Removed by mod
It restoring deleted photos onto wiped devices that have been resold is a privacy nightmare.
I wonder if they’re doing that to reduce the write cycles on the cells and since they’re “encrypting” the contents of the cells they figure the overall IO flag of the data being deleted is “good enough”.
So, in a perfect world, when you wipe the phone it’s basically just trashing the encryption key and so it’s useless data.
That’s all assuming that the encryption method/keys are foolproof which is always a bad bet.
And, this here makes me wonder how effective that is.
And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.
That’s a huge issue. Not just for photos but also files for sensitive data, secrets, etc. this, if true, is a massive issue overall since it even happening at all shouldn’t be possible.
Indeed. If true, it means Apple’s technology doesn’t work the way they claim. Which is a really big issue.
It seems unlikely that this is accidentally reading old encrypted data blocks. The filesystem wouldn’t even try to access data that it hasn’t written to yet. So you would need both filesystem bugs and bugs with encryption key management.
I think the theory that iCloud is accidentally restoring images based on the device ID is much more likely. It is also quite concerning but seems more plausible to me.
Offloading the data to the cloud and making it accessible on other devices no longer signed into iCloud.
That is so much worse if true.
So now we know, iPhones and iPads don’t TRIM their storage memory.
thats really bad for longevity
$.05 explanation for those unfamiliar?
Here’s the ELI5.
Imagine there’s a set of lockers in a school.
When a student leaves the school or changes lockers they remove the label on the locker but don’t empty it.
A TRIM, however, means that they not only remove the label from the locker by also clean out its contents.
Not quite; the contents all go in a bag labeled “trash” — someone still has to remove it from the locker.
Good point.
TRIM is a command / instruction for solid state storage to release a block of data, so it is blanked and ready to be written again.
No, it actually isn’t. TRIM doesn’t erase data.
https://www.techtarget.com/searchstorage/definition/TRIM
Trim marks blocks for deletion. It doesn’t delete anything.
Usually when you “delete” data on a storage medium you really just remove a reference to it. The data is still sitting on the disk if you know where to look.
TRIM
is a command that tells the storage device “I don’t need this anymore” and usually the hardware will return empty data the next time you read it (really the hardware is doing the same thing of just forgetting that there is data there, it is turtles all the way down, but it will track that this block is supposed to be empty and clear it when you next read it).However I think this is an unlikely theory. It would require two bugs:
- The OS would be trying to read data that isn’t supposed to exist. This would be a bug on its own that would likely be quite visible.
- The iPhone uses disk encryption, and when you reset the device the key is (supposed to be) reset, meaning that even if you read the old data it would be useless.
Both of these would be very significant and unlikely to last long without being discovered. Having both be present at the same time therefore seems very improbable to me.
I wonder if this has anything to do with Apple’s CSAM scanning. You know, hang on to the photos as evidence, and, for an added bonus, sell more iCloud storage because the “System Data” now exceeds the free iCloud data storage quota. Win-win!
One user also said they saw a photo return even though they don’t sync their phone or use iCloud
I was assuming that all these people had photos save to iCloud when it launched years ago and are seeing them appear now. If it’s not an old desync bug between deleting images off of iCloud/local device then this will be interesting.
And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.
How would that even work? Wiping a device resets the encryption keys, doesn’t it?
And the images are tied to an Apple ID.
So somehow the fully factory reset iPad accidentally logged in to the old Apple ID and merged deleted photos to the new Apple ID
Both seem equally improbable.
It sounds like these aren’t still on the device somewhere, but re-downloaded from iCloud.
So presumably the device ID is somehow being used to incorrectly “authenticate” to iCloud and old images are being restored.
This definitely raises some major concerns about how iCloud authentication works.
It actually doesn’t seem possible as there are too many systems that need to fail for it be true. The encryption key, access to another Apple ID and Photos having access to it all.
We are finding out that it’s not the images that are restored, but the thumbnails. Which is why the images are low quality when opened. The original photos are gone but the thumbnails still survive on Apple’s servers. Likely just cached. Which of course only applies to those logged into their accounts, not on other wiped devices.
Watch them claim it’s their property…
Taking nude pics on any “smart” device is just a bad idea.
The issue is not really that people are using smart devices for whatever, but that they were explicitly promised that the devices were safe enough to guard your private data. And that was a lie from Apple to sell more devices.
This is 100% on Apple’s head. Not the consumers that were lied to.
Besides, which devices are so “not smart” these days that there is no chance of data leakage or recovery?
I should absolutely be able trust my phone to store my private data. If my phone isn’t trustworthy that is an issue that should be resolved. I mean sure, every copy of data is a risk, but there are a lot of more valuable data (in my opinion) on my phone than nudes.
Yes you should, but you have take your data safety into your own hands. You cannot trust Google, Apple, and other big tech companies. That is not to say that these companies should get away with the things they do, there should be punishment… but that is the reality.
deleted by creator
I’m sure this is a dumb programming error (files are not deleted until overwritten with new data with solid state media). A boneheaded fuckup. Another person reported old voicemails being flagged as new. Either way, I’m waiting to upgrade to this version as a result.
File systems have a record where the binary data for a file like a photo is stored. That’s deleted, without that you’d have to extensively scan the whole memory and hope to recognize that a chunk is an image file.
Whatever Apple is did in this update, it’s probably not good
If it is indeed a boneheaded mistake, then it’s probably because of over reliance on RPC-type calls from the front-end that displays the data, to the back-end that actually handles the data. User deletes photo, and the front-end, instead of actually deleting it, tells the backend to do it… and then hides the photo from view, maybe updates its index of photos marking them as “deleted” regardless of whether the backend actually deleted the photo.
Then an OS update comes along, and rescans the filesystem, and report a bunch of new photos to the front-end, that then happily add them to the GUI to the user’s surprise.
Modern APIs and software architectures are a bloated, unnecessarily complex mess, and this is the result.
It’s quite possible, although I’m inclined to blame it on turnover and pressures for deadlines
I’ve come to see software kinda like a plant. If you neglect it, it rots, because all software is contextual and the world moves on. If you keep growing it, it starts to rot from the inside. If you carve out down to something smooth and streamlined, it can last a long time and just need TLC to bounce back
Ultimately, if you want something to be big and to last, you have to prune it, transplant it, and continuously work on it. There’s no direct money to be made there though
And it helps a shit ton to have people around long-term. It can take years to learn a big stack, but having someone go “wait, if we do this we need to rexamine how we delete photos” is how you avoid fuck ups like this
Wow, beautiful analogy! I’m going to use that in my professional career if you don’t mind. Also with your permission I’d like to give you credit with a link to this comment, if that’s OK with you, of course.
Some unit tests might have been lacking. But yea. I personally like to keep things simple, but a lot of tech companies seem to prefer quite the opposite sometimes
laughs in DOS
Apple, or as I’ve taken to call it, Mother Superior.
I hope we will get to the bottom of this, because all the armchair experts with tons of different explanations for how this happened are annoying. There are so many people confidently explaining different conflicting theories.
I didn’t use a single Apple device and I wouldn’t do it anyway so who cares…
so who cares
All the other people who do use one?