Encrypted Apple iCloud Data

[dutchguylivingintheuk]

But the police can require you to give up the password/key.

Yes, but if you have enough to hide you will run your stuff in a treucrypt kind of way(there are a few others but i think truecypt is the most well known.) First enemy would then be softwae like Apple because only Apple has the source code.

Key thing is if you use this software properly you will always have plausible denyabilty in encrypts you whole drive but importantly in addition it also adds a second fake os, which you can show if your forced to give your password. Key thin here is off course that you need to login to but systems frequently otherwise you cover will be blown. But the maker of ReiserFS(and file system) killed his wife and the police had no other choice but to make a deal with him as they couldn't prove what there was actually on his hard drive. (but in this case they did have enough additional evidence.)

Which means there is no point in weakening server security. So as you say security services can get at your data with ADP available but if hackers try they face additional security (as you are not obliged to provide hackers your pass keys/password).

Well the be honest the usability for ADP is very limited, and for those who need it other options are available, i would start with not relying on Apple or any other company but host everything myself. (specific i mean running fr example the could service on your own encrypted server.) but the average hacker is with normal consumers interested in getting acces to online banking an such, ADP does not protect against that, most modern phones use either face or fingerprint ID.

One problem with known weaker security is that hackers try to break-in which can cause the account to be locked for security which can be a real nuisance (particularly if away from home). With ADP some additional functionality is disabled and hackers know even if they get in they can't decrypt your data ... so they don't bother (anything like so much).

Yes but an account lock happens when the administrator of the account either Apple in case of icloud or your bank incase of banking or for example BT etc. detects and suspicious login, ADP does not come into play at this level.
Also most breaking attempts come from leaked login details as they also have an limit on the number of tries before gettig blocked. ADP and similar is important when someone has physical acces to your device.(and is likely to try and crack the security, a typical thief just flips it quickly, without even trying)

I'm not bothered about keeping my iCloud from UK Gov. (which I do through other servers). My concern is weakened server security. Which is why US security agencies, including the FBI and NSA, have been advocating for increased use of encryption to protect against Chinese cyber threats, creating potential conflicts between UK and US security interests. UK going in opposite direction.

Ian

technically i have nothing to hide but i won't show you are anyone else my banking details etc. either. That's the think with privacy most people probably have nothing off interest but the feeling of someone invading your privacy for whatever reason is not nice, and i think the right to use any encryption i feel suitable should be my choice, not limited by a government mandate, i also don't have an iPhone, ad as stated above if really wanted i know i number of ways to do this without the government being able to pressure any third party to make a backdoor or anything else.
However in principle i believe this is wrong, as it no longer assumes innocence but insist to a level of control, which i also find highly unlikely to be really needed. To government would typically need this for maybe 10% of the population primarily if they think they are hiding assets, criminal activity or fraud but they have so many other ways that it's nonsense to go all-in in the way they did. We as civilians should be able to force the government to report on effectiveness off measurements like this so that they have a responsibility instead of just seemingly hording data or better said hording the rights to access random data without any consequences

 

[Psamathe]

technically i have nothing to hide but i won't show you are anyone else my banking details etc. either. That's the think with privacy most people probably have nothing off interest but the feeling of someone invading your privacy for whatever reason is not nice, and i think the right to use any encryption i feel suitable should be my choice, not limited by a government mandate,

I agree. People who say it's OK because they have nothing to hide would really be complaining if Government officials were standing by their letter box opening and reading all the post delivered to them (even though there "is nothing to hide").

Government(s) wasting time like this distracts from its ineffectiveness giving the impression of "clamping down" when completely failing to address the problem.

Stuff worth hiding is easy to hide and people who have stuff worth hiding can easily find out how to hide it. It's not "fixing the hole" but rather inadequately trying to bail out the sinking ship with a small sponge.

Ian

 

[BoldonLad]

I agree. People who say it's OK because they have nothing to hide would really be complaining if Government officials were standing by their letter box opening and reading all the post delivered to them (even though there "is nothing to hide").

Government(s) wasting time like this distracts from its ineffectiveness giving the impression of "clamping down" when completely failing to address the problem.

Stuff worth hiding is easy to hide and people who have stuff worth hiding can easily find out how to hide it. It's not "fixing the hole" but rather inadequately trying to bail out the sinking ship with a small sponge.

Ian

A common tactic(?) in more areas than this. The "introduce a new law" approach is a much better sound bite than enforcing the existing laws. 🙂

 

[CXRAndy]

A stronger herd is thru natural immunity not mass vaccination


View: https://x.com/GabeZZOZZ/status/1893568235062059147?t=GdZa0WGOhATAisN7__dzPw&s=19

 

[C R]

A stronger herd is thru natural immunity not mass vaccination


View: https://x.com/GabeZZOZZ/status/1893568235062059147?t=GdZa0WGOhATAisN7__dzPw&s=19

I can understand that you may find von der Leyen's foreign accent off putting, but her English is really very good, so all you are showing here is your inability to understand complex arguments.

 

[presta]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

 

[dutchguylivingintheuk]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

It's wouldn't be spyware but an keylogger and yes it is an possibility however due to the steps it needs to take to get that level of access we don't see them as much anymore. a hidden 4k cam that shows the target typing his code would be easyer, however most authentication these days especially if you take security seriously is at least 2Factor and often uses biometric data either 3d face scan or an fingerprint scan. in both cases a keylogger would be useless. on older faceunlock you could just use an picture but those these are mostly gone too.

 

[Psamathe]

Why can't encryption be defeated with spyware that reads directly from the keyboard and screen?

Plus a lot of content isn't keyboard generated. Keyboard can have very limited involvement eg somebody logging onto their online banking might use mouse to click on a saved link, key in a OTP or use a stored passcode then look at the screen.

Government's reduction on encryption will only apply to some data stored in iCloud but not all (eg messages in iCloud, Journal, Maps, etc. all still encrypted such that Apple and hence UK Gov. even with a court warrant can't decrypt it). So it's difficult to see what they are actually trying to achieve beyond showing their lack of understanding.

Ian