled
So is signal the best messaging app through internet across the globe for free with non Proprietary code?
Well, well, well...
iMessage also still defaults to sending copies of your messages to Apple through iCloud backup. With backups like these, who needs backdoors?
9:29 but apple literally acknowledges that in the report though they said signal did it a few months ago which elevated them to level two but also being the first platform to do so, with a hyperlink to an article about signal doing that ???
Now I can talk to myself on Signal cause of Quantum gig. But I'm not sure i feel the same with "Apple" in general.
Nice to know that all my data goes to the NSA is a quantum secure way. What should go wrong?
I've got a question, So M1,M2,M3 chips are safe with PQ3 ? I mean end to end encryption never really existed for years with apple, ever since they released the M1. Hopefully this settles it.
My professor worked on it
Yeah a jpg broke their entire encryption few months ago, Im sure the only issues remaining was a quantum protection 💀
Apple can use quantum encryption but they can't use RCS...
Apple will always be stuck in their ways why would they switch
It's coming
What do you mean by Apple built on top of Signal's PQ encryption? They definitely invented PQ3 by themeselves
Apple is great if you’re completely in their ecosphere and likewise all your friends, family, etc. Signal is needed for communications with your android friends otherwise.
Watch them have green bubbles for Non-PQ3 messages now
Post quantum encryption before GTA 6
Honestly, I’m just glad that organizations are trying to cut-off any Q2K bullshit at the pass.
Does Bitwarden use this currently?
Safe as fort Knox, audit demand on par, Government access only.
Apple's latest innovation:
Copying Signal
Where is it possible to learn about this type of encryption? or it is proprietary?