does apple have the ability to delete our data from icloud completely even if it wanted to (article)

[ddddd478]

https://www.red-gate.com/simple-talk/cloud/cloud-data/deleting-files-in-the-cloud/



This guy thinks you can never truly delete files from any type of cloud services and permenant file deletion is a myth due to built in redundancy measures to ensure reliability and ability to retrieve files in the event of data loss. Your data is backed up to multiple data centres and sometimes outsourced to third parties.



The terms and conditions usually say a deletion means your data is irritrievable, but never guarantees your data has been vaporised across all multiple geographic locations. The article lists a few examples from Icloud, Facebook, Myspace and FLickr of users seeming deleting data only for it to remain public years afterwards.



Any thoughts? Has privacy and control of our data been taken out of our hands? Or is it a scare story?

 

[Rigby]

If you give your unencrypted data to a cloud provider, you always give away control. If you don't trust a provider, don't use them or encrypt your data before you upload (e.g. using tools like Cryptomator or Veracrypt). A few iCloud services are end-to-end crypted (e.g. iCloud messages and iCloud Keychain), so there isn't much reason to be concerned about those.

That said, while it is certainly true that backups and distributed copies can linger for a while after you delete a file, no cloud provider has an incentive to keep stale data around indefinitely, since storage costs money (especially if, like Apple, Dropbox and other providers do, the storage is rented from a 3rd party like Amazon).

 

[ddddd478]

Unfortunately im a bit of a dinosaur and was used to the old ways of data storage. I got given an old ipad and didnt really have a clue so didnt realise it was backed up. Im more clued up now.

Given your logic, I suppose once you delete your account, the storage will be allocated to someone else at some point and be written over. I have no idea. I just prefer local storage and will delete my account once i back up locally. It makes me feel safer but i do wonder about left over data in some far flung land. (or wherever Amazon is based)

I feel bad for those whove been hacked.

 

[Rigby]

Unfortunately im a bit of a dinosaur and was used to the old ways of data storage. I got given an old ipad and didnt really have a clue so didnt realise it was backed up. Im more clued up now.

Given your logic, I suppose once you delete your account, the storage will be allocated to someone else at some point and be written over. I have no idea. I just prefer local storage and will delete my account once i back up locally. It makes me feel safer but i do wonder about left over data in some far flung land. (or wherever Amazon is based)

Yes, I don't use iCloud Backup either. While Apple makes an effort to exclude some of the most sensitive data from the backup, you never quite know what is uploaded (especially from 3rd party apps). A local iTunes backup is much faster anyway (and backs up more data if you set a password to encrypt the backup).

 

[russell_314]

I use iCloud backup but with the assumption that all my data can be compromised. Any data on the Internet that’s not encrypted or if encrypted and someone else has the key is not secure. It’s a matter of convenience over security

 

[ddddd478]

In theory when ordered to delete an account, a malicious cloud provider could send a false deletion result and then sell the data on because there is no way the user can verify.

 

[Rigby]

In theory when ordered to delete an account, a malicious cloud provider could send a false deletion result and then sell the data on because there is no way the user can verify.

If they are that evil, they don't have to wait until you request a deletion before selling your data.

 

[ddddd478]

I dont think Apple would sell data, I think other cloud services might (well as we know facebook definitely does), but if Apple are using third party storage from Amazon are they in full control of our data? The guy writing the article got a point. Who knows what Amazon use for their data storage or if they subcontract it again. I guess you take your chance, wittingly or unwittingly (like me).

One of the actress' who got their photos hacked in the article claimed they deleted their pictures years before they leaked. Mad.

 

[Rigby]

I dont think Apple would sell data, I think other cloud services might (well as we know facebook definitely does), but if Apple are using third party storage from Amazon are they in full control of our data? The guy writing the article got a point. Who knows what Amazon use for their data storage or if they subcontract it again. I guess you take your chance, wittingly or unwittingly (like me).

Apple encrypts the data before storing them at Amazon, and Amazon does not have the keys. It's described in one of their security whitepapers.

 

[ddddd478]

Thats good. Is that paper on their website?

 

[Rigby]

Thats good. Is that paper on their website?

Yes, but I can't find the link right now. But it's also mentioned here (2nd paragraph under "Data Security"):

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

 

[planteater]

Thats good. Is that paper on their website?

https://www.apple.com/lae/business/docs/site/iOS_Security_Guide.pdf

Apple maintains the encryption keys on their own servers, in their own data centers. The data is chunked over to third party data hosts. I don’t recall all the details as it’s been awhile since I read the paper.

 

[ddddd478]

I have a feeling that i read somewhere if you dont have two way authentication and a passcode on your ipad its not encrypted on icloud (or something similar. Do you more well informed folk recognise that? Im reading to try to catch up but its all getting a bit jumbled up in my head)
Thanks for links reading them now.
[automerge]1587254269[/automerge]
Right it says in the link two way authentiction is needed. So logically my icloud wasnt encrpyted because i didnt have it on? (i know careless, didnt even bother with passcode) Looks like having an old ipad is a security risk too.

 

[Rigby]

I have a feeling that i read somewhere if you dont have two way authentication and a passcode on your ipad its not encrypted on icloud (or something similar. Do you more well informed folk recognise that? Im reading to try to catch up but its all getting a bit jumbled up in my head)
Thanks for links reading them now.
[automerge]1587254269[/automerge]
Right it says in the link two way authentiction is needed. So logically my icloud wasnt encrpyted because i didnt have it on? (i know careless, didnt even bother with passcode) Looks like having an old ipad is a security risk too.

You have to be more specific. The passcode is only needed for for items that are end-to-end encrypted, such as iCloud Keychain. The iCloud Backup is not end-to-end encrypted but only "encrypted at rest", which basically means that Apple has the keys and can decrypt it, no matter if you have 2-factor authentication or a passcode.

 

[ddddd478]

Im not even sure i use keychain. Am an Apple beginner as you can tell. It is turned on.

So my icloud backup would not have been visible to thieves?

 

[Rigby]

So my icloud would not have been visible to thieves?

Unless the thieves had your account credentials it's unlikely. For peace of mind I would recommend to change the password if you think someone else may have it, and, if you no longer want to use iCloud Backup, delete the existing backups (after making a local backup via iTunes). Personally, if I got a used device, I'd go a step further and erase it entirely and set it up from scratch, just to make sure nothing is left that the previous owner may be able to access.

In any case, Apple leaking your old deleted files is the least of the concerns.

 

[ddddd478]

Yes i think a change of password is a good idea.

 

[NoBoMac]

Newer version of the Apple security guide. Now also covers MacOS as well and the previous iOS information.

https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf

And if you visit privacy.apple.com, you get the scoop. TLDR: they claim all data wiped.

What happens when my account is deleted?

• You will not be able to access your iTunes Store, Apple Books, and App Store purchases.
• Your photos, videos and documents stored in iCloud will be permanently deleted.
• You will not receive messages. sent to your account via iMessage, FaceTime, or iCloud Mail.
• You will not be able to sign in or use services such as iCloud, iTunes, Apple Books, the App Store, Apple Pay, iMessage, FaceTime, and Find My iPhone.
• Your data associated with Apple services will be permanently deleted. Some exceptions may apply.
• If you are enrolled in the iPhone upgrade program, you must continue making payments for your device.
• Deletion does not cancel any repairs or Apple Store orders. However, any appointments you have scheduled at the Apple Store will be canceled and any open Apple Care cases will be permanently closed and unavailable once your account is deleted.

"Some exceptions": https://support.apple.com/en-us/HT208504

Believe it or not.

 

[ddddd478]

"When you delete your Apple ID, Apple makes our best effort to delete all personal data associated with your account."

Bleh.

"When your Apple ID account is deleted, your account details and the data associated with your Apple ID are permanently deleted from Apple’s servers."

What about Amazon's servers. Ooh i am a doubting Thomas arent I?

 

[Naaaaak]

I'd don't trust Apple's competency in claims about iCloud working as they say.

This is a company that allowed root access with an empty password in macOS and has shipped a host of other security bugs over the years. Even if everything iCloud works as described, most encryption gets exploited within a few years.

Treat iCloud as a public dropbox and treat cloud-anything as someone else's server. You have no guarantees your data will ever be deleted off of any server except the one you can manage.

 

[revmacian]

if you don't trust the storage provider then don't allow your data to be uploaded.. or provide fake data. I can't count the times a website required my phone number, but I always give them a dummy number like (999) 999-9999.

"A strange game. The only winning move is not to play." – Joshua

 

[ddddd478]

I agree with that in principle and accept that I am responsible for what I do with my property. The problem is these things are often running in the background and perhaps its the default setting and naive people dont opt in, they just dont opt out, whether through ignorance or not. Id like Apple to have had made it more obvious. Also in an ideal world more accountability for disposing our data.
[automerge]1587311545[/automerge]
Just a thought from a not very tech savvy person: would the effect of a file shredder, designed for your ios device, be replicated on the icloud back up servers? if you backed up all the overwritten data? would it theoretically overwrite amazons servers or would it only wipe data on your own device.

probably best to just delete icloud and let it go.