Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They have never hidden how iCloud backups or anything else related to iOS security works. This support document spells out clearly what data is end-to-end encrypted [1]. No one was actually misled into thinking all iCloud data was E2E. For one, most of Apple's customers don't know or care about the technical architecture of their products and services. The people who do would have known better when you can go to icloud.com and access your photos and files from a web browser.

[1] https://support.apple.com/en-us/HT202303



The page you've linked to has a table filled entirely with the word Yes, apart from iCloud.com which has a note and Mail which has a note.

The first entry in the table is:

Backup Yes Yes

At a glance this looks, to me, as though iCloud backups are encrypted.

What am I missing?


If you scroll down another line you'll see another section titled: End-to-end encrypted data


When the very first line of that table tells people that iCloud Backups are encrypted on the server... to then have the last few lines add effectively "Oh, but not end to end!" is just taking the piss.


You're absolutely right. They could have definitely misled anyone that didn't read the entire support article, including the first paragraph under Data Security:

>iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.


Technically telling the truth below the fold or in the fine print, while misleading consumers who only give the literature a glance. This is very typical behavior from a corporation, it shouldn't surprise us. Except that Apple's marketing team has managed to dupe a huge number of consumers into believing Apple 'thinks different.'


Typical users who may care about privacy were definitely misled by Apple's public pro-security and pro-privacy stances. I have family who fall into that category.

The difference between E2E and 'yup we're encrypted!' isn't understood by laypeople. Let's not do ourselves or the average folks out there a disservice by letting Apple off the hook for bad communication and the intentional misleading of users.


That link says:

Backup Encryption In Transit: Yes

Backup Encryption On Server: Yes


So it seems like the data are encrypted both in transit and on the server and it means that nobody is able to get unencrypted data even if they can intercept the traffic or access the server.


Nobody except Apple, that is.

That's no different from me offering a remote backup service on a LUKS encrypted box, using sftp or whatever, and then making those claims.


No, the data is still not end-to-end encrypted, which means that Apple can decrypt the data on the server.


The article says otherwise.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: