recentpopularlog in

charlesarthur : icloud   18

Apple delays iCloud Drive file sharing until next spring • Cult of Mac
Killian Bell:
<p>Apple’s <a href="">All Features webpage for macOS</a>, which lists everything that’s new in Catalina, stated earlier this week that iCloud Drive file sharing would launch before the end of this year.

The page has been updated following the public rollout of macOS Catalina on Monday, however. File sharing will now be available in spring of next year.

Communication Limits for Screen Time, which fall under the same asterisk on that All Features page, also appear to have been delayed until early 2020.

File sharing, which allows users to collaborate on files through iCloud and see updates as they happen, is a key feature of competing cloud storage services like Dropbox.</p>

Well, yeah. iCloud offers various tiers at 5GB, 50GB, 200GB and 1TB; Dropbox offers 2GB for free, or 1TB at the same price as Apple ($9.99/month). The key thing Dropbox has is that sharing. Though of course you can just focus on putting stuff you want to share into Dropbox, and keep the stuff you want to share only with yourself in iCloud.
apple  icloud  dropbox 
12 days ago by charlesarthur
Beware the Apple iCloud phone phishing scam • Frequent Business Traveler
<p>Scammers have a new and improved way to fool people. A new phone-based phishing scam spoofing Apple’s official support number is likely to take a lot of people by surprise and result in those being called providing the scammers with sensitive information.

The call mimics an official Apple support call, displaying Apple’s logo, Cupertino address, and real toll-free number (800 692-7753). This is the same number, displayed as 800 MY-APPLE, when Apple customers request a call from the company.

Several FBT staffers have reported getting such calls in recent weeks. The calls are not identified by T-Mobile (the mobile operator used by our parent company, Accura) as “Scam Likely” even though it is clear that Apple’s number is being spoofed.

The automated message states that the recipient’s iCloud account “has been compromised” and that he should “stop going online.” The automated message then prompts the caller to dial a toll-free number with an 866 prefix for Apple support.

Typically, Apple’s automated system would prompt the caller to press “1” to be connected to Apple support.

I tried calling the 866 number, which was answered by a main greeting that told me I had reached Apple support and provided an expected wait time. The call was answered by a man with a vague Indian accent who, after asking the reason for my call, disconnected it.</p>

So much excess capacity in Indian call centres; seems like they've found a new version of their virus scam.
india  callcentre  virus  scam  icloud 
6 weeks ago by charlesarthur
The real problem with Apple’s iCloud storage options (hint, it’s not price) • BirchTree
Matt Birchler:
<p>As I’ve expressed time and time again, <a href="">every single paid tier of iCloud storage gets you more bang for your buck than the competition</a>. Despite what I hear from time to time, iCloud is a great deal if you’re looking for some online storage. I think Apple’s free tier (5GB) is totally reasonable for a file backup and sync service, and their paid options are pretty excellent.

But iCloud’s real problem is with how that storage is used.

I have a 64GB iPhone 8 Plus which is Apple’s entry level storage option. My backup, which is stored on iCloud, is 8.9GB. If I was on the free storage tier, I would not be able to back up my iPhone. I also have about 112GB of photos synced with Apple Photos which would also not be possible on the free storage tier.

We can argue about whether Apple should have a free photo sync/backup solution like Google Photos, but the backups are the real killer. Being able to back up one’s phone is not a “premium feature” by any means, it’s basic functionality. There are suggestions out there to do all sorts of crazy things with building up free storage depending on how many Apple devices you own and such, but I think that way lies madness.

I think the solution for Apple’s “iCloud is too expensive” problem is super simple: don’t count iPhone and iPad backups towards your iCloud storage, and offer a free, limited photo backup option.

By doing this, your backups would always work no matter how much storage you have.</p>

Every year as WWDC rolls around, people expect Apple to change this. So far, every year it hasn't. (It just <a href="">quietly lowers the prices</a>.)
apple  icloud 
april 2018 by charlesarthur
Apple moves to store iCloud keys in China, raising human rights fears • Reuters
Stephen Nellis:
<p>When Apple begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud.

That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the US legal system.

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the US courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

Human rights activists say they fear the authorities could use that power to track down dissidents, citing cases from more than a decade ago in which Yahoo handed over user data that led to arrests and prison sentences for two democracy advocates. Jing Zhao, a human rights activist and Apple shareholder, said he could envisage worse human rights issues arising from Apple handing over iCloud data than occurred in the Yahoo case.

In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.</p>

China today - and Russia, Turkey, the Philippines tomorrow, if they pass similar laws? Where does it stop? An iCloud backup also includes iMessage, so this is a risk to activists. I expect they will take two countermeasures: stop using iCloud (and delete all their backups), and start (or continue) using apps such as Signal.

It's a sign of the roach motel effect of China on Apple: it's such a big slice of its business now that it can't (unlike Google in 2010) just refuse to do business there.
Apple  icloud  china 
february 2018 by charlesarthur
Here's where the Apple accounts hackers are threatening to wipe came from • Troy Hunt
Hunt, who has the fabulously useful "Have I Been Pwned" database, analysed a "sample" from the self-styled Turkish Crime Family hackers, who were threatening* to wipe 300 million iCloud accounts. The sample was 69,355 email addresses, of which about 40,000 clearly came from a breach of the Evony game site - down to both the email and password:
<p>I could load the MySpace breach and the LinkedIn breach and keep cracking hashes and filling in gaps, but the source of the data was now abundantly clear. Let's apply Occams Razor to this and I'll draw the most obvious conclusion possible from the whole thing:

The list of Apple accounts is not hundreds of millions, it is instead less than 53k and it's compromised predominantly of accounts from the Evony data breach and a small handful of others.

Now, that's not to say there's no risk at hand here, but rather that the risk is no different to the one we're faced after every data breach: a bunch of people have reused their passwords and they're now going to have other accounts pwned as a result. But that's a very different story to the headlines of "hundreds of millions of Apple accounts will be reset and iPhones wiped". It's nowhere near as bad 53k either because a significant chunk of those people won't have reused their passwords. Of those that have, many my no longer even be valid for Apple services and indeed Zack found that when he reached out to people listed in the sample data. But here's something even more significant - Apple has the sample set I've been analysing which puts them well and truly one step in front of TCF. </p>

Kudos to Zack Whittaker, who was the journalist who got the "sample" and shared it with Hunt. (My comment two weeks ago: "It sounds like a bluff. They might have access to a few hundred thousand iCloud accounts…") A person was arrested on March 29.
hacking  icloud 
april 2017 by charlesarthur
FBI Complaint and Affidavit for Search Warrant, re: John Rivello in Kurt Eichenwald GIF-tweeting case • DocumentCloud
This is a scan of the document; you'll have to read it. The perpetrator used a burner phone to create the account - but used his old SIM in it. And his SIM was associated with a smartphone...
icloud  rivello  fbi 
march 2017 by charlesarthur
If your iPhone is stolen, these guys may try to iPhish you • Krebs on Security
Brian Krebs:
<p>Recently, I heard from a security professional whose close friend received a targeted attempt to phish his Apple iCloud credentials. The phishing attack came several months after the friend’s child lost his phone at a public park in Virginia. The phish arrived via text message and claimed to have been sent from Apple. It said the device tied to his son’s phone number had been found, and that its precise location could be seen for the next 24 hours by clicking a link embedded in the text message.

That security professional source — referred to as “John” for simplicity’s sake — declined to be named or credited in this story because some of the actions he took to gain the knowledge presented here may run afoul of U.S. computer fraud and abuse laws.

John said his friend clicked on the link in the text message he received about his son’s missing phone and was presented with a fake iCloud login page: appleid-applemx[dot]us. A lookup on that domain indicates it is hosted on a server in Russia that is or was shared by at least 140 other domains — mostly other apparent iCloud phishing sites — such as accounticloud[dot]site; apple-appleid[dot]store; apple-devicefound[dot]org; and so on.

While the phishing server may be hosted in Russia, its core users appear to be in a completely different part of the world.</p>

Basically, John went gently a-hackin', and he wound up finding a crim so dim he'd hacked his own phone and stored selfies on his iCloud account and left "Find my iPhone" on.
security  icloud 
march 2017 by charlesarthur
Fighting iOS Calendar Spam • The New York Times
<p>Q. I have been getting spam invitations to my iOS calendar recently. They come from Chinese accounts and their subjects are for super-discounted Ray-Bans and the like. Is there any solution to this?</p>

Yes, there are a few, and the NYT has them.
apple  icloud  spam 
november 2016 by charlesarthur
From Dropbox to iCloud Drive: a review and some thoughts • Finer Things in Tech
David Chartier has shifted 1TB of stuff from Dropbox over to iCloud Drive:
<p>For personal uses, iCloud Drive has performed pretty well for me the past couple months. The speed of saving files to and retrieving files from iCloud Drive feels on par with Dropbox on both iOS and Mac, thanks in part to improvements in macOS Sierra. However, I should restate that I do much less collaboration with raw files these days. I create and manage nearly all of my work in apps and services like Ulysses, Quip, Todoist, and Trello, then share or publish it with others in online systems like WordPress (this site), Weebly (my personal and business sites), Quip, or Google Drive. Of course, your mileage will vary.

The few raw files I still work with are things like PDF books I download, or media resources I snag from Unsplash, Envato, and elsewhere for content and blogging. If I need to receive files, I can of course still use my free Dropbox space, or I can visit Dropbox share links in a browser on any device. When it’s time to share files with others, Dropbox can still work, but so can Droplr.

Others who have made this transition told me there’s a noticeable performance boost to be had by uninstalling Dropbox from a Mac, which I just did yesterday. They weren’t kidding.</p>

Removing Dropbox speeds things up? This is getting worse and worse.
cloud  dropbox  icloud 
october 2016 by charlesarthur
Setting up a new iPhone — it just does not work • Medium
Ouriel Ohayon:
<p>Restoring all your apps take a good one hour at minimum because they need to be re-downloaded. In my case (have a lot of apps) it will take a few hours.

Some of those apps (eg Spotify, Downcast for podcasts, Audible…) have content to be downloaded for offline consumption. iTunes and iCloud backup don’t include those (it would cost me a lot of icloud $) and iTunes back up does not include those. So there you go, you need to download again each app the content. One by One.

Then if you have an Apple watch, you need to unpair it from the old phone, then reset the watch, and pair again the Watch (a good 30 min). Even John Gruber (ZE Apple expert) <a href="">screwed up in this</a>.

Then you need to reset Apple pay and all your cards, on your iPhone and your watch.

Then you have for certain apps to go through the 2 key authentication process again (payment apps, bank apps).

Reset 2 key authentication for all services you are already using (a real pain in the b…). Certain apps just need sign in again like Google Apps and of course Authenticator. Reset of 1password (if sync with Dropbox). Then for Communication apps (Viber..) you need to reset your account to your new Phone (even with the same line).</p>

(Odd he doesn't mention doing a restore from iTunes - though I understand some people detest iTunes. But you could, you know, just use it for setting up your phone. It won't reach out and kill you.)

Setting up a new iPhone from an iCloud backup (if you're not going down the iTunes route) is like Churchill's description of democracy - the worst, except for all the others. Has Ohayon ever tried setting up a new Android phone? The experience is <a href="">nowhere near that on iOS</a>. There is an Android Backup service, but as Google's help <a href="">notes</a>, "not all apps use [it]. Some apps may not back up and restore all data."

As for the complaints about two-factor authentication - the <em>idea</em> of 2FA is that it's hard to configure a new device. Ditto for credit cards in Wallet.

Sometimes it feels as though people complain without considering what they're complaining about. If this stuff were easy to do, imagine the real havoc that a hacked iCloud password would cause to the actual owner - and how much someone like Ohayon would complain if they were the victim: I'm sure we'd hear that Apple had made it too easy for people to set up new phones from a UID/password combination.
apple  icloud  setup 
september 2016 by charlesarthur
Apple, stop being stingy with the iCloud storage • Macworld
Kirk McElhearn:
<p>These services, once dependent on an annual subscription ($99 a year for MobileMe in the US; $149 for a family plan), are now free. But as the price dropped, so did the amount of storage allocated to users. From 10GB with .Mac (initially, .Mac offered 100MB), to 20GB with MobileMe, iCloud only offers 5GB per user. You can pay to get more storage, of course, and that’s how Apple makes some spare change. But only 5GB per user? Seriously?

Remember, you use your iCloud storage not only for your data—photos, email, files, etc.—but also to back up your iOS devices. The files are stored just once, no matter how many devices you own, but each device needs space for its backup. I’m probably not alone in having more than one iOS device. Many people have an iPhone and an iPad, and backing up two devices with a 5GB plan is difficult. If you have an average photo library (mine is 3.9GB), and I don’t take a lot of photos, then you’re quickly short on space. And while I’m not an email hoarder, I know people who have gigabytes of email. And when people run out of space, the first thing they probably do is turn off backups for their devices, which isn’t a good idea. If anything, device backups shouldn’t count against the iCloud storage quota, because they are so important.

There is no such thing as a free lunch, and that iCloud account really isn’t “free;” it’s factored into the cost of the devices we buy. So why doesn’t Apple give us 5GB of iCloud storage for each device we own? If you have an iPhone, you get 5GB. If you also have an iPad, you get another 5GB. And if you have a Mac, perhaps you get an additional 10GB, especially because of the new optimized storage feature in macOS Sierra that will let you offload infrequently used files to iCloud.</p>

There are lots of oddities about Apple's policy on iCloud storage. For one, the free tier hasn't shifted in years, even while the base amount you get with a phone or iPad has doubled. For another, there's the fact that it's per account, not per device. And there's the puzzle of quite what in your backups counts against it.

Possibly Apple is waiting to double it along with the next iPhone launch; at the same time it could update its ancient Mac Pros (900+ days since update), and the Mac mini (keeps going backward) and the MacBook Pros (only really gained Force Touch, no significant processor upgrades).
apple  icloud  storage 
july 2016 by charlesarthur
A second US man pleads guilty to hacking celebrity accounts • Computer Weekly
Warwick Ashford:
<p>A second US man has pleaded guilty to gaining authorised access to celebrity iCloud and Gmail accounts and stealing nude images that were leaked online in 2014.

Edward Majerczyk (28) of Chicago, Ilinois used similar methods as Ryan Collins (36) of Lancaster, Pennsylvania, but US authorities have not made any connections between the two men.

Although both used phishing emails to trick celebrities into divulging their passwords, neither have been linked to leaking stolen private images and videos online.

Police investigations into the online leaks that involved more than 100 celebrities, including Rihanna and Jennifer Lawrence, led to the arrest of Majerczyk and Collins.

Collins targeted victims with emails that appeared to come from Apple and Google to get their log-in details, while Majerczyk’s sent messages that looked like security warnings from internet service providers that tricked victims into visiting malicious websites designed to steal log-in information…

…Majerczyk is believed to have stolen the log-in credentials more than 300 Apple iCloud and Gmail accounts between November 2013 and August 2014, including those of around 30 celebrities, according to a <a href="">statement by the US Attorney’s Office</a>.</p>

Note the ages; these weren't, as the banter would have it, teens in their basement <a href="">pounding the iCloud servers to exploit a weakness in the Find My iPhone password system</a>. Security breaches are usually about the path of least resistance, not most complication.
icloud  celebrity  hacking 
july 2016 by charlesarthur
SMS phishing attackers continue to pursue Apple users » WeLiveSecurity
Graham Cluley:
<p>A week ago I <a href="">reported on my personal blog</a> how criminals were spamming out SMS messages that claimed to come from Apple, but were actually designed to steal personal information for the purposes of identity theft.

The messages all used a cunning piece of social engineering – posing as a notice from Apple that their Apple ID was due to expire that very day – to get unsuspecting users to click on a link to a phishing website.

The SMS messages were even more convincing because they referred to recipients by name, most likely fooling some into believing that there was a genuine reason to act upon the alert and visit the site pointed to by the criminals.

Although the site the criminals were initially using – – was quickly blocked by the major web browsers and taken down, that didn’t take the wind out of the criminals’s sails.

In the days since it has become clear that the identity thieves have registered a series of other domains – all claiming to be related to Apple or Apple ID. Examples have included,, and</p>

There was a big run of these over the weekend; my wife received two, which used her name. They do come via SMS; it seems that once someone's address book is hacked, messages are then sent out to people in the address book. Standard phishing attack, jumping from one victim to the potential next.

Apple needs to be proactive and set up a way for people to forward these to its security team. And make two-factor authentication easier to implement. (Too late for those who have been hit.)
apple  icloud  phishing 
april 2016 by charlesarthur
15: Please don't enter the iCloud password » picomac
Ed Cormany:
<p>With TouchID, unlocking my phone is something I do dozens of times per day without thought. Even when I have to fall back to a passcode — it gets cold outside in places other than California! — it's seamless. Most importantly, it's predictable; I only have to authenticate in response to my own action of turning on the phone's display.

I can't say the same for iCloud authentication. In theory, I should only have to enter my iCloud credentials at device setup, or when performing specific actions like confirming a purchase. Yet most of the time I'm presented with an iCloud password dialog, it's out of the blue, with no explanation: simply "Please enter the iCloud password for…" my Apple ID. It's frustrating, sure, but more than that it's troubling. Because I respond to that dialog differently than the vast majority of iCloud users.

I always click Cancel.

My iCloud credentials are the key to my digital life across several devices. I don't give them away without an explanation, just as I wouldn't give my Social Security number to someone who stopped me on the street randomly. But if the person behind the counter at the bank asked me for my SSN, even if I'd never seen them before in my life, I would give it over — it's all about context.</p>

<a href="">This tweet</a> from Ben Thompson is relevant. Apple really is not implementing this well.
apple  icloud  security 
april 2016 by charlesarthur
An iCloud scam that may be worse than ransomware » Malwarebytes Labs
Thomas Reed was contacted by a woman who said her iMac was hit by "ransomware":
<p>From the screenshots she sent me, it soon became clear what had happened. The hacker had somehow gotten access to Ericka’s iCloud account.

Using this, he was able to remotely lock her computer using iCloud’s Find My Mac feature, with a ransom message displayed on the screen. (For some reason, the iPhone did not actually end up locked, but displayed the same message.)

The message read: “Contact me: hblackhat(at) All your conversation sms+mail, bank, computer files, contacts, photos. I will public + send to your contacts.”

She also received an e-mail message, in similarly broken English, from her own iCloud address. The message said he had access to all her bank accounts, personal information, etc, and would publish it if she didn’t respond within 24 hours.

This is a pretty serious threat, and quite different from the typical Windows malware. Unfortunately, the story doesn’t end there. Apple designed Find My Mac/iPhone as an anti-theft feature. It is intended to allow you to take a number of actions on a lost or stolen device, including displaying a message, locking it, locating it physically and even remotely erasing it.</p>

As Reed points out, the same <a href="">happened previously in Australia in 2014</a>. Perils of the connected world: do you want to be able to find your machine if it's stolen? But then, how secure is your cloud account?
hack  icloud  imac  security 
march 2016 by charlesarthur
How iCloud Drive deletes your files without warning » Michael Tsai
Tsai quotes Mark Jaquith:
let’s say that, on your shiny new Mac, you want to move these files from iCloud Drive to your local hard drive, or to another synced drive like Google Drive or Dropbox. Well, you can just drag their folders do the other destination, right? You sure can. Apple kindly warns you that your dragging action is moving that folder, and that the files will be moved to your Mac, and won’t exist on iCloud Drive anymore. Fine. That’s what dragging a file from one place to another generally does!

But what happens if there are files inside this folder that haven’t yet synced to your local machine? Well, the move operation will be slower, because your Mac has to first download them from iCloud Drive. But once they download, they’ll be in their new location. Right?

Nope. Those files are now gone. Forever.

Tsai then follows up to show that Apple knows about this - though also pulls together other comments, including one from an ex-Apple services employee, showing that this problem is known internally, but it is being starved of funding.
backup  icloud 
july 2015 by charlesarthur
Getting the 'iCloud Music Library can't be enabled' error? Here's a fix! » iMore
Rene Ritchie:
If you just updated to iOS 8.4 and Apple Music and are now getting an error stating "Cloud Music Library can't be enabled", you're not alone. I got it too, and here's how I fixed it... at least for now!

My guess is that Apple servers are being slammed and iTunes is getting some occasional errors. So, patience and persistence wins out. Here's what I did and how I got iCloud Music Library to work.

Note: iCloud Music Library seems to be the new name for iTunes Match and/or similar features contained as part of Apple Music.

"How-to" articles relate to Apple Music are going to do big business in the next few weeks.
applemusic  icloud 
june 2015 by charlesarthur
Google may have left the best Android "M" feature out of the keynote: automatic app data backup and restore » Android Police
David Ruddock:
Yes, it's happening. Dot. Gif. Android apps are finally getting state backup in the new "M" version of the OS. The full details are here. The short of it is that Android apps will now automatically back up to Google Drive, up to 25MB per app, with no new code required from developers. This is huge.

What's backed up? Settings and app data, which is to say, basically everything so long as you're not talking about something over 25MB in total size. While this may still mean signing into your apps on a new device depending on the app's security, once you do log in, the concept here is that all your settings and saved app data should just reappear on your new device. Which, holy cow, haven't we been asking for this since the beginning of time?

Great - in 2016, Android will have the backup capability that iCloud offered since 2011. Given Google's huge power in cloud services, it's really strange this hasn't been in place much earlier.
androidm  backup  icloud 
may 2015 by charlesarthur

Copy this bookmark:

to read