Apple cancelled encrypted iCloud plans after the FBI complained

13

Comments

  • Reply 41 of 69
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.
    And yet, as of today I have left iCloud. You’re saying nothing has changed, right? Wrong. Think again …and harder.
    lostkiwidarkvader
  • Reply 42 of 69
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    If this is what a lot of users believe, then Apple must know about them. Choosing not to “fix” this misbelief is dangerously close to deception. Do you still wander why Apple users are pissed off right now, Cloudtalkin?
    Fix how?  The fact that iCloud backups are not encrypted is not a secret. It's never been a secret.  It's fairly common knowledge.  Apparently no common enough for some though.  Considering Apple's release of the transparency reports and stories in the national news that clearly detail that iCloud backups aren't encrypted it's kinda hard to sympathize.   For me this can be summed up simply.  Ignorance is bliss and knowledge is pain.  People were happy and content believing one thing that wasn't true.  Knowing the truth (that has always been available) and they're suddenly pissed.  Nothing materially changed 'cept they know more.  

    Seriously though, fix how?
    gatorguyStrangeDays
  • Reply 43 of 69
    Rayz2016Rayz2016 Posts: 6,957member
    Yes, I broke my golden rule: check with the real experts elsewhere before commenting. 

    Yes, the backups are encrypted. The problem is that Apple has the key. 

    And the reason Apple keeps the keys instead of giving it to the users is because the users will lose the key (when they lose the device the we’re keeping it on) and then sue Apple when they couldn’t get hold of their stuff. 

    As usual, nothing to see here. 
    razorpitwatto_cobra
  • Reply 44 of 69
    bbhbbh Posts: 134member
    svanstrom said:
    *sigh*

    How about us non-US people; what’s our level of (legal) protection as things stand rn?
    Agree. This is just terrible. Absolutely no way I’m going to stay on this platform now. Had Apple only been honest about this, we would at least have been able to choose what to put on iCloud or not. But this makes me really pissed off 😡 
     Comments like this drive me crazy. What platform have you found that is better? The "war" is about backdoors into IOS. These little skirmishes into the cloud are meaningless. If you are jittery about iCloud backups, simply don't use it. There are numerous small drives with lots and lots of storage you can keep locally. Consider a home NAS system. Just use the cloud for convenience stuff, like backing up those photos until I get home. 

    Again, the government wants what is on your phone.So far they can't get it. 
    SpamSandwichFileMakerFellerwatto_cobra
  • Reply 45 of 69
    SoliSoli Posts: 10,035member
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.

    "iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information."


    What part of those terms and the URL I link to which clearly states that all encryption is at least 128-AES is, as you put it, "iCloud backups have never been encrypted"?

    I guess I'm not as smart as you because when Apple trumpeted how much they care about privacy and issued security overviews listing all the ways that my data being sent to iCloud was so secure that even they couldn't access it, I believed them. It's good to know that you believe that the keys generated per device for iMessage is complete BS and that my message history is easily readable by Apple at any time without any effort.
    edited January 2020 FileMakerFellerwatto_cobra
  • Reply 46 of 69
    ivanhivanh Posts: 597member
    Replace “FBI” with “CCP” or “KGB”, then read the whole article again. 
    With end-to-end security, iPhone / Mac are worth nothing.
  • Reply 47 of 69
    jdb8167jdb8167 Posts: 626member
    mjtomlin said:
    Apple already encrypts your data just as every other online storage service does. 

    They just happen to have the key to decrypt it. 

    If you’re that paranoid, you can encrypt your own data before you put on iCloud. Apple cannot decrypt that and hand it over. 
    What about the Keychain data — is that also accessible to Apple and therefore US gov? If yes, then you are basically saying we should keep strong passwords for our encrypted data in our memory or on a post-it note.
    According to Apple, your keychain and some other vital information is end-to-end encrypted. 

    https://support.apple.com/en-us/HT202303
    GG1macpluspluswatto_cobra
  • Reply 48 of 69
    jdb8167jdb8167 Posts: 626member

    jdb8167 said:
    Rayz2016 said:
    If true, then bad show, Apple.
    Why? They only release data with a valid warrant (not sure about China but iCloud backups are the least of Chinese citizens worries when it comes for government surveillance). While I wouldn't mind a slight increase in security from potential mistakes Apple makes, I haven't heard of any that they've made with iCloud. Even the high-profile problems years ago were from guessable passwords. Turn on 2 factor authentication and you are reasonably safe.

    Your data is still sent over the network with full encryption. Seems like a reasonable compromise that should help Apple with the coming PR battle.
    So you think the French, Danish, Australian governments should be able to order Apple to supply their users’ data too?
    I don't know what agreements Apple has with those countries but I wouldn't be surprised if those governments can obtain information on their citizens (and residents?). I would be shocked if they can obtain information on US citizens without some extreme negotiations. There was a Microsoft case on the US government asking for information on a EU server that was opposed by Microsoft that was going to court but I don't know what the resolution was.
    watto_cobra
  • Reply 49 of 69
    Soli said:
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.

    "iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information."


    What part of those terms and the URL I link to which clearly states that all encryption is at least 128-AES is, as you put it, "iCloud backups have never been encrypted"?

    I guess I'm not as smart as you because when Apple trumpeted how much they care about privacy and issued security overviews listing all the ways that my data being sent to iCloud was so secure that even they couldn't access it, I believed them. It's good to know that you believe that the keys generated per device for iMessage is complete BS and that my message history is easily readable by Apple at any time without any effort.
    Seems I misspoke.  Apologies.  I should have stated it like Apple: "If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices,"  -copied from the AI article https://appleinsider.com/articles/20/01/21/what-apple-surrenders-to-law-enforcement-when-issued-a-subpoena

    The encryption key is copied to backup.  It's how Apple is able to turn over data to law enforcement when presented with a valid subpoena.  Nothing has changed on Apple's end concerning the user.  It is as it has always been.  Bolded from your comment: If you have iCloud Backup enabled, your message history is readable.  At any time.  Without any effort.  But Apple isn't doing that so to phrase it that way is wrong.  If there is a legal requirement, they use the power.  If not, they don't.  
    StrangeDays
  • Reply 50 of 69
    jdb8167 said:
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  
    Just a point of clarification. Your data on iCloud is encrypted. It is just that Apple holds the keys to that encryption. So you might not want Apple to have access to your data in which case you shouldn't use iCloud but if you are worried about exposing your data to third-parties, that isn't likely to happen because the data is encrypted. To a lot of people this would be a benefit because Apple can restore your data if you lose your password.
    You're exactly right.  I wanted to edit my comments to reflect that but it timed out.  I unintentionally clouded ←see what I did there- my point by claiming never been encrypted when I should have stated what you did: encrypted but has keys.  My overarching point was nothing has changed.  Apple has been doing the same thing since the beginning.  There's no need for people to be up in arms about something that has always been.  
  • Reply 51 of 69
    sirlance99sirlance99 Posts: 1,293member
    andyring said:
    In other words, don't back up your device(s) to iCloud. Problem solved. I never have and never will. I back up my phone directly to the computer, via encrypted backups. And my internal disk and both Time Machine disks are encrypted as well. My data is mine and mine alone.
    You must be so important that people would want whatever data you have. 

    There’s tons of people that don’t have a computer to backup to. So that’s not an option as the cloud is. 
    Gilliam_Bateswatto_cobra
  • Reply 52 of 69
    You gotta love Apple and their twisting and turning of their core values, to serve their wallets.


    Gilliam_Bates
  • Reply 53 of 69
    So much misinformation here.

    iCloud data is encrypted. Apple holds the keys so they can decrypt the data. To say Apple doesn’t store your data in an encrypted format is a straight up lie.

    Apple uses various servers for iCloud (Google and Amazon for sure, their own servers and I think S3 as well). Apple splits your files into chunks and encrypts them before they are stored on third party servers. The encryption keys are held by Apple so a bad actor working for Google has no ability to get to your data. Further, file chunks are stored without identifying information. Only Apple knows who they belong to.

    Several services do in fact support end-to-end encryption. iMessages, payment information, home & health data, Siri, Keychain, WiFi passwords.

    Most popular cloud services don’t have end-to-end encryption and those companies can access your data when served a warrant. This includes Google Drive, Microsoft OneDrive and DropBox. Given this, why is Apple being singled out when everyone else does the same thing? Oh right, because Apple.

    There are third party software solutions that let you add E2E to popular cloud providers (like Google Drive). The problem with these is that if you ever lose your password/key then your data is permanently gone. There’s no way to recover encrypted data if you lose your password. This makes E2E very risky for many users as there’s a very real risk of forever losing your data. This is likely just as important a reason for Apple not to enable this as they’d be faced with God only knows how many upset customers upon finding their data is gone because they misplaced their password.

    If you want a secure encrypted backup
    of your device than use iTunes to make a local backup to your PC/Mac. iOS also gives you the option of what services you want to use iCloud for. You’re not locked into iCloud and you’re in full control of what data gets stored where.
    avon b7StrangeDaysGG1watto_cobra
  • Reply 54 of 69
    gatorguygatorguy Posts: 24,176member
    rob53 said:
    This brings up another issue.  Users (businesses) really need alternatives to iCloud.  They’re out there but I don’t think they’ve ever been mentioned on AI.  I’ve used Acronis on servers and PCs and there products have worked well.  They do have a mobile app...
    Do you really think that ANY server platform in the US actually has user encryption? They might have system level encryption, like I believe Apple does with iCloud, but unless the user controls ALL the keys this data can be decrypted after the serving of a legal subpoena. Apple does this a whole lot while I imagine other server platforms, AWS, etc., simply make the data they store available to the FBI and NSA. At least Apple tries to make it difficult. Anything handled by Google is by default in the public domain because they scan everything and sell it to advertisers. 
    Here's another reason you really should read source articles before tossing out comparisons. In the Reuters article itself it's mentioned that Google does offer end-to-end encryption of backed up cloud data where even Google cannot comply with an order to divulge it. 


    "In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

    Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

    The company continues to offer the service but declined to comment on how many users have taken up the option. The FBI did not respond to a request for comment on Google’s service or the agency’s approach to it."


    As ErictheHalfBee mentions in the post preceding this it can be a double-edge sword and users need to consider the fact that if they forget what their key is they cannot restore the data, not even with Google assistance. It's simply locked without the user's input and no FBI subpoena can make it any less so. But for those who insist that authorities should not have access to stored cloud data under any circumstance Google Android does give you that option as long as you are willing to accept the responsibility.

    So just be sure that what you think you want is a good idea before leaping. IMHO this NOT something most users should desire. It's more for the security of high-value accounts, CEO's of large companies, certain investigative journalists, high-level government employees and such where Google can be an uber-secure provider of mail, data, and cloud services. 

    For the rest of us it's better we have "backup" for recovering our accounts and restoring data when we do some dumb thing to delete it or forget a passcode/password. You probably don't want the level of account security that Google offers as an option. 

    edited January 2020 FileMakerFeller
  • Reply 55 of 69
    mjtomlinmjtomlin Posts: 2,673member
    mjtomlin said:
    Apple already encrypts your data just as every other online storage service does. 

    They just happen to have the key to decrypt it. 

    If you’re that paranoid, you can encrypt your own data before you put on iCloud. Apple cannot decrypt that and hand it over. 
    What about the Keychain data — is that also accessible to Apple and therefore US gov? If yes, then you are basically saying we should keep strong passwords for our encrypted data in our memory or on a post-it note.

    Keychain data is encrypted/decrypted on your end, not on Apple’s servers. Just as Apple does not have access to your password, they also do not have access to anything you save in your Keychain.
    watto_cobra
  • Reply 56 of 69
    Soli said:
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.

    "iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information."


    What part of those terms and the URL I link to which clearly states that all encryption is at least 128-AES is, as you put it, "iCloud backups have never been encrypted"?

    I guess I'm not as smart as you because when Apple trumpeted how much they care about privacy and issued security overviews listing all the ways that my data being sent to iCloud was so secure that even they couldn't access it, I believed them. It's good to know that you believe that the keys generated per device for iMessage is complete BS and that my message history is easily readable by Apple at any time without any effort.
    Seems I misspoke.  Apologies.  I should have stated it like Apple: "If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices,"  -copied from the AI article https://appleinsider.com/articles/20/01/21/what-apple-surrenders-to-law-enforcement-when-issued-a-subpoena

    The encryption key is copied to backup.  It's how Apple is able to turn over data to law enforcement when presented with a valid subpoena.  Nothing has changed on Apple's end concerning the user.  It is as it has always been.  Bolded from your comment: If you have iCloud Backup enabled, your message history is readable.  At any time.  Without any effort.  But Apple isn't doing that so to phrase it that way is wrong.  If there is a legal requirement, they use the power.  If not, they don't.  
    IF you have enabled iCloud Backup PLUS Messages in iCloud. If you turn off Messages in iCloud services pane “your message history will be included in a separate iCloud backup.”

    https://support.apple.com/en-us/HT208532

    Your quotation from Apple mentions only Messages in iCloud container key as backed up to iCloud.
    edited January 2020
  • Reply 57 of 69
    Soli said:
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.

    "iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information."


    What part of those terms and the URL I link to which clearly states that all encryption is at least 128-AES is, as you put it, "iCloud backups have never been encrypted"?

    I guess I'm not as smart as you because when Apple trumpeted how much they care about privacy and issued security overviews listing all the ways that my data being sent to iCloud was so secure that even they couldn't access it, I believed them. It's good to know that you believe that the keys generated per device for iMessage is complete BS and that my message history is easily readable by Apple at any time without any effort.
    As I understand it iMessage is end to end, but as always icloud backups are not. So if you back up to icloud every nite the FBI or whoever can subpoena that. It has always been this way and is common knowledge. Device secure from the government, backups are not. This has been talked about a million times, like after the San Bernardino shooter case and how they complied with icloud backup subpoenas. Nothing new. 
    edited January 2020 watto_cobra
  • Reply 58 of 69
    jdb8167 said:

    jdb8167 said:
    Rayz2016 said:
    If true, then bad show, Apple.
    Why? They only release data with a valid warrant (not sure about China but iCloud backups are the least of Chinese citizens worries when it comes for government surveillance). While I wouldn't mind a slight increase in security from potential mistakes Apple makes, I haven't heard of any that they've made with iCloud. Even the high-profile problems years ago were from guessable passwords. Turn on 2 factor authentication and you are reasonably safe.

    Your data is still sent over the network with full encryption. Seems like a reasonable compromise that should help Apple with the coming PR battle.
    So you think the French, Danish, Australian governments should be able to order Apple to supply their users’ data too?
    I don't know what agreements Apple has with those countries but I wouldn't be surprised if those governments can obtain information on their citizens (and residents?). I would be shocked if they can obtain information on US citizens without some extreme negotiations. There was a Microsoft case on the US government asking for information on a EU server that was opposed by Microsoft that was going to court but I don't know what the resolution was.
    In the 1990s there was a project known as ECHELON that involved the sharing of data between nations about their own citizens. It was not the first such program, nor was it the last - I haven't bothered to keep up with such matters. The broad strokes of it is that the intelligence agencies of several erstwhile allies were spying on each other constantly to safeguard their own interests. Rather than trying to eliminate such spying, the agencies agreed to trade information - the drawback being that your "allies" would know more about your intelligence capabilities on their soil, the benefit being that you found out about your own citizens without actually conducting operations within your own country. Under the auspices of this agreement, other countries will find out information about US citizens through their own efforts (which these days probably includes purchases from "data brokers" who purchase the information from Google, Amazon, Facebook and any other company that sells information about its users). For criminal and anti-terrorism investigations there are protocols in place to share data officially, and there are always diplomatic channels for more sensitive requests.

    So, your government allows other countries to spy on you, then trades for that information by giving up the goods on the citizens of the other nations. Any national laws preventing spying on one's own citizens are therefore bypassed, and by working together some economies of scale are achieved. Gotta love pragmatism.


    The MS case you were thinking of is outlined here: https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_States and the end result is that while Microsoft lost the case but won on appeal, the duration of the argument allowed the US government to pass a new law (the CLOUD Act) that clarified the situation. Microsoft then agreed to abide by the new law.
    watto_cobra
  • Reply 59 of 69
    Soli said:
    Soli said:
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    Apple advertises how they're all about privacy and security to *gasp* attract customers that care about privacy and security, and then it comes out that Apple's very own iCloud service doesn't allow for the privacy any and security they expected. You really don't see that as a sticking point for those Cloud users?
    Comes out?  What exactly do you mean comes out?  Haven't we always known that iCloud backups weren't encrypted?  We just recently had an article on AI about the biannual transparency report detailing they amount, frequency, and types of data that Apple shares.  What did everyone think they were sharing?

    Afaik, iCloud backups have never been encrypted and Apple has said they weren't encrypted from the beginning.  Has everyone just ignored that and relied on Apple's marketing for their information? People who take Apple's marketing as fact and make additional assumptions based on that marketing... yeah, not really seeing what you seem to be seeing.  Apple's marketing does what marketing is supposed to do: make their products seem desirable.  It's effective but it shouldn't replace a person's desire for actual facts.  

    If people were so concerned about privacy and security, wouldn't they take the time to understand what that privacy and security entails?  Kinda seems some are more enamored with the idea and marketing of privacy and security than the actual thing, and they get upset when real reality doesn't dovetail with their version of reality.

    Literally nothing has changed.  Apple has done nothing different.  The only thing different is some have more information than they had before.  Info that has always been available.

    "iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information."


    What part of those terms and the URL I link to which clearly states that all encryption is at least 128-AES is, as you put it, "iCloud backups have never been encrypted"?

    I guess I'm not as smart as you because when Apple trumpeted how much they care about privacy and issued security overviews listing all the ways that my data being sent to iCloud was so secure that even they couldn't access it, I believed them. It's good to know that you believe that the keys generated per device for iMessage is complete BS and that my message history is easily readable by Apple at any time without any effort.
    As I understand it iMessage is end to end, but as always icloud backups are not. So if you back up to icloud every nite the FBI or whoever can subpoena that. It has always been this way and is common knowledge. Device secure from the government, backups are not. This has been talked about a million times, like after the San Bernardino shooter case and how they complied with icloud backup subpoenas. Nothing new. 
    Apologies for the question, but right now I'm confused af.  
    I don't have an iCloud backup, relying on a Mac backup.  If I have iMessages in iCloud on (and assuming the person I was messaging does the same) does that mean these iMessages are able to be subpoenaed by some kind of state actor? Or not?

    edited January 2020 watto_cobra
  • Reply 60 of 69
    I understand compromise, but come on. This just makes iCloud a less desirable platform.
    How does it make iCloud a less desirable platform?  It's not like Apple is removing encryption from iCloud.  It's never been encrypted and it performs as it always has.  No one is losing any functionality.  You are no less protected than you were before this article was written.  Remember, we're talking about iCloud backups.

    Rant: More people need to understand the tech they use.  Half the hand wringing wouldn't exist if we did.  Not picking on you.  Just using your quote as a jump off point.
    /end rant
    If this is what a lot of users believe, then Apple must know about them. Choosing not to “fix” this misbelief is dangerously close to deception. Do you still wander why Apple users are pissed off right now, Cloudtalkin?
    Fix how?  The fact that iCloud backups are not encrypted is not a secret. It's never been a secret.  It's fairly common knowledge.  Apparently no common enough for some though.  Considering Apple's release of the transparency reports and stories in the national news that clearly detail that iCloud backups aren't encrypted it's kinda hard to sympathize.   For me this can be summed up simply.  Ignorance is bliss and knowledge is pain.  People were happy and content believing one thing that wasn't true.  Knowing the truth (that has always been available) and they're suddenly pissed.  Nothing materially changed 'cept they know more.  

    Seriously though, fix how?
    Listen, CloudTalkin… I think you should step down from your golden pillar for a while, and stop being so cocky. You either haven't thought this through or you are just ignorant. There are so many things wrong in what you are writing that I don't know where to begin, but I'll try:

    • First, it's definitely not up to me, or any of us users, to come up with the fix. That's why I deliberately called it a "fix" (obviously). But there are many ways, some of which have been mentioned on this forum.

    • Secondly, it is NOT common knowledge, as you can clearly see if you read the press. People in many countries are reacting strongly to this, and the news about it is quite big. To get my own first-hand insight, I asked around myself. Out of 15 iCloud users that I asked, 11 of them thought iCloud data was encrypted with a key that was never handed out to other parties. The other 4 had already read the press news, and so knew about Apple's betrayal. But 2 of those 4 said they would have thought everything was safely encrypted and not accessible before yesterday. CloudTalkin, you are just making up your own statistics, and there is a name for that — "alternate reality". You are just dead wrong here. Apple led the majority of its users/customers to believe their iCloud data was safe from anyone.

    • Thirdly, what "national news"? Are you living in the stone age? Apple is an international company, and has been for nearly 40 years. You have heard about that, right? Yes, the company has its head quarters in USA (at least today), but so what? Do you think these reports you are talking about have been translated and spread to front page "national news" all over the world? And even though they had, that's not the way to communicate with your user base. They have my adress. I mean, step into this debate now man, and screw the light bulb in.

    • Fourthly, you say "clearly detail that iCloud backups aren't encrypted". But you are wrong here as well. They are CLEARLY backed up, but that's not the problem. The problem (as stated by many all over this article, and others) is that the keys are available to Apple, and they hand them over to American authorities. Yes, Apple also says that they do not provide unencrypted data to authorities. But that is just another way of saying "They have to do that themselves with the keys that we give them". Do you see reality now, CloudTalkin? Are you slowly waking up to the smell of the morning coffee?

    • Fifthly, what is "legal" in the USA is far from well-defined …not even on the level of the president. So, arguments from authorities to get subpoenas can vary from case to case, from state to state, from time to time, from government to government. We are talking about permanent storage here, not the 30 day temporary storage of email. Still feel safe in your ivory tower, CloudTalkin? Because nobody should. I never done illegal business, nor have data that is illegal. At least that's not what I think, and not according to the law as I know it. But who knows what others might think, today and in the future. Who knows how things may spread and be misinterpreted if put in a bad context.

    • Sixthly, what is "legal" in the USA is far from the truth in the rest of the world (yes, there are other countries out there as well). And there is a continuous spectrum of colors and shades between the two opposite ends of the definition of "legal" and "illegal". Apple is selling its products in nearly every single country in the world, so should authorities in all of these countries be able to order Apple to hand out user data as soon as they wave their type of a subpoena? Also, we don't even know for sure where iCloud data is stored, and what authorities can do these claims. You do see the craziness in this, right?

    Now, I need to move on from this sandbox quarrel. I have data to move …lots of data.
    edited January 2020
Sign In or Register to comment.