Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Interesting that this feature wasn't just behind a feature flag or geo-based rollout. I wonder if there was additional functionality required for this that is unique to how it's implemented in the US.
 
I’ve had it enabled since launch day in the states and aside from having to sign out of iCloud on my ancient Mac mini, there has not been a single downside. And I am all-in on iCloud, I use drive for my files, photos, Apple Music, you name it.
Yeah, it will be a bit before I can switch this on.
 
Not good, they are still able to implement the controversial CSAM by having file checksums and the metadata, the Advanced Data Protection is half baked and still allows Apple to do privacy abusive stuff.


Encryption of certain metadata and usage information​

Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage — all without having access to the files and photos themselves. Representative examples are provided in the table below.
This metadata is always encrypted, but the encryption keys are still stored by Apple. As we continue to strengthen security protections for all users, Apple is committed to ensuring more data, including this kind of metadata, is end-to-end encrypted when Advanced Data Protection is enabled.

Apple still stores the encryption keys am I understanding this correctly. So if Apple receives a court order what happens next? Curious question.
 
  • Like
  • Disagree
Reactions: max2 and kitKAC
Apple still stores the encryption keys am I understanding this correctly. So if Apple receives a court order what happens next? Curious question.
Apple doesn't store the encryption key of your files on their servers, if you have Advanced data protection on. The poster was posting about metadata, which is file name, date, time, and hash of the file. None of that, including all of it put together, can be used to recreate the file, you need the key which will be on device.

Law enforcement wants your actual files, so Apple will be unable to provide the files themselves without you decrypting it, but they could provide the name, date, and time of a file (hash won't mean anything, it just means they could positively ID the file if they have the file itself. Hash goes one way).
 
Apple still stores the encryption keys am I understanding this correctly. So if Apple receives a court order what happens next? Curious question.
Once it’s E2E encrypted, it’s encrypted, all they can do is handout or use the “half baked encrypted” metadata and file infos against you, but not directly the content itself.

Anyway, let’s say you’re from some shady regime country and downloaded an anti dictator photo to your iPhone and Apple is forced to handover all your existing data.

Well, in that case they could find this out by comparing file hashes to other anti dictator photos from the web and make you disappear once they get a checksum hash hit.

I bet Apple is not using md5 which makes a hash collision very unlikely. The authorities can be certain that you own exactly the file they searched for. They can even simplify the search further, because it sounds like Apple also stores the file type readable.

I say that the half baked encrypted contacts, mail and calendar is made on purpose, so authorities have a way to track down your social radius and activity and also find out with who you dealt with, good for something like e.g CSAM working quietly in the background on Apple servers.

It’s not rocket science to encrypt these kind of things, too.
 
Last edited:
Ignorant on the subject here…but with this increased protection, does it come with any risks for data recovery, like losing/breaking your phone, or anything like that?
 
  • Like
Reactions: max2
Have there been any reports of data loss or glitches with this?

I have about 700gb of photos and data in iCloud (plus 400Gb of device backups) in iCloud. I have it all backed up elsewhere, but if something went wrong, restoring over 1TB of cloud data would be a royal pain, so I thought I'd leave advanced data protection off for a few weeks/months until all the bugs have been worked out.

Is it safe to go in the water yet?
 
  • Like
Reactions: mirv, mhnd and max2
Any downsides to enabling this? Like in the event of a device loss and you need to restore from iCloud backup, could you be unable to access? I suppose you would have to lose all of your devices to lose the keys?
 
  • Like
Reactions: whatgift and max2
Ignorant on the subject here…but with this increased protection, does it come with any risks for data recovery, like losing/breaking your phone, or anything like that?
If you lose your phone, you can use other Apple devices signed into your iCloud. If you lose all your devices, you need your recovery key ( they have you make one when setting it up). If you lose your devices and your key, you’re doomed, you’ve lost your backups.
 
  • Like
Reactions: max2 and GabooN
The source for the announcement is to Privacy International’s tweet. While I appreciate their work, and have no reason to doubt them per se, perhaps the article should link to an actual Apple announcement about rolling this out globally in 16.3?
 
Last edited:
  • Like
Reactions: mhnd
Am I the only person here that suspects they did the same thing that they did with AT&T? - just hired someone from the G0 V as an “Apple Employee”, so that they can manage the encryption for the G0 V, and say it was an “Apple employee” that did it?


I don’t trust anymore.
 
Once it’s E2E encrypted, it’s encrypted, all they can do is handout or use the “half baked encrypted” metadata and file infos against you, but not directly the content itself.

Anyway, let’s say you’re from some shady regime country and downloaded an anti dictator photo to your iPhone and Apple is forced to handover all your existing data.

Well, in that case they could find this out by (1)comparing file hashes to other anti dictator photos from the web and make you disappear once they get a checksum hash hit.

(2)I bet Apple is not using md5 which makes a hash collision very unlikely. The authorities can be certain that you own exactly the file they searched for. They can even simplify the search further, because it sounds like Apple also stores the file type readable.

I say that the half baked encrypted (3)contacts, mail and calendar is made on purpose, so authorities have a way to track down your social radius and activity and also find out with who you dealt with, good for something like e.g CSAM working quietly in the background on Apple servers.

(4)It’s not rocket science to encrypt these kind of things, too.

1. Wrong. It would be extremely easy to make this completely impossible... by simply introducing other data (signature, key, specific user data, etc.) when calculating the checksum of the file(data). Even if the files are the same, by adding extraneous data the hash becomes unique to that users copy of the file.

2. Of course you would. And I'd bet you'd be wrong.

3. Yes, it is on purpose and Apple even states why... they are standards based data sets that might need to be accessed by or shared with 3rd party services and software. (For instance accessing to your iCloud email account in Outlook on a PC.)

4. Correct. It would be extremely easy to completely encrypt everything... and by doing so you make any features or services that require that minimum of information completely useless to the end user. There's an extremely fine line Apple (any service provider) has to walk to ensure privacy and security and also provide some convenience in either organization and/or automation.
 
Last edited:
  • Like
Reactions: fredrik9
it also forced obsoleting of ALL old hardware they won't let run OS 13.2+ or iOS 16.2+.

My MBP 2016 stuck on OS 12.6.x must be removed from my iCloud account to enable this feature :mad: - go try it.

so that means at least apple apps on that mac won't get updates AFAIK, OS security updates probably for another year.

maybe there is installer patcher, but having done that with a old intel tower thats now long gone, it was always a house of cards waiting for some OS update to mess the machine up.

Yep. I had to drop a Mac mini (2012), an iMac (2009) and my original iPhone SE (2016) from my iCloud account to enable ADP. All of which I still use. So I need to weigh which I need more... ADP or iCloud account access on those devices?

workaround:
Just created an alternative iCloud account for those devices, so they'll still get updates. And added the new account to "Family Sharing" so I also have access to services and content on those older systems. That'll work for now.
 
Last edited:
Including mainland China?🤔
200.webp
 
Once it’s E2E encrypted, it’s encrypted, all they can do is handout or use the “half baked encrypted” metadata and file infos against you, but not directly the content itself.

Anyway, let’s say you’re from some shady regime country and downloaded an anti dictator photo to your iPhone and Apple is forced to handover all your existing data.

Well, in that case they could find this out by comparing file hashes to other anti dictator photos from the web and make you disappear once they get a checksum hash hit.

I bet Apple is not using md5 which makes a hash collision very unlikely. The authorities can be certain that you own exactly the file they searched for. They can even simplify the search further, because it sounds like Apple also stores the file type readable.

I say that the half baked encrypted contacts, mail and calendar is made on purpose, so authorities have a way to track down your social radius and activity and also find out with who you dealt with, good for something like e.g CSAM working quietly in the background on Apple servers.

It’s not rocket science to encrypt these kind of things, too.
About the only thing is use iCloud is for is password manager and I hope those are no knowledge E2E.
 
Apple doesn't store the encryption key of your files on their servers, if you have Advanced data protection on. The poster was posting about metadata, which is file name, date, time, and hash of the file. None of that, including all of it put together, can be used to recreate the file, you need the key which will be on device.

Law enforcement wants your actual files, so Apple will be unable to provide the files themselves without you decrypting it, but they could provide the name, date, and time of a file (hash won't mean anything, it just means they could positively ID the file if they have the file itself. Hash goes one way).
How exactly are they positively ID the file? Are they using for example iPhone built-in metadata etc. What happens if someone changes the metadata is it still recognizable to some database.

Does E2E mean anything if it’s not zero knowledge?
 
How exactly are they positively ID the file? Are they using for example iPhone built-in metadata etc. What happens if someone changes the metadata is it still recognizable to some database.

Does E2E mean anything if it’s not zero knowledge?
If you have the file, you can compute the hash and compare the hash. All you will know is that it was the same as it was uploaded or not the same.

When the file gets backed up the hash value gets updated. Presumably the hash is there just to know to upload the file or leave it as it is unchanged if hashes match.

Yes, E2E means a massive amount. Metadata means very little. It’s there to make backups faster and easier on the system.
 
Can someone please explain what feature of Mail, Calendars, and Contacts that make it not possible to include in Advanced Data Protection?

Proton Mail has provided all three of these for years with no access to user data. (Yes, I know the SMTP servers can see incoming and outgoing mail but this is not the same as having the keys for data at rest.)
 
Including mainland China?🤔
I read somewhere, maybe even here, yes. I remember b/c I was very surprised and still not really sure I believe it.

Someone suggested China traded this for nerfing AirDrop in China. (I am obviously just repeating someone else's unsubstantiated speculation so take it as you will.)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.