iPhone 8/Plus Is iCloud the main culprit when it comes to iPhone privacy?

[cynics]

I am not expecting 100% privacy on the iPhone or any phone for that matter when using it for more than a dumb phone. I believe I need to exercise the options I can to try and keep myself more secure. If we find out that turning off the toggle for iCloud photos doesn't stop scanning on the device when Apple said it does, then that will be time to take legal action.

Don't get sue happy just yet. Here is how it works...

Apple’s New Child Safety Rules: Here's What to Know

Apple announced changes to how it handles certain images in its iCloud Photo Library and certain images sent on the Messages app

time.com

Scans are done on the device prior to being uploaded to iCloud. This is the only way the can keep end to end encryption. So if iCloud Photos if off this step never occurs. Google only has their photos truly encrypted during transport. This makes it easier for them to scan and modify (space saving Google Photos option).

It uses hash data which is one of the methods Google uses. Hash data isn't the most effective method but its the most private because you can't reconstruct the original image with only the hash data (its used for TouchID). Apple needs a "collection" of these images then they will be able to alert the authorities.

I hate to break it too you though but you're images have been scan for a very long time. Open up Photos and type in "car" or "dog" or something. Thats on device too. Same with faces, if anyone has ever taken a picture of you and labeled your face in Photos their phone could pick you out of a crowd. If you've been ok with those features I don't think also checking for illegal images is too bad...

 

[Apple_Robert]

Don't get sue happy just yet. Here is how it works...

Apple’s New Child Safety Rules: Here's What to Know

Apple announced changes to how it handles certain images in its iCloud Photo Library and certain images sent on the Messages app

time.com

Scans are done on the device prior to being uploaded to iCloud. This is the only way the can keep end to end encryption. So if iCloud Photos if off this step never occurs. Google only has their photos truly encrypted during transport. This makes it easier for them to scan and modify (space saving Google Photos option).

It uses hash data which is one of the methods Google uses. Hash data isn't the most effective method but its the most private because you can't reconstruct the original image with only the hash data (its used for TouchID). Apple needs a "collection" of these images then they will be able to alert the authorities.

I hate to break it too you though but you're images have been scan for a very long time. Open up Photos and type in "car" or "dog" or something. Thats on device too. Same with faces, if anyone has ever taken a picture of you and labeled your face in Photos their phone could pick you out of a crowd. If you've been ok with those features I don't think also checking for illegal images is too bad...

What makes you think I don't know how it works? Take a look at my posting history. Nothing in my replies to you would denote I don't know how the new process is supposed to works.

 

[cynics]

What makes you think I don't know how it works? Take a look at my posting history. Nothing in my replies to you would denote I don't know how the new process is supposed to works.

You're right I misread your post, I apologize for that.

I feel somewhat confident they will stick with what they said. Only thing that I was curious about is if that was something they did/said to calm people down and now are diligently working on it. Nahh....

 

[KaliYoni]

That said, my threat level isn't particularly high, and looking at this I feel like it's too much to do, Lol!
I have to say I am also looking for alternatives and the Android Calyx OS with its "De-Googled" approach interests me quite a bit. These people are not commercial. Do you think such initiatives too are quietly involved in some kind of tracking?

I view privacy and security as two separate things.

For example, while somebody's risk of a direct attack on their computer (security) may be low, that person could also want to prevent their email provider from knowing their personal phone number (privacy). There isn't any need here to move to fully encrypted email. Giving out a work phone number would be enough. In other words, the work required to increase privacy may not be as onerous as you think because many recommended actions are really about security.

As for tracking, I think virtually all hardware and software makers track users in some way. It may or may not be a revenue generator but I don't view a manufacturer's or developer's for-profit or non-profit status as a predictor of privacy or security standards. Plus given the perpetually high level of merger and acquisition activity in tech, a "good" company can become part of a "bad" company overnight.

 

[ctjack]

I am pretty sure that we abandoned privacy rights at the moment we stepped into Touch ID and Face ID things here. Some of my friends never registered their fingerprints or faces, so they use it without setting it up. I am pretty sure that their fingerprints are still on file cause they have to touch the "home button" anyways.
And with all that lexis-nexis thing, you can think that you never had a real privacy at all. Icloud news is just a drop in the ocean.
I am only concerned that the file seeking process (hash sums comparison) will happen locally on the device, so my real question is: how it will affect my CPU usage and battery durability if the iphone is doing some behind the scenes job?

 

[AMSOS]

Why did you turn on iCloud at all?

I realised that pictures taken with the phone camera tranfer efficiently to my laptop.
I had AirDrop till then, but the cloud was a quicker option.

 

[AMSOS]

If you turn off iCloud Photos, no scanning will be done on your phone. Who knows what will happen with Apple later on as that could change.

Sounds good. Well, who knows what they'll do in the future? Funny, how we seem to be going back to older phones in staying away from the cloud.
I remind myself that we happily used those phones. Sure there were inconveniences like having to backup contacts. But the cloud just makes me lazy most of the time.
So, not an issue to keep it switched off all the time

Outside of health data and keychain, any iCloud service you chose to keep turned on (Notes, Calendar and Reminders) Apple will have access to.

Wait, so they won't even have to crack my iCloud password? They can just see the contents of my Notes and Calendar by clicking some button somewhere?
I have some notes of my original writings I wouldn't want to have anyone else read without my permission.

If iCloud is completely turned off, Apple cannot see what is on your device nor do they have access to what is on your phone.

Who knows they may make iCloud mandatory in the coming updates.
So do I need to turn of iCloud on my Mac OS laptop too?
I am not sure if that's also going to be part of this mass surveillance.

My comment about Boxcryptor or Cryptomator pertained to storing personal files in the Cloud. If you store files in a Box or Cryptomator folder in the Cloud, Apple won't be able to see or access what is in that enctyptyed folder.

Ah. This sounds like a solution, even if it is not particularly elegant. Another password...Aargh.

In my opinion, it is best to keep iCloud turned off, unless you don't care if Apple can access Calendar, Notes, or Reminder data.

Yeah, looks like I am going to do that and learn to live with it.

 

[now i see it]

I have some notes of my original writings I wouldn't want to have anyone else read without my permission.

Notes have had the ability to be encrypted (locked) on-device since iOS 9. A locked note (encrypted) can be uploaded to iCloud and nobody will be able to open it to read its contents including Apple

 

[mw360]

Wait, so they won't even have to crack my iCloud password? They can just see the contents of my Notes and Calendar by clicking some button somewhere?
I have some notes of my original writings I wouldn't want to have anyone else read without my permission.

You can see here which iCloud service are end-to-end encrypted (e2ee) and which are not. Apple isn't pulling a fast one, this is all documented. Any service not e2ee is encrypted but Apple has the keys and could access your files. Any service which is e2ee stores its data in a way that cannot be opened on anything but one of your devices.

iCloud data security overview – Apple Support (UK)

iCloud uses strong security methods, employs strict policies to protect your information and leads the industry in using privacy-preserving security technologies, such as end-to-end encryption for your data.

support.apple.com

If you are worried about your writings (which Apple has almost certainly not read) they offer secure notes which are e2ee and password protected on your device...

Secure features in the Notes app

The Notes app includes a secure notes feature — on iPhone, iPad, Mac and the iCloud website — that allows users to protect the contents of specific notes. Users can also securely share notes with others.

support.apple.com

 

[DeepIn2U]

Thanks for sharing! I don't think Steve got everything right and Tim got everything wrong, but this makes me miss the gold old "Steve days". His ability to deliver a succinct answer that is/was indeed reassuring for customers is thoroughly missed for sure.

And regarding the OP's question: I can second what @Apple_Robert mentioned. I haven't used Boxcryptor in a while, but Cryptomator is fairly easy to use and if I got that correctly, the new version will fully integrate with the files app, so securely syncing files between your PC/Mac and your mobile devices should not give you too much of a headache.

Agreed regarding Jobs.

However considering boxcryptor is completely free, their developers did the needful in taking the time to highlight what personal data is linked to the end user, just 1 item, and with solution not just on Apple ecosystem but also on Windows, macOS, Linux , give me much more feeling to use that product over others.

 

[k27]

I realised that pictures taken with the phone camera tranfer efficiently to my laptop.
I had AirDrop till then, but the cloud was a quicker option.

So convenience at the expense of privacy.
You can synchronise very well locally via WLAN, e.g. Mylio or PhotoSync.

 

[Jayson A]

Don't get sue happy just yet. Here is how it works...

Apple’s New Child Safety Rules: Here's What to Know

Apple announced changes to how it handles certain images in its iCloud Photo Library and certain images sent on the Messages app

time.com

Scans are done on the device prior to being uploaded to iCloud. This is the only way the can keep end to end encryption. So if iCloud Photos if off this step never occurs. Google only has their photos truly encrypted during transport. This makes it easier for them to scan and modify (space saving Google Photos option).

It uses hash data which is one of the methods Google uses. Hash data isn't the most effective method but its the most private because you can't reconstruct the original image with only the hash data (its used for TouchID). Apple needs a "collection" of these images then they will be able to alert the authorities.

I hate to break it too you though but you're images have been scan for a very long time. Open up Photos and type in "car" or "dog" or something. Thats on device too. Same with faces, if anyone has ever taken a picture of you and labeled your face in Photos their phone could pick you out of a crowd. If you've been ok with those features I don't think also checking for illegal images is too bad...

You forgot that there's another scan that happens after 30 photos have been tagged as CSAM. It's a server-side perceptual scan to rule out the possibility of an accidental false positive. This happens even before human review.

 

[960design]

In light of Apple's declaration of commencing with mass surveillance of its phones, I am trying to figure out how iOS actually works in the background.

Apple, Google, Facebook and many other companies have been looking for specific image hashes to track pedophiles for years for cloud devices. Do not be alarmed by the media due to Apple's poorly worded announcement of moving this operation from the cloud directly to the device. Tracking the hash allows privacy while also protecting children. The actual image is never 'viewed' only its digital 'signature'. Any picture you take will have a unique signature and thus not 'tagged'.

 

[960design]

I looked around a bit and read that iPhones have been broken into by the authorities using vulnerabilities in iCloud. So, is using the cloud the main source of problem related to privacy?

No. Authorities can brute force iCloud accounts with passwords stored in a rainbow table.
Check your current password here. If you do not trust the internet or haveibeenpwned, you may download the latest password list and search for yourself. Notice the password list is older than 90 days. It typically takes about 90 days to added newly hashed passwords to this list. This is one of the main reasons security pros recommend you change your password on a regular basis.

Have I Been Pwned: Pwned Passwords

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

Moving forward, if I completely switch off iCloud services on my iPhone (even when I go to iOS 15) will I have a much higher level of privacy?

Much is not very specific. You will have a higher level of privacy at the cost of data resilience. Any images ( or documents ) you have taken will ONLY be on this device. Dropping the device into the ocean or having it stolen and you will have forever lost them.

Is there a difference in how apps are handled? e.g. using the Notes app (say) through iCloud is safer, but Photo and iMessages are at greater risk of being compromised?

At the beginning you stated you are trying to figure out how iOS works in the background, yet you have only asked questions and may trust me ( and others ) over a large corporation that prides itself on security. Please do not take any of what I have said as 'truth'. Look into Apple's documentation and make an informed decision for yourself.

 

[960design]

It's published every year in their "transparency" report.

I must admit 17% of active devices is jaw dropping, considering crimes are committed by 2.1% of the US population on average per year. I would hope the other 15% are from outside the US, but cannot locate / verify this.

 

[960design]

If you turn off iCloud Photos, no scanning will be done on your phone. Who knows what will happen with Apple later on as that could change.

This will not be true as of iOS15. The hash checks will happen directly on the device. An image passed via AirDrop to you that fails the 'hash-test' will be flagged. Multiple image 'hash-check' failures will send an alert. Alerts can be sent anonymously via bluetooth ping, even if the phone is off AND battery is dead. Yes, I typed this very carefully. Even if the battery is dead (there is enough residual recharge to send an LE bluetooth ping 800 feet, twice per day).

Best choice is stop passing child pornography around.

Images are not actually 'seen' by any AI/ML software, only the hash is detected. It is sort of like an image serial number. They are all unique and easily detected. Technically, really close to unique: something like one billion images per second per year will have a 50% chance of duplication ( hence the need for 30+ failures to generate an alert ). Another way of saying it, is if every human took 600 million photos, then there would be only be a 50% chance of duplication.

 

[now i see it]

Alerts can be sent anonymously via bluetooth ping, even if the phone is off AND battery is dead.

Stop spreading misinformation

 

[960design]

Stop spreading misinformation

Stop being ignorant and naive.

Search for "Locate when powered off"

iOS 17

iOS 17 brings new features for more expressive communication, simplified sharing, and a new full-screen experience for your iPhone.

www.apple.com

Please read down a bit further, there is a disclaimer:

Please do not take any of what I have said as 'truth'. Look into Apple's documentation and make an informed decision for yourself.

 

[danny842003]

I can understand peoples concerns about privacy but I’m genuinely intrigued to know what people have on their phone to make them go out of their way to hide it. Like I get people want privacy but if you’re not a pedophile or plotting to overthrow a government it just seems like a headache for very little/no pay off.
like if I ever decide to plan a coup d’état I will get rid of the iPhone. But until then there’s no tangible benefit I can see to any of this worrying and moving around services etc etc. nobody finds 99.999% of us even remotely interesting.

I want to add I’m not saying people shouldn’t protest things by trying to get them stopped by legislation etc.

 

[now i see it]

The concern about this new surveillance isn't that people are worried that their kiddie porn pictures will be sent to the FBI, the concern is that it now creates a back door that essentially breaks the encryption of the device. Once this back door is implemented, the concern is that the powers that be will use it for more nefarious means - scanning for other types of files or images.

 

[Puonti]

If you turn off iCloud Photos, no scanning will be done on your phone.

(above quote included for context)

This will not be true as of iOS15. The hash checks will happen directly on the device.

To be more specific, one part of the check happens on the device, while Apple's servers do the rest once the image is uploaded to iCloud Photos. No processing is done however if iCloud Photos is turned off:

Does turning off iCloud Photos disabled CSAM detection?
Yes. When iCloud Photos is deactivated, no images are processed. CSAM detection is applied only as part of the process for storing images in iCloud Photos.

https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf#page5

An image passed via AirDrop to you that fails the 'hash-test' will be flagged. Multiple image 'hash-check' failures will send an alert. Alerts can be sent anonymously via bluetooth ping, even if the phone is off AND battery is dead. Yes, I typed this very carefully. Even if the battery is dead (there is enough residual recharge to send an LE bluetooth ping 800 feet, twice per day).

It sounds like you might be conflating different things together in a way that doesn't describe how Apple's CSAM detection works.

Yes, images can be transferred to an Apple device that has AirDrop enabled and accessible to the person trying to send the image.

Yes, images sent via AirDrop can be chosen to be saved to Photos, at which point - if iCloud Photos is turned on - the device will start the CSAM checking process on it I (starting with iOS 15 and macOS Monterey later this year in the US only).

Yes, starting with iOS 13 a lost, offline (not connected to the internet) but powered iOS device with Find My enabled can use Bluetooth to communicate anonymously with nearby devices that are also using Find My. Those nearby devices will then pass its location to the Find My network, so that the lost device's owner is able to find it.

Yes, starting with iOS 15 there will be some support for locating powered down devices, as long as the battery is not completely empty.

No, CSAM detection does not make use of Bluetooth to send anonymous CSAM hash failure pings while the device is offline and powered down (according to Apple documentation, anyway).

 

[960design]

Does turning off iCloud Photos disabled CSAM detection?
Yes. When iCloud Photos is deactivated, no images are processed. CSAM detection is applied only as part of the process for storing images in iCloud Photos.

This is the part that changes with iOS15. You are correct about how it is done now (Aug 2021) and has been for quite some time. CASM is only initiated on iCloud uploaded photos, IAW server side processing. This protects Apple.
I'm excited about the new process taking place directly on the device. I have not tested this in the lab, nor will I. This will shift to client-side processing as of iOS15 and has nothing to do with iCloud settings, either on or off.

Yes, starting with iOS 15 there will be some support for locating powered down devices, as long as the battery is not completely empty.

I've tested iOS15 with a completely dead device. The battery will rebound enough to send one bluetooth ping about every 12 hours. On an older device it only sent a BT ping about once every 24-36 hours. Did you have different results? I would be interested in them.

 

[xxray]

Yes. iCloud Photos, iCould Backups, and server other features are either stored in the clear, or Apple has the keys to decrypt them if they want to or are pressured to.

iMessage is safe because Apple cannot know the contents of the messages.

iMessage is kinda not safe. Yes, iMessages are end-to-end encrypted (safe from a privacy standpoint), but the problem is, for every iPhone that gets set up, iCloud backups are turned on by default. If your phone does backups in iCloud, the backup stores your encryption key for Messages, thus breaking end-to-end encryption.

Source: https://support.apple.com/en-us/HT202303

Even if you have iCloud backups turned off, if your friend has iCloud backups on by default, your conversation with your friend in iMessage is not end-to-end encrypted and therefore not private. This is why using and getting your friends/family members to use end-to-end encrypted messaging apps like Signal is so important. The fact that iMessage is end-to-end encrypted is technically true, but it’s misleading.

 

[now i see it]

The more a person can diversify away from Apple Services, the better. I'm not saying don't use any of them, but use some from different vendors so all your eggs aren't in one basket.
Here's an example of doing it the wrong way:
Apple Card
Iphone
iMessage
Ipad
Mac
Air pods
Home Pods
Apple TV
Apple TV+
iCloud
iCloud backup
iCloud photos
Apple Music
Apple Arcade
Apple Watch.

Anyone who's living the life as outlined above has got a big problem

 

[danny842003]

The concern about this new surveillance isn't that people are worried that their kiddie porn pictures will be sent to the FBI, the concern is that it now creates a back door that essentially breaks the encryption of the device. Once this back door is implemented, the concern is that the powers that be will use it for more nefarious means - scanning for other types of files or images.

I understand that but what exactly? What are people taking pictures of that anyone would be remotely interested in?
Again I’m not saying I don’t understand people’s offence to it but it also seems like a total non issue in reality.