Encrypted Apple iCloud Data

[dutchguylivingintheuk]

But the police can require you to give up the password/key.

Yes, but if you have enough to hide you will run your stuff in a treucrypt kind of way(there are a few others but i think truecypt is the most well known.) First enemy would then be softwae like Apple because only Apple has the source code.

Key thing is if you use this software properly you will always have plausible denyabilty in encrypts you whole drive but importantly in addition it also adds a second fake os, which you can show if your forced to give your password. Key thin here is off course that you need to login to but systems frequently otherwise you cover will be blown. But the maker of ReiserFS(and file system) killed his wife and the police had no other choice but to make a deal with him as they couldn't prove what there was actually on his hard drive. (but in this case they did have enough additional evidence.)

Which means there is no point in weakening server security. So as you say security services can get at your data with ADP available but if hackers try they face additional security (as you are not obliged to provide hackers your pass keys/password).

Well the be honest the usability for ADP is very limited, and for those who need it other options are available, i would start with not relying on Apple or any other company but host everything myself. (specific i mean running fr example the could service on your own encrypted server.) but the average hacker is with normal consumers interested in getting acces to online banking an such, ADP does not protect against that, most modern phones use either face or fingerprint ID.

One problem with known weaker security is that hackers try to break-in which can cause the account to be locked for security which can be a real nuisance (particularly if away from home). With ADP some additional functionality is disabled and hackers know even if they get in they can't decrypt your data ... so they don't bother (anything like so much).

Yes but an account lock happens when the administrator of the account either Apple in case of icloud or your bank incase of banking or for example BT etc. detects and suspicious login, ADP does not come into play at this level.
Also most breaking attempts come from leaked login details as they also have an limit on the number of tries before gettig blocked. ADP and similar is important when someone has physical acces to your device.(and is likely to try and crack the security, a typical thief just flips it quickly, without even trying)

I'm not bothered about keeping my iCloud from UK Gov. (which I do through other servers). My concern is weakened server security. Which is why US security agencies, including the FBI and NSA, have been advocating for increased use of encryption to protect against Chinese cyber threats, creating potential conflicts between UK and US security interests. UK going in opposite direction.

Ian

technically i have nothing to hide but i won't show you are anyone else my banking details etc. either. That's the think with privacy most people probably have nothing off interest but the feeling of someone invading your privacy for whatever reason is not nice, and i think the right to use any encryption i feel suitable should be my choice, not limited by a government mandate, i also don't have an iPhone, ad as stated above if really wanted i know i number of ways to do this without the government being able to pressure any third party to make a backdoor or anything else.
However in principle i believe this is wrong, as it no longer assumes innocence but insist to a level of control, which i also find highly unlikely to be really needed. To government would typically need this for maybe 10% of the population primarily if they think they are hiding assets, criminal activity or fraud but they have so many other ways that it's nonsense to go all-in in the way they did. We as civilians should be able to force the government to report on effectiveness off measurements like this so that they have a responsibility instead of just seemingly hording data or better said hording the rights to access random data without any consequences

 

[Psamathe]

technically i have nothing to hide but i won't show you are anyone else my banking details etc. either. That's the think with privacy most people probably have nothing off interest but the feeling of someone invading your privacy for whatever reason is not nice, and i think the right to use any encryption i feel suitable should be my choice, not limited by a government mandate,

I agree. People who say it's OK because they have nothing to hide would really be complaining if Government officials were standing by their letter box opening and reading all the post delivered to them (even though there "is nothing to hide").

Government(s) wasting time like this distracts from its ineffectiveness giving the impression of "clamping down" when completely failing to address the problem.

Stuff worth hiding is easy to hide and people who have stuff worth hiding can easily find out how to hide it. It's not "fixing the hole" but rather inadequately trying to bail out the sinking ship with a small sponge.

Ian

 

[BoldonLad]

I agree. People who say it's OK because they have nothing to hide would really be complaining if Government officials were standing by their letter box opening and reading all the post delivered to them (even though there "is nothing to hide").

Government(s) wasting time like this distracts from its ineffectiveness giving the impression of "clamping down" when completely failing to address the problem.

Stuff worth hiding is easy to hide and people who have stuff worth hiding can easily find out how to hide it. It's not "fixing the hole" but rather inadequately trying to bail out the sinking ship with a small sponge.

Ian

A common tactic(?) in more areas than this. The "introduce a new law" approach is a much better sound bite than enforcing the existing laws. 🙂

 

[CXRAndy]

A stronger herd is thru natural immunity not mass vaccination


View: https://x.com/GabeZZOZZ/status/1893568235062059147?t=GdZa0WGOhATAisN7__dzPw&s=19

 

[C R]

A stronger herd is thru natural immunity not mass vaccination


View: https://x.com/GabeZZOZZ/status/1893568235062059147?t=GdZa0WGOhATAisN7__dzPw&s=19

I can understand that you may find von der Leyen's foreign accent off putting, but her English is really very good, so all you are showing here is your inability to understand complex arguments.

 

[presta]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

 

[dutchguylivingintheuk]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

It's wouldn't be spyware but an keylogger and yes it is an possibility however due to the steps it needs to take to get that level of access we don't see them as much anymore. a hidden 4k cam that shows the target typing his code would be easyer, however most authentication these days especially if you take security seriously is at least 2Factor and often uses biometric data either 3d face scan or an fingerprint scan. in both cases a keylogger would be useless. on older faceunlock you could just use an picture but those these are mostly gone too.

 

[Psamathe]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

Plus a lot of content isn't keyboard generated. Keyboard can have very limited involvement eg somebody logging onto their online banking might use mouse to click on a saved link, key in a OTP or use a stored passcode then look at the screen.

Government's reduction on encryption will only apply to some data stored in iCloud but not all (eg messages in iCloud, Journal, Maps, etc. all still encrypted such that Apple and hence UK Gov. even with a court warrant can't decrypt it). So it's difficult to see what they are actually trying to achieve beyond showing their lack of understanding.

Ian

 

[Psamathe]

Looking like UK is to back down on this.

It almost certainly violates the Cloud Act Treaty between US & UK.

We seem to be seeing too many knee-jerk authoritarian "decisions" and poor judgement from UK Gov Home Office (and related) eg proscribing groups, trying to ban Apple Advance Data Protection, ongoing blame of French Police & Gendarms for not entering water to stop boats (when they've been going into water to stop boats since 2023) . Too many lies, too much authoritarianism.

Ian

 

[HMS_Dave]

I'd wager that the UK found itself fresh out of friends on the matter and in a position lacking any authority to make such demands of a foreign tech giant in regards to its ADP and its authority to make demands on internal affairs of sovereign governments around the globe.

 

[C R]

I'd wager that the UK found itself fresh out of friends on the matter and in a position lacking any authority to make such demands of a foreign tech giant in regards to its ADP and its authority to make demands on internal affairs of sovereign governments around the globe.

It was always a ridiculous demand.

 

[Psamathe]

I'd wager that the UK found itself fresh out of friends on the matter and in a position lacking any authority to make such demands of a foreign tech giant in regards to its ADP and its authority to make demands on internal affairs of sovereign governments around the globe.

Plus it would have achieved nothing. Anybody with hardly any technical capability can store stuff such that Governments can't get at it/can't read it (even on iCloud without ADP it's easy to store and share data that UK Gov. would not be able to read). So forcing the technical capability notice through wouldn't actually allow them to get hold of anything they'd want to get hold of anyway!

Ian

 

[Psamathe]

UK has backed down on demand to access US Apple user data, spy chief says
Tulsi Gabbbard says Home Office no longer demanding ‘backdoor’ to encrypted material

The UK government has dropped its insistence that Apple allows law enforcement officials “backdoor” access to US customer data, Donald Trump’s spy chief, Tulsi Gabbard, says.

The US director of national intelligence posted the claim on X following a months-long dispute embroiling the iPhone manufacturer, the UK government and the US president. Trump had weighed in to accuse Britain of behaving like China, telling the prime minister, Keir Starmer: “You can’t do this”.

Not that I regard Tulsi Gabbbard as reliable and anything on Twitter is probably twaddle.

But this always was going to happen. UK home Office should have appreciated the final outcome before they even started it all and it reflects rather badly on their competance that they ever even tried it.

Even if they had not had to back down Apple would never had gone along with it and just withdrawn services from the UK. Maybe a useful thing to have happened as it just shows how daft our own Government has got.

nb yet to be seen if UK will dig its heels in and "adjust" the notice to just apply to UK residents (which Apple also wouldn't ever do and would make UK users more vulnerable to those you don't want having your private data.

 

[CXRAndy]

Its because USA have said FU to UK and EU over trying to control their companies. They have used their financial muscle