There is a plausible argument that Apple needed to give a little in order to avoid the creation of laws against any encryption. And/Or also avoid laws that required a backdoor to everything.
I know I'm going to be called a fanboy or too generous to Apple, but given that the government has used every opportunity to call out Apple for not helping (when they have helped where they could) there is a line here that Apple is tip toeing around.
I also do not think this as bad as you are making it out to be. Apple has always been clear what is fully E2E encrypted and what is not. This article is about something Apple planned to do and decided against. The reasons are what's important and the article only speculates.
Sadly, I think you are absolutely correct. Lindsay said outright that either tech companies figure it out, or senate will do the figuring for them.
I am not sure Apple made the right move, but.. average person does not seem to care and/or understand the ikplications. Now.. Apple could make them care. They are big enough to make waves and I am not certain goverment could deal with bad PR come election time.
Sure, but if iOS was open enough, users who cared could use some third party online backup that was actually secure. And it could rely on an app that users could obtain, regardless of whether it was legal or not.
There's no way to legislate backdoors now. They tried and failed with Clipper.
The current status quo is good enough for the spooks. Zero regulation of data privacy allows third-party aggregators to do the desired collection activities without explicit government involvement. When they want something they know who to ask, warrant optional. Enacting laws that expose what the government is doing would risk a public backlash like the mass mobilization to deploy HTTPS.
What you say makes sense. Still, if that’s the case, then when they decided not to go down the user-is-in-full-and-absolute-control path for encryption of iCloud backups, they should have publicized it loudly and with extreme clarity on what exactly was happening and where the lines were. So that users could make informed choices.
They have never hidden how iCloud backups or anything else related to iOS security works. This support document spells out clearly what data is end-to-end encrypted [1]. No one was actually misled into thinking all iCloud data was E2E. For one, most of Apple's customers don't know or care about the technical architecture of their products and services. The people who do would have known better when you can go to icloud.com and access your photos and files from a web browser.
When the very first line of that table tells people that iCloud Backups are encrypted on the server... to then have the last few lines add effectively "Oh, but not end to end!" is just taking the piss.
You're absolutely right. They could have definitely misled anyone that didn't read the entire support article, including the first paragraph under Data Security:
>iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.
Technically telling the truth below the fold or in the fine print, while misleading consumers who only give the literature a glance. This is very typical behavior from a corporation, it shouldn't surprise us. Except that Apple's marketing team has managed to dupe a huge number of consumers into believing Apple 'thinks different.'
Typical users who may care about privacy were definitely misled by Apple's public pro-security and pro-privacy stances. I have family who fall into that category.
The difference between E2E and 'yup we're encrypted!' isn't understood by laypeople. Let's not do ourselves or the average folks out there a disservice by letting Apple off the hook for bad communication and the intentional misleading of users.
So it seems like the data are encrypted both in transit and on the server and it means that nobody is able to get unencrypted data even if they can intercept the traffic or access the server.
It has been known and talked about on HN for a long time that only certain things are E2E encrypted on iCloud. And, if full privacy was the goal, then either the user can only do local backups or no backups at all.
HN is among the most technologically-literate demographics in the world. Using HN as a control group to say that it's been 'known and talked about' is a bit disingenuous when we're the proverbial 1% who are in the know. Meanwhile, the other 99% are left trusting Apple's advertising.
Just to understand this better is it that Apple is misleading or the public is uninformed? Trusting 3rd parties should default to “others have access including law enforcement” behavior.
I know I'm going to be called a fanboy or too generous to Apple, but given that the government has used every opportunity to call out Apple for not helping (when they have helped where they could) there is a line here that Apple is tip toeing around.
I also do not think this as bad as you are making it out to be. Apple has always been clear what is fully E2E encrypted and what is not. This article is about something Apple planned to do and decided against. The reasons are what's important and the article only speculates.