Apple drops new Safari bookmark end-to-end encryption

Posted:
in General Discussion
Less than two weeks after apparently introducing end-to-end encryption for bookmarks in Safari, Apple has dropped the additional protection.

Safari no longer protects bookmarks with end-to-end encryption, if it ever did
Safari no longer protects bookmarks with end-to-end encryption, if it ever did


In early October 2021, Apple's support documentation was updated to show that Safari bookmarks had been updated to have the same end-to-end encryption as, for example, Apple Card transactions, and even Memoji. Now, however, the same documentation has removed this, and bookmarks are again listed as encrypted only "in transit & on server."

Neither change was actually announced by Apple. So it is possible that the documentation was updated in error, and that error has now been corrected.

End-to-end encryption would have improved security as iCloud synced bookmarks between a user's device. Apple's own documentation describes end-to-end encryption as providing "the highest level of data security."

Apple, and all big technology companies, have consistently been under pressure to drop end-to-end encryption entirely, and allow governments and law enforcement access to all data.

Read on AppleInsider

Comments

  • Reply 1 of 12
    gatorguygatorguy Posts: 24,213member
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, while another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    edited October 2021 vedelppamuthuk_vanalingamctt_zhelijahgOferpatchythepirate
  • Reply 2 of 12
    lkrupplkrupp Posts: 10,557member
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    JanNLBeatswilliamlondonnetroxmagman1979watto_cobra
  • Reply 3 of 12
    gatorguygatorguy Posts: 24,213member
    lkrupp said:
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    Now that you've had time to clear your nostrils and head, I'll pose the easiest question to you first:
    What would be your explanation for Apple dropping plans to E2EE your iCloud account while Google does so anyway despite possible repercussions?

    Yeah, it requires an actual thought process from you rather than *snort, LOLZ*.
    edited October 2021 ctt_zhmuthuk_vanalingamelijahgOferFileMakerFeller
  • Reply 4 of 12
    lkrupp said:
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    Except that Chrome let you encrypt Chrome sync data with an separate passphrase. It is embarrassing that Apple is dropping this feature.
    ctt_zhmuthuk_vanalingamargonautelijahgOferwilliamlondonFileMakerFeller
  • Reply 5 of 12
    rcfarcfa Posts: 1,124member
    Might be a simple case of documentation being completed before the feature was rolled out.

    There’s also the question of how older versions of iOS and macOS would handle that in a compatible way. E2E would presumably require some protocol changes, and while Safari on macOS can be updated independently from the OS, i(Pad)OS can’t do that for baked in apps.

    So this may have to wait until the adoption of iOS 15 is high enough, and then be announced as a feature available only to users who have all their devices up to date…
    williamlondonFileMakerFellerwatto_cobra
  • Reply 6 of 12
    BeatsBeats Posts: 3,073member
    tehabe said:
    lkrupp said:
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    Except that Chrome let you encrypt Chrome sync data with an separate passphrase. It is embarrassing that Apple is dropping this feature.

    Yeah dude a company known to hack users and who makes 80%+ of its money off user data is the safe route.

    Funny how Google doesn’t get the same reputation as Facebook for the same practices.

    Also can you give me your bank account info? I’m gonna encrypt it. 
    williamlondonjas99lkrupppatchythepiratemagman1979watto_cobra
  • Reply 7 of 12
    Before we overreact, encrypted in transit and on the server seems sufficient to me.  Why would they need to be encrypted on your own device when your device is already encrypted via FileVault 2 on the Mac (if you enabled it) and standard on iOS/iPadOS.  Am I missing something here?
    williamlondonjas99magman1979watto_cobra
  • Reply 8 of 12
    elijahgelijahg Posts: 2,759member
    This doesn’t really make a difference anyway, because the unencrypted backups stored on Apple’s servers contain near enough everything from your phone. As long as syncing is encrypted between phone and Apple’s servers, a man in the middle attack can’t happen - though that doesn’t stop Apple reading whatever data it wants from those decrypted-upon-arrival backups on their servers. Third party services on iOS actually have better encryption because they can encrypt their databases with the iOS Secure Enclave key, and Apple has no way (that we know of) of obtaining that key. So even with unencrypted backups all Apple has is illegible gobbledegook in third party databases without the Secure Enclave key. 

    If Apple was truly serious about privacy of user data they hold, they’d implement P2P syncing over something like Bluetooth/Ad-Hoc wifi (perhaps using Airdrop APIs). The data would never hit Apple’s servers, and the FBI or whoever wouldn’t be able to subpoena Apple for it, as they wouldn’t ever be in possession of it. Basically the same as the old iTunes syncing just less… crap. 
    edited October 2021 ken burns effect
  • Reply 9 of 12
    Beats said:
    tehabe said:
    lkrupp said:
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    Except that Chrome let you encrypt Chrome sync data with an separate passphrase. It is embarrassing that Apple is dropping this feature.

    Yeah dude a company known to hack users and who makes 80%+ of its money off user data is the safe route.

    Funny how Google doesn’t get the same reputation as Facebook for the same practices.

    Also can you give me your bank account info? I’m gonna encrypt it. 
    The sync mechanism is part of the open source Chromium project, so if Google wouldn't really encrypt on the device it would be known by now and fixed. I could find one bug report about that the passphrase can easily be bruteforced, but it is marked as fixed. Also unlike Apple, Google is much more open to comments, bug reports, and input from outside the company. Recently I reported a few things which are outdated in Apple Maps, none was updated so far. Like general bug reports, which either are ignored or are marked as duplicate so that I'm out. Fixes will come or not. I like my Mac but Apple is weird.
    williamlondonFileMakerFellerken burns effectelijahg
  • Reply 10 of 12
    Conspiracies aside, it's also very much possible that it just doesn't work right.
    watto_cobra
  • Reply 11 of 12
    tehabe said:
    lkrupp said:
    gatorguy said:
    Based on somewhat recent events I'm nearly convinced there's some intense behind-the-scene pressure from various agencies around the world that is leading Apple to compromise privacy plans, whole another big tech is forging ahead anyway and paying the consequences in antitrust actions on two continents. 
    Yeah, let’s all switch to Android/Chrome so we can be safe. Coffee snorted out of my nose when I read your b.s. post
    Except that Chrome let you encrypt Chrome sync data with an separate passphrase. It is embarrassing that Apple is dropping this feature.
    Small correction here: Chrome encrypts sync data anyways, regardless of your choice!

    If you have Chrome installed, check ⋮ → Settings  → Sync and Google services → Encryption options. There isn’t even an option to disable encryption there.
    tehabeelijahg
Sign In or Register to comment.