Comment by thewebguyd

Comment by thewebguyd 5 days ago

9 replies

View on Hacker News

Apple is the only one that offers actual E2EE with advanced data protection for all iCloud services. Without it, yes, Apple can see your data. With it on, they can't. The key is stored on device, encrypted with your device pin/passcode and covers iCloud backup, including messages, drive, photos, notes, reminders, bookmarks, shortcuts, voice memos, wallet, passwords, health data, journal, home, maps, etc. The only thing not covered under ADP is iCloud mail, contacts, and calendars because it uses CalDAV and CardDAV.

> once that I forgot my password to the MacBook, all one needed to do to access my data was to enter recovery mode and reset the password. Sure it logged me off from browser sessions, but all my files where there available to anybody

Sounds like you didn't have FileVault (FDE) turned on. If you did, that wouldn't work you'd have needed your recovery key.

> it's known they scan all your content and pics on iCloud

They can't if you have ADP.

> Some tracking less by advertisers? That's privacy?

Yes, it is privacy. Let's not understate the massive surveillance that ad networks do, Google included.

Google is an advertising company, they have zero incentive to offer the same level of privacy that Apple does and probably never will, it would be directly detrimental to their core business.

lern_too_spel 4 days ago

Even Google also gives actual E2EE by default for Android backups. Same with Samsung. Others have mentioned that Proton and others do this for services that Apple won't.

https://developer.android.com/privacy-and-security/risks/bac...

Reply View 3 replies
  • thewebguyd 4 days ago

    But not for photos, arguably one of the more important things to a lot of people to be E2EE, and not everyone wants to host their own Immich instance, or do things manually. iCloud offers E2EE photo back up and sync and native apps for it, it's a huge selling point that Google could just as easily offer but willingly choose not to.

    Reply View 2 replies
    • lern_too_spel 4 days ago

      > it's a huge selling point that Google could just as easily offer but willingly choose not to.

      Google Photos is meant for sharing, where E2EE makes little sense. You can search your photos from any device.

      If you really want to give up that convenience for E2EE, you might as well do it right and use Proton or Ente, which have E2EE for all photos, unlike iCloud, which isn't for shared albums or photos shared to anyone with the link. Unlike iOS, Android lets these apps have access to all the same device APIs as Google Photos, meaning they're as seamlessly integrated as possible. Apple iCloud uses iOS APIs not available to third parties, locking you in to using either a gimpy service or a gimpy app.

      Reply View 1 reply
gremlinunderway 5 days ago

Is there any third-party validation on these claims of E2EE? Everyone keeps asking for some sort of validation or testing to these claims and everyone is just ignoring them. Without some kind of third-party testing none of this matters, anyone can say whatever they want unless someone can do testing to demonstrate its adherence to this.

Reply View 1 reply
  • fragmede 5 days ago

    > As part of our commitment to security assurance, Apple regularly engages with third-party organizations to provide security assurance, certifying and attesting to the security of Apple’s hardware, operating systems, apps, and services. Our goal is to specify certifications that can be recognized by Apple users around the globe.

    https://support.apple.com/guide/certifications/intro-to-appl...

    Reply View 0 replies
epolanski 5 days ago

Apple's E2EE is less safe than a proper one like Proton's (which also has storage, email, calendar). But one has to drink the Apple propaganda and believe it's true.

Also, ADP does not work in UK, at all.

The rest of the message I won't even comment. All things that if you care you get easier on any other device.

And Apple's ad business is booming while other are stagnant.

Reply View 2 replies
  • cmcaleer 4 days ago

    > Also, ADP does not work in UK, at all.

    It does work if you've enabled it before it got disabled back in Feb, and the US successfully managed to get the UK to back off its demands for a backdoor, but it remains to be seen if new UK customers will ever be able to enable ADP again.

    Reply View 0 replies