The "don't take naked pics if you don't want them online" argument is the "she was wearing a short skirt" of the web. Ugh.
— Lena Dunham (@lenadunham) September 1, 2014
Unlike Cole, I think this is pretty close to right. These celebrities who had their cloud data leaked were young people in long-distance relationships. I was young once, and I was in a LDR, and if we had smartphones, you’d be damn sure that we’d have been sending naked pictures back and forth. As far as I’m concerned, that’s natural and expected behavior for people in those kinds of relationships.
So, I’m not looking at this as some failure of self-control, but rather a failure of security at Apple, and a general failure of the cloud providers to give users a clear picture of what they’re storing online from their phones.
This breach appears different from other recent celebrity “hacks” in that it used a near-zero-day vulnerability in an Apple cloud interface. Instead of using social engineering or some low-tech research to gain control of the victims’ cloud accounts, the attacker basically bashed in the front door—and Apple didn’t find out until the attack was over. While an unusual, long, convoluted password may have prevented the attack from being successful, the only real defense against this assault was never to put photos in Apple’s cloud in the first place. Even Apple’s two-factor authentication would not have helped, if the attack was the one now being investigated.
Because Apple and other devices automatically upload so much to the cloud, by default—including full phone backups, which, if an account is compromised, could be downloaded by an attacker onto another device—these personal cloud services are particularly dangerous. Their usability in terms of content management is poor at best—does anybody really know what’s sitting in Apple’s or Google’s data stores from their phones? This, combined with ongoing threats like carefully-crafted phishing attacks and large-volume password cracking, makes it especially hard to protect mobile data in a world where everything on your phone is already on the Internet, protected only by your login credentials.
I have a Google device, and the rest of my family has Apple devices. Apple pushes cloud backup harder than Google, and from what I can tell, Apple’s cloud backup is less predictable than Google’s, but both of them don’t have a real clear way to opt certain pictures or videos out of the cloud. Google has an “incognito mode” on its Chrome browser – what’s needed here is an “incognito mode” for pictures and videos. Images taken in this mode would stay only on the device, and only be sent to places the phone owner sends them. If some jilted lover releases a picture to the Internet, we can blame the judgment of the person who sent the picture to an undeserving asshole. But when some hacker can get at pictures that were never meant to be anywhere other than someone’s personal device, then the blame for that should rest squarely with Apple.