Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think Apple encrypts the pass keys locally on your device, then stores encrypted copies in iCloud, which you can download and decrypt on a new device.

On the new device you would be prompted for the passcode of the device you lost or broke, to decrypt and access them.



iCloud (and anything on iCloud) is explicitly not encrypted, though [1].

[1] https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...


This is false; some data is end-to-end encrypted, including Health and Keychain data. Photos, contacts, and Drive are "encrypted on server" which means Apple can read them.

https://support.apple.com/en-us/HT202303


That’s not universally true.

https://support.apple.com/en-us/HT202303

> If you forget your password or device passcode, iCloud Data Recovery Service can help you decrypt your data so you can regain access to your photos, notes, documents, device backups, and more. Data types that are protected by end-to-end encryption—such as your Keychain, Messages, Screen Time, and Health data—are not accessible via iCloud Data Recovery Service.


That’s iCloud backups, not everything icloud. iCloud Keychain is encrypted (https://support.apple.com/en-gb/guide/security/secdeb202947/...) tho I’mnot sure I trust their escrow system to not escrow data to the gov if asked.


Data in iCloud is going to be encrypted by the host provider in-transit and at rest. That is not the same as being encrypted at the source by Apple. It means that Google, Amazon, Azure (and whatever other platforms Apple uses for iCloud storage) will be doing that encryption with keys that they have for Apple. All the major vendors have storage encryption both in-transit and at rest. I suspect that it would be a requirement from Apple for any future vendor, too.

It does mean that the data is not sitting in clear-text form on the provider's disks. But the exact details of that encryption may vary from provider to provider.


Photos need to be encrypted on server so they can be scanned for CSAM. Apple tried to move that bit to the phone so they could encrypt photos on server too, but we all know how that went.


Literally in the article:

> Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.

> But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: