Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>you decrypt the report with your private key

Where would this private key be coming from when opening Find My on icloud.com (a website)?



From your keychain. Decrypted locally.

If you mean from another device other than one that your keychain is on, ie, a browser on a device you haven’t logged into before, you can’t.

You can get an active location through iCloud if the device is powered on or its last location before power off if the setting is enabled. But you can’t decrypt find my location reports without the private key, which is only available in devices you’ve logged into.


Websites can access my keychain? Since when?


What’s your actual point here? You seem to be trying to build up to something by asking me questions instead of RTFM.

You aren’t “sending” the key anywhere, you are downloading the report and decrypting it locally.


So you're saying that by logging into icloud.com and clicking on the "Find My" app, my web browser is downloading encrypted location reports from Apple's servers, and my web browser is decrypting them locally?


I’m saying that you should read the manual before asking such ignorant questions.

https://support.apple.com/guide/security/locating-missing-de...




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: