Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

dominiongamma said:
I can’t see Apple doing this, they have strong principles with privacy. I won’t believe it unless Apple sends a message to the public which will be a sad day for Apple if this is true
Click to expand...
Of course they can not do it. They are participating in NSA prism program as Snowden documents have revealed.Why would Apple even ask or inform the FBI if they were serious about it.
In reality apples privacy skit is just marketing without much substance. They don’t protect you from advertisement tracking, and instead sell you out to google every year for billions. And they don’t protect you from totalitarian regimes, instead they hand over all infrastructure and encryption keys (see china).
It’s all a farce, there is no privacy with Apple where it really matters.
 
  • Like
Reactions: louisitou, antonis and nt5672
foobarbaz said:
So, criminals will just not use iCloud backup and be safe. Regular citizens will use it and be subject to government or system administrator overreach …

What happened to backdoors make it unsafe for everyone? Why wouldn't that apply to backups?
Click to expand...
Why would Apple supply iCloud backups to the government for “regular citizens”? Anyway it’s not like Apple stopped doing something or reversed an implementation. iCloud backups aren’t end to end encrypted now.
 
  • Like
Reactions: MacNeb
foobarbaz said:
So, criminals will just not use iCloud backup and be safe. Regular citizens will use it and be subject to government or system administrator overreach …

What happened to backdoors make it unsafe for everyone? Why wouldn't that apply to backups?
Click to expand...
It is the same with gun laws, or drugs. Criminalization of victimless crimes (owning a gun, using drugs) most times only benefits the criminals and harms the innocent.
 
  • Like
Reactions: Mr. Heckles, snek, MacNeb and 2 others
Also you guys have to understand this is a problem affecting all cloud storage providers.

OneDrive, Dropbox, Box, Google Drive, Amazon Cloud, BackBlaze, etc. etc. etc.

All of them have the encryption keys to the data and they will all hand them over to the FBI with a court order. The government has managed to make this a requirement for everyone if you want to do business in the US, Apple doesn't get special treatment.
 
  • Like
Reactions: PlayUltimate
Marekul said:
Of course they can not do it. They are participating in NSA prism program as Snowden documents have revealed.Why would Apple even ask or inform the FBI if they were serious about it.
In reality apples privacy skit is just marketing without much substance. They don’t protect you from advertisement tracking, and instead sell you out to google every year for billions. And they don’t protect you from totalitarian regimes, instead they hand over all infrastructure and encryption keys (see china).
It’s all a farce, there is no privacy with Apple where it really matters.
Click to expand...

Disagree. It is all comparative. And within the current governmental/business regulations, Apple has done far better than others.
 
  • Like
Reactions: MacNeb and MEJHarrison
And they made local sync and backups hidden and much less convenient at the same time....

Disappointing. But anyone who really has concerns, can just turn it off. Would be nice to know the retention policy though.
 
  • Like
Reactions: dk001, xpxp2002 and Marekul
Lounge vibes 05 said:
People, it's your iCloud backups that are not encrypted. Your messages and passwords are
Click to expand...

I don't believe that's entirely true. As per Apple's support doc:

These features and their data are transmitted and stored in iCloud using end-to-end encryption:

  • Home data
  • Health data (requires iOS 12 or later)
  • iCloud Keychain (includes all of your saved accounts and passwords)
  • Payment information
  • QuickType Keyboard learned vocabulary (requires iOS 11 or later)
  • Screen Time
  • Siri information
  • Wi-Fi passwords
To access your data on a new device, you might have to enter the passcode for an existing or former device.

Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
Click to expand...
 
  • Like
Reactions: xpxp2002, Marekul and urtules
This article doesn’t make sense to me. As I understand it, end-to-end encryption refers to the transportion of the data and not the storage. I am sure Apple uses end-to-end to transmit iCloud backup data. The issue would seem to me to be if Apple has the decryption key for the stored iCloud data. I seem to remember when I first set up iCloud Apple assured me that it could not decrypt my data. Do I misremember that or is that now not the case? The bottom line is I’m glad I have largely avoided the cloud.
 
  • Like
Reactions: Fred Zed, snek, WannaGoMac and 1 other person
BootsWalking said:
In public Tim Cook touts Apple's dedication to user privacy and security. In private Apple leaves a backdoor to users' backups that allows them to share thousands of backups with law enforcement.

In public Tim Cook rails against firms like Google that harvest users' privacy by monetizing their information. In private Apple has a secret agreement with Google that pays them $9B/year to enable that very business model by making Google the default search engine on iPhones.

Seeing the pattern here?
Click to expand...

Yes, in public Apple is all supporting in civil rights. In private, Apple exploits workers is foreign countries by contracting with sweatshop companies (with Apple fully knowing that Foxconn abuses their workers' rights).

Apple was publicly against Trump's China tariff policies, but then cozys up with the Trump administration to get special dispensation for iPhone imports.

We can go on and on…

One thing is certainly clear, Apple has an entrenched policy of corporate duplicity under Cook's reign.
 
  • Like
Reactions: MultiMan, laz232 and Marekul
PlayUltimate said:
Disagree. It is all comparative. And within the current governmental/business regulations, Apple has done far better than others.
Click to expand...

How so?
[automerge]1579617025[/automerge]
neliason said:
This article doesn’t make sense to me. As I understand it, end-to-end encryption refers to the transportion of the data and not the storage. I am sure Apple uses end-to-end to transmit iCloud backup data. The issue would seem to me to be if Apple has the decryption key for the stored iCloud data. I seem to remember when I first set up iCloud Apple assured me that it could not decrypt my data. Do I misremember that or is that now not the case? The bottom line is I’m glad I have largely avoided the cloud.
Click to expand...

E2E Encryption means you hold all the private keys, apple never gets to see them. Therefore apple can not decrypt/access your data.
Apple does not use e2e for iCloud backups as outlined in their support document:

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.
support.apple.com support.apple.com
 
  • Like
Reactions: antonis, dk001 and bernuli
foobarbaz said:
What happened to backdoors make it unsafe for everyone? Why wouldn't that apply to backups?
Click to expand...
There is a difference between a backdoor into a physical device that can be stolen and attacked offline and a backdoor into data stored on physically secured servers. Hacking a computing device/system via a network protocol is more difficult than hacking a device you have physical access to.

The Greyshift devices work by doing brute-force guessing of the passcode, to do the same with a server you have to overcome the protections against unlimited password guesses on a system that has life-monitoring tools.

In a sense, there are many things you want to keep secure (credit card numbers w/ CSC code, social security number, etc.) that are stored on (companies or government) servers in a way that if those servers were/are hacked, they could be stolen. Unlike the data used for FaceID and TouchID that are only stored on device, the biometric data in passports are frequently stored in (government) databases as well (differs from country to country).
 
Apples entire privacy focus is a marketing ploy to differentiate themselves from the competition. I don’t believe for a second that if it was more profitable for them to do the opposite they would. Corporations will change their values on a dime and I no longer believe Apple is any different.
 
  • Like
Reactions: laz232, nt5672 and Marekul
iCloud backups are encrypted in-transit and on-disk, but the backups themselves aren't encrypted? That's not explicitly called out, but it's consistent with the support doc.

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.
support.apple.com support.apple.com
 
As far as I understand:
- government needs a warrant so they can gather your data
- iCloud backups are not encrypted because users can forget the password needed for it, losing access to any data in said backup
- if Apple would have encrypted these backups, maybe encryption would have been ruled illegal by the gov.

I'm ok with this overall.
 
Had wondered why they hadn't closed that door previously and figured this was the reason. The problem for Apple, as we're seeing, is that the FBI etc. isn't satisfied with getting people's iCloud backups (with warrants of course), they want to get rid of local iPhone encryption as well. Privacy as a right wouldn't exist if left up to those interests.

For those concerned, just turn off iCloud backups and do local encrypted ones via iTunes - easy. The idea of having private companies protect us from our government is not sustainable in the long term and legislation needs to be passed putting it into law allowing smartphone data and backups to be E2E encrypted.
 
Apple should encrypt as much data end to end as it can. If law enforcement has a proper warrant for the data, then I have no problems with Apple giving it to them, as long as what they are asking for is proper and the warrant is issued properly.
 
  • Like
Reactions: Flow39
Surely to understand the danger here we need to know when encryption and decryption occur? Is it the case that your backup data leaves your phone unencrypted and is encrypted by Apple on their servers (meaning they hold the key)?
 
Kyle4 said:
Apples entire privacy focus is a marketing ploy to differentiate themselves from the competition. I don’t believe for a second that if it was more profitable for them to do the opposite they would. Corporations will change their values on a dime and I no longer believe Apple is any different.
Click to expand...

Funny some are in denial, like "they would never do this", same people who then buy flawed overpriced products blindly to spend all day defending Apple on the internet. 😂
 
  • Like
Reactions: antonis, shaunp, Marekul and 1 other person
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back