Nothing here is private. At the very least, your messages are stored unencrypted on both the sending and receiving servers, and are completely readable to instance admins.
If you’re on Apple, use iMessage or a reputable dedicated encrypted messaging app (not WhatsApp). If you’re on Android, likewise use a dedicated encrypted messaging app or make sure that you and your recipient are both using the same Google Jibe RCS implementation and have it on.
And they’re fairly transparent on all the privacy features.
I wouldn’t trust them entirely if you’re a very high risk for breach like a journalist in hostile countries, but I also wouldn’t trust any off the shelf solution for that and would be running a heavily locked down privacy focused Android fork in that case.
The cross OS compatibility is an issue though and I use Signal for anyone on Android that I talk to.
Emphasis on “you’ve encrypted.” If you don’t have the keys its not safe. Imessage has great encryption but Apple will just hand over the keys if asked so its useless.
Apple doesn’t have the keys to it. That’s one of the major points of iMessage. Your keys are generated on device only. Apple can’t give what they don’t have. With the newer keychain stuff they’ve also made iCloud end to end encrypted as well, using keys generated on device, if you use advanced data security.
And if they would, they wouldn’t have gone to court over it when it was literal terrorists, the San Bernardino shooters a decade ago. They couldn’t turn over the keys to their iMessages because they didn’t have them and they went to court after they refused to put a back door in for the US government.
There’s a LOT to hate about Apple, but privacy so far hasn’t really been one of them. They’re pretty transparent about privacy features and how data is handled.
Also never trust a message is private unless you’ve at minimum encrypted it. Facebook, Twitter, reddit, even here.
Nothing here is private. At the very least, your messages are stored unencrypted on both the sending and receiving servers, and are completely readable to instance admins.
Yup. If it isn’t E2EE, don’t trust it.
If you’re on Apple, use iMessage or a reputable dedicated encrypted messaging app (not WhatsApp). If you’re on Android, likewise use a dedicated encrypted messaging app or make sure that you and your recipient are both using the same Google Jibe RCS implementation and have it on.
I don’t fully trust Apple’s claims because I feel they might have backdoors. I would trust only FOSS apps like Signal, Session, or Matrix.
Understandable to not trust a big corp. Apple does have a solid track record on encryption though and actively fighting against backdoors.
FOSS is generally the best choice though.
I’ll trust them more if they are more transparent like Signal
https://signal.org/bigbrother/
They do have a transparency report they publish twice a year. The first one for 2022 should be out soon.
https://www.apple.com/legal/transparency/us.html
They also publish one for almost if not all countries they operate in.
It’s not as detailed as Signals but does detail all government requests they get.
As far as the encryption goes, keys are generated by the devices themselves and not Apple servers.
They also detail where the keys are stored for iCloud based on what protection you choose. https://support.apple.com/en-us/HT202303
And they’re fairly transparent on all the privacy features.
I wouldn’t trust them entirely if you’re a very high risk for breach like a journalist in hostile countries, but I also wouldn’t trust any off the shelf solution for that and would be running a heavily locked down privacy focused Android fork in that case.
The cross OS compatibility is an issue though and I use Signal for anyone on Android that I talk to.
Also if you don’t trust either of the ends, it doesn’t matter much if it is E2E.
Never trust a message is private unless you’ve at minimum end to end encrypted it and make sure both devices are not compromised.
Emphasis on “you’ve encrypted.” If you don’t have the keys its not safe. Imessage has great encryption but Apple will just hand over the keys if asked so its useless.
Apple doesn’t have the keys to it. That’s one of the major points of iMessage. Your keys are generated on device only. Apple can’t give what they don’t have. With the newer keychain stuff they’ve also made iCloud end to end encrypted as well, using keys generated on device, if you use advanced data security.
And if they would, they wouldn’t have gone to court over it when it was literal terrorists, the San Bernardino shooters a decade ago. They couldn’t turn over the keys to their iMessages because they didn’t have them and they went to court after they refused to put a back door in for the US government.
There’s a LOT to hate about Apple, but privacy so far hasn’t really been one of them. They’re pretty transparent about privacy features and how data is handled.