- Apple introduce E2EE for iCloud services with the new advance data protection features alongside adding support for security keys and iMessage Contact Key Verification.
- This includes; Photos, iCloud and message backups, bringing the total of 21 E2EE supported services.
- E2EE have been a key feature among privacy focused tools and even PG believes as a necessary requirement of such tool.
- By recommending apple products, it is a much nicer way to introduce people to the world of E2EE. They don’t have to switch to product with concern of loosing comfort/convienience.
- The current of recommend privacy phone being a Google Pixel + custom rom. Many people don’t have time to tinker with these tools.
- Apple made this an opt-in feature. As for the reason; pointing to the lack of understanding about E2EE(which is true, I have lost many data because I thought the key wasn’t important)
- Apple made E2EE easier by introducing recovery contacts in addition to recovery keys
- Further, PG could educate such people about E2EE(specially about how to save the key securely and importance of E2EE).
- The more people use E2EE, the more pressure on other services to implement it where needed.
- Apple collects analytics, and I’m not saying it is a good. However, it is not even in the same league as Google and Facebooks, systematic surveillance.
PG already recommend Apple Health service
Definitely planned! Hope to get the PR going soon.
This is not true.
oof, my bad. Maybe it was somewhere else.
The same Apple which scans photos and messages in the name of CSAM? The one that monopolizes advertising? The one with an entirely closed ecosystem? The one with closed, blackbox phones which constantly listen in through programs like Siri? The one with non-working privacy protections? The one that only patches its latest OS version? The one where if you turn an iPhone off, most of its wireless chips stay on?
The one that has been exposed as working with intelligence agencies through the Snowden leaks? The one that did not integrate E2EE into iCloud in the past to aid intelligence agencies? The one that had its iPhone locking mechanisms broken by law enforcement? These are mostly off the top of my head.
This is not to say the road to online privacy is anywhere it needs to be in order to be accessible to everyday people. It absolutely isn’t. But recommending Apple devices principally based on marketing and the recent E2EE is just… sad to see.
So Apple never actually implemented the CSAM scanning, and in fact has officially cancelled it: After a year in limbo, Apple quietly kills its controversial CSAM photo-scanning feature | Macworld
They do not constantly listen through Siri, in fact Siri is handled fully on-device without sending anything to Apple.
The privacy toggle thing is a bit fuzzy, technically they only claimed that it turned off the phone telemetry not app telemetry but it was a bit confusing. We’ll see how the lawsuit pans out.
They absolutely do patch older version of iOS and macOS. The only “officially” supported version is the latest version, but they do put out patches for older versions all the time. They allow much older devices to run the latest version, so you’re getting generally longer support than any Android device and on the latest version as well.
So when you enable Find My, it’s true that turning the phone off will still allow it to be tracked. If you turn off Find My this won’t happen, but obviously you wouldn’t want someone who steals your phone to stop you from being able to find it just by turning it off.
Yes the US government does pressure companies like Apple not to implement E2EE. While I wish they would have done it sooner, something like this is actually a pretty bold move when you consider that neither Google nor Microsoft offer E2EE cloud storage.
Yes iPhones have been exploited in the past and will continue to be in the future. All devices have exploits, this is not unique to Apple.
It’s not really going to be a “recommendation” per se but more of an overview of the security/privacy features and drawbacks of iOS and macOS and based on that information the reader can decide if it fits their threat model.
You can always shoot this down as, “This Not enough! They still do x,y, and z”. Just think how huge this is. Apple just allowed over 1 billion people to use E2EE(down to the photo you take) without loosing comfort/convienience. In a way, they improve E2EE. Now with recovery contacts, you can turn on this for people who aren’t technically proficient.
Not just US, specially in here when government pass anti encryption laws. Major props to Apple.
Again, this is not just a win to who just own iDevice. This is an area where others may follow Apple’s lead. This is progress.
Thanks for the response, I learned some things. I still have no love for Apple and don’t think a black box like it should be lauded by people despite the E2EE improvements, but an overview sounds alright.
Agreed. I do not like Apple and would never use it. I would also never recommend it. But there clearly exists a potential audience of Apple users who are/could be interested in privacy but have no idea how to go about it. Similarly to the Windows PR, I think an overview on Apple products would be nice, along with blog posts on hardening and privacy configurations you can perform.
Based on what I read about this I still have a problem. All of your devices need to be on current software to do it. Unfortunately my iPad and MacBook are ancient but I don’t want to replace them. So my iPhone 13 can’t take advantage of this new feature without me disabling iMessage on the old devices which haven’t been supported in years.
I am not sure. Still worth trying advance data protection in iPhone 13, and see how the other devices handle it. (make sure to store the key in a secure place)
I recommend disabling iCloud on those devices. However, by doing this you will lose accesses to sync between photos, notes etc. However, you can always Airdrop stuff.
I’m not prepared to do that yet. I’ll have to leave the encryption turned off for now.
Ideally you shouldn’t be using devices that are no longer supported unless you don’t connect them to the internet. Lots of vulnerabilities are fixed with each update; we will most likely recommend against using unsupported devices in the new page.
They recently announced it was gone for good, with the plan to do more E2EE. Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED
Their press release is Apple advances user security with powerful new data protections - Apple
True, but a new MacBook and iPad will cost over $2,000 USD (configured how I want it). That’s a lot to pay for encryption.
Unfortunately yes. Since apple can charge a premium for their products since they don’t have real competition for like the iPad. You do not have to buy iDevice for just encryption, at least that was not in my mind when I bought them.
The only Apple product worth exploring is the iPad because there is nothing else occupying in its space. There is no modern Android that actually tries to fight it (that could be flashed with a custom ROM).
Agree, and when you buy a new apple product it kinda locks you into the ecosystem (surprisingly with no advertising about the other products).
the Free Software world has had ample opportunity to produce something as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android Imho.
Fydetab Duo looks nice
Hope you add some heavy caveats here. Apple has lied to its users’ faces before, collecting loads of data on iOS when users explicitly request not to be tracked during the setup process (https://www.scss.tcd.ie/doug.leith/apple_google.pdf). The recent lawsuit doesn’t inspire trust either.
I also find it hard to believe that this iCloud E2EE stuff will apply to Chinese users in any meaningful way, considering that Apple has been more than willing to cooperate with the Chinese government, building separate data centers in China for Chinese users.