SoylentNews is people
SoylentNews
Jeffery Paul, a Berlin security researcher has a complaint about the latest OS X version:
"Fast forward to 10.10. Presumably to support Continuity, current document state is no longer only saved locally - those in-progress (not yet explicitly “saved”) documents live in iCloud Drive, so that they can be opened on other devices without ever having to hit “save”. This is useful, however, all of my previous open files have now been synchronized to Apple servers.
Notice that all of my locally-stored, “unsaved” documents open in my text editor have now been uploaded in full to a partner in NSA’s PRISM program. This happens for all applications (think iA Writer, Pixelmator, etc.) that had saved application state. Any open and yet-unsaved document within an app is now silently and automatically uploaded to iCloud Drive, and, by extension, the government.
Apple has taken local files on my computer not stored in iCloud and silently and without my permission uploaded them to their servers - across all applications, Apple and otherwise.
(Score: 1) by drgibbon on Monday October 27 2014, @03:59PM
I agree that iCloud should not be used if you don't trust it. But at the same time, looked at broadly, it is a disturbing trend for the majority of people. Most people will enable these things by default, and assuming such data IS available to third parties, then we're creating this worldwide surveillance system of terrifying proportions. We know that NSA/PRISM & friends does not work like "here's a warrant, look this guy up". I mean, there have already been abuses of the system outside of that, but that hardly even matters when the system itself is a broad social abuse. Apple is a provider [washingtonpost.com], and while I have no idea of the specifics of iCloud, it is known that the NSA has been systematically weakening Internet security for some time, including SSL/TLS. I mean we're talking about guys that create secret courts and secret laws, lie/deceive repeatedly, gag companies from disclosing what is happening, etc. On the apparently infinity long coat tails of 9/11, public communication networks have become military space, and sensible social policy based on any semblance of rights, openness, and communication has been replaced en masse with deception, aggression, and military/government surveillance. Although I didn't take the time to RTFA, I don't see a problem with logically connecting PRISM and automatic uploading of everything you write/edit/do on your computer.
Certified Soylent Fresh!
(Score: 2) by RedBear on Monday October 27 2014, @06:30PM
By all means feel free to maintain your tinfoil hattery in being generally distrusting of balancing the benefits of interconnected computers with the risk of helping the surveillance state. I am just as much against the surveillance state as you are. But the direct implication of this article is that there is something horribly wrong specifically with the security of Apple's iCloud Drive, with the secondary implication that everything uploaded to your own iCloud Drive account on Apple's servers goes straight from there to the US government. Yet there is no evidence given for either of these assertions. It is therefore not logical at all to jump straight from "my own files are being uploaded to my own encrypted cloud storage account" to "NOW THE GUMMINT HAS ALL MY SEKRIT FILEZ BECAUSE PRISM!!1ONE!!".
The Continuity and Handoff features in iOS 8 and OS X 10.10 Yosemite work via local networks, Bluetooth and iCloud. The features can be easily turned off if you don't trust Apple, by simply disabling iCloud Drive or not logging into iCloud at all. But if you're so untrustful of Apple in general, it would be equally "logical" to conclude that nothing on your local Apple computer is safe from the government either, whether you've encrypted your drive or not, so why use an Apple computer at all, especially if you're going to use their operating system on it. The solution to not trusting Apple is to avoid using anything made by Apple in the first place, not to complain that having your own encrypted data uploaded to your own encrypted cloud storage account is "unacceptable".
Until evidence is presented of any specific security vulnerability or Apple's willing collusion with the surveillance state by giving unfettered government access to their servers, this is just straight-up illogical conspiracy theorist idiocy. One PRISM PowerPoint slide with an Apple logo notwithstanding.
I am disappointed that something this silly even appeared on this site when there are plenty of perfectly fact-based legitimate security issues with Apple's software and cloud offerings.
¯\_ʕ◔.◔ʔ_/¯ LOL. I dunno. I'm just a bear.
... Peace out. Got bear stuff to do. 彡ʕ⌐■.■ʔ
(Score: 1) by drgibbon on Monday October 27 2014, @07:55PM
You have got to be joking, it sounds like you beamed in your post from the year 2000. There's no "tinfoil hattery" here, and your "NOW THE GUMMINT HAS ALL MY SEKRIT FILEZ BECAUSE PRISM!!1ONE!!" pushes the same silly logic that privacy is about "secret filez" and "secret business". I would say that from the leaks, Apple & co already do give access to their servers, but we cannot prove that iCloud itself is compromised. You want some direct proof in this instance that you are not going to get, but I think we've seen enough of the depth and breadth of the intelligence communities subversion of Internet security and trust that you would be a fool to maintain this "show me evidence for each specific case or I believe nothing". And this argument, "oh ok, so don't trust Google, don't trust Apple, don't trust Microsoft blah" is utterly worthless if those corporations dominate computing in the world.
The guy's point is that things are being uploaded which people may not have wanted uploaded (and yes, there's reasonable chances that this data is accessible by third parties). Granted, this is an extremely minor aspect is the privacy battle that's going on, but it's hardly unwarranted.
Certified Soylent Fresh!