@saagar what stuff did you read? I haven’t looked into it, but I’m super interested in what it can be used for.

@saagar so you’re saying that since Apple controls the hardware, Apple could potentially violate the privacy guarantees in a way that isn’t verfiable/visible externally?

@saagar fully homomorphic encryption is pretty nice for this. Maybe you are referring to implementation details though, like just a bad setup of good technology?

@saagar yeah that's a fair take! People do use fhe but in real extreme situations only, as far as I know.

@saagar @jenniferplusplus
It seems in my ignorance here that there’s just a fundamental disagreement about the threat model: if you think that the Apple corporation in its entirety is non-malicious by definition — and if you’re an Apple exec, isn’t it? — the blog post makes a bit more sense. “You don’t have to trust us because you can trust us!”

If on the other hand you’re worried about the call coming from inside the house….

@saagar CDNs do a similar thing to this. With SSL.

#TheMoreYouKnow

@saagar if Apple's "TPM" is the Secure Enclave Boot Monitor then your Cellebrite malware cannot corrupt the measurement without bypassing SCIP https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web

@saagar I think their "solution" is "look if there's bug in our code, it would be found by the community" which assumes enough security researchers would care to "jailbreak" PCC servers