You can turn off photostream. It doesn't have to be on, and you can take as many pictures as you like, without them being uploaded to iCloud.
Indeed, I long ago turned it off as it least early on I noticed I got doubles when Photostream was archiving photos and they weren't acknowledged to already be loaded when I next synced my device. And for myself all those "extra" images drove me nuts....
Even though I'm speaking harshly against the celebrities, I am all for harsh punishments against the hackers.
They need to find those people quickly and deal with them in the most severe way. In addition to their punishment when caught, those people should be banned from the internet for life. If somebody is a pedophile, you don't let them be around small children. If somebody is a convicted hacker, they should not be allowed anywhere online, ever.
The challenge may ultimately be that in recent articles people are noting this release seems to have been the result of years of individual intrusions. which is why BB, Droids and iPhones etc. all appear in some selfies or data tags, some of which has been shopped on DarkNet and SilkRoad for years. Having passed through multiple hands, if true, the original thief is going to have a lot of separation from whoever has been releasing them, which possibly, was another thief who stole from a collector.....
It may really come back to "Strong fences make good neighbors"...
I think the main issue is that Apple (like other tech companies) encourage people to share automatically all their data on iCloud. Although this concept is easy and appealing, it is a bad practice. People tend to be very lax with their online account management: they use the same password on multiple online services, write down password on paper, ... People should be thought to make a distinction between their public shareable data and their private data, and to keep their private date private. Private data has no business on a public cloud service
On all 4 Apple devices I have, I have switched off (among others things) the automatic photo stream upload.
I only use a public cloud service for information I want to share with others and that I don't consider as harmful if it would be exposed.
For syncing my personal data, I 've setup a private cloud service, using the free ownCloud software, a really great package, that supports all my devices and not only the Apple supported ones.
Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc)
I think the analogy with the physical home is helpful to simplify the discussion but that's only going to go so far. Go ahead and put on the new lock and get a gun. Heck, move into a bank vault. Nothing's invulnerable.
It’s not about invulnerability. It’s about increasing the cost-risk ratio to the point where you are considered an unnecessary expenditure.
And the house analogy is wrong. Houses are pretty darn secure. What happened here was they contracted out a vault in a warehouse but instead of using the vault’s tumblers they just ran a zip tie from the door handle to the frame.
If you have 2fa set up, then which device receives the notification with the verification code to allow you to access iCloud from a new computer (as an example)? It's going to be your iPhone, of course. The device you usually carry with you and can give you an immediate notification if there's activity on your iCloud account.
So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?
There are certain situations where you might need access to iCloud without the hassle of 2fa. And this is the crux of the matter. Some people say Apple should force users to use 2fa, but that's not always an option for everyone in every scenario.
If you keep your number when you switch phones then the SMS goes to the new phone as well, I set up 2 factor on my account awhile back, I can't remember if there was an option to have it mailed out as well.
Doesn't matter what Apple do to iCloud, i'll still keep my encryption process for all files sending to the cloud. Any file that's not worthy to be encrypted are those you don't mind to be seen by the public.
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
Really? I don't think Apple needs any PR - By default they got it. As far as the hacker needing a PR - You must be joking? Do we have the identify of the hacker? BTW, it was targeted attached for the chosen few and not a breach of Apple iCould service. If it was a breach than the numbers would be in thousands and millions of users.
Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!
Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!
If Apple only cares about profits and 2-factor costs something to setup then why would they offer to anyone? What will you say when Apple does finally offer it to your county? I doubt you'll recant your comment.
Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!
To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.
With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.
Looks like I was too hasty. According to Apple, iCloud backups are encrypted, contrary to Mashable. And Cook did address expanding 2-factor authentication. I somehow missed that on my first read through. Whoops.
I too am unsure about the back ups. Indeed, the Apple site says that they are encrypted, however as you say, Mashable are one of a number of sites that have used the EPPB software. Each of those sites claim that the back ups are not encrypted
I too am unsure about the back ups. Indeed, the Apple site says that they are encrypted, however as you say, Mashable are one of a number of sites that have used the <span style="color:rgb(85,85,85);display:inline;float:none;font:15px/22.5px 'Helvetica Neue', Helvetica, Arial, sans-serif;letter-spacing:normal;text-indent:0px;word-spacing:0px;">EPPB software. Each of those sites claim that the back ups are not encrypted</span>
There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.
Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc)
There are a couple of arguments that Apple and it's fans have pushed forward that doesn't do their "average" customers any favors.
1) Apple products are safer than Android or Windows, so you don't have to worry about security.
2) Only geeks want to dig into their settings, average customers want something that just works out of the box.
The first argument lulls people into a (false) sense of security and believing that since they purchased an Apple product all is safe. Many have said that Window and Android users practice safer habits than Apple users (in general) because they know that there are viruses and other pitfalls for them in the wild. The average Apple user may be more relaxed about such concerns. To them, security is security. Doesn't mean Apple customers should be ignorant about safety, but that feeds into the second argument.
"Who has time to learn about these security and also learn about proper settings? I just want to use my iDevice!" This is something that I have seen written on this forum more than once. Now, some people here are saying that customers are at fault because they didn't know enough to set things up correctly.
Now, realize that we're talking about "average" people that most users on this board would say that Apple product are best suited for. These are the same "average" people that don't know much about technology (another thing I've seen written here). When an Apple product is touted as being secure without much setup, the "average" person just might believe it without further thought. These actresses (and your sister, Slurpy), as far as technology goes, are just average people.
Don't call Apple customers careless, ignorant, lazy or stupid because they took the hype at face value. After all, they are Apple customers who made a wise choice, right?!
There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.
Thanks it hadn't occurred to me that the forensics software would be sending/receiving the encryption tokens.
Clearly, the seamless nature with which the software decrypts the files had lead others to assume that there was no encryption. I had thought it odd that the phone would encrypt the data and then it would be decrypted on the server.
Clearly, the seamless nature with which the software decrypts the files had lead others to assume that there was no encryption. I had thought it odd that the phone would encrypt the data and then it would be decrypted on the server.
I wonder how many people use a different password for their backups? I certainly do, but I also use 1Password and make sure no password is simple or repeated.
I'm surprised how many people don't realize that deleting a photo from their iPhone doesn't also delete the copy in Photo Stream. With iTunes Match, when I delete a matched song from my library, I get a dialog asking me if I want to delete the copy in the cloud as well. Maybe the same could be applied to Photo Stream.
Conversely, if you delete a photo from Photo Stream, it's deleted from all your devices.
If I leave my door unlocked it's not my fault my house got robbed. No one has a right to come into my house.
You're right, no one has the right to come into your house. However, if someone does and it's because you only closed your screen door, didn't lock it and left all your interior lights on so we could see you weren't home I would certainly think you could have done a better job protecting yourself.
I'm in the middle here. Do I think the celebrity photo theft was right? No. Do I feel for these actresses who have had private moments exposed? Yes. Do I think the perpetrators should be punished? Yes. Could the affected people do more to protect themselves? Yes.
Edit: To ignore the fact that there are people who will disregard privacy/personal property rights, etc., is just being naive.
It's interesting how extreme people's views are. Some are completely on one side, others completely on the opposite side.
And some are in the middle like you.
Some veer to one extreme, some to the other, and some take a middle ground.
Some see things in black and white, others take a grey approach.
Conversely, if you delete a photo from Photo Stream, it's deleted from all your devices.
Deleting from Photo Stream won't remove it from the device that took the photo, thereby, it would still be in any iPhone backups. That's a separate action.
Deleting a photo from 'Moments' on the device that took/saved the photo also deletes it from Photo Stream on all devices.
It's definitely a nuance that I'm sure many people don't know. Why the same action doesn't happen from the camera roll, or why you aren't at least prompted to also delete from Photo Stream when deleting from the Camera Roll is a problem.
Comments
I'm not sure what you mean.
You can turn off photostream. It doesn't have to be on, and you can take as many pictures as you like, without them being uploaded to iCloud.
Indeed, I long ago turned it off as it least early on I noticed I got doubles when Photostream was archiving photos and they weren't acknowledged to already be loaded when I next synced my device. And for myself all those "extra" images drove me nuts....
Even though I'm speaking harshly against the celebrities, I am all for harsh punishments against the hackers.
They need to find those people quickly and deal with them in the most severe way. In addition to their punishment when caught, those people should be banned from the internet for life. If somebody is a pedophile, you don't let them be around small children. If somebody is a convicted hacker, they should not be allowed anywhere online, ever.
The challenge may ultimately be that in recent articles people are noting this release seems to have been the result of years of individual intrusions. which is why BB, Droids and iPhones etc. all appear in some selfies or data tags, some of which has been shopped on DarkNet and SilkRoad for years. Having passed through multiple hands, if true, the original thief is going to have a lot of separation from whoever has been releasing them, which possibly, was another thief who stole from a collector.....
It may really come back to "Strong fences make good neighbors"...
I think the main issue is that Apple (like other tech companies) encourage people to share automatically all their data on iCloud. Although this concept is easy and appealing, it is a bad practice. People tend to be very lax with their online account management: they use the same password on multiple online services, write down password on paper, ... People should be thought to make a distinction between their public shareable data and their private data, and to keep their private date private. Private data has no business on a public cloud service
On all 4 Apple devices I have, I have switched off (among others things) the automatic photo stream upload.
I only use a public cloud service for information I want to share with others and that I don't consider as harmful if it would be exposed.
For syncing my personal data, I 've setup a private cloud service, using the free ownCloud software, a really great package, that supports all my devices and not only the Apple supported ones.
Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc)
I think the analogy with the physical home is helpful to simplify the discussion but that's only going to go so far. Go ahead and put on the new lock and get a gun. Heck, move into a bank vault. Nothing's invulnerable.
It’s not about invulnerability. It’s about increasing the cost-risk ratio to the point where you are considered an unnecessary expenditure.
And the house analogy is wrong. Houses are pretty darn secure. What happened here was they contracted out a vault in a warehouse but instead of using the vault’s tumblers they just ran a zip tie from the door handle to the frame.
If you have 2fa set up, then which device receives the notification with the verification code to allow you to access iCloud from a new computer (as an example)? It's going to be your iPhone, of course. The device you usually carry with you and can give you an immediate notification if there's activity on your iCloud account.
So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?
There are certain situations where you might need access to iCloud without the hassle of 2fa. And this is the crux of the matter. Some people say Apple should force users to use 2fa, but that's not always an option for everyone in every scenario.
If you keep your number when you switch phones then the SMS goes to the new phone as well, I set up 2 factor on my account awhile back, I can't remember if there was an option to have it mailed out as well.
Doesn't matter what Apple do to iCloud, i'll still keep my encryption process for all files sending to the cloud. Any file that's not worthy to be encrypted are those you don't mind to be seen by the public.
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
Really? I don't think Apple needs any PR - By default they got it. As far as the hacker needing a PR - You must be joking? Do we have the identify of the hacker? BTW, it was targeted attached for the chosen few and not a breach of Apple iCould service. If it was a breach than the numbers would be in thousands and millions of users.
Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!
If Apple only cares about profits and 2-factor costs something to setup then why would they offer to anyone? What will you say when Apple does finally offer it to your county? I doubt you'll recant your comment.
Get an Android and be happy with the malware.
I would like to quote and reiterate this one "If you don't want something on the internet, do not put it out on the internet."
To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.
With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.
Looks like I was too hasty. According to Apple, iCloud backups are encrypted, contrary to Mashable. And Cook did address expanding 2-factor authentication. I somehow missed that on my first read through. Whoops.
I too am unsure about the back ups. Indeed, the Apple site says that they are encrypted, however as you say, Mashable are one of a number of sites that have used the EPPB software. Each of those sites claim that the back ups are not encrypted
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/?utm_cid=Mash-Prod-RSS-Feedburner-All-Partial
There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.
Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc)
There are a couple of arguments that Apple and it's fans have pushed forward that doesn't do their "average" customers any favors.
1) Apple products are safer than Android or Windows, so you don't have to worry about security.
2) Only geeks want to dig into their settings, average customers want something that just works out of the box.
The first argument lulls people into a (false) sense of security and believing that since they purchased an Apple product all is safe. Many have said that Window and Android users practice safer habits than Apple users (in general) because they know that there are viruses and other pitfalls for them in the wild. The average Apple user may be more relaxed about such concerns. To them, security is security. Doesn't mean Apple customers should be ignorant about safety, but that feeds into the second argument.
"Who has time to learn about these security and also learn about proper settings? I just want to use my iDevice!" This is something that I have seen written on this forum more than once. Now, some people here are saying that customers are at fault because they didn't know enough to set things up correctly.
Now, realize that we're talking about "average" people that most users on this board would say that Apple product are best suited for. These are the same "average" people that don't know much about technology (another thing I've seen written here). When an Apple product is touted as being secure without much setup, the "average" person just might believe it without further thought. These actresses (and your sister, Slurpy), as far as technology goes, are just average people.
Don't call Apple customers careless, ignorant, lazy or stupid because they took the hype at face value. After all, they are Apple customers who made a wise choice, right?!
There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.
Thanks it hadn't occurred to me that the forensics software would be sending/receiving the encryption tokens.
See page 13 http://www.elcomsoft.co.uk/PR/recon_2013.pdf
Clearly, the seamless nature with which the software decrypts the files had lead others to assume that there was no encryption. I had thought it odd that the phone would encrypt the data and then it would be decrypted on the server.
I wonder how many people use a different password for their backups? I certainly do, but I also use 1Password and make sure no password is simple or repeated.
Conversely, if you delete a photo from Photo Stream, it's deleted from all your devices.
And some are in the middle like you.
Some veer to one extreme, some to the other, and some take a middle ground.
Some see things in black and white, others take a grey approach.
Some take the high ground...
ARE YOU GETTING IT NOW?! ????
Deleting a photo from 'Moments' on the device that took/saved the photo also deletes it from Photo Stream on all devices.
It's definitely a nuance that I'm sure many people don't know. Why the same action doesn't happen from the camera roll, or why you aren't at least prompted to also delete from Photo Stream when deleting from the Camera Roll is a problem.