iCloud: secure and reliable?

acme · 04-04-2012, 05:53 PM

I'm considering configuring iCloud for myself..no clue how secure it or any Cloud is...

any thoughts on this?

thank you..

a

NaOH · 04-04-2012, 06:14 PM

Ars Technica had an easy-to-understand writeup about this the other day. The one-sentence summary is that data is encrypted while in transit to Apple servers, but Apple could decrypt and view iCloud-synced content if it chooses.

http://arstechnica.com/apple/news/20...ty-privacy.ars

acme · 04-04-2012, 06:16 PM

ah..I suppose that makes sense...thank you for both the Ars link and the nutshell of their story.

a

SirDice · 04-05-2012, 01:31 AM

I don't trust any cloud service, including iCloud. Mainly because I don't trust the American government. They seem to think they have a right to go through my data even though I'm not an American citizen and I don't live in the US.

If and when they get a court order is a different matter but with Protect IP and the Patriot Act they don't need one.

If you put something in the cloud make damn sure you encrypt the data before uploading it so only you can decrypt it.

agentx · 04-05-2012, 08:44 AM

@sirdice I do agree with you as far as US cloud services and "security".
The US govt have laws in place to basically do WTF they want regardless of your citizenship.

We have had to stop using US hosted services for compliance with UK/EU laws at a few sites. It has been a pain moving from some of the offerings. IMHO any good cloud service provider should be looking into full geo-located services so users can choose where data is stored.

However overall iCloud is a pretty secure service (well as secure as your password) and they are using a "token" based system too which is better than most simple authentication methods.

I do use iCloud but not for docs. Hey the US gov can look at my personal email, diary and contacts and overall i do not care as firstly i am doing nothing "wrong" or dodgy and secondly there are bigger fish to fry ;-)

As such one of the main security issues with iCloud data is from iOS Apps which can access/upload your data with a mildly cryptic message saying we need to "connect to address book" rather than fully disclosing what they are actually doing ie. uploading all your info to a third party server and storing and accessing info. I know Apple will be putting this right but it has been going on already so they have the data already ! damage done IMHO.

SirDice · 04-05-2012, 09:53 AM

Quote:

Originally Posted by agentx


	IMHO any good cloud service provider should be looking into full geo-located services so users can choose where data is stored.

As far as I know this doesn't matter to them anyway. Even if the data is stored in Europe they still think they can get their grubby little hands on it simply because the company that manages it is American.

Quote:


	Hey the US gov can look at my personal email, diary and contacts and overall i do not care as firstly i am doing nothing "wrong" or dodgy and secondly there are bigger fish to fry ;-)

Ah, the age old "I've got nothing to hide" mantra. Everybody's got something to hide

agentx · 04-05-2012, 12:31 PM

Overall I agree I don't want them having that power but wtf can we do ?
They are trying to do the same in UK at the moment. Hopefully it can be blocked but I am pretty sure there is plenty of intercept going on under the legal radar already.

I was trying to make light of frankly worrying and complex issue of our liberty and privacy. So I believe we are on the same page.

acme · 04-05-2012, 12:43 PM

I don't trust anything Cloud, either, no matter whose cloud product it is.

I see people and companies jumping in head first without even making sure there's water in the metaphorical pool, all of them thinking: Wheeeeeeeeee! the cloud!!! Yippeeeee!!!!!!!!

I have absolutely nothing nasty or evil in my information, but I do have something precious and sacred over all of it: my privacy.

thank you all for weighing in on this!

a

NaOH · 04-05-2012, 12:56 PM

I assume people concerned about privacy when it comes to the idea of cloud computing are also making certain to avoid things like credit and debit cards, ATMs, cell phones, SMS, email, online shopping, a mortgage, and loads of other common activities. And don't forget to use Tor, people.

agentx · 04-05-2012, 01:14 PM

At the end of the day cloud is term that is banded about. Our email has been in the cloud for years, www defined the cloud. There are many types of cloud services not quite as infinite as real clouds.

Overall if Dropbox inc let us use our own encryption keys I would happily use it full time for all data. CrashPlan do it and I like that model. Try and hack 448bit US gov and now you have my family pix.

Also overall we leak more data on day to day usage of technology, financial transactions, loyalty cards etc than would on many cloud based systems.

04-04-2012, 05:53 PM	#1
acme MVP Join Date: Jan 2009 Posts: 1,667	iCloud: secure and reliable? I'm considering configuring iCloud for myself..no clue how secure it or any Cloud is... any thoughts on this? thank you.. a

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

04-04-2012, 06:14 PM	#2
NaOH Hall of Famer Join Date: Dec 2007 Posts: 3,641	Ars Technica had an easy-to-understand writeup about this the other day. The one-sentence summary is that data is encrypted while in transit to Apple servers, but Apple could decrypt and view iCloud-synced content if it chooses. http://arstechnica.com/apple/news/20...ty-privacy.ars

04-04-2012, 06:16 PM	#3
acme MVP Join Date: Jan 2009 Posts: 1,667	ah..I suppose that makes sense...thank you for both the Ars link and the nutshell of their story. a

04-05-2012, 01:31 AM	#4
SirDice MVP Join Date: Aug 2009 Posts: 1,119	I don't trust any cloud service, including iCloud. Mainly because I don't trust the American government. They seem to think they have a right to go through my data even though I'm not an American citizen and I don't live in the US. If and when they get a court order is a different matter but with Protect IP and the Patriot Act they don't need one. If you put something in the cloud make damn sure you encrypt the data before uploading it so only you can decrypt it.

04-05-2012, 08:44 AM	#5
agentx Hall of Famer Join Date: Feb 2003 Location: Brighton, UK Posts: 3,806	@sirdice I do agree with you as far as US cloud services and "security". The US govt have laws in place to basically do WTF they want regardless of your citizenship. We have had to stop using US hosted services for compliance with UK/EU laws at a few sites. It has been a pain moving from some of the offerings. IMHO any good cloud service provider should be looking into full geo-located services so users can choose where data is stored. However overall iCloud is a pretty secure service (well as secure as your password) and they are using a "token" based system too which is better than most simple authentication methods. I do use iCloud but not for docs. Hey the US gov can look at my personal email, diary and contacts and overall i do not care as firstly i am doing nothing "wrong" or dodgy and secondly there are bigger fish to fry ;-) As such one of the main security issues with iCloud data is from iOS Apps which can access/upload your data with a mildly cryptic message saying we need to "connect to address book" rather than fully disclosing what they are actually doing ie. uploading all your info to a third party server and storing and accessing info. I know Apple will be putting this right but it has been going on already so they have the data already ! damage done IMHO.

04-05-2012, 12:31 PM	#7
agentx Hall of Famer Join Date: Feb 2003 Location: Brighton, UK Posts: 3,806	Overall I agree I don't want them having that power but wtf can we do ? They are trying to do the same in UK at the moment. Hopefully it can be blocked but I am pretty sure there is plenty of intercept going on under the legal radar already. I was trying to make light of frankly worrying and complex issue of our liberty and privacy. So I believe we are on the same page.

04-05-2012, 12:43 PM	#8
acme MVP Join Date: Jan 2009 Posts: 1,667	I don't trust anything Cloud, either, no matter whose cloud product it is. I see people and companies jumping in head first without even making sure there's water in the metaphorical pool, all of them thinking: Wheeeeeeeeee! the cloud!!! Yippeeeee!!!!!!!! I have absolutely nothing nasty or evil in my information, but I do have something precious and sacred over all of it: my privacy. thank you all for weighing in on this! a

04-05-2012, 12:56 PM	#9
NaOH Hall of Famer Join Date: Dec 2007 Posts: 3,641	I assume people concerned about privacy when it comes to the idea of cloud computing are also making certain to avoid things like credit and debit cards, ATMs, cell phones, SMS, email, online shopping, a mortgage, and loads of other common activities. And don't forget to use Tor, people.

04-05-2012, 01:14 PM	#10
agentx Hall of Famer Join Date: Feb 2003 Location: Brighton, UK Posts: 3,806	At the end of the day cloud is term that is banded about. Our email has been in the cloud for years, www defined the cloud. There are many types of cloud services not quite as infinite as real clouds. Overall if Dropbox inc let us use our own encryption keys I would happily use it full time for all data. CrashPlan do it and I like that model. Try and hack 448bit US gov and now you have my family pix. Also overall we leak more data on day to day usage of technology, financial transactions, loyalty cards etc than would on many cloud based systems.