
Apple sued for not disclosing that 'iCloud storage' relies on third-party cloud - LinuxBender
https://www.zdnet.com/article/apple-sued-for-not-disclosing-that-icloud-storage-relies-on-aws-azure-google/
======
lozenge
That is a ridiculous premise for a lawsuit.

The complaint acknowledges that, as it states in the iOS security guide,
iCloud users' data is encrypted before being stored with third-party services.
While that may address some of the privacy concerns related to third-party
storage practices, the complaint says it "does nothing to address other
fundamental concerns about the integrity of the data, reliability of the
storage, and assurance that the data stored will remain intact and accessible
by the user on demand without being damaged, lost, stolen, or otherwise
disposed of by third-party entities."

Integrity, reliability, and assurance? Apple promises none of those.

"Apple does not guarantee or warrant that any Content you may store or access
through the Service will not be subject to inadvertent damage, corruption or
loss."

"APPLE DOES NOT REPRESENT OR GUARANTEE THAT THE SERVICE WILL BE FREE FROM
LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER SECURITY
INTRUSION, AND APPLE DISCLAIMS ANY LIABILITY RELATING THERETO."

Availability? Nope.

"APPLE... MAKE[S] NO WARRANTY THAT (I) THE SERVICE WILL MEET YOUR
REQUIREMENTS; (II) YOUR USE OF THE SERVICE WILL BE TIMELY, UNINTERRUPTED,
SECURE OR ERROR-FREE"

Do these nuisance lawsuits really earn any money?

------
mark_l_watson
I am an iCloud customer and I know they use 3rd party cloud services.

Off topic, but good to mention: backups from Apple devices are indeed
encrypted on iCloud but in general other files in ~/Documents and ~/Desktop
and in the iOS file manager are not encrypted. I make a habit of adding
passwords to sensitive files, which is a nuisance. Apple should encrypt
everything going to iCloud by default.

~~~
pram
It’s encrypted at rest, presumably when they shard out the data to the various
object stores. Not to mention the stores themselves probably have encryption
enabled (easy to enable on S3/gcs)

~~~
jhabdas
You may believe it's encrypted, but without zero-knowledge Apple sold users a
placebo. EFF agrees [1].

[1] [https://fixitalready.eff.org/apple](https://fixitalready.eff.org/apple)

------
leoh
>The encrypted chunks of the file are stored, without any user-identifying
information or the keys, using both Apple and third-party storage services—
such as Amazon Web Services or Google Cloud Platform—but these partners don’t
have the keys to decrypt your data stored on their servers.

Source:
[https://www.apple.com/business/docs/site/iOS_Security_Guide....](https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf)

------
martin8412
Does it really matter where the data is stored? The data is encrypted
beforehand, so whatever cloud storage provider can't access the data. The
point about integrity doesn't seem super relevant. Even if Apple hosted the
data themselves issues could still occur that resulted in data loss.

The paragraph about paying premium because you think Apple is hosting it seems
equivalent to suing them when they find out that Apple doesn't make all the
components for their iPhone or Macbooks either.

------
jjtheblunt
Another case of class action lawyers hoping to get at Apple's savings?

~~~
jhabdas
So PRISM cannot get at your data? Fair trade.

