Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

About a year ago, a SA from a certain three-letter agency who was pretty fluent in technology (our conversation largely centered around Bitcoin) mentioned that iMessage is not end-to-end encryption. That, to his understanding, it was client<-->apple<-->client TLS encryption.

I think I might actually side with the tin-foils on this one. In any case, iMessage isn't a (well-)documented protocols implementation, so I wouldn't rely on it for security.

Edit: Public scrutiny seems to back up the SA's claim [1].

1. http://imfreedom.org/wiki/IMessage



If true, that would be interesting because it means that Apple has been lying for years. See, for example: http://www.apple.com/pr/library/2011/06/06New-Version-of-iOS.... "secure end-to-end encryption"

The article links to the iMessage examination, but where does it back up your TLA associate's claim that end-to-end is a lie?


Your URL is broken. The full URL is:

http://www.apple.com/pr/library/2011/06/06New-Version-of-iOS...

From the URL:

  "iMessage also features delivery and read receipts, 
  typing indication and secure end-to-end encryption."
And thanks for the link!


In the page you link to, it doesn't seem there is an example where one client try to send a message to another client? Am I missing something?


Yeah I was looking for actual message content in there and couldn't spot it. Not saying that Apple isn't misrepresenting, but I couldn't spot proof that your messages are getting sent without encryption.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: