Yes, the "#Apple spies on you with app-based hashes sent to their servers on each app start" is FUD (or least most of it).
However, #Apple exempting its own apps from the APIs all applications are forced to use since a while, therefore making it possible for apps to hijack traffic & circumvent the firewall "protection" entirely, is not: https://twitter.com/patrickwardle/status/1327726496203476992
Just like with key escrow for encrypted content: it's _literally_ impossible to stay secure if you break the system on purpose 🤷
@moritzheiber Thx. Makes sense. Why didn't Apple publish that themselves? Why aren't they more transparent about this? I appreciate an independent reserach on the topic. But this could have been resolved earlier with proper comms.
@xuv Because this has been a part of their documentation all along and they explicitly denied the allegations and explained the process months ago, when this first was "a thing" .. granted, they didn't explain it in as much detail as the blog post does, but then again, maybe they shouldn't have to?
Disabling this mechanism definitely does more harm than good.
@moritzheiber I'm an advocate for alogrithmic transparency. In terms of security, it's always better to explain in details what you're doing. So great, they've explained it before. That's great to hear. :)
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!