• Fubarberry@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    97
    arrow-down
    1
    ·
    7 months ago

    It restoring deleted photos onto wiped devices that have been resold is a privacy nightmare.

    • SzethFriendOfNimi@lemmy.world
      link
      fedilink
      arrow-up
      34
      arrow-down
      1
      ·
      edit-2
      7 months ago

      I wonder if they’re doing that to reduce the write cycles on the cells and since they’re “encrypting” the contents of the cells they figure the overall IO flag of the data being deleted is “good enough”.

      So, in a perfect world, when you wipe the phone it’s basically just trashing the encryption key and so it’s useless data.

      That’s all assuming that the encryption method/keys are foolproof which is always a bad bet.

      And, this here makes me wonder how effective that is.

      And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.

      That’s a huge issue. Not just for photos but also files for sensitive data, secrets, etc. this, if true, is a massive issue overall since it even happening at all shouldn’t be possible.

      • Em Adespoton@lemmy.ca
        link
        fedilink
        arrow-up
        21
        ·
        7 months ago

        Indeed. If true, it means Apple’s technology doesn’t work the way they claim. Which is a really big issue.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        7 months ago

        It seems unlikely that this is accidentally reading old encrypted data blocks. The filesystem wouldn’t even try to access data that it hasn’t written to yet. So you would need both filesystem bugs and bugs with encryption key management.

        I think the theory that iCloud is accidentally restoring images based on the device ID is much more likely. It is also quite concerning but seems more plausible to me.

        • SzethFriendOfNimi@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          Offloading the data to the cloud and making it accessible on other devices no longer signed into iCloud.

          That is so much worse if true.

      • SzethFriendOfNimi@lemmy.world
        link
        fedilink
        arrow-up
        26
        arrow-down
        2
        ·
        7 months ago

        Here’s the ELI5.

        Imagine there’s a set of lockers in a school.

        When a student leaves the school or changes lockers they remove the label on the locker but don’t empty it.

        A TRIM, however, means that they not only remove the label from the locker by also clean out its contents.

      • Blaster M@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        7 months ago

        TRIM is a command / instruction for solid state storage to release a block of data, so it is blanked and ready to be written again.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        7 months ago

        Usually when you “delete” data on a storage medium you really just remove a reference to it. The data is still sitting on the disk if you know where to look. TRIM is a command that tells the storage device “I don’t need this anymore” and usually the hardware will return empty data the next time you read it (really the hardware is doing the same thing of just forgetting that there is data there, it is turtles all the way down, but it will track that this block is supposed to be empty and clear it when you next read it).

        However I think this is an unlikely theory. It would require two bugs:

        1. The OS would be trying to read data that isn’t supposed to exist. This would be a bug on its own that would likely be quite visible.
        2. The iPhone uses disk encryption, and when you reset the device the key is (supposed to be) reset, meaning that even if you read the old data it would be useless.

        Both of these would be very significant and unlikely to last long without being discovered. Having both be present at the same time therefore seems very improbable to me.

  • krnl386@lemmy.ca
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    7 months ago

    I wonder if this has anything to do with Apple’s CSAM scanning. You know, hang on to the photos as evidence, and, for an added bonus, sell more iCloud storage because the “System Data” now exceeds the free iCloud data storage quota. Win-win!

  • CluckN@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    7 months ago

    One user also said they saw a photo return even though they don’t sync their phone or use iCloud

    I was assuming that all these people had photos save to iCloud when it launched years ago and are seeing them appear now. If it’s not an old desync bug between deleting images off of iCloud/local device then this will be interesting.

  • Lemmchen@feddit.de
    link
    fedilink
    arrow-up
    18
    ·
    7 months ago

    And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.

    How would that even work? Wiping a device resets the encryption keys, doesn’t it?

    • lepinkainen@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      And the images are tied to an Apple ID.

      So somehow the fully factory reset iPad accidentally logged in to the old Apple ID and merged deleted photos to the new Apple ID

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      It sounds like these aren’t still on the device somewhere, but re-downloaded from iCloud.

      So presumably the device ID is somehow being used to incorrectly “authenticate” to iCloud and old images are being restored.

      This definitely raises some major concerns about how iCloud authentication works.

    • meseek #2982@lemmy.ca
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      It actually doesn’t seem possible as there are too many systems that need to fail for it be true. The encryption key, access to another Apple ID and Photos having access to it all.

      We are finding out that it’s not the images that are restored, but the thumbnails. Which is why the images are low quality when opened. The original photos are gone but the thumbnails still survive on Apple’s servers. Likely just cached. Which of course only applies to those logged into their accounts, not on other wiped devices.

    • MummifiedClient5000@feddit.dk
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 months ago

      The issue is not really that people are using smart devices for whatever, but that they were explicitly promised that the devices were safe enough to guard your private data. And that was a lie from Apple to sell more devices.

      This is 100% on Apple’s head. Not the consumers that were lied to.

      Besides, which devices are so “not smart” these days that there is no chance of data leakage or recovery?

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      I should absolutely be able trust my phone to store my private data. If my phone isn’t trustworthy that is an issue that should be resolved. I mean sure, every copy of data is a risk, but there are a lot of more valuable data (in my opinion) on my phone than nudes.

      • KrapKake@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Yes you should, but you have take your data safety into your own hands. You cannot trust Google, Apple, and other big tech companies. That is not to say that these companies should get away with the things they do, there should be punishment… but that is the reality.

  • some_guy@lemmy.sdf.org
    link
    fedilink
    arrow-up
    8
    arrow-down
    5
    ·
    7 months ago

    I’m sure this is a dumb programming error (files are not deleted until overwritten with new data with solid state media). A boneheaded fuckup. Another person reported old voicemails being flagged as new. Either way, I’m waiting to upgrade to this version as a result.

    • Boomkop3@reddthat.com
      link
      fedilink
      arrow-up
      12
      ·
      7 months ago

      File systems have a record where the binary data for a file like a photo is stored. That’s deleted, without that you’d have to extensively scan the whole memory and hope to recognize that a chunk is an image file.

      Whatever Apple is did in this update, it’s probably not good

      • krnl386@lemmy.ca
        link
        fedilink
        arrow-up
        14
        arrow-down
        1
        ·
        7 months ago

        If it is indeed a boneheaded mistake, then it’s probably because of over reliance on RPC-type calls from the front-end that displays the data, to the back-end that actually handles the data. User deletes photo, and the front-end, instead of actually deleting it, tells the backend to do it… and then hides the photo from view, maybe updates its index of photos marking them as “deleted” regardless of whether the backend actually deleted the photo.

        Then an OS update comes along, and rescans the filesystem, and report a bunch of new photos to the front-end, that then happily add them to the GUI to the user’s surprise.

        Modern APIs and software architectures are a bloated, unnecessarily complex mess, and this is the result.

        • theneverfox@pawb.social
          link
          fedilink
          English
          arrow-up
          7
          ·
          7 months ago

          It’s quite possible, although I’m inclined to blame it on turnover and pressures for deadlines

          I’ve come to see software kinda like a plant. If you neglect it, it rots, because all software is contextual and the world moves on. If you keep growing it, it starts to rot from the inside. If you carve out down to something smooth and streamlined, it can last a long time and just need TLC to bounce back

          Ultimately, if you want something to be big and to last, you have to prune it, transplant it, and continuously work on it. There’s no direct money to be made there though

          And it helps a shit ton to have people around long-term. It can take years to learn a big stack, but having someone go “wait, if we do this we need to rexamine how we delete photos” is how you avoid fuck ups like this

          • krnl386@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            Wow, beautiful analogy! I’m going to use that in my professional career if you don’t mind. Also with your permission I’d like to give you credit with a link to this comment, if that’s OK with you, of course.

        • Boomkop3@reddthat.com
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          Some unit tests might have been lacking. But yea. I personally like to keep things simple, but a lot of tech companies seem to prefer quite the opposite sometimes

  • dev_null@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    I hope we will get to the bottom of this, because all the armchair experts with tons of different explanations for how this happened are annoying. There are so many people confidently explaining different conflicting theories.

  • AnAnonymous@lemm.ee
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    7 months ago

    I didn’t use a single Apple device and I wouldn’t do it anyway so who cares…