So how is it a lie? You just provided a great example as to why it’s not a lie.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Everything You Need to Know About Apple's New iCloud Encryption Feature
- Thread starter MacRumors
- Start date
- Sort by reaction score
Which is an assumption on your part, which you are entitled to make, but no where does Apple say they cannot remotely disable and re-enable the advanced protection.It sounds like that happens only when the user disables advanced data protection. That said, there can always be mistakes.
Furthermore, if the code exists to send the keys to Apple already, who knows what circumstances can cause that code can be activated and send the keys to Apple or someone else.
And no where does Apple say the government does not have access to that code. There are technical ways that can allow the government access to the keys even when Apple cannot. That way their marketing can go full steam ahead regardless of the reality.
How so, the keys are sent to Apple so yes they do have access to them. The code exists in the device, the process exists in the device and at Apple, only the claim that it only happens when the user does something. How do you know that there are not other ways to make this happen. Or how do you know that there is not other code that sends the keys directly to the government when requested. No one knows, this is why proprietary security is dangerous.
They don’t have the keys if YOU don’t securely upload the keys to them. That’s the point. Only you hold the key to do whatever you want with it.
The keys have to exist on any device as part of the process of encryption and decryption as I am sure you know.
You are right though, there is no guarantee that they are not being uploaded in the background. Opening sourcing the code is one option. Having people monitor the network is another option to see what is going on. Of course if they aren't targeting you right then, you never know what could be sent when.
Of course, one doesn't know if TSMC has inserted a back door into the chipsets without Apple's knowledge at the behest of <name the adversary: CCP, CIA, FBI, MVD etc> or via bribe to employee(s). Or if Motorola etc has in the network chips. Or if the display manufacturer's processor can detect the word "key" on the screen and then send via some backdoor a screenshot.
There are a ton of attack vectors, whether to trust Apple here is a personal choice.
It is certainly better than before.
I don't misunderstand the feature, and yes it does change. A hacker that can access my iCloud account one-way-or-another can read my Notes (as noted in the support note, you won't be able to read your own Notes by logging into iCloud anymore). A hacker that penetrates the iCloud backend could in some scenarios potentially access my encryption key and Notes, at least in theory. I'm sure there are more than a few Apple employees that can access anyone's iCloud data as well.
You say it's "exceedingly unlikely" that someone could hack iCloud storage. The thousands of companies that get hacked every year think and say the same thing. No developer or DevOps-er or IT-admin worth-their-salt is ever going to tell you to assume you will never be hacked.
There is no you in who owns the software.
They generated the keys, since its not your software neither your keys.
And the fact that you can't set your own custom keys is the loophole that guarantees keys ownership is always tied to the generator, aka the software, aka not you.
Last edited:
There is no time limit for making laws. The new Congress can also make a law. It doesn't matter if it rolls out now or later, it can still be illegalized in the future even if it's in use today.
At last, my vast collection of cat memes in the cloud will be secure and beyond the reach of any government agencies. 🐱
Exactly, and Apple still likely has access to the keys and/or a master key -- I haven't found any technical details of the implementation online (and may not). More marketing BS. I want to control my encryption keys.
Note that all devices signed into the same ID have to be running at least i*OS 16.2 / MacOS 13.1 in order to activate ADP, which may not be possible for some of us.
It is curious if you read the Apple iCould Data Security Overview , it says " Apple doesn't access or store keys for any end-to-end encrypted data." It does NOT say that Apple does "not have access to the keys". Curious wording don't you think?
It’s all or nothing, can’t choose to just encrypt the backups. Apparently they currently are encrypted at rest but Apple has the key.
You can make encrypted private backups right now by using Finder or iTunes and choosing to encrypt, then enter a password of your choosing. It’s not automatic but it is private and encrypted.
For sure.
It just makes it much more difficult. When you have millions of people using it and then you have to explain why you’re turning it off versus never having it in the first place.
Of course as Clapper and Brennan and their ilk have shown, they don’t care and if you are part of the security state apparatus, then no one else cares either. Perjury becomes no big deal. Bulk data collection of the entire country and the world? They don’t care.
Ditto for public opinion, privacy and liberty. Those are just inconveniences that get in their way in their quest for power.
In addition, see Backdoors in NIST elliptic curves for the government approved back doors. If this is the type of key generation used, then the government does not need the key itself.
The devil is in the details.
Apple MUST know that this will be looked at closely given the size of the ecosystem and importance of it. I hope they didn’t blow it.
So when Apple says that they won’t have the keys, that they’ll exist only on-device, they’re lying? That’s a material lie to shareholders and everyone else. You’re saying they’re knowingly subjecting themselves to a lawsuit? I’ve seen no legislation which would protect Apple for intentionally lying about subverting their security.
Apple is never going to implement Trust No One, that puts too much of a burden on their less technical users.
If you’re truly concerned about Apple having access to your private key, get a hardware token like an NFC Yubikey once iOS 16.2 comes out. Or use additional encryption on your iCloud Drive data so you can generate the key yourself. But don’t expect Apple to do that for you. Most users aren’t technical enough to do that correctly and responsibly.
Apple does not need your passcode to access your phone. Ever hear of carrier updates?
Oh come on. Everyone has known about that suspected back door for more than fifteen years. Nobody is saying that all curves are therefore insecure.
I think it's already the case, Republicans in the Senate tried stopping E2E messaging: https://www.cnbc.com/2020/06/24/gop...t-would-create-a-backdoor-for-encryption.html
These guys (Blackburn, Cotton, Graham) in red states always get reelected, but the more moderate members of Congress won't touch encryption with a 10 foot pole.
Well it seems like everyone for years already thought this was already encrypted, which is kind of scary, but good move for Apple. The explanation as to why it's not on by default seems reasonable too. Super good move for Apple, thanks!