Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can you explain how this works? I'm assuming my IPhone itself is encrypted with my own password (or thumbprint) and that Apple could absolutely not get into it without that thumbprint.

But when you send a backup, it's decrypted, sent to Apple, and then re-encrypted with a key that Apple controls, and has nothing to do with any of the "things I personally know"? IOW, I couldn't myself decrypt my Apple backup stored on their servers?



Apple can't comply with a law enforcement request to get into your iPhone. They can comply with anything in your iCloud Backup except for the things under End-to-end encrypted data on this page [1]. Backups are encrypted "in transit" and "at rest", but Apple retains a key. That's how they can comply with legal requests and how you can restore your data if you forget your password.

[1] https://support.apple.com/en-us/HT202303


My computer, or theirs.

My phone, my data.

Back up my data to their computer, their control.

This is perfect plausible deniability for them.

"Hey, we gave them a secure device. But they chose to upload their data to us, and we made it clear how we handle it in our terms of service."

Which it is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: