iCloud for Windows Users Complain of Corrupted Videos, Photos From Strangers

[macduke]

Images from strangers appearing in Photo Libraries? are you ****ing kidding me?

Just when I was just starting to get comfortable with the idea of the cloud. Thought Apple had been really secure with it and was trusting it more and more.

Fortunately, I keep all of our "sensitive" content on an encrypted SSD with a strong password locked in a drawer.

 

[4nNtt]

Sounds like a bug reading from object storage. If true, this is a pretty significant mistake... iCloud Photos isn't end-to-end encrypted, so it is possible a bug could pull from other peoples photos. Hopefully the inverse of corruption spreading to random users photos isn't occurring or nobody is safe. Maybe time to look for a way to do local photo collection backups....

 

[freedomlinux]

Are you for real!?! This is 100% Apple fault. Apple is backend and Microsoft frontend in this story.

Don't feed the troll, some users comment without reading or thinking, just to get that first/early post. Simply ignore user & move on.

This is clearly a back-end issue as there is *nothing* a client should be able to do to access content belonging to another user.

 

[Wando64]

Don't feed the troll, some users comment without reading or thinking, just to get that first/early post. Simply ignore user & move on.

This is clearly a back-end issue as there is *nothing* a client should be able to do to access content belonging to another user.

Well, yes. But there is an assumption that the images seen are coming from other users in iCloud, when actually they could be images from the internet cache or other sources within the client environment.
I don’t really believe this is the case, but as unlikely as it might be it is possible nevertheless.

 

[4nNtt]

Are you for real!?! This is 100% Apple fault. Apple is backend and Microsoft frontend in this story. On top of this, Apple 1st party and Microsoft 3rd. A third-party frontend accessing unauthorized content from a firstparty backend is a big effing deal. It prove one thing, their architecture is garbage. This should be prevented by design so random bug doesn't trigger this. My feeling, they have a backdoor into iCloud and this bug exploit something around the backdoor.

This would clearly be on Apple's side. I suspect they are mishandling some sort of reference in to an object database.

 

[anthogag]

Who cares it's Windows. 🤮

 

[antiprotest]

Photos from other people? How is that even possible?

Apple makes unimaginable privacy and security blunders possible.

In any case, this is why it is criminal not to implement REAL end to end encryption. Our data should be encrypted on device and then stored in the cloud in encrypted form, and Apple should not have the key to decrypt it.

And users here keep saying "What do you have to hide?" EVERYTHING. We have to hide everything from everyone, including Apple, because criminals and hackers are not the only enemies to privacy and security. Apple is also the enemy.

 

[now i see it]

Maybe it was intentional

 

[vinegarshots]

Well, yes. But there is an assumption that the images seen are coming from other users in iCloud, when actually they could be images from the internet cache or other sources within the client environment.
I don’t really believe this is the case, but as unlikely as it might be it is possible nevertheless.

Nope, the partial images that were inserted into my corrupt icloud video downloads were definitely not anything "client" side. They were clearly someone else's personal images, and nothing that I've viewed on my PC before.

 

[grjj]

Sounds like a bug reading from object storage. If true, this is a pretty significant mistake... iCloud Photos isn't end-to-end encrypted, so it is possible a bug could pull from other peoples photos. Hopefully the inverse of corruption spreading to random users photos isn't occurring or nobody is safe. Maybe time to look for a way to do local photo collection backups....

Apple makes unimaginable privacy and security blunders possible.

In any case, this is why it is criminal not to implement REAL end to end encryption. Our data should be encrypted on device and then stored in the cloud in encrypted form, and Apple should not have the key to decrypt it.

And users here keep saying "What do you have to hide?" EVERYTHING. We have to hide everything from everyone, including Apple, because criminals and hackers are not the only enemies to privacy and security. Apple is also the enemy.

iCloud Photos ARE end-to-end encrypted: https://support.apple.com/en-us/HT202303

 

[vinegarshots]

Interestingly, the problem seems to be gone today from testing on my end. Although, that's not exactly reassuring, because the fact that this happened at all, even once, gives me great concerns. Where is my guarantee that this isn't some intermittent issue that can occur whenever?

 

[Nekomichi]

When the latest OS updates came out, I actually joked about this happening, thinking it would be way too ridiculous. Guess I was wrong.

 

[ericthered926]

Hidden photos also aren’t hidden in windows, they’re just part of the library. Could make for some very uncomfy situations…

 

[sleeping_ghost]

Interestingly, the problem seems to be gone today from testing on my end. Although, that's not exactly reassuring, because the fact that this happened at all, even once, gives me great concerns. Where is my guarantee that this isn't some intermittent issue that can occur whenever?

Can confirm, issue seems resolved as of now.

 

[coolfactor]

PULL THE CORD — NOW!!

Or — Don't Do Windows™.

If this is only happening with the iCloud for Windows client, then it suggests that it's a bug on the client side, and not on the server. If it was a bug on the server, we'd be getting the same reports from users of other platforms, namely macOS and iOS.

It's possible that the Windows client is sending a corrupt request and therefore getting corrupted results. I don't expect much else from Windows. Garbage in, Garbage out.

 

[iZian]

Nope, the partial images that were inserted into my corrupt icloud video downloads were definitely not anything "client" side. They were clearly someone else's personal images, and nothing that I've viewed on my PC before.

Edit: I’ve just seen comments saying resolved now so maybe can’t tell anymore
Would be interesting to see what’s actually inside one of these corrupted files though

I only signed up after reading this;
I’m wondering, technically, from the reverse direction what you’re seeing and why.
This is all purely speculative, and I might just be showing my lack of understanding about modern video encoding and file transfer.

Are you getting someone else’s still photos in your video or are you getting one of their I-Frames from one of their videos and then somehow nothing else so it renders as a still image?

I can’t understand how that’s possible: just getting one I-Frame and no B or P for it.

So let’s say it’s a HEIF encoded photo that’s in there, surely that needs more data to be a renderable I-Frame.

I’m wondering if it’s multi part download mess ups. Getting someone else’s part. Server side mess up obviously.

So; if you delete the local video and download it again; do you get a different video or picture each time?

 

[peb123]

??? You mean people have actually got iCloud for Windows to work?? Its never worked for me ever!

 

[MaxLt]

PULL THE CORD — NOW!!

Or — Don't Do Windows™.

If this is only happening with the iCloud for Windows client, then it suggests that it's a bug on the client side, and not on the server. If it was a bug on the server, we'd be getting the same reports from users of other platforms, namely macOS and iOS.

It's possible that the Windows client is sending a corrupt request and therefore getting corrupted results. I don't expect much else from Windows. Garbage in, Garbage out.

If ANY client can do that, it's a server issue. If a bug on a client allows unauthorized access to someone else's photos, a malicious third party could create a "buggy" (on purpose) client and go to town on other people's photos and videos. The server should not be allowing unauthorized access to someone else's photos regardless of client "bugs" - the client code can always be altered by someone. Also, operating system has very little to do with this. Even if the client is buggy, Apple chose to write a crappy implementation on Windows rather than Windows made it crappy. It's like saying the plate made your food unhealthy. There are some things that Windows may make more difficult to implement, but this is not it. GoogleDrive and OneDrive are problem-free.

 

[chrono1081]

Maybe it’s time for big tech companies to realize those who pass leetcode interviews don’t necessarily translate to good software engineers.

 

[DBZmusicboy01]

Tim COOK Needs to get Fired pronto.
This is extremely unacceptable out of like more than 10 different problems just this year alone for Apple.

 

[SnappleRumors]

Yes - catastrophic

But what level of catastrophic? Worse than SAP conversion catastrophic?

 

[No5tromo]

If this is true, that is probably the most epic privacy fail a tech company has ever accomplished. Way to go Apple!

I'm losing trust in Apple in so many ways...

 

[sirozha]

This is Apple Maps level bad.

Apple Maps has gotten descent. Check it out.

 

[LordDeath]

iCloud Photos ARE end-to-end encrypted: https://support.apple.com/en-us/HT202303

Nope. Just read the doc you linked.

Photos are encrypted in transit (only good against bad ISPs or unsecured public Wi-Fi) and at rest on the server, with the AES key to en- and decrypt also on their servers.

 

[iZian]

.

If this is true, that is probably the most epic privacy fail a tech company has ever accomplished. Way to go Apple!

I'm losing trust in Apple in so many ways...

Eufy gave access to your live security cameras and recorded video to other people