Saturday, November 1, 2014

How Safe Are Your iCloud Photos?

I saw an article of the same name today but I didn't read it. With most of the mainstream medial spewing nothing but FUD (fear, uncertainty, doubt) these days, it's hard to separate the real uncertainty and doubt from what they play up to get more ad impressions and sell more clicks.

The answer is that your photos are as safe as a company like Apple can make them and still be able to hand them over to anyone with an official looking piece of paper, which is a long list. These are the so-called "back-doors" which can be and are used by Apple whenever it so desires. Many people agree with this process, as more often than not, that data is compromised to catch the bad guys.

My only problem with the equivalent of giving the banks keys to my house is that I understand completely that the bank doesn't give a single shit about me, and it would be in its best interest to have the keys to my house, where it wouldn't really be in my best interest at all. I doubt anyone these days is naive enough to think that a company like Apple is doing anything but putting itself first when it has the keys to your data.

Also, a back door is essentially a weakening of your encryption and goes against the whole paradigm of encryption in the first place, which is to guarantee that the owner, and only the owner can get to the data. Every key to your house (and your data) is one more key that can fall into the wrong hands. Every intentional weakness put in to help the good guys can just as easily be exploited by the bad guys. That's what a weakness is. And making any weakness intentional is incompatible with the whole concept of encryption.

So the ultimate answer to how safe your data is, goes something like this: Your photos and other data are not safe in the cloud. Or put another way: your data is about as safe as Apple is caring. Unless you are encrypting the data yourself outside of and completely separated from the cloud (which you probably aren't) and doing it correctly (which is doubtful,) then it's best to just assume that anybody who wants your data already has it. This is the grim reality of privacy today.

In fact, that's what's truly protecting your data. Programmers call this "security through obscurity" and it's the only thing keeping your data safe most of the time: the fact that probably nobody wants it. Nobody has hacked my photos and plastered them on the web. But just for the record, my left side is the good side.

Of course you could always encrypt all your important data like photos yourself, and that way anything in the cloud with your name on it is already encrypted by you personally with only one key. That way anyone who is able to strip Apple's encryption from your data is going to run face first into your encryption, but where would be the fun in that...

No comments:

Post a Comment