You previously wrote that files and folders on the cloud Drive cannot be seen by Apple. Apple however writes that files and folders on iCloud drive are not subject to an end-to-end encryption. Yet I’m looking for an iCloud storage that provides end-to-end encryption (or a technique having a similar effect), so that no one, except those with the correct password, can access/read any file. Can you confirm that the disk utility encryption would be sufficient for such purpose? Or do you confirm that iCloud provides an end-to-end encryption, even if the files and folders are not specifically encrypted, e.g..by using the disk utility encryption techniques? Many thanks.
—–
HenriD
MacMost Q&A Forum • View All Forum Questions • Ask a Question
How To Achieve End-to-end Encryption On iCloud Drive?
Comments: 11 Responses to “How To Achieve End-to-end Encryption On iCloud Drive?”
Comments Closed.
Where did you read that Apple does not use end-to-end encryption for files and folders? In fact Apple says the opposite. They have a complete run-down of all iCloud services here:
https://support.apple.com/en-us/HT202303
So for files and folders you do not need to encrypt your files manually using Disk Utility or something else, then copy them to iCloud, then reverse the process when you need to use the files. That kind of process would defeat the purpose of cloud services. Just simply opening a Pages file to edit it would require so many steps. It wouldn't be realistic to use iCloud that way.
Even if it is not obvious, if you interpret what Apple subtly says about encryption in iCloud, you will notice that Apple writes that it uses end-to-end encryption for certain (i.e., not all) information.
Also, when Apple lists the features subject to end-to end encryption, it does not include iCloud Drive. Apple indirectly says that files and folders on iCloud are not subject to e2e encryption. They are encrypted for sure, but Apple knows the key.
HenriD: Look at that link in my original reply. It lists everything and show you exactly what you are asking.
iCloud Drive: YES for both in-transit and on-server encryption. Where do you read that Apple says "files and folders on iCloud are not subject to e2e encryption?" What makes you think Apple knows the key? Where do you see that?
Gary,
The link you sent has a list toward the bottom of features that use end-to-end encryption. I don't see, in that list, any mention of file/folders in iCloud drive. It does include stuff like "Health data" and "Payment information".... but it certainly appears that they do not store normal files using e2e. Do they encrypt? yes, but not e2e and this means Apple has the keys and can open those files if they want/need or are required to.
PeterG: Here Apple shows iCloud Drive as encrypted both in transit and on the server: https://support.apple.com/en-us/HT202303
Gary,
While iCloud Drive is encrypted in transit and on the server. End-to-end encryption is not being used. "Encryption" does not automatically mean "end-to-end encryption". It does not explicitly say that on the website. However, if you are able to carefully read and comprehend the information provided on Apple's website. iCloud Drive is not listed in the "end-to-end encrypted data" section. Please make sure you are reading properly as to avoid doubling-down on false information.
Hey Gary,
Even the link you referenced say that encryption to files on transit (data in motion) is secure but data in server (data at rest) is undefined. Isn’t that mean the data in the iCloud server is not encrypted?
Haran: Do you mean https://support.apple.com/en-us/HT202303 ? It says Yes and Yes to encryption for iCloud Drive. Both in transit and on server. So I don't know what you are referring to.
iCloud Drive data is encrypted in transit and on server, but Apple also holds the keys. The link posted says that, albeit Apple is trying to not present it like that.
The table on that page lists all the information that Apple holds the keys to. If you lose your password, going through password recovery will let you retrieve that information because Apple also holds the keys.
The section below the table lists the E2E encypted data, which Apple can't access.
Ally: Keep in mind that you are using Apple's operating systems and Apple's servers here. If you don't trust Apple, then there is no level of security of document list that is going to provide you with 100% assurance. You'd need to create your own OS and server system for that. At some point you have to trust something or you just have to opt out of using any software or system from any company.
@Gary: E2E encryption ≠ encryption in transit or at rest. Using a company's servers or OS doesn't mean E2E encryption can't be made available, as evident from the link you shared which lists some kinds of data that Apple handles but still E2E encrypts. Plenty of workplace information requires strict confidentiality, and at-rest/in-transit encryption just isn't good enough—and we can use great, private services with open-source code, but it's still disappointing Apple rolled back this security.