Apple’s defenses that protect data from being sent in the clear are globally disabled.
  • PennomiEnglish
    801 month ago

    The hell? There’s no reason to use plain HTTP instead of HTTPS.

    And symmetric encryption is wildly irresponsible as well.

    • @[email protected]English
      441 month ago

      Not for s second do I believe this was a accidental oversight.

      I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.

      • @kinsnikEnglish
        271 month ago

        i just can’t think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?

        • sunzu2
          71 month ago

          Sounds plain sloppy lol

          Badest AI, rookie opsec

        • fmstratEnglish
          129 days ago

          If forced to relocate servers to a US partner,it leaves an attack vector.

      • @trololololEnglish
        51 month ago

        Yep I’m with you.

        It’s so easy to use https with secure encryption. It’s the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.

    • @[email protected]English
      -111 month ago

      Depends on how much traffic you’re talking about. Encrypting/decrypting isn’t free.

      • PennomiEnglish
        281 month ago

        It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.