Does iCloud encrypt files before uploading?

See http://support.apple.com/kb/HT4865

"iCloud secures your content by encrypting it when sent over the Internet, storing it in an encrypted format, and using secure tokens for authentication."

The issue in this thread is whether cleartext iCloud data is accessible to Apple employees. The article you linked to doesn't say otherwise. Yes, if someone breaks into the data center and steals a server, you may be protected. But you're trusting Apple with whatever data you upload to iCloud. If you do trust Apple with your private data, that's fine. If not, don't use iCloud for anything private.

There have to be some point were trust has to be made. Apple makes you operating system and you patch it, update it and in all of this, Apple could easily do bad stuff and get your info if they wanted and dared to. You also have the individual developer working at Apple but doing bad stuff without either of Apple or you know about it to consider.

So, you are already made yourself a possible target. But the opportunity makes the theif, as we say here in Sweden, and if you data is put on Apples side of the internet they don't have the risc involved with processes running on their customers hosts nor do they need to expose their hypothetical theft to sniffers when taking the data over the internet. This and the fact that it is now possible to take a lot of peoples data and do some analysis on which brings value to the crime makes the cloud storage uncomfortable imo.

However, one could do a bit of weighting of risc factors here. Are you connected to the internet a lot? Do you use software new to you sometimes and so forth? This might have all in all a significantly higher chance of be hacked and robed. Apple is perhaps kind of a Boeing 747 'Jumbo Jet' in the way of people being afraid and we do extreme amounts of efforts to keep the planes from crashing, yet they are so safe that driving cars or walking in trafficed areas are multitudes of more likely to get you killed. There are no easy way to mesure the chance of Apple going bad here, as compared to the great statistics of very few crashed jumbos relative all the flights they have made. We have to guess and be aware of not being sure, but as far as I sums it up, Apple already have more data than being in any need to steal.

One can always say that not using iCloud is the only safe way but frankly you would need to disconnect from internet since we know hacks have been made and shown to work many times by know, if you have hundred procent safety as the only acceptable risc figure that is. On the other hand, iCloud do not increase security, since you would probably have local copies laying around in any case. Only if you got rid of the local files you could perhaps see iCloud as be more secure than local storage only? If now not the chance of Apple steal it in the first place will say?

Why? How many Apple devices could you have to make it so diificult to simply email an encrypted fike to yourself.

OH! iPods, iPhones, and iPads do not have an encrypt/decrypt capability! No wonder Apple does not encrypt files in iCloud. Or maybe these devices do not have encrypt/decrypt capability because Apple does NOT WANT you to have it. No, they don't "need" to see your ideas, inventions, business plans and presentations, they WANT to see them. Big Bro is in bed with Big Bro... Capeech?

Capisce?

The either-or Q here is whether anyone including Apple can acces the data. yes, the data on their servers in encrypted per their support doc. http://support.apple.com/kb/HT4865 However Dropbox claims the same then mentions they will as a "rare exception" (whatever taht means, gov't inquiry or corrupt/incompetent employee) access your data. http://www.dropbox.com/help/27 Rare exception? or massive screwup as happened recently that opened everything to the public for four hours. Apple is not infalliable. You are not protected by the courts in this age of the Patriot Act, so forget about subpoenas and warrants protecting anything. If I'm risking privacy I should at least be forewarned that I'm doing it.

So, is the data protected from everyone or not? The passwords?

When you update to iOS 5 you have to accept the following iCloud Terms & Conditions:

http://www.apple.com/legal/icloud/en/terms.html

Removal of Content

You acknowledge that Apple is not responsible or liable in any way for any Content provided by others and has no duty to pre-screen such Content. However, Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.

In addition iTunes Terms & Conditions add this:

We also may collect information regarding customer activities on our website, iCloud and MobileMe services, and iTunes Store and from our other products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.

If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

So, it seems that Apple can pre-screen and modify anything you put on iCloud and they may also gather information about how you use iCloud.

Thanks! Anyone who uses iCloud or any other Cloud service is absolutely clueless as to how to use a computer.

Someone clueless wouldn't even ask this very intelligent question about privacy on the web. It's a question of how one feels about privacy.

Anyway, the question OP needs to answer is whther Apple, despite storing files encrypted, holds the key and reserves the right to examine one's data for any reason--as does Dropbox. I think the answer is YES -- see http://gadgets.itwriting.com/?p=611 -- so iCloud FAIL. It's not like publishing your everything for google et all to peruse, but it's not too great. I wish encryption were on-the-fly and transparently part of the OS, that we could have absolute control over our stuff.

BTW, anyone who happens on this thread and has in mind the Facebook founder's notion that if you feel you need to keep something private, you shouldn't be doing it in the first place -- there are also many of us working with proprietary documents containing trade secrets, business transactions, works-in-progress etc. that would suffer harm. (I also feel I have first amendment rights to secure things that might be embarrassing in the hands of others because they are iodiots.) Such parties probably should just not trust the cloud -- and should be notified of such.

Thanks, but I wrote, "Anyone who uses iCloud or any other Cloud service is absolutely clueless as to how to use a computer", not, "Anyone who asks about privacy on the web." I invite you to reread my post.

It's a wrongheaded putdown. Maybe using cloud services is UNWISE, but it says nothing about competency. I've been using computers for 35 years and, oh my, use cloud services -- cautiously. I think paranoia about uisng these tools for collaboration etc. is clueless. Let's just call it a tie.

Good points, Doug.

The key issue here is how secure does your data need to be and what effort do you want to take to secure it? I am satisfied with Apple encrypting my data for my To Do list or emailed birthday wishes for my mother, but not my tax returns. For those types of documents, there are many good, unbreakable (for now), encryption programs available on all platforms, including the iPhone, so you can be responsible for the safety of your own data even when you store it in the cloud. On the iPhone, I like the app Krypton. If that approach is not secure enough for you, write the information down, memorize it, burn the paper, and never get dementia.

As for trusting Apple, I trust them as much as I trust Google or AT&T, who is my home internet provider. Most people worry too much about what iCloud or some other cloud service is doing and then send thousands of emails with sensitive text and attachments. In this case, not only does Google have access to this data but your ISP does also (AT&T in my case). And your ISP also has a lot more information about what you do on the web.

So, take responsibility for your own data security and you'll be better off.