The software UK techies need to protect themselves now Apple's ADP won’t

The least worst option?

I don't know if there were any good options given the Home office was allowed to issue this and Apple could not get a reprieve. So whilst Tim Cook standing by the grand doge and the comb over has made me wonder if I can continue to be an Apple customer this decision might be the best one open to Apple. Let me qualify this is a disaster but the UK is 60 million people ish and the 6th largest economy big enough to cause an uproar and chaos but small enough to possibly contain any fallout. Simply saying this is tantamount to banning End to End Encryption (E2EE) if this is enforced we will turn it off might be Apples best chance to shine a light on this and get a u turn out of the UK. That would set a precedent for those watching like the US that this is a bridge too far. I still hate it though. I do find myslef unable to argue with Apples point you cant make a secure backdoor so don't force us to try.

Blackberry

Do wonder if Blackberry handing over details about the rioters in London all those years ago aided their demise.... Will this be the first nail in Apple's coffin, at least in the UK anyways?

An A4 pad and biro would be a solution for secure notes.

Of course Apple users would need to find a designer one costing at least £50.

It is useful that the UK government snoop on my electronic communications, in which I repeatedly point out that they are incompetent, corrupt, or both and that they have no talent whatsoever. It saves me the bother of e-mailing them and telling them.

Once they have made themselves as hated as the Tories (who drafted the legislation) by screwing with our internet access in July, they will then run scare stories about kids using VPNs to seek out pron, and ban VPNs.

If your global corporation requires the use of secure encryption to protect trade secrets, you should close your UK facilities and move them somewhere less STASI.

What Apple should have done

A plug-in for each remote backup service available from their app store. Apart from iCloud, one of the pre-installed plugins should be "my NAS" and another should be Nextcloud.

Security Theatre at best

Since it's impossible for humankind to unlearn how to do secure encryption, it's impossible for anyone to ban encryption.

Encrypt your files locally, before uploading them to iCloud. Heck you could even use steganography to make them look innocent. Let Apple give the UK/USA/RU government access to the files you uploaded: they won't be able to decrypt them without a lot of trouble.

Google

Noticed Google distinctly lacking in any of the recommendations for alternatives in the above article. Is that because Google apps on iOS also relied on ADP, or just because my naivety shows they're not really very secure in the first place?

Puzzled! Again!

Surely relying on a small number of huge internet service providers for privacy......surely this represents a single point of failure. In all circumstances.

Why is no one pointing out that groups who demand privacy can arrange private encryption for themselves?

Note to snoops: thousands of groups doing privacy for themselves is A MUCH LARGER THREAT TO SNOOPING than Apple's E2EE!!

Just saying!!

One more step towards UK Gestapo and a fascist state, although many believe the UK Police have reached the level.

Commenting here on my main phone

Don't give a monkeys if the feds are watching.

My burner in the other hand only three people on the planet have that number.

You don't need alternatives

Just disable iCloud. Back up your phone using iTunes. Then you can continue using whatever app you want and it will be backed up to a device you control with a key (password) you control. A lot of us did this for years until Apple finally introduced ADP. If Apple had to disable ADP in the US I'd be pissed at my government and a little annoyed that I'd have to do something I never thought I'd ever have to do again - install iTunes - but it wouldn't cause me to go on some search far and wide for alternative apps.

Problem with "Freemium" options

I use a few of these (like the mentioned Proton).

Almost always on the free tier. Not because I don't want to pay them money for a bit of extra functionality - in fact I do.

But I just don't want to pay them a lot of money for a lot of extra functionality that I don't want. I'd happily pay a little bit of money for a little bit of extra functionality. The step is often just too high. Proton mail+ is £50 a year, but I don't need 10 addresses for my account, and all the other stuff. A fiver or so for an extra address or two maybe. Or there's Drive+ and Calendar+ each having too much of that aspect for £50/yr Then there are higher tiers that have elements of the other components in, but that's still at least £120 a year and I don't want or need most of the stuff included. And Proton is one of the more reasonable ones, too.

I'd like a little bit more, and I'd pay for a little bit more, even though I don't really need it. Say, an email package, but instead of 15Gb of data storage 10 aliases and a whole bunch of other stuff for £50/yr, maybe just a couple of aliases and 10Gb of data for a tenner a year.So I stay on the free tiers, which give me tbh everything I need.

I have been known to give a small donation to freeware apps. But this is a business model, so they need to find a product I'll pay for.

A trio of unpleasant questions many a Guy Fawkes may ask of Parliamentary servants/sycophants

Who needs foreign enemies whenever home governments are sub-prime hostile agents targeting domestic audiences idiotic enough to vote them into fascist office?

And whenever such is more fact than fiction is the situation a ripe breeding ground for all manner of increasingly effective opposition and disruptive connivance, and gravely to be regarded and therefore best avoided at any cost?

Did no one learn anything from the not so long past decades that hosted and presented The Troubles ?

Why not Mega?

Why is Mega always kept out of the shortlists of encrypted file storage solutions? Instead expensive paid and insecure solutions are being suggested, like DropBox and Microsoft OneDrive.

I understand you guys need to make a buck, but at least have the gall to mention other solutions.

Move iCloud to a EU country?

Can you not just move your iCloud account to a country that allows ADP?

I know there are some apps that would not be available but that might be a worthwhile inconvenience for some?

Alternate solutions are available

Just do whatever the politicians are now doing.

Simples.

If Apple really cared

They would have told UK govt they were pulling out of the UK as their users no longer had any hope of privacy.

But that would have potentially cost money (if there had been a standoff would be interested to see if UK govt had doubled down or retracted their demands, given they are already massively unpopular & would not have wanted to lose Apple user base from their dwindling pool of possible supporters).

So now, average non tech Apple user* has no clue their privacy is now massively compromised & another win for the authoritarian UK** state

* e.g. my partner (though she has totally innocuous content on her devices, that's not the point ***)

** I'm sure UK see lack of privacy of people in China as something to aspire to and not a cautionary tale

*** She's sensible enough to make sure there's e.g. no such thing as "candid" photos / videos of her - lot's of people are not as careful

Self host

I've been using Immich on a RPi at home, and it works a treat. No need for Google Photos any more.

Give us our Advanced Data Protection features back on Apple devices and iCloud.

I want to start a petition – will you sign it?

Give us our Advanced Data Protection features back on Apple devices and iCloud.

The government has demanded Apple remove end to end encryption features that allow individuals to maintain the privacy of their data. This sacrifices the many benefits to users on flimsy justifications. RIPA already requires users of encryption to hand over encryption keys when required by law.

The government is acting against the interests of public by demanding the removal of Apple Advanced Data Protection features.

https://petition.parliament.uk/petitions/718742/sponsors/new?token=LGXV3XNvMctcNQsdCUWr

Am I missing something here ?

All that has happened is that peoples ability to use someone elses encryption has been curtailed.

Maybe I am being an uber-pedant, but if you are already relying on someone elses encryption, then you only had a passing interest in security.

Happy to have someone explain it to me live I am 5.

Lawyers salivating at earnings through court cases with echr

Will Richmond-Coggan, partner at Freeths specializing in privacy and cybersecurity disputes, said: "Insisting on this level of access, even with judicial supervision of the process, may well place the UK on a collision course with previous decisions made in the European Court of Human Rights, which has previously ruled (in the case of a similar attempt by Russia to broaden the scope of its domestic surveillance capabilities) that this contravened people's privacy rights.

"In turn, there is concern that it may well prejudice the UK's adequacy status with the EU which underpins the current free flow of data between the EU and the UK, potentially increasing the costs of doing business in Europe."

Looking forward to these lawyers getting a satisfactory result from this

Enable ADP in UK

The removal of ADP only affects new users, i.e. those who heard the news and checked their iCloud settings only to find ADP has never been enabled by default.

In the UK and want to switch it on? Add a trusted person to your Family Sharing group and wait for them to accept. In Settings >General change your Region to something other than UK, Ireland for example. Do the same in your Apple account Media & Purchases setting, set card details to none and put any address.

Go back to iCloud and hey presto ADP can be enabled again. Delete any existing backups and create a new ADP-protected one.

Switch all the region settings back to UK. ADP is still enabled.

You're welcome

Literally lives

The problem is that as Jamal Khashoggi showed there are lives on the line. The CIA are going crazy because musk seems to have doxxxed a bunch of spies.

We know the police can essentially get into any phone they want, Pegasus showed that. However this kind of fuckwittery screams home office civil servant type.

Microsoft had Russia and China bouncing around azure for 6 months before they found out. The US telecoms industry had China in there for YEARS. The are plenty of anti Xi activists and anti Pootin in the UK.

What this stupidity has done is put the lives of journalists & anti prick activists in danger.

As I've posted on linkedin a couple of times over the last few days under my real name because I have zero filter is that the ONLY way this makes sense is if there's is someone in the home office on the take from Winnie the Pooh

Android?

Android?

Promise

The promise: "We we won't use this capability for mass surveillance!"

Reality: UK intelligence agencies send out millions of automatically generated warrants to Apple.

Pre-emptive

I never assumed anything held on a system managed by someone else (e.g. in the "cloud") was secure. I thought everyone in the IT sector already had the same assumption.

Reminders and Photo backup

I used Due on my iphone for reminders, for the simple reason that it doesn't arbitrarily mark a thing as done all by itself like apple reminders does.

And I use pcloud to backup my photos because I don't want to be trapped in the apple Photos ecosystem, and I want my photos as files in folders with useful file names (date and time of photo).