As someone who has bought into that meme I will admit this feels like a pretty huge betrayal by Apple. So, yes, I think if Apple sticks with this, their whole privacy stance is going in the toilet now. And a very dirty toilet it is.
Beyond just the facts of not protecting data, there is also the deception. This is some really very, very, nasty stuff for Apple's brand and the reputation of every person who works at Apple. I don't know how to state it strongly enough.
Huge Apple fan until today... see my comment history... this is devastating for them amongst the sliver of their users who pay attention to this stuff. And they should realize that even though we may be just a sliver, we can lead other customers away from them if we want to.
There is a plausible argument that Apple needed to give a little in order to avoid the creation of laws against any encryption. And/Or also avoid laws that required a backdoor to everything.
I know I'm going to be called a fanboy or too generous to Apple, but given that the government has used every opportunity to call out Apple for not helping (when they have helped where they could) there is a line here that Apple is tip toeing around.
I also do not think this as bad as you are making it out to be. Apple has always been clear what is fully E2E encrypted and what is not. This article is about something Apple planned to do and decided against. The reasons are what's important and the article only speculates.
Sadly, I think you are absolutely correct. Lindsay said outright that either tech companies figure it out, or senate will do the figuring for them.
I am not sure Apple made the right move, but.. average person does not seem to care and/or understand the ikplications. Now.. Apple could make them care. They are big enough to make waves and I am not certain goverment could deal with bad PR come election time.
Sure, but if iOS was open enough, users who cared could use some third party online backup that was actually secure. And it could rely on an app that users could obtain, regardless of whether it was legal or not.
There's no way to legislate backdoors now. They tried and failed with Clipper.
The current status quo is good enough for the spooks. Zero regulation of data privacy allows third-party aggregators to do the desired collection activities without explicit government involvement. When they want something they know who to ask, warrant optional. Enacting laws that expose what the government is doing would risk a public backlash like the mass mobilization to deploy HTTPS.
What you say makes sense. Still, if that’s the case, then when they decided not to go down the user-is-in-full-and-absolute-control path for encryption of iCloud backups, they should have publicized it loudly and with extreme clarity on what exactly was happening and where the lines were. So that users could make informed choices.
They have never hidden how iCloud backups or anything else related to iOS security works. This support document spells out clearly what data is end-to-end encrypted [1]. No one was actually misled into thinking all iCloud data was E2E. For one, most of Apple's customers don't know or care about the technical architecture of their products and services. The people who do would have known better when you can go to icloud.com and access your photos and files from a web browser.
When the very first line of that table tells people that iCloud Backups are encrypted on the server... to then have the last few lines add effectively "Oh, but not end to end!" is just taking the piss.
You're absolutely right. They could have definitely misled anyone that didn't read the entire support article, including the first paragraph under Data Security:
>iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.
Technically telling the truth below the fold or in the fine print, while misleading consumers who only give the literature a glance. This is very typical behavior from a corporation, it shouldn't surprise us. Except that Apple's marketing team has managed to dupe a huge number of consumers into believing Apple 'thinks different.'
Typical users who may care about privacy were definitely misled by Apple's public pro-security and pro-privacy stances. I have family who fall into that category.
The difference between E2E and 'yup we're encrypted!' isn't understood by laypeople. Let's not do ourselves or the average folks out there a disservice by letting Apple off the hook for bad communication and the intentional misleading of users.
So it seems like the data are encrypted both in transit and on the server and it means that nobody is able to get unencrypted data even if they can intercept the traffic or access the server.
It has been known and talked about on HN for a long time that only certain things are E2E encrypted on iCloud. And, if full privacy was the goal, then either the user can only do local backups or no backups at all.
HN is among the most technologically-literate demographics in the world. Using HN as a control group to say that it's been 'known and talked about' is a bit disingenuous when we're the proverbial 1% who are in the know. Meanwhile, the other 99% are left trusting Apple's advertising.
Just to understand this better is it that Apple is misleading or the public is uninformed? Trusting 3rd parties should default to “others have access including law enforcement” behavior.
I don’t see how it’s a betrayal, as iCloud has never had E2EE, and Apple has never made any secret of this omission.
Did we really think that Apple was just so incompetent they could run online file services for 20+ years and have almost a billion users, and not have encryption only because they hadn’t figured it out yet?
Yeah, but what are the reasonable alternatives? Android, with its freewheeling stance on privacy and app permissions? Do they even let you disable location tracking any more?
Depending on what functionality you're willing to give up, an Android device can pretty easily be used as a more private option thanks to the latest iteration of Google's privacy settings.
If you're willing to root your device, you can have the best of both the functionality and privacy worlds.
That only applies to motivated and reasonably tech savvy users of course, out of the box iOS is still the better privacy option.
My favorite apple deceptive practice: allowing you to think you have disabled Bluetooth, when all you have disabled is Your Own ability to use it. Merchant partners of apple can use it to finely track you.
> Do they even let you disable location tracking any more?
You're confusing iOS with Android. On iOS, every time you get your location, that location is also sent to Apple, and there is no way to disable this. Android's collection of this data is gated by a checkbox that is shown to every user on device setup.
Last time I used android there as no option for disabling location tracking as they had removed it a few major versions prior. Instead you had "enabled" and "kind of disabled, but not really" options
I have used Android devices since 1.0. They have all had the ability to disable location history and the ability to disable Google Location Services (under various names). Apple doesn't even give you the option of not sending GPS locations to Apple. If any app requests your location, Apple gets it too. https://support.apple.com/en-us/HT207056
> That’s just not enough for disabling it on Android.
Citation needed.
> I am working with androids even before 1.0, but does this really matter?
It matters if I am claiming that there is no point at which GGP's statement was true, which I am. If I am not, GGP could say that the version of Android he used "last time [he] used Android" did not allow him to disable location collection and that it predates my experience with Android's location settings.
Practically speaking there is no privacy in the digital world, unless you're willing to go full Stallman, or abandon modern society and go live in a mountain shack somewhere, and even there you'll have dozens of Starlink satellites overhead pretty soon.
The best you can do if you're technically inclined is to use open source as much as possible (AOSP, postmarketOS, PureOS, etc.), minimize use of untrusted software and services (from all major corporations, no social media, no proprietary software in general), use network-level ad blockers, Tor if you think it helps, VPNs, encrypt everything, etc. And you'd still be tracked and profiled.
If you're not technically savvy, forget about it.
In either case if privacy is really a concern vote to elect politicians that are willing to enact laws that regulate the way companies can use personal data. Though considering both companies and governments benefit from the status quo, I don't foresee things improving in the near future, barring some kind of revolution where the majority wakes up, which is also unlikely. If the Snowden revelations didn't do it, I doubt anything will.
Honestly I didn’t realize icloud backups were encrypted by a key Apple controls. I assumed they leveraged the same key sharing tech as iMessage ...
I’m turning off iCloud backup — the only reason I have it on actually is to turn off the annoying backup nags. My photos are in iCloud, and so are my messages - I actually can’t think of anything valuable outside of those that I’d actually need iCloud backup for ...
I have not bought into the meme and am not a huge Apple fan, but I think you can continue to if you wish. "Reuters could not determine why exactly Apple dropped the plan." It's possible that Apple didn't want the support costs of dealing with customers who lost/forgot whatever secret was to be used for encryption, and thus would have been unable to use their backups.
Beyond just the facts of not protecting data, there is also the deception. This is some really very, very, nasty stuff for Apple's brand and the reputation of every person who works at Apple. I don't know how to state it strongly enough.
Huge Apple fan until today... see my comment history... this is devastating for them amongst the sliver of their users who pay attention to this stuff. And they should realize that even though we may be just a sliver, we can lead other customers away from them if we want to.