Taking inspiration from the East India Company, Apple should colonize the UK and take over the government - the iGovernment, if you will.
Citizens will regain their right to e2ee privacy, they will not have to deal with voting for mediocre politicians to lead them. Instead, Tim Cook will be their new leader, and every morning over the mandatory installation of HomePods in each home, citizens will be greeted with an ecstatic "Good morning!" to get them energized for the day ahead.
Voting will be done via iPhones, where FaceID will verify the eligibility of the voter before the vote has been submitted.
I have wondered why the likes of McKinsey, KPMG, and PWC do not put up candidates (don't even sponsor them, just say you're electing _well known consultancy_).
UK Govt. stupidity aside, Apple could allow iOS users to switch their backup provider from iCloud to other services or backup targets. But they won't because they want to continue to grow their services revenue.
> Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
I don't understand the core of this advice. So if you're in the UK and do all the above, can you suddenly get similar E2EE cloud storage from a different provider without a UK government-mandated backdoor?
The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Not that there aren't other reasons to be skeptical of American companies' right, but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
> but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
Right. This, right now, is 100% a UK problem. De-Americanising your tech stack isn't going to fix the political issues domestically. Hence Apple pulling ADP out, they made the choice of not complying with the UK and not offering the service instead of compromising the service for everyone else in the world.
UK citizens need to direct their attention inwards against their own government.
E2EE cloud storage is not some kind of magic that only tech bigcorps can provide. I de-Dropboxed a few years ago, replacing it with Syncthing running on a local NAS with e2ee backups in Backblaze and Wireguard VPN out to my mobile devices. Sure, this is not the sort of thing most people can set up for themselves, but I don't think that's particularly relevant in context.
My new high-privacy, high-control data management solution revolves around pen & paper. As far as I am aware, these implements have not yet been banned in the UK.
I don't know why everything must be digital. If you don't put it on a computer, it's almost as if it doesn't exist. If you do this often enough, it is almost as if you don't exist.
In the latest Janus Cycle video he explained how he started carrying an IBM WorkPad c3 around to manage his contacts and appointments. I found that a great idea for people like me that struggle with deciphering their handwriting an hour later.
Party members were supposed not to go into ordinary shops ('dealing on the free market', it was called), but the rule was not strictly kept, because there were various things, such as shoelaces and razor blades, which it was impossible to get hold of in any other way. He had given a quick glance up and down the street and then had slipped inside and bought the book for two dollars fifty. At the time he was not conscious of wanting it for any particular purpose. He had carried it guiltily home in his briefcase. Even with nothing written in it, it was a compromising possession.
The thing that he was about to do was to open a diary. This was not illegal (nothing was illegal, since there were no longer any laws), but if detected it was reasonably certain that it would be punished by death, or at least by twenty-five years in a forced-labour camp. Winston fitted a nib into the penholder and sucked it to get the grease off. The pen was an archaic instrument, seldom used even for signatures, and he had procured one, furtively and with some difficulty, simply because of a feeling that the beautiful creamy paper deserved to be written on with a real nib instead of being scratched with an ink-pencil. Actually he was not used to writing by hand. Apart from very short notes, it was usual to dictate everything into the speak-write which was of course impossible for his present purpose. He dipped the pen into the ink and then faltered for just a second. A tremor had gone through his bowels. To mark the paper was the decisive act. In small clumsy letters he wrote:
It's not a backdoor per se. UK just banned using E2EE (at least for Apple users' data). I don't think though they can ban E2EE in general - like, if I upload a binary blob to a data store, how would they know whether it's encrypted or not? Short of banning all strong encryption completely (which even UK yet is not stupid enough to do) it's not possible to prevent. But they did not build a "backdoor" into encryption - they demanded that, and Apple refused, so there's now no encryption at all for UK users. There's no door.
They are just going for service providers that make E2EE easy for users - clearly betting on the fact that people they want to surveil would be too lazy/incompetent to use a custom solution providing strong E2EE encryption. And they may be right - most iphone users would keep using the same services even with the knowledge that the data is now widely open - and eventually of course will be breached and available to every kind of criminal, as it happened many times already with other massive data warehouses.
But I believe even is the UK you still can encrypt your own backup and upload it, e.g., to rsync.net and nobody would be able to stop you. Just most people won't.
If you're making money in the UK, they have a lot of legal authority over you.
If you're based in the UK, they have a lot of legal authority over you.
If you're neither of those things, they might complain, but the actual consequences are close to nil.
And they're not banning the tools (this is arguable, but they "can't" logically, as you point out). They're banning businesses from providing the tools.
Thats reassuring...but still frightening, just less so I guess.
Most of my homelab is self-hosted (Cloudflare and Tailscale stop me short of saying it's 100%, plus an Oracle VPS for a Minecraft server if you count the WHOLE stack I guess)...and you tell yourself its 'better to own your own data' or whatever your personal mantra is, but it's bizarre to see this play out
You may think you're being sarcastic, but you are just stating a true fact here. For about 99.9% of this planet's population, it's not just hard, it's something they'd never ever know how to do and have no intention to ever learn. Like it or hate it, but that's what it is.
And, for 99.9% of people who know how to do that, they'd still be too lazy to do it properly (hint: where do you keep secret.txt exactly? What happens if your dog eats it?) and will use some third-party solution instead.
The double entendre occurred to me, I don't disagree.
But the relative ease does not merely apply to users, but to the barrier of entry for alt products as well.
Consider that the current paradigm is contingent on the "blind trust" users have held in tech for a long time. It's possible that a new kind of app will thrive in a different paradigm.
For example, is there any reason we couldn't have a simple "message wrapper" which only sends encrypted payloads via SMS or Email and decrypts on the fly in a secure sandbox? Easy for the user and hard to regulate.
Hidden. Encrypted. And the passphrase is: at 5,21 which is the 5th line on page 21 of your favorite book. Which you have more than one copy of, because you like it that much. And you need copies to lend. Or you have the PDF from Gutenberg.org?
And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
It might be a favorite quote, like "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Augmented by the above date if needed?
Hidden where? Are you writing it on a post-it and putting it on top of your screen? Are you keeping it in your wallet? In a safe? What if you lose it or your house is flooded?
> And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
How sure are you that you'd remember all that scheme for 20 years? How about 50 years? Some documents may be relevant for a very long time. What about if you need more than one key? What about if you need to give access to one document to specific set of persons?
Once you consider all the scenarios that can happen through a lifetime, you start to understand why managing all those complexities correctly is not trivial. And that's why people pay third parties to do it for them. It's not because encrypting a bag of bytes is hard. It's because of all the things that surround it.
Reminds me of using Ansible Vault and preciously encrypting every secret (so we can say that repos doesn't contain any secrets), then just putting ~/.vault_pass in plaintext on every Ansible controller to be taken by anyone with access to the servers.
Threat modeling is important of course. The UK government does have tools with which to punish people who don't turn over the cleartext of targeted documents once it's directly investigating them, but that's not scalable. The method the grandparent comment proposes greatly reduces one's exposure to mass surveillance, criminals, and abusive service providers.
Because no US corp can promise you true E2EE. Even an app like Signal - are you sure the version you're getting from the App Store is always the one with "unbreakable E2EE"?
Hopefully pretty soon Apple will have to provide the same functionality iCloud monopolizes so you can have an equivalent service. But right now you can do an encrypted transmission to a privately-owned NAS like Synology and then E2E cloud storage provider of your choice, with the caveat that things like background syncing are strategically monopolized and no app may backup your full phone.
It's a bit like the famous HN post where somebody said that Dropbox is not needed if you have rsync and friends.
Technically this can even be correct. You can build and operate a good, secure solution for yourself if you have time and skill to build. Could make sense for a company handling sensitive data. Would hardly make sense for most individuals who are not professional SREs / SWEs. (To check how it feels, an engineer can try to sew themself a pair of pants to wear daily, or do something similarly mundane in what they are not skilled.)
A solution that can reliably work for non-experts is very important.
Sure but in this case most of the difficulties are artificially imposed by Apple, depending on how the tribunal responds to their alleged iCloud monopoly it could become as simple as choosing a compatible provider and putting your username/password in.
And as soon as you have "a provider" as a business entity, UK government can ban them from providing E2EE solutions to Apple users the same way they did ban Apple. Or the provider would just silently bend over hand hand all the keys to the UK govt.
They can't police every online server you can possibly rent, and they can't police them "all at once" like they can with the Google/Apple duopoly, all they can do is go after them one-by-one as they need access and as we see with 4chan, rejecting their assertions on jurisdiction is certainly an option.
They can't. But they can police any service that has substantial number of users. And that's what most of the people would use. So, the hardened criminals would use their own underground darknet services which the government couldn't breach, but the regular people would have no privacy at all.
> 4chan, rejecting their assertions on jurisdiction is certainly an option.
4chan can tell UK regulators to take hike because 4chan has no business presence in the UK. Any service that does want to serve UK users and is successful in doing so, will eventually find itself in UK regulators' crosshairs. For services that are based outside UK, they'd just stop serving UK users because that's the easiest way to handle it. Which is completely fine with UK regulators, in fact, that's exactly what they want - so that nobody would be able to provide privacy to UK subjects.
On personal level, you have to choose whether your priority is privacy or convenience. If its privacy, no whining about 'I want this and that and I am too lazy to rollback' is relevant.
Never trust US services, 3-letter agencies are endlessly greedy to fill your profile with another tens of thousands of data points. As do all advertisers all around the globe. As do (with various success) all other governments and private companies who have something to gain, HDD storage has never been cheaper and all personal data are worth gold and beyond.
Or if you have to use them, use your own encryption with strength to not be broken for next few hundreds of years, to stand a chance. That is, if you actually have something to hide, but I have never met a person who really doesn't :)
I have done all this. All inhad to do was provide my passport scans, fingerprints, photos of my face, phone number so now I can use tencent cloud in china! /s
It's more likely to be a problem with Apple (and Google) because they have put themselves in a position where they are a gateway to everybody. There are multitudes of online storage providers outside of the UK's reach and jurisdiction but 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
Not according to the UK, lately. The problem is still domestic. UK wants to exert this control over any service a UK citizens happens to use, whether they have a UK presence or not. Same with the ID/Age verification stuff.
Moving away from Apple and Google probably is something they should do, but it's not going to be a solution to the problem of the UK government's overreach.
UK citizens need to turn their attention inward against their government.
To be clear, Apple and Google both have huge UK presence. I don't know the extent of Google, but Apple has offices with thousands of people working in them. Compliance with what the UK wants in this regard is not optional.
What the original poster does is completely misplace blame under the guise of "clever" writing - blame should be assigned squarely on the idiotic policies of the UK government.
Allegedly it's deliberate, according to a pair of legal actions they face in the UK (hearing in 9 days) and US (hearing in August 2026).
> 13.1 a set of technical restrictions and practices that prevent users of iOS from storing certain key file types (known as “Restricted Files”) on any cloud storage service other than its own iCloud and thus ensuring that users have no choice but to use iCloud (a complete monopolist in respect of these Restricted Files) if they wish to meet all their cloud storage and/or back up needs, in particular in order to conduct a complete back-up of the device (“the Restricted File Conduct”); and/or
> 13.2 an unfair choice architecture, which individually and cumulatively steer iOS Users towards using and purchasing iCloud rather than other cloud storage services, and/or limit their effective choice, and/or exclude or disadvantage rivals or would- be rivals ( “the Choice Architecture Conduct ”). See further paragraphs 6 to 9 and 97 to 132 of the CPCF.
> 30. By sequestering Restricted Files, and denying all other cloud providers access to them, Apple prevents rival cloud platforms from offering a full-service cloud solution that can compete effectively against iCloud. The cloud products that rivals can offer are, by virtue of Apple’s restraints, fundamentally diminished because they can only host Accessible Files. Users who want to back up all of their files—including the basic Restricted Files needed to restore their device at replacement—have but one option in the marketplace: iCloud.
> 31. There is no technological or security justification for Apple mandating the use of iCloud
for Restricted Files. Apple draws this distinction only to curtail competition and advantage its iCloud
product over rival cloud platforms.
They are, and most time this allows them to abuse you. But what do you think happens once you that gateway is blown open, isn't your front door next?
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
What I said above means that once you normalize the situation that providers have to open the gate to your yard whenever the state comes knocking, the state will just come knocking directly at your door. In other words I'm not sure the state will stop in its pursuit of access to your data when it can just incriminate trying to evade the law by storing it out of reach.
> But what do you think happens once you that gateway is blown open, isn't your front door next?
Yes this is the way policing should work, if they think you have done something they knock on your door rather than go to Apple and Google and compromise the entire population all at once through the convenience of their monopolies. Bonus points if a judge needs to grant them the privilege of knocking on your door too.
> Yes this is the way policing should work, if they think you have done something they knock on your door [...] Bonus points if a judge needs to grant them the privilege
How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"? They went after the gatekeepers because they wanted a one stop shop for accessing people's data. They will look to take the same easy road in the future and there's nothing easier then framing any attempts to keep data out of UK's reach as a crime. They get your data or get you for not providing the data.
The law will be "stupid", tech savvy people will find ways around it. But it's enough to throw a or a noose around as many people as possible and tighten as time goes by. Authoritarianism 101.
> How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"?
By suspecting you of a crime first, then they can establish access to your device through legal due process and access the data on your device or imprison you for not facilitating it. Same thing they do with computer passwords and whatnot.
Ah yes, 70 million people find a country they are eligible to move to, quitting their jobs, uprooting their families. Definitely the most straightforward fix. Thankfully other countries have no problems either, or they'd have to leave from those too!
The actual straightforward fix isn't available to us - namely, we aren't due a general election until 2029 and right now the "good guys" are in power, so it's not at all clear that anyone would even offer to reverse this TCN if they were elected instead, in 4 years time.
* They offered local councils the chance to request it if they were going through a reorganisation or devolution process.
* 18 councils requested and 9 were accepted as justified.
* And even those are only delayed until May next year (one year after the rest of the UK).
So to be clear the UK government not only didn't postpone the general elections but half the councils who requested the local elections were postponed were denied, with the other half having reasons and still doing it a year later anyway.
And all that is actually covered in the page you link to.
Fact check - the UK hasn't postponed the general election.
Your link points to _some_ local council elections (the people responsible for bin collections, parks and care homes) and the extension has been requested by the local councils themselves.
I wish they would help get as many reform councils as possible. Given how incompetent they have been in the ones they did get elected, I think it would put a damper on the enthusiasm of their supporters.
> You need to start that because, as we recently learned, at some point in the very near future Apple is withdrawing its Advanced Data Protection (ADP) feature from the UK altogether as a result of the Home Office TCN through the Investigatory Powers Act.
So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I can encrypt anything and store it in anything that provides storage. Why are people acting like "end to end encryption" is a feature you need a cloud service to provide to you. Rather the opposite - it's really something you can only do yourself.
The closest I've found is VeraCrypt, which is near the edge of what I'd call layperson-friendly. But if you store a VeraCrypt drive on the cloud, you'll need to re-upload the entire encrypted file--usually quite large--every time you change anything at all. That's a _lot_ of bandwidth, and likely to be quite slow to sync.
This seems like a job for a truecrypt style system. Either you do it at a file-level, or you have it split into (say) 10MB file chunks, and if you want to access a certain file you have an encrypted local db that acts as a magic decoder ring ("file test.csv is spread across CLOUD1.DB CLOUD3443.DB CLOUD132.DB").
Combine that with steganography (Enter real_password, and test.csv is a list of bank accounts, enter fake_password, and test.csv is a list of apple store locations, enter random_password, and it decodes junk). Maybe combine that with multiple layers of passwords (one ring to rule them all, except certain files).
Obviously, you'd want to steganographize the decoder ring as well.
In the extremely unlikely event that I'm compelled to by a judge, yes. Or if someone chooses to beat me with five dollar wrench, of course. And even then A) it can't happen without my knowledge and B) I have the option of refusing and bearing the consequences.
I didn't say it solves every problem, just that it's the only way to have proper end-to-end encryption.
> So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I suspect it's because whilst other services would be affected we only know about Apple currently and, thanks to iOS and Mac, a large percentage of the population will be using Apple by default for the services impacted. Only Google (Android) and Microsoft (Windows) really overlap in that regard.
> it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
From the linked article:
> I’m not going to tell you where to move your stuff other than to say that if you’re moving it from one big tech company to another, you’re just being daft. Likewise, if you’re moving your stuff to a non-e2ee service, don’t bother. If you need an e2ee service try Proton. They have a Black Friday sale on.
The title felt like there was a greater issue with Apple specifically. There wasn't. There was a greater issue with the new UK laws and cloud storage systems. I think people deserved a clarification before getting wound up about it before reading the article.
Yes, it's nothing to do with Apple per se - any major E2E provider would be under the same attack. The problem here is UK government is drunk with power and doesn't want their citizens to have any privacy rights, and UK citizens are largely ok with that, as evidenced by them keeping to elect such governments. Apple is just the most prominent target of the attack - eventually, they will try to attack smaller targets still, and make usage of the strong encryption as hard as possible, maybe outlaw it completely and mandate government key escrow. They already tried it in many countries, and UK seems to be very ripe to try again.
The issue is with Apple specifically in the sense that they have been offering a superior E2EE cloud storage service that will soon be denied to UK residents (IIUC, E2EE isn't offered by their competition e.g. Google, Microsoft). But the article goes out of its way in its first section to note that Apple isn't in the wrong at all here:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
It is, if you care about the issues the author evidently cares about, "time to start de-Appling". I am a satisfied ongoing customer of Apple and I didn't find this headline to be the least bit inflammatory. It is, at worst, minor clickbait—but it's not really bait at all, since the contents of the article match the headline.
FYI, this is not about a law, this is about a Technical Capability Notice. This is a thing the UK government is able to issue to a specific company or companies, that require them to implement technical measures to enable data collection. This applies only to the company/ies that the notice is issued to.
That could be one of them, some of them or all of them, but it's not really a law that automatically applies to all of them.
Everything a government does is about a law, but, even if only Apple had received this notice, why would it change the unfairness of singling out Apple? Did UK government issue this request as their final request of this kind? Did they forbid any further requests to be made? Did they single out Apple out of something specific to Apple Inc (or, say, United States) or did Apple happen to be just too visible?
Singling out Apple in the article's title sends the wrong message here. The author should have gone with something along the lines of "UK residents should stop using E2EE cloud services". Current title implies there might be a safe E2EE service in the UK. Heck, they even claim that in the article: "If you need an e2ee service try Proton" as if Proton is exempt from getting a notice from the UK. It's not.
No, you got it right. Anti-Americanism is one of the few canards that the UK government can use as a boogieman to force through their most questionable policies.
One of the most shocking things about Europe when I have visited is what your average European (or Brit, since I guess they don't call themselves European anymore) thinks the US is like (even ignoring politics, just basic standard of living stuff). They've never been and probably will never be able to visit so all they know is what they've been told. When they do visit, they return with a much poorer opinion of how their country is doing. That's why the "I was lied to..." clickbait is so common in European made US travel videos now.
.site-content .post has `overflow: hidden;`, .site-content .entry-content has `max-width: 965px;`, and .wide-content has `margin-right: -34.0740%;` Disabling the margin-right or, preferably, the max-width rule will fix the layout. Or make your browser less than 1700px wide.
(Crazy rats nest of CSS rules, I assume this is a wordpress/wordpress template thing.)
Ahh, just saw this after posting my comment. Yes, it appears that at 1700px or greater it cuts off text. Shown in this video: https://cs.joshstrange.com/BB60xzBW
Unlike most writing about politics, the article isn't arguing that 'those are the bad people over there'. The article describes a current aspect of reality and how it came about, and suggests a way of responding to that reality.
The right way to respond to this reality would be to stop UK government from being insane by electing a more sane government. Stopping using iphones is going to help only for a short term - once encryption is de-legalized, they will come for everybody who they deem worth coming for, sooner or later. If it'll require introducing licenses to run encryption software and mandating key escrow, they'd do that. Yes, you still would be able to sneak in encrypting software on USB drive hidden in your... let's say, pocket. But the mere fact of using it would make you a criminal then. That's the natural progression of where it is going, unfortunately.
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
I don't think there's any blaming of Apple going on here. This is about dealing with the practical realities of the circumstances for people in the UK.
It must be nice to live somewhere that has politicians that represent the will of the people enough to have a take like this. Where I live, your vote only counts if you have enough money.
Because no matter who they vote for, they get this. The previous ruling party hasn't had a real primary since 2008 (and didn't even go through the motions in 2024.) H. Clinton makes a fairly good case that even that one was fixed (because they knew the best horse to bet on.)
No matter who you vote for you get Hillary Clinton's governance, though. She's become very complimentary about Trump's foreign policy.
If I get up in the morning and say "time to get out of the house" I am not blaming my house for anything; I am simply articulating that I want or need to be somewhere else, for whatever reason.
Eh, the whole "de-Brand" lingo comes from "de-Googling" which has unambiguously blamed Google for the act. The use of the same type of terminology automatically implies the same set of circumstances.
When you say "time to de-CocaCola" while all soda products are susceptible to a certain health hazard, you can't say "Obviously, CocaCola isn't being blamed here".
The analog of your example would be "time to get out of the cloud" for the article.
> the whole "de-Brand" lingo comes from "de-Googling"
Which no doubt stems from more practical usage, like "de-worming". That does not imply that there is blame to go around. You are not blaming the worm — you just want rid of it because it is not something that is working for you.
The issue is specific to Apple! IIUC they're the only mainstream cloud storage provider that provides E2EE, and I'm sure many of their customers chose them over their competitors for that reason.
I does not in the slightest. Rather, It suggests it's time to start removing Apple entanglements from your digital life, for reasons that are described in the article.
Did you read the article? She doesn't blame Apple.
Sixth paragraph: "But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me."
England has been speedrunning the dystopian surveillance police state for a while now, through numerous governments. Voting is pointless.
Same (but different) in Denmark where politicians vote to give themselves more money[1], snoop on everything[2], violate our constitution unpunished[3], delete evidence of corruption[4], open the borders[5], etc. etc. etc. I used to care - a lot - I really did. But I'm done.
In general, if voting had the power to change much, it would be illegal. Rulers allow voting to change a few things, but never the things that benefit themselves.
Might come across as pedantic, but its important, "the UK" not "England". Confusing the two can upset people, especially those from the rest of the UK.
Personally I do not think its just the UK and Denmark, its pretty much everywhere.
The surveillance laws are all UK wide AFAIK. Some policy with regard to policing is devolved so there might be some small differences in how they are applied, but it is essentially just as bad.
Ok, I was going to ask, but taking "yes, that one" seriously I suppose confirms the author is the actress Heather Burns best known for playing the best friend role in a string of successful romantic comedies.
She might be, but it might also be the case that there are so many actors, to be "well known", you need to be in the 0.001%
I probably have seen movies with her in it, but I have no recollection of her as an actor. I did recognize her husband as Samir from Office Space, though I couldn't tell you his name.
Apparently she's so thoroughly de-Googled and de-Appled that the page doesn't display correctly on Chrome on MacOS on my machine, cutting off part of the text on the right margin (manages to render correctly if I resize the window to a smaller width however)
Isn't Apple taking UK gov't to court over this, and the reason they have abandoned encryption for everybody is to avoid being forced to provide backdoors. On this you should be on their side, not against them.
You can de-Google, de-Apple, de-Microsoft, de-bank, de-whatever, go live off-grid in a thatched hut in Sherwood Forest. But the government will spy on you all the same.
It's unfortunate that gross government overreach and corporate cooperation with it is what it takes for people to even recognize the concept of data privacy and data ownership is a thing, much less that they should do something about it and that their data is and never was "safe" in the cloud, no matter which corporate overlords walled garden you called home. Apple has never been an exception to this rule.
ADP means that you own the encryption key to the data and Apple can’t access it, so Apple being able to turn ADP off by itself would invalidate the whole point of the system.
In theory, sure, but that theory surviving practice (e.g. a G20 government bearing against it) is meaningful. E.g. they could push an OS update to automatically turn off ADP for impacted users, but they aren't.
IMHO Apple is actually being honest here. They cannot legally operate in the UK without providing a back door, so they are dropping the claim of ADP in the UK. This is letting the user know what's up, and might also help inspire a backlash against these laws. Apple needs to make it clear that they are being forced by UK law to degrade service.
Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
I'm sure there's services out there that will secretly comply and still claim to be secure.
There's also a lot of companies that will simply abandon security features like ADP or never develop them. Apple is going to the trouble of disabling it only for UK people not everyone, instead of just deprecating it. The latter would be less expensive and expose them to less legal risk.
If you really want security in the UK now you have to roll your own and do the encryption yourself. Honestly that's always the best security, since you can never be 100% sure a closed cloud or software vendor isn't messing with you.
Maybe this was intentional by the author to annoy Mac users, but the word/line wrapping is broken on the latest Firefox on the latest macOS: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0
> please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
That's the message. It's high time. We can what-about-argume about what's E2EE and what Apple "pinky promises" isn't used or sold but the reality is that anything seated in the US may as well be a publicly open http for the right buyer (be it the US government, Saudi Arabia, Israel or whatever...)
Especially if you're in charge of customer data, you can't "just" setup something on a EU server if the corp is based in the US, those days are over now. You need to do the legwork.
its entering another country that suddenly becomes a real problem, and ofcourse, if you're in the UK, the only country worth moving to at that point is the US with (as I understand) quite stringent immigration restrictions.
in reality, if the US were to open their doors to the UK, holy moly - this entire country would turn into Ukraine overnight, with nobody but pensioners left. which actually isn't in either governments interest: obviously not the UK, but infact, the UK presents a source of cheap labour for the US: read any hackernews thread concerning tech wages in the UK, the comments are hysterical/diabolical ("you make HOW much!?" - "A fast food worker makes more..." - etc.)
so, the current state of affairs is probably a good business arrangement for both parties involved, and aren't gonna change any time soon.
No need to leave, move up north and wait for all the shenanigans to blow over. Hard to be annoyed at the government and the corporations when you're walking through the Yorkshire dales on a sunny day
Not as many easy paths anymore for a British worker, tech or otherwise, thanks to The Foolishness.
And the most popular choice -- the USA -- is off the table for the majority of Brits, I think, who cannot comprehend The Other Foolishness. (Mind you, the ones it encourages... I hope they follow their hearts)
De-appling is easy. I just don't have anything from them. Apart from the work laptop, but that is a problem for my employer, not me.
De-googling however is extremely hard. I have been slowly chipping away at it, but there are things I just have no decent option to (such as Waze and Android Auto).
Android itself is another problem. I have high hopes for a Graphene device.
De-Googling is also extremely easy, I haven't had a Google account in 10 years, I use uBlock to block the ads, DuckDuckGo for search and a Youtube app that downloads from it instead of using the website.
Perhaps the only thing I use directly is Recaptcha.
the people are a lot stupider than the politicians. sorry but it needs to be said.
as for the MPs, theyre ok. not as stupid as most think. they are very self-interested and not in the business of 'rocking the boat'. strongly prefer managed decline than any risk taking that could result in things going sideways.
its easy to critique but truthfully the UK is structurally in a dead end (well ok, maybe not... but it does feel that way). but things could be a lot worse, and many don't appreciate that reality. having clean tap water and paved roads is pretty damn good for a country held up by fintech and scraps of last century's industry.
people calling for reforms have no idea what they're in for. Thankfully Reform was deployed together with Nigel Farage, God bless him, rolled in to do narrative control and provide a safe and controlled sponge for dissent. That guy is a 'fixer' for UK political radicalism - every time the crowd starts to have funny ideas, he magically appears and slowly but surely everyone goes back to their £32k/year jobs. I think he's 'retired' from politics thrice now.
truthfully, nobody does politics better than the Brits. but then again, they invented this game to begin with!
Just to clarify, she's advocating people stop using Apple, quite literally the only big tech company with a slightly better focus on privacy compared to all the others and with a reputation for saying no to the latest authoritarian power grab by the UK government?
No, she's saying that due to UK legislation that Apple will no longer be allowed to offer e2ee and it's time to start moving your data off of their cloud services before you're forced to turn off ADP.
It's not an article about advocacy so much as the pragmatics an upcoming data migration.
Yes, she's advocating people stop using them for a few services if they require e2ee for those services. Why? Because apple will be removing e2ee for those services. She is also clearly advocating not to use another big tech company for those services. Source: TFA
From the article, I'm suprised at this unusual twist:
> What about that second TCN?
> On the 1st of October, the Home Office issued a second TCN against Apple for the same as before, but only for _British citizens’_ data. World-leading!
> Those who follow my work know that this phrase made me spew a double barrel of Glaswegian swearing. British citizens’ data, as opposed to British users’ data? The dividing line here is not e.g. being located in the UK or having registered an account here, but what it says on your passport? How is Apple going to know that, much less roll it out? (/s)
> Did Apple just publicly state that they’re going to be removing a security layer and adding a nationality check layer?
> We don’t know.
> We don’t know because as with the first TCN, that information only became available in the public domain due to someone leaking it to the media. That’s all there is to know. Everything else is confidential and NCND. There is nothing else to say because nothing else is known. If someone who did know something was sitting across from me right now, and they told me, they would be committing a crime.
Does that mean my non-UK citizen friends who are resident in the UK now have better privacy rights than UK citizens in the UK? Does it mean it's better to remain only a resident, than to attempt to obtain citizenship in the long run?
Taking inspiration from the East India Company, Apple should colonize the UK and take over the government - the iGovernment, if you will.
Citizens will regain their right to e2ee privacy, they will not have to deal with voting for mediocre politicians to lead them. Instead, Tim Cook will be their new leader, and every morning over the mandatory installation of HomePods in each home, citizens will be greeted with an ecstatic "Good morning!" to get them energized for the day ahead.
Voting will be done via iPhones, where FaceID will verify the eligibility of the voter before the vote has been submitted.
I have wondered why the likes of McKinsey, KPMG, and PWC do not put up candidates (don't even sponsor them, just say you're electing _well known consultancy_).
"Here is my 300 slide pack to explain why you should vote for me"
Either way we’re totally cooked
Very clever image and caption (right at the bottom of the page)
> Header image by me: Alan Turing memorial, Manchester, where he reminds you why keeping data private can be a matter of life and death.
The image shows a close up of a statue of Alan Turing, his hand holding an apple.
https://en.wikipedia.org/wiki/Alan_Turing#Death
UK Govt. stupidity aside, Apple could allow iOS users to switch their backup provider from iCloud to other services or backup targets. But they won't because they want to continue to grow their services revenue.
From the article:
> Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
I don't understand the core of this advice. So if you're in the UK and do all the above, can you suddenly get similar E2EE cloud storage from a different provider without a UK government-mandated backdoor?
The first two are reasonable positions. The third, on the merits of the argument in the article, is absolutely bonkers. It's the UK government that is unleashing this stupidity on the world. There is no European alternative that is any safer, and it's the UK's own hands that are at fault in the first place.
Not that there aren't other reasons to be skeptical of American companies' right, but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
> but it's just so easy to fall into nationalistic prattle instead of fixing the real problem.
Right. This, right now, is 100% a UK problem. De-Americanising your tech stack isn't going to fix the political issues domestically. Hence Apple pulling ADP out, they made the choice of not complying with the UK and not offering the service instead of compromising the service for everyone else in the world.
UK citizens need to direct their attention inwards against their own government.
E2EE cloud storage is not some kind of magic that only tech bigcorps can provide. I de-Dropboxed a few years ago, replacing it with Syncthing running on a local NAS with e2ee backups in Backblaze and Wireguard VPN out to my mobile devices. Sure, this is not the sort of thing most people can set up for themselves, but I don't think that's particularly relevant in context.
My new high-privacy, high-control data management solution revolves around pen & paper. As far as I am aware, these implements have not yet been banned in the UK.
I don't know why everything must be digital. If you don't put it on a computer, it's almost as if it doesn't exist. If you do this often enough, it is almost as if you don't exist.
In the latest Janus Cycle video he explained how he started carrying an IBM WorkPad c3 around to manage his contacts and appointments. I found that a great idea for people like me that struggle with deciphering their handwriting an hour later.
Party members were supposed not to go into ordinary shops ('dealing on the free market', it was called), but the rule was not strictly kept, because there were various things, such as shoelaces and razor blades, which it was impossible to get hold of in any other way. He had given a quick glance up and down the street and then had slipped inside and bought the book for two dollars fifty. At the time he was not conscious of wanting it for any particular purpose. He had carried it guiltily home in his briefcase. Even with nothing written in it, it was a compromising possession.
The thing that he was about to do was to open a diary. This was not illegal (nothing was illegal, since there were no longer any laws), but if detected it was reasonably certain that it would be punished by death, or at least by twenty-five years in a forced-labour camp. Winston fitted a nib into the penholder and sucked it to get the grease off. The pen was an archaic instrument, seldom used even for signatures, and he had procured one, furtively and with some difficulty, simply because of a feeling that the beautiful creamy paper deserved to be written on with a real nib instead of being scratched with an ink-pencil. Actually he was not used to writing by hand. Apart from very short notes, it was usual to dictate everything into the speak-write which was of course impossible for his present purpose. He dipped the pen into the ink and then faltered for just a second. A tremor had gone through his bowels. To mark the paper was the decisive act. In small clumsy letters he wrote:
April 4th, 1984.
It's not a backdoor per se. UK just banned using E2EE (at least for Apple users' data). I don't think though they can ban E2EE in general - like, if I upload a binary blob to a data store, how would they know whether it's encrypted or not? Short of banning all strong encryption completely (which even UK yet is not stupid enough to do) it's not possible to prevent. But they did not build a "backdoor" into encryption - they demanded that, and Apple refused, so there's now no encryption at all for UK users. There's no door.
They are just going for service providers that make E2EE easy for users - clearly betting on the fact that people they want to surveil would be too lazy/incompetent to use a custom solution providing strong E2EE encryption. And they may be right - most iphone users would keep using the same services even with the knowledge that the data is now widely open - and eventually of course will be breached and available to every kind of criminal, as it happened many times already with other massive data warehouses.
But I believe even is the UK you still can encrypt your own backup and upload it, e.g., to rsync.net and nobody would be able to stop you. Just most people won't.
I'm sort of out of the loop as a US citizen....Does the UK really have the ability to enforce every E2EE storage solution on GitHub to comply?
Even if you monitor downloads, every VPN, every ISP..... can't I copy paste the source code?
Isn't SFTP already E2EE? They're not going to come down on SFTP....right? I really hope not...
The simple answer is: Money.
If you're making money in the UK, they have a lot of legal authority over you.
If you're based in the UK, they have a lot of legal authority over you.
If you're neither of those things, they might complain, but the actual consequences are close to nil.
And they're not banning the tools (this is arguable, but they "can't" logically, as you point out). They're banning businesses from providing the tools.
Thats reassuring...but still frightening, just less so I guess.
Most of my homelab is self-hosted (Cloudflare and Tailscale stop me short of saying it's 100%, plus an Oracle VPS for a Minecraft server if you count the WHOLE stack I guess)...and you tell yourself its 'better to own your own data' or whatever your personal mantra is, but it's bizarre to see this play out
# Encrypt a file openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc
# Decrypt openssl enc -d -aes-256-cbc -in secret.enc -out secret.txt
Wow that was hard.
You may think you're being sarcastic, but you are just stating a true fact here. For about 99.9% of this planet's population, it's not just hard, it's something they'd never ever know how to do and have no intention to ever learn. Like it or hate it, but that's what it is.
And, for 99.9% of people who know how to do that, they'd still be too lazy to do it properly (hint: where do you keep secret.txt exactly? What happens if your dog eats it?) and will use some third-party solution instead.
The double entendre occurred to me, I don't disagree.
But the relative ease does not merely apply to users, but to the barrier of entry for alt products as well.
Consider that the current paradigm is contingent on the "blind trust" users have held in tech for a long time. It's possible that a new kind of app will thrive in a different paradigm.
For example, is there any reason we couldn't have a simple "message wrapper" which only sends encrypted payloads via SMS or Email and decrypts on the fly in a secure sandbox? Easy for the user and hard to regulate.
>where do you keep secret.txt exactly?
Hidden. Encrypted. And the passphrase is: at 5,21 which is the 5th line on page 21 of your favorite book. Which you have more than one copy of, because you like it that much. And you need copies to lend. Or you have the PDF from Gutenberg.org?
And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
It might be a favorite quote, like "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Augmented by the above date if needed?
Hidden where? Are you writing it on a post-it and putting it on top of your screen? Are you keeping it in your wallet? In a safe? What if you lose it or your house is flooded?
> And 5/21 might be the birthday of your first child, or your wedding day, or whatever?
How sure are you that you'd remember all that scheme for 20 years? How about 50 years? Some documents may be relevant for a very long time. What about if you need more than one key? What about if you need to give access to one document to specific set of persons?
Once you consider all the scenarios that can happen through a lifetime, you start to understand why managing all those complexities correctly is not trivial. And that's why people pay third parties to do it for them. It's not because encrypting a bag of bytes is hard. It's because of all the things that surround it.
> where do you keep secret.txt
Reminds me of using Ansible Vault and preciously encrypting every secret (so we can say that repos doesn't contain any secrets), then just putting ~/.vault_pass in plaintext on every Ansible controller to be taken by anyone with access to the servers.
I'm reminded of the infamous HN Dropbox comment.
Reference: https://news.ycombinator.com/item?id=9224
Yeesh, this seems like a good example of the fact that a feature (encrypting a file) is not a product (an E2E encrypted storage solution.)
Re: rubber hose attack on cryptography.
Threat modeling is important of course. The UK government does have tools with which to punish people who don't turn over the cleartext of targeted documents once it's directly investigating them, but that's not scalable. The method the grandparent comment proposes greatly reduces one's exposure to mass surveillance, criminals, and abusive service providers.
Because no US corp can promise you true E2EE. Even an app like Signal - are you sure the version you're getting from the App Store is always the one with "unbreakable E2EE"?
Yes, but you'll have to trust that they haven't been issued a secret government order to implement a backdoor.
Not all of those companies will loudly object in the way Apple does.
Hopefully pretty soon Apple will have to provide the same functionality iCloud monopolizes so you can have an equivalent service. But right now you can do an encrypted transmission to a privately-owned NAS like Synology and then E2E cloud storage provider of your choice, with the caveat that things like background syncing are strategically monopolized and no app may backup your full phone.
https://www.catribunal.org.uk/cases/16897724-consumers-assoc... (hearing in 9 days)
It's a bit like the famous HN post where somebody said that Dropbox is not needed if you have rsync and friends.
Technically this can even be correct. You can build and operate a good, secure solution for yourself if you have time and skill to build. Could make sense for a company handling sensitive data. Would hardly make sense for most individuals who are not professional SREs / SWEs. (To check how it feels, an engineer can try to sew themself a pair of pants to wear daily, or do something similarly mundane in what they are not skilled.)
A solution that can reliably work for non-experts is very important.
Sure but in this case most of the difficulties are artificially imposed by Apple, depending on how the tribunal responds to their alleged iCloud monopoly it could become as simple as choosing a compatible provider and putting your username/password in.
And as soon as you have "a provider" as a business entity, UK government can ban them from providing E2EE solutions to Apple users the same way they did ban Apple. Or the provider would just silently bend over hand hand all the keys to the UK govt.
They can't police every online server you can possibly rent, and they can't police them "all at once" like they can with the Google/Apple duopoly, all they can do is go after them one-by-one as they need access and as we see with 4chan, rejecting their assertions on jurisdiction is certainly an option.
They can't. But they can police any service that has substantial number of users. And that's what most of the people would use. So, the hardened criminals would use their own underground darknet services which the government couldn't breach, but the regular people would have no privacy at all.
> 4chan, rejecting their assertions on jurisdiction is certainly an option.
4chan can tell UK regulators to take hike because 4chan has no business presence in the UK. Any service that does want to serve UK users and is successful in doing so, will eventually find itself in UK regulators' crosshairs. For services that are based outside UK, they'd just stop serving UK users because that's the easiest way to handle it. Which is completely fine with UK regulators, in fact, that's exactly what they want - so that nobody would be able to provide privacy to UK subjects.
>when you have time, clarity, and focus to do it.
i thought this a joke, lol
On personal level, you have to choose whether your priority is privacy or convenience. If its privacy, no whining about 'I want this and that and I am too lazy to rollback' is relevant.
Never trust US services, 3-letter agencies are endlessly greedy to fill your profile with another tens of thousands of data points. As do all advertisers all around the globe. As do (with various success) all other governments and private companies who have something to gain, HDD storage has never been cheaper and all personal data are worth gold and beyond.
Or if you have to use them, use your own encryption with strength to not be broken for next few hundreds of years, to stand a chance. That is, if you actually have something to hide, but I have never met a person who really doesn't :)
I have done all this. All inhad to do was provide my passport scans, fingerprints, photos of my face, phone number so now I can use tencent cloud in china! /s
Sounds more like people need to de-UK. It's going to be a problem with any company or technology.
It's more likely to be a problem with Apple (and Google) because they have put themselves in a position where they are a gateway to everybody. There are multitudes of online storage providers outside of the UK's reach and jurisdiction but 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
Not according to the UK, lately. The problem is still domestic. UK wants to exert this control over any service a UK citizens happens to use, whether they have a UK presence or not. Same with the ID/Age verification stuff.
Moving away from Apple and Google probably is something they should do, but it's not going to be a solution to the problem of the UK government's overreach.
UK citizens need to turn their attention inward against their government.
To be clear, Apple and Google both have huge UK presence. I don't know the extent of Google, but Apple has offices with thousands of people working in them. Compliance with what the UK wants in this regard is not optional.
What the original poster does is completely misplace blame under the guise of "clever" writing - blame should be assigned squarely on the idiotic policies of the UK government.
Google has been building a huge new office in London for a bit now, with the apparent intent to move most of their EU presence there.
> 0% of iPhone users back up to them because of technical limitations that inhibit iCloud competitors or any compatible storage solution.
To clarify, by "technical limitations" here you don't mean "it's not possible with our current technology", you mean "Apple purposely blocks this".
Allegedly it's deliberate, according to a pair of legal actions they face in the UK (hearing in 9 days) and US (hearing in August 2026).
> 13.1 a set of technical restrictions and practices that prevent users of iOS from storing certain key file types (known as “Restricted Files”) on any cloud storage service other than its own iCloud and thus ensuring that users have no choice but to use iCloud (a complete monopolist in respect of these Restricted Files) if they wish to meet all their cloud storage and/or back up needs, in particular in order to conduct a complete back-up of the device (“the Restricted File Conduct”); and/or
> 13.2 an unfair choice architecture, which individually and cumulatively steer iOS Users towards using and purchasing iCloud rather than other cloud storage services, and/or limit their effective choice, and/or exclude or disadvantage rivals or would- be rivals ( “the Choice Architecture Conduct ”). See further paragraphs 6 to 9 and 97 to 132 of the CPCF.
https://www.catribunal.org.uk/cases/16897724-consumers-assoc... (via summary of ruling of the chair)
> 30. By sequestering Restricted Files, and denying all other cloud providers access to them, Apple prevents rival cloud platforms from offering a full-service cloud solution that can compete effectively against iCloud. The cloud products that rivals can offer are, by virtue of Apple’s restraints, fundamentally diminished because they can only host Accessible Files. Users who want to back up all of their files—including the basic Restricted Files needed to restore their device at replacement—have but one option in the marketplace: iCloud.
> 31. There is no technological or security justification for Apple mandating the use of iCloud for Restricted Files. Apple draws this distinction only to curtail competition and advantage its iCloud product over rival cloud platforms.
https://www.courtlistener.com/docket/68303306/felix-gamboa-v... (via document 1 the complaint)
> they are a gateway to everybody
They are, and most time this allows them to abuse you. But what do you think happens once you that gateway is blown open, isn't your front door next?
> There are multitudes of online storage providers outside of the UK's reach and jurisdiction
What I said above means that once you normalize the situation that providers have to open the gate to your yard whenever the state comes knocking, the state will just come knocking directly at your door. In other words I'm not sure the state will stop in its pursuit of access to your data when it can just incriminate trying to evade the law by storing it out of reach.
> But what do you think happens once you that gateway is blown open, isn't your front door next?
Yes this is the way policing should work, if they think you have done something they knock on your door rather than go to Apple and Google and compromise the entire population all at once through the convenience of their monopolies. Bonus points if a judge needs to grant them the privilege of knocking on your door too.
> Yes this is the way policing should work, if they think you have done something they knock on your door [...] Bonus points if a judge needs to grant them the privilege
How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"? They went after the gatekeepers because they wanted a one stop shop for accessing people's data. They will look to take the same easy road in the future and there's nothing easier then framing any attempts to keep data out of UK's reach as a crime. They get your data or get you for not providing the data.
The law will be "stupid", tech savvy people will find ways around it. But it's enough to throw a or a noose around as many people as possible and tighten as time goes by. Authoritarianism 101.
> How exactly would they come after you if your data is "outside of the UK's reach and jurisdiction"?
By suspecting you of a crime first, then they can establish access to your device through legal due process and access the data on your device or imprison you for not facilitating it. Same thing they do with computer passwords and whatnot.
It's an Apple problem, because with libre tools you can run your own software to circumvent this law.
You can run your own software, but if asked by UK authorities to provide the keys/password and you don't comply you face prison time.
The majority of apple and android users can't run their own libre software, until libre software is as easy and seamless to use as the comparables.
There's more good reasons to de-Apple besides just residing in UK.
Ah yes, 70 million people find a country they are eligible to move to, quitting their jobs, uprooting their families. Definitely the most straightforward fix. Thankfully other countries have no problems either, or they'd have to leave from those too!
The actual straightforward fix isn't available to us - namely, we aren't due a general election until 2029 and right now the "good guys" are in power, so it's not at all clear that anyone would even offer to reverse this TCN if they were elected instead, in 4 years time.
At least the US hasn't postponed the general elections to keep the unpopular party in power.
https://www.local.gov.uk/our-support/devolution-and-lgr-hub/...
Neither has the UK government.
* It wasn't the general election.
* They offered local councils the chance to request it if they were going through a reorganisation or devolution process.
* 18 councils requested and 9 were accepted as justified.
* And even those are only delayed until May next year (one year after the rest of the UK).
So to be clear the UK government not only didn't postpone the general elections but half the councils who requested the local elections were postponed were denied, with the other half having reasons and still doing it a year later anyway.
And all that is actually covered in the page you link to.
Fact check - the UK hasn't postponed the general election.
Your link points to _some_ local council elections (the people responsible for bin collections, parks and care homes) and the extension has been requested by the local councils themselves.
I wish they would help get as many reform councils as possible. Given how incompetent they have been in the ones they did get elected, I think it would put a damper on the enthusiasm of their supporters.
Granted it would be more impactful that to stop using Google and Apple services.
I do not believe she is, in fact, "that one".
https://www.google.com/search?q=heather+burns
https://en.wikipedia.org/wiki/Heather_Burns
It’s a joke
> You need to start that because, as we recently learned, at some point in the very near future Apple is withdrawing its Advanced Data Protection (ADP) feature from the UK altogether as a result of the Home Office TCN through the Investigatory Powers Act.
So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I can encrypt anything and store it in anything that provides storage. Why are people acting like "end to end encryption" is a feature you need a cloud service to provide to you. Rather the opposite - it's really something you can only do yourself.
Sure, but almost no one is managing their own keys and knows enough about the various e2ee algorithms to make these decisions on their own.
Do you know of a good piece of software or tool that lets a layperson interface with any cloud storage provider?
The closest I've found is VeraCrypt, which is near the edge of what I'd call layperson-friendly. But if you store a VeraCrypt drive on the cloud, you'll need to re-upload the entire encrypted file--usually quite large--every time you change anything at all. That's a _lot_ of bandwidth, and likely to be quite slow to sync.
https://github.com/restic/restic
not exactly for a "layperson", to be honest, but easy enough for someone familiar with a command line
And you must then give the password to your data.
https://thblegal.com/news/can-i-be-prosecuted-for-failing-to...
https://www.ilfattoquotidiano.it/in-edicola/articoli/2025/01...
etc.
This seems like a job for a truecrypt style system. Either you do it at a file-level, or you have it split into (say) 10MB file chunks, and if you want to access a certain file you have an encrypted local db that acts as a magic decoder ring ("file test.csv is spread across CLOUD1.DB CLOUD3443.DB CLOUD132.DB").
Combine that with steganography (Enter real_password, and test.csv is a list of bank accounts, enter fake_password, and test.csv is a list of apple store locations, enter random_password, and it decodes junk). Maybe combine that with multiple layers of passwords (one ring to rule them all, except certain files).
Obviously, you'd want to steganographize the decoder ring as well.
In the extremely unlikely event that I'm compelled to by a judge, yes. Or if someone chooses to beat me with five dollar wrench, of course. And even then A) it can't happen without my knowledge and B) I have the option of refusing and bearing the consequences.
I didn't say it solves every problem, just that it's the only way to have proper end-to-end encryption.
> So, a UK-only advice, and it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
I suspect it's because whilst other services would be affected we only know about Apple currently and, thanks to iOS and Mac, a large percentage of the population will be using Apple by default for the services impacted. Only Google (Android) and Microsoft (Windows) really overlap in that regard.
> So, a UK-only advice
Not for long
> So, a UK-only advice
So what?
> it strangely assumes that any other service in UK wouldn’t be bound by the same laws.
From the linked article:
> I’m not going to tell you where to move your stuff other than to say that if you’re moving it from one big tech company to another, you’re just being daft. Likewise, if you’re moving your stuff to a non-e2ee service, don’t bother. If you need an e2ee service try Proton. They have a Black Friday sale on.
> So what?
The title felt like there was a greater issue with Apple specifically. There wasn't. There was a greater issue with the new UK laws and cloud storage systems. I think people deserved a clarification before getting wound up about it before reading the article.
Yes, it's nothing to do with Apple per se - any major E2E provider would be under the same attack. The problem here is UK government is drunk with power and doesn't want their citizens to have any privacy rights, and UK citizens are largely ok with that, as evidenced by them keeping to elect such governments. Apple is just the most prominent target of the attack - eventually, they will try to attack smaller targets still, and make usage of the strong encryption as hard as possible, maybe outlaw it completely and mandate government key escrow. They already tried it in many countries, and UK seems to be very ripe to try again.
The issue is with Apple specifically in the sense that they have been offering a superior E2EE cloud storage service that will soon be denied to UK residents (IIUC, E2EE isn't offered by their competition e.g. Google, Microsoft). But the article goes out of its way in its first section to note that Apple isn't in the wrong at all here:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
It is, if you care about the issues the author evidently cares about, "time to start de-Appling". I am a satisfied ongoing customer of Apple and I didn't find this headline to be the least bit inflammatory. It is, at worst, minor clickbait—but it's not really bait at all, since the contents of the article match the headline.
FYI, this is not about a law, this is about a Technical Capability Notice. This is a thing the UK government is able to issue to a specific company or companies, that require them to implement technical measures to enable data collection. This applies only to the company/ies that the notice is issued to.
That could be one of them, some of them or all of them, but it's not really a law that automatically applies to all of them.
Everything a government does is about a law, but, even if only Apple had received this notice, why would it change the unfairness of singling out Apple? Did UK government issue this request as their final request of this kind? Did they forbid any further requests to be made? Did they single out Apple out of something specific to Apple Inc (or, say, United States) or did Apple happen to be just too visible?
Singling out Apple in the article's title sends the wrong message here. The author should have gone with something along the lines of "UK residents should stop using E2EE cloud services". Current title implies there might be a safe E2EE service in the UK. Heck, they even claim that in the article: "If you need an e2ee service try Proton" as if Proton is exempt from getting a notice from the UK. It's not.
> > Otherwise, please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
So American companies are complying UK laws, and the conclusion is that UK citizens should "de-American"...?
Am I reading it wrong?
No, you got it right. Anti-Americanism is one of the few canards that the UK government can use as a boogieman to force through their most questionable policies.
One of the most shocking things about Europe when I have visited is what your average European (or Brit, since I guess they don't call themselves European anymore) thinks the US is like (even ignoring politics, just basic standard of living stuff). They've never been and probably will never be able to visit so all they know is what they've been told. When they do visit, they return with a much poorer opinion of how their country is doing. That's why the "I was lied to..." clickbait is so common in European made US travel videos now.
Something's wrong with the CSS on this page. The end of every line is cut off.
.site-content .post has `overflow: hidden;`, .site-content .entry-content has `max-width: 965px;`, and .wide-content has `margin-right: -34.0740%;` Disabling the margin-right or, preferably, the max-width rule will fix the layout. Or make your browser less than 1700px wide.
(Crazy rats nest of CSS rules, I assume this is a wordpress/wordpress template thing.)
Ahh, just saw this after posting my comment. Yes, it appears that at 1700px or greater it cuts off text. Shown in this video: https://cs.joshstrange.com/BB60xzBW
Yes, same issue for me. The negative margin-right is causing the issue:
If you resize the window to a narrower width, it will wrap more normally.
Same for me. You can get around it by zooming in.
Apple obeys the law. Policians set the law. You vote for politicians.
So nu, it makes no sense to blame Apple here.
Unlike most writing about politics, the article isn't arguing that 'those are the bad people over there'. The article describes a current aspect of reality and how it came about, and suggests a way of responding to that reality.
The right way to respond to this reality would be to stop UK government from being insane by electing a more sane government. Stopping using iphones is going to help only for a short term - once encryption is de-legalized, they will come for everybody who they deem worth coming for, sooner or later. If it'll require introducing licenses to run encryption software and mandating key escrow, they'd do that. Yes, you still would be able to sneak in encrypting software on USB drive hidden in your... let's say, pocket. But the mere fact of using it would make you a criminal then. That's the natural progression of where it is going, unfortunately.
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
I don't think there's any blaming of Apple going on here. This is about dealing with the practical realities of the circumstances for people in the UK.
It must be nice to live somewhere that has politicians that represent the will of the people enough to have a take like this. Where I live, your vote only counts if you have enough money.
You're asking for a monkey's paw.
The current ruling party in the US has given its voters exactly what they think they wanted, and it's a fucking disaster.
Because no matter who they vote for, they get this. The previous ruling party hasn't had a real primary since 2008 (and didn't even go through the motions in 2024.) H. Clinton makes a fairly good case that even that one was fixed (because they knew the best horse to bet on.)
No matter who you vote for you get Hillary Clinton's governance, though. She's become very complimentary about Trump's foreign policy.
Apple obeys the law. They operate in countries where you can not vote.
The writer isn't blaming Apple.
The title certainly disagrees.
No, it doesn't.
If I get up in the morning and say "time to get out of the house" I am not blaming my house for anything; I am simply articulating that I want or need to be somewhere else, for whatever reason.
Eh, the whole "de-Brand" lingo comes from "de-Googling" which has unambiguously blamed Google for the act. The use of the same type of terminology automatically implies the same set of circumstances.
When you say "time to de-CocaCola" while all soda products are susceptible to a certain health hazard, you can't say "Obviously, CocaCola isn't being blamed here".
The analog of your example would be "time to get out of the cloud" for the article.
> the whole "de-Brand" lingo comes from "de-Googling"
Which no doubt stems from more practical usage, like "de-worming". That does not imply that there is blame to go around. You are not blaming the worm — you just want rid of it because it is not something that is working for you.
The issue is specific to Apple! IIUC they're the only mainstream cloud storage provider that provides E2EE, and I'm sure many of their customers chose them over their competitors for that reason.
I does not in the slightest. Rather, It suggests it's time to start removing Apple entanglements from your digital life, for reasons that are described in the article.
See my sibling comment.
The frog refusing to carry the scorpion is not to blame the scorpion for their condition but to recognize that they are a scorpion and behave thusly.
Did you read the article? She doesn't blame Apple.
Sixth paragraph: "But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me."
England has been speedrunning the dystopian surveillance police state for a while now, through numerous governments. Voting is pointless.
Same (but different) in Denmark where politicians vote to give themselves more money[1], snoop on everything[2], violate our constitution unpunished[3], delete evidence of corruption[4], open the borders[5], etc. etc. etc. I used to care - a lot - I really did. But I'm done.
[1]https://www.dr.dk/nyheder/politik/ny-aftale-politikeres-loen... [2]https://www.justitsministeriet.dk/pressemeddelelse/i-dag-tra... [3]https://www.information.dk/indland/2020/12/jurister-ja-grund... [4]https://www.dr.dk/nyheder/politik/politisk-flertal-presser-m... [5]https://integrationsbarometer.dk/tal-og-analyser/INTEGRATION...
In general, if voting had the power to change much, it would be illegal. Rulers allow voting to change a few things, but never the things that benefit themselves.
Might come across as pedantic, but its important, "the UK" not "England". Confusing the two can upset people, especially those from the rest of the UK.
Personally I do not think its just the UK and Denmark, its pretty much everywhere.
I specified England because I don't know what's going on in the rest of the Kingdom. Might be just as bad, I dunno.
The surveillance laws are all UK wide AFAIK. Some policy with regard to policing is devolved so there might be some small differences in how they are applied, but it is essentially just as bad.
> Apple obeys the law
No, they don't:
https://news.ycombinator.com/item?id=45854441
https://news.ycombinator.com/item?id=44529061
https://news.ycombinator.com/item?id=45492410
it does if you're clickbaiting via ragebait, like she is?
I think it’s a stretch to say the author is blaming Apple in the title and she explicitly calls out in the very first section:
> But I will say that the shutdown of ADP is Apple being on the right side of the geopolitical fight, as inconvenient as that may be to you and me.
> Hi, I'm Heather Burns — yes, that one.
Ok, I was going to ask, but taking "yes, that one" seriously I suppose confirms the author is the actress Heather Burns best known for playing the best friend role in a string of successful romantic comedies.
https://www.imdb.com/name/nm0122688/
https://en.wikipedia.org/wiki/Heather_Burns
Kind of weird to be reading some blog post about tech privacy from such a well known actress.
Am I missing something?
The author is a different Heather Burns from the actress.
https://heatherburns.tech/about/
If you scroll down you’ll see an image of the author.
It's not that one.
> Am I missing something?
A joke? A fun tagline? A little zing for under the heading?
https://heatherburns.tech/
I wouldn't classify "best known for playing a side character in some 90s movies" as a well known actress. Also, different Heather Burns.
I'd put her in the top 1% of actors.
She might be, but it might also be the case that there are so many actors, to be "well known", you need to be in the 0.001%
I probably have seen movies with her in it, but I have no recollection of her as an actor. I did recognize her husband as Samir from Office Space, though I couldn't tell you his name.
Maybe it is better to de-tech a bit. Go back to some older decentralised stuff.
Like buy cd's and blu-rays instead of digital/drm locked/streaming service shit. Be an owner again instead of a renter.
It's all fun and games until you learn that physical media has a limited shelf life.
It’s why you archive the things you buy on physical media.
so does digital..
On a 1700px or wider screen your text is cut off on the right-hand side: https://cs.joshstrange.com/BB60xzBW
Apparently she's so thoroughly de-Googled and de-Appled that the page doesn't display correctly on Chrome on MacOS on my machine, cutting off part of the text on the right margin (manages to render correctly if I resize the window to a smaller width however)
Isn't Apple taking UK gov't to court over this, and the reason they have abandoned encryption for everybody is to avoid being forced to provide backdoors. On this you should be on their side, not against them.
just noticed your CSS has an issue on wide screens that cuts off some of the words at the end of a line, here's the culprit:
``` @media screen and (min-width: 1200px) { .site-content .entry-content .wide-content, .alignwide, .alignfull { margin-right: -34.0740%; } } ```
that margin-right is causing some of the content to move too far to the right and gets hidden in `.entry-content`
You can de-Google, de-Apple, de-Microsoft, de-bank, de-whatever, go live off-grid in a thatched hut in Sherwood Forest. But the government will spy on you all the same.
https://archive.is/8SI66 (to bypass HN hug of death)
> We are all liabilities to our own opsec now.
Always have been.
It's unfortunate that gross government overreach and corporate cooperation with it is what it takes for people to even recognize the concept of data privacy and data ownership is a thing, much less that they should do something about it and that their data is and never was "safe" in the cloud, no matter which corporate overlords walled garden you called home. Apple has never been an exception to this rule.
> Apple cannot disable ADP automatically for these users
Extremely interesting.
ADP means that you own the encryption key to the data and Apple can’t access it, so Apple being able to turn ADP off by itself would invalidate the whole point of the system.
In theory, sure, but that theory surviving practice (e.g. a G20 government bearing against it) is meaningful. E.g. they could push an OS update to automatically turn off ADP for impacted users, but they aren't.
IMHO Apple is actually being honest here. They cannot legally operate in the UK without providing a back door, so they are dropping the claim of ADP in the UK. This is letting the user know what's up, and might also help inspire a backlash against these laws. Apple needs to make it clear that they are being forced by UK law to degrade service.
Corporations can't really resist governments unless they're not operating in a given government's jurisdiction and therefore have nothing to lose. They can take things to court, but in lieu of a verdict or an injunction they have to comply with the law or they can be fined, have assets frozen, be de-banked or banned from processing payments, etc.
I'm sure there's services out there that will secretly comply and still claim to be secure.
There's also a lot of companies that will simply abandon security features like ADP or never develop them. Apple is going to the trouble of disabling it only for UK people not everyone, instead of just deprecating it. The latter would be less expensive and expose them to less legal risk.
If you really want security in the UK now you have to roll your own and do the encryption yourself. Honestly that's always the best security, since you can never be 100% sure a closed cloud or software vendor isn't messing with you.
"— yes, that one."
? Who is this person?
The person whom you went out of your way to reach out to.
Maybe this was intentional by the author to annoy Mac users, but the word/line wrapping is broken on the latest Firefox on the latest macOS: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0
Move away from the UK. This is a UK law forcing Apple to share your data if you live in the UK.
> please make sure you de-Apple, de-Google, and de-American Stack yourself when you have time, clarity, and focus to do it. Start today.
That's the message. It's high time. We can what-about-argume about what's E2EE and what Apple "pinky promises" isn't used or sold but the reality is that anything seated in the US may as well be a publicly open http for the right buyer (be it the US government, Saudi Arabia, Israel or whatever...)
Especially if you're in charge of customer data, you can't "just" setup something on a EU server if the corp is based in the US, those days are over now. You need to do the legwork.
Wouldn’t it be easier to just move away from the UK? (I jest, but actually…)
nobody is going to stop you leaving the UK.
its entering another country that suddenly becomes a real problem, and ofcourse, if you're in the UK, the only country worth moving to at that point is the US with (as I understand) quite stringent immigration restrictions.
in reality, if the US were to open their doors to the UK, holy moly - this entire country would turn into Ukraine overnight, with nobody but pensioners left. which actually isn't in either governments interest: obviously not the UK, but infact, the UK presents a source of cheap labour for the US: read any hackernews thread concerning tech wages in the UK, the comments are hysterical/diabolical ("you make HOW much!?" - "A fast food worker makes more..." - etc.)
so, the current state of affairs is probably a good business arrangement for both parties involved, and aren't gonna change any time soon.
No need to leave, move up north and wait for all the shenanigans to blow over. Hard to be annoyed at the government and the corporations when you're walking through the Yorkshire dales on a sunny day
Not as many easy paths anymore for a British worker, tech or otherwise, thanks to The Foolishness.
And the most popular choice -- the USA -- is off the table for the majority of Brits, I think, who cannot comprehend The Other Foolishness. (Mind you, the ones it encourages... I hope they follow their hearts)
What about the Republic of Ireland?
That is straightforward to the point that a British citizen can just go there and work, even go there and freelance.
(I have given it some consideration myself.)
De-appling is easy. I just don't have anything from them. Apart from the work laptop, but that is a problem for my employer, not me.
De-googling however is extremely hard. I have been slowly chipping away at it, but there are things I just have no decent option to (such as Waze and Android Auto).
Android itself is another problem. I have high hopes for a Graphene device.
De-Googling is also extremely easy, I haven't had a Google account in 10 years, I use uBlock to block the ads, DuckDuckGo for search and a Youtube app that downloads from it instead of using the website.
Perhaps the only thing I use directly is Recaptcha.
The bigger problem is doing both.
Maybe people in UK should de-stupidify their politicians.
the people are a lot stupider than the politicians. sorry but it needs to be said.
as for the MPs, theyre ok. not as stupid as most think. they are very self-interested and not in the business of 'rocking the boat'. strongly prefer managed decline than any risk taking that could result in things going sideways.
its easy to critique but truthfully the UK is structurally in a dead end (well ok, maybe not... but it does feel that way). but things could be a lot worse, and many don't appreciate that reality. having clean tap water and paved roads is pretty damn good for a country held up by fintech and scraps of last century's industry.
people calling for reforms have no idea what they're in for. Thankfully Reform was deployed together with Nigel Farage, God bless him, rolled in to do narrative control and provide a safe and controlled sponge for dissent. That guy is a 'fixer' for UK political radicalism - every time the crowd starts to have funny ideas, he magically appears and slowly but surely everyone goes back to their £32k/year jobs. I think he's 'retired' from politics thrice now.
truthfully, nobody does politics better than the Brits. but then again, they invented this game to begin with!
The two major parties are both supporters of the nanny state.
It's doubtful that we can, the "good guys" are in power right now.
Seeing as the UK is part of the 5 eyes alliance I wonder how long until this is attempted in the other countries
While waiting for this site to come back up can someone explain the word “appling”? Is that a typo?
In the context of the article de-appling is what you should do after de-googling.
'Appling' - using Apple products. In this case iCloud SaaS products I believe.
https://archive.is/8SI66 if you don't want to wait
"Apple-ing"
turning a name into a verb is common these days
You mean verbing a noun ?
Verbing weirds language.
The trees are really sneezing today.
Just to clarify, she's advocating people stop using Apple, quite literally the only big tech company with a slightly better focus on privacy compared to all the others and with a reputation for saying no to the latest authoritarian power grab by the UK government?
No, she's saying that due to UK legislation that Apple will no longer be allowed to offer e2ee and it's time to start moving your data off of their cloud services before you're forced to turn off ADP.
It's not an article about advocacy so much as the pragmatics an upcoming data migration.
Yes, she's advocating people stop using them for a few services if they require e2ee for those services. Why? Because apple will be removing e2ee for those services. She is also clearly advocating not to use another big tech company for those services. Source: TFA
Is it now effectively illegal in the UK for a company to provide end-to-end encrypted services to users?
From the article, I'm suprised at this unusual twist:
> What about that second TCN?
> On the 1st of October, the Home Office issued a second TCN against Apple for the same as before, but only for _British citizens’_ data. World-leading!
> Those who follow my work know that this phrase made me spew a double barrel of Glaswegian swearing. British citizens’ data, as opposed to British users’ data? The dividing line here is not e.g. being located in the UK or having registered an account here, but what it says on your passport? How is Apple going to know that, much less roll it out? (/s)
> Did Apple just publicly state that they’re going to be removing a security layer and adding a nationality check layer?
> We don’t know.
> We don’t know because as with the first TCN, that information only became available in the public domain due to someone leaking it to the media. That’s all there is to know. Everything else is confidential and NCND. There is nothing else to say because nothing else is known. If someone who did know something was sitting across from me right now, and they told me, they would be committing a crime.
Does that mean my non-UK citizen friends who are resident in the UK now have better privacy rights than UK citizens in the UK? Does it mean it's better to remain only a resident, than to attempt to obtain citizenship in the long run?