Some have speculated that with the introduction of the PSI/CSAM system Apple will enable E2EE backups. Given the lack of an explicit statement on Apple's part and their history regarding E2EE backups (this article, and other statements). It seems really unlikely to me that Apple will enable E2EE backups.<p>Under E2EE, assuming the device key is randomly generated, if you have one device (as many users do) and you lose that device you would lose all your data. The alternative is the key is derived from your iCloud password, in which case, if you forget your password, you lose all your data.<p>Right now, you can browse your photos online. There's been no statement that this is going away. Implementing this functionality with E2EE backups seem highly problematic.<p>These are huge changes to iCloud functionality that Apple would surely announce...<p>There are many open questions. And given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.
This really is something Tim needs to address before he again stands on stage and give lip service to Privacy with a capital P.<p>We also need hardball journalists to start asking Tim these tough questions instead of fawning over AirPods<p>And we need employees to start demanding this internally
I was patiently waiting for the M1 16in MacBook Pro to come out. After reading all these revelations, I am now considering not buying the new MacBook Pro and instead, just stick with Linux.
These people really hate you and think low enough of you that they feel they have a right to rummage through your personal belongings anytime they wish. America feels like its over. The dream is dead. The supreme court full of weak people that will rubber stamp the rot. People feared AI, and they got laughed at. But its literally AI bots manufacturing consent on twitter and social media to this authoritarian slide.
In the first half of 2020, Apple gave data on over 31,000 users/accounts based on FISA requests National Security Letter requests[1]. Apple provided data to the government's requests roughly 9,000 times.<p>About 85% - 92% of the time, according to Apple, they responded to data requests from the government with the data that was requested.<p>I don't see why Apple would turn about face and make it impossible to respond to the requests that they choose to respond with data about 85% of the time.<p>[1] <a href="https://www.apple.com/legal/transparency/us.html" rel="nofollow">https://www.apple.com/legal/transparency/us.html</a>
I'm actually curious, are they allowed to encrypt backups if FBI requested them not to? I thought as American company you have to comply with the law as well. Not sure though<p>Edit: damn downvotes, is this reddit? I'm literally asking because I don't know. nothing is controversial here
If anyone is curious of what data Apple have on you, you can request it via their website.<p><a href="https://9to5mac.com/2018/10/17/request-your-personal-data-from-apple/" rel="nofollow">https://9to5mac.com/2018/10/17/request-your-personal-data-fr...</a><p>Note that this won't include certain categories that are stored unencrypted on Apple servers, for example iCloud backups and other data in iCloud (files, photos, calendars, contacts, etc).<p>I was quite surprised to see that even excluding all the data they (often) have from peoples iCloud accounts, there is still a bunch of stuff they collect.<p>Aside: I really wish Apple would spend more time on end-to-end encryption, for example of iCloud calendar and contact data as well as (obviously) the backups.<p>They should also have developer guides for app developers, on how to build it into apps: common patterns (group E2E patterns, multi-device E2E, open-source data sync servers that apps could use to arbitrarily synchronize E2E encrypted data between devices, etc).
There's a way to make fully encrypted backups of your iPhone locally, check out my blog post from my self-hosting series:<p><a href="https://www.naut.ca/blog/2020/03/20/self-hosting-series-part-4-backup/" rel="nofollow">https://www.naut.ca/blog/2020/03/20/self-hosting-series-part...</a><p>This works well on Linux, and iOS 14. You can skip to the section `Compiling idevicebackup2`.
> However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.<p>Sounds more plausible to me.<p>Most of Apples customers are normal end-users, I can see how loosing access is worse for them as compared to data being available for a search warrant.<p>I suspect "risk of loosing the key" vs "risk hackers get access to the backup" is really what you want to weight here.
That is why apple could take such a strong stand point when the FBI asked to crack the device itself some years ago.<p>Your device has become nothing more then a portal into their cloud and ecosystem. Where the fbi pretty much has free reign.
Every time I see one of these stories I wonder why the government has a seat at the table to decrease our rights. We currently have the right to encrypt backups. Why is the government lobbying to take that away from us? This is a right the government should be protecting for us, instead of stripping away.<p>An enforcement agency should never be advocating against the rights of the people.
Local encryption of backups is very easy. I could code a basic implementation in an afternoon that would lack sophisticated security features but would be "correct" and far better than nothing.<p>There's software out there to do it, but it tends to be geeks-only FOSS tools or obscure "advanced" settings in backup engines on things like NAS devices. None of those things are mainstream.<p>The fact that a feature like this doesn't come built into things like Dropbox is puzzling until you consider that large companies have probably been heavily pressured against mainstreaming this kind of encryption. The absence of encryption as a standard option (even if not the default) in things like remote storage, cloud file sharing, and e-mail tools can really only be explained this way since I know for a fact that some percentage of business users would love it.
The answer is simple. Disable iCloud/iMessage, backup/restore your files the old fashioned way, and use Telegram or something for messaging. Don’t even opt into any of the ways they can spy on you.<p>iCloud and iMessage suck anyways, you aren’t really losing anything of value
"Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in." [0]<p>So hypocritical.<p>[0] <a href="https://www.apple.com/privacy/" rel="nofollow">https://www.apple.com/privacy/</a>