Does iCloud encrypt files before uploading?

I trust anyone. Why? Because I don't have to.

DON'T send sensitive info via email OR DO use SSL Certificates for encryption. That's what they are there for.

https://www.thawte.com/lp-sem/?sl=t91570385670000007&gclid=CMLlp8m-hKwCFct-5Qodc gzeAA

Of course ISPs have access to your email content, but assume all emails (and posts) are scanned by BgBro since you-know-what. (See the program Person of Interest.)

Thanks. Let me propose this, a political statement: We should not have to protect our privacy. It should be default, something we can take for granted. I don't want to have to trust anyone. Encrypt everything transparently. 20-odd years ago I used an application that compressed data 50% on the fly every time I hit save -- storage space cost $$$ at the time. That, using a processor equivalent to a modern wristwatch. Encryption could be the same. Once done, I can use the data however I want: The windowshades are drawn and I don't have to think about weird people peering in. I just want that as a baseline, and to have to "work for my privacy" is offensive. It's like saying it's my fault for getting mugged because I don't carry a gun. Well.... why isn't not getting mugged the reasonable expectation? (Stated another way, I think we have a case of "blame the victim" here.)

So, yeah, I want to (and will) take responsibility but I don't see why I should have to work for it. Make it a natural expectation, like what the Fourth Amendment used to promise. Calling me foolish because I can't outwit everyone is misstating the question.

BTW this is not a speculative thing. There are frequent cases of people's medical records or social security numbers of whatever being disclosed by human error or an inside job. Apple had done a good thing automatically encoding the data. Let's hope the keys are not readily obtained.

(Lol, I just told my son, who is reading over my shoulder, that ironically what I'm writing about is PRIVACY. But I do also want him to read it -- by invitation!

holtsch,

Your solution won't work - asymmetric encryption is vey expensive. There might be some other solution where asymmetric encryption will be used for generating symmetric keys, like it is done in ssl/ssh/https protocols.

Doug, I do agree with you. iCloud sounds very attractive unless Apple have access to my unencrypted files. In Google, for example, I do encrypt my critical files manually with my personal password (with just zip).

Here is the possible scheme how it could be done.

Apple iCloud privacy - possible approach.

Each AppleID/DeviceID pair generate private/public RSA key. Private key is stored only on that DeviceID (possibly encrypted with correspondent AppleID password). Public key is published to Apple.

Each file/item has associated symmetric encryption/decryption key (SK). SK is encrypted with the correspondent AppleID/DeviceID pair public key and stored in the SK List along with the encrypted file/item on iCloud. SK can be decrypted only with correspondent private key.

Each AppleID account has the list of associated devices with correspondent pulic keys. When the User/AppleID connect new device to iCloud - it should update the list with new public key. Some other DeviceID should update each file/item SK List with newly encrypted SK before new device will have access to them. This has to be done automatically and transparent to user. There may be correspondent notification though when user could not access all items immediately.

This schme allows also to share the file/item with another AppleID via iCloud.

As mentioned before there are cloud services that do encrypt on the client before transmitting the file. Here is a link to how wuala does it:

http://dcg.ethz.ch/publications/srds06.pdf

IMHO the reason for the need to have privacy by default is because the sharing activities happen by default. The primary reasons why I will not use iCloud where I have used Apple online services since the .mac days is that suddenly my Contacts and Photographs autosync? That means that any moron who grabs my phone & takes a lewd picture turns me into a publisher of that information. No I will not enable that. Further where does Apple get off having access to my known associates and their contact information? I'm sure that's JUST the kind of information that Three Letter Agencies want to know about - Particularly if you are politically active. Where is the legalese that says that they will NOT start mining through that data? Why not just have a selective button that allows you to choose or mark if a data point will be sent to the cloud?

The encryption keys are held by Apple FOR Apple. Furthermore, encryption wll happen AFTER deduplication on the storage tier, just like every other cloud provider. Therefore your data is in fact programatically read & analysed PRIOR to storage and encryption.

If they were to allow you to store files that you encrypted yourself then suddenly they would need a 1:1 amount of data storage available. Most deduplication achieves up to 80% shrinkage depending on the type of traffic, therefore it would in essence require their data center to have an order of magnitude's worth of additional storage.

So NOT letting you do that translates to lower operating costs. Which do you think is more important to Apple, makingiCloud profitable or catering to the privacy concerns of the few of us far-sighted enough to see the major downsides to this?

To bring the point home - there is no way to follow Apple's developer guidelines and write an app that would encrypt the data prior to being sent to iCloud, since it would need to hook directly into the photo album and the contacts database, etc.. So not only is it wishy-washy encoded, but it s desiged in such a way to make you accept that as your best possible choice. This is functionality and development initiatives that Apple keeps guarded and to itself, but shows no initiative to develop properly.

Oh and the other reason is that I see no reason to rebuy/upgrade/patch&lose-features all of my software to run on the new OS again JUST so I can connect to iCloud. It briefly worked with Snow Leopard & then they predictably pulled it. Why is Vista supported but not Snow Leopard? Vista is older. Apple rewards brand-loyalty with a slap to the face & a grab for the wallet. For shame.

I have yet to see someone from Apple on this thread addressing the OP's question nor any of the concerns voiced following it. Why is that?

There is no problem with PRISM as long as warrants are registered accordingly, as well as transperancy with those using the system so ther is no political or personal abuse.

Other then that i think the seriouse problem is this administration as well as the prior ones are under fire now because people are asking if this system was used for political and financial gain., worse of other countries will seek compensation if proof shows this countries violated their rights both politically and economically, we are in for a serious trip with PRISM and the lies in the past about it.

everything is been tight with iCloud, iTunes protecting copyrights of artists is very cool, sadly the privacy concerns everyone because of possible abuse, i say only peopel with criminal records, history should be monitored with out warrants, any where in the world, not innocent people using iCloud so they can collect tehir very own lifestyle itself to use against them as a hcaracter attack, whatever the case is this giverment needs transperancy fast if they want to continue direct war with an enemy, no more UN circus rings, get to the point if your transparent and have facts to go to wars.

I hope eveyrthing works out because i can not stress how this effects people at the moment, now mor ethen ever no one wants to use a cloud lol