[esotericimpl]

Honestly would an apple employee be able to access my icloud account? I understand that the icloud data is encrypted in the cloud and the decryption key is part of signing onto icloud via 2 factor to authorize the device.

Would an apple employee be able to view icloud without the 2nd factor to pull down the decryption key?

[michaelt]

icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.

In a well-run organisation this power would only be available to a small number of employees, would require a good reason and multiple people's authorisation, and would produce audit records. Is Apple such an organisation? Nobody knows.

[matai_kolila]

> icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.

This is more FUD; it doesn't need to be e2e encrypted to prevent an Apple employee (who isn't breaking a litany of laws and/or company policies) from viewing iCloud data.

I'm... just tired of baseless accusations like this, so casually thrown around. I've worked in this industry for 15 years, and when something like this is specifically possible, we say so because we have specific knowledge about how it would actually happen, not general "Yeah sure probably."

We have to do better, because if we don't, we sound like chicken littles and people just ignore us.