Do You Trust Apple w/ Your Privacy?

[HappyDude20]

Poll.

Even if Apple is trying to make their system secure overall, I can't help but think of that 5,000+ subpoenas that they receive and therefore hand information over to law agencies.

I have a terabyte of photos and documents on an external that I would love to upload to the cloud but fear either the government using their stronghold to force Apple to give them my info, or some smart computer hacker getting all my stuff. I have nothing illegal nor anything to hide, but considering the world we're inching towards in regards to deep fakes and people just using any little detail they can find online and use it to further their pursuits, I'm very cautious when it comes to uploading everything to iCloud.

I fly a lot and travel with my external hard drive or leave it at home if I travel abroad considering the laws out there are much different.

 

[BigMcGuire]

More than most companies yes. What I don't like about iCloud is that it resides on servers that Apple doesn't own (I realize they encrypt the **** out of it). I love the ease at which data is synced via OneDrive, but I only use that for data that isn't sensitive. I trust Apple with my Photos and my data (but use OneDrive for most of my data because I work on Windows).

Sensitive data I store locally and backup to BackBlaze via Arq (which encrypts it with a key only I know). All my disks are encrypted (same for the CCC disks and TM disks). Backblaze Unlimited also has the ability to put in your own key - which I do as well.

I wouldn't fly with any hard drive. I've flown to 2 countries and 12+ states in the last year and a half. Just having two laptops (work/personal) got me in trouble internationally (many many questions several times over and a physical inspection).

 

[sracer]

I don't trust Apple with my private information, but I don't trust any company with my private information. Loss of privacy is the cost of being in a connected digital world. The topic of privacy makes for great marketing campaigns, but in the practical sense, maintaining full privacy is not possible... it's a matter of how much loss of privacy a person is comfortable with.

 

[willmtaylor]

Implicitly? No.

More than any of the other tech companies? Yes.

 

[MisterSavage]

More than most companies yes. What I don't like about iCloud is that it resides on servers that Apple doesn't own (I realize they encrypt the **** out of it). I love the ease at which data is synced via OneDrive, but I only use that for data that isn't sensitive. I trust Apple with my Photos and my data (but use OneDrive for most of my data because I work on Windows).

Sensitive data I store locally and backup to BackBlaze via Arq (which encrypts it with a key only I know). All my disks are encrypted (same for the CCC disks and TM disks). Backblaze Unlimited also has the ability to put in your own key - which I do as well.

I wouldn't fly with any hard drive. I've flown to 2 countries and 12+ states in the last year and a half. Just having two laptops (work/personal) got me in trouble internationally (many many questions several times over and a physical inspection).

Hi. Are you me? Thanks for saving me a lot of typing.

 

[Expos of 1969]

I agree. It is unfortunate but that is where we are at this moment in time.

 

[chown33]

Implicitly? No.

More than any of the other tech companies? Yes.

I like this answer because it concisely shows that trust is a continuum rather than binary, and is always within some surrounding context or set of circumstances.

 

[CE3]

I certainly agree with their public position on privacy being a fundamental human right.. and I guess I trust Apple more than the others (Google, Microsoft, Facebook, etc).. but I always take the privacy PR with a grain of salt and hope for the best.

When you find out companies like Google and Facebook were using enterprise accounts to gather all sorts of data from iOS users, sometimes for as long as 7 years, and Apple looking the other way until it becomes a public news story, I'm dubious.

https://www.macrumors.com/2019/01/30/apple-disables-facebook-internal-apps/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/

Like @BigMcGuire I don't like how much iCloud data is being stored on Google & Amazon servers. Yes it's encrypted, but I still feel like Apple should have a better solution.

Also, in the future when leadership changes at Apple, so could their privacy and security priorities.

 

[chown33]

I have a terabyte of photos and documents on an external that I would love to upload to the cloud but fear either the government using their stronghold to force Apple to give them my info, or some smart computer hacker getting all my stuff. I have nothing illegal nor anything to hide, but considering the world we're inching towards in regards to deep fakes and people just using any little detail they can find online and use it to further their pursuits, I'm very cautious when it comes to uploading everything to iCloud.

I fly a lot and travel with my external hard drive or leave it at home if I travel abroad considering the laws out there are much different.

Why do you want to upload the photos and documents to the cloud? In short, what is your goal?

Is your goal to make the material available to others (sharing)? Or is your goal to make it available only to yourself in other locations (transporting)?

If your goal isn't to share with others at all, and are only trying to make the data available to yourself at multiple locations, then you can use encrypted disk-images to achieve the latter. Basically, you make an encrypted disk-image (sparsebundle is best, for reasons below) then upload that to the cloud. Make sure you DO NOT store the encryption password in your Keychain, OR make sure you DO NOT store or sync your Keychain to the cloud.

When you need the data in another location, you download the disk image and open it on the local machine. If you make changes to any files on the disk-image, upload the disk-image back to the cloud. If the disk-image is a sparsebundle, then only the bands (8MB chunks) that changed will be uploaded. You can then safely delete the disk-image from the local machine.

Any decent "cloud backup" program should be able to keep backups of the sparsebundle's bands on the cloud service. There's a thread on Arq, which lets you use many different cloud storage providers.

The trusted agents in this approach are:
- Apple is trusted to make encrypted disk-images
- Apple is trusted to not leak your password when entering it for decryption
- Apple is trusted to not leak data from the disk-image while it's mounted, e.g. the document versioning feature

The versioning feature can leak document data if versions are written to a non-encrypted volume, e.g. your ~/Library folder.

This is just a rough outline, not a comprehensive guide. Security is hard.

 

[a2jack]

Our Privacy is the coin of the realm in the new cyber world. It is ,bought, sold and traded at the speed of light. It has been long-- since the time it belonged to us.

But does it matter anymore ? Most of our far-out fantasy's play out online every day, and each of us has little wealth left to be of interest to the power elite, $$$.

The $$$ only want business as usual, and in this world, like that other one, "Don't Make A Wave". We are watching. LOL

 

[danny_w]

Not any more than any other company. I simply don't trust Apple's glib assurances or privacy, it smacks of marketing fluff to me.

 

[willmtaylor]

Not any more than any other company. I simply don't trust Apple's glib assurances or privacy, it smacks of marketing fluff to me.

In this day and age, skepticism is understandable—the difference is that Apple’s reputation and in large part business model are based upon its assurances being more than marketing fluff.

History is also on Apple’s side here (versus many other companies who have tried to sell us on “privacy” only to be discovered they were actually selling our privacy).

 

[WingsAndBeer]

DTA, but this day in age a mobile device is essentially required in business, so Apple it is.

 

[NoBoMac]

I fly a lot and travel with my external hard drive or leave it at home if I travel abroad considering the laws out there are much different.

And not any safer than iCloud, imo. Lose the drive, hosed. Border Police/Customs can demand you turn over the drive for examination when re-entering the country, hosed again.

 

[AustinIllini]

I think it's safe to say I trust Apple more than most companies because they don't rely on selling user data as a revenue source. That's probably good enough for me for now.

 

[retta283]

Yeah, I would trust Apple over MS or Google any day, but I don't trust them fully. Of course there is also the government who will spy on you regardless of what you use. Privacy is not a thing with Internet devices, and I have mostly accepted that.

 

[0388631]

Nope. I don't believe a word they say.
[doublepost=1559769410][/doublepost]

History is also on Apple’s side here (versus many other companies who have tried to sell us on “privacy” only to be discovered they were actually selling our privacy).

The NSA supposedly had access to Apple's servers if Snowden, the traitor, is to be believed. Apple claims their hardware is safe, but even Apple's gear was suspect to MDS attacks by whomever had the foresight to exploit it before it was leaked to the press. And I very much doubt there isn't a single intelligence outfit, private or government, that hasn't cracked iOS and macOS security measures. The concept of Apple's own employees handing over such info or they themselves being foreign agents or sellouts is likely.

This isn't paranoia. This is how corporate espionage works. Above that, it's any company or agency that can afford the R&D costs.

 

[CE3]

Our Privacy is the coin of the realm in the new cyber world. It is ,bought, sold and traded at the speed of light. It has been long-- since the time it belonged to us.

But does it matter anymore?

Yes, it matters a great deal and will matter even more in the coming years in ways we can't even comprehend yet.

I don't expect total privacy online any more than I expect total privacy when I'm out and about running errands. There are obviously ways that we engage with the internet (like our interactions on this forum) that are public.

Our private data is another matter.

Like Tim Cook recently said in this interview, there should be laws in place that give us the ability to know exactly how are data is being used--who's buying it. who's selling it--and we should be able to stop these practices and have our data deleted if we choose. A draft of The New York Privacy Act wants to give residents the ability to sue companies for privacy violations.

Apple says they're not waiting for the government to act and pushing forward regardless.

I take that with a healthy dose of skepticism but certainly hope it's true.

 

[a2jack]

Apple says they're not waiting for the government to act and pushing forward Butregardless.

But Apple, and the other big money lenders such as Amazon, GE and others will only act in their own interests, not us. $$$ makes the laws of the land. It's way too late.a2

 

[CE3]

But Apple, and the other big money lenders such as Amazon, GE and others will only act in their own interests, not us. $$$ makes the laws of the land. It's way too late.a2

There are also a lot of companies who put their interests above the environment. Should we all just shrug our shoulders and say it's too late for us to do better? No, because it's not too late to combat climate change. And it's not too late to demand more control of our personal privacy and data either. If you want to have defeatist, apathetic mentality that's your prerogative.

 

[S.B.G]

Implicitly? No.

More than any of the other tech companies? Yes.

This. Best answer for me as well.

As it were, last night and finishing up this morning, I built my own 100% private cloud storage setup. I used Digital Ocean to spin up a Ubuntu droplet and then used Nextcloud as the syncing service and tying both into my own domain and encrypted the URL with Let's Encrypt.

Now I have a fully controlled and private end-to-end solution for which only I have access to. I moved everything out of my iCloud Drive account into it and am syncing it locally to my newly created Linux PC at home which is replacing the Mac mini (2014) as my desktop computer.

 

[chown33]

This. Best answer for me as well.

As it were, last night and finishing up this morning, I built my own 100% private cloud storage setup. I used Digital Ocean to spin up a Ubuntu droplet and then used Nextcloud as the syncing service and tying both into my own domain and encrypted the URL with Let's Encrypt.

Now I have a fully controlled and private end-to-end solution for which only I have access to. I moved everything out of my iCloud Drive account into it and am syncing it locally to my newly created Linux PC at home which is replacing the Mac mini (2014) as my desktop computer.

I just wanted to note that you still have trusted agents in play there, so "100% private" comes with caveats.

Digital Ocean is trusted to provide a trustworthy virtual server, and to not leak or disclose anything thereon to any other entities, such as government entities. That is, if you were to transfer unencrypted content of any kind to that virtual server, and Digital Ocean breaks its trustworthiness, either intentionally or accidentally, then that content has escaped your control.

You can decide that the stated risk is vanishingly small, but it's still there.

 

[S.B.G]

I just wanted to note that you still have trusted agents in play there, so "100% private" comes with caveats.

Digital Ocean is trusted to provide a trustworthy virtual server, and to not leak or disclose anything thereon to any other entities, such as government entities. That is, if you were to transfer unencrypted content of any kind to that virtual server, and Digital Ocean breaks its trustworthiness, either intentionally or accidentally, then that content has escaped your control.

You can decide that the stated risk is vanishingly small, but it's still there.

But would DO or a government have to break my SSH keys in order to gain access to the content stored on my droplet?

 

[chown33]

But would DO or a government have to break my SSH keys in order to gain access to the content stored on my droplet?

Not necessarily. There are attacks that can be mounted on virtualized environments, such as ZombieLoad:
https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling

Depending on what chips are being used, there might be other attacks. Spectre and Meltdown come to mind, but I could be misremembering.

A quick check for major public disclosures at the bottom of the EternalBlue wikipedia page shows me this one, where virtualized machines are vulnerable:
https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability)

 

[TheSkywalker77]

I never will fully trust a company with my info / privacy. I do, however, trust Apple a lot more than everyone else out there. They've made it very clear that privacy is one of their biggest concerns and it may have been what's held back Siri from further development. So for stuff like my photos and messages, sure, I'll put those in iCloud. Other than that though I'll stick to local storage.