Mac Users’ Unsaved Files And Screenshots Are Automatically Stored On iCloud

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Oh come on, you and I both know that Apple knows better than you which documents should be sent to iCloud. Duh.

Security researcher Jeffrey Paul recently noticed that Apple’s default autosave is storing in-progress files—the ones you haven’t explicitly saved yet—in the cloud, not on your hard drive. (Surprise!) Unless you decided to hit save before you start typing, or manually changed the default settings, those meeting notes, passwords, and credit card numbers you jotted down in “Untitled 17” are living in iCloud.
 

mi7chy

2[H]4U
Joined
May 22, 2013
Messages
3,985
People complain about Google "don't be evil" but yet tolerate Apple "get poked by Tim Cook".
 

SGA76

[H]ard|Gawd
Joined
Jul 23, 2013
Messages
1,955
Whoops.
Looks like Apple keeps getting less and less secure.
 

dandirk

[H]ard|Gawd
Joined
Jun 5, 2004
Messages
1,832
It's not that "bizarre" of a feature... it just is a logical extension of the services we have been seeing in recent years being applied to the "cloud" model. Where everything is online.

Backups are going to the cloud, why wouldn't temp/in progress files?

I agree its not the first thing I would think of, but when brought up it makes some sense in apple's everything is synced environment.

It's a mild annoyance.

The major factor would be are these files easily available to end users so they can remove them? Like in a "in progress" folder or something.
 

rewted

[H]ard|Gawd
Joined
Jul 4, 2005
Messages
1,760
ignorant people making ignorant assumptions without knowing the full details? say it ain't so!
 
D

Deleted member 126051

Guest
It's not that "bizarre" of a feature... it just is a logical extension of the services we have been seeing in recent years being applied to the "cloud" model. Where everything is online.

Backups are going to the cloud, why wouldn't temp/in progress files?

I agree its not the first thing I would think of, but when brought up it makes some sense in apple's everything is synced environment.

It's a mild annoyance.

The major factor would be are these files easily available to end users so they can remove them? Like in a "in progress" folder or something.

Mild annoyance? So, your computer putting something out on the net WITHOUT your leave, is a mild annoyance?

Hope you never have to work in a secure environment.
 
D

Deleted whining member 223597

Guest
Whoops.
Looks like Apple keeps getting less and less secure.

What does this have to do with security? It's also an option you can turn off in the settings. You guys pride yourself with being able to build PC's and optimize them perfectly(and your phones) yet you can't look through settings on a Mac?
 

Demon10000

Supreme [H]ardness
Joined
Aug 20, 2006
Messages
4,502
What does this have to do with security? It's also an option you can turn off in the settings. You guys pride yourself with being able to build PC's and optimize them perfectly(and your phones) yet you can't look through settings on a Mac?

How is it not a security concern. You're not even aware that it's saving temporary files out in a cloud somewhere.

If it's an option, it should be off by default. A normal user has no idea how an application saves data, and what saving temp files to the cloud could expose. Hell, just look at all the nude leaks to see that even when people THINK they understand the risks, they don't!
 

mi7chy

2[H]4U
Joined
May 22, 2013
Messages
3,985
What does this have to do with security? It's also an option you can turn off in the settings. You guys pride yourself with being able to build PC's and optimize them perfectly(and your phones) yet you can't look through settings on a Mac?

Did you read the article? It has everything to do with security because it's been doing it since Dec of last year so the Fappening not only exposed pics of your orifices but documents that you were safe and local but Tim Cook is mainly interested in the first. ;)
 

nessus

2[H]4U
Joined
Jan 30, 2001
Messages
2,221
We're Apple, and everything we do if for your own good. Really.

Pay no attention to the man behind the curtain.
 

dandirk

[H]ard|Gawd
Joined
Jun 5, 2004
Messages
1,832
Mild annoyance? So, your computer putting something out on the net WITHOUT your leave, is a mild annoyance?

Hope you never have to work in a secure environment.

Ok so all iCloud content is available to the public? hmmm I always thought in most cases you can control access and in addition default was to not set public access.

Mac are primarily a consumer device, so yes it is a mild annoyance for most of their users.

To the small % that operate in an environment that needs to be more secure, yes sure it is an issue. There are tons of other settings/features that exist in the world that need to be modified for that type of environment. That doesn't mean everything made would be better to fit the 1-5% use case vs all the others.

In my view your attitude does not take in the whole scope of the situation, sort of like being appalled that a honda prius can't compete in the indy 500. Its not expected to.

You might want to think about adding more locks to your doors cause they could be kicked in... Most banks use 10" thick steel doors (or what ever), sounds like they might be needed for your front door cause they are more "secure".

I am not arguing that it shouldn't be a option that is not enabled by default, all I am saying is that is the direction consumer computing is going. It should't be that shocking.

IMO Its a pretty good direction too, improving usability and reducing technical knowledge requirements, letting people focus on their passions that are enhanced by computing devices.
 

haste.

[H]ard|Gawd
Joined
Nov 11, 2011
Messages
1,651
What does this have to do with security? It's also an option you can turn off in the settings. You guys pride yourself with being able to build PC's and optimize them perfectly(and your phones) yet you can't look through settings on a Mac?

This is why we build our computers and don't use Mac's in the first place...
 

Demon10000

Supreme [H]ardness
Joined
Aug 20, 2006
Messages
4,502
Mac are primarily a consumer device, so yes it is a mild annoyance for most of their users.
.
.
.
I am not arguing that it shouldn't be a option that is not enabled by default, all I am saying is that is the direction consumer computing is going. It should't be that shocking.

You've convinced me. I no longer think that consumers should have any security. We should all go back to auto-logging in as administrator with a blank password because it shouldn't be this hard!
 

dgz

Supreme [H]ardness
Joined
Feb 15, 2010
Messages
5,838
I am not arguing that it shouldn't be a option that is not enabled by default, all I am saying is that is the direction consumer computing is going. It should't be that shocking.

IMO Its a pretty good direction too, improving usability and reducing technical knowledge requirements, letting people focus on their passions that are enhanced by computing devices.

How is saving unsaved files in the heavens improving usability?

It's a terrible direction because it's sole purpose is to take control AWAY from the user. Dark, dark times ahead.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
How is saving unsaved files in the heavens improving usability?

It's a terrible direction because it's sole purpose is to take control AWAY from the user. Dark, dark times ahead.
Handoff and continuity
 

flashoverride

Limp Gawd
Joined
Dec 10, 2013
Messages
496
Meh, were the files being transport over a secure link and encrypted on the target device? If no, well - this is pretty terrible for everyone involved, because now you just got all your naughty bits hoovered up while you were using the wi-fi at your local Starbucks and someone else had a sniffer on promiscuous mode.
 

MRAB54

Gawd
Joined
Sep 9, 2001
Messages
851
It's not that "bizarre" of a feature...

...

It's a mild annoyance.

Really? Taking a user's data off their physical machine without their knowledge isn't that bizarre? Sounds like malware to me.

There is no excuse for doing this by default especially given the public concern about storing data on the cloud.

Defending this just makes you look ridiculous.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
Really? Taking a user's data off their physical machine without their knowledge isn't that bizarre? Sounds like malware to me.

There is no excuse for doing this by default especially given the public concern about storing data on the cloud.

Defending this just makes you look ridiculous.
It's not on by "default" you have to sign into iCloud and enable it.

There is a toggle for "Documents" that you have to turn off if you want all of your other iCloud things to work and not have it save anything to the cloud (and to be clear, it only saves it to the cloud until it saves it to disk; that is, as soon as you "Save" or "Save As" it removes it from the cloud and puts it on your drive unless you tell it to save it to iCloud Drive).

The features it enables, at a minimum, are Continuity, Handoff, and versioning.
 
D

Deleted member 126051

Guest
Ok so all iCloud content is available to the public? hmmm I always thought in most cases you can control access and in addition default was to not set public access.

Yeah. But people putting things into iCloud CHOSE to put that stuff there.

This was an undocumented setting that was DEFAULT "on".

And while I don't see LOTS of them, there are quite a few guys running around on Macs in fairly security-conscious positions. Having their OS puke out their temp files without them knowing about it is a fairly serious breach.

What part of that is so difficult to understand?

Mac are primarily a consumer device, so yes it is a mild annoyance for most of their users.

Don't presume to speak to the usage of anything. Stuff like that is all just opinion diarrhea.

And, even if it WERE true, it doesn't mean that there aren't people out there using for things OUTSIDE that narrow little box?

To the small % that operate in an environment that needs to be more secure, yes sure it is an issue. There are tons of other settings/features that exist in the world that need to be modified for that type of environment. That doesn't mean everything made would be better to fit the 1-5% use case vs all the others.

Rule #1: If you don't want something made public DO NOT PUT IT ON THE INTERNET.

Apple: Guess what? WE'RE GONNA PUT IT ON THE INTERNET FOR YOU!

Just because Joe Dumbass, who only uses their Mac for browsing Tim Cook porn, isn't affected doesn't mean that people shouldn't be angry about this sort of shenanigans.

In my view your attitude does not take in the whole scope of the situation, sort of like being appalled that a honda prius can't compete in the indy 500. Its not expected to.

If your computer is doing something you really shouldn't want it doing, and it's not informing you it's doing it? And it's doing it silently, BY DEFAULT? That's not a Good Thing. That's the kind of description we use for viruses and other forms of malware.

You might want to think about adding more locks to your doors cause they could be kicked in... Most banks use 10" thick steel doors (or what ever), sounds like they might be needed for your front door cause they are more "secure".

And I think you're either not understanding the severity of the issue, or you're deliberately trolling.

I am not arguing that it shouldn't be a option that is not enabled by default, all I am saying is that is the direction consumer computing is going. It should't be that shocking.

"That's the way consumer computing is going! BE THANKFUL!"

That's what they said about the Metro interface in Windows. And look where that went.

IMO Its a pretty good direction too, improving usability and reducing technical knowledge requirements, letting people focus on their passions that are enhanced by computing devices.

Sorry, but dumping temp files, BY DEFAULT, to the internet is not something any sane, or even marginally intelligent user should WANT happening. It's a security breach at best.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
you're taking the information from the headline, which is not entirely accurate.

the feature is "documented" in that it's a toggle switch that is clearly labeled

the feature doesn't store all of one's temp files. it only stores the main Apple integrated programs' data: keynote (Apple's powerpoint), Pages (dumbed down version of Word, kinda like Wordpad), textedit (notepad)

all this clutching of pearls!
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
And while I don't see LOTS of them, there are quite a few guys running around on Macs in fairly security-conscious positions. Having their OS puke out their temp files without them knowing about it is a fairly serious breach.
Another important factor you are not aware of is that the data is encrypted as it's transmitted and encrypted while it's stored

Data security
iCloud secures your data by encrypting it when it's sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication. This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions—and never provides encryption keys to any third parties.

-- http://support.apple.com/en-us/ht4865

I mean, it's a tech site, so we shouldn't expect a technical discussion here, right?

The fact of the matter is the "hacking" of iCloud data was due to poor security from the end-user primarily with some burden on Apple for not thoroughly implementing two factor authorization.

But now they have, and anyone who is security conscious and using features without reading up on them is negligent in their job...not Apple. For everyone else (those consumers who aren't storing sensitive data), it's a non-issue.
 

MRAB54

Gawd
Joined
Sep 9, 2001
Messages
851
Another important factor you are not aware of is that the data is encrypted as it's transmitted and encrypted while it's stored

Well then, as long as it's encrypted they might as well take all the data :rolleyes:.

Too many shenanigans going on with Apple and user data: http://www.andreas-kurtz.de/2014/04/what-apple-missed-to-fix-in-ios-711.html

Earlier this year they quietly disabled encryption on email attachments.

But hey, Continuity and Handoff, whatever the hell that means.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
by all means, don't let facts or common sense stand in the way of your tirade against Apple
 

MRAB54

Gawd
Joined
Sep 9, 2001
Messages
851
By all means, don't let facts or common sense get in the way of your beloved Apple.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
By all means, don't let facts or common sense get in the way of your beloved Apple.
Until you find a bug in iOS 8.1 exhibiting the same behavior, what does your citing a bug (and lying about it being "quietly disabled") in iOS 7.1.1 have to do with this discussion?

Why would you use the hyperbolic claim that they might as well take "all the data" when I specifically listed the apps this feature exists within?

Why would you continue to repeat the inaccurate claim that it's a feature that is enabled by default without use knowledge when I pointed out the steps one must take to enable it?

The *fact* of the matter is that you're twisting things you don't have much knowledge about, unwilling to listen to someone explaining them to you in clear terms, and then going off the deep end discussing about specific use environments that don't, and won't, impact most of the Apple user base.

Your behavior is not indicative of one using facts or common sense to get your points across.
 

MRAB54

Gawd
Joined
Sep 9, 2001
Messages
851
Until you find a bug in iOS 8.1 exhibiting the same behavior, what does your citing a bug (and lying about it being "quietly disabled") in iOS 7.1.1 have to do with this discussion?

There is no lying about it, it happened and I was directly affected by it when my firewall no longer allowed my wife's email to pass because it no longer matched IMAPS. My point being, it seems like a lot of shenanigans are going on with Apple and user data.

I'll will admit, this doesn't seem to be as big of an issue as the article makes it seem to be. Still, it's troubling when the norm seems to be that apps will grab your data by default unless you disable "features". Signing into iCloud is a simple click of the "Yes" button when setting up an iPad.
 

BlueMeanie

Limp Gawd
Joined
Nov 8, 2004
Messages
389
What happens if you are working on your Mac, on an important document you haven't yet saved, but you are not online? Is the autosave still caching locally as well? Or does this mean autosave is only able to rescue you if you have an internet connection?

And why has no one mentioned that Windows 8\8.1 also saves to the cloud by default? If you login with a Microsoft Accounts, unless you change it, default save location is OneDrive. No idea about the unsaved documents.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
There is no lying about it, it happened and I was directly affected by it when my firewall no longer allowed my wife's email to pass because it no longer matched IMAPS.

Still, it's troubling when the norm seems to be that apps will grab your data by default unless you disable "features". Signing into iCloud is a simple click of the "Yes" button when setting up an iPad.
That bug that happened was if someone stole your iPhone, rooted it with a custom image, then they could read your email attachments. It wasn't anything that was turned off quietly by Apple and how many people do you think were affected by that?

I don't understand how that bug could have caused the issue you said your wife experienced.

If the feature set of iCloud is to save all your information on the cloud and share it among your devices, then securing the feature with an adequate password is the user's responsibility and users of the feature should *expect* this kind of behavior rather than be annoyed by it.

If someone is more focused on security at the expense of some of the features, then they probably should not turn on features without looking at all the toggles that become enabled by that choice. Again, that's on the user not Apple for providing the feature.
 

mope54

Supreme [H]ardness
Joined
Oct 2, 2004
Messages
7,442
What happens if you are working on your Mac, on an important document you haven't yet saved, but you are not online? Is the autosave still caching locally as well? Or does this mean autosave is only able to rescue you if you have an internet connection?

And why has no one mentioned that Windows 8\8.1 also saves to the cloud by default? If you login with a Microsoft Accounts, unless you change it, default save location is OneDrive. No idea about the unsaved documents.
You can test it out.

iCloud drive contents are on your computer, too. They're located in:
cd ~/Library/Mobile\ Documents/
or
Finder > Go > iCloud Drive

(and for the security conscious they can delete any temp files they're concerned about or even write a script to handle everything automatically)
 
Top