pull down to refresh

How Signal, WhatsApp, Apple, and Google Handle Encrypted Chat Backupswww.eff.org/deeplinks/2025/05/back-it-back-it-let-us-begin-explain-encrypted-chat-backups
546 sats \ 4 comments \ @k00b 12 May security
Communication between people with Apple devices using Apple’s iMessage (blue bubbles in the Messages app), are end-to-end encrypted, but the backups of those conversations are not end-to-end encrypted by default. This is a loophole we’ve routinely demanded Apple close.
Yikes. I didn't know that.
The good news is that with the release of the Advanced Data Protection feature, you can optionally turn on end-to-end encryption for almost everything stored in iCloud, including those backups (unless you’re in the U.K., where Apple is currently arguing with the government over demands to access data in the cloud, and has pulled the feature for U.K. users).
write
preview
related posts
138 sats \ 1 reply \ @nout 22h
Using iCloud for your backups is recommended by 9 out of 10 intelligence community officers... :D
reply
20 sats \ 0 replies \ @WeAreAllSatoshi 18h
lol yea, I do not back up my messages there. Can’t be concerned about E2EE foe backups if there aren’t any
reply
125 sats \ 1 reply \ @0f0d85d300 17h freebie
Mainstream messaging apps are privacy scams. WhatsApp and iMessage use closed code, making it impossible to verify their encryption claims. WhatsApp has already handed over conversations to authorities while selling the idea of security. All rely on centralized servers, a single point of failure and censorship. They collect massive metadata: your IP, who you talk to, when you talk, your complete social graph. The requirement for a phone number is absurd for anyone seeking real privacy, opening the door to SIM swapping and deanonymization. They're vulnerable to MITM attacks when central infrastructure is compromised, remember those American agents who fell for Russian phishing via Signal? XMPP with its federation allows interconnected independent servers and native GnuPG support, but SimpleX goes further: it eliminates permanent identifiers with its unidirectional channels, protecting even against metadata analysis that XMPP allows. No number, no email, no identifier whatsoever. True privacy requires control of infrastructure, not trusting companies that profit from your data Not your keys, not your data