I agree, but what I said was that we do not know what key generation code is being used. While some people might know about this particular backdoor it was just an example and it is still today a NIST standard with support in some popular software.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Everything You Need to Know About Apple's New iCloud Encryption Feature
- Thread starter MacRumors
- Start date
- Sort by reaction score
I was able to activate it. It says it's active now on all my devices that were updated. The older ones I couldn't update are signed out of iCloud and can't be signed back in as expected. This article says it won't be working until the end of the month so I'm not sure if it is really working now or not.
At the end of the day, using any type of computer requires a level of trust by the end user about how the machine being used will work. I happily **** on Apple for many things, but when it comes to this topic I have enough trust in Apple that if they say this is E2E encrypted and it's implemented the way they are stating, then I feel my data is protected to the level that I need it to be. Maybe there's some loophole that allows a TLA into my files, but that's beyond my threat assessment.
If you think this is curious wording and don't trust what Apple is offering, there's plenty of other options for secure computing that you're free to use.
Sounds reasonable. For myself, I just think Apple can and should do better instead of selling us out to the government and pretending they are not. If Apple had better security they would state so, it is after all part of their brand. But they don't, so they spend on marketing to cover that fact up. Me, I just don't like being misled. I guess others don't really care to know how much they are being misled.
Support for security keys...Finally. I was surprised it took them this long to implement it.
I think that locked notes are already E2EE?
I do hope that Apple closes all the gaps in iOS 17 as we'll all need to refer to its security table re. what and what is not encrypted
(I don't think that iCloud shared documents will be encrypted in 16.2 for example).
There's no evidence of truth for any of the statements you just made, about being misled about what's being offered, or that your data is being handed to the government in some secret backdoor. You're not part of some enlightened few that know "what's really going on", you just sound paranoid.
Generally when the people like something and governments are upset about it, it's a good thing.
Normally I'm down for telling Uncle Sam to piss out and get out of my business.... but I also don't like creating a utopia for child pornographers and terrorist plots either.
"Pedophiles prefer iPhone"
Um, lawmaking doesn't work that way. Things are made illegal all the time that were legal yesterday or restricted. Menthol cigarettes in California, flavored vape juice....
PS. Almost every congress and senate are lame duck's after a party change in the white house. A Lame Duck President on the other hand almost never happens, nor does the ousted party during a lame duck session not usually sweep and take majority stakes on both sides.
I was just considering the lack of privacy within my Instapaper account, same with my defunct Pocket account, when I read the iCloud E2EE news.
It's not mentioned specifically (though Safari Bookmarks are mentioned) but I'm curious if Safari's Reading List feature will also get E2EE. I suspect it will but will have to wait and see. If so, I'll likely stop using Instapaper since I really only use it as read-it-later storage and a convenient way to automatically move content into the Voice Dream Reader app.
Reading List can be my read-it-later storage and I'll figure out another way to get articles into Voice Dream; manually is not a big deal for me.
It's not mentioned specifically (though Safari Bookmarks are mentioned) but I'm curious if Safari's Reading List feature will also get E2EE. I suspect it will but will have to wait and see. If so, I'll likely stop using Instapaper since I really only use it as read-it-later storage and a convenient way to automatically move content into the Voice Dream Reader app.
Reading List can be my read-it-later storage and I'll figure out another way to get articles into Voice Dream; manually is not a big deal for me.
If you have HomePods or Apple TV’s, you cannot enable the feature unless you remove those devices from your iCloud account or wait until release versions of all of the OS’es come out. Final releases usually come a few days or at most a week after the RC, so I’d wait until all the releases are out.
Legislation does indeed work that way at least in the US. I never said anything like you said about things not being made illegal later, please reread it. The point again is: it is much easier to shut it down before it rolls out than after it rolls out, and Apple did a good job by not telegraphing this move with a lot of time to get the opposition organized to stop it.
After the fiasco of
Evernote and readitlater, and most journal apps, Notes has been indispensabl, i whole heartedly agree
Excellent to see encryption. Expecting a speedy rollout across the world in a short time.
Not sure if you know, but inside Keychain there is an option to store secure Notes, which has been part of macOS for ages...
The article is misleading, all data on iCloud is already encrypted. What’s changing is that now you can make it so apple servers don’t store the decryption keys for your data, aka: end to end encryption. They should clarify this in the article because now it sounds like they used to store all your data in some easy viewable form…
You are really overthinking this. I appreciate privacy, especially from government eyes, as much as anyone else, but the reality is they are already able to get around E2E encryption if you're truly a target. The Pegasus flap is undeniable evidence of that. If you think NSO was the only player or even the biggest, that alphabet agencies have at their disposal, then think again. Odds are very good we don't even know of their most powerful tools yet. And if your concern is that a government can remotely deactivate ADP so as to get to your data, you should realize that if the can do that, they already have access to your data right from your phone.
You're never going to stop every attack vector or plug every security hole. Vigilance is good, but it should be aimed at what is truly effective, not channeled to paranoia towards Apple about things Apple cannot control. The fact is that for most users, this is a step forward in terms of security and I applaud the move by Apple to do it. It also highlights why Apple a year ago wanted to scan photos on-device before upload, which I did and still oppose as an overly intrusive breach into peoples' personal privacy.
If Apple can't access your keys, then they can't hand them over to anyone, and it's doubtful Apple has code established to remotely disable this encryption, but time will tell. Even if they don't, someone else like NSO will come up with a way and governments will find ways to exploit it on targets of interest. The only sure way to prevent that is (A) don't make yourself stand out as a potential target, and (B) don't use your phone for sensitive (legal or not) or illegal purposes.
Even if you don't use your phone for those things, utilize the speed bumps at your disposal to protect your privacy because even if they aren't foolproof, they can still deter certain actors based on perceived cost/benefit ratio. Similar to locking your front door so thieves will move on to look for the unlocked door unless they are certain picking the lock or breaking down your door is worth the risk and effort.
If they don't access or store keys, how are they to "have access" to said keys?
Last edited: