Can confirm. I've had someone contact me on snapchat and show me screenshots of Apple's internal tools and offer to run queries for $$$. He was willing turn off 2FA, change the email, and reset the password (thus, giving me access) for $$$$.
He told me that he texts a friend who calls and pretends to be the customer in question, and texts him all the verification questions he has to ask as part of SOP.
Many AppleCare employees work from home, so I can see it is difficult to track and stop this sort of thing.
I emailed security@apple.com and never received a response.
Generally, when I need to get the attention of big tech corporations I talk to a friend who works there. Unfortunately, I don't really know anyone who works at Apple.
If HappyTypist isn't comfortable emailing my @apple.com email address they can file a bug at https://bugreport.apple.com and email me the bug # instead.
Assuming this story is true, I would personally like to catch the person responsible.
Oh snap. And Apple has been touting itself as the champion of privacy in comparison with Google, Facebook and Microsoft... This doesn't look good for them
For my point it doesn't matter what the nature of the information is. Both Apple and the NSA want their people to keep secrets secret. But I think the NSA goes a fair bit further to prevent their employees from leaking far more sensitive info, and leaks still occur.
In the end, this is a problem with _all_ cloud services that do more than just _store_ data. If it does anything with your information at all then it's possible for an insider to look at it.
Technically speaking, you are correct, but so what?
It does kind of sound like victim blaming, but if you store a bunch of cash under your mattress, don't be surprised if someone tries to take it.
Likewise, if you store a bunch of customer data, someone will try to come and take it. If you make it accessible to anyone other than the customer, you can't act surprised if someone takes it.
It's not Apple's policy to sell information. This is employees engaging in criminal behavior. Still not good for Apple, but it's correctable (firing and pressing charges as appropriate; institute stronger internal policies on both hiring and information access). Facebook and Google can't stop selling our information without going out of business (or a major pivot).
It kind of doesn't matter though. They are still the cause of a bunch of data being leaked through their actions. They should be held accountable for it whether it was intentional or not.
Your point is very valid, but the crime being committed against their customers is also very valid.
Is Apple storing everyone's data in China / do these 'bad apples' in China have access to every iCloud customers or is it just a local Chinese concern?
Hoping comments can resist the urge to turn this into an apple bashing thread.
Having someone purposefully steal your data from the inside doesn't mean you don't care about privacy.
They likely won't reveal anything but I'm curious how they could get the info out of Apple systems. Most companies of Apple's size lock down work stations to the point of slowing down workers efficiency to keep customer data safe. Especially with their over seas operations.
The article author couldn't determine from the police statement if the criminals had access to just chinese customer data or foreign customer data as well. If the criminals had access to foreign customer data as well that would a failing on Apple's part (and might result in some sanction in Europe for example which has been placing more emphasis on the privacy of its citizens' data with American companies after the reveals from Snowden)
Hum. No one is giving some slack to a bank for having rogue employees. Part of the job of being a large organisation is ensuring your employees do not misbehave. In this case at the very least ensure they have minimum access to users data.
Or setting up the technology so nobody at apple can even access the unencrypted data. Much more effective than policies that you expect people to follow.
I work at a fairly security conscious company, and the only data I can't access is that encrypted at the consumer's end.
> Having someone purposefully steal your data from the inside doesn't mean you don't care about privacy.
True, Apple cares much more than average. It shows that our current tech world has such a poor emphasis on privacy that even the companies that care most still screw up big.
Interesting that you say that, because Google is constantly being bashed here for it's lack of privacy concerns (rightly so, IMO). When Apple makes the similar mistakes, I feel that they should also be bashed. I don't think of them as an "evil" company, like Google, but they do seem incompetent, or maybe more fairly: focused on the wrong things.
They've touted before that they are the company to use if you want your data to remain private and secure, but continue to act in direct violation of that. This seems highly problematic to me, and, IMO, they should be raked over the coals for this.
This is always the argument that makes my friends and family call be paranoid in data privacy discussions: "Even if the company has good intentions when they collect your data, there's no telling who else might end up with access to it in the future."
Obviously this is bad overall, but at least now I can point to a specific example of this happening.
One perspective is that every company gets to screw this up once and then has to get serious about privacy.
But it's possible this is happening all the time, victims don't know their saas vendor was complicit in releasing their information. If the companies ever catch the perps, they're quietly fired in exchange for a non-disclosure agreement that serves the interests of all parties (except the consumer).
> Reporters successfully obtained a trove of material on one colleague — including flight history, hotel checkouts and property holdings — in exchange for a payment of 700 yuan (US$100).
So it's not just email addresses / metadata from iCloud. This implies that 1) at least some iCloud data is stored unencrypted at rest, and 2) employees can query this data using internal tools.
This does not necessarily imply that the data is unencrypted at rest. The query tool or the query backend could handle decryption seamlessly. S3 offers similar encryption at rest that is invisible to authorized requesters. If the story was that someone raided an Apple data center, stole hard drives, and leaked customer data, then we would have reason to assume that.
I assumed "encrypted at rest" to mean encrypted with the user's passcode, meaning it could only be decrypted from a properly authorized user session, not some internal apple tool.
From my understanding, that is how Apple encrypts on device. They don't use this with iCloud data at rest and instead maintain encryption keys themselves [1] so in the event of, for example, a user losing their credentials, they would still be able to assist.
> Privacy advocates and privacy caring IT specialists have repeatedly asked Apple to offer such an option, but so far Apple has decided that regular people would turn such an option on, forget their password, then ask Apple for help and would be unhappy with their brand experience if Apple could not help them out.
Always wondered that about encryption at rest as a feature in cloud services. The key is stored in the same system somewhere (or your app wouldn't function). A rogue employee can find the key if they want. So what is the practical benefit?
AFAIK, encryption at rest protects against a very specific threat. That is, someone goes into the data center, turns off your server, and steals the hard drive.
The preceding sentence seems to indicate that is referring to black market information from government databases, which is its own problem, but isn't related to iCloud.
Suddenly potential workings behind celebrity nude photo exposure scandals, the most recent one just a month/weeks back, becomes more clear. Of course, brute forcing, weak passwords, or phishing, may still have happened, but this sure sounds convenient and perhaps not even expensive for hackers sharing the cost. It also sounds troubling with government staff exposure and all.
In fairness I don't think this was necessary for the celebrity leaks. With a celebrity, with much of their lives being public knowledge I can imagine it was probably easy enough to guess their security questions.
Apple does not allow your iOS iCloud data to be encrypted in a manner where Apple cannot access it. As is alluded to in this article.
Privacy advocates and privacy caring IT specialists have repeatedly asked Apple to offer such an option, but so far Apple has decided that regular people would turn such an option on, forget their password, then ask Apple for help and would be unhappy with their brand experience if Apple could not help them out.
If Apple would implement such an option where Apple could not access your data, shenanigans like the ones outlined in the article could not happen. It would also allow people who feel the state will misuse their info use iCloud for the first time.
There could be something good that comes out of this. These bad news could pressure Apple into finally offering an optional iCloud service where only you can see your data.
Answers to likely responses: "just use a different cloud service": on iOS, for cloud backups, there are no alternatives: it's iCloud or nothing.
On mobile, the only realistic alternative is Android, which is a privacy and security nightmare.
On general purpose computers, Linux is better from the perspective of privacy. But for large parts of the general population, Windows is the only realistic alternative. And we know how important privacy is to Microsoft these days :(.
How many of the Android devices are using the latest version and what's the option for the rest of them, excluding rooting? There are many advantages of Android, but this is not one of them.
I suspect most privacy problems come down to the apps on the users device for both platforms, but in terms of security Android is worse overall because of the abysmal rate of updates, and lack of widespread backing store encryption. That leaves a lot of Android devices open to shady apps and data loss after theft.
Both platforms can always do better of course, and should learn from each other. But to pretend device security hasn't been a genuine focus for Apple is blinkered.
Only if your only source of information about Android is WWDC keynotes.
Don't be silly. Google's own dashboard shows that the vast majority of devices are running old versions of Android with known security vulnerabilities:
Besides that, most likely >99% of the users are using a device with Google Play Services and other Google applications. It is no secret that Google mines pretty much all data available for advertising purposes (as outlined in their privacy policy).
Moreover, most Android devices use no or weak device encryption. The Google App Store has a rich history of applications slurping all kinds of data (though things will probably get better with fine-grained permissions).
And then we haven't even talked about Asian and American vendors that 'accidentally' install third party spyware:
I recently discovered CopperheadOS [0], and I've been playing around with it on my old Nexus 5X. It's very barebones, but you can pick up good open alternatives to most closed software on F-droid. I'm still not ready to drop Google services completely, but it looks promising.
If you're willing to pay the premium, they sell the Pixel and Pixel XL with CopperheadOS loaded.
Answers to likely responses: "just use a different cloud service": on iOS, for cloud backups, there are no alternatives: it's iCloud or nothing.
Moreover, in the case of Apple this could actually be productive. They have been pushing the privacy angle. Let's not forget that this is the company that pushed out end-to-end encrypted chats to tens (hundreds?) of millions of users before Whatsapp did it.
If Apple offered this option, this would be a boon to tens of millions of people, which is far more productive than a few experts moving to relatively obscure alternatives.
Apple could utilize their newer devices' capabilities of finger print recognition. If you don't have a device capable of this, you don't get encryption. Sound very Apple™.
Genuinely trying to get an understanding of the pros and cons here, but is there any guarantee that this, or any other, data theft ring used iCloud? I mean, let's say I have an iCloud and it is encrypted in a completely secure fashion such that even Apple cannot access it. Well couldn't this ring have just collected my phone number, Apple ID etc etc from some other Apple database?
Maybe I'm misunderstanding the threat here, but it seems to me that this is not going to be fixed by simply encrypting iCloud. Sure, that would be part of a comprehensive response, but the main problem seems to be that these people had access to internal Apple databases. To my mind, "internal" means everything from retail POS data to iTunes.
I guess I'm trying to understand why encrypting iCloud would prevent a ring of internal Apple employees from gathering a person's information and selling it?
And, to be frank, it's concerning because it's not just Apple. What stops a group of internal employees of any company from gathering a person's information and selling it?
What are needed are strong guarantees about data security internal to these companies. My background is in health care technology, so the analogy I would make is HIPAA. But we need HIPAA for everything instead of just for healthcare information. Right now if employees of enterprises outside healthcare access a person's information and they don't sell it, they're just checking on a friend, there is no liability for that. Under HIPAA you're fired at a minimum. That's what we need.
Given the way iCloud security works I'm not sure iCloud was breached at all [1]. Other reports seem to indicate that it was employees at Apple stores and third party resellers who had access to names, phone numbers and Apple IDs [2]. Presumably they would try to phish them later on.
Unfortunately, this still requires location services. I really wish Apple would allow true background photo sync.
From your link:
To upload photos in the background:
iOS apps cannot perform background tasks for more than 3 to 10 minutes. Using geofences to add locations will trigger and resume upload tasks in the background for another 3 to 10 minutes whenever you leave or reenter the defined areas. Tap > Geofence > Create to add geofences.
>> Privacy advocates and privacy caring IT specialists have repeatedly asked Apple to offer such an option, but so far Apple has decided that regular people would turn such an option on, forget their password, then ask Apple for help and would be unhappy with their brand experience if Apple could not help them out.
Were I an iCloud user, I would pay big $$$ for such a feature. But... they do have a point, and anyone who's helped their friends and relatives with IT issues can confirm that.
>they do have a point, and anyone who's helped their friends and relatives with IT issues can confirm that.
I think it's a pretty common state of affairs when dealing with complaints about Apple's choices. It's not that they're (necessarily) malicious, or that they don't care about security etc. It's prioritising the user experience of an average user over the concerns of a relative minority.
I, personally, hope they never stop thinking about their products in that light.
You are correct, but the problem is that they tout themselves as the goto company for privacy and security. If you are focused on usability over security, maybe don't advertise yourself otherwise.
There are alternatives, but with more friction and fewer features. My iPhone backups are made to an encrypted disk locally and backed up offsite with Backblaze, also encrypted.
Have never used iCloud for the reasons you mention, and haven't missed it.
Yes but only iCloud backups can happen automatically and wirelessly every night. For local backups you need to attach the phone to your laptop using your usb cable and click "back up" in iTunes manually every time.
This is not true. Wi-Fi Sync (that includes iTunes backup) is available since iOS 5[1]. It works automatically if phone is plugged in and computer used for back is online.
I stand corrected, I did not realize this supported automatic backups. It still requires your laptop to be on the same LAN though. It'd be nice if one could host a simple https server somewhere and configure the iOS unit to sync over the internet.
Roughly half the population has an IQ below 100. Let that sink in for a moment. Do you really think they are able to manage their digital keys such that they never ever lose them in a lifetime? Look, I am all for encrypted storage, it's the only thing I'd use (but I store everything on my own HDDs that are in my physical possession), but I see Apple's point here.
Nothing in the article suggests that iCloud data was compromised. It said
> users’ names, phone numbers, Apple IDs, and other data
Names, phone numbers, and Apple IDs just require access to directory services, doesn't need to touch iCloud at all. It doesn't say what "other data" is, but presumably that's not iCloud either, because it if was iCloud data that would be a much bigger headline and wouldn't have been omitted from the article.
This being the Chinese government it could also mean they try to discredit a strong foreign platform that is really hard to control in terms of privacy and security. No doubt Apple is giving all governments headaches not only the US.
If people believe they still can be hacked or tracked while using Apple equipment less people might be tempted to use it.
Not telling the sale of data didn't ever happen. I think if it's true that Apple should one up their security even more.
So now after forcing Microsoft to have a Chinese version of Windows 10 without spyware, Blizzard forced to show the Overwatch loot boxes odds and this, we are living in a World where China, "Great Firewall" China is now the biggest advocate of users privacy.
oh, they can just quit the Chinese market by following what google did almost 10 years ago. look at google's share price & revenues, surely you don't need the Chinese market to be successful.
Apple is huge in China. I agree that Apple doesn't need China to be successful, but that's a lot of money left on the table: for what purpose? For principles? For the subset of your customers who are concerned about privacy?
The Microsoft case doesn't need to be surprising, because Microsoft is a part of PRISM and maybe other such programs. To China that means Microsoft products might as well be sending data directly to NSA datacenters. They probably don't like the NSA having that kind of view into their country.
Sorry, but having worked for 3 large companies (not apple, or Google, or any in the same field), the auditing is purely just for show. They claim it publicly, but very little is actually done to ensure the safety of that data. When I started as an entry-level tech at 2 of them, I was given direct access after just a couple of days.
I'm sure there are plenty that do treat their customer data securely, but in my limited experience, that's not many of them.
Time for Apple to pay up Chinese government again. Their Chinese competitors sell customer data as a business model and authorities are totally cool with that.
Apple's focus on privacy has always been a splinter in the eye of Chinese authorities.
I strongly believe that this is an excuse Chinese authorities had been looking for that will use to pressure Apple in China at the same time create the illusion to the general public to not trust Apple.
I find it especially suspecious that the Chinese media put so much emphasis the privacy concern of this event and in modern Chinese culture, privacy is much less regarded as compared to western countries.
Anyone remember the propaganda while Google was being driven out of China? Straight up false info about Google were broadcasted on CCTV-1, the prime time national channel. A lot of my friends in China became very patriotic and viewed Google as some sort of evil corporation trying to undermine Chinese culture.
> Apple's focus on privacy has always been a splinter in the eye of Chinese authorities.
So was UK authorities, US authorities, and lots of other authorities, there is no need to single out China in this case.
> I strongly believe that this is an excuse Chinese authorities had been looking for that will use to pressure Apple in China at the same time create the illusion to the general public to not trust Apple.
Yes, it could be the excuse for Chinese authorities, but this case could have happened anywhere else in the world given the way Apple stores information, and similar incidents have happened before for other companies like mentioned in other comments. So I don't see a strong evidence that this particular incident is related to some ulterior motive of Chinese government.
> I find it especially suspecious that the Chinese media put so much emphasis the privacy concern of this event and in modern Chinese culture, privacy is much less regarded as compared to western countries.
The entire incident is about privacy issues, what else do you expect the media to talk about? New iPhone colors?
> Anyone remember the propaganda while Google was being driven out of China? Straight up false info about Google were broadcasted on CCTV-1, the prime time national channel. A lot of my friends in China became very patriotic and viewed Google as some sort of evil corporation trying to undermine Chinese culture.
As far as I remember, Google did not want to comply with Chinese regulations on censorship, so it was not allowed to operate in China, simple as that. I don't think people had that bad of an impression about Google, more like they felt bad losing a good search engine or simple just don't really care.
i have seen hn commenters praise apple for "taking a stand on privacy". but how can anyone believe that when they collect so much personal data about the people who purchase their hardware? the old apple did not do this.
1. collecting data on users for months and years after purchase, 2. storing it electronically on remote computers, 3. some connected to the internet. yes, this surely points to a company is concerned about user privacy.
if something goes wrong can you sue apple?
we should expect every hardware vendor from laptop mfrs to the rpi foundation to be silently collecting data from their customers long after the merchandise is purchased. they need to do this, because...
wtf?
1. collecting data on consumers and 2. storing it online.
#1 is incompatible with a pro-consumer stance on user privacy.
#2 is a guarantee that others besides the company are going to get that data, whether the consumer is told about the breach or not.
You have to trust the company, the employees, its security, the goverment.. Better to think of everything you upload as already posted in pastebin. It's relatively accurate.
I find it odd that a company that touts user privacy (an immediate pivot when their iAds venture failed spectacularly) and security would have their user data so easily stolen. There is absolutely no way these corrupt Apple employees should have even had access to this type of sensitive information.
111 comments
[ 2.7 ms ] story [ 159 ms ] threadHe told me that he texts a friend who calls and pretends to be the customer in question, and texts him all the verification questions he has to ask as part of SOP.
Many AppleCare employees work from home, so I can see it is difficult to track and stop this sort of thing.
Generally, when I need to get the attention of big tech corporations I talk to a friend who works there. Unfortunately, I don't really know anyone who works at Apple.
Assuming this story is true, I would personally like to catch the person responsible.
It does kind of sound like victim blaming, but if you store a bunch of cash under your mattress, don't be surprised if someone tries to take it.
Likewise, if you store a bunch of customer data, someone will try to come and take it. If you make it accessible to anyone other than the customer, you can't act surprised if someone takes it.
Since that is impossible, all companies and all systems are negligence.
A term that applies to everyone means nothing.
Nevertheless you can say it and make businesses you don't like sound bad.
Your point is very valid, but the crime being committed against their customers is also very valid.
Having someone purposefully steal your data from the inside doesn't mean you don't care about privacy.
They likely won't reveal anything but I'm curious how they could get the info out of Apple systems. Most companies of Apple's size lock down work stations to the point of slowing down workers efficiency to keep customer data safe. Especially with their over seas operations.
I work at a fairly security conscious company, and the only data I can't access is that encrypted at the consumer's end.
True, Apple cares much more than average. It shows that our current tech world has such a poor emphasis on privacy that even the companies that care most still screw up big.
They've touted before that they are the company to use if you want your data to remain private and secure, but continue to act in direct violation of that. This seems highly problematic to me, and, IMO, they should be raked over the coals for this.
Uh, would they be given unrestricted access to user data? Or does every Apple employee have access to this data and are left to exercise restraint?
And what about Apples claim that data is encrypted at rest?
Obviously this is bad overall, but at least now I can point to a specific example of this happening.
Google Engineer Allegedly Fired For Accessing Private User Information To Stalk Teens
Source: http://www.businessinsider.com/google-engineer-stalked-teens...
One perspective is that every company gets to screw this up once and then has to get serious about privacy.
But it's possible this is happening all the time, victims don't know their saas vendor was complicit in releasing their information. If the companies ever catch the perps, they're quietly fired in exchange for a non-disclosure agreement that serves the interests of all parties (except the consumer).
So it's not just email addresses / metadata from iCloud. This implies that 1) at least some iCloud data is stored unencrypted at rest, and 2) employees can query this data using internal tools.
This seems pretty bad.
[1]: https://support.apple.com/en-us/HT202303
From Darthy's comment 30 minutes ago https://news.ycombinator.com/item?id=14513803
Privacy advocates and privacy caring IT specialists have repeatedly asked Apple to offer such an option, but so far Apple has decided that regular people would turn such an option on, forget their password, then ask Apple for help and would be unhappy with their brand experience if Apple could not help them out.
If Apple would implement such an option where Apple could not access your data, shenanigans like the ones outlined in the article could not happen. It would also allow people who feel the state will misuse their info use iCloud for the first time.
There could be something good that comes out of this. These bad news could pressure Apple into finally offering an optional iCloud service where only you can see your data.
Answers to likely responses: "just use a different cloud service": on iOS, for cloud backups, there are no alternatives: it's iCloud or nothing.
On mobile, the only realistic alternative is Android, which is a privacy and security nightmare.
On general purpose computers, Linux is better from the perspective of privacy. But for large parts of the general population, Windows is the only realistic alternative. And we know how important privacy is to Microsoft these days :(.
Only if your only source of information about Android is WWDC keynotes.
But did Phil Schiller tell you about the Korean "malware" that was very quietly purged from App Store last week?
This comes up every time security discussed. But it is not as black as white as you think:
1. Security patches are separate from OS upgrades [1]. Many vendors incorporate security patches without upgrading the OS.
2. Many core Android components are upgraded via the store.
3. Google scans and remove bad apps from your device no matter Android version [3]
--
[1] https://source.android.com/security/bulletin/2017-06-01
[2] https://www.howtogeek.com/179638/not-getting-android-os-upda...
[3] https://support.google.com/accounts/answer/2812853?hl=en
Huw many iOS?
Both platforms can always do better of course, and should learn from each other. But to pretend device security hasn't been a genuine focus for Apple is blinkered.
I am not sure what you mean.
Don't be silly. Google's own dashboard shows that the vast majority of devices are running old versions of Android with known security vulnerabilities:
https://developer.android.com/about/dashboards/index.html
Besides that, most likely >99% of the users are using a device with Google Play Services and other Google applications. It is no secret that Google mines pretty much all data available for advertising purposes (as outlined in their privacy policy).
Moreover, most Android devices use no or weak device encryption. The Google App Store has a rich history of applications slurping all kinds of data (though things will probably get better with fine-grained permissions).
And then we haven't even talked about Asian and American vendors that 'accidentally' install third party spyware:
https://www.cyberscoop.com/android-malware-china-huawei-zte-...
You use your iPhone but disable iCloud.
If photos are important to you, use a dedicated camera and upload to your home NAS.
If you're willing to pay the premium, they sell the Pixel and Pixel XL with CopperheadOS loaded.
[0] https://copperhead.co/android/
Moreover, in the case of Apple this could actually be productive. They have been pushing the privacy angle. Let's not forget that this is the company that pushed out end-to-end encrypted chats to tens (hundreds?) of millions of users before Whatsapp did it.
If Apple offered this option, this would be a boon to tens of millions of people, which is far more productive than a few experts moving to relatively obscure alternatives.
Maybe I'm misunderstanding the threat here, but it seems to me that this is not going to be fixed by simply encrypting iCloud. Sure, that would be part of a comprehensive response, but the main problem seems to be that these people had access to internal Apple databases. To my mind, "internal" means everything from retail POS data to iTunes. I guess I'm trying to understand why encrypting iCloud would prevent a ring of internal Apple employees from gathering a person's information and selling it?
And, to be frank, it's concerning because it's not just Apple. What stops a group of internal employees of any company from gathering a person's information and selling it?
What are needed are strong guarantees about data security internal to these companies. My background is in health care technology, so the analogy I would make is HIPAA. But we need HIPAA for everything instead of just for healthcare information. Right now if employees of enterprises outside healthcare access a person's information and they don't sell it, they're just checking on a friend, there is no liability for that. Under HIPAA you're fired at a minimum. That's what we need.
[1] https://youtu.be/BLGFriOKz6U?t=32m35s
[2] http://www.foxbusiness.com/features/2017/06/07/chinas-new-cy...
It's probably a marketing or support database that contains basic data. Annoying but not a serious breach.
That makes me unhappy with the brand experience.
From your link:
To upload photos in the background: iOS apps cannot perform background tasks for more than 3 to 10 minutes. Using geofences to add locations will trigger and resume upload tasks in the background for another 3 to 10 minutes whenever you leave or reenter the defined areas. Tap > Geofence > Create to add geofences.
Were I an iCloud user, I would pay big $$$ for such a feature. But... they do have a point, and anyone who's helped their friends and relatives with IT issues can confirm that.
I think it's a pretty common state of affairs when dealing with complaints about Apple's choices. It's not that they're (necessarily) malicious, or that they don't care about security etc. It's prioritising the user experience of an average user over the concerns of a relative minority.
I, personally, hope they never stop thinking about their products in that light.
Have never used iCloud for the reasons you mention, and haven't missed it.
It seems like a reasonable choice to me, if you don't want to store in iCloud you can keep it locally with a different encryption model.
Lots of stuff can't be just backed up to a different cloud provider/do locally.
[1] http://osxdaily.com/2011/10/13/wi-fi-sync-for-iphone-ipad-io...
> users’ names, phone numbers, Apple IDs, and other data
Names, phone numbers, and Apple IDs just require access to directory services, doesn't need to touch iCloud at all. It doesn't say what "other data" is, but presumably that's not iCloud either, because it if was iCloud data that would be a much bigger headline and wouldn't have been omitted from the article.
If people believe they still can be hacked or tracked while using Apple equipment less people might be tempted to use it.
Not telling the sale of data didn't ever happen. I think if it's true that Apple should one up their security even more.
What is happening?
fb is another good example.
So you know, even though China is a dictatorship it sometimes still does good things, like catch common criminals.
Sorry, but having worked for 3 large companies (not apple, or Google, or any in the same field), the auditing is purely just for show. They claim it publicly, but very little is actually done to ensure the safety of that data. When I started as an entry-level tech at 2 of them, I was given direct access after just a couple of days.
I'm sure there are plenty that do treat their customer data securely, but in my limited experience, that's not many of them.
I strongly believe that this is an excuse Chinese authorities had been looking for that will use to pressure Apple in China at the same time create the illusion to the general public to not trust Apple.
I find it especially suspecious that the Chinese media put so much emphasis the privacy concern of this event and in modern Chinese culture, privacy is much less regarded as compared to western countries.
Anyone remember the propaganda while Google was being driven out of China? Straight up false info about Google were broadcasted on CCTV-1, the prime time national channel. A lot of my friends in China became very patriotic and viewed Google as some sort of evil corporation trying to undermine Chinese culture.
So was UK authorities, US authorities, and lots of other authorities, there is no need to single out China in this case.
> I strongly believe that this is an excuse Chinese authorities had been looking for that will use to pressure Apple in China at the same time create the illusion to the general public to not trust Apple.
Yes, it could be the excuse for Chinese authorities, but this case could have happened anywhere else in the world given the way Apple stores information, and similar incidents have happened before for other companies like mentioned in other comments. So I don't see a strong evidence that this particular incident is related to some ulterior motive of Chinese government.
> I find it especially suspecious that the Chinese media put so much emphasis the privacy concern of this event and in modern Chinese culture, privacy is much less regarded as compared to western countries.
The entire incident is about privacy issues, what else do you expect the media to talk about? New iPhone colors?
> Anyone remember the propaganda while Google was being driven out of China? Straight up false info about Google were broadcasted on CCTV-1, the prime time national channel. A lot of my friends in China became very patriotic and viewed Google as some sort of evil corporation trying to undermine Chinese culture.
As far as I remember, Google did not want to comply with Chinese regulations on censorship, so it was not allowed to operate in China, simple as that. I don't think people had that bad of an impression about Google, more like they felt bad losing a good search engine or simple just don't really care.
1. collecting data on users for months and years after purchase, 2. storing it electronically on remote computers, 3. some connected to the internet. yes, this surely points to a company is concerned about user privacy.
if something goes wrong can you sue apple?
we should expect every hardware vendor from laptop mfrs to the rpi foundation to be silently collecting data from their customers long after the merchandise is purchased. they need to do this, because...
wtf?
1. collecting data on consumers and 2. storing it online.
#1 is incompatible with a pro-consumer stance on user privacy.
#2 is a guarantee that others besides the company are going to get that data, whether the consumer is told about the breach or not.
You have to trust the company, the employees, its security, the goverment.. Better to think of everything you upload as already posted in pastebin. It's relatively accurate.