<i>"On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data"</i><p>This is key. The way we engineer software and services can have a major impact on the war against overly invasive government requests. We know that these requests will come; it's our responsibility to design things in a way that protects customers from our legal obligations when confronted with them to the greatest extent possible.<p>While this certainly serves their own interests, kudos to Apple for baking this type of consideration into the basic iOS design. They should and will be financially rewarded for it.
Yet no comment from them about what being a "provider" under PRISM entails.<p>* "In addition, Apple has never worked with any government agency from any country to create a “back door” in any of our products or services."<p>If Apple provides an interface to request user-data to law enforcement / NSA, that's not a back door in the <i>product</i> or the <i>service</i>.<p>* "We have also never allowed any government access to our servers. And we never will."<p>If they provide user-data after being served with a warrant (possibly through email or to their legal department), their servers were never accessed, yet the data was provided.<p>It's always interesting to read what <i>is</i> and <i>isn't</i> said. Word games, I swear.
Here's an observation, and an idea for testing Apple's claims on iMessage privacy:<p>China seems quite determined to block IM systems which do not cooperate with the authorities and permit monitoring of communications. Most recently, both Line and the Korean KakaoTalk were blocked [1].<p>Skype remains useable in China, presumably because Skype permits efficient monitoring [2].<p>It seems unlikely that China would tolerate such a prominent opaque communications channel as iMessage in the hands of a significant proportion of their citizens.<p>Thus, if China refrains from blocking iMessage for a prolonged period of time, wouldn't it be reasonable to assume that China is in fact able to snoop on iMessage?<p>[1] <a href="http://www.ibtimes.com/china-restricts-messaging-apps-confirms-blocking-line-kakaotalk-last-month-1651620" rel="nofollow">http://www.ibtimes.com/china-restricts-messaging-apps-confir...</a><p>[2] <a href="http://www.reuters.com/article/2012/01/31/us-china-dissident-idUSTRE80U0BJ20120131" rel="nofollow">http://www.reuters.com/article/2012/01/31/us-china-dissident...</a>
So the US is now a country where mainstream companies market it as a competitive advantage that they will try to minimize what they will release to the government. I'm glad companies are doing this, but I'm sad that they even have to.
The honest truth about all of this is, even if Apple were handing over information because of back doors, custom database interface applications for the NSA, they wouldn't tell us and would probably be gagged from doing so anyway, have we all forgotten about Lavabit? I hope not.<p>I think we are all intelligent enough to know that even if Apple were handing over information, it wouldn't exactly be good for business to admit you've been complicit in handing over personal details to the Government, would it? "Yes, we have been giving away your information, but we promise not to do it any more. Hey, we just released a couple of new iPhones, want to buy one"<p>Anyone else notice the page is cleverly worded and any mention of security seems to be limited to iOS 8 context? "In iOS 8 your data is secure", "In iOS 8 we can't give law enforcement access to your phone" - maybe I am just overanalysing things here, but I have learned not to be so trusting of companies as big as Apple considering the amount of information that they hold.<p>You know we're living in a new kind of world when privacy is being used for marketing purposes...
> less than 0.00385% of customers had data disclosed due to government information requests.<p>According to [1], there are about 600 million apple users, so this translates to 23,000 customers exposed due to government information requests.<p>Seems like a large number. Is 600M correct?<p>[1] <a href="http://www.cnet.com/news/apple-to-reach-600-million-users-by-end-of-2013-says-analyst/" rel="nofollow">http://www.cnet.com/news/apple-to-reach-600-million-users-by...</a>
My fundamental issue with Apple's privacy claims is they are pretending that they have a technological solution to what is, ultimately, a political problem. As the laws in the US (and I imagine some other countries stand), Apple can be compelled provide your data to appropriate governmental authorities, install back doors, not tell you and even lie to you and the world about it. As long as that's true, no assurance from <i>any</i> third-party service provider is worth a damn.<p>I can understand the marketing benefits Apple sees in making these disingenuous privacy claims. I'd be willing to call that "just business" except for one thing: Trying to persuade people they have a technological solution will necessarily get in the way of the absolutely vital political project of destroying the political and legal foundations of the surveillance state.
I'm very skeptical that traditional screen-lock passcodes offer useful protection for the average person. Most people still choose to use 4-digit passcodes for convenience, leaving exhaustive key search [1] well within the reach of even very small attackers.<p>Are these four-digit passcodes being used to derive encryption keys? If so, I'd like to hear where the additional entropy comes from. There's no use encrypting things with a 128-bit key when the effective entropy of the key is really only ~12.3 bits.<p>I'm sure the engineers at Apple would not have overlooked this; it would be great to hear more about the specifics.<p>[1] especially if the attacker can download encrypted data and try an infinite number of times (instead of e.g. typing the passcode on the phone or hitting the iCloud servers)
If you're an iOS user who becomes the target of an investigation by a law enforcement or intelligence agency, remember your data is likely <i>unencrypted</i> in the cloud. So if your device is inaccessible, your email, your location history, your text messages, your phone call history will probably remain accessible. Apple acknowledges, for example, that "iCloud does not encrypt data stored on IMAP mail servers":
<a href="http://support.apple.com/kb/HT4865" rel="nofollow">http://support.apple.com/kb/HT4865</a><p>[Edited because it now seems unclear which Apple policies have changed.]
Apple has taken a shot against Google and facebook. It has mentioned that unlike its competitors their business model does not depend on selling user data. Which is kind of true, but Google and facebook's business model itself is using user data for marketing.<p>Sometimes I feel it's not unethical to use user's data for marketing, the way facebook and Google tell us; that they don't directly share details with marketers, but they let them target the audience.
Except it's not open source. If it's not open source then you have no idea what's going on beyond what Apple tells you.<p>Ask your self:<p>Would Snowden use this phone? Your answer to this question is the same as the answer to the question "Is this phone secure?"<p>I guess I'll get downvoted for this sense it goes against the Apple circlejerk, but this issue is more important to me than magic internet points.
Finally those numbers of iPhone activation and mac sold are useful.<p>#1 Mac unit sales<p><a href="http://www.macworld.com/article/2062821/apple-by-the-numbers-mac-not-dead-yet.html" rel="nofollow">http://www.macworld.com/article/2062821/apple-by-the-numbers...</a><p>2010 @ 13662k<p>2011 @ 16735k<p>2012 @ 18158k<p>2013 @ 16341k<p>Total = 64,896,000<p>#2 iPhone unit sales<p><a href="http://www.statista.com/statistics/232790/forecast-of-apple-users-in-the-us/" rel="nofollow">http://www.statista.com/statistics/232790/forecast-of-apple-...</a><p>I only take the number from 2013 & 2014 because Apple trend to upgrade fast.<p>2013 @ 53.6 Million,<p>2014 @ 63.2 Million,<p>Total = 116,800,000<p>Now, quote from "Government Information Requests"<p>"less than
0.00385%
of customers had data disclosed due to government information requests."<p>Only 699529.6 round to 699529 customers had data disclosed.
I understand this does nothing to stop the NSA from snooping on me. However, the local / state police are a much more imminent threat to your average person with the rise of the police state than the NSA and FBI are. The local police are becoming ever more aggressive when it comes to your privacy and devices like your phone.<p>If this turns out to be as good of a move as it seems like it is, Apple has acquired my attention in a way they weren't able to previously (I've been an Android user from day one). Plus I like the new larger iPhone 6.
Edit:<p>Can someone confirm or deny the following? I <i>think</i> this is the current state of affairs.<p>A) Apple will unlock PIN-locked devices by government request, but the best they can do is brute-force. This is very slow, as it can only be done using the phone's on-board crypto hardware (which has a unique burned-in crypto key), and the PIN is stretched with PBKDF2. It has been this way for a while. Apple has no "backdoor" on the PIN or any form of cryptographic advantage here that we know of.<p>B) The <i>new</i> thing mentioned in the OP's link is that things stored <i>on Apple's servers</i> are now encrypted as well, with your iCloud password.<p>Is this correct?
These threads should come with a tin foil hat requirement. There is so many different views on this. But if you wear a thick enough tin foil hat, it really doesn't matter what anyone says. You will think the gov is spying on you regardless...
I don't need to read this. Everything on the iPhone is proprietary software. As it has been proven countless times, there is an 100% probability that there are backdoors everywhere on this device. This entire blog post is a lie.