Apple Data Protection - The ugly truth
Вставка
- Опубліковано 24 гру 2022
- 🚀 Visit www.brilliant.org/reneritchie to start learning STEM for FREE! First 200 get 20% off their annual premium subscription!
Up until now, Apple kept an encryption key for things like your personal photos and messages stored on their iCloud servers. That meant, if you ever forgot your passcode or otherwise locked yourself out, Apple could recover that data for you. But, side effect, that also meant a government could subpoena them, or a super-villain could theoretically break in and steal them.
Now, in the US, and in more places over the course of the next year, we’ll have the option to turn on Advanced Data Protection for iCloud. In other words, turn off Apple’s ability to access almost everything on iCloud. literally make them throw their key away. Then, just like our health data and passwords have been, our photos and messages will be utterly, completely locked down.
But should they be? Should we actually turn advanced data protection on?
🔐 Passkeys: • Passkeys - The END of ...
🔔 SUBSCRIBE ua-cam.com/users/reneritchie?s...
🔗 LINKS
🗂 CHAPTERS
🚨 ETHICS & DISCLAIMER
All opinions are my own. This channel does not produce sponsored or paid reviews. Companies occasionally provide briefings or loan sample products to facilitate reviews but provide no payment and get no editorial input, content approval, or advanced previews. They see them for the first time when you do
Links may contain referrals for affiliate programs that provide this channel with a tiny commission should you make a purchase. They likewise receive zero editorial input or consideration
📝 CREDITS
📷 Some video and images via by Getty Images and/or AP Archives
🎸 Some music via by Epidemic - Наука та технологія
🚀 Visit www.brilliant.org/reneritchie to start learning STEM for FREE! First 200 get 20% off their annual premium subscription!
🔐 Passkeys explained: ua-cam.com/video/p-8l98O9lhw/v-deo.html
🤔 Will you be turning on Advanced Data Protection?
TLDR: Personal responsibility is hard, welcome to being an adult. Encrypt everything, stop giving these psychopaths all your data
Wrong take away. The vast majority of the public aren’t equipped to encrypt all their data.
Fires and natural disasters are your fault 👍🏼
Agreed
Personal responsibility is not hard at all
Discipline IS hard.
Thank you.
the option is certainly not for everyone but I appreciate that apple gives us the option to choose ourselves whether they should keep a backup key
For the vast majority of people, the default is the right choice. That's why it's called "advanced", it's not meant for regular users.
My family members know my keys. I gave them when I was undergoing cancer treatment and there was a non-zero risk of dying from treatment. My mother died recently and she has done a lot of things that have made it difficult for her survivors to settle the estate, so managing data and accounts and finances and finding things has been a lot harder than it needed to be.
My condolences 💐
No one knows the keys except apple. Your probably talking about your passwords lol. I understand Joe people get easily confused
@@optimuscrime608 I store my user accounts in an encrypted file not on the internet. I give out the keys to the encrypted files to my family members. The encrypted file is replicated to several systems manually.
This is probably the best explanation of the balance between security and privacy and access I've ever seen.
+1
its a balance for sure
That’s why I setup 3 recovery contacts so I have a backup for the backup.
I've tried to watch this video with headphones and couldn't, I don't know what you did to the audio but is very very uncomfortable, it't even much worst when watching it at faster speed
Here is the problem. To use Enhance Data Protection, all your devices using your Apple ID must be on the latest OS. If you have older devices not able to be updated to the latest operating system, you must purge those devices from your Apple ID: IPad Air (Second Gen), 2015 MacBook Pro, iPad Mini 3, etc. All software, messages, documents, everything will disappear since you cannot take information from your old Apple ID to a new one, even a family Apple ID. Yes, you could go through the hassle of reinstalling purchased software but if it is no longer available, it will be lost. Pictures, credit cards, passwords, must be migrated to the new Apple ID using a 3rd party software. This is asking a lot from people who were perfectly fine with their older devices. There is simply no reason why Apple cannot issue a security update to bring Enhanced Data Protection to iPadOS 15 or MacOS Catalina. It would certainly help the transition.
My 10 year old iMac no longer works with iCloud therefore doesn’t sync with my iPhone any longer. I’m planning on purchasing a new iMac soon so it’s not a big deal for me but I still feel it’s a little ridiculous that it’s this way.
Exactly the way they want it. How dare you not continue to spend money on the newer devices, and be happy with your older devices!!!
Do you know how software development happens? As a (non-Apple) developer, I can say that maintaining and adding features to ancient code is difficult and frustrating, especially when you have a fresh version of the project that uses new technologies that are incompatible with the old code. Now imagine that you need to support 5 or 10 generations of old code, each separately, because... The code for each is in a separate branch in the code repository. Practice shows that it is easier to develop something new than to tinker with the old.
True.
This is the worst argument for not encrypting. This is why you have recovery contacts. If you locked yourself out of your 2FA accounts you probably swapped phones and didn’t transfer everything before wiping the old phone.
ding....,. i locked myself out from Dropbox because i never provided legit info when signing up.... That's just my privacy at work... It only happened (1) and never again...
I learnt a lesson, and its not the lesson most would think of
No it isn't, what if your contacts don't answer? What if you ended your relationship with those contacts? What do you do then?
@@DarthVadent2 change the contact or use the recovery keys it has to record before it is turned on.
2Fa is worst protection because they need your phone number soon as you give your phone number. They will have your all the information. Always use 2nd cellphone number for 2fa. Only for banking just use your primary main number.
@@rathkhan1114 2fa isn't always SMS. There's Google Auth, Microsoft Auth, Okta, and others.
Thanks for the discussion. Didn’t you talk about something like this a while ago? I remember you saying that you didn’t want to encrypt your irreplaceable files before.
I’ve been waiting for a video like this…thank you René
On the Apple Discussion Forums just about every other question posted is from a user who forgot their Apple ID password, their security questions, their firmware password, etc. Advanced data protection will be a disaster for those poor souls.
»Data loss affects more people than data theft«
Do you have any source for that statement beyond "data recovery experts told me"?
Like statistics, maybe a study, even just comparing the case numbers per year, or who these experts are and what kind of customer base they work with (that can skew their experience, just like a Dermatologist vs Proctologist view Medicine through a different lens).
Here’s a question that no one seems to answer. You’re a techie and perhaps you can provide some input. How does Apple handle and re-encrypt the previously encrypted data which they had the old key? Usually the data would need to be de-encrypted and re-encrypted with the new key. That would be very server intensive if millions of people are starting ADP. I’m curious to know how Apple is implementing ADP once enabled so that previous data is encrypted with the new key and Apple discards the old key. Thanks
yea
Thanks for the info, helps to put things into perspective
Seen it on nebula. Nice reproduction of an earlier video with new points! Worth it to actually think about. … I am the “encrypt everything” type of person 😅
So should I turn this feature on or leave it off?
Thanks for this clear and concise explanation of the real life trade-offs.
I always thought privacy was an an exception..... If we keep building bridges all the time, we can forever keep saying "privacy"
it really doesn't mean anything anymore. Have a read of George Orwell 1984 book
Gotta love the Babylon 5 reference when mentioning 'mass drivers'.
I won’t be turning on the advanced mode. I have nothing on the iCloud account that a potential thief will find useful. But I do have tons of pictures that I can never replace and don’t want to lose. When it comes to emails and messages, I have always operated on the assumption that I am communicating on the public sphere. If some fool wants to intercept my emails and messages, they’ll be bored to tears.
The only thing I worry about is online purchases. That’s why I limit myself to using well-known companies (such as Amazon, Door Dash, etc.) and avoid buying from companies that appear fly-by-night or have never heard of.
But I want to be able to recover my lost data; especially my pictures and videos. You can’t replace them.
This.
To those that say "I don't want the government to access my data!" - what makes you think that the government is going to be interested in YOUR little life? 🤣
Be sensible and diligent with your stuff and don't lock yourself out of precious memories because of misplaced paranoia.
This! You cannot backup photos and videos, once they are encrypted, they vanish forever. Forever and ever and ever! That’s why I use iCloud for everything. I feel sorry for the sickos that use encryption.
At least we’re not like them!
Advance Data protección is not available in Canada
But you can encrypt encrypted data. You can still ransomware someone if they've encrypted their data by encrypting their encrypted copy again with a different key. There are no easy answers here. The only obvious answer is "risk management". And that subject isn't easily understood by a layperson. Most vectors are vulnerable applications though so we go back to "no liability in software" problem. Introduce liability in software and see if the application layer exposure improves then decide next steps. There are downsides to most things. All phenomena are hard to pin down exactly. What seems sure footed can easily turn on you. And that means "risk management" all the way, all the time.
yup no one answer will fix everything. one wrong click and you can still be hacked. plenty of examples of apps with encryption that still wnd up being trash
with things like tik tok that are built in spy devices im sure it wont change most peoples security aspect
@@liquidKi Yeah in general mundane, day to day life stuff. In specialized contexts like this a layperson has no chance really. If up against a skilled adversary. It doesn't matter what you do to protect yourself if the attacker has a zero day exploit for example. You can implement whatever security controls you want and it won't matter. Do most people know that you can encrypt encrypted data? A thought is obvious but it wouldn't occur in general public because the subject is esoteric.
Thanks for this excellent explanation!!
Thanks for your clear advice. This is a very sensitive matter that we should all be concerned about.
Thank you for this informative video. Eye opening!
The choice to encrypt your data is yours to make… Personally I have iCloud encryption turned on, I’ve got a piece of paper with the backup key written on it on me 24/7 in my wallet so I can’t lose it…
There’s still a slight risk, but one I’m willing to take over data theft
having the backupkey with me sounds risky (to me). why not store it at home (+ family member)?
Still undecided but I now feel very informed. Thank you.
I will first let advanced data protection be used for a year by lots of users, so i know the early and common bugs will be fixed.
Thanks for sharing your thoughts. Blessings on your day!
You are unique and I appreciate that so very much. You are diligent in giving me and all your viewers, all the facts. This allows me to make intelligent and thoughtful decisions for my ‘tech’ life. Thank you and I’m grateful for the ongoing education you give.
Family photos: Zero value to thieves, mild value to future historians and AI model developers
Always store backup keys in two different locations
Am I the only one who wants his hoodie? Lol
Great education and perspective, well done. I use a third-party encrypted backup service that runs weekly, so if anything ever happens to that key, I still have all my data on my sole, encrypted MacBook (which I also back up to Time Machine). I'm not quite ready to entrust my data to a single, tightly integrated online/offline file management system from one company (as convenient as it may be).
If I have already setup a Physical Security Key for my Apple ID, do I still need to generate the an account recovery code for Apple iCloud Advance Data Protection ?
In other words, what the difference between Physical Security Key vs. Account Recovery Code (in iCloud)?
Can I not use the same Physical Security Key to cover both my Apple ID and iCloud Advance Data Protection?
It would be much easier to a keep a Physical Security Key than a printed Account Recovery Code.
Printed code is to recover data if you lose all security keys like: yubiko, tientien etc. Sory about misspelling.
@@dika999msn It seems that Apple will request you for Recovery Code rather than Security Key, not sure why is that so. You can try yourself. So, it appears that Security Key is made redundant.
You also need to have all the important people you communicate with to have end to end encryption enabled. It becomes selective at some point no matter what.
Even encrypted it can still be hacked. Search cold storage hacking.
For me, it is fail secure always.
nobody should have access to any of my encrypted data. if I'm gone, they are gone.
idc if you are my mom or my neverborn son, none of them are entitled to my data.
treasured memories? i keep them safe in my brain. and if I forgot them, well probably they aren't that important after all.
Bit nihilistic but understand the logic.
I miss your videos. Rewatching them is not enough!!
ok here is an issue I have an apple tv and for some silly reason it like to turn my tv back on 15min after I have turned it off. I have tried the turn off background and turn off updates and did a restart but still my tv goes back on after i turn it off help
I don’t have to worry as its not even available in Canada for some reason.
Stock footage is awful!
0:43 “Throw their key away”, well the recent App Store scandal doesn’t suggest that they would, apple didn’t even comment or justify what was going on.
Twit was awesome this week thanks to you
You sir, are a treasure
Just let me keep multiple keys, like other keys. Let me put the NFC in my bank security box. Make sure I can change the battery.
I knew the downside as soon I clicked, it happened to me on my blackberry I use you can encrypt the sd card and I forgot the code and lost everything
Honestly, I recommend turning it on and keeping a Recovery Key stored away in a safety deposit box. Better yet, commit it to memory.
I have reported your post for misinformation! Only the COVID vaccine will prevent people from getting COVID, and only corporate America can keep you from losing your dying parents and your kid’s precious memories!
Do you understand me?
Only
Corporate
America!
Trust the science!
agree with this method. Not everything needs to be so secure. But it is highly dependent on your individual circumstances. For a casual person who isnt involved with anything serious in my opinion you really only need strong passwords and perhaps encryption on more sensitive things. However, people cannot predict the future, so its important to keep that in mind. People dont know the circumstances they will be in 5, 10 or even 15 years from current. You can go from a nobody to someone of political prominence as an example and in such cases, the fact you weren't more secure with your stuff could come back to bite you.
It is unfortunate, but true...there is no way today a consumer can purchase any mobile device, laptop or PC that isn't already contaminated and compromised by Big Tech....
Every Windows operating system works fine - even XP - until you put that computer on the internet...
96% of every computer repair and upgrade problem I've ever encountered on my machines and customers too have come because those people used their computers and devices on the INTERNET>>>>
I'd definitely use this.
How to turn off Advanced Data Protection for iCloud because I can’t go to iCloud …..thanks
I work on linux, but the new M2 Chips make me want to switch. BUT I don't want apple or the government to have access to my data or machine itself. How transparent is Apple, how far does their encryption preventing Apple itself from spying on my Data? Thanks
Availability is the all-too-often ignored security property
Bad advise. It’s not so hard to save encryption or recovery keys on different places to always have access to them.
sure some people are sentimental about things to the point that they don't care about someone else knowing, but what your not talking about is the use of the information that can make the difference of it being lost or stolen in terms of how much damage it could cause wether the host knows it or not. Even if a peace of information dose not directly correlate anything, it can most certainly be used to enforce a theory about a person that can fill in the gaps.
Cool hoodie Rene - what is it?
If anybody wants to break into my computer, they can.
I hope they enjoy my cat pictures lol.
I have the most boring computer and phone lol.
Please post your username and password for the relevant account.
I always hold the position that, If you have something to worry about, then take the risk and lock it down.
If you're a regular joe, I highly doubt you have anything to worry about on this level.
Sorry, this is not accurate. Apple has you choose someone out of your contacts. as a backup. so if you are locked out, they will send a msg or some type of communication to your contact. and you will be able to get your info.
such a massive decision. I try to keep everything in more than one place but to straight lose access to my apple account I've had for More than 10 years....
That's definitely a fair point. Personally, I will always choose to leave encryption on. But I do so knowing that if I forget my credentials or for any reason lock myself out, it's on me. The bottom line is I don't want Apple to be able to access my data. I know that it's up to me to store my information in a location and format that is safe from disasters and human error, so I'll never use iCloud alone to store my important information. I recommend frequent backups to another secure storage location - both locally and also off site (preferably encrypted as well).
It is true that with Advanced Data Protection turned on Apple won't be able to help get my data back. But if I don't have a backup somewhere else, that's not their fault. It's mine.
Just store your keys in 1Pass or Dashlane.
Car insurance companies, are buying telemetrics, to know how hard you break, and accelerate.
If you don't keep current backups, then your data is obviously unimportant to you, and therefore there is no problem.
What’s important to you has value though. How much are you willing to pay for what’s important to you? People run back into burning homes for family photos. Don’t be fooled how hackers can take advantage of this.
I turned it on
Well the answer is very simple, fragment the key to your friends and in case you need it just ask them privately to recompose the code. And propose to do the same for them too.
tldr: if you encrypt your data with a password and lose the password it’s tough to decrypt the data
Impossible with AES-256
The level of depth your video have is very unique !!!! Amazing work !! Keep rocking
The big thing to remember is that if you turn this on and you forget your Apple ID password, you are hosed if you don't have access to a device to reset things from. People constantly forget passwords. The question is, do you want your photos all completely gone because you forgot a password? If you're the sort of person who would never forget a password? Sure turn it on. But if you're the sort of person who has to change their Apple ID password every year because you keep forgetting it, never turn it on.
I don’t know how healthy, especially young people are still forgetting important passwords. You only need to remember two or three for the most important things e.g email, Apple/Google account, work login etc. everything else can either be stored in Keychain or similar, or reset when you need it if you’ve truly forgotten. All modern browsers literally offer to do it for you and modern login systems offer backup options, even backup contact persons etc.
It isn't really an issue if you have a lot of Apple devices. You can always just rescue yourself from another device. Ive forgotten my Apple ID password and laptop password a couple times. Just keep it in notes. It's encrypted anyway. I don't even keep a hard copy of my recovery keys either. The chances of you loosing access to 5 different devices or forgetting all 5 passwords would be basically zero for me.
Great video but i had to watch at 2x speed
Please tell us HOW to backup on our own? At one time, when I was young, everything was so much simpler and we still had just as much fun possibly MORE FUN. In person fun. For instance your phone would ring and if nobody answered they had to call back later. no problem - they called back later. There were films and you went to a theater to watch them…period. There were 3 T.V. Stations and there was so much to see on them. Commercials were minimal. people were kinder. There was less crime. No school shootings of little kids by insane people who should have been hospitalized but Reagan let them all out. etc. etc. etc. Now our city streets are the mental hospitals and it’s a crime to not have enough money to pay for an exhorbitant rent for a closet to live in. I am grateful to be getting close to my last days. I could possibly live to a hundred though because I am healthier than most - not obese and no chronic ailments from injesting pesticides and fake foods.
I haven’t even started encrypting, yet been preparing for my NFT project. This was extremely formative. Thank you.
Rene Ritchie is the best AND is Canadian. :) :) :)
As time goes on and tech gets better, these encryptions will just get hacked when tech gets smarter.
If iCloud has the only copy of your data, then you are living dangerously anyways. You should have at least one more offline copy. If iCloud corrupts, it’ll delete all copies on your devices as well. But an offline copy won’t have that problem.
That’s what I hate about most 2 factor implementations as well: what if I loose or damage my phone? I can use a password manager with synced 2 factor but steam and eBay are forcing me to use their app. I have no idea how to recover that.
Wouldn’t you still have the file locally on your device?
And if not, wouldn’t Android devices suffer the same fate?
@@contenteater If you delete all your files in iCloud, it would also delete them on all devices. That's the point of cloud sync. It's convenient but also pretty dangerous.
And yes, any cloud sync service has that issue, not just iCloud. That's why an offline copy is so important in any case.
Nice video
Not available on my country lol
Shady Side Hustles.
Perfect.
All of your concerns can simply be solved by storing the private key in a password manager
not if your house burns down. You actually should write it down and store it somewhere outside of your house
@@jooplin most password managers don’t store the vault on device
@@jooplin still really a non issue. If your house burns down when you are away from home you still have your phone. If you are at home when a fire starts you are pretty much almost 100% likely going to grab that phone to call 911. Even Apple Watches can generate keys. Depending on how many devices you have the chances of you loosing all of them is basically zero. At least for me.
I have thousands of documents. I don’t want to loose a thin piece of paper with an encryption key. It just sounds scary too loose all 150 GB of photos and 35 GB of files on iCloud Drive. I want to encrypt everything. I have File Vault on too.
@@jooplinWhat do you mean “not if your house burns down”? Do you even know what a password manager is? Jeezus H.
Sounds like your caught up in paranormal thinking.
What do you think about TIK Tak and CHINA 🇨🇳 control on TIK Tak.
Never put everything in a single basket.
The only thing that should be lock down with the key lost is bad guys.
I dont store anything on the cloud.
Cue millions of people turning it on and then being upset Apple can't recover things for them.
you are a amazing person.
When I heard encrypt the key I started laughing with my but. People believe unicorns
Keep all your passwords in a bible.
Change your password every 3 months.
Yes.
Man, this is a stressful video with the pumping bass in the background. And you could say evetything in 1/10th the time
8K M3 Smart ZoomScreen lock down off the grid data protection
I turned it on and set up trusted contacts so I don’t have to deal with passkeys.
I did both lol
YES!!!
Easy answer: have multiple encrypted copies of your data in multiple places.
Don't believe it
Honsestly, who cares about photos or voice mails when people have droves of financial data available. Would you rather lose photos or have your bank account emptied??? C'mon folks.
Why does this guy make everything sound like an emergency?
if you’re not are you even paying attention? go hear what Mo Gawdat says about AI
@@Knsilva93 not what?
Yes, it is a double edge sword.