Avatar
Final 10mo ago

If you are an #Apple user in the United Kingdom affected by the disabling of Advanced Data Protection (ADP, end-to-end encryption of iCloud backups), then understand:

- If you do not have ADP, you cannot enable it now. Your account uses the standard iCloud backup system which is default everywhere else. ADP is an opt-in feature.

- If you still have ADP, it is still activated but you will eventually be forced to deactivate to keep using your iCloud account. There is no specified time on when, so the soonest, most appropriate time is best.

- If you have ADP enabled, you can use this period to choose between keeping your data and not have it encrypted in the future, or backing up your already end-to-end encrypted iCloud data offline or to another cloud provider, or deleting the data entirely.

- You may choose to disable iCloud backups. This prevents future data being sent to iCloud and will keep it stored on your device. You can choose to disable them in Settings -> Apple ID -> iCloud -> Saved to iCloud / iCloud Backup.

- In the same "Saved to iCloud" settings, you may choose to erase all data. MAKE BACKUPS BEFORE DOING THIS. For photos, there is a 30-day period to download all of them.

- Certain data like iCloud Email mailboxes are never end to end encrypted regardless of ADP, so clear your mailbox for emails you don't want or need.

- If you are considering deleting your account, be VERY SURE you know what you are doing because your account being deleted will become irreversible. Do not leave online accounts stranded because you used your iCloud email addresses and then deleted the account that controls the email. Change the email address or delete the accounts based on your own intuition.

Backups are also important if you plan to move device, as we're hearing a lot of #GrapheneOS mentions right now. Please don't move without preparation else you'll find yourself having a problematic experience. Read the website and our docs.

Reply to this note

Please Login to reply.

Discussion

Avatar
Seanz 10mo ago

I have have a lot of experience as a USER of graphene if anyone has questions. However I have very little knowledge of iphones.

3b
Sats-uma Stacker 10mo ago

What are you preferred methods of backup on graphene?

Also, any VoIP services you like that work without google play services?

Avatar
Seanz 10mo ago

I currently use seed vault to backup the phone. For cloud storage I use proton and I backup my photos to both proton and my self hosted immich server.

I don't have any suggestions for VoIP.

Seed vault will work with your NAS if you have it or even a USB stick.

Avatar
Seanz 10mo ago

Is Cryptomator a viable option for iphone users?

Avatar
Final 10mo ago

Cryptomator is good but it's a tool to encrypt files when you send them to another cloud, it doesn't provide it's own cloud storage. Users should pick a cloud storage provider that's right for them when using Cryptomator, but if they're using a cloud service provider that is already encrypted then it is sort of redundant.

Some users use Cryptomator to make their existing cloud storage encrypted, while some may use a zero-knowledge, encrypted cloud storage provider like Proton or Tresorit instead. I personally choose the latter but I don't use cloud storage except for when I need serious backups for something sensitive.

Cryptomator is on Accrescent as well, which is a plus for GrapheneOS users.

Avatar
Seanz 10mo ago

put this note in the wrong spot:

Would you say that for people who must keep using iCloud that it would be a decent compromise for security?

In addition to that do you know the current state of client-side scanning on iPhones? because that would make an app like Cryptomator irrelevant.

Avatar
Final 10mo ago

It's not as easy to use iCloud for it as they might think. It would count stored in their file storage, wouldn't show up in their iOS Gallery app at all, nor would it be the seamless user experience they're expecting. They'd have to use the Cryptomator app to view their files. If you're backing up to another cloud then you're going to be using that app as a gallery app as well.

As for the client-side scanning, most of it is FUD written by other companies to advertise their products or their low effort tech media. There is no omnipotent program just reading and taking whatever they want to Apple, people would easily call out this is happening by just showing rather than saying. Most AI features are done on device. Any data that needs to be sent elsewhere is done through their Private Cloud Compute system which is meant to keep any requests private. It's heavily documented on their web site and security-critical components of it are open source.

https://security.apple.com/documentation/private-cloud-compute

https://security.apple.com/blog/private-cloud-compute/

https://support.apple.com/en-ie/guide/iphone/iphe3f499e0e/ios

Apple overwhelmingly document what they see and the technical details of their software and services. They tell you what can and can't be seen in-depth, but most choose to not read their manuals.

You can opt out of Apple Intelligence if you have it by disabling Apple Intelligence and Siri in the settings app. Some countries don't even have it at all. They're also only available on the latest iPhones so most don't even have Apple Intelligence if they're phone is a couple years old anyways.

Avatar
Seanz 10mo ago

Would you say that for people who must keep using iCloud that it would be a decent compromise for security?

In addition to that do you know the current state of client-side scanning on iPhones? because that would make an app like Cryptomator irrelevant.

ed
ede3d957... 10mo ago

While we are speaking about backups.

Have you considered backing up the whole state of the GrapheneOS to a privately controlled backup location.

Then cross borders with a completely reset phone with minor functionality for travelling.

And then get the backuped file from your home server for a production ready environment.

This seems to be the safest way to travel across borders for journalists.

Avatar
Final 10mo ago

We desired to have a secure backup system that is better and more robust than Seedvault for a long time. Having such a system would help make destructive features like duress password more viable for others.

VM management would also help. They could keep such work with a VM and delete it. That VM could be backed up and loaded on a GrapheneOS device again.

Avatar
Hazey 10mo ago

Good backup is arguably the most important reason for people to NOT leave their Big Tech walled garden.