top | item 26185673

(no title)

naturalpb | 5 years ago

Still waiting for Apple to provide end-to-end encryption on iCloud Backup for devices. Their documentation on this has always seemed intentionally vague.

https://support.apple.com/en-us/HT202303

End-to-end encrypted data -> - Apple Card transactions (requires iOS 12.4 or later) - Home data - Health data (requires iOS 12 or later) - iCloud Keychain (includes all of your saved accounts and passwords) - Maps Favorites, Collections and search history (requires iOS 13 or later) - Memoji (requires iOS 12.1 or later) - Payment information - QuickType Keyboard learned vocabulary (requires iOS 11 or later) - Safari History and iCloud Tabs (requires iOS 13 or later) - Screen Time - Siri information - Wi-Fi passwords - W1 and H1 Bluetooth keys (requires iOS 13 or later)

discuss

vineyardmike|5 years ago

They won't do this. Its their run-around to giving law enforcement access to the devices.

They can claim that the device is secure and always encrypted, and all the messaging is encrypted, and they don't collect user data. This is all true (i assume, but did not audit).

If you care about security, all you have to do is turn off iCloud backup, and everything is secure. If you don't care, well then you have a great feature.

They upload plain-text versions of messages, etc to iCloud so if law enforcement asks, they can still comply with the juicy data. They don't need to back-door the iphone for the Gov. which was a major PR issue a few years ago.

sneak|5 years ago

> If you care about security, all you have to do is turn off iCloud backup, and everything is secure.

No, each conversation has at least two endpoints, and it's unlikely that the people you iMessage with have disabled iCloud Backup.

It's sort of like switching from gmail to avoid Google having access to your correspondence: they'll get it from the mailbox of the people still using gmail (so, everyone) that you correspond with.

sneak|5 years ago

It's intentionally vague because they want people to read that page and think "oh, it's all encrypted, it's safe", and not realize that they intentionally preserve this backdoor so that they can provide data to the FBI at any time, with or without a warrant, at the FBI's explicit request:

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

Apple provided user data on over 30,000 users in 2019 to the US federal government without a warrant or probable cause, per Apple's own transparency report (see FISA orders). All the feds have to do is order the data from Apple, and they get all of it, on anyone they like.

You're going to be waiting a long time; it's a design goal for Apple (and by extension the feds) to be able to read your every stored text, iMessage, and iMessage attachment out of your device backup without your consent/knowledge.

It's not really that different from the situation in China, where Apple provides the same sort of backdoors to the CCP to be able to sell devices there. (There, the CCP requires that it be physically stored on state-owned and state-operated hardware, as I understand it.)

viro|5 years ago

> "the US federal government without a warrant or probable cause, per Apple's own transparency report (see FISA orders)."

Do you not know a FISA order is a court order?

Fnoord|5 years ago

You can use clouds like these with your own cryptography software. A matter of using something standard while not giving the cloud provider your public key. As long as they allow you to specify the backup location (which I don't know if they do), this should be doable. If they don't allow this that is a more severe issue.

someonehere|5 years ago

It’s well known that they don’t encrypt backups in iCloud. That’s how they’re able to reset access in case you lose access.

haswell|5 years ago

You're being downvoted, presumably because of the parallel discussion about the FBI. But I think this is most likely a combination of both:

1) The vast majority of Apple's users care more about getting their data back than they do E2E encryption. Encrypting backups does introduce failure modes that put more burden on the user (to have an emergency key, etc). Apple also cares deeply about things "just working", and so this is a space that was always going to be incredibly difficult to balance.

2) The FBI thing is also true. Given Apple's former plans for true E2E encryption somewhat gave way to what they have now, with little explanation, it's hard not to speculate that they backed away from the original initiative after some...involvement...from the feds.