Pages

Wednesday, June 12, 2019

Bogus Apple Sign-in FAQ from Grubes

From the “comprehensive FAQ” John Gruber links to regarding "How ‘Sign In with Apple’ Works:

From a security perspective, Apple offers a better option for both users and developers alike compared with other social login systems which, in the past, have been afflicted by massive security and privacy breaches.

Why would we believe Apple, whose fails keep on giving, is going to do any better than any other option? I mean, privacy-wise, I’m excited to have this option. But anyone who thinks any sign-in provider is going to give you 100% hack-free protection has another thing coming.

The advantage here is that, if Apple’s smart, a successful hack will get at most an Apple ID. And even that ought to be hashed. There’s no reason to expose any additional personal information as part of this scheme.


Also, btw, this is just flat wrong:

6) If I let Apple make up a random email address for me, does Apple now have the ability to read my email?

No. For those who want a randomized email address, Apple offers a private email relay service. That means it’s only routing emails to your personal inbox. It’s not hosting them.

Um, yes, Apple they can read your email as a relay service. Unless the email is encrypted, how can’t they? If you believe they’re not storing it, great, attack vector greatly reduced. But Apple, along with ANYONE else relaying your email from sender to your box can potentially read the contents of unencrypted text. And that’s all email typically is: Unencrypted text.

Email is inherently insecure. If you’re using https to transfer it, that’s great, but even then, Apple’s going to be on the other end of that https train. They will have the ability to read it, but it’d kill their “privacy” based marketing claims, so I’ll assume they’re being more careful than most companies with those zeroes and ones.

But if some nefarious admin at Apple wanted to read your relayed emails, they certainly could.