Re: [AFMUG] OT: Google knows

[Bill Prince]

I don't know if this is relevant or not, but if you're using a 
later-version Android (Lollypop or later), there is a built-in "WiFi 
Assistant" that gives you a more-or-less VPN to the cloud. It's not end 
to end, but it at least protects you from local WiFi hackers.



bp
<part15sbs{at}gmail{dot}com>

On 2/26/2017 1:10 PM, Ken Hohhof wrote:


This latest security issue involving Cloudflare’s reverse proxies has 
confused me regarding encryption, HTTPS, etc.


I think they are saying that Cloudflare was offloading/accelerating 
SSL from their clients webservers, and a Cloudflare bug was leaking 
information via webpages. Normally you would think the data would be 
encrypted at that point, but evidently not, given the way the reverse 
proxy works.


Every expert seems to be saying we should change our passwords for the 
affected websites and that will fix everything.  I’m not following the 
logic.  Cloudflare leaked our private transactions, and search engines 
cached the leaked data, how does changing our password fix any of 
that?  The only good news seems to be that Google discovered the bug, 
informed Cloudflare, who fixed the bug and got search engines to 
delete most of the cached pages.  And they did it quickly and probably 
before it was exploited.


But now that we have Cloudflare and AWS and CDNs, the simple model in 
my brain of encrypted browser-webserver communication seems obsolete.  
We used to talk about man-in-the-middle attacks, but it seems like now 
there are usually a bunch of men in the middle because that’s how the 
web works.  And if the webserver is delegating SSL to the men in the 
middle, things might not be as secure as we think.


*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Luthman
*Sent:* Sunday, February 26, 2017 2:54 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] OT: Google knows

Wait you're comparing encrypted iMessages to Android SMS text 
messages.  Not exactly the same thing.


If you're comparing iMessage SMS to Android SMS, I fully expect 
everyone's reading them.


If you're comparing iMessage/Hangouts encrypted messages, those are 
encrypted and unable to be read.



Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Sat, Feb 25, 2017 at 2:00 PM, Travis Johnson <t...@ida.net 
<mailto:t...@ida.net>> wrote:


Nope... iMessage is encrypted and not even Apple can read the
messages.

Travis

On 2/25/2017 11:47 AM, Bill Prince wrote:

Just like iMessage and Siri.


bp
<part15sbs{at}gmail{dot}com>

On 2/25/2017 8:12 AM, Travis Johnson wrote:

Now Google will be reading all of your text messages as
well... if you use an Android phone that is... LOL


https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/


Travis

Re: [AFMUG] OT: Google knows

[Ken Hohhof]

This latest security issue involving Cloudflare’s reverse proxies has confused 
me regarding encryption, HTTPS, etc.

 

I think they are saying that Cloudflare was offloading/accelerating SSL from 
their clients webservers, and a Cloudflare bug was leaking information via 
webpages.  Normally you would think the data would be encrypted at that point, 
but evidently not, given the way the reverse proxy works.

 

Every expert seems to be saying we should change our passwords for the affected 
websites and that will fix everything.  I’m not following the logic.  
Cloudflare leaked our private transactions, and search engines cached the 
leaked data, how does changing our password fix any of that?  The only good 
news seems to be that Google discovered the bug, informed Cloudflare, who fixed 
the bug and got search engines to delete most of the cached pages.  And they 
did it quickly and probably before it was exploited.

 

But now that we have Cloudflare and AWS and CDNs, the simple model in my brain 
of encrypted browser-webserver communication seems obsolete.  We used to talk 
about man-in-the-middle attacks, but it seems like now there are usually a 
bunch of men in the middle because that’s how the web works.  And if the 
webserver is delegating SSL to the men in the middle, things might not be as 
secure as we think.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Sunday, February 26, 2017 2:54 PM
To: af@afmug.com
Subject: Re: [AFMUG] OT: Google knows

 

Wait you're comparing encrypted iMessages to Android SMS text messages.  Not 
exactly the same thing.

If you're comparing iMessage SMS to Android SMS, I fully expect everyone's 
reading them.

If you're comparing iMessage/Hangouts encrypted messages, those are encrypted 
and unable to be read.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Sat, Feb 25, 2017 at 2:00 PM, Travis Johnson <t...@ida.net 
<mailto:t...@ida.net> > wrote:

Nope... iMessage is encrypted and not even Apple can read the messages.

Travis

On 2/25/2017 11:47 AM, Bill Prince wrote:

Just like iMessage and Siri.


bp
<part15sbs{at}gmail{dot}com>

On 2/25/2017 8:12 AM, Travis Johnson wrote:

Now Google will be reading all of your text messages as well... if you use an 
Android phone that is... LOL

https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/
 

Travis

 

 

 

Re: [AFMUG] OT: Google knows

[Josh Luthman]

Wait you're comparing encrypted iMessages to Android SMS text messages.
Not exactly the same thing.

If you're comparing iMessage SMS to Android SMS, I fully expect everyone's
reading them.

If you're comparing iMessage/Hangouts encrypted messages, those are
encrypted and unable to be read.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Sat, Feb 25, 2017 at 2:00 PM, Travis Johnson  wrote:

> Nope... iMessage is encrypted and not even Apple can read the messages.
>
> Travis
>
> On 2/25/2017 11:47 AM, Bill Prince wrote:
>
>> Just like iMessage and Siri.
>>
>>
>> bp
>> 
>>
>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>>
>>> Now Google will be reading all of your text messages as well... if you
>>> use an Android phone that is... LOL
>>>
>>> https://www.cnet.com/news/google-takes-on-apple-imessage-
>>> with-enhanced-sms-for-android-rcs/
>>>
>>> Travis
>>>
>>>
>>
>>
>

Re: [AFMUG] OT: Google knows

[Cassidy B. Larson]

But then he goes on to say: "In the meantime, Green recommends that users 
update to iOS 9.3 and the latest version of OS X, which implement fixes that 
mitigate some, though not all, of the vulnerability.”.

Curious if this vulnerability is still around on iOS 10.2 as the article was 
written a year ago when 9.3 or whatever was out.



> On Feb 25, 2017, at 12:46 PM, Josh Reynolds  wrote:
> 
> "Green complimented iMessage for using “end-to-end encryption” dating back to 
> 2011, but unfortunately it appears as though Apple uses the term quite 
> loosely. True end-to-end encryption would keep messaging conversations 
> between only those participating internally. Apple’s protection of iMessage 
> does not extend to the server, leaving a gap in its defenses."
> 
> Read more: 
> http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/#ixzz4ZjCRwCfI
>  
> 
> Follow us: @digitaltrends on Twitter 
>  | 
> DigitalTrends on Facebook 
> 
> 
> On Feb 25, 2017 1:43 PM, "Cassidy B. Larson"  > wrote:
> I see nothing in that article that says iMessages are stored unencrypted on 
> Apples servers, which is what you initial stated.
> 
> I do see it state: "If a hacker were to take hold of the key server, they 
> would in turn be able to intercept messages as they are being typed — those 
> that have not already undergone the encryption process.”
> 
> However, the same with anything using a key encryption.  If someone has your 
> device key, wouldn’t they be able to decrypt your messages?
> 
> 
> 
>> On Feb 25, 2017, at 12:37 PM, Josh Reynolds > > wrote:
>> 
>> http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/
>>  
>> 
>> 
>> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson" > > wrote:
>> I’m not sure I agree with that. Just reading up on this article from August 
>> of last year:
>> 
>> http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html
>>  
>> 
>> 
>> Couple of points from the article:
>> 
>> - Undelivered messages ARE stored encrypted on Apples servers for up to 30 
>> days.  Sure someone with the appropriate key can decrypt them. That’s 
>> nothing new.
>> - Cloud backups store your messages, they’re encrypted.. and supposedly 
>> Apple can decrypt them? Or not?  If you’re a terrorist and/or extra 
>> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a 
>> backdoor? :)
>> - They say iMessage is “Not any better than normal TLS”.. well, it’s 
>> encrypted. Better than not!
>> -  From this it also appears Apple implemented most of their short-term 
>> vulnerability patches for old clients.
>> 
>> I assume if both sides of the conversation are running the latest iOS 
>> version, then they’re much more “secure” than running older un-patched ones.
>> Just be sure to patch both sides of your iOS devices before your 
>> terrorist-ing messages are sent! LOL
>> 
>> -c
>> 
>> 
>>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds >> > wrote:
>>> 
>>> That's bullshit. iMessage is not encrypted on Apple servers, which the 
>>> messages pass through. This is why iMessage isn't considered true "end to 
>>> end" crypto. There have been several papers written on this.
>>> 
>>> On Feb 25, 2017 1:00 PM, "Travis Johnson" >> > wrote:
>>> Nope... iMessage is encrypted and not even Apple can read the messages.
>>> 
>>> Travis
>>> 
>>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>>> Just like iMessage and Siri.
>>> 
>>> 
>>> bp
>>> 
>>> 
>>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>>> Now Google will be reading all of your text messages as well... if you use 
>>> an Android phone that is... LOL
>>> 
>>> https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/
>>>  
>>> 
>>> 
>>> Travis
>>> 
>>> 
>>> 
>>> 
>> 
> 

Re: [AFMUG] OT: Google knows

[Travis Johnson]

I guess I should have said that Apple isn't reading every message to try 
and get customer data, like Google does and freely admits. They do it on 
their searches, Gmail, and everything else they are involved with.


Travis


On 2/25/2017 12:05 PM, Josh Reynolds wrote:
That's bullshit. iMessage is not encrypted on Apple servers, which the 
messages pass through. This is why iMessage isn't considered true "end 
to end" crypto. There have been several papers written on this.


On Feb 25, 2017 1:00 PM, "Travis Johnson" > wrote:


Nope... iMessage is encrypted and not even Apple can read the
messages.

Travis

On 2/25/2017 11:47 AM, Bill Prince wrote:

Just like iMessage and Siri.


bp


On 2/25/2017 8:12 AM, Travis Johnson wrote:

Now Google will be reading all of your text messages as
well... if you use an Android phone that is... LOL


https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/




Travis

Re: [AFMUG] OT: Google knows

[Josh Reynolds]

"Green complimented iMessage for using “end-to-end encryption” dating back
to 2011, but unfortunately it appears as though Apple uses the term quite
loosely. True end-to-end encryption would keep messaging conversations
between only those participating internally. Apple’s protection of iMessage
does not extend to the server, leaving a gap in its defenses."

Read more:
http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/#ixzz4ZjCRwCfI

Follow us: @digitaltrends on Twitter
 |
DigitalTrends
on Facebook


On Feb 25, 2017 1:43 PM, "Cassidy B. Larson"  wrote:

> I see nothing in that article that says iMessages are stored unencrypted
> on Apples servers, which is what you initial stated.
>
> I do see it state: "If a hacker were to take hold of the key server, they
> would in turn be able to intercept messages as they are being typed — those
> that have not already undergone the encryption process.”
>
> However, the same with anything using a key encryption.  If someone has
> your device key, wouldn’t they be able to decrypt your messages?
>
>
>
> On Feb 25, 2017, at 12:37 PM, Josh Reynolds  wrote:
>
> http://www.digitaltrends.com/computing/despite-apples-push-
> for-encryption-imessage-remains-insecure/
>
> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson"  wrote:
>
>> I’m not sure I agree with that. Just reading up on this article from
>> August of last year:
>>
>> http://www.tomshardware.com/news/imessage-weak-encryption-ma
>> tthew-green,32466.html
>>
>> Couple of points from the article:
>>
>> - Undelivered messages *ARE* stored encrypted on Apples servers for up
>> to 30 days.  Sure someone with the appropriate key can decrypt them. That’s
>> nothing new.
>> - Cloud backups store your messages, they’re encrypted.. and supposedly
>> Apple can decrypt them? Or not?  If you’re a terrorist and/or extra
>> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a
>> backdoor? :)
>> - They say iMessage is “Not any better than normal TLS”.. well, it’s
>> encrypted. Better than not!
>> -  From this it also appears Apple implemented most of their short-term
>> vulnerability patches for old clients.
>>
>> I assume if both sides of the conversation are running the latest iOS
>> version, then they’re much more “secure” than running older un-patched
>> ones.
>> Just be sure to patch both sides of your iOS devices before your
>> terrorist-ing messages are sent! LOL
>>
>> -c
>>
>>
>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds  wrote:
>>
>> That's bullshit. iMessage is not encrypted on Apple servers, which the
>> messages pass through. This is why iMessage isn't considered true "end to
>> end" crypto. There have been several papers written on this.
>>
>> On Feb 25, 2017 1:00 PM, "Travis Johnson"  wrote:
>>
>>> Nope... iMessage is encrypted and not even Apple can read the messages.
>>>
>>> Travis
>>>
>>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>>>
 Just like iMessage and Siri.


 bp
 

 On 2/25/2017 8:12 AM, Travis Johnson wrote:

> Now Google will be reading all of your text messages as well... if you
> use an Android phone that is... LOL
>
> https://www.cnet.com/news/google-takes-on-apple-imessage-wit
> h-enhanced-sms-for-android-rcs/
>
> Travis
>
>


>>>
>>
>

Re: [AFMUG] OT: Google knows

[Josh Reynolds]

You said you don't see where it states that, then you talk about the part
where it states exactly what I said.

I give up.

On Feb 25, 2017 1:43 PM, "Cassidy B. Larson"  wrote:

> I see nothing in that article that says iMessages are stored unencrypted
> on Apples servers, which is what you initial stated.
>
> I do see it state: "If a hacker were to take hold of the key server, they
> would in turn be able to intercept messages as they are being typed — those
> that have not already undergone the encryption process.”
>
> However, the same with anything using a key encryption.  If someone has
> your device key, wouldn’t they be able to decrypt your messages?
>
>
>
> On Feb 25, 2017, at 12:37 PM, Josh Reynolds  wrote:
>
> http://www.digitaltrends.com/computing/despite-apples-push-
> for-encryption-imessage-remains-insecure/
>
> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson"  wrote:
>
>> I’m not sure I agree with that. Just reading up on this article from
>> August of last year:
>>
>> http://www.tomshardware.com/news/imessage-weak-encryption-ma
>> tthew-green,32466.html
>>
>> Couple of points from the article:
>>
>> - Undelivered messages *ARE* stored encrypted on Apples servers for up
>> to 30 days.  Sure someone with the appropriate key can decrypt them. That’s
>> nothing new.
>> - Cloud backups store your messages, they’re encrypted.. and supposedly
>> Apple can decrypt them? Or not?  If you’re a terrorist and/or extra
>> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a
>> backdoor? :)
>> - They say iMessage is “Not any better than normal TLS”.. well, it’s
>> encrypted. Better than not!
>> -  From this it also appears Apple implemented most of their short-term
>> vulnerability patches for old clients.
>>
>> I assume if both sides of the conversation are running the latest iOS
>> version, then they’re much more “secure” than running older un-patched
>> ones.
>> Just be sure to patch both sides of your iOS devices before your
>> terrorist-ing messages are sent! LOL
>>
>> -c
>>
>>
>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds  wrote:
>>
>> That's bullshit. iMessage is not encrypted on Apple servers, which the
>> messages pass through. This is why iMessage isn't considered true "end to
>> end" crypto. There have been several papers written on this.
>>
>> On Feb 25, 2017 1:00 PM, "Travis Johnson"  wrote:
>>
>>> Nope... iMessage is encrypted and not even Apple can read the messages.
>>>
>>> Travis
>>>
>>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>>>
 Just like iMessage and Siri.


 bp
 

 On 2/25/2017 8:12 AM, Travis Johnson wrote:

> Now Google will be reading all of your text messages as well... if you
> use an Android phone that is... LOL
>
> https://www.cnet.com/news/google-takes-on-apple-imessage-wit
> h-enhanced-sms-for-android-rcs/
>
> Travis
>
>


>>>
>>
>

Re: [AFMUG] OT: Google knows

[Cassidy B. Larson]

Dont get me wrong, I’m NOT saying iMessage is true end-to-end encryption, just 
that the messages aren’t stored unencrypted on the server.

> On Feb 25, 2017, at 12:43 PM, Cassidy B. Larson  wrote:
> 
> I see nothing in that article that says iMessages are stored unencrypted on 
> Apples servers, which is what you initial stated.
> 
> I do see it state: "If a hacker were to take hold of the key server, they 
> would in turn be able to intercept messages as they are being typed — those 
> that have not already undergone the encryption process.”
> 
> However, the same with anything using a key encryption.  If someone has your 
> device key, wouldn’t they be able to decrypt your messages?
> 
> 
> 
>> On Feb 25, 2017, at 12:37 PM, Josh Reynolds > > wrote:
>> 
>> http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/
>>  
>> 
>> 
>> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson" > > wrote:
>> I’m not sure I agree with that. Just reading up on this article from August 
>> of last year:
>> 
>> http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html
>>  
>> 
>> 
>> Couple of points from the article:
>> 
>> - Undelivered messages ARE stored encrypted on Apples servers for up to 30 
>> days.  Sure someone with the appropriate key can decrypt them. That’s 
>> nothing new.
>> - Cloud backups store your messages, they’re encrypted.. and supposedly 
>> Apple can decrypt them? Or not?  If you’re a terrorist and/or extra 
>> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a 
>> backdoor? :)
>> - They say iMessage is “Not any better than normal TLS”.. well, it’s 
>> encrypted. Better than not!
>> -  From this it also appears Apple implemented most of their short-term 
>> vulnerability patches for old clients.
>> 
>> I assume if both sides of the conversation are running the latest iOS 
>> version, then they’re much more “secure” than running older un-patched ones.
>> Just be sure to patch both sides of your iOS devices before your 
>> terrorist-ing messages are sent! LOL
>> 
>> -c
>> 
>> 
>>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds >> > wrote:
>>> 
>>> That's bullshit. iMessage is not encrypted on Apple servers, which the 
>>> messages pass through. This is why iMessage isn't considered true "end to 
>>> end" crypto. There have been several papers written on this.
>>> 
>>> On Feb 25, 2017 1:00 PM, "Travis Johnson" >> > wrote:
>>> Nope... iMessage is encrypted and not even Apple can read the messages.
>>> 
>>> Travis
>>> 
>>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>>> Just like iMessage and Siri.
>>> 
>>> 
>>> bp
>>> 
>>> 
>>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>>> Now Google will be reading all of your text messages as well... if you use 
>>> an Android phone that is... LOL
>>> 
>>> https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/
>>>  
>>> 
>>> 
>>> Travis
>>> 
>>> 
>>> 
>>> 
>> 
> 

Re: [AFMUG] OT: Google knows

[Cassidy B. Larson]

I see nothing in that article that says iMessages are stored unencrypted on 
Apples servers, which is what you initial stated.

I do see it state: "If a hacker were to take hold of the key server, they would 
in turn be able to intercept messages as they are being typed — those that have 
not already undergone the encryption process.”

However, the same with anything using a key encryption.  If someone has your 
device key, wouldn’t they be able to decrypt your messages?



> On Feb 25, 2017, at 12:37 PM, Josh Reynolds  wrote:
> 
> http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/
>  
> 
> 
> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson"  > wrote:
> I’m not sure I agree with that. Just reading up on this article from August 
> of last year:
> 
> http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html
>  
> 
> 
> Couple of points from the article:
> 
> - Undelivered messages ARE stored encrypted on Apples servers for up to 30 
> days.  Sure someone with the appropriate key can decrypt them. That’s nothing 
> new.
> - Cloud backups store your messages, they’re encrypted.. and supposedly Apple 
> can decrypt them? Or not?  If you’re a terrorist and/or extra paranoid, turn 
> them off or use WhatsApp.. Oh wait, don’t they have a backdoor? :)
> - They say iMessage is “Not any better than normal TLS”.. well, it’s 
> encrypted. Better than not!
> -  From this it also appears Apple implemented most of their short-term 
> vulnerability patches for old clients.
> 
> I assume if both sides of the conversation are running the latest iOS 
> version, then they’re much more “secure” than running older un-patched ones.
> Just be sure to patch both sides of your iOS devices before your 
> terrorist-ing messages are sent! LOL
> 
> -c
> 
> 
>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds > > wrote:
>> 
>> That's bullshit. iMessage is not encrypted on Apple servers, which the 
>> messages pass through. This is why iMessage isn't considered true "end to 
>> end" crypto. There have been several papers written on this.
>> 
>> On Feb 25, 2017 1:00 PM, "Travis Johnson" > > wrote:
>> Nope... iMessage is encrypted and not even Apple can read the messages.
>> 
>> Travis
>> 
>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>> Just like iMessage and Siri.
>> 
>> 
>> bp
>> 
>> 
>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>> Now Google will be reading all of your text messages as well... if you use 
>> an Android phone that is... LOL
>> 
>> https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/
>>  
>> 
>> 
>> Travis
>> 
>> 
>> 
>> 
> 

Re: [AFMUG] OT: Google knows

[Josh Reynolds]

http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/

On Feb 25, 2017 1:35 PM, "Cassidy B. Larson"  wrote:

> I’m not sure I agree with that. Just reading up on this article from
> August of last year:
>
> http://www.tomshardware.com/news/imessage-weak-encryption-
> matthew-green,32466.html
>
> Couple of points from the article:
>
> - Undelivered messages *ARE* stored encrypted on Apples servers for up to
> 30 days.  Sure someone with the appropriate key can decrypt them. That’s
> nothing new.
> - Cloud backups store your messages, they’re encrypted.. and supposedly
> Apple can decrypt them? Or not?  If you’re a terrorist and/or extra
> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a
> backdoor? :)
> - They say iMessage is “Not any better than normal TLS”.. well, it’s
> encrypted. Better than not!
> -  From this it also appears Apple implemented most of their short-term
> vulnerability patches for old clients.
>
> I assume if both sides of the conversation are running the latest iOS
> version, then they’re much more “secure” than running older un-patched
> ones.
> Just be sure to patch both sides of your iOS devices before your
> terrorist-ing messages are sent! LOL
>
> -c
>
>
> On Feb 25, 2017, at 12:05 PM, Josh Reynolds  wrote:
>
> That's bullshit. iMessage is not encrypted on Apple servers, which the
> messages pass through. This is why iMessage isn't considered true "end to
> end" crypto. There have been several papers written on this.
>
> On Feb 25, 2017 1:00 PM, "Travis Johnson"  wrote:
>
>> Nope... iMessage is encrypted and not even Apple can read the messages.
>>
>> Travis
>>
>> On 2/25/2017 11:47 AM, Bill Prince wrote:
>>
>>> Just like iMessage and Siri.
>>>
>>>
>>> bp
>>> 
>>>
>>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>>>
 Now Google will be reading all of your text messages as well... if you
 use an Android phone that is... LOL

 https://www.cnet.com/news/google-takes-on-apple-imessage-wit
 h-enhanced-sms-for-android-rcs/

 Travis


>>>
>>>
>>
>

Re: [AFMUG] OT: Google knows

[Cassidy B. Larson]

I’m not sure I agree with that. Just reading up on this article from August of 
last year:

http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html
 


Couple of points from the article:

- Undelivered messages ARE stored encrypted on Apples servers for up to 30 
days.  Sure someone with the appropriate key can decrypt them. That’s nothing 
new.
- Cloud backups store your messages, they’re encrypted.. and supposedly Apple 
can decrypt them? Or not?  If you’re a terrorist and/or extra paranoid, turn 
them off or use WhatsApp.. Oh wait, don’t they have a backdoor? :)
- They say iMessage is “Not any better than normal TLS”.. well, it’s encrypted. 
Better than not!  
-  From this it also appears Apple implemented most of their short-term 
vulnerability patches for old clients. 

I assume if both sides of the conversation are running the latest iOS version, 
then they’re much more “secure” than running older un-patched ones. 
Just be sure to patch both sides of your iOS devices before your terrorist-ing 
messages are sent! LOL

-c


> On Feb 25, 2017, at 12:05 PM, Josh Reynolds  wrote:
> 
> That's bullshit. iMessage is not encrypted on Apple servers, which the 
> messages pass through. This is why iMessage isn't considered true "end to 
> end" crypto. There have been several papers written on this.
> 
> On Feb 25, 2017 1:00 PM, "Travis Johnson"  > wrote:
> Nope... iMessage is encrypted and not even Apple can read the messages.
> 
> Travis
> 
> On 2/25/2017 11:47 AM, Bill Prince wrote:
> Just like iMessage and Siri.
> 
> 
> bp
> 
> 
> On 2/25/2017 8:12 AM, Travis Johnson wrote:
> Now Google will be reading all of your text messages as well... if you use an 
> Android phone that is... LOL
> 
> https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/
>  
> 
>  
> 
> Travis
> 
> 
> 
> 

Re: [AFMUG] OT: Google knows

[Josh Reynolds]

That's bullshit. iMessage is not encrypted on Apple servers, which the
messages pass through. This is why iMessage isn't considered true "end to
end" crypto. There have been several papers written on this.

On Feb 25, 2017 1:00 PM, "Travis Johnson"  wrote:

> Nope... iMessage is encrypted and not even Apple can read the messages.
>
> Travis
>
> On 2/25/2017 11:47 AM, Bill Prince wrote:
>
>> Just like iMessage and Siri.
>>
>>
>> bp
>> 
>>
>> On 2/25/2017 8:12 AM, Travis Johnson wrote:
>>
>>> Now Google will be reading all of your text messages as well... if you
>>> use an Android phone that is... LOL
>>>
>>> https://www.cnet.com/news/google-takes-on-apple-imessage-
>>> with-enhanced-sms-for-android-rcs/
>>>
>>> Travis
>>>
>>>
>>
>>
>

Re: [AFMUG] OT: Google knows

[Ken Hohhof]

There is a whole floor at the Ministry of Truth devoted to Steve.  Which is 
puzzling because as a prole, he shouldn’t matter.  Hm.

 

Keep in mind that only Newspeak words can be added to the dictionary.  Cuss 
words will be edited out of the historical record by the fine employees at 
Minitrue.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Saturday, February 25, 2017 12:49 PM
To: Animal Farm <af@afmug.com>
Subject: Re: [AFMUG] OT: Google knows

 

And you are a master at them 

 

On Feb 25, 2017 11:45 AM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com 
<mailto:thatoneguyst...@gmail.com> > wrote:

Mine will break their content filters

 

I wish android would quit removing my cuss words from the dictionary no matter 
how many times I add them

 

On Feb 25, 2017 10:12 AM, "Travis Johnson" <t...@ida.net <mailto:t...@ida.net> 
> wrote:

Now Google will be reading all of your text messages as well... if you use an 
Android phone that is... LOL

https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/

Travis

Re: [AFMUG] OT: Google knows

[Travis Johnson]

Nope... iMessage is encrypted and not even Apple can read the messages.

Travis

On 2/25/2017 11:47 AM, Bill Prince wrote:

Just like iMessage and Siri.


bp


On 2/25/2017 8:12 AM, Travis Johnson wrote:
Now Google will be reading all of your text messages as well... if 
you use an Android phone that is... LOL


https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/ 



Travis

Re: [AFMUG] OT: Google knows

[Jaime Solorza]

And you are a master at them

On Feb 25, 2017 11:45 AM, "That One Guy /sarcasm" 
wrote:

> Mine will break their content filters
>
> I wish android would quit removing my cuss words from the dictionary no
> matter how many times I add them
>
> On Feb 25, 2017 10:12 AM, "Travis Johnson"  wrote:
>
>> Now Google will be reading all of your text messages as well... if you
>> use an Android phone that is... LOL
>>
>> https://www.cnet.com/news/google-takes-on-apple-imessage-wit
>> h-enhanced-sms-for-android-rcs/
>>
>> Travis
>>
>>

Re: [AFMUG] OT: Google knows

[Bill Prince]

Just like iMessage and Siri.


bp


On 2/25/2017 8:12 AM, Travis Johnson wrote:
Now Google will be reading all of your text messages as well... if you 
use an Android phone that is... LOL


https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/ 



Travis

Re: [AFMUG] OT: Google knows

[That One Guy /sarcasm]

Mine will break their content filters

I wish android would quit removing my cuss words from the dictionary no
matter how many times I add them

On Feb 25, 2017 10:12 AM, "Travis Johnson"  wrote:

> Now Google will be reading all of your text messages as well... if you use
> an Android phone that is... LOL
>
> https://www.cnet.com/news/google-takes-on-apple-imessage-
> with-enhanced-sms-for-android-rcs/
>
> Travis
>
>

[AFMUG] OT: Google knows

[Travis Johnson]

Now Google will be reading all of your text messages as well... if you 
use an Android phone that is... LOL


https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/

Travis