_gonzo engineer_ running threat modeling workshops for security and privacy. my posts and opinions are mine and not those of my employer or clients.
my ontology: #amateurRadio
#infosec, #parenting #quids, #aikido, #photography, #obsidian, #PKM, #omnifocus, #radio, #mobile, #bestPractices, and whatever we’re calling the next Internet.
i live and work from philadelphia #PHL and iowa city #IOW.
i am openly cray and candid about #mentalHealth. also: neuro-d ✊
@[email protected] do you believe that china can gain unauthorized access to iCloud account data without cooperation or the user providing their credentials? i thought they could use fido2 keys in china?
https://readwise.io/reader/shared/01jkkc4eamhvefmcexe5es8pfn
@[email protected] I don’t think Apple can even comply with this sort of request. They have never wavered on this and in fact have continued to make it even progressively more difficult with every major and even minor releases. One of my iCloud accounts (I created one for my former employer) is entirely self-managed via u2f/fido2 tokens, it doesn’t use Apple’s MFA at all, and i disable imessage in the cloud so they’re not decrypted there. now what, guvner?
nothing stops them from doing police work does it?
@ugurcan @obsidianmd oooooh alright, alright i can totally see that being likely. that’s sensible. i guess i would like to see what people without medium and youtube are doing more is all maybe?
@[email protected] data governance and sovereignty requirements for businesses or orgs isn’t unusual, in higher ed for example you need to store data in the US; china probably has a ton of requirements like that. google has been doing it almost as long as yahoo i think.