Apple retains master decryption key for iCloud

13

Comments

  • hoganhogan Posts: 94member
    Hands down, Apple has the worst "cloud" implementation of all provider.



    Google is instantaneous; Apple is a crawl.



    Type any word into Google's Chrome or Gmail and you get instant feedback. Try search for anything on iCloud and it may return something after 5-12 seconds, or it will just hang and not work.



    Emails sent from GMail and iCloud arrives up to 1/2 minute earlier on GMail.



    Apple is way behind on cloud development and it's focus on having just two huge data centers as opposed to the hundreds for Google mean that Apple is at a speed disadvantage all the time.
  • benanderson89benanderson89 Posts: 580member
    Quote:
    Originally Posted by AbsoluteDesignz View Post


    I've never heard of Google actively selling YOUR data to any advertisers...perhaps you have some sources...



    Oddly I have heard that of Facebook though but that may be FUD as well...just like your post.



    Apart from the glaring fact of That's how their chuffing business model works.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by Suddenly Newton View Post


    I don't treat iCloud any differently from the Internet.

    Encrypt your data before you upload to iCloud.



    Problem: solved



    Except, as someone else already pointed out, there isn't a way to do this on any iDevice, which is where the power of something like iCloud comes in. At least to my knowledge, please correct me if there is a way for "regular folks" (non-jailbreak) to do this.



    Quote:
    Originally Posted by Jensonb;2088063And if you don't like it, don't use iCloud. If it [I


    really[/I] bothers you, maybe there's a startup in it for you.



    Just don't count on most people caring. Because most people do not, and despite what scaremongers will tell you, for the most part they have no need to.



    Because by using the derogatory term "scaremongers" you wish to minimize the legitimate concerns about massive centralized data stores with personal data for millions of people that has a backdoor?



    I do agree about the potential for a startup. Unfortunately, I suspect Apple would shut down anyone that tried to create a secure replacement for iCloud.



    What Apple could do that would be very cool, and probably very smart, is to build this kind of capability into the next version of Time Capsule. You can use the "more reliable" iCloud version, or the "more private" self-managed version. Seriously, all it would take is something like DAV server on the device and some kind of way to choose your data store on your clients. Win-win-win and a bit more ka-ching for Apple.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by sflocal View Post


    If you don't want any entity anywhere on the earth to potentially have access to your "stuff", don't give it to them. Period.



    Good advice. Ideally, most people probably shouldn't store anything in the cloud that they wouldn't want advertised on the front page of the New York Times. That includes personal calendars, address books, etc.



    Oh, but wait! That's the first thing people usually start sync'ing in the cloud when they use it.



    Quote:
    Originally Posted by sflocal View Post


    Relating to iCloud, I'm paying for the conveniences they offer and accepting that those conveniences exposes me to an element of risk. It's up to the consumer to determine if the pros outweigh the cons.



    Except in many cases you are exposing OTHERS' personal information to YOUR personal level of risk management and privacy standards. How big is your address book? By using this kind of service you are assuming every single one of them is okay with having their personal data (as much as you have in your address book) stored in the cloud. Do you have their home address, phone numbers, birthday, nickname, spousal relationships, etc.? Have you checked with each and every one of them if they're cool with that?



    Perhaps if you're a kid (teen/20s) most of your friends don't care, and I will posit that it is not just because they grew up with a smart phone in their hands, but because they don't yet understand the long-term problems of personal data in public.
  • tallest skiltallest skil Posts: 40,521member
    Quote:
    Originally Posted by daving313 View Post


    They have to let you start to merge things eventually.



    That's certainly not a given. And I don't see it being free if it does happen.
  • muppetrymuppetry Posts: 3,240member
    Quote:
    Originally Posted by Hogan View Post


    Hands down, Apple has the worst "cloud" implementation of all provider.



    Google is instantaneous; Apple is a crawl.



    Type any word into Google's Chrome or Gmail and you get instant feedback. Try search for anything on iCloud and it may return something after 5-12 seconds, or it will just hang and not work.



    Emails sent from GMail and iCloud arrives up to 1/2 minute earlier on GMail.



    Apple is way behind on cloud development and it's focus on having just two huge data centers as opposed to the hundreds for Google mean that Apple is at a speed disadvantage all the time.



    Based on testing from iCloud email to my own mail server, I'm consistently seeing delivery in less than 10 seconds from send. Your email delay may be elsewhere.
  • blah64blah64 Posts: 767member
    One more.



    Quote:
    Originally Posted by Marvin View Post


    I think it's justifiable for Apple to be able to decrypt synced content for law enforcement. My biggest concern when it comes to master decryption keys is that it's often just a matter of time before a 3rd party manages to obtain it, giving someone you don't trust access to all your personal documents and photos. It is less likely that Apple's master key would leak out than one inside a Blu-Ray device as access is far more difficult but anything's possible.



    Interestingly enough, while I do think this is a worry, it's less of a concern in some ways because even if the key is compromised, there's still the issue of access to individual data. You need the master key and then you also need the account/passwords as well. For each and every party of interest. Right?



    Another concern is that the fed gov't probably already has backdoor access via this master key. For me personally, I worry less about this, because I think they are the only party that has any business whatsoever scanning private citizen's data (but even still, only when they have reasonable cause to be suspicious). I'm not sure everyone agrees, but they should be aware of stuff like this.



    Quote:
    Originally Posted by haar View Post


    well, iCloud has become like your family that knows all your secrets...you trust your family to keep your secrets from outsiders.



    This is a very interesting idea that made me think about a few things.



    Do you trust your work with family secrets?



    Do you trust your family with work secrets? (you may have signed a contract disallowing this!)



    Do you trust the state or fed gov with all your personal data including your social relationships?



    Do you trust your third cousin's step-father with your immediate family secrets?



    Who do you trust with what? Regardless of "how secret" anything is, most personal data is compartmentalized, and for good reason. But remember, when you trust anyone with personal data it is subject to escape into public. Best practice is that you don't put everything in a single big data store. Especially not ones known to have master keys.
  • mac_dogmac_dog Posts: 480member
    Quote:
    Originally Posted by Tallest Skil View Post


    I'd prefer greatly if Apple didn't have that capability.



    you've got options. knock yourself out.
  • silverpraxissilverpraxis Posts: 290member
    Apple's user agreement regarding iCloud states what they have the capability of doing with the data you provide to their service. There's no secret conspiracy going on as it's spelled out to you if you were ever concerned about it.



    Also, I love when people complain about these things as if they're trying to protect sensitive legal (as opposed to illegal) data. Frankly, if we were all a little more open about our medical and financial data (I'm not talking about CC #s), the world might be a better place. Very few would be harmed by legal private data being released to the Internet. I believe that people complaining the loudest have illegal data, whether copyright infringing or evidence of human harm, they are trying to keep under wraps.



    The world needs to stop being so embarrassed and uptight.
  • Quote:
    Originally Posted by Cpsro View Post


    But Apple could turn on a dime if it had to and be just as bad.



    iCloud will never be the hub of my universe.



    Personally, I'm more interested in mass storage at home with internet accessible NAS. I don't like the idea of my data being anywhere (somewhere?) out of my complete control.



    There are exceptions, maybe, like vacation photos to share with relatives. But for the bulk of my data, I would not even consider sharing it with some huge corporation.
  • tallest skiltallest skil Posts: 40,521member
    Quote:
    Originally Posted by mac_dog View Post


    you've got options. knock yourself out.



    I love how I swing back and forth from Apple fanboy to anti-Apple troll simply because don't agree with absolutely everything that Apple does.



    For the record, I'm definitely an Apple evangelist. The definition thereof doesn't preclude disagreement.
  • hellacoolhellacool Posts: 759member
    Quote:
    Originally Posted by Dunks View Post


    Tim Cook knows about your 1.6 GB collection of LOLcats. The horror!



    Now do a story on how Facebook and Google sell your personal data for advertising revenue.



    I will follow suit for the "Dont Use iCloud crowd", if you do not like Google and or Facebook don't use it.
  • jeffreytgilbertjeffreytgilbert Posts: 324member
    Quote:
    Originally Posted by Tallest Skil View Post


    I'd prefer greatly if Apple didn't have that capability.



    yeah, I'm thinking about limiting my exposure by nuking my accounts on both google and iCloud. You really never know what could be seen as objectionable to the wrong audience.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by silverpraxis View Post


    Also, I love when people complain about these things as if they're trying to protect sensitive legal (as opposed to illegal) data. Frankly, if we were all a little more open about our medical and financial data (I'm not talking about CC #s), the world might be a better place. Very few would be harmed by legal private data being released to the Internet. I believe that people complaining the loudest have illegal data, whether copyright infringing or evidence of human harm, they are trying to keep under wraps.



    The world needs to stop being so embarrassed and uptight.



    Wow. Just wow. I suppose you're also of the mindset that it would be even more wonderful if everyone had wiretaps on their phones and every word was transcribed, archived, sorted, categorized and put out on the internet for all to peruse. For the sake of personal transparency.



    If you truly think medical and financial data should be public in any way, shape or form (except certain high-ranking public officials), I'm not sure there's even a reasonable way to respond to your post. In disagreeing vehemently with your notion, I am confident that I am in the overwhelming majority.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by I am a Zither Zather Zuzz View Post


    Personally, I'm more interested in mass storage at home with internet accessible NAS. I don't like the idea of my data being anywhere (somewhere?) out of my complete control.



    There are exceptions, maybe, like vacation photos to share with relatives. But for the bulk of my data, I would not even consider sharing it with some huge corporation.



    Now here's someone with a brain and understanding of history.



    I alluded to the same thing earlier (mass storage at home, accessible via internet), but making it easily, and safely integrate with iOS would be killer.



    Quote:
    Originally Posted by jeffreytgilbert View Post


    yeah, I'm thinking about limiting my exposure by nuking my accounts on both google and iCloud. You really never know what could be seen as objectionable to the wrong audience.



    This.



    I think the biggest thing people don't understand is that merely your relationships with others, your "social graph" to use facebook's terminology, is INCREDIBLY valuable and potentially dangerous to share publicly. Not necessarily just for you, but for your friends. And everything uploaded to facebook should be considered public. I won't even get into the possible scenarios, but many people in other countries have been harassed, arrested and killed merely from this kind of data leaking out.
  • jlanddjlandd Posts: 839member
    Quote:
    Originally Posted by hill60 View Post


    So tell us about the cloud service Google offered in 2000 when Apple first launched iTools?



    I'm fascinated to hear your rewrite of history.



    Not talking about who had the first online service. Rather who led the pack as the leading data miner. I don't feel any of Apple's iTools related services amounted to much of a Big Brother situation, and iTools didn't add up to much of a user data pool for Apple relative to other web services. I don't believe Apple led the way here but now are as big an offender as anyone.
  • rbelsrbels Posts: 29member
    Quote:
    Originally Posted by Tallest Skil View Post


    I love how I swing back and forth from Apple fanboy to anti-Apple troll simply because don't agree with absolutely everything that Apple does.



    For the record, I'm definitely an Apple evangelist. The definition thereof doesn't preclude disagreement.



    I agree. Constructive disagreement is always better for the growth of an organization, rather than placing our brains on the corporate hands thinking they do everything right. I dont want someone knocking my doors asking for explanation, if I rip my old CD track into mp3 and save it on cloud. I dont think what hollywood does is in best interest of consumers, so is someone handshaking with these studios.



    On a related note (to other posts here on selling data), did anyone see divorce related iAds on their devices? I didnt either! But those ads were definitely not selling Apple hardware. I also noticed iAds process still running when I switched the apps (have been killing them manually these days). Seems like there is some data analytics involved with my touch transactions anyways? Apple may not be selling them to 3rd party, but my data is being used anyways.

    Now I'll wait for the Apple trolls to 'advice' me to stop using Apple products. hmm..
  • jlanddjlandd Posts: 839member
    Quote:
    Originally Posted by genovelle View Post


    I guess the difference is Google isn't looking for illegal content to keep themselves in compliance, they want more info on your habits and personal information so they can sell it to advertisers. This is much worse!



    I'm not a big complainer about mining my user habits anonymously, as much as it's a drag to deal with the returns. I ignore ads and can't remember ever having clicked through on an ad that I didn't do to support the site (such as ordering from a store by clicking through a forum ad).



    But scanning my content and determining if it's objectionable is an entirely different thing. I doubt compliance has anything to do with it. Knowledge is king, and the more someone knows the better position they're in far in the future, in a circumstance not even on our radar yet. Only 15 years ago it would have been hard to find people who would run their online lives with the slightest concern for what this topic is about. It would have been like flying cars. It's a fairly new world and Google and Apple and others are writing the rulebook.
  • benanderson89benanderson89 Posts: 580member
    Quote:
    Originally Posted by jlandd View Post


    I'm not a big complainer about mining my user habits anonymously, as much as it's a drag to deal with the returns. I ignore ads and can't remember ever having clicked through on an ad that I didn't do to support the site (such as ordering from a store by clicking through a forum ad).



    But scanning my content and determining if it's objectionable is an entirely different thing. I doubt compliance has anything to do with it. Knowledge is king, and the more someone knows the better position they're in far in the future, in a circumstance not even on our radar yet. Only 15 years ago it would have been hard to find people who would run their online lives with the slightest concern for what this topic is about. It would have been like flying cars. It's a fairly new world and Google and Apple and others are writing the rulebook.



    Apple won't randomly scan through data. Firstly, it would be against god knows how many laws. Only if the account is a suspect of a crime or a threat the national security would Apple then be warranted to inspect the data.



    If they can't view the data until warranted by the authorities, then thats okay in my books unlike Google or Facebook that scan everything you do.



    IE: There is a 'like' button on a website. Even if you don't click it, Facebook know you've been there by checking the location of the button instance with the information stored in the browser cookies.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by jlandd View Post


    I'm not a big complainer about mining my user habits anonymously



    I agree with most of your post, but don't be fooled. Unless you take very strong, often inconvenient measures, very little of what you do online is anonymous. You may not see your name in big neon blinking letters next to your data, but it's all being married in the bowels of the data miners' server farms and sold to marketers and/or anyone else who wants this kind of data.



    Rapleaf, Bluekai and others like them are very, very good at building these profiles-for-sale. Here's an article from a marketer's perspective with some interesting details.
Sign In or Register to comment.