this post was submitted on 10 Jun 2024
50 points (79.8% liked)
Apple
17452 readers
74 users here now
Welcome
to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!
Rules:
- No NSFW Content
- No Hate Speech or Personal Attacks
- No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread
Communities of Interest:
Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple
Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode
Community banner courtesy of u/Antsomnia.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No source-code, no trust. How good is my data on their super secure servers if they have the encryption keys.
How good is a 3rd party scrutiny if those are mandated and paid by Apple to make the audits?
They said people will be able to independently verify their claims.
You can't independently verify without source code. Will it be published?
Again you’re just talking out your ass. Anyway.
You almost certainly run all of your software on code you lack access to the source for. Firmware and etc has been completely proprietary for ages. There's even a tiny proprietary os embedded in almost every processor on the planet. Your statement lacks context of computing and shows a misplacement of trust.
https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
https://en.m.wikipedia.org/wiki/AMD_Platform_Security_Processor
Intel and AMD security platforms are shit, I know they exist, I don't trust them either, but the threat model is very different from this AI application. They don't upload my photos to a server out of my control.
They're not just security platforms. They're low level computer systems with entire bespoke operating systems and better-than-kernel level access to the system (networking, etc). You have no idea what you're talking about. Please inform yourself.
I may not be very well informed about it, I admit. Would you have documents to share ? All I seem to find about Intel security engine is about how closed it is and how it has been exploited by bad actors in the past to gain elevated privileges in targeted hacks. It sucks, that's for sure. But it doesn't have much to do with the mass data collection employed by Google, Apple, Open AI, etc.
I unfortunately don't have much to share beyond a decent understanding of compute systems at an enterprise scale (where we utilize these low level subprocessors to do various things such as gather asset data or deploy operating system configurations, see: https://en.m.wikipedia.org/wiki/Intel_Active_Management_Technology). The point I'm trying to make though is that current operating models don't allow for system trust. If you can't trust apple with high level data like that needed for llm models on-device (which is how they've configured it, requiring a specific user approval and interaction before forwarding minimal data to private process servers) then you shouldn't trust any device that lacks a complete open boot/firmware/ and OS stack because if these companies were going to exploit your data that egregiously, they already have the lowest level (best) access possible to a system that can transparently (without your knowledge) access encryption enclaves, networking, and storage. Truly open alternatives do exist by the way (see Coreboot, etc) but you're going to be looking at devices 10-20 years old since almost the entire industry runs proprietary at that level and it takes time for the less heavily funded community players to get up to speed.