It doesn't, which is part of the reason Apple wants to do this. You can still do differential privacy without collecting all the data, you just get less accurate results. See page 232 in , re "The Local Model".
Edit: the article even says this down when it talks about RAPPOR.
If Apple really did implement some sort of randomized response (or more sophisticated variant), I think that would a real breakthrough for user privacy since they'd be giving up control of the data.
They store all iCloud sync material (backups, photos, contacts, calendars, mail, documents, etc.) without end to end encryption, and have all of the iMessage metadata.
The official explanation so far is that if the user forgot the password a user-encrypted backup would just become some useless junk.
This is (officially) the sole remaining non user-encrypted personal data on apple server that authority can reclaim using a warrant.
However after San Bernardino FBI mess, Apple start considering to also encrypt iCloud backup.
So if you think you are right, proofs please...
Take note of what the wording leaves out. Apple holds the decryption keys for just about everything.
> iCloud Keychain encryption keys are created on your devices, and Apple can't access those keys. Only encrypted keychain data passes through Apple's servers, and Apple can't access any of the key material that could be used to decrypt that data
This wording is used for nothing else than the keychain.
Fully consistent with the behavior where disconnecting all your devices from your account, to then do a password reset and logging in on a new one device will make all your data available to you again in plaintext format. Including iCloud backups of iMessage chats.
How come they are accessible from iCloud.com? Decrypted by the browser on the fly?
However I reckon that technically Apple could access data or give data stored on iCloud to NSA/FBI because they actually still hold the keys for that part too (not only backup as I thought).
Only the password/creditcard Keychain is now claimed to be fully user-encrypted and can't be recovered by any mean by apple.
For anything else than a warrant, they'll "just" have to breach every engagement they made in their contract which would, as far as I know constitute a pretty solid legal case that could only lead a public walk of shame that could compromise the whole company's future.
If you don't trust them, don't use their cloud, I totally respect that. In the end it always appeal to some degree of trust, even GitHub could be spying on paid private repositories under the hood if they really wanted to. But for what gain?
This is something I doubt. It would be rather easy to change the software and make it sync passwords, even on an individual basis. If this would come out, it would mean a big marketing problem, and could result in sales losses like 10-20%.
I said "could", but to be honest I think 2-3% is more realistic. Most people don't care. They want their data to be safe in case of theft, and have a backup in case of loss. Here on HN it's a big thing, but most users don't know, don't care.
> All your iCloud content like your photos, contacts, and reminders is encrypted when sent and, in most cases, when stored on our servers. All traffic between any email app you use and our iCloud mail servers is encrypted. And our iCloud servers support encryption in transit with other email providers that support it.
> If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
I always find it amusing when people downvote me for telling them Apple is doing what they admit to be doing.
Of course that will never be as audit friendly as an Open-Source code. But don't call it a secret, while you actually just didn't search for the information...
I don't think Apple has ever claimed it does not collect data.