Hi everyone!
Today’s newsletter is a PSA for anyone using Apple’s iCloud:
Your iCloud is probably NOT as private as you think.
Thanks to powerful marketing, privacy is something we’ve come to immediately associate with Apple. Indeed, last year, Apple added E2EE for iCloud backups, with a tool called "Advanced Data Protection”. This setting means that your documents, photos, and other personal information in iCloud are kept private and out of the reach of even Apple itself.
BUT, this setting is NOT turned on by default. Unless you have specifically enabled it, and set backup users or codes, everything in your iCloud can be read by Apple.
Latest video:
In this video we explain exactly what is being protected with Advanced Data Protection, how to turn it on, its limitations, and other options that you might use for your backups instead.
Instructions for Set Up:
Update all devices associated with your Apple ID to the latest version. On any device that is too old to enable Advanced Data Protection, you should log out of your Apple ID, in order to enable the protection on your other devices.
Open Settings, click on your Apple ID, select iCloud. Click Advanced Data Protection.
Click Enable Account Recovery: If you lose access to your account, Apple won’t be able to send you your password to get back in. So you have to set up a recovery key and/or a recovery contact.
Set up 2FA on your device.
Make sure you have a Pin enable to lock your device.
Now you can toggle on Advanced Data Protection.
Advanced Data is a MUST if you’re using iCloud as your backup. If you are already using iCloud backup, turn this feature on.
Limitations:
Regardless of whether Advanced Data Protection is enabled, some things in the Apple ecosystem are never E2EE: Contacts, Calendar, and iCloud Mail. There are better things you can use here that will actually protect your privacy:
I store my contacts on my GrapheneOS phone, where the contacts aren’t being shared by default to the operating system’s servers, they’re kept locally on the device.
I use Proton Calendar, which is E2EE, and I was able to easily ingest my calendar history from Google with the click of one button.
I like both Proton Mail and Tuta as private email options, but there are many out there that you can choose instead of Apple.
If you want a deep-dive into alternatives to using iCloud backup, we like these options for photo backups, and these options as a replacement cloud storage. Note that Skiff is no longer an option since making this second video, and we’re due to release an updated video over the coming months.
If you find our tips useful, please spread the word!
Thanks for sharing. It’s time we all learn to save ourselves from our decisions