By John Gruber
Due — never forget anything, ever again.
From a wide-ranging interview from October 2018 (filtered through Google Translate):
Spiegel Online: Is the data as secure on your iCloud online service as on the devices?
Cook: Our users have a key there, and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that in the future it will be regulated like the devices. We will therefore no longer have a key for this in the future.
I believe “regulated” is an idiomatic glitch in the translation. In English we tend to reserve that word for rules and laws from the government; Cook I think clearly is talking about Apple’s own policies.
[Update: Via my friend Glenn Fleishman, who speaks German: “You are correct about the Spiegel story. The machine translation is quite good, but ‘regulated’ was translated from the verb ‘regeln’ which can be regulated, but also controlled/set/etc. So it would be better to say, ‘I believe that in the future, it will be handled like on devices.’ ”]
Joseph Menn’s blockbuster report for Reuters today claims Apple abandoned its plans for encrypting iCloud backups “about two years ago”. Something in the timeline doesn’t add up there. (It’s also very clear from the Der Spiegel interview that Cook is keenly aware of how encryption works with Apple’s devices and services.)
From the end of Joseph Menn’s report for Reuters today, claiming Apple dropped plans for encrypted iOS backups after the FBI objected:
In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.
Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.
First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.
Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad. From Google’s official announcement of the feature a little over a year ago:
Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.
I can’t find much additional information about this. For example, how many failed attempts trigger the permanent lockout to the backup? That would be useful to know, but I can’t find it.
It also doesn’t seem to be optional on (some?) devices that support it. My Pixel 4 running Android 10 (Android Pie was version 9) doesn’t say anything about backups being encrypted by my device passcode — I believe they just are.
Not sure why the Department of Justice isn’t publicly complaining about this.
(Keep in mind that anything with a web interface, like Google Photos and Google Docs and Google Drive, cannot be end-to-end encrypted. Same goes for iCloud Photos.)
James Wagner, reporting for The New York Times:
It was never a question that Derek Jeter, the longtime captain of the Yankees and one of the most celebrated players in baseball history, was going to be enshrined in the Baseball Hall of Fame. The intrigue instead centered on whether he would become the second unanimously elected player, following his former teammate and fellow five-time World Series champion Mariano Rivera.
On Tuesday, Jeter fell just short of Rivera’s historic mark from last season.
Jeter was named on all but one of the 397 ballots cast by members of the Baseball Writers’ Association of America — more than enough to clear the 75 percent hurdle for election. He eclipsed the previous second-highest voting mark, 99.3 percent, for outfielder Ken Griffey Jr. in 2016. Jeter received 99.7 percent of the vote.
The surprise isn’t that some cowardly little man decided to hide behind the anonymity of his vote and deny Jeter unanimity. The surprise is that there wasn’t a single cowardly dope who did the same last year for Rivera. Every single player among the top 30 on this list should have been unanimous. For chrissake Babe Ruth and Willie Mays only got 95 percent of the vote.
Jeter and Rivera were teammates for 19 seasons — the most, by far, of any Hall of Fame teammates. What a privilege it was to watch them play and win five World Series, all while playing for the greatest team in the history of professional sports.