Companies are legally required to report a data breach in many if not most places around the world. If Apple had one you better believe all the tech media outlets would pick it up and be talking about it for weeks.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Promotes iCloud's Advanced End-to-End Encryption Feature as Data Breaches Increase
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yeah. Bad actors like many of our own governments.
"If they really want to promote it they should allow it to be used on older devices."
I'm not sure what that comment even means. It works on iOS devices back to iPhone 8 and on Macs all the way back to 2017. It does run on crusty old machines. If you're running something older than that, you are clearly not concerned about security.
I'm not sure what that comment even means. It works on iOS devices back to iPhone 8 and on Macs all the way back to 2017. It does run on crusty old machines. If you're running something older than that, you are clearly not concerned about security.
I believe FileVault is just standard AE-256 encryption. It's plenty secure.
But, practically speaking, you wouldn't need to crack FileVault... you'd almost certainly try to get the password of a user with access to that particular FileVault-encrypted disk. That'd probably be attempted using social engineering, brute force (can work if weak password), maybe old-fashioned spying.
One does not generally make such claims without supporting evidence. In this instance there is none. Have you personally audited apples non public closed source implementation?
Any recent version of iOS or macOS has not yet been certified. It says so right on the apple website.
iOS security certifications
Apple actively engages in the provision of security assurance of iOS for each major release of an operating system.
support.apple.com
macOS security certifications
Apple actively engages in the provision of security assurance of macOS for each major release of an operating system.
support.apple.com
You are clearly wrong! I have a Late 2015 iMac that is plenty fast enough and otherwise sufficient for needs, and am far more security conscious that your average user. There is no reason that Apple can’t support Advanced Data Protection (ADP) on my computer, other than they don’t want to spend the time (i.e., money) to do it. Would the supposedly environmentally conscious people at Apple be happier if I bought a new computer, and tossed my more than adequate computer in a landfill, just to be able to use ADP? Undoubtedly, many others are in a similar position to mine.
As an aside, I already moved most of my things from iCloud, as I don’t trust Apple’s security without end-to-end encryption. However, it would be good if I could use ADP to protect the remaining items (i.e., Reminders).
Good point. I’d figure while they may be concerned about security, they’re not concerned enough to use the more rigorously secure hardware of today. It’s like being concerned about safety but using old devices that don’t adhere to today’s safety regulations. Like on a scale that includes financial vs security, the scale is HEAVILY weighed on financial concerns over security.
I agree. There really isn't any reason for Calendar and Contacts not to be E2EE especially with Apple still holding the key, which I don't like.
Apple mentions on their website:
“Contacts and calendars are built on industry standards (CalDAV and CardDAV) that do not provide built-in support for end-to-end encryption.”
Since when does Apple care for standards in this area? They didn’t care with Notes. There Apple left the IMAP standard a long time ago.
Since when? Since at least CalDAV since Apple proposed it. Actually, probably back further than that as they support compatibility with the global email system, too.
“iCloud Mail: iCloud Mail does not use end-to-end encryption because of the need to interoperate with the global email system. All native Apple email clients support optional S/MIME for message encryption.”
I personally have no need for CalDAV and CardDAV being interoperable with the world. But, my assumption is that for those in mixed system environments, the ease of calendaring from one device to any other device is worth it, so Apple supports it. For most things, when folks indicate “There is no reason…” there usually IS a reason, it’s just that the person that mentions it is opposed to recognizing the reason.
Today you can still use Apples Notes app within the IMAP standard or outside of it and enjoy advertised features. Apple could do the same for Calendar (CalDav) and Contacts (CardDav).
Interesting. Would you can to elaborate on how that is accomplished?
I might want to do this, though I did recently add security keys to my icloud account. Perhaps the password reset vulnerability no longer applies to me.