Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More

[zakarhino]

WOW! Awesome awesome awesome! We've been talking about this for years now. It's finally here! Apple's announcements today regarding security and privacy are a big step towards proving they take privacy seriously: not by making some features private but by trying to bring privacy to the whole stack. Credit where credit is due.

I'll need to read into this a bit more before coming to a full conclusion but this seems promising. It's also worth noting that many of these features are longstanding technologies, not necessarily innovations. Apple have a lot of room to actually innovate and bring brand new privacy/security technology to the masses. E.g, physical security keys are great but average consumers won't use them, etc. Making complex technology usable by the average consumer is Apple's calling card.

Frankly this should be a pinned article, and MR readers insisting this was already included in the "E2EE" category are finally proved wrong. There's no reason for most people not to use these features.

 

[Analog Kid]

The sooner we can get past legacy systems and encrypt email, the better...

 

[TVreporter]

Dumb question... what if you have the latest update on your iPhone but not the latest MacOs? Will that make any difference in terms of access?

I just don't want to update my iMac - Big Sur has been rock solid.

 

[jk111]

I hope with ADP enabled it won’t prevent other platforms like Roku from logging into TV+. I assume not since it’s not accessing E2E encrypted data.

 

[jhfenton]

Dumb question... what if you have the latest update on your iPhone but not the latest MacOs? Will that make any difference in terms of access?

I just don't want to update my iMac - Big Sur has been rock solid.

You can't enable it until all of your devices on that Apple ID are on iOS/iPad OS 16.2, WatchOS 9.2, or MacOS 13.1. When you try to enable APD, it lists the "offending" devices with a status underneath that it either needs to be updated or cannot be updated. You can either update them or remove them from your Apple ID.

 

[jtdx99]

Great news. I hope E2EE comes to iCloud mail sometime in the future.

 

[unsynaps]

Bah can't use it yet. Need to update all devices or kick them off my account.

Can't load beta on my home pods or get a beta iCloud installer for PC.

 

[BWhaler]

Great news. This removes Zuck’s #1 talking point to bash apple.

 

[zakarhino]

It just clicked with me why they've done this. They could have quietly announced the cancellation of CSAM scanning at any time this year to save face, hid the iMessage device key security feature in a support doc somewhere, and ignore the vocal minority complaining about iCloud backups.

So why did they not only send out a press release but get an important executive to do an interview highlighting everything? It means the Apple Glasses/Goggles are almost here. Today's press release is the first ad for the glasses without actually acknowledging the glasses exist.

Apple are getting ahead of the "AR glasses are a privacy violation" debate by declaring they are effectively going against the grain and putting the privacy of the customer over the wants of not only advertisers but powerful law enforcement agencies and politicians. This patches almost every angle of attack from Apple privacy skeptics (except for the fact that absolutely none of this is verifiable because it's a proprietary closed source system). Great move.

 

[Mac_tech]

Credit where credit is due. This sounds really good. Never thought I'd see the day where my iCloud Drive and Photos will be secured by E2E encryption.

Still, device-side scanning of my photos is NOT ok and this will not change anything about that issue. Well, that got sorted out apparently. Great!

Looks like they did abandon it, see Apple Abandons Controversial Plans to Detect Known CSAM in iCloud Photos

 

[vikingjunior]

You can't enable it until all of your devices on that Apple ID are on iOS/iPad OS 16.2, WatchOS 9.2, or MacOS 13.1. When you try to enable APD, it lists the "offending" devices with a status underneath that it either needs to be updated or cannot be updated. You can either update them or remove them from your Apple ID.

So people with an iPhone 7 plus as a backup is out of luck.

 

[svish]

Excellent. Very happy to see this happening.

 

[chips99]

Huge news and welcomed. Props to Apple for continuing to keep user data secure and not providing any type of backdoor in the chain.

 

[headlessmike]

Maybe we will see an overhaul of said app in the near future. I don't like that my contacts are not encrypted.

Maybe, but it’s not a fault of the app as far as I can tell. It’s due to interoperability with other services. Email, calendars, and contact cards use open standards (e.g. for sharing) which would be broken by such a move.

 

[bluecoast]

Maybe, but it’s not a fault of the app as far as I can tell. It’s due to interoperability with other services. Email, calendars, and contact cards use open standards (e.g. for sharing) which would be broken by such a move.

Interestingly, Apple in their announcement called these 'legacy' technologies.

Given that Apple was a prime move in the standards behind contacts and calendar (I believe), I feel certain that this is Apple code for 'we're going to update these to E2EE standards'.

I'd imagine that they're going to do the same for email too.

Then this gives them a huge advantage over Google - who of course has a business model that heavily relies on sifting through your unencrypted information.

 

[JVNPhoto]

I can't believe this functionality will not be available in all regions though. Out of all the weird "region locks" they've imposed over the years, this has to be the weirdest one. I'm located in Iceland.

 

[NO🇳🇴]

Ever since August 2014 I've been very optimistic about iCloud in general. Actually expected this to happen sooner!

Wish I knew what apple had to pay in "damages" (assurances) to all those celebrities tho 🤔

 

[No5tromo]

Why is Apple being all of over the place with their privacy policies lately? In any case I have lost trust in them as they have been caught one to many times breaching our privacy from the Siri eavesdropping scandal, to considering scanning all of our photos to tracking our data when they swore they didn't.

 

[Caretaker8735]

"You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection, according to Apple."

Looks like a great idea...of course, no chance of Apple issuing an update to disable the AAP or introducing (backdoor) code to upload the encryption keys in the background...right?

 

[nt5672]

I don't see the value in this. Mail, contacts, and calendars are the things that really need to be E2E.

 

[TVreporter]

So people with an iPhone 7 plus as a backup is out of luck.

A convenient way to encourage owners to upgrade their devices...

 

[nt5672]

It may have already been said, but Apple creates the keys, stores them on your device, then if you turn off the advanced data protections sends your keys to Apple so they can decrypt your data when needed.

If no one else sees the probability for abuse and backdoor here, you're just not looking. Apple not having access to your keys is an absolute lie. They do as soon as you turn this off, which Apple can probably do anytime they want. Apple never said they could not turn this feature off remotely. Not only that but Apple can write code to get your keys from your devices any time. Maybe remotely turning advanced data protections off is not in the initial offering, but just done when the government wants your data.

Correct me if I missed something.

Real E2E means that the owner creates the keys, stores the keys, and has control over who has access to the keys. This is just more Apple marketing for the uninformed masses.

 

[JackNL]

I don't see the value in this. Mail, contacts, and calendars are the things that really need to be E2E.

Maybe that will follow in the future as well. But for now E2E encryption for especially all of your iCloud files and notes seems a big leap forward to me.

 

[AHDuke99]

This is great news. Apple is finally backing up its ad campaign about privacy by actually doing as they say.

 

[samwa3]

I don't see the value in this. Mail, contacts, and calendars are the things that really need to be E2E.

Mail, Contacts and Calendars are also the easiest things you can use a competitor for without it really having an influence on how you use your phone. Whether that be Proton or any other company recommended by privacy advocates. Or for Mail there's also S/MIME (natively supported) and PGP (only good iOS app is Canary Mail, but there is one), so you don't even need to switch providers.

However, ever tried finding an alternative for iCloud Drive or Photos? Sure, there are some, but I've been through a lot in the last few years and nothing is as seamless and daily driveable as the Apple offerings are (given that you're using an Apple device). Meanwhile, Mail, Contacts and Calendars are less of an issue. Of course, still hoping for Apple to also take these three to the next level security and privacy-wise.