Encrypted Apple iCloud Data

[Psamathe]

Is this the same Apple that a few years back said they would scan all pictures for potential illegal's content? That Apple claims they do not have access?

That idea was scanning being carried out on devices not on their servers, and of course your device can access your data when they can't. They never actually implemented it because it may have created a different local device loophole. But they did introduce a option where images are scanned for likely nudity and blurred - but again local on device so no encryption weaknesses nor backdoors.

To decrypt you need the key or vast computing power. If Apple don't have the key they can't decrypt. If HM Gov. don't have the key in practice they can't decrypt. So when I'm the only person with the key no practical way for others to read my data.

Details are very important when it comes to privacy and security.

Ian

 

[dutchguylivingintheuk]

That idea was scanning being carried out on devices not on their servers, and of course your device can access your data when they can't. They never actually implemented it because it may have created a different local device loophole. But they did introduce a option where images are scanned for likely nudity and blurred - but again local on device so no encryption weaknesses nor backdoors.

A nudity filter on itself can be something different with the condition it doesn't need to check online. But my whole point in this case it not about the technicalities, if their did went ahead with this if it started online it would have been a small step to switch it also to local in an later update.
But the main point is not to long ago i think it was in 2005 after terror attack in Manhattan Apple came under pressure from the FBI because they refused to give or help decrypting the Iphone of one of the offenders or help bypassing his password. So in the timespan off roughly 10 years they went from ''your data is your data'' to ''your data is now our data*'' *under certain conditions, but that exactly the thing, now they say child pornography's, terrorist etc. topics everyone can agree on are wrong. But if the technology is there do you really believe they are able to stop a certain goverment going after Januari 6 officials?

To decrypt you need the key or vast computing power. If Apple don't have the key they can't decrypt. If HM Gov. don't have the key in practice they can't decrypt. So when I'm the only person with the key no practical way for others to read my data.

If you can trust company supplying your hardware that is in fact true, however, considering Apple move from ''your data is your data'' to ''your data is our data*'' this is no longer the case.
Considering Apple already read and listens along(targeted advertisement feature'' they might as well be able to see your key if they comply with certain goverments.
And yes this is exactly why Huawei got banned in the US the actual or theoretical chance they would do this. I'm not in any way saying US goverment/NSA/Etc. is the pot calling the kettle black, and double standards are indeed a thing.

Details are very important when it comes to privacy and security.

Ian

Agreed but scrutinizing those providing your essential services even more important when it is about privacy, for the average user this is probably not important but those who need extreme security often use multiple phones, custom roms, will pay with cash as much as possible and will have plausible deniability on their devices. (for Windows that means for example that you have a other windows inside your windows, so that if you're forced to give passwords, you can given them the fake one. And yes this only works if you regularly use your fake os, otherwise the party forcing you will soon discover your last logged in time not adding up)
And other example is Nordvpn(a few years back) and how they provided log files to US courts they claimed where not there.(during sign up)
an other Example is the founder of ReiserFS how was convicted off murdering his wife but they never where able to search his computer properly as being the maker of the file system plausible deniability worked to the extent they couldn't prove he had given them the actual logins. (and he was convicted leaning on other evidence and i think a plea deal.)

 

[dutchguylivingintheuk]

The people who are, rightly or wrongly, complaining about invasion of privacy are the same people who will be screeching the next time a terrorist plot succeeds.

So you are ok to post your bank details, texts,

It's so easy for criminals and terrorists to avoid scrutiny even if Gov. has full access to their data. eg "I'll be visiting granny pm 10/Feb/2025" except only those in my inner circle know that day of month is actually day of month of posting message plus the day of month in the message (ie 7 (today)+10 (day in message=17th, etc. other rules for month, other rules for person. And the rules all change for the next post. Thousands of ways to mask what you are really saying and criminals and terrorists know them all us quite a few others. Backdoors don't help anybody know what is really being said.

Ian

But goverments have people who help them decipher that, so that information never stays truly covered for long.
criminals actually made it easyer for law enforcement as encrypted phones with subsequent service became populair, so all they had to do isseize the servers and they could listen in. You would think criminals would learn from that but they did it multiple times over the past decade.

 

[Psamathe]

But goverments have people who help them decipher that, so that information never stays truly covered for long.
criminals actually made it easyer for law enforcement as encrypted phones with subsequent service became populair, so all they had to do isseize the servers and they could listen in. You would think criminals would learn from that but they did it multiple times over the past decade.

I have no idea about how dumb criminals are but there are certainly methods of encryption that Governments would be unable to crack or at least unable to crack in any timescale to have any use.

My personal experience is that even when data is not on servers police can still get it (I've had police contact me before "we have the device but have to get it put back by 18:00 when the person returns home ..." in the days before internet was widespread).

I guess "criminals" is a very broad group with a wide range of sophistication from the technically dumb (have to recover data from such examples before) to the much smarter.

Ian

 

[HMS_Dave]

One of the points the article makes is, once there is a "back door", it is only a matter of time before people other than the original intended organisation(s) find it, and, gain entry, so, security is weakened, not only for UK, but, worldwide.

Im afraid it is already been a thing for decades at this point...

Pegasus. Developed by Israeli cyber arms company NSO Group.

I'll quote from the link "While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists." It goes on... "Pegasus is generally capable of reading text messages, call snooping, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps."

This is just one that we know about.... However, Pegasus is approved by the Israeli Ministry Of Defence, so it is OK, no problem....

No point in deleting your nudes now BoldonLad, Mossad have already analysed them.

 

[Psamathe]

[NSO's Pegasus] This is just one that we know about....

Graphite from Paragon Solutions (another Israel-based company). eg used by Italian Gov. against journalists. 90 cases found (so far).

Ian

 

[Psamathe]

If you can trust company supplying your hardware that is in fact true, however, considering Apple move from ''your data is your data'' to ''your data is our data*'' this is no longer the case.

Any chance of clarifying what you mean?

Of course companies you have a commercial relationship with retain information about you, they have to eg credit card, amounts, what was purchased, etc.

Apple can make recommendations of eg apps that might be of interest to you based on your purchases (if you enable that). They do have developer tools that allow developers to monitor performance of they apps (though most developers use Google's version Firebase and compare Google's privacy to Apple's and you'd think you were on different planets).

And much of all that can be just not enabled if you don't want it to happen. Or blocked if you are concerned about privacy.

eg compare Apple Maps routing data collection to Google's
Apple Maps: When your device requests a route rather than requesting a single route from A to B, it splits it into multiple requests with multiple identifiers that masks where you’re trying to go. Your device also converts your precise location to a less-exact one after 24 hours, and Apple itself doesn’t store any information about where you’ve been or what you’ve been searching for. Also none of the information that reaches an external server is associated with your Apple ID. Any personalized data is stored on your device, rather than a server where it’s out of your control (where you can delete it).

Google Maps: None of the above. Pretty much everything you do gets routed through Google’s servers, and the information gleaned from your travels and searches can be used to better personalise Google’s ads.

Google Maps does have an Incognito Mode which limits the amount of data that is saved but everything still has to go through Google servers first, so the only way to actively avoid Google Maps from keeping tabs on you is to stop using it and delete the app.

In 2024 there was a legal case agaist Google for tracking users when they were in "Incognito mode" - so guess how much privacy that gives you.

Ian

 

[dutchguylivingintheuk]

Any chance of clarifying what you mean?

Sure Apple seems to have stepped away from the postition that your data is your data, your data is not your data is they detect child porn or other things they find worse enough to void the your data. They also don't respect your privacy anymore, as they mic are open foor apps 24/7

Of course companies you have a commercial relationship with retain information about you, they have to eg credit card, amounts, what was purchased, etc.

Yes but this is more about when i buy an device i should have ownership rights, on a Apple you are in fact a user, you don't get real root acces. in contrary to most android phones.

Apple can make recommendations of eg apps that might be of interest to you based on your purchases (if you enable that). They do have developer tools that allow developers to monitor performance of they apps (though most developers use Google's version Firebase and compare Google's privacy to Apple's and you'd think you were on different planets).

yes i'm not saying google is any better then Apple but android is open source there are distributions of android like Linageos, Calyxos, and many more that allow you to completely remove google added software from your phone and/or add features and anything in between.

And much of all that can be just not enabled if you don't want it to happen. Or blocked if you are concerned about privacy.

On google/android if you can install costum roms or gain root acces you can indeed block a lot of ''features'' in addition on android you can also use alternative appstores so you don't need an google account no such thing on Apple.

eg compare Apple Maps routing data collection to Google's
Apple Maps: When your device requests a route rather than requesting a single route from A to B, it splits it into multiple requests with multiple identifiers that masks where you’re trying to go. Your device also converts your precise location to a less-exact one after 24 hours, and Apple itself doesn’t store any information about where you’ve been or what you’ve been searching for. Also none of the information that reaches an external server is associated with your Apple ID. Any personalized data is stored on your device, rather than a server where it’s out of your control (where you can delete it).

and all users can view the source code to see things like apple says they go?

Google Maps: None of the above. Pretty much everything you do gets routed through Google’s servers, and the information gleaned from your travels and searches can be used to better personalise Google’s ads.

Google Maps does have an Incognito Mode which limits the amount of data that is saved but everything still has to go through Google servers first, so the only way to actively avoid Google Maps from keeping tabs on you is to stop using it and delete the app.

In 2024 there was a legal case agaist Google for tracking users when they were in "Incognito mode" - so guess how much privacy that gives you.

Ian

However for all of they above are apps that might use the same google servers but make sure your not identifyable if you use their app or wrapper around maps and because it's all open source your don't have to trust those developers on their possibly blue eyes you can just check the code yourself.

 

[AndyRM]

Sure Apple seems to have stepped away from the postition that your data is your data, your data is not your data is they detect child porn or other things they find worse enough to void the your data. They also don't respect your privacy anymore, as they mic are open foor apps 24/7

Yes but this is more about when i buy an device i should have ownership rights, on a Apple you are in fact a user, you don't get real root acces. in contrary to most android phones.

yes i'm not saying google is any better then Apple but android is open source there are distributions of android like Linageos, Calyxos, and many more that allow you to completely remove google added software from your phone and/or add features and anything in between.




On google/android if you can install costum roms or gain root acces you can indeed block a lot of ''features'' in addition on android you can also use alternative appstores so you don't need an google account no such thing on Apple.


and all users can view the source code to see things like apple says they go?


However for all of they above are apps that might use the same google servers but make sure your not identifyable if you use their app or wrapper around maps and because it's all open source your don't have to trust those developers on their possibly blue eyes you can just check the code yourself.

Are you for real?

Android ain't open source. It pretends to be, sure, but it's really not.

 

[dutchguylivingintheuk]

Are you for real?

Android ain't open source. It pretends to be, sure, but it's really not.

The AOSP andriod project is, hence why Huawei could put that on his phones at the time, most Google / Samsung's /other brands proprietary adjustments /overlayers etc. aren't

 

[AndyRM]

The AOSP andriod project is, hence why Huawei could put that on his phones at the time, most Google / Samsung's /other brands proprietary adjustments /overlayers etc. aren't

It isn't.

The Android operating system is owned.

 

[Psamathe]

Sure Apple seems to have stepped away from the postition that your data is your data, your data is not your data is they detect child porn or other things they find worse enough to void the your data. They also don't respect your privacy anymore, as they mic are open foor apps 24/7

Apple were talking about it but only for photos uploaded onto their servers not for photos on your device. But the plans were never implemented and have been cancelled.

Note that quite a few (non-Apple) cloud storage providers do scan files you store of their servers for copyright content (if copyright content is detected some are reported tro cancel your contract with no refund and no appeals).

They also don't respect your privacy anymore, as they mic are open foor apps 24/7

Apps only have access to the microphone if you grant the app such rights and then only when running (and you can remove that access at any time very easily). If you chose to enable the listen for Siri then Siri can send apps decoded commands, just like Android does with Google's voice assistant.

Ian

 

[dutchguylivingintheuk]

It isn't.

The Android operating system is owned.

And? Open source and owned are two separate things you known they use the word open to indicate you and eveyone else can read the source nowhere it states and open source project can't be owned.
That's just your assumption an misunderstanding.

Apple were talking about it but only for photos uploaded onto their servers not for photos on your device. But the plans were never implemented and have been cancelled.

Note that quite a few (non-Apple) cloud storage providers do scan files you store of their servers for copyright content (if copyright content is detected some are reported tro cancel your contract with no refund and no appeals).

I stand by my earlier point yes i know the plans where cancelled but still it's a jump from ''no FBI we won't give you the password, costumers data is costumers data'' to costumers data might be ours under this and this condition, which always means that the this condition is a sliding scale just as ''online only''

Apps only have access to the microphone if you grant the app such rights and then only when running (and you can remove that access at any time very easily). If you chose to enable the listen for Siri then Siri can send apps decoded commands, just like Android does with Google's voice assistant.

Ian

With android i can completly remove assistant. see if it's running in the background or run a costum rom without it if i'm really paranoid.
I know what Apple says about when siri listen and when not, i also know what the leaked pitch of the advertising company said and those two contradict eachother, someone is ly-ing judging by the fact my wife gets lots of targeted advertising about things we talk about (talk not type) and she has an Iphone my guess is the one lying is Apple.

 

[AndyRM]

And? Open source and owned are two separate things you known they use the word open to indicate you and eveyone else can read the source nowhere it states and open source project can't be owned.
That's just your assumption an misunderstanding.


I stand by my earlier point yes i know the plans where cancelled but still it's a jump from ''no FBI we won't give you the password, costumers data is costumers data'' to costumers data might be ours under this and this condition, which always means that the this condition is a sliding scale just as ''online only''



With android i can completly remove assistant. see if it's running in the background or run a costum rom without it if i'm really paranoid.
I know what Apple says about when siri listen and when not, i also know what the leaked pitch of the advertising company said and those two contradict eachother, someone is ly-ing judging by the fact my wife gets lots of targeted advertising about things we talk about (talk not type) and she has an Iphone my guess is the one lying is Apple.

I'm not misunderstanding anything.

Android isn't open source.

 

[dutchguylivingintheuk]

I'm not misunderstanding anything.

Android isn't open source.

Explain yourself please?