[naturalpb]

Still waiting for Apple to provide end-to-end encryption on iCloud Backup for devices. Their documentation on this has always seemed intentionally vague.

https://support.apple.com/en-us/HT202303

End-to-end encrypted data -> - Apple Card transactions (requires iOS 12.4 or later) - Home data - Health data (requires iOS 12 or later) - iCloud Keychain (includes all of your saved accounts and passwords) - Maps Favorites, Collections and search history (requires iOS 13 or later) - Memoji (requires iOS 12.1 or later) - Payment information - QuickType Keyboard learned vocabulary (requires iOS 11 or later) - Safari History and iCloud Tabs (requires iOS 13 or later) - Screen Time - Siri information - Wi-Fi passwords - W1 and H1 Bluetooth keys (requires iOS 13 or later)

[vineyardmike]

They won't do this. Its their run-around to giving law enforcement access to the devices.

They can claim that the device is secure and always encrypted, and all the messaging is encrypted, and they don't collect user data. This is all true (i assume, but did not audit).

If you care about security, all you have to do is turn off iCloud backup, and everything is secure. If you don't care, well then you have a great feature.

They upload plain-text versions of messages, etc to iCloud so if law enforcement asks, they can still comply with the juicy data. They don't need to back-door the iphone for the Gov. which was a major PR issue a few years ago.

[sneak]

> If you care about security, all you have to do is turn off iCloud backup, and everything is secure.

No, each conversation has at least two endpoints, and it's unlikely that the people you iMessage with have disabled iCloud Backup.

It's sort of like switching from gmail to avoid Google having access to your correspondence: they'll get it from the mailbox of the people still using gmail (so, everyone) that you correspond with.

[vineyardmike]

Ok yeah, i should have been way more clear here. I just meant that your data can't be snooped from the cloud, due to encryption, if backup is turned off.

Of course, this also assumes you trust apple and the implementations of encryption, blah blah blah typical security-depends-on-trust-someone-somewhere warnings.

[unsignedchar]

Very good point. In addition to iCloud Backup for messages, people could also have Messages in iCloud turned on as well

[pseudalopex]

Messages in iCloud is end to end encrypted.

[sneak]

It's intentionally vague because they want people to read that page and think "oh, it's all encrypted, it's safe", and not realize that they intentionally preserve this backdoor so that they can provide data to the FBI at any time, with or without a warrant, at the FBI's explicit request:

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

Apple provided user data on over 30,000 users in 2019 to the US federal government without a warrant or probable cause, per Apple's own transparency report (see FISA orders). All the feds have to do is order the data from Apple, and they get all of it, on anyone they like.

You're going to be waiting a long time; it's a design goal for Apple (and by extension the feds) to be able to read your every stored text, iMessage, and iMessage attachment out of your device backup without your consent/knowledge.

It's not really that different from the situation in China, where Apple provides the same sort of backdoors to the CCP to be able to sell devices there. (There, the CCP requires that it be physically stored on state-owned and state-operated hardware, as I understand it.)

[viro]

> "the US federal government without a warrant or probable cause, per Apple's own transparency report (see FISA orders)."

Do you not know a FISA order is a court order?

[sneak]

https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...

I said without a warrant or probable cause, which is accurate.

The FISA court is a bullshit, rubberstamp farce, to allow the state to pretend that they give a shit about the rule of law. The fact that they surveil everyone, inside and outside of the country, without warrants or probable cause, is evidence that they do not.

The FISA court issues orders without a requirement of probable cause, and its decisions and targets are classified. They are not warrants, and there is no due process. Calling it a "court" at all is a stretch.

Here's the FISA "court order" demanding 100% of all call records, every day, from Verizon, even local calls that start and end wholly within the USA:

https://epic.org/privacy/nsa/Section-215-Order-to-Verizon.pd...

This kind of overbroad stuff is precisely why we have the fourth amendment:

> The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That's exactly the opposite of what the FISA "court" does.

[viro]

EVERY US company is legally required to comply with a FISA warrant. Stop acting like Apple has a choice, they don't. And also they are legally considered warrants. Did you read your link?

[sneak]

Apple has a choice about whether or not backups are end-to-end encrypted, using keys unknown to Apple.

Apple, at the request of the FBI, chose to preserve this surveillance backdoor by not deploying their end-to-end encryption system for iCloud Backup, thus making everyone's data available to Apple and potentially responsive to FISA orders. Seriously, read the link:

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

They absolutely had a choice.

If that backup data (which includes all your iMessages and attachments thereto) were end-to-end encrypted, which was Apple's original plan, then FISA orders, real warrants, and all the rest would be fruitless as Apple could not decrypt the data. They'd be turning over opaque encrypted data in response to FISA orders and real warrants.

[Fnoord]

You can use clouds like these with your own cryptography software. A matter of using something standard while not giving the cloud provider your public key. As long as they allow you to specify the backup location (which I don't know if they do), this should be doable. If they don't allow this that is a more severe issue.

[someonehere]

It’s well known that they don’t encrypt backups in iCloud. That’s how they’re able to reset access in case you lose access.

[haswell]

You're being downvoted, presumably because of the parallel discussion about the FBI. But I think this is most likely a combination of both:

1) The vast majority of Apple's users care more about getting their data back than they do E2E encryption. Encrypting backups does introduce failure modes that put more burden on the user (to have an emergency key, etc). Apple also cares deeply about things "just working", and so this is a space that was always going to be incredibly difficult to balance.

2) The FBI thing is also true. Given Apple's former plans for true E2E encryption somewhat gave way to what they have now, with little explanation, it's hard not to speculate that they backed away from the original initiative after some...involvement...from the feds.