Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unless you have a public reference, I really doubt this is the case.

Because they’d also need to be announcing that you can no longer reset your iCloud password and recover to a new device. And I’ve not seen anything that suggests this.

So I suspect it is encrypted at rest, with a key known to Apple as before as well as this CSAM approach.



There is public reference on Apple site[1].

Citing final phrase on the paper to TLDR their system:

> Apple is able to learn the relevant image information only once the account has more than a threshold number of CSAM matches, and even then, only for the matching images.

This applies only for images, so you can still reset your password. Technically, there are two layers of encryption on images. Regular server-side encryption and this "E2EE like" encryption, which allows access for CSAM matches in specific threshold.

[1]: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...


This document contains the following:

> As part of setup, the device generates an encryption key for the user account, unknown to Apple.

The question is, how is this generated. Can it be re-derived from information Apple has? If not, how will Apple handle cases where the user loses or breaks their device?

Is it derived from the iCloud password? Currently Apple can reset your iCloud password and restore access to your images. Will Apple no longer be able to do this in the future?

It’s really unclear to me, and I’d want explicit answers to these questions personally.


This seems to be explained on white paper of PSI system[1]. A lot of math is included, but on the page 30 there is a mention that different devices can be used. I am not the one who can explain that well.

[1]: https://www.apple.com/child-safety/pdf/Apple_PSI_System_Secu...


Sure, different devices can be used they share the same key as stated in the document.

But it’s still not clear how that key is derived. It’s not clear, as implemented that Apple do not hold a master key to decrypt all data (as they do currently).

In fact, if the key is randomly generated, if you have one device (as many users do) and you lose that device. Do you lose all your data? Even if you have your iCloud password?

It doesn’t make sense. It would be a massive change to how iCloud currently operates and is used. And I find this extremely unlikely.

Right now, you can browse your photos online. That functionality is going away?

There are seemingly many open questions. But given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.


Most likely you can’t browse your photos online anymore, unless they add some kind of method to export keys from the device(s). I speculate that it is possible to lose all of your data if you lose all of your devices. There might be option to create local backup from device keys, so it would not be the dead end.


Given the lack of an explicit announcement this seems very unlikely.

I don’t think Apple are stupid, it would have been a clear PR win if they said “we’re adding E2EE”.

Given no explicit statement, and how drastically it changes the nature of their service, I don’t think your speculation is justified.


The problem is, that this was not supposed to be released properly yet. Missleading leak caused them to hurry. About E2EE it is not speculation because it is literally on their papers what I linked?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: