But the default iCloud backup includes the messages encrypted with a key held by Apple: iCloud data security overview - Apple Support
4 Likes
I’m aware of this. but iCloud backup is not enabled by default. If a user is changing their configuration to turn on backups, then they are capable of turning on Advanced Data Protection.
Overall this is a very weak argument to critique Apple on. They cater to a userbase many many orders of magnitude larger than GrapheneOS or Linux distributions. They chose defaults to help non-technical users from locking themselves out of their backups.
Cherry picking this one default configuration, and ignoring all of the E2E encrypted services from Apple (as well as all of the privacy advocacy and OS level features like - app privacy labels, app tracking transparency, app privacy reports) feels like a bad faith argument.
1 Like
iCloud backup is enabled by default when signed into an Apple account last I checked.
I wasn’t arguing, I was just completing the statement.
ie. “iMessage is e2ee” to “iMessage is e2ee but the backups are not by default”
and we could further elaborate and state: “and there is no way to tell if your contact has ADP enabled.”
Most of them still provide hashes of the plaintext fragments which is extremely questionable because it could still allow them to enumerate public content stored or match it up with that of other users.
Drive: The raw byte checksums of the file content and the file name
Photos: The raw byte checksum of the photo or video
Notes: The raw byte checksum of content from an imported or migrated note
Yet they don’t even provide a basic network permission toggle so shit can still phone home freely.
I’m not saying Apple hasn’t done some good things, but I’m not going to kowtow and defend a trillion dollar proprietary tech company who consistently forces their control on their users.
4 Likes
Thank you, that’s quite surprising. Of course this was without contact key verification and probably with automatic iCloud backup of messaging content (to survive puddle test), but it is good to see Apple were making this kind of design choice in 2011 when it was not very mainstream.
1 Like
Would like to see sources for these claims, please.
I’m not claiming that iOS is perfect. I’m comparing it to Android with Google Play Services.
Having a network permission toggle would be ideal.
App Privacy Nutrition Labels and App Privacy Report are significant features that add a lot of transparency. They should not be dismissed as Apple doing nothing.
The original reply to my comment was defending Google.
Ideological criticism, in my opinion, should be outside the scope of this forum. This is PrivacyGuides not Stallman or FOSS Guides.
iCloud backup being enabled by default is true, you can just set up a fresh iPhone to see that. Kinda frustrating, should be opt-in ideally but I get that they want the friction-free syncing experience.
2 Likes
you guys probably should focus on “Secureblue ARM vs Macos Silicon” not what the title says.