Hacker News new | past | comments | ask | show | jobs | submit

Private Cloud Compute Security Guide

https://security.apple.com/documentation/private-cloud-compute/
280djoldman | | 123 | HN
loading story #42071345
solarkraft | parent | next
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

tw04 | parent | next
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

ferbivore | root | parent | next
Apple have name/address/credit-card/IMEI/IMSI tuples stored for every single Apple device. iMessage and FaceTime leak numbers, so they know who you talk to. They have real-time location data. They get constant pings when you do anything on your device. Their applications bypass firewalls and VPNs. If you don't opt out, they have full unencrypted device backups, chat logs, photos and files. They made a big fuss about protecting you from Facebook and Google, then built their own targeted ad network. Opting out of all tracking doesn't really do that. And even if you trust them despite all of this, they've repeatedly failed to protect users even from external threats. The endless parade of iMessage zero-click exploits was ridiculous and preventable, CKV only shipped this year and isn't even on by default, and so on.

Apple have never been punished by the market for any of these things. The idea that they will "lose credibility" if they livestream your AI interactions to the NSA is ridiculous.

loading story #42069201
loading story #42069568
loading story #42070213
loading story #42069206
loading story #42069588
loading story #42065849
loading story #42067858
loading story #42068698
loading story #42066649
loading story #42065378
loading story #42067097
loading story #42064535
loading story #42069486
loading story #42068246
loading story #42064235
loading story #42064293
loading story #42067410
loading story #42064716
loading story #42066343
loading story #42066619
lxgr | parent | next
This is probably the best way to do cloud computation offoading, if one chooses to do it at all.

What's desperately missing on the client side is a switch to turn this off. It's really intransparent which Apple Intelligence requests are locally processed and which are sent to the cloud, at the moment.

The only sure way to know/prevent it a priori is to... enter flight mode, as far as I can tell?

Retroactively, there's a request log in the privacy section of System Preferences, but that's really convoluted to read (due to all of the cryptographic proofs that I have absolutely no tools to verify at the moment, and honestly have no interest in).

jagrsw | parent | next
If Apple controls the root of trust, like the private keys in the CPU or security processor used to check the enclave (similar to how Intel and AMD do it with SEV-SNP and TDX), then technically, it's a "trust us" situation, since they likely use their own ARM silicon for that?

Harder to attack, sure, but no outside validation. Apple's not saying "we can't access your data," just "we're making it way harder for bad guys (and rogue employees) to get at it."

loading story #42063040
loading story #42065655
loading story #42063051
loading story #42064261
loading story #42062974
h1fra | parent | next
Love this, but as an engineer, I would hate to get a bug report in that prod environment, 100% don't work on my machine and 0% reproducibility
loading story #42065599
| parent | next
{"deleted":true,"id":42063035,"parent":42062230,"time":1730904248,"type":"comment"}
curt15 | parent | next
For the experts out there, how does this compare with AWS Nitro?
| parent | next
{"deleted":true,"id":42062872,"parent":42062230,"time":1730903662,"type":"comment"}
loading story #42066449
m3kw9 | parent | next
I will just use it, it’s Apple and all I need is to see the verifiable privacy thing and I let the researchers let me know red flags. You go on copilot, it says your code is private? Good luck
loading story #42064146
gigel82 | parent | next
I'm glad that more and more people start to see through the thick Apple BS (in these comments). I don't expect them to back down from this but I hope there is enough pushback that they'll be forced to add a big opt-out for all cloud compute, however "private" they make it out to be.
jgalt212 | parent | next
[flagged]
loading story #42064348
loading story #42064790
loading story #42064277
max_ | parent | next
Please don't fall for the cheap "Apple is pro privacy" veneer.

They cannot be trust any more. These "Private Compute" schemes are blatant lies. Maybe even scams at this point.

Learn more — https://sneak.berlin/20201112/your-computer-isnt-yours/

jasongill | parent
The core of this article, if I understand it correctly, is that macOS pings Apple to make sure that apps you open are safe before opening them. This check contains some sort of unique string about the app being opened, and then there is a big leap to "this could be used by the government"

Is this the ideal situation? No, probably not. Should Apple do a better job of communicating that this is happening to users? Yes, probably so.

Does Apple already go overboard to explain their privacy settings during setup of a new device (the pages with the blue "handshake" icon)? Yes. Does Apple do a far better job of this than Google or Microsoft (in my opinion)? Yes.

I don't think anyone here is claiming that Apple is the best thing to ever happen to privacy, but when viewed via the lens of "the world we live in today", it's hard to see how Apple's privacy stance is a "scam". It seems to me to be one of the best or most reasonable stances for privacy among all large-cap businesses in the world.

loading story #42070799
max_ | root | parent
Have you read the linked article?
_boffin_ | parent
I really don’t care at all about this as the interactions that I’d have would be the speech to text, which sends all transcripts to Apple without the ability opt out.