The theft of celebrity photos from Apple’s iCloud has highlighted two things. The first is that people don’t know, or understand, what happens to their digital property when they tick the “backup everything to iCloud” check boxes. The second is that Apple (and other cloud providers), in their eagerness to make the process as simple as possible, do a really bad job of explaining what is going on, and importantly, what can happen if things go wrong.
If you think that this is because the average user would struggle with any basic technology, even security expert Christopher Soghoian had to resort to reading the manual to find out if iCloud backed up photos by default.
In fact, the entire interaction with iCloud is actually not that simple. Apart from backups of your iPhone or iPad, there is the ability to “import” photos from your devices to a Mac or Windows PC. And then there is My Photo Stream which allows Apple users to share photos with other people. Very confusingly, this services uses iCloud but is not a permanent backup of photos. They last only 30 days and Apple’s advice is that if you want to back them up, you need to use, you guessed it, iCloud.
Again, it is not just ordinary users who have been confused by all of this. A Forbes reporter claiming to be telling readers how to “Disable Apple iCloud” actually ends up telling them how to switch off “Photo Stream” and not the iCloud backups.
The general frustration with iCloud was summed up in a tweet by Kirsten Dunst who declared iCloud a “piece of poo” (paraphrased).
Keeping track of where every photo you ever took is actually located is not that easy. It could be on any number of devices, in any number of apps and in any number of cloud services. The other cloud services like Dropbox, for example, also have photo syncing capabilities. This means that photos could potentially find their way on to a range of other machines and devices if Dropbox is enabled on them.
In our hyperconnected world, digital objects have inherited the property of stickiness. Photos end up everywhere and it takes not only the knowledge of how all of the synchronisation works to understand where, but also a determined approach to e-Cleaning to make sure that they are not in places you didn’t expect.
Of course, on top of all of this is understanding the different ways that people can actually gain access to your account to get hold of things that you have uploaded, backed up or synchronised. In the case of the celebrity photos, it may have been a trial and error guessing of passwords on an iCloud service that didn’t check for repeated failed login attempts. However, previous iCloud hacks used social engineering and other tactics to gain access to people’s accounts.
In the end, the safest way to avoid problems is to not store photos, or anything else private for that matter, on a cloud service. Or at least if you do, do it in a controlled way where you actually know where the photos and other documents are. This, of course, is likely to be impractical for most people.
An alternative is to do what most teenagers are now doing and treat the entire Internet as ephemeral. If you are going to take photos, use a service like Snapchat. If you are going to send emails, use Confide, which destroys the emails after they have been read. This actually may make the most sense because after all, when was the last time you managed to not only want to look at a photo you took years ago, and actually find where you saved it?