Apple iCloud encryption vs Cryptomator

Hi. I am in contact with Apple 2nd level support regarding the Webdav issue. They collected lots of data from my M1 MacBook Air for analysis and they will get back to me tomorrow. I hope this will lead to something useful.

Just one additional question: Apple states that all my data is encrypted in iCloud. What’s your view on that? Could this be an alternative to Cryptomator-encrypted onedrive folder? What do you think?

Thanks and regards. Markus

Not from my point of view. Sure, iCloud is encrypted, but the point is when this encryption is happening and by whom. The iCloud encryption is done on their server by Apple (no end to end encryption). So you hand over an unencrypted file to apple, and they encrypt it for you. That means they can read it, and of course they can decrypt it at any time without your knowledge. They can analyse your files etc. I do not want apple to know which insurance I have and which not (for example). Speaking for my self: I’d rather give them an already encrypted file so they are not able to read it. And that is what Cryptomator is build for.
Also benefit: you do not have to consider privacy issues while transferring your file to their servers, as the file is local encrypted.

Thank you very much for your response. This was also my point of view and the reason for choosing Cryptomator.

But if I understand this support article correctly there is an end to end encryption on iCloud:

What do you think?


From your link:

These features and their data are transmitted and stored in iCloud using end-to-end encryption:

* Apple Card transactions (requires iOS 12.4 or later)
* Home data
* Health data (requires iOS 12 or later)
* iCloud Keychain (includes all of your saved accounts and passwords)
* Maps Favourites, Collections and search history (requires iOS 13 or later)
* Memoji (requires iOS 12.1 or later)
* Payment information
* QuickType Keyboard learned vocabulary (requires iOS 11 or later)
* Safari History and iCloud Tabs (requires iOS 13 or later)
* Screen Time
* Siri information
* Wi-Fi passwords
* W1 and H1 Bluetooth keys (requires iOS 13 or later)

I can’t find something like files in the list and the fact that they don’t just write “everything” also increases my skepticism somewhat.

But even if it meant they were actually using it for files too, you’d still have to trust them (closed-source) to actually use it and not have access to the keys to decrypt it as well.

I searched quickly for “encrypted iCloud”. It seems like the iCloud are not end-to-end encrypted in the sense of that Apple still holds keys to decrypt them.

This means also, that you have to trust Apple that your key is never given to a third party.

A good insight gives the following article:

1 Like

Thanks a lot. So there’s no solution, unfortunately.

Today I had the call with the Apple software engineer. They will do nothing. From their perspective the problem is at Cryptomator side. I also was in contact with the Boxcryptor support. They actually use MacFuse but they realized that they have to improve their software due to already announced end of kernel extensions support by Apple. Hopefully Cryptomator will do the same. If you do not like to use MacFuse for security reasons (as me) you‘ll have to wait.

We already recieved a suggestion on our issue tracker: The macOS File Provider Framework.
As mentioned in the issue, we need to look into it for macOS, but for the new iOS-App we are already using it.

Update: Obviously the Apple support is not really reliable. Today I upgraded to Big Sur 11.3. and the issue is fixed from my point of view. I added some files to Cryptomator and I created a new folder by using Finder. Everything worked fine and the M1 MacBook Air did not crash. So I am very happy. (And a little bit concerned about Apples honesty in dealing with customers).

So my decision was good to not gain any safety risks by using MacFuse.