A better headline - users willing to give up privacy for convenience.<p>Reality - there was a period where the icloud backups created backups that apple did not have access to. Critically, this mean that if you had any of a wide variety of things happen - unless you were very good about key management - your content was lost for good. ALL your photos (which could be heartbreaking) etc.<p>It turns out this is NOT what people want. They want apple to have access to their content, so when they have a device stolen and don't have a super long recovery key properly saved, they are not hosed.<p>Same issue BTW with bitlocker on windows. People DO NOT save those recovery keys, even if they should. Microsoft added a way to force a backup into an account admins and others would have access to, thank goodness, because otherwise users there would be hosed as well.
I'm continually surprised that people can't seem to understand E2EE. For whatever reason they assume it means a message is encrypted forever and unreadable by anyone.<p>There is zero guarantee from <i>any</i> E2EE system that the data is encrypted at rest by the sender and receiver. In fact in most cases, the data is <i>not</i> encrypted at rest because people want to do silly things like read messages.<p>The exact same vulnerability exists on every platform that's automatically backing up local data to <i>the cloud</i>. Even if <i>you</i> disable cloud backups you're still stuck if whoever you're messaging has left them enabled.<p>The only meaningful way around this hole when it comes to messaging apps is row-level encryption on the backing store. This has a lot of problems of its own and potential holes when it comes to indexing and searching.
… if you back up your device to iCloud. (Of course, almost everyone does.)<p>Apple was apparently going to close this loophole, but decided not to. They probably received negative feedback from the three letter acronym agencies.
Similar discussion 9 days ago on the thread <i>Apple urged to drop plans to scan iMessages, images for sex abuse</i>: <a href="https://news.ycombinator.com/item?id=28233200" rel="nofollow">https://news.ycombinator.com/item?id=28233200</a><p>Perhaps we need a new term, other than <i>E2E encrypted</i>, to close the door on 'loopholes' such as the provider managing your keys.
These Apple privacy ads [1] are not aging well and they aren't even old.<p>[1] <a href="https://youtu.be/lHcf9ZkJ28o" rel="nofollow">https://youtu.be/lHcf9ZkJ28o</a>
The post has been deleted, here's an archive link...<p><a href="https://web.archive.org/web/20210827045159/https://old.reddit.com/r/privacy/comments/pcb3ej/a_timely_reminder_that_apple_can_read_your/" rel="nofollow">https://web.archive.org/web/20210827045159/https://old.reddi...</a>
Without reading the post I assume it's talking about iCloud backup (which is on by default) backing up your raw messages with just an Apple encryption key? That's well documented and makes sense as a default functionality - average users would be too prone to losing their data if data weren't backed up without E2EE.
Doesn't Apple simply happen to be both the chat provider and backup provider, so Apple-A does the E2E encryption and Apple-B sees your backup because you sort of want that?<p>And people worrying about the other end of the chat... come on, you talked to them in the first place. They can forward anything, even if it's via Signal.<p>The entire story is just hilarious and memeable. Users want backup; Apple open up the gate. Users want E2E; Apple shut up the gate. Users want iCloud recovery; Apple partially open the gate.
I find this acceptable. My threat model includes pickpockets and nosy siblings. It doesn't include nation states and highly sophisticated attacks.<p>If the government wants to look at my data, and has gone through the proper channels to do so, I believe that, generally, that system will protect me from a consequential privacy intrusion. It's not a perfect system, but I believe the benefits of the power of subpoena are worth the costs, so I'm happy to participate in it.
Another reminder that if you sign out of your device Apple will forcefully turn on all iCloud switches upon next log it. <a href="https://news.ycombinator.com/item?id=28285567" rel="nofollow">https://news.ycombinator.com/item?id=28285567</a>
I’ve always disabled cloud backups. They don’t really serve much purpose anyway since it’s just settings and to me settings are less valuable than content. I can easily set my device up again from scratch - in fact I like to do that every now and then to get new defaults or see how UX has changed.<p>If you connect your device locally you can, just using Finder, make an <i>encrypted</i> local backup which IMHO is much better.<p>Even if Apple did say Cloud Backups were encrypted you’d have to take it at face value anyway. Always be in charge of your own data, and secure and back it up yourself.
These two toggle are funny.<p>- back my encrypted data
- back my encryption key (if back encryption key, the e2e does not make any sense)<p>What the encryption key will be used to encrypt the e2e encryption key?
Yet another reason to disable iCloud, if you’re privacy conscious.<p>Although you’re relying on your recipient disabling it too. So really you have to use something else. Signal, etc.<p>With that said, I still think an iPhone with iCloud disabled is better than other phones on the market privacy-wise. And for the average consumer, iPhones offer a good tradeoff between privacy and usability.
Patiently awaiting the obligatory HN 'iPhone considered harmful' thread at this point with complementary link to a medium article. Seriously though after the San Bernardino shooter fiasco and the ongoing us government regulation demands it was basically all but guaranteed apple would pull all the stops to get Sam off their back.
In the early days when iCloud was new it corrupted my decade long (at that point in time) bookmarks.<p>I was devastated. I never recovered them all. But it taught me a lesson.<p>Apple in the cloud brings nothing good to the user if you trust them.<p>Since then I have never and will never use iCloud for anything important. I can see iCloud has become a vector for no privacy over the years.
This post is wrong. iCloud Backup is the only setting that matters. Whether you enable iCloud Messages or not has no baring on whether Apple can read your messages. With iCloud Message sync, Apple doesn’t store a decryption key on their servers.
Also worth keeping in mind, this is true for any message you send that's received by someone else, regardless of your own hygiene.<p>i.e. for true security <i>all</i> message participants must have iCloud Backoff off, etc.
If they can do this, surely this evaporates any security-related rationale for not providing a web-accessible version of iMessages.<p>If they just added <i>that</i>, it would be so incredibly useful. I'm sure they won't though, because that might mean that people could access iMessages from non-Apple hardware (the HORROR).
This preoccupation with Apple maintaining your privacy from <i>themselves</i> is ridiculous. They commit to protecting your privacy from <i>others</i> and are clear on what they have access to themselves.<p>If you want true E2E encryption and encryption at rest, then build your own infrastructure.
Edward Snowden's article earlier this week posited that some 80% of iPhone users leave auto-sync on for iCloud, meaning that there's about a 20% chance that the next thing you send over iMessage isn't encrypted.<p>Why is guesswork like that acceptable in a <i>privacy</i> tool? Furthermore, who actually believed that Apple <i>couldn't</i> read their messages? 'End-to-end' means very little when both ends are Apple-controlled.