[1] https://support.apple.com/en-us/102651#:~:text=in%20iCloud%2...
1. That their messages won't be lost when they migrate between devices.
2. That their messages won't be lost when their device is stolen and they set up the new one from nothing but a password.
3. That Apple's password recovery flows work like any other password recovery flows, AKA that forgetting your password is a minor inconvenience, to be overcome at the Apple Store at worst, not a data loss disaster.
4. That they don't have to spend $$$ on some strange device called a "Yoobby Key", which they don't understand and will lose anyway.
There's no way to satisfy those demands and have your desired level of security, hence why iCloud backup encryption is a strictly opt-in feature.
There are tradeoffs to be made here, and Signal made different tradeoffs, which makes it significantly more secure but also significantly more annoying to use for somebody whose main life interest isn't figuring out why tech works the way it does. Apple does the best it can under the constraints they are given.
I used to think this was because they were intimidated by law enforcement, but they claimed otherwise. The recent UK attempt to backdoor Advanced Data Protection has made me believe them a bit less.
But it’s all or nothing and has to be applied to the entire account.
https://www.youtube.com/watch?v=BLGFriOKz6U&t=26m50s
(Be sure to watch through the section from 34m to 36m...)
The gap between perception and reality when it comes to Apple as a “privacy champion” has never been so big as it is today.
You can still turn everything compromising off and end up with a device secured to paranoid levels. That's definitely more than an empty promise, or what other vendors provide.
I don't believe this is the case. Apple generally prefers to diminish the importance and risks of specific actions unless they have some monetary advantage. e.g. Apple is happy to warn you (multiple times) that an alternative marketplace is "dangerous" and yet iMessage iCloud Backups are just a click away with a friendly "so your messages are available everywhere".
Another example is Photos - Apple has no problem activating features that collect "anonymized" information from my pictures. Yes, there is an opt-out, but having all that on by default is not in the spirit of a privacy-minded operation.
And about the choice - someone already pointed out in other comments, there really is no way to replace iCloud with anything else for backups and app data sync. So the choice is not really a choice.
That’s pretty much exactly what all the other vendors in the market provide: insecure and spying by default.
I don’t really understand why Apple should somehow get good points for their stance on privacy when they are actually doing pretty much the same thing than everyone else.
Users want convenience, and security always brings inconveniences (e.g., inter-client sync, no chat data before a client logged in first time, etc.).
Some vendors might provide convenience because they want to have your data. Others might provide you the convenience because you as a user want it, but see the resulting data as nothing but a liability.
Some providers are known to have the majority of their business be based around such data, whereas others might have little to no presence in that field.
Does it really? There is no option to use my own hardware/software for backup storage. I mean what would usually go to icloud.
That i would really trust.
So to me the answer is no.
Just wish we had more options…
https://www.infosecurity-magazine.com/news/apple-update-extr...
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zer...
Same reason FileVault isn't on by default on macs.
Apple could do a lot to promote this feature to more advanced users, but they don’t. I don’t believe for a second this decision is unrelated to the government pressure they’ve been receiving from the UK.
Maybe people think that was all for show but I’m struggling to think of other examples of massive companies saying that so publicly/firmly. See also, all the times the police/FBI/etc have complained or even tried to force Apple to provide a backdoor.
All that said, I guess a, very legitimate, argument could be made that if Apple provided ways to swap out iCloud for whatever service you wanted then there might be an escape hatch of sorts even if iCloud was compromised/limited.
Would be a shame if they claimed they can’t decrypt but an old back up had the keys to the kingdom
I can't sign into Apple Music on Android because it doesn't support security keys – small price to pay.
Not quite. You can still have automatic local backups set up for iOS and macOS devices to your own NAS. And that NAS can then do cloud backups of whatever is on it in any way you want. It's certainly more effort than the stock iCloud solution, but it's still an option.
macOS yes, but iOS?
iTunes (or Mac OS's built-in iPhone sync) is the recommended way to do this, although the protocol has been reverse-engineered to hell and back and third-party software exists for it. iMazing is the most notable one, although there are probably others, and you could hack something on top of libimobiledevice if you really wanted to.
Getting those backups from your computer to the NAS is an exercise for the reader.
Also, is government spying the only reason Apple decrypts messages? We don't know. They don't disclose that they do it for the government, but we know they do from other sources. What other purposes might they not be disclosing?
You mean the one that by default is a 4 digit number and therefore trivially brute forcable?
And neither android hardware nor the google servers have any kind of secure element enforcing brute force protections like '3 tries then we wipe the keys'.
I don't know why you would say this when it is obviously false. https://security.googleblog.com/2018/10/google-and-android-h...
One can't implement brute force protections without such a UI...
"You need to wait 5 minutes" isn't sufficient for a 4 digit pin...
https://www.reddit.com/r/samsung/comments/13nnphc/delete_pho...
Otherwise you can simply say "yeah, we power cycled you and now the year is 100,000, can I have another guess?"
I don't see any mention of that functionality in any public documentation.
(Relying on wall clock time caused a bug in an early iOS version of this feature, where it would show a really long delay when the clock was reset, and there was no way to set the clock correctly)
And that’s with a power cycle, so 14,000 a day? I’ll not going to assume the button will last more than 100,000 presses, so I don’t see many combinations being tried.
The Titan M chip is present on all Pixel devices:
Do you consider all security to be a joke then? If you send me a message, how will you actually guarantee that I do not make a copy of it once it's on my own computer?
So what secure communication system should we be using given that none of them can guarantee that the recipient doesn't leak information to another country by choosing to use a compromised version of the client?
That's great, naming those would have been better though since it would have actually answered the question.
> With Advanced Data Protection, the number of data categories that use end-to-end encryption rises to 25 and includes your iCloud Backup,...
> iCloud Backup (including device and Messages backup) (3)
> (3) .... Advanced Data Protection: iCloud Backup and everything inside it is end-to-end encrypted, including the Messages in iCloud encryption key.
On Google, the Google Drive and Photo are encrypted to a key owned by google.
On iCloud, the iCloud Drive and Photo are encrypted to your account key. In which, without ADP, this key is shared with Apple. When ADP is enabled, Apple does not store this key. iCloud Backup is stored with the same technology as iCloud Drive.
When it comes to lost password account recovery:
- Google can just reset your password, and your drive and photo are still accessible. All barrier are procedural, not technical.
- iCloud (with ADP), they can still reset your password, but then your icloud drive and icloud photo are loss forever.
There are some trade off ..:
- Lost password recovery experience. _Some_ user will lost their password anyway. How high should the bar be?
- Cloud first? or local device first with cloud backup?
- Are you giving the cloud data same protection as local device?
In google's solution, they put the google drive data at risk...
In apple's solution, it need extra steps to ensure you have proper account recovery flow covered.
In fact I would say calling iMessage an e2ee system is false advertising until this is corrected. Reasonable people would assume that an Apple system advertised as e2ee would make an effort to prevent Apple servers from having the keys to decrypt most iMessages, while the reality is with these defaults it's likely that a large majority of iMessages can be decrypted by Apple servers at will.
The simple fact of the matter is that if I have ADP enabled, my chats should be excluded from the backups of those I'm communicating with (it should be as an opt-in basis at the very least).
Not having this renders ADP useless for the purpose of its stated threat model.
Why can you reach into my phone and wipe data you sent to me?
Why are _you_ the final arbiter?
Once you send a message it is _out of your hands_. You do not own that message. You do not have the right to dictate to others what they can do with what you send to them. That’s life, that’s reality.
If you want to be able to delete your sent messages from other’s devices, there are many apps out there that can provide it to you and both you and the person you are talking to can go in “eyes wide open” to what you agreeing to (I can delete messages I sent to you and you have no record).
The potential for abuse of this is high and the vast majority of users would _not_ want this feature. The same way that mostly people probably shouldn’t use ADP due to the risks, this type of feature will cause way more issues IMHO. It doesn’t take much imagination to get to “Grandpa pressed the wrong button and deleted years (decades) of conversation from everyone’s phone”.
I am not interesting my normal conversations potentially disappearing. That was not the agreement that we had and changing the rules later on that is gross to me. If you want disappearing chats or the ability to wipe all the messages you’ve sent there are other apps (with their own pitfalls, what if I keep my phone offline and never get the update to clear out your conversations?).
The fact that this is so unintuitive that I had to explain it and I am only 95% sure I got it right is precisely the problem.
Would be very interested in this.
It's also the same way ProtonMail encrypts their email. They have to store the private key for you to be able to use the email on any browser.
Of course iCloud backup is itself optional. But Apple gives you and the people you're messaging no other option for cloud backups. ADP actually encrypts your backups, but since it defaults to off your messages are almost certainly still readable by Apple thanks to the keys stored in other peoples' backups.
No, if you do not use “Messages in iCloud” then your iMessage private key does not leave your device.
If the messages were still protected by e2ee with key storage only on your devices then it would specify that in the table. Some other data types like keychain passwords and Memoji are in fact protected by e2ee even when ADP is not enabled, and the table reflects that. Messages do not fall in the category of e2ee without ADP.