Hacker News new | past | comments | ask | show | jobs | submit login

I think that's not true, note this line in the doc you link to:

"...and never provides encryption keys to any third parties".

The data might be stored encrypted, but Apple seems to have access to the encryption keys. I've read that they need to be able to decrypt data to be able to comply with government requests.

I'm not sure if this is still the case now in 2017, but i assume so, until i read otherwise :)

https://www.macrumors.com/2016/03/16/apple-to-double-down-ic...




> but Apple seems to have access to the encryption keys

Of course, no one claimed that iCould data was E2E. They also need to decrypt the data in order to serve it to their users.


> They also need to decrypt the data in order to serve it to their users.

That's the point, they don't (and shouldn't) need to. As Apple itself says in the above linked article:

"Apple is working to further harden iCloud security so that even it won't be able to access user information stored on its data servers"


Web access means that you've always got one of three things:

1) the company has the encryption key

2) you give the company the encryption key each time you log in and they store it temporarily

3) everything is getting decrypted in the browser locally (probably tremendously infeasible)


#3 is how Mega works.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: