It's also important to realize that the backup includes your encrypted iMessage messages, and the key required to decrypt them. Meaning that if you have backups enabled, all the "end-to-end" encryption in iMessage is defeated. Apple and by extension the FBI can read your messages. This is documented by Apple here: https://support.apple.com/en-us/HT202303
Even if you disable backups, whenever you correspond with someone that has backups enabled those messages are still accessible to Apple.
Good point. Pasting the relevant section and the explanation why they chose to implement it that way.
--
Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
>This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices.
This seems crazy to me. I understand that the problem of losing your key is a troublesome one, but this seems analogous to storing important information in a safe then taping the key to the safe so you're never in a position where you can't open it.
If the FBI thinks it's a great idea that should be reason number one not to do it, at least when it comes to data security.
I find it's more like giving the key to someone to take care of in case you loose your copy. If you trust that person to store it securely and not to abuse the power they now have it's fine.
It's then a question of if you trust apple to be this "someone". If you don't trust them, then you should probably question if you trust the system at all given most of it cannot be audited.
While there maybe encryption in transit of messages, the encryption of messages at test is effectively defeated when the messages are at rest in icloud.
I am curious, is it possible to do an icloud equivalent backup without using icloud? Perhaps with a different backup app, nas, etc?
The worst part is that there is nothing you can do if the person you are texting has enabled iCloud backups. There is also no notification when you start the conversation that it is not e2e protected anymore.
It would be nice to have some indication as to whether or not the other person has backups enabled, but the issue is it wouldn't be a with-certainty indicator that your conversation won't be backed up since the other person could have it disabled but then turn on backups later.
Ideally it would be nice if you could opt yourself out of having any conversations backed up, but I'm sure to Apple the privacy benefits doesn't outweigh the amount of customer support hours that would be wasted explaining to people why some of their conversations aren't transferring to their new iPhone.
E2E means that I need to trust exactly one person / device, the receiver. With iCloud backups, I also need to trust an intermediary, Apple. That is a dealbreaker. They may as well remove encryption completely at rest.
That's great to know. I can tolerate backing up with a USB cable. Hopefully it be straight forward enough to backup while charging via an Automator/applescript.
I don't see how this is an issue. Let's say google proudly advertises that chrome is backdoor free. But at the same time they provide a remote desktop solution (aka backdoor) that users can optionally enable. Is this an issue?
The iCloud backups are opt-out, not opt-in, that's the issue. Most people leave settings at their default, and if a company says "We care about your privacy and security", you expect that to be reflected in the default, but here it seems Apple went the other way.
>Even if you disable backups, whenever you correspond with someone that has backups enabled those messages are still accessible to Apple.
That's more of a problem with who you choose to communicate with and their security practices than a problem with Apple. The same counterparty could also have a weak/non-existent passcode on their phone, or is jailbroken.
The exact same flaw (your party might misuse the system and expose secrets) exists in the design of PGP/GPG and whenever it comes up in that context it's a reason to throw GPG into the garbage disposal. But when it's an Apple product suddenly the product is fine and it's the parties' fault for not using it properly?
>The exact same flaw exists in the design of PGP/GPG and whenever it comes up in that context it's a reason to throw GPG into the garbage disposal.
I literally never heard of this. There are problems with PGP (eg. no forward secrecy, non-reputability, unencrypted headers) but "your counterparty could be compromised" isn't one of them.
I think the reference is to the idea that a correspondent might do a unencrypted CC of a message that contains previously encrypted text as per this infamous anti-PGP rant:
I'm referring to "your counterparty can hit reply-all and forget to encrypt" which is a mistake in the same category as "your counterparty might have backups enabled", i.e. it's easy to misuse in a way that ends up defeating secrecy.
Even if you disable backups, whenever you correspond with someone that has backups enabled those messages are still accessible to Apple.