Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Advanced data protection

robbietop said:
Isn't there a change in subscription pricing once going to Family?

And then, they'd be under the Advanced Data Protection umbrella either way, right?
Click to expand...
As far as subscription pricing, I suppose that depends on what one is subscribed to. I don't think joining a iCloud Family requires that you subscribe to Family only plans.

The original poster was lamenting that they could not use older devices with older OS versions and enable ADP. They also use those older devices for limited purposes (remote control and media files). Moving those devices to another account is how I would go about resolving this, but I already have a Family iCloud setup.
 
kagharaht said:
I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.
Click to expand...
And this is why it is not enabled by default. For those that know how and why to manage their encryption keys and recovery codes properly this is a big win. For everyone else who doesn't care, the default is sufficient.
 
  • Like
Reactions: Hele and chabig
kagharaht said:
I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.
Click to expand...
I was thinking the same thing. Regardless if it's off by default, people will lose or misplace there recovery code and post here how 10 years of data is gone forever.. Many don't want to take responsibility for their mistakes and want to blame anyone but themselves for the situation they find themselves in..
 
  • Like
Reactions: kagharaht, whsbuss and TheYayAreaLiving 🎗️
kagharaht said:
I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.
Click to expand...
Already happening without ADP, I have a relative who called me after getting locked out of their iPhone 13, and I was just like 🤷‍♂️ nothing you can do, really.
 
  • Like
Reactions: kagharaht
BugeyeSTI said:
I was thinking the same thing. Regardless if it's off by default, people will lose or misplace there recovery code and post here how 10 years of data is gone forever.. Many don't want to take responsibility for their mistakes and want to blame anyone but themselves for the situation they find themselves in..
Click to expand...
Isn't this the point of designating Recovery Contacts? If you don't use the tools that are available to you to protect yourself that is clearly on you.

Perhaps this is an education issue. Those who know and understand these topics should be educating their friends/family that don't know that they should be setting a Recovery Contact or storing their Recovery Code somewhere they can get to it 10 years down the road.
 
  • Like
Reactions: palemonkey, BugeyeSTI and Apple_Robert
kagharaht said:
I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.
Click to expand...
Brings up a good question, how are people storing encryption keys? I’ve used locked notes and paper, but that obviously won’t work with ADP. If your sticky note or whatever is at home and you’re out of town, fail.
 
whsbuss said:
So I have a a series 8 watch, iPhone 13 Pro Max, Apple TV4k and an older Mac all tied to my Apple ID. When I tried to activate the advanced data protection it said I had to wait until February 2023 I guess because my watch is new.

Anyway my MacBook Pro is grandfathered to macOS 12 and does not support the latest OS. Can I still activate the protection? What will happen to the MacBook when it’s removed?
Click to expand...
I am in a similar situation. iPhone 13 Pro Max, Apple Watch series 6, Apple TV 4K (not newest) and an late 2015 iMac. Sure I can turn on Advanced Dada Protection on my iPhone and have it work there, the Apple TV and my watch, it leaves my iMac out in the cold. I'm used to being able to start a text session on either my iPhone or my iMac and continuing it on the other device as needed. I regularly save information in the Notes.app to be used either on my iMac or my iPhone. Advanced Data Protection stops that from happening for me.

I can NOT afford to upgrade everything I use at this time just so I can use Advanced Data Protection across all of my devices.
 
  • Like
Reactions: Glacier1 and whsbuss
burgman said:
Brings up a good question, how are people storing encryption keys? I’ve used locked notes and paper, but that obviously won’t work with ADP. If your sticky note or whatever is at home and you’re out of town, fail.
Click to expand...
I store mine in a secure note in the Keychain app and an encrypted 7zip of a text file of my recovery keys on a usb stick.
 
Last edited:
  • Like
Reactions: southnorth
gwang73 said:
I store mine in a secure note in the Keychain app and an encrypted 7zip of a text file of my recovery keys on a usb stick.
Click to expand...
That works unless you get locked out of your iCloud account. USB key would work if you have a windows computer also.
 
chabig said:
Further...a password manager with cloud storage and a web interface. That's one of the things I like about 1Password. I can still retrieve any or all of my credentials if I were to lose all of my Apple devices.
Click to expand...
Excellent follow-up about cloud access.

I use Strongbox, Bitwarden, Minimalist, and Enpass. lol I know it overkill but, I wanted backup options in case 1 or more went defunct.
 
Does anyone know how long this actually takes to take effect once activated? My understanding is it needs to re-encrypt everything with a new encryption key.

I’m not sure how it’s supposed to do that without downloading all the data to one of your devices. The alternative is uploading the encryption key to a server but that seems like that would defeat the purpose of E2E encryption.

Apple has a write up of what happens when you enable ADP, but it’s a little confusing. It makes it sounds like only newly uploaded data is E2E encrypted.

Advanced Data Protection for iCloud

iCloud uses best-in-class security technologies and employs strict policies to protect user data.
support.apple.com support.apple.com

When the user turns on Advanced Data Protection, their trusted device performs two actions: First, it communicates the user’s intent to turn on Advanced Data Protection to their other devices that participate in end-to-end-encryption. It does so by writing a new value, signed by device-local keys, into its iCloud Keychain device metadata. Apple servers can’t remove or modify this attestation while it gets synchronized with the user’s other devices.

Second, the device initiates the removal of the available-after-authentication service keys from Apple data centers. As these keys are protected by iCloud HSMs, this deletion is immediate, permanent, and irrevocable. After the keys are deleted, Apple can no longer access any of the data protected by the user’s service keys. At this time, the device begins an asynchronous key rotation operation, which creates a new service key for each service whose key was previously available to Apple servers. If the key rotation fails, due to network interruption or any other error, the device retries the key rotation until it’s successful.

After the service key rotation is successful, new data written to the service can’t be decrypted with the old service key. It’s protected with the new key which is controlled solely by the user’s trusted devices, and was never available to Apple.
Click to expand...
 
Last edited:
  • Like
Reactions: whsbuss
Curious if anyone knows this…

When you get a new iPhone, do the encryption keys transfer from the old iPhone to the new iPhone?

if you lose your iPhone, can you then set up a new iPhone from an iPad or MacBook?

I’m wondering under what conditions you would need the recovery contact or keys. I thought these were in case you forgot your password.
 
  • Like
Reactions: TheYayAreaLiving 🎗️
fatTribble said:
Curious if anyone knows this…

When you get a new iPhone, do the encryption keys transfer from the old iPhone to the new iPhone?

if you lose your iPhone, can you then set up a new iPhone from an iPad or MacBook?

I’m wondering under what conditions you would need the recovery contact or keys. I thought these were in case you forgot your password.
Click to expand...
The Recovery Key and Recovery Contact are as you say, in case you forget your Apple ID password the account in question and or get locked out due to some kind of software glitch, which has happened before to people albeit it that is not something you see on here very often.

As to the former, that is a good question. I don't know for sure but, I would think it would be slightly different for each device even though it is still tied to the same iCloud account. The reason I think that is each device has a unique encryption key identifier. Then again, my hyposthesis could be completely wrong.
 
  • Like
Reactions: fatTribble
Morac said:
Does anyone know how long this actually takes to take effect once activated? My understanding is it needs to re-encrypt everything with a new encryption key.

I’m not sure how it’s supposed to do that without downloading all the data to one of your devices. The alternative is uploading the encryption key to a server but that seems like that would defeat the purpose of E2E encryption.
Click to expand...
This page is worth reading if you haven't already. https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web
 
burgman said:
That works unless you get locked out of your iCloud account. USB key would work if you have a windows computer also.
Click to expand...

Keychain secure notes are only kept locally on machine and not synced over iCloud but it does backup on Time Machine. I still like to be safe so usb stick is my backup-backup.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back