• delirious_owl
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    5 months ago

    They say the same thing about some of the other data that they encrypt, but then they store the encryption private keys on their servers.

    Encryption doesn’t mean they can’t see the data. It means only the people with the private keys (and those who can crack the private keys or a device with the private keys) can see the data.

    One must know if the data is encrypted both at rest and in transit. What type of encryption is used. Where the private key is stored. And what are the protections in-place where the key is stored

      • delirious_owl
        link
        fedilink
        arrow-up
        8
        arrow-down
        2
        ·
        5 months ago

        Is the source code public so we can verify the implementation matches the spec?

        • Zeroc00l@sh.itjust.works
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          5 months ago

          It’s not open source if that’s what you mean. If you think that stops people looking at code then I’ll have some of what you’re smoking please.

          If you’re genuinely interested in how the Find My system works Here’s a good paper on it. The papers publishers even have an open source tool to connect to Apples Find My network which is neat.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      5 months ago

      With proprietary software you have no way of knowing. Also avoid SaSS (service as a software substitute)