Apple now offers end-to-end encryption for
iCloud data, which means that not even Apple has a backdoor to see what you keep on your phone
or upload to the cloud. BUT…this feature only exists if you turn it on. It’s called Advanced
Data Protection, and in this video I’m going to tell you everything you need to know, including a
walk through of how you can turn it on yourself. My name is Josh, this is All Things Secured,
and I’m going to start by saying that this is another one of those features that is a
no-brainer to turn on for anybody who uses Apple products. I’ve done it recommend
you to consider it as well. There’s only one reason I can come up with to not
turn it on, and I’ll share that later. To make this as helpful as possible, I want to
explain why this is such a big deal, explain which data from your iCloud still isn’t encrypted,
and then walk you step by step through how you can turn it on. Let’s start with a simple metaphor
to explain why this is an optional feature. Why not make end-to-end encryption the default
for all Apple devices? This is a valid question, and one that even my parents asked me
the other day when I was shared this. Here’s how I described it to them. Try to think of the iCloud like a hotel room.
When you log into the hotel, they give you a key to access your room. Your room and all your
belongings are locked up while you’re gone, but the maids still have a master key to get
in and clean the room and if you happen to lose your key, the hotel can issue you a new
one. This is what you call a “shared key”. Now imagine for a moment that the hotel gave
you the option to book a super private room they called the “encryption room” that
was locked with a private key that had no duplicate. Maids couldn’t enter without
you there and the hotel couldn’t issue a replacement key. It was your key, and
yours alone. It’s not a perfect analogy, but this is end-to-end encryption. It’s better
security, but it’s also greater responsibility. I can imagine that before the hotel gave
you that private key, they would make you sign a waiver that said you understood the risks
involved. I mean, if you left something in your room and lost the key, your possessions would be
lost forever. The same goes for encrypted data. Apple recognizes that not everybody
wants that kind of responsibility, and as you’ll see in the setup process, they go to great lengths to make sure you take
full responsibility for this kind of encryption. To back up for a moment, you should know
that certain data on your Mac and iPhone has already been encrypted for a while whether
you knew it or not. For example, Apple iCloud Keychain to store your passwords was encrypted,
as was any health data those devices collected. But if you remember from a little over a year ago,
Apple announced that they would start scanning our photos for any illegal content and that was the
first time most people realized that their data wasn’t entirely encrypted. The privacy that Apple
had been preaching didn’t feel so private anymore. Now I know some people who question why such
extreme privacy is needed, and many of those people belong to law enforcement, government
agencies or apparently The New York Times. I understand the argument, I do, but the reality
is this: In the same way that I think it’s good we have the right to protect valuables by purchasing
a personal safe box that doesn’t have a master key or backdoor loophole, I believe the same standard
applies when protecting my personal data as well. Honestly, I’m not exactly sure why Apple made
such an abrupt change in their privacy stance other than the harsh criticism and swift backlash
from their user base. Or perhaps they’re bracing themselves for an inevitable breach of their
iCloud system in the future and want to make sure they’ve limited their own liability.
Either way, this Advanced Data Protection is a good thing for us as consumers. The privacy
encryption they now offer has been expanded to include your iCloud backup, your notes, your
voice memos and yes, now even your photos. The only part of your data that doesn’t fall under
the new Advanced Data Protection is any iCloud Mail, Contacts or Calendars, which Apple says must
remain unencrypted in order to work with other apps and services. Personally, I don’t use Apple’s
Mail or calendar apps anyway, so I’m ok with that. I’m going to take a moment to show you exactly
how to turn on Advanced Data Protection and the challenges you might come up against. Let me warn
you before you start: this is a simple 5-minute setting change that could take you an hour or
more to complete, and you’ll see why in a moment. Everything starts in the settings app of your
iPhone, iPad or even your Mac device. Click on your name at the very top to access your Apple
ID then find the iCloud settings. At this point you’ll need to scroll down and look for the
Advanced Data Protection toward the bottom. Now if you don’t see this as an option, that means that your device hasn’t been
updated to the latest operating system, so you’ll need to go into Software Updates
and do that before you can proceed. Once you’ve updated, click through to turn on
Advanced Data Protection. It’s at this point that Apple is going to enforce a number
of requirements to enable this type of encryption. As you can see here, I had to go
through and update the software on my Macs, my iPad and even my Apple
TV. Hold on just a moment… Even more important are the requirement
that you have two-factor authentication set up on your Apple ID, which most
people do at this point, that you have a passcode set for your device for security
purposes, which I really hope you do already, and finally that you’ve set up an account
recovery contact or a recovery key. Account recovery can be found in the Password
and Security settings of your Apple ID. You only have to do one recovery method, but I
recommend setting up both just to be safe. I’ve set my wife as the recovery contact,
which took all of 30 seconds, just make sure you choose somebody who you trust, and then I set
up my recovery key, which took about 5 minutes. The reason that took longer - at
least on my phone - is that you’re required to copy down and then retype
this 28-character code to verify that you have it and my fat thumbs take
a bit longer to get that typed in. Now that all the requirements are
met, I can finish the setup process. Apple will warn you that you are now
taking responsibility for your data, they’ll have you confirm your recovery
contact and then you’ll have to type in the 28 character recovery key…again. Verify
your phone’s passcode and then you’re done! Again, I highly recommend you take this step
to secure your data if you use Apple devices, but there is one reason why some
people might not want to turn it on. And it’s simply this: don’t turn this on if you
don’t want to be responsible for your own data. That’s not meant to be condescending
at all. When I told my mom about this, her first response was exactly that: “I don’t
want to risk losing all my own photos and notes!” And that’s something you need to understand.
Greater privacy and security requires a higher level of responsibility that you take
on yourself. You can’t moan and groan about companies like Facebook, Google
or Apple collecting data on you and then get mad when you lose all your data
because you forgot your password. Either you put trust in them or you put trust in
yourself. It’s your data and it’s your call. Let me know if you have any questions in
the comments below and then watch this video next where I show you how to setup a 2FA key for
even greater security with your online accounts.
