Also available in:
TL;DR: On your iPhone using iCloud, none of your notes, photos (nudes!), videos, or message history backups (nudes, again!) are end-to-end encrypted.
Apple (and the FBI and US military intelligence, by extension) can easily look at your photos, see the genitals of yourself and your loved ones, read your private notes, and read all of your message history, including iMessages and SMSes!
Apple, like Zoom, does not end to end encrypt your sensitive communications data.
Apple, like Zoom, has danced around this, saying that your chat histories in your device backups and private notes and photos are “encrypt[ed] in transit” and “encrypt[ed] on server”.
In both cases, they’re encrypted with Apple’s keys, not yours. This is exactly the same situation as Zoom’s current encryption, and it’s exactly as unacceptable, for exactly the same reasons.
Zoom got massively flamed again yesterday for publicly stating that they intend to deploy end-to-end encryption only for their paying customers, for the express purpose of aiding FBI surveillance.
Based on their track record, it’s not like they could ensure the privacy of your calls even if they wanted to. But it’s good to know up front that they absolutely do not want to.
Apple isn’t even offering it for their paying customers.
Apple, like Zoom, was going to implement end-to-end encryption to protect users from snoops and government spies. In January, Reuters reported that Apple dropped that plan for everyone, because the FBI complained.
If Zoom is wrong for doing this, then so is Apple, and they should be subject to the same criticism.
iCloud and our device backups hold a lot more of our sensitive, private data than our video calls do, and over much a longer time span.
Zoom doesn’t end-to-end encrypt the contents of individual calls. Apple fails to end-to-end encrypt your entire device backup (on by default!), which contains your complete message history for every single iMessage and SMS conversation you have ever had on the device, without time limitation.
Please share a little bit of your “Chinese state surveillance-friendly company” outrage with the friendly, domestic state surveillance-friendly company down the street, which has a lot more of your secrets (and nudes).
Jeffrey Paul is a hacker and security researcher living in Berlin and the founder of EEQJ, a consulting and research organization.