This picture should be presented to everyone who activates iCloud Backup. 
“Our end-to-end encrypted system is only really encrypted if you don’t touch our janky unencrypted backup service that we practically beg you to use.”
Maybe if Apple implements some really good automated scanning in iMessage, the government might allow me to encrypt my backups.
“The encryption keys will be provided with the content return” sure sounds bad.
When we wrote securephones.io, we had a theory that iCloud Backup was uploading raw disk encryption keys. This is what the documents say. But it seemed too stupid actually be exploitable.
People keep saying “what’s the big deal if you don’t have anything incriminating on your phone.” People: the issue here is not that the cops can break into your phone with a warrant. It’s that if *they* can do it, so can someone who hacks your account.
Anyway, WhatsApp has announced E2E encrypted backup. Google has announced E2E encrypted backup (though they don’t encrypt enough). Apple is increasingly looking like the outlier on this feature.
It’s not possible to maintain a “privacy-focused” image and yet do nothing on encrypted backup — while your competitors slowly outcompete you on encryption features.
The most optimistic explanation I have for the scanning fiasco this summer is that Apple knows it’s rapidly falling behind, and this was a desperate attempt to negotiate a solution that buys them some flexibility with governments.
Now the problem here (and I will keep predicting this until it comes true or I look dumb), it is very obvious to me that Apple is going to ditch client-side scanning soon and go to server-side scanning for iCloud Photos.
Which leaves end-to-end encryption for iCloud Backup in an unknown state. Will we ever get it, or does Apple just give up on the feature forever because they’ve committed to server-side (plaintext) scanning?
Lots of people say “you can back up your device locally” but seriously, how much longer will that even be supported? I find it hard to believe that my (now teenage) children will have any other option *besides* cloud backup by the time they graduate from college.
Anyway, this idea that “cloud” and “device” are two different things is a shining artifact of the past. In the future they’ll be one seamless whole, and if your private files on one have to be scanned — then there are no private files on the other.
It’s just amazing to me how huge the stakes are just in this one decision, and people think this is just about some backup feature. It makes me want to drink.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
