Apple's Craig Federighi Discusses Expanded iCloud End-to-End Encryption

[turbineseaplane]

Some folks really need to take off the cynical tin foil conspiracy hats and give credit where it's due here for Apple

I ride them hard as anyone, but they've done a good thing here amid a lot of pressure from a lot of forces

 

[BuffyzDead]

Does this mean Apple does NOT have the keys to un-encrypt and view ANY

data, documents, pictures, etc., on all the applications listed under

this Advanced Data Protection splash screen?

Not even for court orders?

(confirming what I believe I just read)

 

[Ceecephous]

Nice damage control after the "Apple uses advanced algorithms to see what are you buying off the appstore"

 

[Choco Taco]

I wouldn’t be too sure. The interviewer explicitly asked Craig about that, and, though he didn’t promise, he made clear that, as of today, Apple intends this to be a worldwide feature, including in China.

Of course, there’s still plenty of time for China to object.

At that point, we’ll see how committed Apple is, and also how determined China is. However it plays out, it’ll be revealing.

Apple can say whatever they want to say. Their actions speak far louder than their words. They moved all of their Chinese iCloud data to servers in China so the CCP can monitor literally everyone. Apple shut down apps used by protestors when the CCP asked. They recently disabled the ability for protestors to use AirDrop with each other. Apple does whatever China wants. I feel with utmost confidence that Chinese citizens are going to get approximately zero of these encryption and privacy features. They already lack all of the privacy features that everyone else gets to enjoy outside of China. Apple isn't committed to Chinese citizens. They are committed to the CCP.

 

[BigMcGuire]

Does this mean Apple does NOT have the keys to un-encrypt and view ANY

data, documents, pictures, etc., on all the applications listed under

this Advanced Data Protection splash screen?

Not even for court orders?

(confirming what I believe I just read)

Is this in 16.2? I wanna get the RC now just to turn this on already lol.

 

[turbineseaplane]

They moved all of their Chinese iCloud data to servers in China so the CCP can monitor literally everyone.

They have no choices on this stuff as it relates to China
They either accept what the Chinese government dictates or they have to not operate in that country at all

You're being unreasonable towards Apple in this particular area

 

[Choco Taco]

Is this in 16.2? I wanna get the RC now just to turn this on already lol.

That's the only bad thing about the yearly iOS refresh is waiting for all the new features to come out. By the time we get everything we're promised, the new version of iOS is right around the corner.

 

[Choco Taco]

They have no choices on this stuff as it relates to China
They either accept what the Chinese government dictates or they have to not operate in that country at all

You're being unreasonable towards Apple in this particular area

I'm most definitely not being unreasonable in regards to Apple. Apple is being unreasonable. They put themselves in this situation by bowing down to China to spite ethics. There's no defending Apple here. It's wrong on every level. They chose money over morals. I understand China is a large market, but Apple would still be an astronomically large company without them. Now they're dealing with manufacturing issues due to China's overbearing lockdowns and are trying to manufacture outside of China.

 

[now i see it]

Maybe I’ll start using iCloud backup again

 

[TheYayAreaLiving 🎗️]

That's the only bad thing about the yearly iOS refresh is waiting for all the new features to come out. By the time we get everything we're promised, the new version of iOS right around the corner.

I agree. I think Apple should work on iOS software 6 months to 1 year in advance so that by September when it is expected to roll out all features should be included and it should be the refined version. Oh well, Apple has been doing this for over a decade now so they got it down very well.

 

[turbineseaplane]

I'm most definitely not being unreasonable in regards to Apple. Apple is being unreasonable. They put themselves in this situation by bowing down to China to spite ethics. There's no defending Apple here. It's wrong on every level. They chose money over morals. I understand China is a large market, but Apple would still be an astronomically large company without them.

It only impacts Chinese Apple users -- and those users have the same issues no matter what company or products they choose. The Chinese government is in full control.

What Apple does in China doesn't apply to their operations anywhere else.

Do I like it? Or course not
But I don't like much of anything about China and how that government comports itself

If Apple wants to pull out of China totally, that'd be fine too

I don't think Apple is "wrong" to operate there. We all make choices.
Everyone here reading this has "made in China" stuff all over their houses and throughout their lives.

Unless I'm willing to go without anything made in China, I'm not sure I should be chastising Apple

 

[Choco Taco]

I agree. I think Apple should work on iOS software 6 months to 1 year in advance so that by September when it is expected to roll out all features should be included and it should be the refined version. Oh well, Apple has been doing this for over a decade now so they got it down very well.

It's what we've come to expect from Apple. I think it secretly just makes us anticipate Apple goodies all year long. It's all part of the plan.

 

[TheYayAreaLiving 🎗️]

Maybe I’ll start using iCloud backup again

High recommend! I hope next year Apple increases the iCloud backup to 5TB - 10TB. These ProRaw images are taking up lots of space.

 

[Choco Taco]

It only impacts Chinese Apple users -- and those users have the same issues no matter what company or products they choose. The Chinese government is in full control.

What Apple does in China doesn't apply to their operations anywhere else.

Do I like it? Or course not
But I don't like much of anything about China and how that government comports itself

If Apple wants to pull out of China totally, that'd be fine too

You're right, it doesn't affect everyone else, but it's still a serious issue. I can't help but feel deep empathy for our friends in the East. It's really sad.

 

[Choco Taco]

High recommend. I hope next year Apple increases the iCloud backup to 5TB - 10TB. These ProRaw images are taking up lots of space.

Yeah. Seriously. They need to have much bigger plans. I'll happily pay for mass storage.

 

[LogicalApex]

This is really big, surprising move from Apple, probably part of the reason of dropping CSAM, but I have this feeling that the government no longer needs these keys because of the advances in quantum computing.
Google now it is your turn, Apple called your bluff.

This is definitely the fallout of CSAM. They had only two viable paths… They run CSAM detection scans since they had the photos unencrypted on their servers or they encrypt it on the device and they can’t be responsible for it since they can’t access the data.

I wasn’t bothered by the CSAM path due to that first path, but I was in favor of us being at this place with E2E encryption. I just wasn’t sure Apple would make it here considering the additional burden it places on users. I’m’ extremely happy they had the courage to do it! And I have to tip my hat off to those who stood their ground on CSAM scanning as they’re the reason we’re here.

 

[supremedesigner]

The question remains - is the iMessage encrypted when backing up to the iCloud?

For example - your iMessage is encrypted when you don't enable "sync your messages to iCloud".

However, for the backing up to iCloud, this article didn't state it.

Here is the useful article: Apple’s iMessage Is Secure … Unless You Have iCloud Enabled: https://www.howtogeek.com/710509/apples-imessage-is-secure...-unless-you-have-icloud-enabled/

 

[klasma]

Is there really no government back door...?

They know that any backdoor will eventually be exploited by an attacker. And I think (at least part of) the government knows this too by now.

 

[Mr. Heckles]

It's honestly about time. Unfortunately, our friends in China won't get to enjoy this new encryption.

You didn’t watch the video, did you?

 

[jaytv111]

Does this mean Apple does NOT have the keys to un-encrypt and view ANY

data, documents, pictures, etc., on all the applications listed under

this Advanced Data Protection splash screen?

Not even for court orders?

(confirming what I believe I just read)

Correct. It is end-to-end. That's what it's saying.

 

[LogicalApex]

The question remains - is the iMessage encrypted when backing up to the iCloud?

For example - your iMessage is encrypted when you don't enable "sync your messages to iCloud".

However, for the backing up to iCloud, this article didn't state it.

Here is the useful article: Apple’s iMessage Is Secure … Unless You Have iCloud Enabled: https://www.howtogeek.com/710509/apples-imessage-is-secure...-unless-you-have-icloud-enabled/

This changes the old reality. So the answer would be. Yes, they would be encrypted.

BUT! Only if you enable Advanced Data Protection. It is an opt in feature since it is easy for non-savvy users to be really screwed.

And, obviously, this feature isn’t out today. It arrives with 16.2.

 

[djgamble]

On a serious note, with anything really worth keeping private, I use GPG before uploading to the cloud. I used to keep sensitive local files encrypted as well (likely overkill now?) and have been using PGP since the late 90's.

Wait what is that black helicopter doing outside my window? Knock, knock Neo.

GPG Suite

Everything you need to get started with secure communication and encrypting files in one simple package leveraging the power of OpenPGP/GPG

gpgtools.org

FWIW the one time I've been seriously hacked was by my ex-wife (who knew my personal details, planted trojans and then later hired a professional when I started shutting things down - a major breach of what I'd assumed was a solid trust relationship). She'd also spam me... I'd get upwards of 200 e-mails per day from her/alts that I had to deploy a dedicated spam filter for (hint: iPhones don't do spam filtering).

My only lesson from this was that where there's a will, there's a way. Also, I only have so much appetite for inconvenience. When my security measures (which only worked temporarily) became too much of a burden, I just setup an 'unknown' address for my important stuff, or used my work e-mail address (large organisation with IT security teams protecting me). I found this worked the best and didn't inconvenience me.

 

[klasma]

I have this feeling that the government no longer needs these keys because of the advances in quantum computing.

Nah, quantum computing isn’t quite there yet.

 

[klasma]

Does this mean Apple does NOT have the keys to un-encrypt and view ANY

data, documents, pictures, etc., on all the applications listed under

this Advanced Data Protection splash screen?

Not even for court orders?

(confirming what I believe I just read)

For data stored on Apple’s servers, yes. For the data stored on your devices, Apple could conceivably inject code on demand to siphon the locally unencrypted data, though I would assume they’ll only write (not to speak of deploy) such code once they’re legally forced to.

 

[4nNtt]

It's interesting that they're suddenly doing all this right after iCloud photos were possibly being sent to other users without them knowing. I wonder if there's a connection? 🤔

I doubt it. That wasn't using E2EE. That was probably just buggy Windows integration support. Probably related to some sort of transcode pipeline. It would be nice if Apple made it easier to keep a local backup on an external drive though.

I'll be turning on Advanced Device Protection as soon as all my devices are updated. It has been used for some other iCloud data for awhile. It should be pretty proven at this point.