Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can you elaborate on iCloud’s privacy situation?


Most of iCloud is, by default, not end to end encrypted. The e2ee is opt in and approximately nobody uses it.

Apple can and does read most of the data in iCloud (due to it lacking e2ee by default) including all your iMessages, all your iMessage attachments/photos, all your iCloud photos, all your call logs, all your iCloud files, all your contacts, calendars, etc. iMessage's e2ee is effectively backdoored by all the iMessage sync keys being backed up in the non-e2ee iCloud Backup.

Apple turns over user data (including all of the aforementioned) for 17,000+ user accounts to the US government without a search warrant under the FISA (aka PRISM) system. They turn over even more user data on top of that each year when provided with actual search warrants - the 17k users figure is just the ones without search warrants!

They don't protect most of the data in iCloud from themselves, and Apple is forced to spy for their national government thanks to Section 702 of the FISA Amendments Act (FAA702), which allows the US to read anything in iCloud without probable cause or a search warrant - point and click access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: