back to article Apple's OS X Yosemite slurps UNSAVED docs into iCloud

Apple's OSX 10.10 – aka Yosemite – is silently uploading users' unsaved documents and the email addresses of their contacts to Apple's iCloud, according to security researcher Jeffrey Paul. Berlin-based Paul said the discovered the document auto-syncing without consent issue, and another hacker expanded the point by …

Anonymous Coward

So....

....just like Google does with all your contacts etc. But that's OK because it is Google and Google is the chosen one. Google can do no wrong. All hail Google.

Apple tries to create a cohesive system for the users and it's all "OMG! APPLE AM DOING THE BADS!"

13
52
Anonymous Coward

Re: So....

Two wongs don't make a wright. ;-)

And how does google snarf your email contacts if you don't use chrome or gmail?

19
3
Anonymous Coward

Re: So....

It's just Apple trying to make it easier & more efficient for the NSA to have your documents before you've even finished them.

22
2
Silver badge
Devil

Re: So....

"And how does google snarf your email contacts if you don't use chrome or gmail?"

Got an Android phone?

12
7
Silver badge

Re: So....

"Got an Android phone?"

Because if you have, you can turn this feature off.

7
9
Coffee/keyboard

Re: So....

"...Apple tries to create a cohesive system for the users and it's all "OMG! APPLE AM DOING THE BADS!"

Shill much?

11
6
Anonymous Coward

Re: So....

"It's just Apple trying to make it easier & more efficient for the NSA to have your documents before you've even finished them."

...and as the big players are threatening the spy agencies with better device encryption, it's obvious that the data has to get to them *before* you save it on your device. So, everybody's happy -- the customer, who *thinks* the data is safely encrypted, and the agency *knowing* that they got a copy of the document before the customer even saved it (all drafts, brainstormings, thoughts, which never make it to the disk included). Brilliant.

Curious to hear what Apple has to say here. It's obviously not a mistake. Saving data and auto-synching it are two different things, which can hardly be an oversight.

5
1
Silver badge
Holmes

Re: So....

What could possibly go wrong?

Man sits at shiny new Mac, starts Word document promoting his company's new skin creams:

"Your wrinkles will melt away with AceCo's nuclear bomb treatment".

Damned auto-correct!! Corrects text to read:

"Your wrinkles will melt away with AceCo's New Clear Balm treatment".

Hears wife from the foyer - "Dear, there are men dressed in black with guns drawn at the door!!"

22
4
Anonymous Coward

Re: So....

Really, no Google doesn't do this. Did you even read the article and comprehend what's happning here.

Apple have decided just to start slurping all your data unconditionally. Sure, if you install Google drive, and share folders, you are allowing Google to do this on your PC, but what Apple are doing is 10000000x worse.

iCloud is insecure (it's 2 factor authentication is still flawed and not a patch on Googles), and now it's automatically uploading stuff to it...

You need to take your rose tinted Apple delusional glasses off for a while.

9
7
LDS
Silver badge

Re: So....

The issue is that Google started all this and showed it could work - look at the huge number of Google supporters - because people as soon as they see the word "free" are willingly to give away their firstborn.

Once it worked for Google, it was clear others wouldn't have stayed at the window just looking...

4
5
LDS
Silver badge

Re: So....

Or a Chromebook?

3
2

Re: So....

When you type stuff into a web page, you expect it to be stored remotely. You don't expect that when typing into a local application.

3
1
Anonymous Coward

Re: So....

"Got an Android phone?"

nope.

You have to remember that Apple is a hardware company. So they are a bit behind Google in making you their product. And that has value. ;-)

1
0

Re: So....

A couple versions back, Apple introduced iCloud saving/sharing and reopen on close without the user needing to save.

This version Apple said there'd be Handoff: start it on the iPhone, continue on the Mac.

Now, how could these things be done without immediate saving to iCloud, before the user has chosen where it is to be saved?

I'll wait.

Yeah. That's right. This security genius has figured out that the waves get bigger when the tide comes in.

Okay. Here's the critical part. If this bothers you, do not use Apple products. (But you better go cloud-free because otherwise something is leaving your device and has a non-zero chance of being intercepted.)

If you're like me you say, a) security is inverse to convenience, b) it's good enough, c) I'm a boring grown-up so I'll pick a strong, unique password, take my chances and continue to enjoy the benefit.

1
0
Anonymous Coward

Re: So....

"If this bothers you, do not use Apple products"

Or just turn off the documents and data part in iCloud.

2
0
Anonymous Coward

Re: So....

"Because if you have, you can turn this feature off."

No you can't. If you try to load contacts or anything, you have to do it via Google.

The only choice is to install some third party apps and deal with the broken implementations of CardDAV etc that Android ships with.

0
0
Anonymous Coward

Re: So....

The Utah Data Center wasn't being filled up fast enough.

0
0
Anonymous Coward

Re: So....

Indeed. Apple OS's saves immediately to the cloud so that you can resume from another device using Handoff. Saint Google (who are also part of PRISM, incidentally) actually does the same if you use the word processor in Google Drive. Many forums also save the post you're typing as you go along, in case your browser crashes etc. Newsflash: if you want the convenience of cloud services, then you're entrusting your data to cloud providers, unless you are geeky enough to set up your own encrypted Linux server (and thus not have a life worth anyone knowing about in the first place). But of course "oh noes they must be slurping it all up so that the NSA will know about my secret recipe for chicken soup before it's written!"

The average person couldn't give a toss about this. As for the nerds, stop being babies and switch the function off if you're that paranoid about what happens if you paste your naked selfies into your textedit documents (which is probably safe, but hey, why tempt fate when it's really not difficult to just use your brain?). It's really not hard, I'm not sure why no one seems capable of switching a preference setting any more. It's much quicker and easier than frothing on the internet about it.

0
0
Silver badge

Re: So....

>Now, how could these things be done without immediate saving to iCloud

Over the local network?

Or get icloud to publish presence information so you can sync device-to-device? (torrent tracker?)

Or provide these options to the user beforehand? What if I'm working on video editing or I only have a small phone?

Will somebody think of the bandwidth?

0
0
Devil

How to tell a friend.

So how do you tell a slightly paranoid friend that his pet has got brown eyebrows and has been eating him in his sleep?

3
2

This post has been deleted by its author

Re: It Just Works

LOL

1
1
Silver badge
Big Brother

Re: It Just Works

But who is it working for?

3
1
TRT
Silver badge

So how else did you...

think "handover" worked?

If I recall correctly, the blurb goes along the lines of "Start an email or a document on one device and finish it on another."

Not a surprise.

I would be worried, however, if Handover was a feature you could turn off and this still happened when this was done.

18
1

Re: So how else did you...

Good. This is exactly how it should work.

A little disappointed that El Reg are continuing to run a re-tread about "Last week it emerged that the Spotlight search feature in Yosemite was passing on location and search data to Apple and its partners". That was a real FUD story if ever there was one.

5
16
Silver badge

Re: So how else did you...

Just out of interest, if you disabled Spotlight Suggestions as directed when opening Spotlight, did you also disable Spotlight Suggestions in Safari's Search preferences as not directed?

1
2

Re: So how else did you...

Since both devices must have bluetooth on AND be on the same wifi network, there are certainly other avenues over which one might imagine the handoff to occur.

In addition, Apple's own instructions (http://support.apple.com/kb/HT6337) only mention signing into the same iCloud account. They don't say anywhere that syncing "Documents & Data" must be enabled.

1
2

by the time it is removed...

Apple will gave catalogued every piece of info they needed to future improve their business revenues.

Nice job Apple, I hope the genius who thought of that years ago got his bonus,. Obviously it has almost become standard policy to 'erroneously' collect useful data on each release.

I await a post seance statement that says Steve iss shocked by it all.

6
4
Silver badge
Big Brother

You are on the Cloud

Whether you like it or not.

3
2
Anonymous Coward

Re: You are on the Cloud

> Whether you like it or not.

And if you are on Apple's iCloud, you WILL like it. :-)

2
1
Gold badge

Re: You are on the Cloud

Since I've never actually set up my iCloud account password, I'm curious to know just whose cloud I am "on, whether I like it or not".

Still, it is getting harder and harder to use consumer electronics without getting shafted like this. Why are we creating a world where you have to be a terrorist Linux or BSD user to have any control over your privacy?

7
1
Silver badge
Unhappy

"and others are critical of Apple's changes."

I have always been critical of Apple period. Not so much for overpriced hardware but resting control and choice from the consumer and ridiculous patent submissions.

I will be honest, I don't really care what Apple do, they won't do it to me. It's just that the very tiny part of myself that cares for those of my fellow humans whom are incapable of being objective, screams to the huge part of myself that doesn't give a fuck..... "You have a responsibility to tell the sheep that they don't need a shepherd".

If anyone thinks that Apple or indeed another multinational has the consumers best interests as a priority you are deluded. If you realise this then then why the fuck support them?

13
6

Re: "You have a responsibility to tell the sheep that they don't need a shepherd"

Brian:

"You are all individuals!"

Crowd:

"We are all individuals!"

12
1
Silver badge

"You are all individuals!"

Er...

I'm not

4
0
Anonymous Coward

Re: "and others are critical of Apple's changes."

Give it a rest.

People buy bloody Chromebooks were everything gets saved to the Cloud.

7
7
Silver badge
Holmes

@AC Re: "and others are critical of Apple's changes."

"People buy..." I guess I am not people then.

You defend Apple by implying that others do it.

How does holding up another privacy invading business model justify another?

I can't say that I approve of your logic but each to their own.

9
1

Re: @AC "and others are critical of Apple's changes."

"How does holding up another privacy invading business model justify another?

I can't say that I approve of your logic but each to their own."

But it's iLogic.

If something is good. Nobody does it as well as Apple.

OMG.. Apple's new iPhones are sooo thiiiiiiiiiiiiiiinn!!! squee..

If something is bad, everybody does the same.

But any phone will bend if you put enough force on it..

1
1

Re: @AC Re: "and others are critical of Apple's changes."

As soon as you connect to the Internet,your security is fucked. Get a grip, at least with Apple you have some consumer rights because you paid for their services.

2
3
PJI

Re: "and others are critical of Apple's changes."

>>but resting control a<<

That's a much more peaceful image than "wresting" control, so much less effort and possible pain.

0
0
Anonymous Coward

Re: @AC "and others are critical of Apple's changes."

It's because people get defensive. No one really likes being told "the thing you bought is a giant piece of trash and you should feel bad for buying it", which is pretty much the sentiment of most anti-Apple commentary.

I don't think everyone necessarily feels the need to defend Apple or see them as infallible, but criticism is usually accompanied by "and all the idiot iSheep are just lapping it up instead of using being outraged with us and jumping to Android and Linux right away" and that's where the individuals themselves feel attacked and do their best to defend it. When you then have sites like the staunchly anti-Apple Register actively digging dirt and reporting it with the most ludicrously tabloid-like bias, naturally you get a few people stepping in to redress the balance a bit.

2
0

Pretty sure it used to do this

from Mountain Lion onwards

1
1

Old news and not correct

By default, there is NO SUCH THING as an "unsaved" document. There are only "Untitled" documents. Since Mountain Lion, auto-save is enabled by default, and applications will restore any open documents/windows when re-launched, including so-called "unsaved" documents. These two system preferences cause "Untitled" documents to be written to disk so they can be resurrected when the app is reopened.

From 2013: http://support.apple.com/kb/TS4372

9
1
Anonymous Coward

Remember, this is the "sharing" economy!

You "share" everything with Apple. Or Google. Or whomever.

There, I fixed it.

What, you mean you DON'T want to share?? That is so unbelievably selfish.

1
2
Silver badge
Facepalm

Strange

I have not signed into iCloud with my apple id, and guess what? I don't have any options under System Preferences>iCloud except to sign in ;-} Don't sign in and Apple don't get your info.

Now go off and run with scissors or something.

7
0

Re: Strange

"I have not signed into iCloud with my apple id, and guess what? I don't have any options under System Preferences>iCloud except to sign in ;-} Don't sign in and Apple don't get your info."

***

Thank you. With all the yelling in here,I was beginning to wonder if upgrading to Yosmite was going to force/auto register me with iCloud.

I've continually declined the nice prompts when occasionally offered, as I'm in an internet free home (by choice) and my laptop is my only iThing.

..and wasn't this behaviour of Handoff obvious? Start writing on your phone, finish it on your big screen.. without having to take any direct action?

Again thanks from us non-iCloud users for the clarification.

1
0
Silver badge

Glass half empty?

Surely this could just as easily be written as Apple backing up your work by default for you, for free. This is just how the Apple ecosystem is designed - if it's easier for the user, or if the user gets some benefit then it's on by default. The difference between the Apple cloud and the Google cloud is that the Apple one is paid for by the users through higher device prices and higher subscription costs. The Google one is paid for by whoring out your information to all and sundry. The Apple privacy statement says they won't share your stuff, Google says they absolulu share everything you give them. Except it's not sharing, it's selling and it's not you giving it's them taking.

Why do I trust Apple? Because I paid Apple for the products, people didn't pay Apple for me to take the products (lookin' at you Google and Facebook...)

5
5
Gold badge

Re: Glass half empty?

"Surely this could just as easily be written as Apple backing up your work by default for you, for free."

Except that it is not free. Otherwise everyone would buy the cheap iPads (with hardly any space) and simply use iCloud as the main storage. Sadly, bandwidth costs and (if memory serves) space on iCloud costs as well.

0
2

Re: Glass half empty?

"Surely this could just as easily be written as Apple backing up your work by default for you, for free. This is just how the Apple ecosystem is designed - if it's easier for the user, or if the user gets some benefit then it's on by default."

***

Very insightful!

The nudge theory (I hear Teller yelling in the background) tells us that if this was off-by-default there would be many unhappy users complaining that their iThing doesn't work properly and the interwebs would fill up with negative reviews.

It *still* should be opt-in though. The way to do it would be a notification to the user the first time they log into their new Yosmite account with "Here are some new privacy options <checkbox list> and the reasons you might want to enable them now but IF NOT you can always change your mind later in preferences <info> [LATER] [APPLY]"

...

This somewhat reminds me of the harrowing experience one day, when I found my Android phone suddenly started uploading every photo I had taken and storing them in "the cloud".

I had absolutely no indication that this was going on.

The behaviour was quite startling as I had just done the normal coffee shop app update marathon. I think I had long ago given up on reading all that info with most of it being bug fixes.

What tipped me off was that my data use was slightly high..

After I narrowed it down as to the "who" thanks to Androids very nice GUI interface for tracking data usage controls, I launched Dropbox.

When I launched the Dropbox app it did inform me of the new feature but it was too late, the Dropbox *update* had made the change.

I manually went to the settings and turned if off.

I thought that the Apple design documents had something called "The law of least surprise" back when dinosaurs ruled the earth.

The reason I bring this up is that I suspect this also occurred to Apple users in the past and is going to get more prevalent unless Apple drives a User Privacy Interface Standard that all Mac and iThing applications should (must?) adhere to.

0
0
Silver badge

Re: Glass half empty?

"The reason I bring this up is that I suspect this also occurred to Apple users in the past and is going to get more prevalent unless Apple drives a User Privacy Interface Standard that all Mac and iThing applications should (must?) adhere to."

They do have a privacy standard with quite a good web page explaining it. Apple users expect that their information should be available on all of their devices (magically) and that if they lose their device a backup can be restored (magically) without that data being snooped, sold or other things not of benefit to the user. With a single iPhone there is enough free cloud capacity that backups happen with no issue, I only needed to pay once I had two phones and an iPad but I was happy to do so since I had previously lost a phone on a night out, the replacement had my half written drunken text message restored before I left the Apple store. I expect Apple to not interfere or use the data being synced and stored, and the privacy policy backs this.

As I said, Google are just as open with their policy, but their policy is to make as much money from your data as they can in return for lower device and subscription costs. I'm fine with paying massively over the odds for cloud storage and upgrade options on hardware, and I'm glad at least one company gives me the option to just pay them for the service I want.

3
1

The Universe of things...

This is Apple's challenge right now. They keep leaning in a direction that may be considered by their customers unwell for them with regard to the handling of their personal data. Apple makes self serving decisions handling customer's personal data that does not have their customers best interest truly at heart. Apple wants it's customers in the cloud. Perhaps they have convinced themselves Apple's way is right because it's Apple's way to assume it knows better. Then suddenly Apple finds itself targeted for data. China is battering their servers for a way in, putting Apple and it's security to a test. Is this is the universe's reply? Is it the Karmic wheel? If Apple insists on continuing this course, can they expect not continue to become a increasingly bigger data target?

1
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017