> For years we’ve offered encryption services like iMessage and FaceTime because we believe the contents of your text messages and your video chats is none of our business.
Sounds great, but take note that it's none of their business today and we know they can be compelled to spy on their users by NSLs.
They control the key infrastructure with their closed-source software that runs on their closed-source hardware.
If they wanted to go into the business of sucking up all of your private messages and parsing them to sell advertising or if the government wants to read some messages, they wouldn't need to do anything besides issue you a different key.
iMessage won't even let you look at the fingerprints of your friends, and it won't warn you if they've changed. [1]
TBH, the only app that does this correctly is Threema, with a clear indicator that you have verified the contact. Not even TextSecure does it correctly, and TS is supposed to be the gold standard (you can verify fingerprints, though)
If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich. Seeing as no one has even proposed a solution in theory, it's most likely unsolvable. I'll bet if you can formulate it clearly enough, you can even prove it so.
Look at say, Dark Mail. After all that hype, their design is "uh basically SMTP+TLS, or PGP if you're paranoid".
The only thing that comes close is PGPfone and similar things (ZRTP). And that's because when you call someone, there's an obvious and built-in verification system, voice. (Note: doesn't work as well with deaf people or async comm).
So pointing out Apple fails here? Yes, sure. Expecting anything different? Seems very unlikely. Either they'd break all user expectations, or they'd get an NSL/court order to break the whole system in order to comply with a wiretap.
> If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich.
How so? Who's going to pay for it?
I reckon I could do it, you know. Use PGP for the backend (duh) but take some time off work, hire actual designers for the UI, make the identity verification step make sense for the user. But 98% of users don't care about security, and 98% of the remainder can't tell the difference between good and bad security.
> If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich. Seeing as no one has even proposed a solution in theory, it's most likely unsolvable. I'll bet if you can formulate it clearly enough, you can even prove it so.
Sounds great, but take note that it's none of their business today and we know they can be compelled to spy on their users by NSLs.
They control the key infrastructure with their closed-source software that runs on their closed-source hardware.
If they wanted to go into the business of sucking up all of your private messages and parsing them to sell advertising or if the government wants to read some messages, they wouldn't need to do anything besides issue you a different key.
iMessage won't even let you look at the fingerprints of your friends, and it won't warn you if they've changed. [1]
[1] http://blog.quarkslab.com/imessage-privacy.html