|
> I know I have to trust them to do what they say they do, anyways, but if they do not have the keys, they cannot change their mind (say in response to a visit from the NSA) Apple absolutely holds the keys to everything stored on iCloud. See their iOS security whitepaper [1], in the iCloud section: > iCloud > iCloud stores music, photos, apps, calendars, documents, and more, and automatically pushes them to all of a user’s devices. iCloud can also be used by third-party apps to store and sync documents as well as key values for app data as defined by the developer. An iCloud account is configured via the Settings app by the user. iCloud features, including Photo Stream, Documents & Data, and Backup, can be disabled by IT administrators via a configuration profile. >The service is agnostic about what is being stored and handles all files the same way. There are two components for each file. The first is the file’s metadata, which consists of its name, extension, and filesystem permission settings. The second component is the file’s contents, which are treated by iCloud simply as a collection of bytes. > Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys, and the file’s metadata, are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as Amazon S3 and Windows Azure. [1]: https://www.apple.com/ipad/business/docs/iOS_Security_Feb14.... |
"iCloud Keychain allows users to securely sync their passwords between iOS devices and Mac computers without exposing that information to Apple."
So, I guess somebody should write a 'notepad' for iOS and Mac OS X that stores its data as secure notes in the KeyChain (assuming that secure notes get synced, too)