安全权衡

我见过的关于上周iCloud名人照片泄漏的最糟糕的一件事,到目前为止,this one from David Auerbach at Slate要了解奥尔巴赫的来源,让我们先来看看他的结论:

But whether or not any of these problems were directly responsible for the leak, Apple users, from Jennifer Lawrence to corporate executives to laptop musicians to you, should be out for blood, and other companies should use this as a lesson to double- and triple-check their own security storiesApple will probably survive thoughIPhones [SIC真是太酷了。

旧的“苹果客户是愚蠢的傻瓜,被光鲜的东西所吸引,并且很容易受到流行观点的影响”的角度。

这是奥尔巴赫作品的问题:

Whether or not this particular vulnerability was used to gather some of the photos — Apple is not commenting, as usual, but the ubiquity and popularity of Apple’s products certainly point to the iCloud of being a likely source — its existence is reason enough for users to be deeply upset at their beloved company for not taking security seriously enoughHere are five reasons why you should not trust Apple with your nude photos or, really, with any of your data.

不要相信Apple“使用你的任何数据”不仅仅是错误的,因为它是一种双曲线过度反应,这是错误的,因为它有潜在危险对这张照片泄漏丑闻的反应大部分都被忽视了,并且在奥尔巴赫的论证中完全丢失了,那就是备份是一种安全形式- 从同样的意义上说,人寿保险是您孩子和配偶的一种安全保障。

多年来,我收到了来自过去和前Genius Bar支持人员的大量电子邮件,讲述了类似的心碎故事客户进来,他们的iPhone完全坏了,丢失或被盗,他们手上有珍贵的照片和视频一个孩子的诞生他们与一位心爱的配偶度过的最后一次假期已经过去了Did they ever back up their iPhone to a Mac or PC with iTunes? No在许多情况下,他们甚至不知道“PC上的iTunes”甚至意味着什么或者也许他们将iPhone连接到iTunes一次,当他们购买它并需要激活它,然后再也不会。

这发生在成千上万的人身上这就是为什么Apple将基于云的备份作为iCloud的基本支柱之一今天,对于尚未注册iCloud并启用iCloud备份的人来说,它仍然会发生在大多数情况下,它令人心碎,而且在一些情况下彻底毁灭性的我听说Genius Bar工作人员最终离开了这份工作,因为处理遭受数据丢失的客户的压力很大一旦确定照片和视频无法从设备中恢复并且从未备份过,Genius职员的工作就会从技术人员变成悲伤顾问。丧亲之痛is not too strong a word.

iCloud备份并没有消除这个问题,但它们使它变得不那么常见了就像技术中的几乎所有东西一样,这是一种权衡:

  • 如果经常同步/备份到基于云的服务,那么您的数据将远离无法挽回的损失。

  • 如果您的数据经常同步/备份到基于云的服务,则更有可能被盗。

理想情况下,提供此类服务的公司可以最大限度地降低您的帐户被劫持的风险,同时最大限度地提高设置和使用它的简单性和易用性但显然这两个目标是冲突的没有办法在适当的平衡处于最大安全性和最小复杂性之间。

Further, I would wager heavily that there are thousands and thousands more people who have been traumatized by irretrievable data loss (who would have been saved if they’d had cloud-based backups) than those who have been victimized by having their cloud-based accounts hijacked (who would have been saved if they had only stored their data locally on their devices).

It is thus, in my opinion, terribly irresponsible to advise people to blindly not trust Apple (or Google, or Dropbox, or Microsoft, etc.) with “any of your data” without emphasizing, clearly and adamantly, that by only storing their data on-device, they greatly increase the risk of losing everything.

The problems here are multifaceted and complicated; “don’t trust anything in the cloud” is simplistic and, in its own way, dangerous.

后记:And what about email and messaging? If one doesn’t trust Apple or other cloud-based providers with backups, how can you trust them with email or messages, both of which often contain photos? Further,正如查尔斯英指出的那样,Apple将在iOS 8中改进这一点在iMessage中使用自毁附件