Hacker News new | ask | show | jobs
by matai_kolila 1357 days ago
> Thus, anyone who has access to your iCloud account, whether it be a hacker, an Apple employee, or a government agency, has also access to that data.

Lost a lot of credibility here by including Apple employees, as that’s not a thing.

Honestly this just reads as a bunch if FUD for what appears to be no reason. There’s no new info, no new perspective, no attempt at fair explanation of why those things might actually be desirable for the customer…

Just a bunch of bad faith interpretations of how an iPhone works to try and scare or confuse the reader, and no discernible reason for why.
2 comments
philjohn 1357 days ago
The CSAM scanning would have required Apple employees to view flagged photos to confirm if they are CSAM - so yes, Apple employees will have some level of access to iCloud data, otherwise, legal requests for data would be impossible.

This wouldn't be an issue if iCloud was E2EE, but they probably save a chunk of money by only storing one copy of the "meme du jour" on their servers.

link
esotericimpl 1357 days ago
Honestly would an apple employee be able to access my icloud account? I understand that the icloud data is encrypted in the cloud and the decryption key is part of signing onto icloud via 2 factor to authorize the device.

Would an apple employee be able to view icloud without the 2nd factor to pull down the decryption key?

link
michaelt 1357 days ago
icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.

In a well-run organisation this power would only be available to a small number of employees, would require a good reason and multiple people's authorisation, and would produce audit records. Is Apple such an organisation? Nobody knows.

link
matai_kolila 1357 days ago
> icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.

This is more FUD; it doesn't need to be e2e encrypted to prevent an Apple employee (who isn't breaking a litany of laws and/or company policies) from viewing iCloud data.

I'm... just tired of baseless accusations like this, so casually thrown around. I've worked in this industry for 15 years, and when something like this is specifically possible, we say so because we have specific knowledge about how it would actually happen, not general "Yeah sure probably."

We have to do better, because if we don't, we sound like chicken littles and people just ignore us.

link