You are too much relying on "common knowledge" or responsibility the usual user is capable, "charging" on his/her own shoulders....
Too many of them are not really knowing, what they are doing.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
EFF Calls on Apple to Let Users Encrypt iCloud Backups as Part of 'Fix It Already' Initiative
- Thread starter MacRumors
- Start date
- Sort by reaction score
You are too much relying on "common knowledge" or responsibility the usual user is capable, "charging" on his/her own shoulders....
Too many of them are not really knowing, what they are doing.
There are ways to make sure the user is making a fully informed decision. Lots of warnings, require used to acknowledge in a meaningful way, allow them to change their mind for the first week, etc.
Dude, you’re a beer. You should know all about memory loss.
For sure. On device private keyed encryption is the way to go. And it is important to do it sooner vs later. Of course make it optional so that if you don't want it, you don't use it.
Proper 2FA on your primary email is a must these days. If you're primary email is compromised, you have a lot more troubles than just LastPass.
LastPass emails you and send you a notification in the app whenever one of the appointed users asks for access. If you login to your account within those 15 days, that is the same as denying the request as its proof you're not dead/incapacitated. I login to LastPass everyday, so I really don't see how it can be abused.
There is a relatively high cost for a will, and most young people don't have them. Also, updating a will every time your main password changes unreasonable.
Keeping your master password in a safe or lockbox seems less safe to me. I'm sure my home safe is less secure than my 2FA-protected email.
Most of all, I trust the people I designated. The designations are not permanent, I can remove them should I suspect they aren't trustworthy anymore.
The criminal element will just not turn iCloud backup on so everything will be encrypted on their iPhone.
If Apple doesn't do this, the criminal elements AND wants to use iCloud backup, they will use some other method of encrypting their data to communication their nefarious plans while leaving the rest of us unprotected from that same criminal element.
No there doesn’t. You can make the same argument to give the government access to your every thought 24/7 “to stop bad guys”.
I can keep an encrypted backup of my device on my own computer through iTunes. It’s literally the same thing except stored in the cloud. Why should access to it be any different?
Well you could forget your iCloud password but still have access to everything on your local computer so long as you remain logged in, which could be all the time for a single-user computer. Then one day your SSD fails and bang everything is gone forever.
I wonder how ‘pass through’ data is handled. Like when you do something in notes and it is synced to your other devices. Is this data end to end encrypted? The most recent data has to live in the cloud.
Who tf do these people think they are, Apple and others just laugh at them trying to tell them what to to, these companies have bigger problems to deal with than giving in to these lost of demands by an organization that really hasn’t done anything. People need to start acting like adults, take responsibility for their passwords and stop relying on tech companies to hold their hand though life.
You should always have one local and one offsite backup of your mac. iCloud is a syncing service, not a backup service. You cannot store things in an encrypted folder and let iCloud sync the metadata and it's binary because doing so would compromise performance as software encryption is a very expensive process. Mac can natively encrypt everything, because of T2 coprocessor. Encryption is done at a hardware level in real-time.
The second problem is, you still need access to that folder. So you have to mount the folder to macOS, then it is vulnerable once mounted. iCloud may start to sync the decrypted content when you are using it.
The best practice is:
1. have the user strong one key in some form, then come up with a very low entropy passphrase. This passphrase can be the name of the bakery you bought your wedding cake from or the last name of the first girl/guy who broke your heart, etc.
2. then Apple take one copy of the key and hash it with the low entropy passphrase
3. Let the user choose a photo from a dynamic set of photos
4. Double hash the hashed key with the signature of the photo
5. Apple stores the double hashed key, encrypted with Apple's database server private key
6. Apple double encrypt the database server private key with a rotating short lifespan private access key
So:
Users can access the data directly because they have the key.
Apple can restore user data because they have the key.
Apple cannot access user data because Apple has the key, but Apple cannot read the key.
The user can restore the key by choosing the right picture in a dynamic set of pictures, then key in the short low entropy passphrase.
The key can be used to decrypt data on iCloud.
The user can reset the password or whatever way he is keeping the key. Usually, you use a secure password to encrypt the key and store the hashed key. You don't just store the key because it is very very long and not secure laying around. Also if you change the password, you only need to encrypt the key, if you use the key directly, and you change the key, you need to re-encrypt everything all over again.
Thus, no one but the user can access the files, and there is a backup way of obtaining the key if the user wants.
But that's how it is today with FileVault, which anyone that cares about file security would have enabled. I don't see how encrypting iCloud would change anything.
I've always wondered why the U.S. government had throttled back their full on attack for full access to everything and come to the conclusion that with Apple's current iCloud setup they can access what they want when a judge says so with a warrant and are probably good with that (they already have that with Google / Microsoft / Facebook). So yeah I also wonder what would happen if Apple closed this access point off.
That said an opt in for it is a good idea. I back up locally just because I always have and its encrypted...but iCloud auto backup is easier and better in alot of ways.
People can still do iTunes/local backups if they are worried about losing their device or forgetting a password.
This is about apple not being able to view customer private data. It should be encrypted on the iPhone before uploading.
Why, no-one is (that) important, we're just a blip in time, move on.
------
Apple can't search and learn from it (Siri for instance) if the data is encrypted on Apples server.
I'd like to see all iCloud services go end-to-end encrypted where technically feasible. I think the best way to implement this would be to enable the feature on all accounts, but add an optional feature (enabled by default) where the account key can be escrowed with Apple. This would allow for Apple to provide password resets for the masses, while allowing more tech-savvy users to retain full control of their key. I believe such a thing is already in place for iCloud Keychain.
I refuse to use any storage service where the data isn't encrypted with a key under my control and not in the provider's possession. Doing otherwise means you're at the mercy of whatever processes the provider has in place for authentication. If those processes are broken, you're in trouble; see the Mat Honan story for one example. (Apple has probably tightened their security processes since that occurred in 2012, but the point remains: I don't want to rely on Apple or any other provider's authentication processes. And besides poorly-trained CSRs with too much access and poor policies, there are other potential threats -- such as an external compromise or even compromised employees -- when the provider has access to unencrypted data.)
I refuse to use any storage service where the data isn't encrypted with a key under my control and not in the provider's possession. Doing otherwise means you're at the mercy of whatever processes the provider has in place for authentication. If those processes are broken, you're in trouble; see the Mat Honan story for one example. (Apple has probably tightened their security processes since that occurred in 2012, but the point remains: I don't want to rely on Apple or any other provider's authentication processes. And besides poorly-trained CSRs with too much access and poor policies, there are other potential threats -- such as an external compromise or even compromised employees -- when the provider has access to unencrypted data.)
I hope you have a last will telling your family the passwords they need to access the photos, savings, insurances, bitcoins and so on after you die. It's like with backups, we all need to do it but just a fraction of people actually do.
Would you share those? Every time I have to change a password at work shortly before going on holiday, the first thing I have to do after coming back two weeks later is requesting a password reset unless I wrote it down somewhere.
Buy tomorrow's newspaper take a page with lots of text and frame it. Select an article and let's say pick sentence 15. That's your password. The "painting" on the wall won't lett you forget the password. All you have to do is remember the sentence number. Worked for me for years.
I have unique, extremely strong passwords for dozens of sites and accounts, important ones that I try to change frequently. Unlike my avatar, I don’t have an eidetic memory nor do I have the time I would need to devote to keeping them in my memory. Especially since technology has already provided an adequate solution.