Hacker News new | past | comments | ask | show | jobs | submit login

They are encrypted, but (by default) the key is escrowed for recovery by Apple support, which LE can request just as well as the account owner (or other parties with judge decree, such as surviving relatives)



And this is, honestly, a pretty reasonable default. For the average person, the failure mode is "I lost my phone, and I can't remember my iCloud password", not "I really need the cops to not be able to get into my backup", and they'd be super pissed off if Apple couldn't get them their data back. Having good security be available, but not the default, and requiring you to acknowledge the risks is a sensible trade-off for the customer service problems it might cause.


I kinda agree with you, but I think there's also a reasonable argument to be made around the idea that a user might be super pissed off that Apple made the default be not secure against state actors.

Also, how many people actually care all that much about their message history? I know I do (and I have 1GB of SMS/MMS/RCS message history dating back to 2010 that I back up to GDrive nightly), but it seems to me that most people don't care about their message history that much?


The nice thing is that there is now an advertised set of features to protect against state actors in the form of Advanced Data Protection, Lockdown mode and (soon) iMessage Contact Key Verification.

These all have significant usability impacts; I think Apple still has the correct defaults.

Finally, my understanding is that recovery keys are escrowed in a HSM separate from cloud hosting, and releasing an escrowed key is an audited event. My concern is mostly about actors accessing my data or surveilling me without transparency, as that gives no chance for accountability.


I'll grant that what people really care about is their backed up photos, and there's nothing stopping Apple from having separate security strategies there.

That said, I suspect that there's more people out there who're going to lose their text history with their dead parent and be distraught over that, than who're going to be actively upset that the state can subpoena their messages.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: