Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
- Thread starter MacRumors
- Start date
- Sort by reaction score
Doubt it is just the FBI ... most FISA come with gag orders. I know here in Cali you see it mentioned now and then in the LAT that Apple "helped" local LE.
I am describing end-to-end encryption. End-to-end means data is moving from one point (end) to another point (another end).
Webserver (one end)
Browser (another end)
iPhone (one end)
iCloud servers (another end)
Encryption in an iPhone which does not travel would be called at-rest encryption.
But if you take data which is at-rest encrypted and send it, it becomes end-to-end encryption by the virtue of traveling encrypted from one end to another end.
It is not a lie. A single search might not be identifiable, but aggregated search data including metadata like IP address, device type, various fingerprinting methods and deep learning will have you and your device identified in no time.
You seem to have zero understanding how this works on a technical level, but the +9.000.000.000$ should tell you all you need to know.
Oh, I completely agree. I bet it is ALL of the three-letter alphabet agencies.
It's time to provide APIs for 3rd-party backup solutions for iOS. These companies can provide their own encryption and cloud storage.
Funny how you claim I have zero understanding of this yet you offer no concrete proof of what is actually happening. Sorry, but "various fingerprinting methods" is not good enough.
Show me where Apple is sending "metadata" to Google. Be specific about what types.
They don't need an agreement with MR. The agreements are in place with ISPs at the internet backbone level, and with companies like Microsoft, Facebook, and Google, to vacuum up all communications. PRISM.
Last edited:
The very same people who think the Mac Pro base model isn't over-priced, and you're simply 'not pro enough' if you think it is. The same people who think you are mad for wanting keys with proper travel and proper ports on a workstation class laptop. The same people who think an iMac fills the gap between the Mini and the Mac Pro. LOL. They really do make me chuckle.
Weird that one line stuck out to you and you managed to take It out of context.
Read the whole post you’re responding to.
I think I will need to state this next time I mention Time Capsule.
Not everyone has a computer / PC. As a matter of fact increasingly there are lots of people only use Phone and Tablet at their home and only use Computer at work.
The Whole point of Time Capsule is the set it and forget it.
that may be true, technically. but as long as apple keeps the key, it is not secure, not safe, and not end to end encrypted.
As per official googles privacy policy:
"When you’re not signed in to a Google Account, we store the information we collect with unique identifiers tied to the browser, application, or device you’re using. This helps us do things like maintain your language preferences across browsing sessions."...
..."The information we collect includes unique identiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request."
..."We collect this information when a Google service on your device contacts our servers — for example, when you install an app from the Play Store or when a service checks for automatic updates. If you’re using an Android device with Google apps, your device periodically contacts Google servers to provide information about your device and connection to our services. This information includes things like your device type, carrier name, crash reports, and which apps you've installed."...
..."We collect information about your activity in our services, which we use to do things like recommend a YouTube video you might like. The activity information we collect may include:
- Terms you search for
- Videos you watch
- Views and interactions with content and ads
- Voice and audio information when you use audio features Purchase activity
- People with whom you communicate or share content
- Activity on third-party sites and apps that use our services Chrome browsing history you’ve synced with your Google Account"
..."We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs."...
..."We collect information about your location when you use our services, which helps us offer features like driving directions for your weekend getaway or showtimes for movies playing near you.
Your location can be determined with varying degrees of accuracy by:
- GPS
- IP address
- Sensor data from your device
- Information about things near your device, such as Wi-Fi access points, cell towers, and Bluetooth- enabled devices"
Is that good enough? What makes you think iOS users are exempt from this type of data collection?
Be specific about it.
Apple didn't lie when they advertised "What happens on your phone, stays on your phone!" because they knew what goes to the iCloud, will be shared with everyone!
ProtonMail is creating a ProtonDrive that should be end to end encrypted. I have my hopes that eventually some rich Silicon Valley geek will create a private OS and Mobile OS for people to use, just like DuckDuckGo was the answer to Google and Protonmail was the anserw to Gmail. Maybe Elon Musk.
ProtonMail is creating a ProtonDrive that should be end to end encrypted. I have my hopes that eventually some rich Silicon Valley geek will create a private OS and Mobile OS for people to use, just like DuckDuckGo was the answer to Google and Protonmail was the anserw to Gmail. Maybe Elon Musk.
John Gruber isn’t buying this story.
daringfireball.net
Regarding Reuters’s Report That Apple Dropped Plan for Encrypting iCloud Backups
This isn’t about Apple foiling law enforcement. It isn’t about Apple helping criminals. It’s about Apple enabling its customers to own and control their own data.
daringfireball.net
Not good enough. Boilerplate contract terms are not proof of anything.
For example, your copy/pasted text talks about phone numbers. There’s no method in iOS for a developer (let alone a web page in a browser) to gain access to your phone number.
Unlike, say, Android where there are lots of APIs to allow developers access to unique information about you or your device.
Curious, do you know anything at all about how iOS works?
I am not giving up on tech: I cannot as I'm a systems engineer by profession. I am, however, going to the "dark side." Microsoft has come a long, long way over the years. And they are producing products, both hardware and software, which are - in my not so humble opinion - far superior to what Apple currently has to offer. And, to be quite honest, Windows 10 is nicer to use - again in my subjective opinion - than the current iteration of macOS.
YMMV.
Just sayin'.
John Gruber isn’t buying this story.
Regarding Reuters’s Report That Apple Dropped Plan for Encrypting iCloud Backups
This isn’t about Apple foiling law enforcement. It isn’t about Apple helping criminals. It’s about Apple enabling its customers to own and control their own data.
Why?
If Apple did do encryption at that level that is tied to the user and Apple does not have the keys, how are they, Apple, getting the cloud data to the FBI as indicated.
With some technical knowledge you can extrapolate what they are doing with the gathered data.
Yes, some parts of my quotes are not applicable to google search or iOS devices. That doesn't invalidate everything else.
Wether Android functions differently than iOS or is more exposed to Google than iOS has nothing to do with our discussion.
You repeatedly made the claim that google gets no private data or personal identifiable data form being the default search in iOS.
In specific you said:
"Apple isn’t selling user data to Google because Google gets no user identifying information."
This is wrong. IP Address and aggregated non identifying information, especially when combined with advanced fingerprinting techniques, correlation attacks and machine learning, are personal identifiable data. Apple has no proxy to obfuscates or filter the data exchange between google and iOS devices in any way.
"Apple makes Google the default search, not browser. As in, I type something into the Safari address bar and it performs a search Apple controls what data gets sent to Google. This is not the same as if I loaded google.com into a browser and did a search from there."
I just tested this on iOS Safari in a remote debug session. Address bar browser search and google website search produce the exact same request headers, there is no difference in the amount of information exchanged with google.
Your claim is wrong and i really wonder, do you just make this stuff up? Where do you get your information?
"Google will absolutely pay $9 billion a year for data, even if it’s anonymized."
See above, the data is not anonymized.
Last edited:
No what he’s not buying is Apple stopping work on end to end encryption because of the FBI or other law enforcement. Apple hasn’t commented on this story. We have no idea if it’s true. Considering how many people use iCloud for backups it’s not a simple thing to do. One would assume this encryption key would need to be separate from your Apple ID password and just for iCloud backups. What happens when grandma with an iPad forgets her encryption key/password and then wonders why she can’t just get a new password and get her data back. This is all much easier said than done.
Good reply. I was looking at this strictly from the perspective of what has been done, not if they are still pursuing this and factoring that into the several articles I have read about this. The thought regarding non-recoverable data in the event of a password / key issue is pretty rough. I would imagine the majority of iDevice users leave the default iCloud backup active.
iMazing gives you a similar option I guess with automatic Wi-Fi backups, as it allows backing up to NAS, but not sure if this is what you are looking for.