undefined

points

by FinnKuhn3 hours ago |

comments

by theshrike792 hours ago|

[-]

Apple PCC has been independently audited to be ultra secure.

Will the EU enforce the same for 3rd party integrations?

by FinnKuhn2 hours ago|

parent|

[-]

If Apple had e.g. required competitors to undergo similar independent audits that would probably be allowed as it is quite similar to how Apple solved the third party app store issue.

by MBCook1 hours ago|

parent|

[-]

Are we sure the EU would allow that? Or would it be seen as a way to stifle competition?

by bigyabai1 hours ago|

parent|

[-]

I mean, Apple's PCC audits require them to individually vet each auditor before they're allowed to see the PCC nodes.

If Apple extended that philosophy to other vendors then yeah, it would be deliberately unfair and anticompetitive.

by MBCook1 hours ago|

parent|

[-]

It sounds like they are whitelisting the hashes of all the Google software and OSes and stuff to ensure nothing is changed out from under them without them knowing.

Even if you could make all the other possible vendors run private cloud compute style stuff that would be a lot to manage.

And I can’t imagine the EU would like, and as a user I would certainly hate, the “OK you can use Grok but you lose all privacy too bad“ dialogue box they could make.

by bigyabai1 hours ago|

parent|

[-]

I don't even think it offers a meaningful degree of security. It's a form of theater, you have to be hand-selected to perform the audit that Apple promised.

Most sysadmins know that hash matching only mitigates a small subset of rare upstream attacks. Apple could still be MITMing the whole thing (SSL added and removed here :)) and no auditor would get the chance to check. The offered audit is so weak that I would not trust any FAANG business to administrate it.

Apple is once again demanding arbitrary centralization to give them an undeserved veto power. None of this is for security.

by theshrike7953 seconds ago|

parent|

[-]

[delayed]