Ask HN: If Apple integrated Time Machine with iCloud, would you use it?

28 points by BugsJustFindMe ↗ HN
It blows my mind that Apple, increasingly a cloud services company, has let best-in-class-by-a-mile-when-it-isn't-broken Time Machine basically languish and deteriorate and never integrated it with iCloud storage. It feels like they could dominate a many-billion dollar cloud backup industry over night if they wanted to? I would happily pay another X dollars a month to them for proper cloud backups of someone else if it meant getting the unlimited retention and interface functionality of Time Machine. Am I crazy? Would you? Would your families?

93 comments

[ 2.8 ms ] story [ 161 ms ] thread
Apple would have to modify and re-engineer Time Machine to make it fit with iCloud, but yes, I have though about this many times—and I am sure folks at Apple have too. Why it hasn't been implemented yet i don't know, but for all we know it is on a roadmap somewhere, amongst the many things Apple is juggling.
Absolutely, without question.

For better or worse I’m a fully payed up member of the Apple ecosystem. I love that everything generally “just works” (maybe until It doesn’t…).

Currently use Arq with S3 but to be honest looking for something simpler. Tried BackBlaze years ago (could be 10 years ago) and found it slow and buggy, probably good now.

Would take an Apple online time machine warts and all.

I think fundamentally I believe that they would get the encryption and security around it correct, as in general they have a good track record with security and privacy.

No, or at least not initially. With Apple's track record with online services I wouldn't trust them to not mess this up. I'd stay with BackBlaze for the time being and let others be the early adopters.
> With Apple's track record with online services I wouldn't trust them to not mess this up.

While I agree that their track record 5-10 years ago was poor with multiple false starts around iCloud/Me.com. I do think they have absolutely nailed their online services now, iCloud is brilliant and does everything that the market it’s targeted at wants (maybe except versioned backup).

If you discount the website icloud.com, yes, it is pretty decent.
I think the way they do iCloud is better than TimeMachine. I have tons of time machine backup drives that have useless junk from the OS and libraries installed but really all I want is my files that are important. iCloud gives a pretty seamless experience for that right now. I’m not sure time machine adds a lot. Maybe adding versioning (if they don’t already have it) might be a good add but otherwise I wouldn’t change how they do iCloud now.
> that have useless junk from the OS and libraries installed but really all I want is my files

I guess you don’t care about machine state. I, however, do.

Yeah for what I use my Macs for, no I don’t really care about machine state. Other people might.
Possibly. I don’t use iCloud storage at the moment because it doesn’t work very well. But I do like Time Machine so a cloud option on it would be interesting.

I think it would need some work though, just mapping a disk image in the cloud wouldn’t be enough. Using TM across a network seems to create problems for many.

I wish Apple would build a chromeOS equivalent with iCloud. Just works and with privacy.
Big no. I stopped using iCloud after the CSAM debacle showed Apple is eager and willing to weaponize my device against me for the sole purpose of reporting the content of my private files to the federal government. Then I stopped using and sold my iPhone and Apple Watch. I haven't been able to get away from MacOS yet, and there's really no competition for the iPad so I still use both of these.

While Time Machine has languished and deteriorated, Arq Backup [1] is alive and well. Used with AWS Glacier it's practically free, aside from the 1 time cost of the software (in case anyone forgot - there used to be a paradigm where you could buy software for money and own it) and whatever you choose to pay for expedited restore from Glacier.

[1] https://www.arqbackup.com

The fact that you pulled the chute on that much of the Apple ecosystem because of CSAM - which was client side - seems like an overreaction, no? And did I miss something or were they never using CSAM to report to government but rather to prevent further sharing?

This led you to selling your watch too? Crazy. I suggest not reading up on Android and privacy.

Not to mention Google's been doing CSAM scans _in the cloud_ for years. Apple's approach was sensible and likely would've lead to end to end backup encryption.. a shame the stupid, uninformed outcry about it has had this result.
No it’s not stupid. They are planning to scan your offline on-device files hashing against a secret list. That’s ridiculous and unacceptable.
On device files that were going to iCloud, no files that were not intended for iCloud, no scanning if you do not use iCloud, using a list stored on your device.
“Only files intended for upload to iCloud” They pinky swear! What is the purpose of this infrastructure? Why not just scan on iCloud? This smells like rotten fish.
They already do.. they wanted to move that device side so they could allow encrypted backups without them having the key, and thus unable to respond to law enforcement. That was the plan here..
Apple didn't claim that was the plan at the time. No law stops them from encrypting backups anyway.
And that's how we get an FBI order to create a hacked version of iOS that allows unlimited passcode guesses in succession.
What law do you believe would let them do that? Why wouldn't it let them order Apple to scan everything on an iPhone? Or force it to back up without encryption?
.. you know it already happened once right?
Sad that they just can’t do that anyways. What happened to privacy? They need to justify things about preventing child porn to people for reasons? Fuck this government. They will use children and terrorists as an excuse to do whatever they want. Whenever you hear because Terrorism or because the children, watch out!
same "secret" list every other provider you've uploaded a file to uses.
Right, it's also unacceptable there. A growing ability for governments to ask "Does any device contain "X" is a threat to privacy.
It's not sensible at all. They have the right to do whatever they want on their servers but scanning my computer crosses the line. It doesn't matter what it's for or when it happens. What matters is I don't want it to happen at all and their software disrespects my wishes.

End-to-end encryption is meaningless if they see your data before it's actually encrypted. There's no point if the endpoints are compromised.

Then we get no encryption, or breakable encryption so that you can still be tapped in case you commit a crime - far better situation, yea?

Apple resisted building a backdoored iOS for the FBI once.. will that work next time?

I don't understand why you think it's up to the government whether or not we have encryption. The software is already widespread, there's nothing they can do about it. They either accept it or they increase their own tyranny by violating their own people's rights, actively underminding the security of their own citizens or passing insane laws such as "you're presumed guilty if you use encryption".

I don't really care that they want to "tap into" communications in order to fight crime or whatever. As far as I'm concerned, they're not supposed to be able to do that under any circumstances and for any reason. Any attempt to do so is abuse.

When younger this view made far more sense... no encryption broken ever. There are plenty of legitimate scenarios, child sexual exploitation being one of them where I don't mind and exception or a workaround being applied to catch it where someone is stupid enough to get caught. Perhaps fatherhood has made me soft but I wouldn't let fancy ones and zeroes get in the way of kicking the ass of the person who exploited my child.

It's not some slippery slope, it's the reality of humanity.

There is no such thing as an exception in cryptography. Either it works or it doesn't. The same technology that protects the criminal will protect me. If the criminal is not protected, then I'm not protected. That is the simple reality of cryptography.

The smart child molester will use these technologies regardless of your or the government's opinion about them. I guarantee you they'd rather go to jail for contempt of court or whatever than child abuse. What's at issue here is the availability of encryption to the general population.

Right. Creating the exception where you scan them prior to uploading/being encrypted would be a workaround prior to encryption and is a crappy compromise, but one seemingly necessary in reality if we don't want cloud providers holding keys to our stuff like they currently have to.
Do you really want FBI agents to look and share and sell photos of your daughter when she sends it on her iPhone to her boyfriend? Maybe the first iteration just looks at some photos, but in the future there will be even more AI used to detect these kind of photos and send them to government agents for viewing.
Pretty sure the agreed upon method is the review goes thru Apple and then to the Center for Missing and Exploited Children, who host this list of hashes gleaned from images.

Also, this has already been done for years by every single cloud service in existence. Apple came up with a way that preserves privacy and suddenly everyone's a privacy expert based in the reality of CSAM.

They should not have the right to do whatever they want on their servers if those servers are storing other people’s data. Who would ever agree to such a thing? Yet we see so many people say it and some even allow it.
You're wrong to attribute our position to ignorance. Scanning local files on my computer is not sensible. I understood exactly how it worked and found it unacceptable.

They'll never give you E2EE no matter how much privacy you cede. I'd be surprised if they're even allowed to - no doubt they're being threatened with punitive legislation if they do.

It's exactly what they wanted to do. They wanted to be able to tell the FBI to go pound sand. This CSAM scanning was a step towards it.
Maybe, maybe not. As pointed out elsewhere in the thread, what does "E2EE" really even mean when your device already finks you out for whatever the government tells Apple to look for in the black box you're running on their behalf? Either way, you can speculate on the intentions and future plans of a megacorp all you'd like. I got out from under their thumbs.
Any other company would've created that hacked version of their OS that allowed unlimited guesses at the passcode and not fought it in court...

It's not like Apple's actual stance on privacy is without precedent.

> Scanning local files on my computer is not sensible

yet a lot of ppl even pay money for av-products that do just that and even upload offending files to google (virustotal).

Apple’s CSAM scanning could be disabled by not using iCloud Photos… which scans server side anyway.
It scans your files device side. files “intended for upload to icloud, we pinky promise”. Yeah, ok.
Reverse engineering is a field, and because it is client-side, we would know if Apple was lying. After all, they found the early version of Apple’s CSAM scanner and managed to make hash collision images for it.
What’s the point of scanning on device? Why not just scan on iCloud? I’m not ok with this and neither are many people.
If Apple stores a list of hashes that are on your device, it stands to reason that the US government (or Chinese government, depending on where you live) would have access to that list, no? With the existence of PRISM, adequate pressure from multinational surveillance organizations like FIVE EYES, and "the China problem", I see plenty of incentive for Apple to implement this system that's ripe for abuse.

Think about it; the NSA can profile you based on every image that you have stored on your device. Too many extremist eco-terrorism memes saved in your camera roll? You'll get added to a list. Stocking up on right-wing propaganda? They'll flag your device and keep tabs on you "just in case" so they have due process when they do subpoena Apple for the raw iCloud dump.

I'd like to think there's a silver lining to all this, but the whole thing reeks.

We’ve been over this, that’s not how Apple CSAM scanning works at all. And if a country like China wanted to this, they could have just sent an order at any time.
There's zero oversight into this system, nobody can say for sure what it looks like. Yes, they're only scanning iCloud-synced photos (for now), but as we've seen with iMessage exploitation, the average iPhone user doesn't care enough to lock down their device.

This could very well be Apple testing the waters and trying to catch foolish criminals for a nice PR push when they decide they want to push it out to all devices. Once again though, there's no transparency here. We don't know what the list of hash collisions contains (and ostensibly won't ever know). You're welcome to use whatever device you want, but when people see black-boxes running on their system, I think they're perfectly right to be afraid. Much like how IME/PSP/T2 supposedly isn't used for surveillance, we have no way to verify that as users. We just have to take the word of these corporations and rely on blind faith that they won't abuse the MINIX system they control, or use DMA for anything evil.

Look, I don’t like scanning either, but I also don’t support all the FUD or false information spread about it.

For example, I would like the option to have my images scanned client-side so I could get E2E without Congress having a moral panic. Fair trade. The fact that the scanning was optional seems to have been forgotten.

Secondly, there’s also Apple’s anti-abuse strategy, which is that images only enter the database if they appear in databases from multiple governments.

That’s a long way from mandatory client-side scanning for misinformation. Also, you cannot tell me an evil country would not just have ordered client-side scanning at any time in the last decade. It’s not some revolutionary new idea.

There was a reporting mechanism. I still wouldn’t switch over it (literally every company storing loads of data does this, but it’s usually server-side and less carefully thought-out). At the end of the day, you have to consider the fact that child abuse is a thing that happens, a lot. Facebook found like 20 million instances of verified CSAM images sent on its service in a single year. I’m in support of privacy, but my right to privacy does not exist in a vacuum.
Also, the OP says he backs up his stuff to AWS Glacier. Which is more likely than not CSAM-scanned.

So the OP is fleeing an Apple implementation on just iCloud Photos which never actually rolled out, to an AWS implementation which is scanning everything and not just iCloud Photos.

That’s ignorance at best and idiotic at worst.

Arq uses strong encryption; Amazon doesn't have the keys.
I don't think so. Honestly if they had announced server side CSAM scanning I would have been fine with that and I would still be deeply entrenched in the Apple ecosystem.

It's a question of whose device it is. I paid $1000, it's in my pocket all day every day, it is mine and not theirs. I won't allow Apple to just run anything they want to on it, especially malware that is designed to do either exactly nothing or rat me out to the federal government.

You did miss something. CSAM reports were slated to be sent to the NCMEC, an "independent non profit" which for practical purposes is an arm of the FBI. It didn't sway me at all that the pushback made them scrap their plans. They took a clear position that they think they own the computer in my pocket, that they decide what runs on it, and I have no say whatsoever. Nor was I impressed at their alleged intention to only turn it on for iCloud users. In a slow boil one doesn't mind the lukewarm water.

The Apple Watch is completely useless without an iPhone. I will get off of all Apple products in the coming years. I suggest you read up on privacy ROMs - I don't run any of Google's spyware either.

Bravo. Not enough people are willing to step up to the plate when things go south with any company; the fact that people are willing to call bullshit when a feature stinks as bad as local scanning does gives me just a little bit of hope for the future of consumer technology.
Apple's CSAM runs on your device... While it could also run in the Cloud, that's not what the presented implementation was going to do.

At the same time, Google and Microsoft already have this CSAM in place, and when you run on GCP, AWS or Azure you are personally liable for CSAM so it's not like it suddenly goes away. Even with CMK and pre-transfer encryption you are still the one holding the CSAM bag.

Unless you are willing the reinvent every wheel yourself, there is little to be gained from not using an ecosystem. You should of course always retain a personally controlled backup.

Heck, you think AWS doesn’t do their own CSAM scanning? Wow.
They can scan my encrypted backups all day, what do I care?
I often wonder what the world would be like if apple had gone through with it (I am definitely not advocating for it, but wondering what the trade offs would be on the other side of the rollout).

Specifically, I wonder if we would’ve gotten an end to end encrypted iCloud as a result of client side csam scanning.

Right now there’s absolutely no path to end to end encrypted cloud for google and apple. Someone new could try to do it but there would have to be some way to do csam scanning or you’d be violating strict liability. Something like what apple did, effectively client side tagging and server side cryptographically probabilistic scanning, seems like the only way to accomplish this while staying in line with the government asks.

The problem, of course, is that apple is working against a corpus that is hidden.

I’m not sure what the right answer here. It’s an intellectually interesting problem with a lot of policy wrinkles.

You mean if we would have end to end encryption for other iCloud data. The client side scanning system ruled out end to end encryption for photos.

Other companies have end to end encryption. Can you cite a case where a court found them liable for child pornography?

It's also a backup model that would benefit to a hilarious degree from deduplication...
I don’t think it’s accurate to say they’ve let TM languish. They recently did a big update that allows it to work on AFPS-formatted drives that takes advantage of AFPS snapshots. And prior to that, changes to take advantage of AFPS snapshots on the source drives as well.

The UI hasn’t changed, but there have been big changes under the covers.

No, considering they don’t encrypt Iphone backups in Icloud.[0]

[0] https://venturebeat.com/2020/01/21/apples-icloud-backups-are...

Yes they do.. they just have the decryption key.
They only offer encryption with a known compromised key. How is that useful?
It isn't.. but here in reality they're forced to respond to requests by law enforcement for things such as CSAM -- this is the problem they were trying to solve with the on-device scanning. The plan was this would allow for backups they would not have a key to, and thus be unable to respond to law enforcement.
Here in reality other companies have end to end encryption.
Do they? Consumer level? Or are you able to view your files in the cloud which inherently implies they have that key.
I said end to end. Why would you ask if I meant not end to end?
Because it probably isn't. How do they respond to LEO requests if they're based in the US?
Yes. I love not having to worry about my iPhone and iPad. I've been using iCloud backup on those devices for years and years, transferring across devices and it just works.

I don't have a single extended family member who backs up their Macbook's properly. I've tried. No one wants to be bothered with having to periodically attach a USB drive to their laptop. And Time Machine to an SMB share is flakey.

The Macbooks in my home are setup to use Time Machine to an SMB share and Arq to B2 because I can help if something breaks.

For my kids away at college, they have an external USB drive, but neither reliably plugs it in. So their laptops are also configured with Backblaze because Arq's UI is too damn confusing.

It's especially non-sensical to me that Apple doesn't offer this since they already have offer to host your photo library, music library, and documents and desktop folders in iCloud, plus whatever other apps choose to sync to iCloud. They can exclude the OS and apps from the app store.

Now, I personally wouldn't use this as my sole backup. But for family members who aren't backing up at all? Yes, please.

(comment deleted)
Absolutely, without hesitation. Take my money Tim Apple.
no. no way!

I'm ok with Time Machine the way it is. I stay off iCloud, especially on a work laptop.

No. iCloud sync for Notes, Calendar, and iMessage lose data on a regular basis so I wouldn't trust them with anything not easily replaced.
I hate to say this .. but are you "using it wrong" ? Never had any issue with any of these 3.
I think the vast majority of people either only heavily use one device, don't mind if the occasional note or appointment disappears, or just don't notice. The iOS Dropbox app has pretty frequent sync issues with its text editor too. At least it doesn't break when you feed it high Unicode anymore.

The notes solution that has worked reliably for us is to use a third party iOS text editor called 1Writer that calls the Dropbox API. For appointments check anything important on a second device after making edits. The Messages issue seems to only happen on a fresh install, so for each new device really scrutinize the message history if it's not there and if not reset it to factory and try again. It's all navigable, just annoying.

no. No way!

I'm ok with Time Machine the way it is. I stay off iCloud, especially on a work laptop.

(comment deleted)
Been a big Apple fanboy for a long time and am moving 100% away from all of their tech. Don't want Apple anything anymore.
Where are you going then?
It would have to work well with multiple users. iCloud backup can be a simpler solution since iOS and iPadOS devices are single-user.
I'm sure a lot of people would, though most of my friends and family have internet connections that would make uploading 50GB file diffs long, unreliable, and unpleasant (rural USA).

I would not. Honestly I'm still kind of mad that I can't automate iPhone backups to my local Time Machine setup.

Because local data is no longer a relevant matter for the consumer market from the perspective of the corporations. Your media is in the cloud, your communications are in the cloud and apps are re-downloadable. Of course all of this has the capability of being defective down the road or missing something, but so does local storage.

The endgame seems to be local cache, edge-retained warm storage and cloud-based bulk storage, all managed transparently.

I don't know what I'm missing, but I've tried to use Time Machine many times over the past decade and every time it's the same thing. After a few weeks, it forgets what it's doing and has to rebuild the backup from scratch.
Only if fully encrypted
Not unless the client is open-source.

I can trust encryption to some degree but after Apple's CSAM stuff, no way am I letting them do what they please.