This brings up another issue. Users (businesses) really need alternatives to iCloud. They’re out there but I don’t think they’ve ever been mentioned on AI. I’ve used Acronis on servers and PCs and there products have worked well. They do have a mobile app...
Do you really think that ANY server platform in the US actually has user encryption? They might have system level encryption, like I believe Apple does with iCloud, but unless the user controls ALL the keys this data can be decrypted after the serving of a legal subpoena. Apple does this a whole lot while I imagine other server platforms, AWS, etc., simply make the data they store available to the FBI and NSA. At least Apple tries to make it difficult. Anything handled by Google is by default in the public domain because they scan everything and sell it to advertisers. I agree with others that having a local "iCloud" server would help but all it would do is open up a whole lot of individuals to hacking who don't know how to properly secure their network and servers--99.9% of us (yes, I'm including me because there are a whole lot of hackers and network security people who can break through almost everyone's network, including ISPs who control the modems). The only server I feel comfortable storing my photos, emails and files on is iCloud because I feel they try the hardest to secure them and not simply give away everything like others.
My hope is this will change once our corrupt government looks inward and cleans their own house before going after everyone else. Show us a good example instead of what you're showing right now (and have been showing since JEH started spying on US citizens). The only way to change Washington's attitude is to vote.
Why? They only release data with a valid warrant (not sure about China but iCloud backups are the least of Chinese citizens worries when it comes for government surveillance). While I wouldn't mind a slight increase in security from potential mistakes Apple makes, I haven't heard of any that they've made with iCloud. Even the high-profile problems years ago were from guessable passwords. Turn on 2 factor authentication and you are reasonably safe.
Your data is still sent over the network with full encryption. Seems like a reasonable compromise that should help Apple with the coming PR battle.
This brings up another issue. Users (businesses) really need alternatives to iCloud. They’re out there but I don’t think they’ve ever been mentioned on AI. I’ve used Acronis on servers and PCs and there products have worked well. They do have a mobile app...
Do you really think that ANY server platform in the US actually has user encryption? They might have system level encryption, like I believe Apple does with iCloud, but unless the user controls ALL the keys this data can be decrypted after the serving of a legal subpoena. Apple does this a whole lot while I imagine other server platforms, AWS, etc., simply make the data they store available to the FBI and NSA.
Backblaze offers this if you want to take on the effort of maintaining your own keys. Doesn't seem worth the hassle to me.
This brings up another issue. Users (businesses) really need alternatives to iCloud. They’re out there but I don’t think they’ve ever been mentioned on AI. I’ve used Acronis on servers and PCs and there products have worked well. They do have a mobile app...
Do you really think that ANY server platform in the US actually has user encryption? They might have system level encryption, like I believe Apple does with iCloud, but unless the user controls ALL the keys this data can be decrypted after the serving of a legal subpoena. Apple does this a whole lot while I imagine other server platforms, AWS, etc., simply make the data they store available to the FBI and NSA. At least Apple tries to make it difficult. Anything handled by Google is by default in the public domain
Not at all accurate.
Google handles it in the exact same way that Apple does. The Google cloud data is encrypted and only available for purposes stipulated and agreed to by the end user (the owner of that data) unless Google receives a lawful demand for it. Also just like Apple, Google will go to court and challenge orders they do not believe to be lawful. They do not comply with every subpoena or demand for user data they receive from "authorities". Look at the transparency reports to verify, which by the way Google was issuing well before Apple started doing so IIRC. (EDIT: Correct, Google first transparency report in 2010 and Apple following them in 2013)
It's not a good look when you make stuff up, and for no particular reason other than "Whaddabout Google". Kinda makes everything you have to say less reliably true.
It does seem likely to lead to people using third-party encryption products from outside the US... but that would be people who are generally thoughtful about their process of breaking the law (like corporations and executives), not the average, thoughtless, ignorant, and/or impulsive lawbreaker, to which law enforcement agencies are happy to maintain less obstruction.
Do we know for certain that iCloud is already encrypted? If yes, in what way? I remember something about Apple stating they could not get your Apple ID account back if you lose control of it. Then I saw where you’re supposed to contact Apple for help if someone manages to steal your Apple ID by discovering your password...
Until this news, I had assumed that it was encrypted and that the encryption was owned by Apple and that they didn’t have the ability to recover all things.
Getting into a discussion about Apple-controlled vs user-controlled encryption has me wondering.
What about individual documents that support password protection, like spreadsheets?
Our contact info?
Etc.
I know passwords themselves are supposed to be encrypted wherever they’re stored, but there continues to be surprising events of companies found not doing things in a sane and expected manner...
For example: my iPad just yesterday offered up my network password to me as a typing suggestion while using a VNC client!! Is that a text management design flaw in iOS or in the VNC client??
One more reason Apple should revisit local network storage. I'm not a fan of photos, etc., being in the cloud anyway, and I wish the ecosystem allowed users more flexibility in their offline/backup storage options.
I feel the same way. They got close with Time Capsule and Airport Extreme but then shut up shop.
eWorld, iTools and iCloud etc were attempts to get us online but aren't always the best solutions, and having readily available on-site access to your files is a win-win for most of us.
If Apple had developed a NAS with hooks into its own mesh system it would have really been a nice offering.
I understand compromise, but come on. This just makes iCloud a less desirable platform.
How does it make iCloud a less desirable platform? It's not like Apple is removing encryption from iCloud. It's never been encrypted and it performs as it always has. No one is losing any functionality. You are no less protected than you were before this article was written. Remember, we're talking about iCloud backups.
Rant: More people need to understand the tech they use. Half the hand wringing wouldn't exist if we did. Not picking on you. Just using your quote as a jump off point. /end rant
Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
Comes out? What exactly do you mean comes out? Haven't we always known that iCloud backups weren't encrypted? We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares. What did everyone think they were sharing?
Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning. Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing. Apple's marketing does what marketing is supposed to do: make their products seem desirable. It's effective but it shouldn't replace a person's desire for actual facts.
If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails? Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.
Literally nothing has changed. Apple has done nothing different. The only thing different is some have more information than they had before. Info that has always been available.
Could be pressure from their own lawyers. Anything you store on iCloud, Apple can be compelled by court order to turn over. Whats on your phone is yours. If Apple gets into that position they may not be able to protect your privacy.
How about us non-US people; what’s our level of (legal) protection as things stand rn?
Agree. This is just terrible. Absolutely no way I’m going to stay on this platform now. Had Apple only been honest about this, we would at least have been able to choose what to put on iCloud or not. But this makes me really pissed off 😡
I understand compromise, but come on. This just makes iCloud a less desirable platform.
How does it make iCloud a less desirable platform? It's not like Apple is removing encryption from iCloud. It's never been encrypted and it performs as it always has. No one is losing any functionality. You are no less protected than you were before this article was written. Remember, we're talking about iCloud backups.
Rant: More people need to understand the tech they use. Half the hand wringing wouldn't exist if we did. Not picking on you. Just using your quote as a jump off point. /end rant
If this is what a lot of users believe, then Apple must know about them. Choosing not to “fix” this misbelief is dangerously close to deception. Do you still wander why Apple users are pissed off right now, Cloudtalkin?
I think this is probably a reasonable decision by Apple. They need to be able to comply with subpoenas and warrants, which DOJ should have to get to unlock devices like they're requesting. The issue I have is that I don't think there is a court order in the Pensacola case. There needs to be one.
There are several court orders in that case.
Not in my home country, but my data still resides on the data centers that the US gov can order to be disclosed. This is a major flaw.
I understand compromise, but come on. This just makes iCloud a less desirable platform.
How does it make iCloud a less desirable platform? It's not like Apple is removing encryption from iCloud. It's never been encrypted and it performs as it always has. No one is losing any functionality. You are no less protected than you were before this article was written. Remember, we're talking about iCloud backups.
Rant: More people need to understand the tech they use. Half the hand wringing wouldn't exist if we did. Not picking on you. Just using your quote as a jump off point. /end rant
Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
Comes out? What exactly do you mean comes out? Haven't we always known that iCloud backups weren't encrypted? We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares. What did everyone think they were sharing?
Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning. Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing. Apple's marketing does what marketing is supposed to do: make their products seem desirable. It's effective but it shouldn't replace a person's desire for actual facts.
Just a point of clarification. Your data on iCloud is encrypted. It is just that Apple holds the keys to that encryption. So you might not want Apple to have access to your data in which case you shouldn't use iCloud but if you are worried about exposing your data to third-parties, that isn't likely to happen because the data is encrypted. To a lot of people this would be a benefit because Apple can restore your data if you lose your password.
Apple already encrypts your data just as every other online storage service does.
They just happen to have the key to decrypt it.
If you’re that paranoid, you can encrypt your own data before you put on iCloud. Apple cannot decrypt that and hand it over.
What about the Keychain data — is that also accessible to Apple and therefore US gov? If yes, then you are basically saying we should keep strong passwords for our encrypted data in our memory or on a post-it note.
This brings up another issue. Users (businesses) really need alternatives to iCloud. They’re out there but I don’t think they’ve ever been mentioned on AI. I’ve used Acronis on servers and PCs and there products have worked well. They do have a mobile app...
Do you really think that ANY server platform in the US actually has user encryption? They might have system level encryption, like I believe Apple does with iCloud, but unless the user controls ALL the keys this data can be decrypted after the serving of a legal subpoena. Apple does this a whole lot while I imagine other server platforms, AWS, etc., simply make the data they store available to the FBI and NSA. At least Apple tries to make it difficult. Anything handled by Google is by default in the public domain because they scan everything and sell it to advertisers. I agree with others that having a local "iCloud" server would help but all it would do is open up a whole lot of individuals to hacking who don't know how to properly secure their network and servers--99.9% of us (yes, I'm including me because there are a whole lot of hackers and network security people who can break through almost everyone's network, including ISPs who control the modems). The only server I feel comfortable storing my photos, emails and files on is iCloud because I feel they try the hardest to secure them and not simply give away everything like others.
My hope is this will change once our corrupt government looks inward and cleans their own house before going after everyone else. Show us a good example instead of what you're showing right now (and have been showing since JEH started spying on US citizens). The only way to change Washington's attitude is to vote.
Sorry, but Apple has been an international company for at least 40 years. But since much of our iCloud data is stored in the US, we all have to “suffer” under US law and government. However, we have NO way to vote for this to change. The only solution for us is to leave Apple and other American digital providers. Ready for that?
Why? They only release data with a valid warrant (not sure about China but iCloud backups are the least of Chinese citizens worries when it comes for government surveillance). While I wouldn't mind a slight increase in security from potential mistakes Apple makes, I haven't heard of any that they've made with iCloud. Even the high-profile problems years ago were from guessable passwords. Turn on 2 factor authentication and you are reasonably safe.
Your data is still sent over the network with full encryption. Seems like a reasonable compromise that should help Apple with the coming PR battle.
So you think the French, Danish, Australian governments should be able to order Apple to supply their users’ data too?
Comments
My hope is this will change once our corrupt government looks inward and cleans their own house before going after everyone else. Show us a good example instead of what you're showing right now (and have been showing since JEH started spying on US citizens). The only way to change Washington's attitude is to vote.
Your data is still sent over the network with full encryption. Seems like a reasonable compromise that should help Apple with the coming PR battle.
Google handles it in the exact same way that Apple does. The Google cloud data is encrypted and only available for purposes stipulated and agreed to by the end user (the owner of that data) unless Google receives a lawful demand for it. Also just like Apple, Google will go to court and challenge orders they do not believe to be lawful. They do not comply with every subpoena or demand for user data they receive from "authorities". Look at the transparency reports to verify, which by the way Google was issuing well before Apple started doing so IIRC.
(EDIT: Correct, Google first transparency report in 2010 and Apple following them in 2013)
It's not a good look when you make stuff up, and for no particular reason other than "Whaddabout Google". Kinda makes everything you have to say less reliably true.
so are safe manufacturers going to now be obligated to provide master keys to all safes so they don't have to cut them open?
Do we know for certain that iCloud is already encrypted? If yes, in what way? I remember something about Apple stating they could not get your Apple ID account back if you lose control of it. Then I saw where you’re supposed to contact Apple for help if someone manages to steal your Apple ID by discovering your password...
Until this news, I had assumed that it was encrypted and that the encryption was owned by Apple and that they didn’t have the ability to recover all things.
Getting into a discussion about Apple-controlled vs user-controlled encryption has me wondering.
What about individual documents that support password protection, like spreadsheets?
Our contact info?
Etc.
I know passwords themselves are supposed to be encrypted wherever they’re stored, but there continues to be surprising events of companies found not doing things in a sane and expected manner...
For example: my iPad just yesterday offered up my network password to me as a typing suggestion while using a VNC client!! Is that a text management design flaw in iOS or in the VNC client??
eWorld, iTools and iCloud etc were attempts to get us online but aren't always the best solutions, and having readily available on-site access to your files is a win-win for most of us.
If Apple had developed a NAS with hooks into its own mesh system it would have really been a nice offering.
Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning. Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing. Apple's marketing does what marketing is supposed to do: make their products seem desirable. It's effective but it shouldn't replace a person's desire for actual facts.
If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails? Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.
Literally nothing has changed. Apple has done nothing different. The only thing different is some have more information than they had before. Info that has always been available.