back to article Apple's OS X Yosemite slurps UNSAVED docs into iCloud

Apple's OSX 10.10 – aka Yosemite – is silently uploading users' unsaved documents and the email addresses of their contacts to Apple's iCloud, according to security researcher Jeffrey Paul. Berlin-based Paul said the discovered the document auto-syncing without consent issue, and another hacker expanded the point by …


  1. L W J

    It used to be Microsoft was the evil Empire

    But they look like the good guys these days. They are much more careful to ask permission, they set limits on themselves, they're actually listening to the public on how to build Windows 10, and trying to make it more secure and so on ..

    But as for Google, their motto has become "Do evil" and as for Apple, theirs is "We'll back stab you in our walled prison er garden".

    For me digits I think I will go with Microsoft.

    1. Anonymous Coward
      Anonymous Coward

      "they're actually listening to the public on how to build Windows 10"

      hahahah you sir owe me a new keyboard.

      That'll be the third this month.

    2. Frank Bough

      Re: It used to be Microsoft was the evil Empire

      Nice to see Microsoft AstroTurf is still alive and kicking. It's comforting that some things never change.

    3. Dan 55 Silver badge

      Re: It used to be Microsoft was the evil Empire

      Is that why when you install Windows 8 you need to press the button to create a new MSN account to get to the button to carry on with the install process without signing on to an MSN account?

      Perhaps on Windows 10 they're working on removing that pesky little button.

  2. stringyfloppy

    So if someone was sharing their iCloud documents with everyone, and entered government secrets or libelous statemenrs or whatnot into an unsaved document, this would be a good way to share those things with the world without it being AT ALL their fault.

    1. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    No doubt it's all explained quite innocently somewhere in the 14000 page EULA.

    Probably along the lines of "You do not own this machine or any software used on it, thus any and all communication between yourself and our machine actually belongs to us. All your idea are belong to us!!!"

  4. Frank Bough


    this is surely required for Continuity to work efficiently?

  5. lee harvey osmond


    Time to have done with it, and firewall out 17/8 except for special occasions

  6. Anonymous Coward
    Anonymous Coward

    When an Apple(tm) operating system makes a connectin to: it is sharing lots of your systems data, most of it encrypted 128bit, but not all. If you watch the connections with a packet sniffer or something like Little Snitch you can see what it is doing.

    One example. If you plug in a USB device to a Mac it connects to helpd and sends it a list of all file names on the USB device.

    I am not trying to convince you it does this. I am sharing with you a way to form your own objective opinion.

    1. Dan 55 Silver badge


      If Zidziarski's not said anything and it's not on I'm inclined to believe that you're full of it.

  7. Jean-Paul

    How it works

    whilst I agree this shouldn't be a surprise, I also think it should be switched off by default and make it crystal clear what will happen when you switch it on.

    I think it is the practise of having it enabled by default that is not great. Really shouldn't happen in 2014, especially not when you upgrade and this already have saved application states.

  8. Anonymous Coward
    Anonymous Coward

    It's not really wilful violation..

    .. it's more a case of badly chosen default, and in that matter Apple is not exactly the only company that seems to default to sharing rather than keeping things secure.

    If you're smart enough to NOT immediately provide your Apple ID and password it will not have the credentials to access the iTrouble cloud, and Yosemite (or whatever iThing you-re setting up) will not be able to export any data. Once you have all set up, you enable what you need. I personally avoid sharing facilities like the plague they are, so my machine has no knowledge of any Twitter, Facebook or iCloud accounts - the Apple ID is only set up in the App Store and iTunes.

    On the plus side, iCloud access does not require you to agree to terms that give Apple forever a free pass to use whatever you upload for their own purposes - they are at least keeping your data yours exclusively. If you want an example of something you don't want to agree to, carefully read The section you really need to read a couple of times is titled "Your Content in our Services", and repeated reading is required to discern that the limitations on their use aren't, and that they have gone through an awful lot of trouble to avoid the use of the word "perpetuity".

    As soon as you have a Google account you have agreed to this. Still feeling lucky?

  9. onebadfishy

    How Else Would Continuity Work?

    You start your message on your iPhone and continue on your computer. Obviously it would have to be cached in iCloud. This is why Apple has put two step authentication and every other security measure in place since your iCloud information is hugely important to your Apple experience. There's a reason for such data to be placed on iCloud... It's there for your other devices. Now if you don't want continuity, I'd like to know if this behavior stops if you turn it off. Since this activity requires more network bandwidth I'd be concerned for people with limited data plans etc.

    1. Dan 55 Silver badge

      Re: How Else Would Continuity Work?

      The two devices have to be close (in Bluetooth range) and have the same user logged into iCloud. If so, the data is transferred with a propriety protocol over WiFi Direct.

  10. Anonymous Coward
    Anonymous Coward

    This is news??

    As a newbie to iphones: got a 5c a week ago cheaply to replace my GT-15503T (with Andriod 2.2) & so far I'm impressed with the iOS8 ecosystem. I am amazed someone thought that this was news. The initial setting up asks about iCloud usage and then you go into that to see what can/cannot use iCloud.

  11. Rob Gr

    There's more than one bad Apple.

    Microsoft have been bad for this too - new documents are, by default, saved to SkyDrive. This can be overridden (file-by-file), but I'd unintentionally saved a few docs to a cloud based "Documents" folder before I realised.

  12. Taliesin

    Don't let the Cloud rain down on you.

    If you want to secure your personal data, then you have to be in control of it. giving it to the cloud (or any other on-line system) relinquishes all control of your data.

    so the solution is simple. if you want others to read/ distribute your files, go ahead and use cloud.

    if not, disable the system and don't use it.

    If an OS wont allow you to disable the feature, change to an OS that does!

    Its the only way that big corporations learn. they don't give a shit about complaints or having a bad track record with privacy and personal data protection..

    what they care about is revenue.

    Vote with your credit card. Make them earn your hard earned money and when they get things as wrong as this.. jump ship.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019