Turning on ADP requires managing recovery contacts and/or recovery keys. If you mess that up, you can lose access to your data if you lose your device(s). That's a lot to require of every single customer.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Data Encryption Changes in the UK Explained
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not quite sure I understand you. Unless with sarcasm? Add a contact or safely store your key for your privacy takes less than five minutes for end to end encryption. I know many people that don't care and as such won't bother but it really is not a huge effort for (in my opinion) a big upside.
I like that Apple offers it and people can decide for themselves. I would personally add it to the setup of a new device so people can decide for themselves.
Last edited:
It’s still annoying to have geographic restrictions thrust upon us regardless of their market penetration. It’s still an invasion of civil liberties to be told that we as citizens have no right to personal responsibility in these matters.
Perhaps the lesson is ultimately not relying on big tech to look after our personal data. There isn’t anything stopping me locally backing up photos on an encrypted hard drive and taking matters into my own hands.
Perhaps the lesson is ultimately not relying on big tech to look after our personal data. There isn’t anything stopping me locally backing up photos on an encrypted hard drive and taking matters into my own hands.
The serious criminals likely use thowaway/burner phones. So this won't affect them as much as we're being led to believe it will.
This debacle doesn't affect me really, as im not a criminal, but I still see that it sets a dangerous precedent for privacy in future.
Can “the user” assess what level of security he needs?
If we are honest, with regard to the constant “break-ins” and thefts in servers, not even companies can manage it.
If we are even more honest, even many states and politicians do not want to recognize that IT security is important.
But should the average user be the one to judge? I can already hear him shouting, “Why didn't anyone protect me from the criminals?!”
Replace ‘cybersecurity’ with ‘vaccination’.
But I think it's a cultural issue again.
This ‘personal responsibility’ to the point of self-destruction is typically American. As a European, I lack understanding for that.
Ironically the only people who know about ADP and turned it on are Criminals.
It's still encrypted. Just not as much.
I bet about 0.1% of people used it... or even knew about it.
It's still encrypted. Just not as much.
I bet about 0.1% of people used it... or even knew about it.
Someone needs to remind the British government that "1984" is not an instruction manual.
Yeah.
I am not knowledgeable enough, but it seems like Apple's response is the best one possible so far without actually having to make existing technology comply with UK requirements. I would not want any backdoor to ADP and it's turned on for all my Apple devices.
If there's an alternative, perhaps @JonathanParker could propose it.
And right there, you've hit upon the fight that Apple has no desire to take on.
If Apple were to require ADP across the board, the inevitable result is that somebody would eventually lose their encryption keys -- and then blame Apple for the loss of access to their encrypted personal data, likely even going so far as to sue the company.
Instead, Apple chose a default configuration which allows Apple themselves to be the trusted agent, holding the keys for their users... and helpfully assisting them to get their data back when something goes awry. This creates the most desirable outcome for the vast majority of their user base.
And of course, with ADP as an opt-in feature for users who understand and are willing to accept the risk, Apple provides a good solution for their needs as well, without taking away the easier option from the rest of their user base.
Further, making it optional ensures that situations like this one can be handled with a fallback plan of disabling the optional feature in just the affected jurisdiction. If ADP were mandatory across all iOS devices, I expect it would be much more difficult to escape the UK's backdoor requirements.
The UK:
Also the UK:
1984 was supposed to be a warning, not a user-manual for government.
The Royal Family's Troubling Connection to Jeffrey Epstein
A new film on Netflix revisits Prince Andrew's 2019 interview during which he talked about his friendship with the convicted sex offender.www.townandcountrymag.com
Two children sexually assaulted at London migrant hotel
MP Stella Creasy calls for the home secretary to resign after the incidents at a hotel in London.www.bbc.com
1984 was supposed to be a warning, not a user-manual for government.
True. At the same time, I've been surprised to see how much visual surveillance is already happening in the UK. For instance, it looks like CCTVs are really everywhere monitoring the public. At least where I live in the US, that doesn't seem to be the case. And it seems like this spread of CCTVs in the UK has been going on for a couple of decades now.
This is to say that 1984 already is part of the British government's operation.
It was not sarcasm. I agree it might make sense to add it as a startup option at some point. But turning on unrecoverable encrypted backups for everyone would just end up with a lot of lost data and angry customers.
I agree. When another group that demands similar access is the CCP in China, everyone who is in favor of this in the UK should look in the mirror and see which side of history they wish to be on: 1984-style mass surveillance or a free country.
The end user only holds the keys if Advanced Data Protection is enabled. Apple holds the keys if it is not. This is why Microsoft and Google have not been put under the same scrutiny as Apple. Microsoft and Google hold the keys for their encryption services.
The user should have the freedom to judge, and to choose correspondingly. I’m not talking about unsafe defaults — though Apple actually does default to the less secure option by making ADP opt-in (for arguably sensible technical reasons). Let Apple show warnings when you choose the less secure option (e.g. in the UK show a big privacy warning when you turn on, or don’t turn off, iCloud services). My point is that the only position consistent with removing iCloud services from the UK altogether would be to remove the non-ADP option globally.
I’m European, and for freedom of choice, as long as it doesn’t cause harm to other people.
Last edited:
Change.org has a petition on this, asking the government to "to pull back from this unwarranted invasion of personal digital space"
Rather longer than that : there were tests mid-80's & an official local government scheme in 1987
in mid-90's I recall a friend working in the control room, watching what went on in a town some miles away… they were able to talk through a speaker near the cameras & dissuade people from doing things that would have led to police being called.
"I’m European, and for freedom of choice, as long as it doesn’t cause harm to other people."
How exactly do you define that? "Cause harm to other people"? If I choose to drive an automobile, and I accidentally hit someone with it, is that not harm? That's a pretty slippery slope you're standing atop.
How exactly do you define that? "Cause harm to other people"? If I choose to drive an automobile, and I accidentally hit someone with it, is that not harm? That's a pretty slippery slope you're standing atop.
If this is such an important issue why didn’t Apple automatically enable ADP and make it such that it couldn’t be switched off by anyone.
There are a lot of people who are not criminals who turn it on. Do you want everyone looking at every photo you've ever taken? The NSA, MI5/JIO, CCCPC, BND, FSB etc having access to everything on your iPhone? Some random person?
When there is ONE key (or one group of keys) that encrypt all the data held in Apple's iCloud environment (which in turn is held at AWS, Google etc, just encrypted - but then likely available to be copied by the NSA for example) many if not all of these agencies have copies of iCloud backups. They are encrypted in transit and at rest there, but these agencies (particularly the NSA) vacuum up all the data that they can and store it. After that all it takes is one corrupt employee, one blackmailed employee, one incompetent employee, one phished employee etc who had access to the keys to let them slip. And then everyone's data is out there. It is a huge target, one that any of these agencies or criminals would like to get ahold of and consequently there would be a huge financial reward to doing so.
The 3 letter agencies keep copies of it from 1, 5, 10 or whatever years ago so that when a key is leaked, they can get access whenever they want to do so. Whether it is for a true investigation, to leak something damaging to someone else (e.g. the tax returns from the IRS), or to look up an old boyfriend or girlfriend they'll have access. Think about journalists reporting on assassinations or something and say Iran gets their data unlocked. Or the US, or the UK etc.
If you have to attack each phone individually, it is much more difficult and much less of a huge target. If I can get access to 1 billion's people's bank password vs 1, which is a better thing to try? If I can get access to every actor and actresses photos (if they don't have ADP on) vs 1, which would I want? If I can get access to every CEO or other managers financial data a week before a company announces it vs just one, which would be a bigger target?
And there are hundreds of other scenarios similar to that - an abusive spouse, police investigations etc.
Why would a real criminal store compromising data in a cloud anyway? Measures like that usually only target normal users.
CCTV cameras are cheaper than police officers. Nobody likes being watched but CCTV and Doorbell cameras have helped to solve a lot of serious crimes.
“There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time.”
George Orwell. ‘1984’
George Orwell. ‘1984’
The vast majority of criminals (well, people in general) aren't that clever.