Tag: Alec Muffett

Apple Could Be Forced to Tear Down Its Walled Garden

The European Union (EU) has passed legislation that could be the single biggest threat to Apple’s walled garden.

The EU approved the Digital Markets Act (DMA) in March 2022, legislation that is aimed at so-called “gatekeeper” companies. Gatekeepers are companies that run a “platform,” have at least 45,000 active users, and a market cap of at least $82 billion.

The DMA’s goal is to prevent gatekeeper companies from preferring their own apps or services over those of competitors. In addition, the legislation would ensure users could choose the default apps of their choice.

The DMA went into effect Tuesday and could completely upend how Apple does business. According to MacRumors, the DMA could force Apple to allow third-party app stores, allow users to sideload apps, and even make iMessage compatible with other messaging services.

Although the DMA went into effect Tuesday, there are several implementation steps before companies are required to comply. Once the various steps are taken, companies impacted by the DMA will be required to comply by March 6, 2024, at the latest.

While the legislation promises to address many of the inequities with Big Tech, experts worry that it may cause as many problems as it solves. In particular, the requirement that companies make their messaging apps interoperable with competing services could open a Pandora’s Box of problems.

Because many messaging services use end-to-end encryption (E2EE), exports worry that the DMA will force companies to weaken, or outright break, encryption in an effort to pass messages from one service or another. There is also the possibility that companies may simply decide it is too difficult to maintain cross-platform encryption and abandon it altogether.

There are still many unanswered questions about how the DMA will operate, including whether it will hold up to legal challenges. In our previous coverage, we quoted a Facebook engineer’s statement to The Verge regarding the issues the DMA raises:

“If you went into a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I demand that you include a sushi platter from some other restaurant with my order,’ they would rightly just stare at you,” Alec Muffett, former Facebook engineer and internet security expert, said. “What happens when the requested sushi arrives by courier at McDonald’s from the ostensibly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?”

November 2, 2022
Experts Warn the EU’s DMA Will Break Encryption

Another day, another attack on encryption, with security experts warning the EU’s DMA legislation will likely break, or severely weaken, encryption.

The EU unveiled the Digital Markets Act (DMA) as its latest effort to crack down on Big Tech. In addition to severe fines, and even possible breakups, of companies that fail to abide by the legislation, the DMA calls for “gatekeeper companies” to make their services interoperable with smaller rivals.

Messaging, in particular, is one of the most obvious areas impacted by this clause, with services like WhatsApp, Facebook Messenger, and Apple’s iMessage likely forced to open up and work with competitors. Unfortunately, since all of these services provide end-to-end encryption (E2EE), experts warn there is no easy way for the the services to work with each and still maintain the level of security and privacy they currently offer.

In speaking with The Verge, one expert used a very low-tech example to illustrate the issues, especially with compatibility and accountability between various services.

“If you went into a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I demand that you include a sushi platter from some other restaurant with my order,’ they would rightly just stare at you,” Alec Muffett, former Facebook engineer and internet security expert, said. “What happens when the requested sushi arrives by courier at McDonald’s from the ostensibly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?”

Similar questions plague potential implementation of the DMA. How will messages be securely sent across various platforms? If two different services use two different types of encryption, which company will modify its service to be compatible with the other? Will services opt to simply drop encryption when sending messages across services? Or will companies adopt some method of decrypting and re-encrypting as the message is passed from one service to another, making the communication vulnerable to interception, and thereby compromising privacy and security?

Unfortunately, as has been stated time and time again, the encryption protocols people, companies, and governments rely on for privacy and security are not created, managed, or dictated by policies. They are, instead, bound and constrained by basic mathematics.

Unfortunately for privacy and security, the mathematics of the DMA don’t quite add up.

March 29, 2022
Twitter Deploys Tor Service to Help Russian Users Stay Connected

Twitter has deployed its own Tor service in an effort to help Russian users stay connected and bypass Russia’s media ban.

As part of its invasion of Ukraine, Russia has locked down the media and is tightly controlling the narrative being given to the Russian people. Social media networks have similarly been blocked. Twitter is now taking steps to circumvent that, with its own Tor service.

The news was announced by respected cryptography expert Alec Muffett on Twitter:

This is possibly the most important and long-awaited tweet that I’ve ever composed. On behalf of @Twitter, I am delighted to announce their new @TorProject onion service, at: https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion
-Alec Muffett (@AlecMuffett), March 8, 2022

Twitter also acknowledge support for Tor on its own website, citing it as one of its supported browsers.

March 9, 2022