Attached: 1 image Deux articles du Parisien hier, suivis aujourd'hui d'un article du Figaro, ont lancé une offensive honteuse contre GrapheneOS, un système d'exploitation open-source pour téléphones,…
Read the original article
Comments
By johnwayne666 2025-11-2418:426 reply HN title: "France threatens GrapheneOS with arrests / server seizure for refusing backdoors"
LQDN: "Dans ces articles, la cheffe de la section cybercriminalité du parquet de Paris – à l'origine de l'arrestation de Pavel Durov – menace également les développeurs·es de GrapheneOs. Interviewée, elle prévient qu'elle ne s'« empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice »."
In the (very short) linked article: No mention of arrest, server seizure or backdoor, and a more nuanced take. Loosely translated summary: Some users have a legitimate need to protect their communications. IF we find links with criminal organizations AND there is no cooperation, then we might take action. They're specifically taking the approach of a case by case hack of single phones which might cost up to a million euros. Is this an issue if there's a warrant?
This seems blown out of proportion?
France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption. They've been saying that it's unacceptable not to have a backdoor in a bunch of these news stories they've gotten published by contacting the media. They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.
Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.
By johnwayne666 2025-11-2420:38 I appreciate the answer and the work on GrapheneOS! It seems there's a lot of work going on with the QPR1 release and this French matter doesn't make things easier for the team. Good luck!
Le Parisien is not the french state. I doubt you had any interaction with the french authorities at all.
You are unable to any legal recourse because none of your rights have been violated (yet).
By johnwayne666 2025-11-2420:24 To be fair, the quote in the second article is from Johanna Brousse who is behind the Durov arrest.
> "Mais ça ne nous empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice."
> “But that won't stop us from prosecuting publishers if links to a criminal organization are discovered and they fail to cooperate with the justice system.” (DeepL)
I understand this can be seen as more threatening even if the whole quote softens this a bit.
Only a total idiot would wait to actually be arrested, fined, or even harassed, before doing something about it.
By blueflow 2025-11-2422:23 Maybe he is going to get arrested, maybe we are observing an persecution complex.
By StopDisinfo910 2025-11-2421:25 > They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.
No, they haven’t.
You are letting your paranoia talk by widely amplifying the content of two newspapers articles in media affiliated with the far right.
I’m quite surprised by your reactions to be fair because both SkyECC and Encrochat were actually affiliated with organised crimes. As far as I know, GrapheneOS isn’t.
By whimsicalism 2025-11-2418:581 reply What is cooperation? How are they supposed to unlock the phone?
Unless you're saying 'compelled to use their private keys to publish an update' or something along those lines, in which case I would say the original headline is correct.
By StopDisinfo910 2025-11-2419:191 reply There is no law allowing the police to do that in France so that can’t be what cooperation means.
In the case of Telegram, it was about providing meta data when subpoenaed and moderating the unencrypted part of the application.
There is little reason to believe it is about anything else here.
Edit: Happy to hear what the people downvoting actually disagree about as usual. At the moment I have read a ton of mud thrown of France here - including someone from GrapheneOS implying they won’t hire from France unless someone relocate which must one of the most hilarious take I have ever read coming from someone from North America - with very little actually substantial shared, which, to be fair, seems to be becoming the norm here.
By mmh0000 2025-11-2422:36 Um.... There's no law doing what now? [0]
https://en.wikipedia.org/wiki/Key_disclosure_law#FranceLoi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.[22]
And how do you hack a single phone without a backdoor in every phone?
You use the signing keys for GrapheneOS to push an update to a single user.
By strcat 2025-11-2419:35 That doesn't offer a way to bypass disk encryption for data protected by the per-profile lock method. GrapheneOS cannot bypass the brute force protection implemented by the secure element. Google cannot bypass the brute force protection either because they designed the Titan M2 to require the Owner user successfully unlocks in order to update it. Weaver + insider attack protection for the secure element are among our hardware security requirements (see https://grapheneos.org/faq#future-devices for a list) which are being implemented by an OEM we're working with to provide a Pixel alternative. Weaver has a table of user authentication tokens mapped to random tokens used as part of the final key derivation. The authentication token is made with a hash of the initial key derived from scrypt, then the final key derivation in TrustZone combines both with hardware-bound key derivation to get the key derivation key. Weaver implements very aggressive time-based throttling. We have the original delays documented at https://grapheneos.org/faq#encryption but it ramps up faster now.
Aside from that, people can use a strong diceware passphrase on GrapheneOS due to us massively raising the character limit from 16 to 128. This is far more usable on GrapheneOS because people can combine it with fingerprint+PIN secondary unlock instead of fingerprint-only secondary unlock. 5 attempts are allowed for fingerprint unlock and the 2nd factor PIN being entered incorrectly counts towards that so even a random 4 digit one works well. That's convenient to use with the passphrase only having to be entered 48h after the last successful passphrase unlock and after reboot.
We also won't do it and cannot be forced to do it under Canadian laws. France's laws are going to be as relevant to us as North Korean laws once we've finished replaced our OVH servers in Beauharnois, Canada with a Canadian provider. France could currently force OVH to mess with our static website or mail server but we haven't done anything illegal so it would be outrageous and a diplomatic incident due to violating Canadian sovereignty during a time period when foreign server hosting companies being subject to foreign law is already in a recent news cycle. We're not waiting around for them to hijack our website though.
By LMYahooTFY 2025-11-2419:361 reply How is this different from a backdoor in every phone?
Some authority compels me to give them signing keys so now they can push anything they want, to any device they want?
They can't bypass disk encryption that way:
https://news.ycombinator.com/item?id=46038241
It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.
By SSLy 2025-11-2423:49 Just wanted to say: don't listen to people who say you're crass or wrong. GrapheneOS' actions and words are great and a boon.
By LMYahooTFY 2025-11-2420:02 Well that's really good to know.
Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.
By Hizonner 2025-11-2421:56 Once they've established a rule that you have to help them in all cases, what stops them from forcing you to push an update to a phone while the user still has it, to collect information from the phone while actually unlocked and in use?
By whynotmaybe 2025-11-2419:03 With a know bug in a product that you didn't disclosed.
https://web.archive.org/web/20221124085649/https://www.washi...
By sunshine-o 2025-11-2421:14 France basically always had very good PR portraying the country as "romantic" and a champion of freedom but reality has almost always been very different.
It was very unfree in the 16th century, what led to the French revolution, which was a nightmare, then military dictatorship. The 20th century was not much better and never forget France collaborated very quickly with the third Reich. Then De Gaulle has some sort of soft military dictatorship with a secret police and a total control of the media.
Today their police is very aggressive, their justice system highly politicized. And as always a dominating bureaucracy.
The state is getting more and more aggressive as drugs and violence are rampant.
It is by far the country in Europe I had the worst interactions with the police.
There are a lot of beautiful things to see there but today I try to avoid it for business and leisure.
By raverbashing 2025-11-2418:45 I agree
The thread linked is much more balanced than the title given
By delusional 2025-11-2418:45 > This seems blown out of proportion?
Par for the course on hacker news.
Remember when they arrested Pavel Durov? I don't buy their official reasoning.
Dear European friends, our leaders are tightening the screws. If we don't make our voices heard this is only going to get worse.
I mean, Durov has been trying to push for Russian puppets to get elected in Romanian and Moldovan elections, by pushing to everyone (at least in Romania, he might've just posted on twitter for Moldova) that the French government is trying to interfere in the Romanian elections. I mean, it turns out, Russia was, on behalf of the candidate he was talking about... so take from that what you will.
Oh, yeah, and he calls himself DuRove now. Hats off for that one, but I hope he rots in prison for advancing the Russian agenda.
I mean, sorry, but the EU essentially installed puppets in both Romania and Moldova, what are we even talking about here?
I'm sure you're very familiar with the politics of both countries, but tell me...
How is Nicusor Dan a puppet of the EU? More than Calin Georgescu? The guy who actively tried to stage a coup? More than George Simion? Granted, there's no PROOF he's a Russian puppet, but he's a far right twat that has views friendly to Russia.
How is Maia Sandu and PES a puppet of the EU? And... let's look at BEP. Voronin, Russia friendly ex President, he was very against Moldova trying to get closer to the West. And Dodon? The guy who is being indicted for treason, who's a friend of Plahotniuc (he stole 1 billion dollars from banks and fled the country)? Yeah, sure, puppets of the EU, vs corrupt fucking puppets of Russia.
I know it's easy to look at this stuff from the outside and say, oh, yeah, the EU is interfering in elections, but there's a lot of history here that you obviously don't have. I like Maia Sandu more than Nicusor Dan (his positions on gay rights were disgusting a while back, he now just stopped talking about them), but compared to the obviousness of the Russian support for their opposition, I think the fact that the EU supports them is just insignificant.
By cherryteastain 2025-11-2420:19 Remember when they just annulled an election when they did not like the result?
By TiredOfLife 2025-11-2418:301 reply I remember. It helped expose his lies about not traveling to russia and not collaborating with russian security services.
Durov had long claimed he was in exile from Russia and couldn’t return and that he was a UAE/French citizen. then records leaked that showed 120 border crossings from 2016-2021 and that he still held a Russian passport. One such border crossing was a flight from St Petersburg on June 18, 2020 which happens to be the same day that Telegram was unblocked in Russia… Lots and lots of smoke..
The Kyiv Independent article is a good summary.
https://kyivindependent.com/opinion-examining-telegram-found...
By dijit 2025-11-2421:51 I was hit pretty hard when Russia was trying to block telegram; I don’t buy that it was a coverup. And there is only a single (anonymous) source for that whole article.
That said, would be good to rely on no central authority and use Matrix instead; or at least put OTR/Ratchet on top of Telegram with custom clients.
TG does not seem hostile to third party clients the same way Whatsapp/Signal are.
It would otherwise serve the USA for people to prefer Signal over TG (due to jurisdiction).
By moffkalast 2025-11-2418:338 reply You know I didn't use to understand libertarians, but after years of watching boundaries being overstepped again and again I think I see the appeal of burning it all down and living in a cabin in the woods.
Like, in Europe we already live in a completely safe society in historical and geographic terms, what more do you fucking want? Security is beyond a laughable excuse for things like chat control. Power tripping elitists will never be happy until they have the entire population under 24/7 camera surveillance and can read every thought in our heads as it occurs. If you make crime impossible, you make free will impossible.
> I think I see the appeal of burning it all down and living in a cabin in the woods.
AFAIK, you're not allowed to live in a cabin in the woods in Europe.
By drewbug 2025-11-2420:28 Except in Finland :)
By Nifty3929 2025-11-2422:56 "... the appeal of burning it all down and living in a cabin in the woods."
I hope that's not what you think libertarianism is about. I'm sure there are libertarians who DO feel that way, but it's not a core tenet to personally isolate and live off the land.
Libertarianism sees not left vs right, but instead the people against the government. Libertarians focus on personal liberty and solving problems together, voluntarily, as individuals cooperating. A libertarian would say, for example, that if I think a bridge should be built, then I should either build it myself or convince other people to help me out voluntarily - but not use government to force people to help (via taxes, etc).
Libertarians are against force/coercion, and see government as the ultimate expression of force.
There are some loony libertarians, as there are of any political party, but most of us have pretty ordinary and mainstream beliefs and priorities.
By maxlin 2025-11-2418:37 The same reason there's only more regulations being piled on top of previous ones. Sadly only wars and similar catastrophes work as reset buttons for these things historically. A peace as long as the current one is somewhat of an untested ground
By capr 2025-11-2422:12 try it, like these people https://www.youtube.com/shorts/7iJDMU43iUk
By clhodapp 2025-11-2418:50 The libertarians that want to live in the woods have a point.
The problem is the libertarians that want to burn it all down and build a corpo-state.
By cmrdporcupine 2025-11-2418:412 reply I agree with your overall sentiment, except:
"Like, in Europe we already live in a completely safe society in historical and geographic terms"
Russia. Putin.
By moffkalast 2025-11-2419:11 I'm talking about our society internally, not potential external attacks on it. It's reasonably high trust and crime is rare outside a few outlier cities. We could not be further from warranting these sort of fascist style crackdowns. Ironically yes we could be spending funding used for domestic surveillance and bureaucracy on buying more Himars.
By YC666943749 2025-11-2418:482 reply [flagged]
By phba 2025-11-2421:48 This "joke" is neither funny nor original as it comes up on social media everytime someone mentions Russia as a threat to Europe.
Oh, look at that. A fresh account just to make this comment. What a coincidence.
By idiotsecant 2025-11-2421:40 What a surprise a 2 hour old throwaway post parroting barely coherent Russian propaganda.
By SilverElfin 2025-11-2418:511 reply It’s important to defend libertarian values even when things are good. Small violations of civil rights have a tendency to stick around and snowball into something worse.
By moffkalast 2025-11-2419:01 The katamari will grow until morale improves.
By delusional 2025-11-2418:43 > in Europe we already live in a completely safe society in historical and geographic terms, what more do you fucking want?
For people not to get killed, abused, and exploited? You don't sound like a "libertarian" you sound like an anarchist.
You know who has a large part of the population under global 24/7 surveillance right now? Google, Facebook, Microsoft.
By walletdrainer 2025-11-2419:05 > I don't buy their official reasoning.
Why not? Have you used Telegram? Before Durov’s arrest there was open drug trade everywhere, afterwards they started to actively ban groups.
By looobay 2025-11-2418:23 In the Pavel case, it involved child pornography groups on Telegram and the fact that they ignore a court order.
But I agree with you for the authoritarian logics in Europe (even America) with Chat Control and other actions like the French gov. just did....
Is it safe to assume, then, that Google and Apple already have backdoors in their operating systems as likely requested by many governments around the world (not least of which the one from their home country)?
Or is GrapheneOS the only one built securely enough to need to be leaned upon?
Either way, makes Google and Apple look bad and/or incompetent and GrapheneOS look like some kind of beacon of user protection / privacy rights / other things that are the opposite of the direction the world seems to be moving.
Every time I travel internationally I immediately get notifications for Android OS updates. I'm pretty sure they are for satisfying local regulations about the phone's behavior, including the topic at hand.
Interesting. I have never seen anything like that in many years of frequent travelling while using Android. Which countries did you see this in? And are you using stock Android or some vendor's version?
By estebank 2025-11-2417:28 Stock android. Traveling between US, Europe, LATAM and China.
I am not saying there are no backdoors, but this never happened to me.
And I am an Android user since the first G1 phone.
By estebank 2025-11-2417:53 I'm currently abroad with a notification for "November Pixel Drop update available" that appeared the day following my arrival. I believe I had already installed the November update back home earlier in the month. Every time I go back home, a couple of days later I get an update too.
I'm not claiming to know of any foul play, but it has happened several times, enough for me to notice. If it was related to time of the month, it wouldn't be as consistent. It might be that you need specific combination of phone, configuration and network provider for this to happen. Maybe I've been p0wnd, but I've noticed this behavior since at least the Nexus line.
By poisonborz 2025-11-2418:53 Anecdotal. Why wouldn't they deliver these via Play Services update? It's easy to dismiss an OS upgrade, background updates can't be really blocked.
By teaearlgraycold 2025-11-2417:172 reply This has never happened on my iPhone
By hirako2000 2025-11-2417:211 reply Apple charges a storage tax so why not ship all that data by default
By gruez 2025-11-2418:40 Every other OEM charges a "storage tax" too?
Apple has already taken the US government to court and forced them to back down after the FBI demanded that they insert a backdoor into iOS.
> In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789.
https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
This year, Apple took the UK to court and announced that they would strip encryption features from UK users before they would give in to UK demands for an encryption back door before the UK backed down.
If Graphene has the money to do so, they should fight it out in the courts.
By izacus 2025-11-2421:33 There's a reason why they haven't had issues since then, not even with Trump.
And it's not because they're hiding your data. See their disclosure report for data requests.
By rstuart4133 2025-11-2420:521 reply > Is it safe to assume, then, that Google and Apple already have backdoors in their operating systems as likely requested by many governments around the world
I don't know whether it is safe to assume. But if they are complying with Australian law, specifically the Assistance and Access Bill (2018) [0], then they must write an undetectable backdoor for the Australia government if asked (that's the assistance the bill's name refers to), and push it any phone the government demands (that's the access bit).
The only way to avoid this as far as I can tell is to run a free open source distribution. Unlike the paid systems such Windows and iPhone, the free distributions do not have the "billing relationship" their customers the proprietary companies are so fond of. It's that billing relationship that allows them to target only the devices owned by a specific individual.
The Australian's must do that targeting because that law demands they don't introduce a systemic weakness into every phone. Any sort of backdoor is considered a systemic weakness. I dunno what laws other countries operate under, or how well they follow the laws they do have, but I'd be surprised if Australia wasn't following its own laws. That means if your device runs a true open source distro that doesn't track it's users, in Australia its truly your device.
[0] https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...
By BLKNSLVR 2025-11-2421:49 Viva FOSS!
By TheCraiggers 2025-11-2417:101 reply The EU doesn't seem to shy about forcing Apple or Google to do things, so I don't think it's a size thing.
By teaearlgraycold 2025-11-2417:181 reply France isn’t the EU though.
By TheCraiggers 2025-11-2417:27 True, but from what I understand France and Germany quite often get their way in the EU.
By 0manrho 2025-11-2421:53 > Or is GrapheneOS the only one built securely enough to need to be leaned upon?
Probably has something to do with it, but GrapheneOS doesn't have the money or resources that Google/Apple/etc has to lobby/bribe/delay/obfuscate/navigate/drawout/etc such attempts.
By hamp95 2025-11-2417:43 It likely not due to any backdoors present, more so due to weak default setting plus alternate routes to the data. Things like backups being unencrypted either by default or when uploaded to the cloud. you don't need to ask for a backdoor if most users don't have encryption enabled.
Of course the likes of Apple and Google are complying with lawful orders from the governments of countries they do business in.
Businesses that don't generally cease operating in said country. LavaBit was a highly visible instance of a business shuttering itself instead of complying with such lawful orders.
That's also the ploy of basically every VPN provider out there. They say they don't store or give out data, but they still adhere to lawful requests. That necessarily includes requests from countries where they legally offer their service, even if their HQ is in some country with lax legal frameworks. It also means, if there is a legal way to coerce them into recording your data or handing it over, they will do so.
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-wit...
They also mentioned they only respond to court orders (ie. not just because the cops asked nicely), will try to appeal as well. That's better than most ISPs, who would either give up data without a court order, or won't bother appealing.
The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know. NordVPN in particular removed their warrant canary without informing their users and only gave some retroactive PR answer when people rightly started to freak out.
The simple truth is that if a VPN provider hasn't been shut down by authorities after more than a year (like VPNLabs was), then they are basically guaranteed to be giving out your data to authorities at this point. The legal situation in most western countries does not allow complete online privacy for normal, law-abiding citizens.
By gruez 2025-11-2423:01 >The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know.
Are there any VPN providers that claim they'll take the metamorphic bullet for their clients? I feel like you're setting up unrealistically high expectations where a VPN is like "we don't log or sell your data!", and you retort with "yeah but what if you get a secret court order or the government threatens your family?". I think nordvpn's response is consistent with what reasonable people's expectations are. Otherwise you can apply this logic to all sorts of interactions and find it quickly breaks down, eg. talking to a friend:
>"do promise you won't tell anyone?"
>"yes"
>"yeah but what if government subpoenas you, and grants you immunity so you can't plead the fifth?"
By SoftTalker 2025-11-2417:201 reply Yes, it's safe to assume that companies follow the law in countries where they operate.
By BLKNSLVR 2025-11-2417:33 So we need GrapheneOS to stand their ground more than ever!
My country has this: https://www.schneier.com/blog/archives/2024/09/australia-thr...
Which kinda ruins it for everyone.
Additionally, I would assume/guess that if it's some kind of coordinated campaign involving media then there is no law to compel GrapheneOS to do this. If they're was a law then that would be the pressure, as opposed to media articles.
What that then implies is a campaign to convince the public a law is necessary, ie. they're already laying the ground work for support for the next version of a Chat Control bill.
I seem to remember the FBI attempting to compel Apple to decrypt a criminal's iPhone, only for Apple to refuse and claim that it wasn't possible. I'm not sure exactly what happened after that. I think it was suspected that the NSA was able to do it by exploiting an unpatched zero-day. So they didn't need Apple's help anymore and the issue was dropped from the public's eye.
There's a couple overlapping things here:
1. Apple can and does comply with subpoenas for user information that it has access to. This includes tons of data from your phone unless you're enrolled in Advanced Data Protection, because Apple stores your data encrypted at rest but retains the ability to decrypt it so that users who lose their device/credentials can still restore their data.
2. Apple has refused on multiple occasions, publicly, to take advantage of their position in the supply chain to insert malicious code that expands the data they have access to. This would be things like shipping an updated iOS that lets them fetch end-to-end encrypted data off of a suspect's device.
By GeekyBear 2025-11-2417:51 > Apple can and does comply with subpoenas for user information that it has access to.
When we are talking about data stored on a company server, you have no choice when you are served a valid warrant.
That's why Apple went all in on the concept of keeping sensitive data off their servers as much as possible.
For instance, Apple Maps never stored the driving routes you take on Apple's servers, but does remember them on your device.
By calvinmorrison 2025-11-2417:24 Not to mention, while apple will publically deny it, there are government agents working undercover at every major tech firm. They may or may not know. They certainly exist.
By JumpCrisscross 2025-11-2417:20 > remember the FBI attempting to compel Apple to decrypt a criminal's iPhone, only for Apple to refuse and claim that it wasn't possible
Apple refused “to write new software that would let the government bypass these devices' security and unlock” suspects’ phones [1].
> not sure exactly what happened after that
Cupertino got a lot of vitriol and limited support for its efforts.
[1] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
By pluralmonad 2025-11-2417:161 reply I always assume these public performances are merely performances and that no one hears about the actual dirty work.
By verisimi 2025-11-2417:24 And of course Apple is quite right not to miss the marketing opportunity, on behalf of the shareholders. While acquiescing to lawful demands of course.
By roywiggins 2025-11-2417:172 reply I don't remember Apple ever saying that it was impossible for them to do it, just that they didn't want to.
It was always kind of assumed that they could, by eg signing a malicious OS update without PIN code retry limits, so the FBI could brute force it at their leisure, or something similar.
By mattnewton 2025-11-2417:21 They said it was impossible for them to build a backdoor into iOS that would only be accessible to legal requests from law enforcement, which is true in the strict sense. So law enforcement bought a vulnerability exploit from a third party.
> they could, by eg signing a malicious OS update
They successfully argued in court that being forced to insert code the government wanted would be equivalent to compelled speech, in violation of the first amendment.
As the Feds often do, they dropped the case instead of allowing it to set a precedent they didn't want.
> They successfully argued in court that being forced to insert code the government wanted would be equivalent to compelled speech
This isn't true, they never "successfully argued in court". There was never any judgement, and no precedent. They resisted a court order briefly before the FBI withdrew the request after finding another way into the device.
By GeekyBear 2025-11-2419:18 There wasn't judgement because the Feds dropped a case that would set a precedent they wanted to avoid.
Since there is longstanding legal precedent that corporations are people and code is speech, forcing a corporation to insert code that the US government demands is a violation of the first amendment.
By mewse-hn 2025-11-2417:14 That was show put on for the sole reason of the public seeing it.
By Enginerrrd 2025-11-2417:20 If you follow the things that have been disclosed / leaked/ confirmed when they’re 20+ years out of date, then yes the probability this is true is significant.
By mindslight 2025-11-2417:18 I recall there being a little more substance to it at the time. But looking back from where we are now, that is a succinct way of describing its results.
By Bender 2025-11-2418:48 That being JTAG debugging. Now there are greyhat groups discovering what they can do with it beyond bypassing the PIN at power-up. Honestly surprised phones are not being sold/marketed as having that disabled on both bluetooth and USB.
By anonym29 2025-11-2417:40 Google and Apple were infamously official data providers[1] of the NSA's illegal and unconstitutional (as ruled by a federal judge[2]) warrant-less surveillance program (PRISM[3]) exposed by Edward Snowden.
It's safe to assume that software provided by every large, publicly-traded, for-profit technology company incorporated in the USA cooperates extensively with US intelligence agencies, and therefore by extension, the "Five Eyes" alliance, at a minimum if not also the "Nine Eyes" and "Fourteen Eyes" alliances [4].
[1] Slide 6: https://www.eff.org/files/2013/11/21/20131022-monde-prism_ap...
[2] https://www.reuters.com/business/media-telecom/us-court-mass...
