The alternative would be that you couldn’t use your iCloud account to restore your data if you lost your phone / forgot your password.
I’m not saying it’s great that they therefore can read your data, but it’s a trade off…
Conversation
Entirely possible to require users set up restoration methods in order to enable it.
For example, security keys, physically recording a seed phrase by writing it down or using a more durable approach, etc.
Can require multiple options to enable it and do occasional reminders.
1
Enabling it by default would make it easy to lose data but offering the option with the requirement to set up recovery methods is a different story.
When adding a new device, it can ask for one of the recovery methods for pairing + making sure they still have them available.
1
An option, totally agree 🙂
My point is that probably most people wouldn’t want to loose all their data if they lost their password. Even worse, turn on something like this without understanding it, loosing their secret, then blaming Apple.
1
Most people may not want that, but a lot of people would want to use the option. That's how it works with Bitcoin wallets where people can manage/store their own keys and use backup solutions like cryptosteel.com/product/crypto rather than just writing down the seed phase on paper.
1
1
The backup feature in GrapheneOS uses a BIP39 seed phrase like a Bitcoin wallet so it's compatible with those storage mechanisms. It asks the user to write it down / record it and then asks it to be entered, demonstrating they did actually back it up. Up to them beyond that.
1
1
Security keys an are a option where people don't actually have to manually write it down. It only costs a few dollars to produce those and they could be bundled with other products. Nice having at least one physical backup that's not digital though.
1
1
And continuing with Bitcoin as an example, it's true that a lot of people simply trust exchanges to hold onto their money. It's possible that even most Bitcoin users do that.
However, a LOT of people do own / control their own keys and the seed phrase approach works really well.
2
2
Don’t disagree with any of this.
My only point is that it’s a design trade off Apple are making; not a simple choice that therefore implies they are after your data. 1/2
2
Another thing to account for is that iCloud these days can be used to _share_ data; that fundamentally can’t be done with complete encryption.
So if you turned on this feature you would have to turn off the sharing features and stuff starts getting complex quickly!
1
It can be done by using public key encryption under the hood. Each user can have a public key based on the seed for their end-to-end encryption and then other users can share data with them. Can be done efficiently by having per-file key normally encrypted with only your own key.
When you share it with people, under the hood your device can encrypt the key for that file with the public key of each person you want to be able to access it and share it with them. They're already doing this for iMessage end-to-end encryption. It's pretty much the same thing.
Given this a few reads 😂
Does this not mean you have to store a copy of the data yourself; same as WhatsApp shared messages?
Again, it’s a solution, but not the aim of shared cloud storage…
1
Cloud storage can have a key for each file stored alongside it encrypted itself. Keys can be stored encrypted by a key that's only available on the user's devices. If they share it with people, they can have copies of the key encrypted with the pub key of each person with access.
1
Show replies