
Apple dropped plan for encrypting backups after FBI complained - n1000
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT
======
justapassenger
Wonder if this will help to kill a meme, about how much Apple cares about
users and what great values they have, how they're going to stand for the
user, fight with governments, etc.

While iPhone itself is pretty secure as a device phone (and Apple makes sure
to remind you about that in each ad, public speaking, attacks on competitors,
etc), as an ecosystem it's not secure. And it's like that on purpose - there's
no good and easy option to backup your phone other than iCloud.

You have to be a tech person to know how to keep an iPhone secure. Average Joe
buys iPhone and pays for iCloud. They Apple first $1k to get (on top of other
things) a secure device, and then they Apple monthly fee to give Apple all
their data and make insecure. Pretty genius business strategy.

~~~
mistersquid
> Wonder if this will help to kill a meme, aboyt how much Apple cares about
> users and what great values they have, how they're going to stand for the
> user, fight with governments, etc.

In this instance, Apple decided to continue to not encrypt iCloud backups
because, according to one source,

> […] the company did not want to risk being attacked by public officials for
> protecting criminals, sued for moving previously accessible data out of
> reach of government agencies or used as an excuse for new legislation
> against encryption. [0]

Apple's stance on privacy is more than mere marketing and more than a meme,
but their legal team decided that encrypting formerly unencrypted backups,
which had already been used as evidence in previous cases, is ill-advised.

Most people, including technically knowledgable users here on HN, were unaware
_iCloud backups have always been unencrypted_. Many of us concerned about
privacy have avoided iCloud backups because they are subject to subpoena.

I wish Apple would (have) offered encrypted iCloud backup as an option, and I
understand why they chose not to. However, I disagree that their stance on
privacy is mere marketing. Apple has a balance to strike between the issues of
encryption, privacy, and law enforcement, and their products are not perfect
for either users or law enforcement.

That doesn't mean Apple doesn't care about its users and their privacy.

[0] [https://www.reuters.com/article/us-apple-fbi-icloud-
exclusiv...](https://www.reuters.com/article/us-apple-fbi-icloud-
exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-
complained-sources-idUSKBN1ZK1CT)

~~~
echelon
> Apple has a balance to strike between the issues of encryption, privacy, and
> law enforcement [...]

No, they do not. If Apple wants a reputation for privacy and respecting its
customers, then it has to put them first. Don't apologize for them making this
user-hostile choice.

We could be merely a generation away from the hell hole that is social credit.
We can't afford to keep ceding ground on privacy. We have to engender a sense
of importance and urgency.

I'll be very mad at the rest of you lot that choose convenience over privacy,
rights, and autonomy if 2030 sees our freedoms and liberties eroded further.

Our _collective_ choices matter, and that's why I'm calling you out.

~~~
VvR-Ox
1\. Yes, they have to. At least in the US any company has to cooperate with
the law enforcement as you might know. The only choice to do business in the
US or based on US governed soil is to comply with them.

2\. Apple at least put some effort into this matter because otherwise there
would not be so much media attention to breaking into iPhones. To get data
from android on the other hand seems to be no problem at all.

3\. We are already in hell but we do not yet see the flames surrounding us.

4\. If collective choice matters so much we are all doomed and you know it.
Try telling the Joneses about encryption etc. - they will still use WhastApp,
Facebook and the likes because it is so convenient over a way of burden and
hard work to get there or even live without all these "magical devices and
services".

~~~
nelgaard
on 1.: Are there actually US laws that could prevent Apple from offering end-
to-end encryption for backups to their user?

That is something very different from cooperating with a specific
investigation.

Why did Apple not fight this in court?

Could Apple keep the backups outside the EU, like Microsoft did for email in
the Dublin case?

~~~
VvR-Ox
I do not think so and AFAIK only the export of strong encryption is prohibited
by law in the US.

But it is not about prohibiting encryption but the possibility and/or
necessity that Apple has another key to decrypt your data with.

It does not matter where they keep the data as long as the companies
headquarters are on US soil.

------
metafunctor
What the... I was under the impression that iCloud backups are end-to-end
encrypted. This is a HUGE problem.

~~~
rsync
You should look into the 'borg' backup tool - it has become the de facto
standard for remote backups because it does everything that rsync does
(efficient, changes only backups) but also produces strongly encrypted remote
backup sets that only you have a key to ... your cloud provider has no access
to the data.

The borg website is here:

[https://borgbackup.readthedocs.io/en/stable/](https://borgbackup.readthedocs.io/en/stable/)

and a good description of how it works and why you should use it is here:

[https://www.stavros.io/posts/holy-grail-
backups/](https://www.stavros.io/posts/holy-grail-backups/)

~~~
6ak74rfy
After looking at a few alternatives (Borg, Duplicacy etc.), I setup Arq on my
Mac yesterday.

One thing that irks me about these solutions is that they seem to scan my
folders each time they want to backup. Are there tools that are smarter about
this? For e.g., while running, they could keep a log of what's changing and
only scan those while backing up.

~~~
8fingerlouie
Arq for Mac is great for backing up, though the restore util could use a
little work. It's not exactly user friendly.

I've used it on my macs for years without any issues at all. I switched after
Time Machine broke down for the n'th time in a month saying it needed to
recreate the backup, and not once in the 3-5 years i've been using it has it
every given me any problems with broken repositories, and every integrity
check/restore has succeeded.

Arq on Windows is a different beast though. I'm sure it's technically solid,
but the UI leaves a lot to be desired. On windows boxes i default to
Duplicaty.

~~~
1_player
> Duplicaty

Did you mean Duplicacy or Duplicati?

~~~
8fingerlouie
Duplicati ([https://www.duplicati.com/](https://www.duplicati.com/)).

On my servers i use Borg like any sane person would, but the lack of a good
client UI makes scheduling backups on a personal computer a lot more work than
i'm willing to put in.

------
mrtksn
Apple has a list for that: [https://support.apple.com/en-
us/HT202303](https://support.apple.com/en-us/HT202303)

These are end to end:

Home data

Health data (requires iOS 12 or later)

iCloud Keychain (includes all of your saved accounts and passwords)

Payment information

QuickType Keyboard learned vocabulary (requires iOS 11 or later)

Screen Time

Siri information

Wi-Fi passwords

The messages also end to end but the backup contains the private key.

The moral of the story is that if you want real protection, do local backups.

~~~
tomaskafka
Two things:

1) There is no way Apple would be allowed to sell iPhones in China, without
China government having access to anything. So, I assume that Apple users in
China have e2e encrypted exactly nothing.

2) I have a strong suspicion that those 'enter your Apple ID password because
your account needs it' message really means 'a government has requested your
data and even though it's encrypted, we will nag you about entering a
password, and if you give it, you're a free game'.

I don't blame Apple for this, I'm sure they're doing what they can, but when a
government says 'give us this data', they can't not comply. Vote responsibly -
companies can't protect us from a government we have put into power.

~~~
minton
> 2) I have a strong suspicion that those 'enter your Apple ID password
> because your account needs it' message really means 'a government has
> requested your data and even though it's encrypted, we will nag you about
> entering a password, and if you give it, you're a free game'.

Haha I hadn’t thought of that. If true, I must have every government
requesting my data frequently as I constantly get bombarded to enter my iCloud
password.

~~~
dmix
FISA warrants can go multiple hops from the target which with network effects
can sweep up tons of unrelated data from random people who happened to
interact with someone who interacted with x bad guy.

That’s just for domestic surveillance keep in mind.

------
WilTimSon
Reminds me of WhatsApp claiming it had encryption everywhere and then this [0]
dropped. Except, in this case, I'm actually surprised. Didn't Apple publicly
claim that it wouldn't bow down to any demands from the agencies?

[0]:
[https://www.theinquirer.net/inquirer/news/3061660/whatsapp-i...](https://www.theinquirer.net/inquirer/news/3061660/whatsapp-
is-storing-unencrypted-backup-data-on-google-drive)

~~~
panarky
It's mostly marketing bullshit.

Apple and Microsoft both tried to build ad businesses, but when they weren't
as successful as Google, they turned lemons into lemonade by launching data
privacy PR campaigns against Google.

Meanwhile, Apple and Microsoft quietly censor their products in China,
surrender data to Chinese authorities, and now we find Apple is intentionally
leaving iCloud data insecure.

Presumably Google was under the same pressure from US law enforcement, but
somehow Google delivered end-to-end encrypted Android backups in October,
2018. And Google did it without all of Apple's self-congratulatory media
hoopla.

e2ee: [https://security.googleblog.com/2018/10/google-and-
android-h...](https://security.googleblog.com/2018/10/google-and-android-have-
your-back-by.html)

Third party security audit: [https://www.nccgroup.trust/us/our-
research/android-cloud-bac...](https://www.nccgroup.trust/us/our-
research/android-cloud-backuprestore/?research=Public+Reports)

~~~
dpau
Just a reminder, Apple ceded control of its iCloud management in China to a
state-controlled company, in addition began storing its encryption keys in
China in order to "comply with local regulations". So whether or not your
backups are encrypted is almost a moot point, given that the government can
submit a lawful demand for your data at any time..

Apple will store some iCloud encryption keys in China, raising security
concerns [https://www.theverge.com/2018/2/26/17052802/apple-icloud-
enc...](https://www.theverge.com/2018/2/26/17052802/apple-icloud-encryption-
keys-storage-china)

~~~
newscracker
That’s only for devices where the region is set as China. Why would it be a
moot point elsewhere for that reason?

~~~
aiisjustanif
Injustice anywhere is a threat to justice everywhere.

~~~
cies
Dont know why down voted. Even if someone doesnt care for individuals in other
legal zones (sad), the extra injustice Apple is accepting in other legal zones
is a clear display of what they are willing to do to you eventually.

> Injustice anywhere is a threat to justice everywhere.

So I 100% agree.

~~~
scarface74
Well, it's based on incorrect information, based on the parent's citation....

------
louis-paul
Easy fix: back up your iPhone locally on your computer instead of using
iCloud: [https://support.apple.com/en-
us/HT203977#computer](https://support.apple.com/en-us/HT203977#computer)

The ambiguous position on true end-to-end encryption shows once again that
Apple is in for the marketing (both to consumers—predatory and dangerous, and
to engineering talent—dishonest). Same hypocrisy as on the China issue. Not
that there is an easy solution when you are one of the biggest companies on
the planet and that shareholders essentially expect you to grow forever while
playing nice with everyone.

~~~
nathancahill
Second step: Delete old backups

[https://support.apple.com/en-
us/HT204247#backups](https://support.apple.com/en-us/HT204247#backups)

~~~
tghw
Eh, maybe, maybe not. What guarantees are there that the backups actually get
deleted? Storage is cheap these days...

~~~
falcolas
If you delete your remote backups, they are likely be deleted, eventually. If
you don't delete your remote backups, they won't be deleted.

There's no business case for keeping backups around for Apple, unless they
suddenly became an ad company and started mining your backups for
personalization data.

~~~
iamtheworstdev
There is a business case - charge the FBI or any government agency for the
cost of restoring/delivering it to them, or use the contents to improve any
machine learning they are conducting, and I'm sure there are others.

For the longest time Facebook couldn't actually delete photos that you
requested the deletion of. They could remove it from indexes so it couldn't be
found, but if you had the link it would still be available (akamai cdn).
Because, to them, either the cost of the hosting was miniscule compared to the
cost of writing the software to ensure things actually got purged from the
CDN.

------
hannibalhorn
The iCloud security overview [1] says iCloud backups are encrypted "in
transit" and "on server", but indeed doesn't say much about the encryption
keys. There is "end-to-end encryption" on just a few items (iCloud keychain,
WiFi passwords, etc.)

1\. [https://support.apple.com/en-us/HT202303](https://support.apple.com/en-
us/HT202303)

~~~
exegete
Apple has a key for iCloud backups. [1]

1\. [https://fixitalready.eff.org/apple](https://fixitalready.eff.org/apple)

~~~
judge2020
That's generally what "on the server" means, it's only encrypted so their
storage provider (shown to be GCP
[https://www.theverge.com/2018/2/26/17053496/apple-google-
clo...](https://www.theverge.com/2018/2/26/17053496/apple-google-cloud-
platform-icloud-confirmation) ) can't see their user data.

~~~
MereInterest
Maybe this is me being out of touch with modern deployment, but that is
absolutely not what my impression of "on the server" means. My mental model is
that of a client, whatever software is under my control, and a server, which
is whatever my client connects to. "Encrypted on the server" then means that
at no point is the plaintext data visible to any part of the server.

If Apple splits up the server into a web server and a storage server, then
uses "encrypted on the server" to refer only to the storage server, that is
entirely disingenuous.

~~~
welder
There's a difference in encrypted data at rest vs. end-to-end client side
encryption. Encrypted data at rest protects against stolen physical storage
devices. Without access to decryption key stored on a separate machine, you're
unable to read data on the storage device.

Encryption at rest doesn't protect users from the company, since the company
has the decryption key. It protects your data if the company misplaces the
storage drive.

It's common in corporate environments to check compliance boxes, which is why
AWS offers encryption at rest:

[https://aws.amazon.com/blogs/aws/new-amazon-s3-server-
side-e...](https://aws.amazon.com/blogs/aws/new-amazon-s3-server-side-
encryption/)

~~~
MereInterest
True, but I read a big distinction between "encrypted at rest" and "encrypted
on the server". Encrypted at rest has the implications that you state, being
there to prevent somebody from walking off with a hard drive. Encrypted on the
server implies that it is never unencrypted while on the server, and that any
server-side computation is done solely through homomorphic encryption.

------
snowwrestler
I will not be surprised if further reporting points a finger at the influence
of China as well.

Apple already conceded to hosting Chinese iCloud data on Chinese servers, and
that news came out about 2 years ago... which is also the timeframe reported
for this decision to forego end-to-end encryption of iCloud backups.

I'm guessing here, but I think it's safe to assume that China was not going to
permit such encryption (for the same reason they insist on hosting the data)
and thus to provide it for the U.S., Apple would have had to fork iCloud. Add
in the political risk in the U.S. and you have a recipe for "maybe not."

------
skrowl
For comparison, Google end-to-end encrypts Android backups with your lock
screen PIN/pattern (which isn't known to Google).

Source - [https://security.googleblog.com/2018/10/google-and-
android-h...](https://security.googleblog.com/2018/10/google-and-android-have-
your-back-by.html)

~~~
Shank
Offline attacks for a motivated adversary, like NSA, are trivial on low
strength security measures, like a standard PIN, numeric only PIN, or pattern.
Only a strong passphrase would really help you.

~~~
modeless
This is false. This concern is addressed in the second paragraph of the linked
article:

> this passcode-protected key material is encrypted to a Titan security chip
> on our datacenter floor. The Titan chip is configured to only release the
> backup decryption key when presented with a correct claim derived from the
> user's passcode. Because the Titan chip must authorize every access to the
> decryption key, it can permanently block access after too many incorrect
> attempts at guessing the user’s passcode, thus mitigating brute force
> attacks. The limited number of incorrect attempts is strictly enforced by a
> custom Titan firmware that cannot be updated without erasing the contents of
> the chip. By design, this means that no one (including Google) can access a
> user's backed-up application data without specifically knowing their
> passcode.

~~~
ran3824692
But the source code of many important parts of android are nonfree, so google
can update it to send your cleartext password and you would never know.

~~~
modeless
This is true for iOS as well as every other widely used computing platform.
Android is better; unlike iOS you can build AOSP yourself without the Google
proprietary parts, and unlike iPhones, Pixel phones have unlockable
bootloaders so you can install your own OS builds.

Even most PCs running Linux have plenty of nonfree binaries in various
firmwares and common peripheral drivers. I support efforts to make devices
with fully open firmware on which you could run Android's AOSP or other open
source operating systems.

------
cr0sh
Between things like this, and the shenanigans Google pulls (with Android, the
store, developers, and other things), I'm quickly going in a different
direction.

My ultimate plan is to build my own phone; yes, I'll still be stuck with a
carrier (I use t-mobile, and I haven't had a problem with them over 10+ years
I've used them), and the hardware won't be completely "open source", but the
software and OS will at least be what I make of it myself.

In the meantime, I'll be playing with one of the Pine64 phones; hopefully it
will give me most if not all of everything I want and need, and maybe I can
help with bug testing or perhaps software development? At any rate, it won't
be Apple or Google.

There are times that I have when I sometimes think to myself that going back
to simple email on a text screen, and not much else, would be a better thing
than what the web has become. Maybe go back to BBS's over ssh or something?
"Dial In" using my TRS-80 Model 100 "laptop" and move out to the boonies...

~~~
gonational
It sounds like an awesome idea, and I’ve considered ordering a pine phone for
the same reason.

I don’t know why anyone would down vote your comment. On “hacker news” it’s no
longer considered cool to hack together your own tech?

When did HN become a corporate bootlicking dump?

------
celeritascelery
But it is nice that you have the option to _not_ backup with iCloud. They are
not storing the information whether you like it or not as a lot of companies
do.

~~~
andreasley
While Apple doesn't force its users to use iCloud, they also don't provide an
alternative way to do full backups of iOS/iPadOS devices over a network. Yes,
you can plug an iPhone into a Mac, but that doesn't scale.

~~~
proidgeree1
You can set local auto backup over wifi in itunes right?

~~~
andreasley
Yes, but that only works in local networks and after connecting via USB once –
and the backup is always stored on a single computer. So it may be acceptable
for personal usage, but not suited for an enterprise environment where you
want to centrally manage hundreds of devices and provide some redundancy for
your backup system.

~~~
proidgeree1
I guess I don’t understand this point. This is exactly what ios mdm backup is
for. Relying on users backing up their personal icloud accounts for work seems
highly problematic. If they are work icloud accounts... usb should not be a
problem since you are probably provisioning the devices, and the itunes backup
approach over your intranet seems actually ideal.

------
clarkmoody
Beyond HN and tech circles, is there any detectable groundswell of demand for
privacy? When you talk with friends & family about privacy, does anyone care?

When average people care about privacy, the large players will respond. Until
then, pressure from the state can be accommodated without irking customers, so
Big Tech will play along.

~~~
clowd
Next time you encounter someone who claims they don't care about privacy, ask
whether or not they close the bathroom door (or the stall in a public
restroom) when they're taking a shit. And if they say yes, ask them why?
What's going on in there isn't any big secret. It's not like they're in there
plotting a terrorist attack. What are they hiding behind that door?

It turns out most people _do_ care about privacy. You just have to frame it in
relatable terms.

I don't want anyone else watching me take a dump because that's private, and
it's not any of their business. Likewise, I don't want other people knowing
what articles I read on the internet, or what music I listen to, or reading
the contents of my business plan, or scoping out my dick pics, or any of a
thousand other things, because those things are also private and they aren't
anyone else's business unless I choose to share them.

Restrooms have doors, and most people close them for privacy. Data has a
privacy door, too, and it's called encryption.

~~~
b215826
> _" ask whether or not they close the bathroom door (or the stall in a public
> restroom) when they're taking a shit"_

This is a pretty bad question and a hyperbole. Most people would want no one
(including people who they are usually intimate with) to watch them defecate.
And that is _not_ the same thing as government snooping on its own citizens.
Arguments for massive surveillance given by governments is not so much about
invading the personal privacy of people than it is about protecting national
"security" or preventing "terrorism". For this reason, few people are going to
get convinced if you equate the privacy to use the lavatory without anyone
watching to the privacy of being able to communicate without the government
monitoring you. The best argument against massive surveillance is the one that
Snowden gave during a Reddit AMA:

> _" Some might say "I don't care if they violate my privacy; I've got nothing
> to hide." Help them understand that they are misunderstanding the
> fundamental nature of human rights. Nobody needs to justify why they "need"
> a right: the burden of justification falls on the one seeking to infringe
> upon the right. But even if they did, you can't give away the rights of
> others because they're not useful to you. More simply, the majority cannot
> vote away the natural rights of the minority._

> _" But even if they could, help them think for a moment about what they're
> saying. Arguing that you don't care about the right to privacy because you
> have nothing to hide is no different than saying you don't care about free
> speech because you have nothing to say._

> _" A free press benefits more than just those who read the paper."_

------
caf
_It turns over data more often in response to secret U.S. intelligence court
directives, which sought content from more than 18,000 accounts in the first
half of 2019, the most recently reported six-month period._

When you think about it, that volume is staggering. 36,000 iDevice-using
intelligence targets every year? Imagine the amount of analyst time required
just to go through 36,000 iCloud backups every year!

~~~
jamilbk
Really makes you wonder what the criteria is for being investigated.

Maybe I’m naive, but I find it hard to believe that there are 36,000 yearly
iCloud accounts with probable cause to be tied to terrorism activity and/or
national security matters, especially if that’s only in the US.

As someone with a (half) Middle Eastern heritage and name (but born and raised
in the US) I’ve experienced my fair share of nuanced discrimination at
airports and one weird situation with what I assume was the FBI. There’s
always the ignorant TSA agent who raises an eyebrow when you report coming
back from the Middle East... like why would anyone ever travel there if it
weren’t for terrorism?

I’m a pretty average techie so I’m not too worried about anyone going through
my iCloud backups, but I feel like there should be some more transparency
around this stuff. I feel like if you’re secretly investigated but discovered
to be innocent, shouldn’t you deserve to know you were spied on? I guess
that’s what FOIA requests are for.

The war on terrorism feels like a game of whack-a-mole sometimes.

------
TazeTSchnitzel
This is also why you should never use cloud backups for iMessage or WhatsApp.

~~~
jedieaston
This is disabled by default in iOS 13, to keep your messages secure (and
because often times it doesn't work properly). You have to go into iCloud
settings to turn it on. And then if you aren't using iCloud Backup, the key to
your Messages backup is not stored by Apple, so they can't read it anyway (see
[https://support.apple.com/en-us/HT202303](https://support.apple.com/en-
us/HT202303)).

For some reason, I doubt Google would do that.

------
awinter-py
I don't think we understand yet how to model the impacts of breaches on
products.

Cambridge Analytica didn't ruin facebook, but it did enable CCPA, and it
probably changed how FB users think of / trust the product. Ashley Madison /
equifax breaches completely ruined their cos.

Snowden disclosures were a weird middle case that meant all things to all
people.

Weakening aapl's privacy claims may not matter to a post-truth public but I
suspect it will further drive demand for actual consumer privacy products,
when and if they enter the market.

------
macinjosh
As a big fan of the Mac and iPhone this is incredibly disappointing. I always
assumed the privacy situation with Apple was candy-coated but I didn't think
they were this spineless.

------
diebeforei485
I don't think Apple ever claimed iCloud backups are end-to-end encrypted (it
is encrypted at rest, but not end-to-end).

But I can see how many users would assume that, given Apple's dishonest/brash
marketing about how "what happens on your iPhone stays on your iPhone".

------
fulldecent2
Even if you want nothing to do with iCould, you must still enable it for these
features:

\- Mac-to-Mac copy/paste (shared clipboard, continuity) \- iPad sidecar

Once you enable it, it immediately begins uploading your contacts, photos and
passwords to Apple. Then you need to disable those specific things. Even after
you delete those things, every app on your phone can silently and without your
explicit permission, start loading data into iCloud.

------
sparker72678
I wish Data Protection
([https://developer.apple.com/documentation/uikit/protecting_t...](https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/encrypting_your_app_s_files))
would allow app developers to use a locally-derived key to secure app data.

Then, even in iCloud Backups, you'd still not have the key to decrypt specific
app data without having unlocked the device.

I realize you could do this right now (in theory) with your own encryption
solution and Keychain, but a first party solution that's as easy use as the
Data Protection features/apis would be really nice.

Apple has plenty of data that I wish was E2E encrypted, but if many/most of my
3rd party apps had their own data locked, that would go a long way in the
right direction.

------
bronco21016
I believe this has been the case for sometime hasn’t it? I vaguely remember
reporting indicating this was true during the San Bernardino case and that
Apple handed over that backup. Either way I do remember reading the Apple law
enforcement guidelines a year or two ago and this was the case. iCloud data is
not secure from law enforcement.

My project list has implementing a WiFi backup Windows/iTunes VM for this
specific case. Does anyone know how iOS backups will be handled on personal
PCs once iTunes is discontinued?

~~~
mindajar
Device backups are handled by Finder in the post-iTunes world, at least on the
Mac. I think iTunes is still a thing on Windows?

~~~
bronco21016
Ah I see the distinction in a few articles now. Thanks!

------
_salmon
Just to be clear, if you do local backups to iTunes, you can encrypt those
backups with a key you control

------
kohtatsu
PSA: libimobiledevice exists and supports native encrypted backup/restores for
iPhones using the idevicebackup2 utility. You can also disable iCloud backups
from there for fun.

[https://www.libimobiledevice.org/](https://www.libimobiledevice.org/)

Not excusing Apple. This is a disgrace, first in China now here.

~~~
kohtatsu
With the ifuse utility you can even mount a subset of your iPhone's storage as
a FUSE filesystem. (If it's jailbroken you can mount all of it)

Doing so I was able to read the SQLite database Photos uses on my girlfriend's
iPhone to migrate only photos she had favourited to her new phone; she hated
the idea of moving them all over so much that she was ready to let the best
ones perish.

------
someonehere
Apple is not 100% secured against SIM swapping. There’s an option to have an
SMS sent with your 2FA code as another option. I know because I’ve done this
before and was wondering when Apple would let you use a hardware token or
virtual MFA as an option like in my Google account.

------
rm_-rf_
I've seen the list that Apple provides on their web site that lists the things
that are end to end encrypted, but what about "Locked" Notes?

My understanding is that encryption is happening on the client-side and that
you need to enter your password to unlock.

------
hartator
Are the iMessages in an iCloud backup encrypted or not? As of now. It seems
actually unclear.

~~~
snazz
Yes, but the key is stored in your iCloud backup if you use it. As soon as you
disable iCloud backups it will roll the key for iMessage and they will be
effectively E2E encrypted.

 _When Messages in iCloud is enabled, iMessage, Business Chat, text (SMS), and
MMS messages are removed from the user’s existing iCloud Backup, and are
instead stored in an end-to-end encrypted CloudKit container for Messages. The
user’s iCloud Backup retains a key to that container. If the user subsequently
disables iCloud Backup, that container’s key is rolled, the new key is stored
only in iCloud Keychain (inaccessible to Apple and any third parties), and new
data written to the container can’t be decrypted with the old container key._

[https://support.apple.com/guide/security/icloud-backup-
conte...](https://support.apple.com/guide/security/icloud-backup-contents-
sec2c21e7f49/web)

~~~
zzzcpan
_> Yes, but the key is stored in your iCloud backup if you use it. As soon as
you disable iCloud backups it will roll the key for iMessage and they will be
effectively E2E encrypted._

Assuming this is true, you still don't know what people on the other end will
do, meaning it is never actually E2E encrypted.

~~~
snazz
E2E usually means from endpoint device 1 (my iPhone) to endpoint device 2 (my
friend’s iPhone). What the other person will do with it doesn’t factor into
the conventional definition of E2E.

~~~
zzzcpan
No, conventional definition is actually both: from endpoint device 1 to
endpoint device 2 and from endpoint device 2 to endpoint device 1. If device 2
has backups in question enabled, there is no E2E anymore.

------
CiPHPerCoder
End-to-end backup encryption is hard. Apple had faced criticism from
cryptographers for failing to implement it.

[https://blog.cryptographyengineering.com/2012/04/05/icloud-w...](https://blog.cryptographyengineering.com/2012/04/05/icloud-
who-holds-key/)

The fact that they started working on the problem then abandoned it after the
FBI complained is disappointing, especially to Apple consumers. But all it
means is the status quo marches on.

Headlines like this vindicate my decision to never purchase an Apple product.

~~~
nexuist
>Headlines like this vindicate my decision to never purchase an Apple product.

What else can you buy? Surely not Android...do you live without a smartphone
(serious question, not judging)?

~~~
CiPHPerCoder
"Surely not Android...do you live without a smartphone (serious question, not
judging)?"

That's a very judgmental way to ask that question if you're trying to not be
judging.

My phone hardware would fall under the Android classification, but I run
LineageOS.

I wish I had more options, but we're stuck in a hellish duopoly for the time
being.

~~~
tomaskafka
> but I run LineageOS

With Google Play Services surveillance rootkit? :)

------
xp84
Unpopular opinion:

We users are better off if Apple is "compromising" on something like this at
the stage we're in now - especially since nobody forces you to use iCloud
Backups - than we'll be when/if the US gov makes Apple an offer it can't
refuse and forces a real backdoor master-key on the whole system top to
bottom.

Assumption: That not going full encrypted backups will prevent the government
from having the political capital to enact a "crackdown" forcing a backdoor on
the devices, iMessage, etc.

~~~
xvector
That is not the issue. Their deceptive marketing is the issue.

------
djrogers
Another case of a headline not being supported by the story:

“ Reuters could not determine why exactly Apple dropped the plan.

“Legal killed it, for reasons you can imagine,” another former Apple employee
said he was told, without any specific mention of why the plan was dropped or
if the FBI was a factor in the decision.”

And further on: “ However, a former Apple employee said it was possible the
encryption project was dropped for other reasons, such as concern that more
customers would find themselves locked out of their data more often.”

So 4 of the 6 sources were speculating (FBI), and one actively admits they
don’t know the reason, but the lede says 6 sources confirmed this. Hmmm...

~~~
chias
In fairness, the title does not say that Apple dropped plan for encrypting
backups _because_ FBI complained :P

~~~
slimginz
I know you're being cheeky and pedantic, but that's exactly the spin the title
was trying to go for in order to get clicks. While not "technically" wrong,
it's still pretty dishonest imo.

~~~
wheelie_boy
"Apple dropped plan for encrypting backups after release of 'National Treasure
2', starring Nicholas Cage"

~~~
chias
I would read the hell out of that article.

------
middleclick
So what about all the privacy billboards, 'What happens on your phone stays on
your phone?'. New version: 'What happens on your phone stays on your phone and
unencrypted on the cloud'.

------
jxdxbx
A completely e2e encrypted backup system would have to include photos (current
iPhone backups do not). But true encryption means that when customers forget
their passwords, they lose their data.

Already, people who don't use iCloud Photo Library and lose their phones, or
forget their passwords, lose the photos that were on the phones.

Anyway, I think the customer experience issues weigh pretty heavily here.

~~~
whycombagator
Sure. But they could easily make it opt-in, hidden in the settings, with a
warning/confirmation/etc so users know exactly what they are getting into.

------
notadoc
Is anyone surprised by this?

It could be for many reasons too, including average people forgetting iCloud
passwords and wanting their data back. Does Apple unlock an iCloud backup in
that situation?

Perhaps a pro-privacy compromise would be for Apple to offer the feature but
have it turned off by default, which means 99.99% of users won't ever change
that.

------
nittynits
Shame on the FBI. Unfortunately the average Apple user won't understand or
care about the implications. This is why I don't use ICloud or any cloud
products. Apple are not nearly as bad as Google though.

I stopped using GDrive about a year ago and I aim to be Google-free for 2020.
I don't use Gmail for anything important any more.

------
fulldecent2
The small bit of iCloud E2EE which Apple allows (for health data, passwords
and Mac-to-Mac clipboard sharing) is using your iPhone's 6-digit passcode and
your Mac's admin password.

That means that Apple can also now perform an offline brute-force attack
against your file vault password.

This makes even your offline devices less secure.

------
diebeforei485
Apple should allow third-party backup solutions. Backblaze is the option I
would use if I had the choice, because they already support end-to-end
encryption (end-to-end does have a downside: losing the encryption password
means losing the data. Most people would make this tradeoff, but many HN
readers would).

------
yanks215
When will a startup enter into this space with a privacy focused smartphone?
Does this already exist, and is it good? If not, why all the complaints and
why hasn't someone entered the market? Obviously startup costs will be high,
but there will certainly be funding available for this market, right?

~~~
_underfl0w_
Pine64 and Purism make devices that might fit that bill, but keep in mind that
the devices may not be as user-friendly in their current state as you might
hope for. There's still a lot of rough edges, I hear.

------
herf
Is there a good design that lets someone forget their password and restore
their backup (without a recovery key somewhere, like on an old device?)

If you forget a local iTunes backup password, there is no way to fix it.

------
nabla9
What level decision this is?

a) Is this just tactical move? Apple might choose to delay it's plans In
effort to avoid confronting the current administration and wait for more
reasonable one.

b) Is this permanent change of strategy? Giving up.

------
tomaskafka
Two things:

1) There is no way Apple would be allowed to sell iPhones in China, without
China government having access to anything. So, I assume that Apple users in
China have e2e encrypted exactly nothing.

2) I have a strong suspicion that those 'enter your Apple ID password because
your account needs it' message really means 'a government has requested your
data and even though it's encrypted, we will nag you about entering a
password, and if you give it, you're a free game'.

I don't blame Apple for this, I'm sure they're doing what they can, but when a
government says 'give us this data', they can't not comply and stay in
business. And a whole point of a company is staying in the business.

Vote responsibly - companies can't protect us from a government we have put
into power.

------
m0zg
Well, that's one way to force Apple to reverse a stupid decision. Looking
forward to backups encrypted so well Christopher Wray would have a nervous
breakdown, in the next iOS update.

------
fortran77
Apple has done a great job convincing otherwise "progressive" people that one
of the world's richest companies is the underdog who's fighting for _you_!

------
jbverschoor
Time to disable iCloud backup and cancel my iCloud subscription.

~~~
christefano
Samesies :(

------
m3kw9
To be fair to Apple, if you believe Apples privacy policy, being able to
access it, theyliky won’t access it and sell your data to advertising
Agencies.

------
skandl
Apple has an opportunity to stand separate as a leader in user privacy first.
But to do so means constantly standing up to government(s).

~~~
marketingfool
It literally doesn't matter. You are talking about their latest ad campaign.

Apple internal is complete detached from the commercials you see. It's about
sales, not teaching users.

------
I_am_tiberius
I was moments away from ordering a mac book 16" when this got published.
Waiting for the new xps 13 development edition now.

------
ganzuul
Dell, which started as a military supplier, encrypts their cloud storage to
avoid liability.

I wonder what Apple is liable for in light of this.

------
j45
Might be a good reason to look into storage as an appliance. Personal NAS'
(Synology, QNAP) are quite serviceable.

------
bilekas
Well the Fappening can disgrace and expose millions of people to extortion
etc.

But the FBI can see everything so thats okay.

------
scarface74
394 comments based on a rumor from an anonymous employee? Is this what HN
considers "news"?

------
matheusmoreira
So what if the FBI complains? If anything, that's a sign they're doing things
correctly.

------
m3kw9
Just back up on your pc and select encrypt and not use iCloud, but that is a
huge hassle

------
minikites
Some companies are better than others but there's absolutely no reason to
believe any one of them would ever be on "your side" for any reason. You can
vote for who makes decisions in government, but you can't vote for who makes
decisions in companies.

~~~
panarky
You vote every time you decide to buy or not to buy.

~~~
inetknght
That's not how that works at all. You can buy something you need because you
need it and that's not at all a vote saying you like the management of how it
was produced.

~~~
celeritascelery
It’s a vote whether you claim it is or not. If you need something but don’t
want to support the company, buy it from someone else. And if you can’t find a
company that you want to support, then you’ll see it’s just like real
politics. You don’t get to only vote for the parts of a candidate you like,
you vote for the whole package.

~~~
coldtea
> _then you’ll see it’s just like real politics. You don’t get to only vote
> for the parts of a candidate you like, you vote for the whole package._

Well, that's the problem with politics as well, and the reason that modern
democracy is a sham (compared to ancient Athenian direct democracy [1]).

[1] obviously for those it included at the time. After all, modern democracy
didn't include slaves, women, and even poor white folks (the extension of
voting rights to non-property-owning white men happened in 1828, and it was
hampered in the South until the early 20th century) until well into the 20th
century.

------
matt-attack
So now that iTunes is gone, how does one do a local iPhone backup?

~~~
thoughtsimple
It's part of the Finder now. Same UI (and probably code) just doesn't come as
part of a monolithic application (but now part of a even more monolithic OS).

------
musicale
If this is true it is incredibly disapppointing.

------
frankzen
Great. More identity theft for the masses!

------
jason0597
Data shouldn't be end-to-end encrypted. It should just be end-to-server
encrypted, without the server having an ability to decrypt your data.

------
xpq
oh I'm deeply disapointed. I payed so much premium for quality and privacy and
this is my outcome.

------
scarface74
Does anyone who knows anything about Apple think they would approach the FBI
before creating a new feature?

------
deftturtle
I'm so done with Apple, but more generally, with cell-phones. I was very
excited to have Signal available back in 2015, but when I learned about
cellular baseband processors and DMA attacks, I realized the whole smartphone
stack is insecure. We can't audit anything in our phones, down to the cellular
chip.

Even if our phones were 100% trustworthy, they are triangulated by cell towers
thousands of times per day. Location tracking can only be avoided by:

1: Not owning a phone.

2: Powering off your device and keeping in a Faraday cage while not using.

Tempting to own a cute little purse that blocks phone signals, but do I really
need a cell-phone on my body, 24/7?

If I evaluate the overall pros & cons of my cellphone, it has been
overwhelmingly negative. I've had a phone since August 2014, when I went to
college. Before that, I would text with my parents' phones.

Here are the top negative things that have happened due to using a phone:

1\. Miscommunication, isolation, social anxiety due to social media and
texting. Talking in person is so much better. And what about the hours and
hours of snapchatting, so pointless and sad looking back.

2\. False sense of security, thinking you can know what's going on, help
people, intervene when necessary (friend sexual assault stuff at parties).
What about when their phone dies? It made me wish we had landlines, or that I
had been there. If I didn't have a cell phone, I don't think I would've left
the party. I would've stayed and kept watch.

3\. Poor posture, lack of sleep, constant exposure to blue light (who knows if
the light is really bad), etc.

4\. Missed connections by having my head in my phone all the time in public.

5\. The US government has a total map of my life since August 2014, even
though I have sent thousands of encrypted messages and hundreds of encrypted
phone calls.

6\. Less time available each day. I have spent typically 1-3 hours per day on
my phone since I got one, about 1,980 days ago. This amounts to probably 4,000
to 6,000 hours, or about 170 to 250 days. In other words, about 1/8th of my
life since 2014 has been dedicated to bullshit technology.

Here are some positives:

1\. I have lots of photos that would otherwise have required a camera. But I
have dozens of film cameras and a few digital ones, and there's no reason to
shoot photos on such a tiny format. Good luck printing cell-photos beyond 5x7
or even 8x10.

2\. I occasionally talk to family. This could be accomplished with a landline.

Maybe I've missed some things, and maybe I'm being pessimistic, but the
reality is that I've lost lots of sleep and experienced more problems with
interpersonal relationships as a result of having a phone. It's likely that
not owning a phone would expose me to a new class of problems, but I've
decided to get rid of my phone.

I'm in the process of switching accounts and removing 2FA, so I don't need
cell service. Once I get there, I'm planning to write a little blog post about
it. After having a baby, it's become clear that a phone is sucking my life
away, and I need to be present with my family. Hope to have this all dealt
with in the next week or two.

~~~
dlivingston
I think you are indeed missing a few pros. Off the top of my head,

1\. Having Google/Apple Maps has helped me find new restaurants and kept me
from ever getting lost in foreign cities,

2\. Tinder and other dating apps have enabled me to date people that I would
never have met in my day-to-day life,

3\. Lyft and Uber have come in handy more times than I can count,

and the list goes on. My use-case is different than yours, I’m sure, but there
is a reason that smartphones are ubiquitous: we as a society have roughly
evaluated the cost-benefit analysis of owning one and tend to side with the
‘benefit’.

------
_bxg1
> aboyt how much Apple cares about users

No company cares about anything. A company is not a person.

Apple, because of its privacy-marketing, is incentivized to be the privacy
player in the market. But only so far as consumers keep them honest about it.

They got away with this loophole because it stayed under the radar; if it gets
enough attention and enough customers show that it matters to them, it could
change.

On the other hand, it's possible that because we have a smartphones duopoly,
Apple only needs to maintain a position where people will say "well at least
it's not as bad as Google". I'm upset about this personally, but I'm not
ditching my iPhone. Of course, this does cement my decision to never pay for
iCloud, for what that's worth (much less, but not nothing).

~~~
panarky
_> No company cares about anything_

It's a common misconception that corporations are amoral incentive-driven
machines impervious to ethics, morals or mission.

Corporations are run by leaders.

Many leaders choose to pursue unethical and immoral activities to maximize
profit. They justify their actions by saying "it's just business", or "we have
a fiduciary duty to the stockholders to maximize earnings per share by
whatever means necessary".

Other leaders realize that an ethical purpose can often deliver outsized
profits over the long term. Leaders with a moral mission make decisions that
sometimes sacrifice short-term profits with the intent to build an
organization and a brand for long term.

~~~
Finnucane
>t's a common misconception that corporations are amoral incentive-driven
machines impervious to ethics, morals or mission.

Not really, those leaders are pretty quick to hide behind the corporate veil
when it's convenient for dodging questions of moral (or even legal)
responsibility.

The whole point of corporate legal structure is to create an entity that is
_separate_ from the humans that occupy offices. That entity is not a person.

~~~
reroute1
OK, but isn't this largely semantics? Saying Apple doesn't care about
customers may technically be true, but that is taking it quite literally. The
statement can also be meant to imply the people in Apple care, of course no
one would speculate that a non human corporate entity would care.

I also largely agree that the Apple meme of privacy being trotted out lately
doesn't quite jive with this news, but at the same time surely there are
people who care about it at Apple, and maybe as a whole they even prioritize
it more than others.

But I also don't know how much I really disagree with the FBI's position. In
general I have seen this kind of access to be used in the right situations (IE
collecting communications of criminals). I understand this can be a slippery
slope, but should we trade that for leaving clear evidence against criminals
unturned in the name of "privacy"?

~~~
musicale
The people at Apple who write the code usually do care about privacy. Their
bosses and execs? It is harder to tell.

From the information I have, the majority of Apple employees do care about
values such as privacy and ethical business practices, as well as product
quality and usability, but those values can sometimes be undermined by
executive decisions based on business and monetary motives.

~~~
bravoetch
That doesn't matter one bit if they continue to work there when their ethics
and values are not aligned.

------
GeekyBear
>there's no good and easy option to backup your phone other than iCloud.

Turn off iCloud and do local encrypted backups to your PC or Mac.

This works over your wifi network (if you prefer wireless charging at home) or
via a cable connection.

~~~
justapassenger
It’s not only way more friction than iCloud, but you’d be surprised how many
people nowadays don’t even own a PC or Mac. In my wife’s family 60% of people
only have phones, tablets and smart TVs. They use laptops/desktops only at
work.

~~~
ksec
We Need iOS TimeCapsule.

~~~
jonnytran
We need Time Capsule. Period. It was discontinued in 2018. [1] I am still so
sad about this.

1: [https://www.macworld.com/article/3269361/apple-
discontinues-...](https://www.macworld.com/article/3269361/apple-discontinues-
the-airport-time-capsule-airport-extreme-and-airport-express.html)

------
parliament32
The ecosystem is incredibly insecure, despite what Apple's marketing
department wants you to think. More than anything I'm surprised at how often
their advertising talking points are parroted in tech circles, like here on
HN.. in any thread hinting at Google vs Apple you're bound to find a long
comment chain about how Apple is "secure" and "privacy oriented" and "cares
about their users". Not that Google is any better, but it makes me wonder
whether it's just astroturfing or if their marketing is actually working.

~~~
Nextgrid
It all depends on your threat model. For the average person I’m not worried
about the relatively unlikely occurrence of the government accessing their
backups. I’m much more worried about the more likely occurrence of local
malware or ad tracking by malicious apps including from big names like
Facebook & other social media companies, and in that instance Apple is still
ahead as the OS restricts what apps can do a lot more than Android, the App
Store is more curated against malware, etc.

~~~
parliament32
Here's a threat model for you: how fucked would you be if your iCloud backups
suddenly became searchable online? Ever say anything bad about your boss or
company in an convo? Ever taken any photos you wouldn't want released? Ever
downloaded any files you wouldn't want public?

The agencies have proven time and time again that they're pretty terrible at
keeping secrets (see: all the leaks, data breaches, TSA master keys, etc). As
long as they have a back door, it's inevitable that it'll happen -- it's
effectively a ticking time bomb.

When I send a message over Signal, I can trust that it'll be kept private,
barring some truly extraordinary incident. With Apple, it's kept accessible
_by design_ (storing the encryption key with the encrypted backup? really?).

It's not about the government accessing my messages, because I really don't
care all that much, it's that I don't trust them to keep secrets. If the
government has access to something of yours you _must_ assume it'll eventually
be made public... whether or not you're okay with that is up to you.

------
aloukissas
Which is exactly why I use Signal exclusively.

~~~
newscracker
Signal prohibits backing up chats on iOS. So there’s no question of
information leaking from a backup when there’s no way to create it.

~~~
aloukissas
For me, not being able to back up chats is a feature. It even warns you if you
download an attachment (e.g. an image) to local storage.

------
ifthenelseend
another reason to switch to android

~~~
gruez
android does end to end backups out of the box?

~~~
trimbo
Yes

[https://security.googleblog.com/2018/10/google-and-
android-h...](https://security.googleblog.com/2018/10/google-and-android-have-
your-back-by.html)

------
classified
Surprise! The "we value your privacy" statement is a lie, as with any other US
company.

------
t4skf0rc3
Privacy? Who needs it, amirite?

I mean, I'm not up to anything illegal, and I don't actually care about people
seeing my stuff, BUT... the concept as a whole of "government should have
access to everything all the time, regardless of reasoning" does not sit well
with me.

~~~
lostgame
You don't even, for instance, torrent? Movies, music? (You don't have to
answer that. :P ) Ever pirate apps, even just to try before you buy?

The point is, if someone from the law is interested in you, or suspects you of
some grander illegal thing, a lot of us do illegal things that might just be a
little less grand, and a lot of us have the digital equivalent of a broken
taillight.

~~~
rrmm
There are plenty of more mundane misuses as well. Ex-spouse stalking, slighted
lawman with a grudge, technician with a weird fetish. Sure there should be
safeguards but they don't always work as well as you'd hope.

------
newscracker
Is Apple’s privacy white paper dealing with fats on iCloud just an eyewash
now?

 _> Instead of protecting all of iCloud with end-to-end encryption, Apple has
shifted to focus on protecting some of the most sensitive user information,
such as saved passwords and health data.

> But backed-up contact information and texts from iMessage, WhatsApp and
> other encrypted services remain available to Apple employees and
> authorities._

Way to confuse laypeople with promises of security and data privacy. If Apple
had concerns about users losing the key, why not implement it similar to two
factor authentication on Apple IDs where Apple also provides the recovery
codes (and additionally disallow any other mechanism of recovery)?

