Apple retains master decryption key for iCloud - Page 2

I really can't wait til iCloud and MobileMe are fully combined. Just please then fix the Apple Store ID being different than my MobileMe ID (and thus my iCloud ID). They have to let you start to merge things eventually.

Hands down, Apple has the worst "cloud" implementation of all provider.

Google is instantaneous; Apple is a crawl.

Type any word into Google's Chrome or Gmail and you get instant feedback. Try search for anything on iCloud and it may return something after 5-12 seconds, or it will just hang and not work.

Emails sent from GMail and iCloud arrives up to 1/2 minute earlier on GMail.

Apple is way behind on cloud development and it's focus on having just two huge data centers as opposed to the hundreds for Google mean that Apple is at a speed disadvantage all the time.

Apart from the glaring fact of That's how their chuffing business model works.

Except, as someone else already pointed out, there isn't a way to do this on any iDevice, which is where the power of something like iCloud comes in. At least to my knowledge, please correct me if there is a way for "regular folks" (non-jailbreak) to do this.


Because by using the derogatory term "scaremongers" you wish to minimize the legitimate concerns about massive centralized data stores with personal data for millions of people that has a backdoor?

I do agree about the potential for a startup. Unfortunately, I suspect Apple would shut down anyone that tried to create a secure replacement for iCloud.

What Apple could do that would be very cool, and probably very smart, is to build this kind of capability into the next version of Time Capsule. You can use the "more reliable" iCloud version, or the "more private" self-managed version. Seriously, all it would take is something like DAV server on the device and some kind of way to choose your data store on your clients. Win-win-win and a bit more ka-ching for Apple.

Good advice. Ideally, most people probably shouldn't store anything in the cloud that they wouldn't want advertised on the front page of the New York Times. That includes personal calendars, address books, etc.

Oh, but wait! That's the first thing people usually start sync'ing in the cloud when they use it.


Except in many cases you are exposing OTHERS' personal information to YOUR personal level of risk management and privacy standards. How big is your address book? By using this kind of service you are assuming every single one of them is okay with having their personal data (as much as you have in your address book) stored in the cloud. Do you have their home address, phone numbers, birthday, nickname, spousal relationships, etc.? Have you checked with each and every one of them if they're cool with that?

Perhaps if you're a kid (teen/20s) most of your friends don't care, and I will posit that it is not just because they grew up with a smart phone in their hands, but because they don't yet understand the long-term problems of personal data in public.

That's certainly not a given. And I don't see it being free if it does happen.

Based on testing from iCloud email to my own mail server, I'm consistently seeing delivery in less than 10 seconds from send. Your email delay may be elsewhere.

One more.


Interestingly enough, while I do think this is a worry, it's less of a concern in some ways because even if the key is compromised, there's still the issue of access to individual data. You need the master key and then you also need the account/passwords as well. For each and every party of interest. Right?

Another concern is that the fed gov't probably already has backdoor access via this master key. For me personally, I worry less about this, because I think they are the only party that has any business whatsoever scanning private citizen's data (but even still, only when they have reasonable cause to be suspicious). I'm not sure everyone agrees, but they should be aware of stuff like this.


This is a very interesting idea that made me think about a few things.

Do you trust your work with family secrets?

Do you trust your family with work secrets? (you may have signed a contract disallowing this!)

Do you trust the state or fed gov with all your personal data including your social relationships?

Do you trust your third cousin's step-father with your immediate family secrets?

Who do you trust with what? Regardless of "how secret" anything is, most personal data is compartmentalized, and for good reason. But remember, when you trust anyone with personal data it is subject to escape into public. Best practice is that you don't put everything in a single big data store. Especially not ones known to have master keys.

you've got options. knock yourself out.

Apple's user agreement regarding iCloud states what they have the capability of doing with the data you provide to their service. There's no secret conspiracy going on as it's spelled out to you if you were ever concerned about it.

Also, I love when people complain about these things as if they're trying to protect sensitive legal (as opposed to illegal) data. Frankly, if we were all a little more open about our medical and financial data (I'm not talking about CC #s), the world might be a better place. Very few would be harmed by legal private data being released to the Internet. I believe that people complaining the loudest have illegal data, whether copyright infringing or evidence of human harm, they are trying to keep under wraps.

The world needs to stop being so embarrassed and uptight.

Personally, I'm more interested in mass storage at home with internet accessible NAS. I don't like the idea of my data being anywhere (somewhere?) out of my complete control.

There are exceptions, maybe, like vacation photos to share with relatives. But for the bulk of my data, I would not even consider sharing it with some huge corporation.

I love how I swing back and forth from Apple fanboy to anti-Apple troll simply because don't agree with absolutely everything that Apple does.

For the record, I'm definitely an Apple evangelist. The definition thereof doesn't preclude disagreement.

I will follow suit for the "Dont Use iCloud crowd", if you do not like Google and or Facebook don't use it.

yeah, I'm thinking about limiting my exposure by nuking my accounts on both google and iCloud. You really never know what could be seen as objectionable to the wrong audience.

Wow. Just wow. I suppose you're also of the mindset that it would be even more wonderful if everyone had wiretaps on their phones and every word was transcribed, archived, sorted, categorized and put out on the internet for all to peruse. For the sake of personal transparency.

If you truly think medical and financial data should be public in any way, shape or form (except certain high-ranking public officials), I'm not sure there's even a reasonable way to respond to your post. In disagreeing vehemently with your notion, I am confident that I am in the overwhelming majority.

Now here's someone with a brain and understanding of history.

I alluded to the same thing earlier (mass storage at home, accessible via internet), but making it easily, and safely integrate with iOS would be killer.


This.

I think the biggest thing people don't understand is that merely your relationships with others, your "social graph" to use facebook's terminology, is INCREDIBLY valuable and potentially dangerous to share publicly. Not necessarily just for you, but for your friends. And everything uploaded to facebook should be considered public. I won't even get into the possible scenarios, but many people in other countries have been harassed, arrested and killed merely from this kind of data leaking out.

Not talking about who had the first online service. Rather who led the pack as the leading data miner. I don't feel any of Apple's iTools related services amounted to much of a Big Brother situation, and iTools didn't add up to much of a user data pool for Apple relative to other web services. I don't believe Apple led the way here but now are as big an offender as anyone.

I agree. Constructive disagreement is always better for the growth of an organization, rather than placing our brains on the corporate hands thinking they do everything right. I dont want someone knocking my doors asking for explanation, if I rip my old CD track into mp3 and save it on cloud. I dont think what hollywood does is in best interest of consumers, so is someone handshaking with these studios.

On a related note (to other posts here on selling data), did anyone see divorce related iAds on their devices? I didnt either! But those ads were definitely not selling Apple hardware. I also noticed iAds process still running when I switched the apps (have been killing them manually these days). Seems like there is some data analytics involved with my touch transactions anyways? Apple may not be selling them to 3rd party, but my data is being used anyways.
Now I'll wait for the Apple trolls to 'advice' me to stop using Apple products. hmm..

I'm not a big complainer about mining my user habits anonymously, as much as it's a drag to deal with the returns. I ignore ads and can't remember ever having clicked through on an ad that I didn't do to support the site (such as ordering from a store by clicking through a forum ad).

But scanning my content and determining if it's objectionable is an entirely different thing. I doubt compliance has anything to do with it. Knowledge is king, and the more someone knows the better position they're in far in the future, in a circumstance not even on our radar yet. Only 15 years ago it would have been hard to find people who would run their online lives with the slightest concern for what this topic is about. It would have been like flying cars. It's a fairly new world and Google and Apple and others are writing the rulebook.

Apple won't randomly scan through data. Firstly, it would be against god knows how many laws. Only if the account is a suspect of a crime or a threat the national security would Apple then be warranted to inspect the data.

If they can't view the data until warranted by the authorities, then thats okay in my books unlike Google or Facebook that scan everything you do.

IE: There is a 'like' button on a website. Even if you don't click it, Facebook know you've been there by checking the location of the button instance with the information stored in the browser cookies.

I agree with most of your post, but don't be fooled. Unless you take very strong, often inconvenient measures, very little of what you do online is anonymous. You may not see your name in big neon blinking letters next to your data, but it's all being married in the bowels of the data miners' server farms and sold to marketers and/or anyone else who wants this kind of data.

Rapleaf, Bluekai and others like them are very, very good at building these profiles-for-sale. Here's an article from a marketer's perspective with some interesting details.

There was a bit of a dust-up last week when Microsoft started blocking links to Pirate Bay. . .
found in IM's!

Yes our communications are being monitored. Perhaps not by a real person in most cases, but certainly thru server-side software at the least.
http://www.theregister.co.uk/2012/03...pirate_bay_im/

Thats slightly different, however. All messages go through the Microsoft servers for routing to their correct destination and (if you selected the option) stored and logged ("chat history").

All data (especially strings) going to a server is parsed and any characters that have the potential for exploit are escaped or encoded in a safer format. Microsoft would've just added an extra line of code that checks for the presence of "piratebay" in the string.



It says no where in the EULA that the messages transmitted over the MSN Messenger Protocol are collected, analysed and sold.

Store anything sensitive/private on an encrypted disk image. Done.

I don't believe that's correct. Read the original article:
"The iCloud Terms and Conditions contain provisions for Apple to "pre-screen, move, refuse, modify and/or remove" content that is found to be objectionable. The company also retains the right to "access, use, preserve and/or disclose" account information and content to law enforcement authorities. The report noted that Apple's Terms allow it to check content for copyright infringement as per the Digital Millennium Copyright Act."

Apple has the right to check content for copyright infringement. They also have the right to pre-screen content to see if it is objectionable (per the iCloud T&C).

But feel free to show which of "god knows how many laws" Apple is violating.

Oh okay...so they sell "Tim Jones from 123 Main St. 25 years old with a live in girlfriend and a dog named Brandy. Likes the New York Giants and the Yankees and is a Lakers fan. Makes about 45k a year as an accountant in Northern New Jersey and visits his mom every other weekend for a homecooked meal and to see how she's doing." To advertisers?

OR do they aggregate the anonymized data of hundreds of thousands of people with certain interests and feed them targeted ads and the advertisers pay for the exposure?

Stop lying dude.

Hell..Apple profits off of child labor and horrible working conditions overseas!!!!!!

I can FUD too.

(PS, I do not believe that)

Used to be the latter was enough. Now the former is closer to what happens.

Thank you for allowing a simple comparison of what's kinda-okay vs. unacceptable.

I already said that I don't use iCloud. I wish people would read the OP before they comment.

I don't use Google either. There are plenty of good search engines that don't collate your search history. Alternatively you can buy programs that hide your IP address.

I don't use Facebook, Google+, Twitter or any social networking sites because I have a life.

I agree that it's an ongoing battle to stop companies and governments from invading our privacy. When I was at school I read a famous book called 1984 by George Orwell. The nightmare scenario portrayed in that book has stayed with me ever since as a warning to what can happen if we dont fight to stop it. At the time it seemed so farfetched but now much of it is reality. Our own governments spy on our phone calls, emails, etc. CCTV cameras are everywhere. Even our internet searches are recorded. Big Brother is here and he's watching everyone of us.

Yes, they can pre-screen move, refuse, modify etc data that is FOUND to be objectionable and pass it on to AUTHORITIES or Apple will TERMINATE the account.

There is also no mention of checking for copyright infringement in iCloud's T&Cs. I've got it open in another window right now.
Just read it and see:




Apple CAN screen your data, but they must first be notified either by someone claiming infringement or the authorities. It says it in plain English.




I can think of three laws where randomly checking data and emails would apply:
Regulation of Investigatory Powers Act
Data Protection Directive
Data Protection Act

In Europe, Apple cannot randomly analyse data unless there is reason to do so. To "check that it doesn't break the T&Cs because of reasons" is not good enough.

Facebook uses any data they have on you for very specific adverts targeted to you. They know your name, your country of origin, what you drink (pressing "like" on a Coca Cola page does more than you think), who your friends are, where you went to school, where you work and so on and so forth - people just blindly give this data to Facebook and they use it for advertisement and to exploit coinage from you.

Facebook will then pump adverts to all my friends saying "Ben Likes Cola! Click here to find out more about Cola!"
Friends fall into a psychological trap and will most likely buy the product or express interest, Facebook makes money from using my personal data and information and Coca Cola make more sales.

I wish I could find that documentary on Facebook where employees actually said this in plain english on national television.
Its:
-eCommerce 101
-Explained in the T&Cs
-Said in clear English on television.

Google is exactly the same. Though not as highly specific, they do send your data (be it your preference of soft drink or your latest artistic masterpiece) to far more third parties and claim ownership of it with the ability to distribute and reuse it on the internet royalty free.

Its in the T&Cs. Why do you think Europe is always going bonkers with companies like google over privacy and ownership?

My understanding is ISPs are immunized against liability for hosting illegal user content they don't know about and they are not expected or required to do preemptive screening. It's therefore in Apple's interest to NOT screen content without cause. However they need the ability to act when they become aware of anything specific.

Where does it say that? It specifically says that they can screen for any number of reasons:
"Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law."

Those are all vague enough that Apple can access your account simply on suspicion - even if not formally notified by the authorities or someone claiming infringement.


None of those laws says that you think it says. When you sign up for iCloud, you give Apple permission to access your account. Europe is somewhat different, but even in Europe, when you give Apple permission to access your account, then they have permission to do so.

So I'm expected to use two separate IDs for the rest of my life I guess? And hope that I never lose either of those e-mail addresses!

Apple has stated that MobileMe and iCloud accounts will be merged at some point.

And, in spite of the FUD being thrown around, you won't be charged for it.

<epic sigh>

Oh, he was talking about just MobileMe; sorry, my mistake.


What about Apple IDs in general