iCloud is great, but worrisome too

Am I worried for nothing? Say I create a new document and start writing sensitive information in it, like important passwords, social security numbers, or things about which I have signed a NDA of some sort. Then I save the document locally on my computer. Nothing should have leaked outside of my computer, shouldn’t it? True in general, but not if you have Mountain Lion with iCloud turned on, since all your “unsaved” documents are now always autosaved to iCloud now.

Apple is making it difficult to not send your data to Apple. Your document might include data that someone else entrusted to you. Are you breaking those people’s trust by putting the data on iCloud?

How does that affects your responsibility in case it leaks somewhere? I’m pretty sure the iCloud terms of service ensure Apple will not be liable if some hacker find a way to get into your account, if a disgruntled employee gets bribed, or if the government of the country that hosts the data center decides it wants to do something with it. In the end, if any of this sensible data leaks, I’ll be the one at fault for sending a copy far away, outside of my control in a foreign jurisdiction.

Here’s my advice: don’t put anything on iCloud (or other storage services) that would cause problems if it was disclosed to the public, or spied upon by your competitor. On Mountain Lion, that means you should save your document locally before writing anything sensitive in it. Me, I’m just keeping iCloud turned off, it’s simpler.

More worrying to me is the general trend of casually storing things using online services like iCloud/DropBox/SkyDrive/Google Drive. I believe most people out there don’t realize the implications of using online storage. I worry for their personal data. I worry too about my own sensitive data I’m disclosing to other people I know, people who might be scattering this data around the internet without realizing they are each time making it accessible to a third party who has no liability if they fail to keep things confidential.


Follow-ups


  • © 2003–2017 Michel Fortin.