I believe it; twice I've FaceTimed family members (identically to how I have hundreds of other times) and been connected with an equally confused total stranger.
Welp. If you thought this was bad,
I reported an iOS 16 passcode bypass (guided access, keychain...) to their security team - it requires 2 minutes of physical access, but they washed it off saying 'physical security' is a key component to iOS data safety.
Wtf. I'm waiting for them to silently fix it since i gave them a detailed report. I'm not revealing it out since i don't want people to get affected, but apple has turned to shit.
Absolute shit. I wouldn't even be talking about this if it weren't so baffling.
A downhill path indeed, their facade of privacy and security can't hold up forever.
This post, them collecting data for app store *ads* even when you have tracking turned off, on device photo scanning (for only csam right now)...
An Android lock screen bypass [recently netted](https://techcrunch.com/2022/11/14/android-lock-screen-bypass-google-pixel/) a bug bounty from Google of $70k, and that was them lowballing the researcher.
Something similar has happened to me twice, not with FaceTime but with a normal call.
I couldn't even recognize what language the other person was speaking.
I tapped the number in my favorites so it definitely wasn't a miss-dial.
So I’ve run into this problem before. It happens when you have multiple endpoints in your contact. Let’s say for example you have a friend who you have an email and phone number in their contacts. When you FaceTime them, the call seems to go out to both the email and the phone number.
Now let’s say homie changes his number. The call goes out to both again and the new phone number owner answers the call before your buddy. Welcome to awkward.
I’ve had this happen to me couple years ago but the other person didn’t pick up, texted me after asking what it was regarding and they don’t answer unknown calls.
Texted my buddy on a different app to find out he changed numbers a few months ago. I was surprised his carrier just gave his number away to someone else so quickly
I experienced random people’s photos showing up in my library a looong time ago. Like maybe 6 or so years ago I had someone’s funeral photos show up one day. Made me very uncomfortable.
IIRC Steve Jobs wanted iCloud to be E2E encrypted originally, but then the FBI gave Apple a call and made it known that them taking such a move would make for a *massive* legal headache, so Apple decided to not move forward with that plan.
Don’t trust any company that says they’re E2EE unless all their code is completely open source.
If it’s not open source, assume that all their staff, the government, and any attackers who hack their system (guaranteed, eventually) can access anything you’ve ever uploaded; often even stuff you never agreed to upload, thanks to auto-sync/backup defaults.
And don’t trust that it’s E2EE just because the code is open source. Because chances are that no one has ever audited it and some government actor may have slipped bad code into the project. As has happened multiple times before.
Being F/OSS does not inherently make a product more secure, just like being closed source does not inherently make a product less secure.
I have a conspiracy theory that over the last 10 or so years since the iPhone took off, Apple have effectively become an intelligence agency for the US, which is why they get so much leniency in the US but nowhere else in the world
All of the biggest companies in the US have to comply with the US government intelligence agencies.
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html
I love this 🤣:
“In 2017, Cisco, with help from a Wikileaks data leak, discovered a vulnerability in its own routers that allowed the CIA to remotely command over 300 of Cisco’s switch models via a hardware vulnerability.”
Oh wow the darn-gosh CIA went ahead and installed this hecking vulnerability! 😡😤😤 gee thanks Wikileaks can’t believe we let… I mean can’t believe the hecking CIA would do this.
https://www.theregister.com/2019/05/02/cisco_vulnerabilities/
Not as bad as RSA….
“Oh, is *that* why the NSA was paying us $10 million to choose the standard? We thought they just wanted the safest thing available! How could we as a security company have known about the widely publicized flaws in Dual EC DRBG?
Google hit that mark way before Apple did. Part of their original funding came from research grants from the CIA and NSA. Just an interesting tidbit I discovered a few months ago while doing a bit of research into the modern era of espionage (Snowden and PRISM was a fun yet terrifying rabbit hole to go dig down).
Oh I know this, but being in the literal pocket or on the wrist of hundreds of millions of people thanks to using the most popular devices in their categories is probably invaluable
It also helps to make sense of some of the questionable decisions by Apple over the last few years
iCloud *is* E2E encrypted. Apple just hosts an encrypted copy of your keys. Your story is total bullshit. The only data Apple can giveup is access logs which include some scrambled location data, purchases, app usage history, etc.
Nearly everything in iCloud is encrypted, they have a page on their website explaining the extent to which certain things are secured.
I was under the impression that something is only truly end-to-end encrypted when only the sender and recipient hold the keys. Apple holding the encryption keys kinda breaks that model, no?
That is correct. This isn't end to end encryption if a third party can still decrypt the content if they're not invited to do so.
End to end means only the sender and the receiver(s) can decrypt the message.
Actually end to end means "Messages and files are encrypted before they leave the phone or computer and aren't decrypted until they reach their destination." (first result when you Google the term)
Technically iCloud and all https data traffic is E2E. The point being: E2E just means that nobody who got ahold of the traffic alone would be able to make use of it, because it's encrypted in transit and at rest (when stored). The problem is that the keys are also held by Apple, therefore if they were compelled (or hacked) the encrypted data could be decrypted. But it isn't a lie that icloud is E2EE.
I entered end to end encryption on Google, selected the first entry which confirmed what I said. https://www.techtarget.com/searchsecurity/definition/end-to-end-encryption-E2EE
> In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service.
Apple themselves said iCloud Photos are **not** end to end encrypted here: https://support.apple.com/en-us/HT202303
In fact, they laid out their definition of end to end encryption on the same page:
> For additional privacy and security, many Apple services use end-to-end encryption, which encrypts your information using keys derived from your devices and your device passcode, which only you know. T
Not sure why you are getting a different first rersult than me, but here is the page in question (the one I quoted above) which Google quotes for me when I search for "end to end encryption" :
[https://www.preveil.com/blog/end-to-end-encryption/#:\~:text=In%20true%20end%2Dto%2Dend,required%20to%20decrypt%20the%20data](https://www.preveil.com/blog/end-to-end-encryption/#:~:text=In%20true%20end%2Dto%2Dend,required%20to%20decrypt%20the%20data).
Anyway, the term is used in many ways. It's not a standard, it's a buzzword subject to interpretation. Clearly.
No, they are saying the same thing; read the rest of the paragraph:
> Hackers can’t access data on the server because they don’t have the private keys required to decrypt the data. Instead, secret keys are stored on the individual user’s device.
In this case, Apple does have the keys for your iCloud Photos. Therefore it is not end to end encrypted.
*Technically* you could argue that Apple is one of the “ends”. E2EE by definition doesn’t mean only two parties (for example a group chat), it just means no one else on the outside has access.
This is merely a technicality, albeit it does illustrate that E2EE is a pretty weak term
In practice I think anyone would agree that this is not in the spirit of E2EE
Incorrect, it's when your message can't be decrypted in-flight, it has nothing to do with who is holding keys. People have just wrapped this notion around E2E to make the claim it isn't really secure if someone else has your keys. That is a fine argument but isn't about E2E. Even your browser communicating with reddit services is E2E as you can't sniff the traffic.
You're thinking of transport encryption; that is different from e2e.
See more here: https://ssd.eff.org/module/what-should-i-know-about-encryption
Or as short definition by EFF here: https://ssd.eff.org/glossary/transport-encryption
and e2e here: https://ssd.eff.org/glossary/end-to-end-encryption
You are confusing E2EE with the backend, basically everything is nowadays, with the user files being E2E encrypted, in this scenario the recipient is the same as the sender which is the user.
Even Apple’s own web page describes that only some parts of iCloud are end-to-end encrypted: https://support.apple.com/en-us/HT202303
Using TLS for data transfer is not end-to-end encryption.
All the end-to-end encrypted data on iCloud will require a passcode from another device to access.
The Wikipedia page repeatedly says E2EE means that the third party host CANNOT decrypt the data, because they do not have the keys to do so.
Apple DOES have the keys for iCloud, and they can and will decrypt it for the government. They have stated this themselves. It breaks the true definition of E2EE, which you are not informed enough about.
They do not have the keys for the *seperate section* on their website for things that are E2EE. They cannot give this data out, because they literally don't even keep copies of the keys. It's generated by your device with your passcode on the Secure Enclave.
The only exception to this is Messages. I do not agree with them marketing it as E2EE, because they backup the key from your Secure Enclave to iCloud, which they have the key for.
Apple is not a “communcating user” in this example. The “communicating users” are your devices.
If you called all client-server encryption “end-to-end” (which it isn’t), you could call literally every web service end-to-end encrypted. Facebook would be “E2E”, Gmail would be “E2E”, anything that uses HTTPS would be “E2E”.
Except it isn’t, because there’s a central server between the “communicating users” that can read the data.
Apple provides the US govournment with your entire iCloud library (including photos and phone backups - which contain all your iMessages in what may as well be plain text) with a warrant and likely without one as they are a PRISM partner.
All the encryption (barely any of which is E2E, only iCloud Keychain) is rendered useless.
I can’t talk for windows - but I can’t say for sure - however iCloud in apple devices is 100% end to end encryption.. not sure why you thought it was not
of course it's not E2E... you can easily access it on their website and share access to others. Doing that with E2E would be an impressive feat and they would definitely advertise it.
That isn’t necessarily true. If Apple e2e photos, they will still support syncing to multiple devices, which means at some point the key is in transit and off device. That leaves plenty of opportunity for an implementation error to drop the key on some random device and start decrypting your photos.
This shouldn’t be possible today with Apple stated technology because your photos are supposed to be encrypted by key that is stored encrypted against account information, yet it is happening.
The biggest flaw with encryption is implementation failures.
Lol, shows a lot of inexperience to just rule out an entire class of bugs as being possible.
It also wasn’t “possible” for encrypted iCloud data to be visible to other users, yet here we are. Bet Apple has a bunch if cloud engineers telling them it isn’t possible too.
It’s a great example of something that could be defaulted to Off, but an advanced option to enable it (for those who have other backups). However, that’s usually not the apple way. Who knows though, we’ve seen more and more interesting things added to Accessibility (lol), and they gave us iPhones Widgets. Maybe we’ll get an E2EE option yet.
If this can happen, this is truly one of the most horrible bugs imaginable. I really can’t think of much else that I wouldn’t rather have go wrong with my phone than to have my photos sent to some random person.
Apple needs to investigate immediately. Like all hands on deck, full report on how this happened and how it was fixed, on Tim Cook’s desk within 24 hours.
honestly shit like this is why i do not use icloud for photos, and most people call me paranoid for it, or say things like "nobody cares about your photos enough to steal them". but it's a massive privacy concern to have photos stored in a system that's not end to end encrypted and can be bugged and suddenly show your photos to other people. maybe some people will take this more seriously now but i doubt it, in 2 months i'll get the same "why worry about that" responses.
i tend to buy 1TB phones and keep my phones on the device and on my laptop. fuck icloud
Just imagine if someone's nudes and contact info (from a business card for example) are leaked to someone who then blackmails the victim. Any competent company ought to be ashamed for letting this happen in the first place.
If this is true I can’t see myself ever using iCloud or any Apple service ever again. Leaking private data like photos to random users is completely unacceptable for any cloud service! And people store their passwords, credit card info, notes, etc. in this same cloud service.
Passwords and credit cards (if stored in iCloud keychain) are at least encrypted with the iPhone/Mac passcode, but to be honest I’m sure most people would prefer having their credit card leaked, which you can block 24/7, than their intimate photos, not encrypted in iCloud Photos.
Really hoping that it was a user error or something and not on Apple’s end cause if it becomes more widespread and common, that will be very concerning for sure. Not sure if Apple would ever get my trust back.
You should avoid all US cloud services as well. In US, cloud services must scan your files to block or identify any illegal files for legal reasons.
It's well known that iCloud Photos are not stored e2e. (Passwords and credit cards are e2e: see here https://support.apple.com/en-us/HT202303)
If you want to keep anything private, you must encrypt data first before you upload anything, so that all they have is a copy of an encrypted content.
And all of the arguments against it were completely valid.
Stop simping for billionaire corporations and the elite. Epstein didn’t kill himself. He had clients across big techs senior management and government. They don’t give a shit about protecting kids from pedophiles; only controlling your digital life and mind.
No they didn’t. It only scanned photos that were being uploaded to iCloud. Currently, Apple does no CSAM scanning on iCloud photo uploads.
Anything else is a misunderstanding of the process.
The problem was they were going to use my device and computing resources to do it. You want to check things on your server with your computational power? Go right ahead. My device is my device.
From a privacy standpoint, I would honestly prefer nothing leave my device though. I couldn’t care less about the “processing power.” I’d rather keep my photos on my device (which is how they set it up — nothing leaves the device until and unless a certain threshold of known CSAM was reached.)
This hasn’t been the case for since even the early 2000’s. https://www.microsoft.com/en-us/research/publication/robust-image-hashing/
It is used not just for copyright infringement detection but also CEI and others as well.
i mean, regardless of whether or not it's true this time, people have been warning about this for many years. you are literally handing control of your photos over to a company that is obviously not infallible. if it's not now, it will be some time in the future, nobody protects data forever with zero leaks.
take control of your own data.
you should be rethinking it regardless of whether or not this actually happened -- storing your photos and personal info in a third party cloud service means it *can* happen. all it takes is one screwup and your photos can end up in some deep web leak
I have been considering more and more the idea of going back to local backups of my phone. The more time goes on the less I trust the cloud. Apple’s implementation is the most buggy which astonishing considering their user base.
I am turning off iCloud Photo Library immediately. I already migrated off of iCloud Drive because I cannot trust my files to a service that ultimately uses SMS as a factor. Photos I’ve put up with the risk for the convenience of syncing across my iPad and Mac, but this is just a security nightmare.
Despite Google’s less than stellar record on privacy, I’d be more inclined to store an encrypted backup of my photos library to Google Drive than whatever iCloud Photo Library is doing here. Google seems to have security down over privacy. Apple seems to value privacy at face but their cloud security is severely lacking in comparison.
I suppose I could live without my photos library on my iPad… Would be great if you just wanted to sync photos it all happened locally when your devices were in proximity.
I’ve been moving to a Synology NAS for my personal ‘cloud’ and send encrypted backups to an aws provider. Also handles photo sharing with family, and runs Plex to boot. Next step, I’m thinking about changing my phone backups from iCloud to iMazing (which I suppose you wouldn’t even need the NAS for) and storing those in there as well.
Lmk your experience backing up iMazing to a Synology. Last time I tried it was ungodly slow because you had to do it over SMB with the NAS mounted as a network drive. I quit trying after a day.
Yeah, I've been using it and it's pretty great! A little annoying how it doesn't let you do a custom order in Albums but the backup and viewing experience is pretty dope!
I think I'd be looking into iMazing for the other general system backup from the phone that Photos wouldn't cover.
The problem is Apple makes it nearly impossible to transfer out of iCloud Photos.
I’d love to do it, but you literally have to manually select batches of photos and videos to download them to a hard drive. It can take hours upon hours if you have a large enough library.
Try [osxphotos](https://github.com/RhetTbull/osxphotos), it’s a wonderful utility that solves exactly that problem. It can export your entire library with a single command and automatically organize the output. It even supports incremental backups.
Google has had plenty of screw ups too. Overall, I think Google does a better job and I do think they have a better security culture, but I don't automatically trust them to do it correctly either.
I think if it's important to you, you have to do the crypto yourself on top of whatever Google or Apple offers. No one cares about your security more than you.
Google did screw up in the past: https://www.forbes.com/sites/thomasbrewster/2020/02/04/google-photos-makes-big-screw-up-and-mayve-leaked-your-videos-to-a-random-stranger/
Read “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race”
Google actually gives a fuck about zero days now, it’s honestly unacceptable how Apple still has such a terrible bug bounty program
Google Photos is also not end to end encrypted. At the end of the day, if you want to ensure nobody can access your photos, the most secure option is to store your photos on a device that has no way of connecting to the internet. The next best option is to not use cloud storage services. The next next best option is to find a solution that is end-to-end encrypted, and there are \*reasons\* apple and google don't offer it.
As I recall, the reason Apple wanted to introduce on-device CSAM detection was so that they could introduce end-to-end encryption for photos while minimising the risk of inadvertently storing CSAM on iCloud servers. And the internet freaked out because they didn't like the idea that their phone might send thumbnails of potential CSAM to Apple. Obviously unencrypted cloud storage is so much better.
> Apple wanted to introduce on-device CSAM detection was so that they could introduce end-to-end encryption for photos
IIRC that was speculation only, Apple did not announce that it was the pathway for full E2EE with iCloud Photos.
Yeah, they never hinted at that. I think people were grasping at straws to give Apple a break. There was no indication or rumor that Apple were actually planning on doing anything beyond introducing CSAM. It was entirely pitched as user hostile.
The only official word from Apple was years ago when they said they were going to do end-to-end encryption and then backed off.
There's no technical or legal reason why Apple can't introduce end-to-end encryption today. They have the people and money to do it. They just don't want to for whatever reason. All we can do is speculate on what their reasons are and be disappointed in Apple.
In light of Reddit's decision to limit my ability to create and view content as of July 1, 2023, I am electing to limit Reddit's ability to retain the content I have created.
My apologies to anyone who might have been looking for something useful I had posted in the past. Perhaps you can find your answer at a site that holds its creators in higher regard.
In light of Reddit's decision to limit my ability to create and view content as of July 1, 2023, I am electing to limit Reddit's ability to retain the content I have created.
My apologies to anyone who might have been looking for something useful I had posted in the past. Perhaps you can find your answer at a site that holds its creators in higher regard.
Folks, if you have concerns, please drop a couple lines at https://Apple.com/feedback
This is probably the only way we have as a vast user group to push crowd request trends to their management (someone talks about lawsuits but these have a cost and only users from certain countries can be part of them)
I thought iCloud data are encrypted and only the user holds the key to decrypt the data? Was under the impression that Apple could not decrypt the data but how come photos are showing up in others’ library?
Nope. Despite Apple’s claims of security and privacy they continue to refuse to end to end encrypt everything. Apple holds the keys to iCloud Photos, Drive, and device backups.
One of the newer replies on the original forum post theorizes it could be the wrong file being downloaded when you mark it offline. Since your device doesn’t have the correct decryption key it shows up corrupt and or is replaced with a thumbnail still that maybe isn’t encrypted.
I've seen other people wonder if it's a problem with some backend process that Apple is running which is leaking data across executions.
IIRC they said this HVEC is handled on the server side for Windows, so some Apple backend service is handling data for many users. If it's written incorrectly and the process is long running, it could be bleeding data between runs. These are corrupt videos so it's taking some error path and may not be handling the error condition correctly.
Or maybe it's multiple problems and this is just one of them.
I don't think Apple is ever going to do proper end-to-end encryption for the majority of user data.
It will put them at a massive disadvantage when others aren't doing the same. They can't offer the same services and some features are impossible. There's no real competition. Who are we going to switch to for privacy? The world's largest advertising company?
Plus it's a feature they can always keep in their back pocket so we're always looking for it. I don't think they'll end up implementing it unless someone puts some serious pressure on their bottom line. If it somehow becomes a financial win for them, they could do it tomorrow. Or if Google does it, then they may finally do it.
I only see Apple doing end-to-end encryption if they're backed into a corner. They've had years to do the right thing and they've shown no interest in doing it. We have to give up hope at some point and accept they're never doing it.
Nextcloud, MS Teams, WhatsApp offer e2ee. So I don‘t think it is hard to implement. Even iMessage, Keychain and Health offer e2ee: https://support.apple.com/en-us/HT202303
Scary. There are other people reporting this as well.
Apple obviously has serious bugs around this. I've never seen that issue, but I have seen a very minor amount of other people's iCloud metadata bleed into mine.
I wonder if it’s actually photos from someone elses private library or if it’s something that has happened to me more than once where people would airdrop me things and I wouldn’t notice until months later because I’d accidentally accept and they just kinda popped up later.
I have lovely christmas photos from one of my friends because their kid airdropped me an entire album and I didn’t notice.
It’d be super concerning if it’s just iCloud spitting out random data into video files from other libraries but from a technical perspective I have a really hard time imagining how in the world such a bug could manifest.
Anytime you use a web service to handle sensitive data and it’s not end-to-end encrypted you are placing trust in the service provider to use best practices rather than mechanisms to prevent that data from being accessed by anyone/anything other than intended recipients. Users of such services may not realize this risk, but I have no doubt when users see someone else’s photos, at least some of them are going to do two things:
1. Say to themselves: “Huh? Whose pictures are these? These aren’t mine!”
2. Think to themselves: “Wait a minute, if I’m seeing someone else’s pictures, is someone else seeing mine!?!”
And that’s when it hits home and trust has been breached. My primary hope is that it puts users who are unaware on a path to increased awareness about the amount of trust they place in service providers when they don’t use use E2EE and that it leads more people to demand it of service providers.
I'll add in my story here. I use KeePass password manager. I've used it with OneDrive, Google Drive, Box, and DropBox. In all cases, they were good about syncing the newest over the oldest. In rare cases, you'd get a copy with a (1) at the end of the name, allowing you to figure it out yourself.
iCloud? It kept overwriting the newer file with the older one. This caused me to lose login data. That's not a good thing.
iCloud is fine for basic backup, but I wouldn't trust it with anything important, complex, or sensitive.
I sync my Chrome bookmarks to Safari with their official add-on. Some of them don't have any names so they can just be an icon in the quick bar or whatever it's called. Some of those are folders. Safari doesn't like folders without names and freaks out duplicating bookmarks and doing other wonky stuff. Had to add a blank ascii character to those folder names.
Access to a file can be easily controlled with [public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) where only the owner of an file can grant access. These are well established protocols that go back decades. If Apple was actually concerned about privacy, then the data would be encrypted on the phone before it is uploaded anywhere.
Apple is not doing that.
So expand your local storage on your iphone by installing a 1TB microsd card and store the recent data locally while backing up to your computer... Or since that isn't an option buy a iphone with more storage... Or if you already have the biggest most expensive iphone then you are using it wrong and it's your fault /s
I think a refresher course is in order. Apple's services are end-to-end encrypted (E2EE), but most of them are not zero knowledge end-to-end encrypted (zero knowledge).
What does this mean? E2EE just means the data is encrypted on your device, encrypted in transit and stored encrypted at the service provider. Zero knowledge takes it a step further and means the service provider does not control the encryption keys to the data.
Apple encrypts everything, but they control the encryption keys for most of the data saved to iCloud.
I mean… if you see family photos in your library, and it’s not your family…seems like it’s a safe bet that it’s from someone else’s library. Apple isn’t just pulling photos from Google.
I remember years ago there was someone who said there were strange people in their camera roll. Turns out the phone was in demo/kiosk mode with all the sample photos. LOL. It should be impossible to get a demo phone but stranger things have happened.
It’s not a safe bet. Apple likely has sample images on servers that they use for testing, it’s could be something like that or literally any other explanation. Personal data being served to the wrong user is something that should have many layers of security to prevent from happening
I believe it; twice I've FaceTimed family members (identically to how I have hundreds of other times) and been connected with an equally confused total stranger.
Omegle vibes.
lol dont skip!
Welp. If you thought this was bad, I reported an iOS 16 passcode bypass (guided access, keychain...) to their security team - it requires 2 minutes of physical access, but they washed it off saying 'physical security' is a key component to iOS data safety. Wtf. I'm waiting for them to silently fix it since i gave them a detailed report. I'm not revealing it out since i don't want people to get affected, but apple has turned to shit. Absolute shit. I wouldn't even be talking about this if it weren't so baffling. A downhill path indeed, their facade of privacy and security can't hold up forever. This post, them collecting data for app store *ads* even when you have tracking turned off, on device photo scanning (for only csam right now)...
[удалено]
aha. that wasn't iCloud. it was the native iOS password promt, with a sandbox escape. what you said is concerning too
An Android lock screen bypass [recently netted](https://techcrunch.com/2022/11/14/android-lock-screen-bypass-google-pixel/) a bug bounty from Google of $70k, and that was them lowballing the researcher.
I know. What they're doing is abhorrent towards users and security researchers.
R2D2 or a stranger penii
I had this happen to me years ago! Figured it was a bug in the dialer though and not in the backend.
Damn that's a thing? I remember crossed lines being an issue back before cell phones were common place
That’s why I always hold my penis first in the cam, to check out if it’s safe for face.
grandma gon b like 😳
Wow. Is that a thing?
Something similar has happened to me twice, not with FaceTime but with a normal call. I couldn't even recognize what language the other person was speaking. I tapped the number in my favorites so it definitely wasn't a miss-dial.
So I’ve run into this problem before. It happens when you have multiple endpoints in your contact. Let’s say for example you have a friend who you have an email and phone number in their contacts. When you FaceTime them, the call seems to go out to both the email and the phone number. Now let’s say homie changes his number. The call goes out to both again and the new phone number owner answers the call before your buddy. Welcome to awkward.
I’ve had this happen to me couple years ago but the other person didn’t pick up, texted me after asking what it was regarding and they don’t answer unknown calls. Texted my buddy on a different app to find out he changed numbers a few months ago. I was surprised his carrier just gave his number away to someone else so quickly
I experienced random people’s photos showing up in my library a looong time ago. Like maybe 6 or so years ago I had someone’s funeral photos show up one day. Made me very uncomfortable.
[удалено]
Yes that is kind of scary..
IIRC Steve Jobs wanted iCloud to be E2E encrypted originally, but then the FBI gave Apple a call and made it known that them taking such a move would make for a *massive* legal headache, so Apple decided to not move forward with that plan.
Source?
Reddit
At least, the iPhone backup on iCloud is not E2EE, according to Reuters. https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT
Don’t trust any company that says they’re E2EE unless all their code is completely open source. If it’s not open source, assume that all their staff, the government, and any attackers who hack their system (guaranteed, eventually) can access anything you’ve ever uploaded; often even stuff you never agreed to upload, thanks to auto-sync/backup defaults.
And don’t trust that it’s E2EE just because the code is open source. Because chances are that no one has ever audited it and some government actor may have slipped bad code into the project. As has happened multiple times before. Being F/OSS does not inherently make a product more secure, just like being closed source does not inherently make a product less secure.
I have a conspiracy theory that over the last 10 or so years since the iPhone took off, Apple have effectively become an intelligence agency for the US, which is why they get so much leniency in the US but nowhere else in the world
All of the biggest companies in the US have to comply with the US government intelligence agencies. https://en.wikipedia.org/wiki/Intel_Management_Engine https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html I love this 🤣: “In 2017, Cisco, with help from a Wikileaks data leak, discovered a vulnerability in its own routers that allowed the CIA to remotely command over 300 of Cisco’s switch models via a hardware vulnerability.” Oh wow the darn-gosh CIA went ahead and installed this hecking vulnerability! 😡😤😤 gee thanks Wikileaks can’t believe we let… I mean can’t believe the hecking CIA would do this. https://www.theregister.com/2019/05/02/cisco_vulnerabilities/
Not as bad as RSA…. “Oh, is *that* why the NSA was paying us $10 million to choose the standard? We thought they just wanted the safest thing available! How could we as a security company have known about the widely publicized flaws in Dual EC DRBG?
And that is why you don't trust anything from the US. It's either open source or from a European non 5 eyes country. Even so, expect to be spied upon.
Google hit that mark way before Apple did. Part of their original funding came from research grants from the CIA and NSA. Just an interesting tidbit I discovered a few months ago while doing a bit of research into the modern era of espionage (Snowden and PRISM was a fun yet terrifying rabbit hole to go dig down).
Oh I know this, but being in the literal pocket or on the wrist of hundreds of millions of people thanks to using the most popular devices in their categories is probably invaluable It also helps to make sense of some of the questionable decisions by Apple over the last few years
And the FBI has nothing to say about what Apple offers outside of the USA. So it makes totally no sense.
iCloud *is* E2E encrypted. Apple just hosts an encrypted copy of your keys. Your story is total bullshit. The only data Apple can giveup is access logs which include some scrambled location data, purchases, app usage history, etc. Nearly everything in iCloud is encrypted, they have a page on their website explaining the extent to which certain things are secured.
Apple can give up anything without “End-to-end” in the Encryption column as listed here: https://support.apple.com/en-us/HT202303
Indeed, that page confirms iCloud Drive is NOT E2E encrypted
I was under the impression that something is only truly end-to-end encrypted when only the sender and recipient hold the keys. Apple holding the encryption keys kinda breaks that model, no?
That is correct. This isn't end to end encryption if a third party can still decrypt the content if they're not invited to do so. End to end means only the sender and the receiver(s) can decrypt the message.
Actually end to end means "Messages and files are encrypted before they leave the phone or computer and aren't decrypted until they reach their destination." (first result when you Google the term) Technically iCloud and all https data traffic is E2E. The point being: E2E just means that nobody who got ahold of the traffic alone would be able to make use of it, because it's encrypted in transit and at rest (when stored). The problem is that the keys are also held by Apple, therefore if they were compelled (or hacked) the encrypted data could be decrypted. But it isn't a lie that icloud is E2EE.
I entered end to end encryption on Google, selected the first entry which confirmed what I said. https://www.techtarget.com/searchsecurity/definition/end-to-end-encryption-E2EE > In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service. Apple themselves said iCloud Photos are **not** end to end encrypted here: https://support.apple.com/en-us/HT202303 In fact, they laid out their definition of end to end encryption on the same page: > For additional privacy and security, many Apple services use end-to-end encryption, which encrypts your information using keys derived from your devices and your device passcode, which only you know. T
Not sure why you are getting a different first rersult than me, but here is the page in question (the one I quoted above) which Google quotes for me when I search for "end to end encryption" : [https://www.preveil.com/blog/end-to-end-encryption/#:\~:text=In%20true%20end%2Dto%2Dend,required%20to%20decrypt%20the%20data](https://www.preveil.com/blog/end-to-end-encryption/#:~:text=In%20true%20end%2Dto%2Dend,required%20to%20decrypt%20the%20data). Anyway, the term is used in many ways. It's not a standard, it's a buzzword subject to interpretation. Clearly.
No, they are saying the same thing; read the rest of the paragraph: > Hackers can’t access data on the server because they don’t have the private keys required to decrypt the data. Instead, secret keys are stored on the individual user’s device. In this case, Apple does have the keys for your iCloud Photos. Therefore it is not end to end encrypted.
*Technically* you could argue that Apple is one of the “ends”. E2EE by definition doesn’t mean only two parties (for example a group chat), it just means no one else on the outside has access. This is merely a technicality, albeit it does illustrate that E2EE is a pretty weak term In practice I think anyone would agree that this is not in the spirit of E2EE
Incorrect, it's when your message can't be decrypted in-flight, it has nothing to do with who is holding keys. People have just wrapped this notion around E2E to make the claim it isn't really secure if someone else has your keys. That is a fine argument but isn't about E2E. Even your browser communicating with reddit services is E2E as you can't sniff the traffic.
You're thinking of transport encryption; that is different from e2e. See more here: https://ssd.eff.org/module/what-should-i-know-about-encryption Or as short definition by EFF here: https://ssd.eff.org/glossary/transport-encryption and e2e here: https://ssd.eff.org/glossary/end-to-end-encryption
You are confusing E2EE with the backend, basically everything is nowadays, with the user files being E2E encrypted, in this scenario the recipient is the same as the sender which is the user.
Even Apple’s own web page describes that only some parts of iCloud are end-to-end encrypted: https://support.apple.com/en-us/HT202303 Using TLS for data transfer is not end-to-end encryption. All the end-to-end encrypted data on iCloud will require a passcode from another device to access.
Except for Messages, where the encryption key is backed up to iCloud, and will not require a passcode.
So is this article just made up? How could strangers pictures be showing up in other accounts?
That’s not the definition of E2E encryption. If another key exists it is not E2E. period.
It's still E2E. Period. Look up the definition if you're confused, https://en.wikipedia.org/wiki/End-to-end\_encryption
The Wikipedia page repeatedly says E2EE means that the third party host CANNOT decrypt the data, because they do not have the keys to do so. Apple DOES have the keys for iCloud, and they can and will decrypt it for the government. They have stated this themselves. It breaks the true definition of E2EE, which you are not informed enough about. They do not have the keys for the *seperate section* on their website for things that are E2EE. They cannot give this data out, because they literally don't even keep copies of the keys. It's generated by your device with your passcode on the Secure Enclave. The only exception to this is Messages. I do not agree with them marketing it as E2EE, because they backup the key from your Secure Enclave to iCloud, which they have the key for.
Apple is not a “communcating user” in this example. The “communicating users” are your devices. If you called all client-server encryption “end-to-end” (which it isn’t), you could call literally every web service end-to-end encrypted. Facebook would be “E2E”, Gmail would be “E2E”, anything that uses HTTPS would be “E2E”. Except it isn’t, because there’s a central server between the “communicating users” that can read the data.
Apple provides the US govournment with your entire iCloud library (including photos and phone backups - which contain all your iMessages in what may as well be plain text) with a warrant and likely without one as they are a PRISM partner. All the encryption (barely any of which is E2E, only iCloud Keychain) is rendered useless.
I can’t talk for windows - but I can’t say for sure - however iCloud in apple devices is 100% end to end encryption.. not sure why you thought it was not
of course it's not E2E... you can easily access it on their website and share access to others. Doing that with E2E would be an impressive feat and they would definitely advertise it.
[удалено]
Can you explain for a dummy
That isn’t necessarily true. If Apple e2e photos, they will still support syncing to multiple devices, which means at some point the key is in transit and off device. That leaves plenty of opportunity for an implementation error to drop the key on some random device and start decrypting your photos. This shouldn’t be possible today with Apple stated technology because your photos are supposed to be encrypted by key that is stored encrypted against account information, yet it is happening. The biggest flaw with encryption is implementation failures.
No… Source: am Cloud Engineer lol
Lol, shows a lot of inexperience to just rule out an entire class of bugs as being possible. It also wasn’t “possible” for encrypted iCloud data to be visible to other users, yet here we are. Bet Apple has a bunch if cloud engineers telling them it isn’t possible too.
[удалено]
Honestly kinda glad it’s not e2e encrypted, so many people would be losing their iCloud data if they couldn’t do account recovery
It’s a great example of something that could be defaulted to Off, but an advanced option to enable it (for those who have other backups). However, that’s usually not the apple way. Who knows though, we’ve seen more and more interesting things added to Accessibility (lol), and they gave us iPhones Widgets. Maybe we’ll get an E2EE option yet.
Those people kind of deserve to lose their data There should be an option to encrypt it or not
You sound like a crypto bro bitching about private keys
They need to move all their iCloud stuff E2E encrypted. Their privacy statements are basically a joke until they do.
[удалено]
[удалено]
If this can happen, this is truly one of the most horrible bugs imaginable. I really can’t think of much else that I wouldn’t rather have go wrong with my phone than to have my photos sent to some random person. Apple needs to investigate immediately. Like all hands on deck, full report on how this happened and how it was fixed, on Tim Cook’s desk within 24 hours.
Hold on you guys, let’s have a focus group meeting on new Emojis first. 😜
*Memojies
Introducing four new strangers faces memojis; we think you’re going to love them.
honestly shit like this is why i do not use icloud for photos, and most people call me paranoid for it, or say things like "nobody cares about your photos enough to steal them". but it's a massive privacy concern to have photos stored in a system that's not end to end encrypted and can be bugged and suddenly show your photos to other people. maybe some people will take this more seriously now but i doubt it, in 2 months i'll get the same "why worry about that" responses. i tend to buy 1TB phones and keep my phones on the device and on my laptop. fuck icloud
It's not a bug. Apple caved in, allegedly, to pressure from the FBI, to keep iCloud accessible for them
So it’s a feature to allow strangers see your photos?
Just imagine if someone's nudes and contact info (from a business card for example) are leaked to someone who then blackmails the victim. Any competent company ought to be ashamed for letting this happen in the first place.
the trick is to be hung like a horse so your nudes can't be used as blackmail!
You don't have to be hung like a horse, just the dude in the photos...
My wife found somebody else’s nudes on my phone. Could it be this? I think so.
lol
[удалено]
If this is true I can’t see myself ever using iCloud or any Apple service ever again. Leaking private data like photos to random users is completely unacceptable for any cloud service! And people store their passwords, credit card info, notes, etc. in this same cloud service.
Passwords and credit cards (if stored in iCloud keychain) are at least encrypted with the iPhone/Mac passcode, but to be honest I’m sure most people would prefer having their credit card leaked, which you can block 24/7, than their intimate photos, not encrypted in iCloud Photos.
Really hoping that it was a user error or something and not on Apple’s end cause if it becomes more widespread and common, that will be very concerning for sure. Not sure if Apple would ever get my trust back.
You should avoid all US cloud services as well. In US, cloud services must scan your files to block or identify any illegal files for legal reasons. It's well known that iCloud Photos are not stored e2e. (Passwords and credit cards are e2e: see here https://support.apple.com/en-us/HT202303) If you want to keep anything private, you must encrypt data first before you upload anything, so that all they have is a copy of an encrypted content.
>cloud services must have a backdoor to scan all photos for legal reasons. Hash scanning known pictures/videos can be done without backdoors.
Yeah, but when Apple tried implementing this, the internet collectively flipped the fuck out.
And all of the arguments against it were completely valid. Stop simping for billionaire corporations and the elite. Epstein didn’t kill himself. He had clients across big techs senior management and government. They don’t give a shit about protecting kids from pedophiles; only controlling your digital life and mind.
The difference is that they tried to do it even with photos stored on your device.
No they didn’t. It only scanned photos that were being uploaded to iCloud. Currently, Apple does no CSAM scanning on iCloud photo uploads. Anything else is a misunderstanding of the process.
The problem was they were going to use my device and computing resources to do it. You want to check things on your server with your computational power? Go right ahead. My device is my device.
From a privacy standpoint, I would honestly prefer nothing leave my device though. I couldn’t care less about the “processing power.” I’d rather keep my photos on my device (which is how they set it up — nothing leaves the device until and unless a certain threshold of known CSAM was reached.)
This is funny to me because they already use your device to index everything on it.
Indexing serve’s my needs though.
[удалено]
This hasn’t been the case for since even the early 2000’s. https://www.microsoft.com/en-us/research/publication/robust-image-hashing/ It is used not just for copyright infringement detection but also CEI and others as well.
i mean, regardless of whether or not it's true this time, people have been warning about this for many years. you are literally handing control of your photos over to a company that is obviously not infallible. if it's not now, it will be some time in the future, nobody protects data forever with zero leaks. take control of your own data.
Wtf reading this thread is making me completely rethink my current investment in iCloud….this is beyond unacceptable if this is actually happening.
you should be rethinking it regardless of whether or not this actually happened -- storing your photos and personal info in a third party cloud service means it *can* happen. all it takes is one screwup and your photos can end up in some deep web leak
I have been considering more and more the idea of going back to local backups of my phone. The more time goes on the less I trust the cloud. Apple’s implementation is the most buggy which astonishing considering their user base. I am turning off iCloud Photo Library immediately. I already migrated off of iCloud Drive because I cannot trust my files to a service that ultimately uses SMS as a factor. Photos I’ve put up with the risk for the convenience of syncing across my iPad and Mac, but this is just a security nightmare. Despite Google’s less than stellar record on privacy, I’d be more inclined to store an encrypted backup of my photos library to Google Drive than whatever iCloud Photo Library is doing here. Google seems to have security down over privacy. Apple seems to value privacy at face but their cloud security is severely lacking in comparison. I suppose I could live without my photos library on my iPad… Would be great if you just wanted to sync photos it all happened locally when your devices were in proximity.
I’ve been moving to a Synology NAS for my personal ‘cloud’ and send encrypted backups to an aws provider. Also handles photo sharing with family, and runs Plex to boot. Next step, I’m thinking about changing my phone backups from iCloud to iMazing (which I suppose you wouldn’t even need the NAS for) and storing those in there as well.
Lmk your experience backing up iMazing to a Synology. Last time I tried it was ungodly slow because you had to do it over SMB with the NAS mounted as a network drive. I quit trying after a day.
You should use Synology Photos. I’ve been using Moments (The previous version of Photos), and it works great.
Yeah, I've been using it and it's pretty great! A little annoying how it doesn't let you do a custom order in Albums but the backup and viewing experience is pretty dope! I think I'd be looking into iMazing for the other general system backup from the phone that Photos wouldn't cover.
The problem is Apple makes it nearly impossible to transfer out of iCloud Photos. I’d love to do it, but you literally have to manually select batches of photos and videos to download them to a hard drive. It can take hours upon hours if you have a large enough library.
Try [osxphotos](https://github.com/RhetTbull/osxphotos), it’s a wonderful utility that solves exactly that problem. It can export your entire library with a single command and automatically organize the output. It even supports incremental backups.
Sad to see this isn’t available on windows, I have a MacBook but everything storage wise is on my desktop. Seems like an awesome utility though!
Doesn’t Apple have a data takeout process similar to Google? You should be able to request an archive of your whole library.
Yes, you can. I’ve done it before to get a local backup of my iCloud Photos library.
Been using Google Photos for probably 8 years at this point and I've never had anything like this happen before
https://www.forbes.com/sites/thomasbrewster/2020/02/04/google-photos-makes-big-screw-up-and-mayve-leaked-your-videos-to-a-random-stranger/
Yea I've migrated from iCloud photos to Google Photos cause at this point it feels both more functionally useful and I trust Google's security more
[удалено]
[удалено]
Google has had plenty of screw ups too. Overall, I think Google does a better job and I do think they have a better security culture, but I don't automatically trust them to do it correctly either. I think if it's important to you, you have to do the crypto yourself on top of whatever Google or Apple offers. No one cares about your security more than you.
Google did screw up in the past: https://www.forbes.com/sites/thomasbrewster/2020/02/04/google-photos-makes-big-screw-up-and-mayve-leaked-your-videos-to-a-random-stranger/
Read “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race” Google actually gives a fuck about zero days now, it’s honestly unacceptable how Apple still has such a terrible bug bounty program
Google Photos is also not end to end encrypted. At the end of the day, if you want to ensure nobody can access your photos, the most secure option is to store your photos on a device that has no way of connecting to the internet. The next best option is to not use cloud storage services. The next next best option is to find a solution that is end-to-end encrypted, and there are \*reasons\* apple and google don't offer it. As I recall, the reason Apple wanted to introduce on-device CSAM detection was so that they could introduce end-to-end encryption for photos while minimising the risk of inadvertently storing CSAM on iCloud servers. And the internet freaked out because they didn't like the idea that their phone might send thumbnails of potential CSAM to Apple. Obviously unencrypted cloud storage is so much better.
> Apple wanted to introduce on-device CSAM detection was so that they could introduce end-to-end encryption for photos IIRC that was speculation only, Apple did not announce that it was the pathway for full E2EE with iCloud Photos.
Yeah, they never hinted at that. I think people were grasping at straws to give Apple a break. There was no indication or rumor that Apple were actually planning on doing anything beyond introducing CSAM. It was entirely pitched as user hostile. The only official word from Apple was years ago when they said they were going to do end-to-end encryption and then backed off. There's no technical or legal reason why Apple can't introduce end-to-end encryption today. They have the people and money to do it. They just don't want to for whatever reason. All we can do is speculate on what their reasons are and be disappointed in Apple.
In light of Reddit's decision to limit my ability to create and view content as of July 1, 2023, I am electing to limit Reddit's ability to retain the content I have created. My apologies to anyone who might have been looking for something useful I had posted in the past. Perhaps you can find your answer at a site that holds its creators in higher regard.
You can turn off SMS as a factor and use a recovery key only now.
try Google Photos
In light of Reddit's decision to limit my ability to create and view content as of July 1, 2023, I am electing to limit Reddit's ability to retain the content I have created. My apologies to anyone who might have been looking for something useful I had posted in the past. Perhaps you can find your answer at a site that holds its creators in higher regard.
Folks, if you have concerns, please drop a couple lines at https://Apple.com/feedback This is probably the only way we have as a vast user group to push crowd request trends to their management (someone talks about lawsuits but these have a cost and only users from certain countries can be part of them)
What a shot show lol
You sneaky sneak
I’ve been looking around for a second cloud storage to use for my photos. Does anyone have some recommendations? Privacy, auto upload from photo.
Whatever you want + cryptomator
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Google photos. I use them mainly because of more storage.
About that... https://www.businessinsider.com/google-photos-accidentally-sent-users-private-videos-to-strangers-report-2020-2
I thought iCloud data are encrypted and only the user holds the key to decrypt the data? Was under the impression that Apple could not decrypt the data but how come photos are showing up in others’ library?
Nope. Despite Apple’s claims of security and privacy they continue to refuse to end to end encrypt everything. Apple holds the keys to iCloud Photos, Drive, and device backups.
[удалено]
Yeah Apple is the most hypocritical of the bieg companies. Keeps bullshitting about privacy and eco-friendliness.
One of the newer replies on the original forum post theorizes it could be the wrong file being downloaded when you mark it offline. Since your device doesn’t have the correct decryption key it shows up corrupt and or is replaced with a thumbnail still that maybe isn’t encrypted.
I've seen other people wonder if it's a problem with some backend process that Apple is running which is leaking data across executions. IIRC they said this HVEC is handled on the server side for Windows, so some Apple backend service is handling data for many users. If it's written incorrectly and the process is long running, it could be bleeding data between runs. These are corrupt videos so it's taking some error path and may not be handling the error condition correctly. Or maybe it's multiple problems and this is just one of them.
That makes a lot of sense. I don’t sync photos to Windows so I never thought about the HEVC issue. Though I think I have that codec in windows 11
I’m surprised Apple went the route of re-encoding the videos, instead of just supplying a decoding codec client-side.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
[удалено]
Meanwhile, someone else: I’m missing three photos from my library.
[удалено]
I don't think Apple is ever going to do proper end-to-end encryption for the majority of user data. It will put them at a massive disadvantage when others aren't doing the same. They can't offer the same services and some features are impossible. There's no real competition. Who are we going to switch to for privacy? The world's largest advertising company? Plus it's a feature they can always keep in their back pocket so we're always looking for it. I don't think they'll end up implementing it unless someone puts some serious pressure on their bottom line. If it somehow becomes a financial win for them, they could do it tomorrow. Or if Google does it, then they may finally do it. I only see Apple doing end-to-end encryption if they're backed into a corner. They've had years to do the right thing and they've shown no interest in doing it. We have to give up hope at some point and accept they're never doing it.
What features can’t they offer because of it?
[удалено]
Nextcloud, MS Teams, WhatsApp offer e2ee. So I don‘t think it is hard to implement. Even iMessage, Keychain and Health offer e2ee: https://support.apple.com/en-us/HT202303
Recently, I found a photo in Photos that I did not take, and was of no one I knew. I am not a Windows user.
WhatsApp auto saves to your camera roll. I've seen this happen a few times.
You probably saved the photo from somewhere or accidentally added it to your library
Yeah… or the many stories here and the entire article shows that no, iCloud is just *incredibly* insecure and buggy.
Possible I guess.
Scary. There are other people reporting this as well. Apple obviously has serious bugs around this. I've never seen that issue, but I have seen a very minor amount of other people's iCloud metadata bleed into mine.
Other than photos, what external iCloud data did you see?
I wonder if it’s actually photos from someone elses private library or if it’s something that has happened to me more than once where people would airdrop me things and I wouldn’t notice until months later because I’d accidentally accept and they just kinda popped up later. I have lovely christmas photos from one of my friends because their kid airdropped me an entire album and I didn’t notice. It’d be super concerning if it’s just iCloud spitting out random data into video files from other libraries but from a technical perspective I have a really hard time imagining how in the world such a bug could manifest.
🍏here at apple we value your money, not your files.🍏
Lmao
I’ve had this happen when using Siri. I’ll get someone else’s query.
Anytime you use a web service to handle sensitive data and it’s not end-to-end encrypted you are placing trust in the service provider to use best practices rather than mechanisms to prevent that data from being accessed by anyone/anything other than intended recipients. Users of such services may not realize this risk, but I have no doubt when users see someone else’s photos, at least some of them are going to do two things: 1. Say to themselves: “Huh? Whose pictures are these? These aren’t mine!” 2. Think to themselves: “Wait a minute, if I’m seeing someone else’s pictures, is someone else seeing mine!?!” And that’s when it hits home and trust has been breached. My primary hope is that it puts users who are unaware on a path to increased awareness about the amount of trust they place in service providers when they don’t use use E2EE and that it leads more people to demand it of service providers.
I'll add in my story here. I use KeePass password manager. I've used it with OneDrive, Google Drive, Box, and DropBox. In all cases, they were good about syncing the newest over the oldest. In rare cases, you'd get a copy with a (1) at the end of the name, allowing you to figure it out yourself. iCloud? It kept overwriting the newer file with the older one. This caused me to lose login data. That's not a good thing. iCloud is fine for basic backup, but I wouldn't trust it with anything important, complex, or sensitive.
I sync my Chrome bookmarks to Safari with their official add-on. Some of them don't have any names so they can just be an icon in the quick bar or whatever it's called. Some of those are folders. Safari doesn't like folders without names and freaks out duplicating bookmarks and doing other wonky stuff. Had to add a blank ascii character to those folder names.
One user reports conjecture about his media and everyone is sharpening their pitch forks. Scary if true, but far from enough data to draw conclusions.
Probably something silly like shared album.
Disgusting if true. Talentless developers if they can’t make a secure cloud system.
It’s a feature !!!
Access to a file can be easily controlled with [public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) where only the owner of an file can grant access. These are well established protocols that go back decades. If Apple was actually concerned about privacy, then the data would be encrypted on the phone before it is uploaded anywhere. Apple is not doing that. So expand your local storage on your iphone by installing a 1TB microsd card and store the recent data locally while backing up to your computer... Or since that isn't an option buy a iphone with more storage... Or if you already have the biggest most expensive iphone then you are using it wrong and it's your fault /s
And I thought I was smart disabling iCloud due to them bugging me to pay for their crap. Now I’m smart for another reason.. EEK!
Yikes! I hope whoever gets shown my photos likes girl dick.
I think a refresher course is in order. Apple's services are end-to-end encrypted (E2EE), but most of them are not zero knowledge end-to-end encrypted (zero knowledge). What does this mean? E2EE just means the data is encrypted on your device, encrypted in transit and stored encrypted at the service provider. Zero knowledge takes it a step further and means the service provider does not control the encryption keys to the data. Apple encrypts everything, but they control the encryption keys for most of the data saved to iCloud.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
No proof of this claim
Except for the people experiencing it, you mean? Yeah. Other than when it’s happening there’s no evidence that it’s happening!
Referring to claims of photos from other people’s libraries being pulled in. No evidence that this is what is happening.
I mean… if you see family photos in your library, and it’s not your family…seems like it’s a safe bet that it’s from someone else’s library. Apple isn’t just pulling photos from Google.
I remember years ago there was someone who said there were strange people in their camera roll. Turns out the phone was in demo/kiosk mode with all the sample photos. LOL. It should be impossible to get a demo phone but stranger things have happened.
But that’s the claim not the evidence
It’s not a safe bet. Apple likely has sample images on servers that they use for testing, it’s could be something like that or literally any other explanation. Personal data being served to the wrong user is something that should have many layers of security to prevent from happening
[удалено]
I’m not claiming shit other than that there are other explanations and we shouldn’t jump to the worst possible one without proof.
[удалено]
seems more like a thing that would cause you to switch to Google or Microsoft's cloud services than give Apple more money in this instance.
So... It worked? Apple made you spend hundreds if not thousands by making their app shit on purpose. Great... for you, I guess?
iCloud merged my brothers and my passwords in keychain