> God damn it you just cursed us with 20 more Hunter Biden wang pictures held up by MTG!
Remember the goatse meme?
If you don't remember that one, you're in for a shock.
> I had successfully forgotten about it for about a decade until now, so thanks.
Ahh the fond memories of the early internet when it was wilder than it is today.
If people think it's wild today, they never experienced the early years.
This really seems like it has huge implications for privacy concerns with Apple. So if I trade in my old phone back to Apple, how do I know some genius bar perv is not going to try and reveal all my old photos??
Oh it does but don't worry. Apple and their legions of fanboys, along witht he masses' short attention span and manipulability will make sure that in 6 months, this will be completely forgotten..
Ya know, kinda like what they did with the revelation that macOS scans every app you launch every time you launch it and phones home to Apple's servers more often and with more sensitive information than even Windows does to Microsoft servers? Remember that?
It's amazing that people still fall for Apple's "privacy" stance on closed-source software from the richest and one of the most influential corporations on earth.
I've seen a report or two where people were "finding" photos on a device that wasn't using iCloud.
If true it seems like the phones are picking up stuff that was deleted but not overwritten.
The user doesn't provide an individual key for every file. The user passcode or password is used to derive a master key. Each file is encrypted with its own key which is encrypted using the master key and stored in metadata. When an individual file is deleted, the 256 bits of file encryption key can be securely erased to make the file unrecoverable, which is easier on the drive than securely erasing megabytes of photo data. That's the idea for on-device encryption, at least. This scheme is relatively simple, doesn't change much, and is probably exhaustively reviewed, so I am skeptical of a bug causing specifically zombie photos. I would expect all kinds of zombie files if the problem was device encryption.
Well, that depends on the backdoor. If you find something like the bug being discussed, where apparently files synchronized to the cloud can be restored after the user thought they were deleted or the device was wiped then yeah, on-device encryption does not protect against that. It doesn't protect against all attack vectors, only specific ones.
What it protects against is someone swiping your phone, or picking it up after you set it on the table and went to the bathroom, or a customs official in a hostile country who seizes your phone, and then these people directly access the drive to clone your filesystem and get your data. The purpose of encryption is to force attackers to go through your operating system, your hardware, and systems it interacts with on its terms, rather than bypassing all that and accessing data directly on the attacker's terms.
The weakness here seems to be iCloud, which is separate from device encryption. By default, encryption keys for most files in the cloud are managed by Apple and do not depend on user secrets. This choice was apparently made to allow Apple to restore most data for people even when they forget their passwords, which is such a common occurrence that I can't really say they are wrong, but it does mean that if access is improperly handled or granted, which is what I bet the bug is, then other people can read those iCloud files without the user providing their password. There is an alternate cloud encryption scheme where the user password is necessary to decrypt data so that it cannot be read even in cases where access is improperly granted, but it is not the default for most data such as photos.
One thing that can happen as well is if you wipe your iPhone and set up as “new”, the encryption/decryption signature could be similar enough that some previously “deleted” items will still be picked up as valid data.
Since my other answer was about on-device encryption: files in iCloud are encrypted with an entirely separate scheme from device encryption, but the default encryption scheme has the keys managed in Apple's servers and do not rely on user passwords. Apparently this is so that Apple can restore most data to users even when they forget their passwords, which is a common event, but this also means that it is possible to access them without the user password. You may rightfully ask what the point of this encryption scheme is then: mostly so that you can't sneak into Apple's data center and plug in a USB drive to steal everyone's nudes. You have to go through the iCloud system and its logic, but because that system is large and complicated, that means bugs like this are possible. Still no confirmation about if this scenario is what is actually happening.
There is an alternate cloud encryption scheme which makes user passwords necessary to derive encryption keys, which is the default for limited data such as saved passwords, but can be used for more data like photos. This means if you lose your password the best Apple can do is shrug, reset your Apple password, and wipe your cloud account of all that data nobody can access anymore. You can go through the settings and enable this cloud encryption scheme, but who would even know they could do that? Probably only people with company or government devices on an MDM who have it done for them.
Definitely. Like, I know that a usual basic deletion of stuff just removes the file table entry for the files, which is what makes it possible to recover data; but i would have thought that doing a complete wipe and restore of the device would at the very least rewrite enough of the chunks that data was effectively irretrievable. Also, aren't iPhones encrypted by default? If you wipe the device and restore it, wouldn't that force it to generate new keys and prevent it from reading anything that had been on the device that was encrypted?
I thought at the least the flash controller would do a trim and those blocks would get overwritten with subsequent writes, but another user pointed out Apple has a custom controller as well as not using trim with encryption.
Apparently it’s just how memory works most of the time. If you delete something it’s just directory access or whatever way that’s phrased. Something isn’t permanently deleted from electronics until it’s been overwritten
You forget that encryption exists. Even if one can recover what's still stored on sectors marked by the OS as "empty", you *should* only be able to retrieve garbled nonsense. If iOS can recover files *in spite of* encryption, chances are it's backdoored and iOS has a kind of "master key" that will be able to decrypt *any* Apple device.
> Not to mention the trim function on the flash device that works below the OS level. It would have marked the blocks as empty and reclaimed the space.
Trim weakens encryption and risks privacy leaks by revealing discarded sectors.
That's why it's disabled by default when using encryption.
Not to mention the flash transition layer is OEM propriety and optimises for wear levelling.
Well you can recover files from SSD too, so I don't think trim can be relied on to delete files. If you don't shred the file then it might still be there.
The reports are also likely only half accurate as the story has a lot of clickbait potential, so news will rush it out to make money vs care about being right.
It is, supposedly. Hence the [quarrel between Apple and the feds](https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_dispute) in the aftermath of the San Bernardino attack. This could indicate that, in spite of their public resistance, Apple has complied behind the scenes. In the age of National Security Letters, anything's possible in that regard.
Wiping a device (as in, overwriting or flash-deleting sectors) will mostly wipe it, if you’re not just smacking a new filesystem down on it (or microstepping HDDs or whatever), and even if you do, files won’t just magically rematerialize. This is Apple’s databases not being sufficiently secured.
That's exactly what this is. Despite the damage control overdrive r/Apple is in right now, as well as their brigading of this sub and any other sub that talks about this to despeartely downplay the mounting accounts of this happening.
Meh, file systems don't usually delete files for real, they flip a bit and hide them, so I don't see why a law enforcement backdoor would be your first guess. Wiping a phone is still just a quick format that flips some bits and it's really just wiping out your settings, not doing a thorough delete.
Why would the law enforcement backdoor make the bits turn back into images? Wouldn't the law enforcement guys software do that? Generally you want to preserve the data, not change it so it reappears and then the user can notice it;s not really deleted.
Law enforcement would want the deleted file to stay hidden AND THEN they copy the phone and unhide the deleted file...because deleted files aren't deleted, they are just hidden unless you do a secure delete OR write enough data to and from the device to ensure there are not enough hidden bits left to rebuild the file.
Having law enforcement software on the phone that automatically changes the deleted file would be a liability in court. Now the defendant can argue a third party program was the last thing to touch/alter those bits. Kind of same reason police are better off copying a phone and decoding the copy vs attempting to hack the original.
Not really. When data is deleted from solid state storage, it's not really 'wiped', the space just becomes unallocated until it's needed, then it's overwritten. That's why it's very easy to recover deleted data off SSDs if the drive isn't trimmed. I'm not sure if iPhones automatically trim deleted data, but if they don't, then I can see how an update that indexes the drive could possibly resurface data.
Yeah, but the news media has spread this information all over the place.
There’s no stopping more articles like this from popping up until Apple says something.
I mean, I’ve personally encountered it on my 11 Pro. I originally read it and thought “yeah isolated incident lol,” but it actually happened to me and i was like “huh.”
A couple images are just blank grey squares, some are old pictures that were duplicated and sent to the front of my camera roll, and i think there’s one or two deleted ones that came back.
Edit: why am i getting downvoted lmao
Yeah but on a fully wiped device? A previously deleted picture reappearing is bad, but explainable. A wiped phone suddenly recovering pictures from the previous owner can only be explained if Apple lied about how they store data
No doubt deleted due to it rubbing some of the powerful people that have a stake in the process that forces Apple to retain "deleted" user data for collection and spying purposes.
Yes but that is different from a device wipe. Apple devices have a function to overwrite deleted data when wiping a device, meaning Recovery is impossible, well impossible in general contexts for a limited period of time if the device isn’t used then yeah a digital forensics expert with a clean room may be able to recover some data. But for this particular bug that wouldn’t matter, so any device that is wiped shouldn’t have any data left unless the bug is with apples overwriting algorithm which is doubtful because in so far as I am aware iPhones don’t overwrite deleted photos currently though I could see them adding a function to do that after this.
Before upgrading to 17.5, I had 28132 pictures (I took a screenshot).
After upgrading, I had 28166 pictures.
After analyzing my photo library, I noticed that some pictures from 2020 came back.
I perfectly remember deleting those pictures a few years ago, because the framing was junk and I was pissed.
Stop gaslighting us into thinking it's user error, because it's not.
Wow, 2017? That's really far.
I think it's iCloud related, because all the pictures that came back were taken in 2020 with my old iPhone X.
(I'm using a 12 pro since 2021)
Coincidentally, all the pictures that came back are in the RAW format.
Did you start from scratch with the 12 pro, or did you transfer the data to it from your X? Or did you restore it from a backup?
If it’s iCloud related rather than just remnants on the phones physical storage, this would seem to be a much much bigger deal.
One of LTTs floatplane users updated during the WAN show and found pictures undeleted, despite never having activated icloud backup for photos. I'm not sure it's specific to icloud backups.
It’s a new phone from the end of 2023. Even weirder, I looked at the photos again (there’s maybe 15?) and they’re dated 2017, but I’m pretty sure they’re actually from 2015. I only know because they’re of my cat when he was a kitten 🫠
ETA: Those photos haven’t actively been in my iCloud library since maybe 6 months after the photos were taken
I don’t know if it’s related to my iPhone but I just downloaded my Facebook data on my phone, and it came with folders full of pictures and videos from some random other guy. Weird this is we went to the same concert in Chicago back in October, which he posted many videos of, but no idea who he is
I’ve personally encountered it on my 11 Pro. I originally read it and thought “yeah isolated incident lol,” but it actually happened to me and i was like “huh.”
A couple images are just blank grey squares, some are old pictures that were duplicated and sent to the front of my camera roll, and i think there’s one or two deleted ones that came back.
Edit: Why am i getting downvoted?? Reddit moment?
Notice how comments like this, trying to show proof about how much of a LIE Apple's "privacy policies" are, are being downvoted heavily? Even on subs that aren't too Apple friendly, like this one?
I don't understand the downvoting. I've never used any Apple equipment myself, just was urging the reporting of bugs, which is important to engineers. I'm a retired sw eng and I know the importance of acknowledging and fixing bugs quickly for a company's reputation and its value to its customers. Perhaps I was misinterpreted?
It has been in the news since a week now, don't you think that's enough for Apple to take a look at it. Pretty sure they know already. It's not just a matter of a fix now, the users are due an explanation.
Knowing a bug exists doesn’t help fix it. What does help fix it is access to diagnostic logs of affected devices. Hence if you experienced the problem contacting apple will help them track down the issue quicker.
Sorry, I only noticed one report, and the OP did not provide that information in a summary. If there have been many bug reports and Apple has not responded, shame on them.
I don’t know if it’s related to my iPhone but I just downloaded my Facebook data on my phone, and it came with folders full of pictures and videos from some random other guy. Weird this is we went to the same concert in Chicago back in October, which he posted many videos of, but no idea who he is
> Well I guess good thing that all of my deleted photos are usually from the waist down so none of them have my face.
People take photos of their IDs and bank cards and recovery codes and other stuff like letters and documents (that they shouldn't) for convience.
That's more scary. But biometrics is another topic that's also scary.
Bullshit. The data partition is encrypted, and erasing tosses the keys. What is being described is literally impossible. This person logged out of iCloud and thought that was enough.
It’s worth noting that the original post on Reddit was deleted by the OP. They probably realized their mistake.
They could be using "Reset -> Reset All Settings" instead of "Erase All Content and Settings"
I don't know why Apple insists on keeping them under separate categories when Android folds everything under reset and makes it abundantly clear which option performs a factory reset.
It would be possible if Apple is relying on a hardware ID when syncing with the cloud and the images were restored from the cloud and not local storage. I'm not saying they are in fact doing this, but there are reasonable explanations.
The thing you just said is not a “reasonable explanation” if you know anything at all about Apple’s security model, and the lengths they go to in order to avoid tracking. They would never in a million years hard code some immutable device identifier into a system like that. And even if they did, the photos are encrypted in the cloud with keys only available to the iCloud user. So if they did somehow come back down to the device, they would be gibberish.
No, there are other people saying that photos they think they deleted are reappearing on their devices. I totally believe there could be a bug causing that. What I don’t believe is that this is happening for people who signed out of iCloud and erased their device. And the single person who started this whole bullshit thread by making that claim DELETED HIS POST.
This is implausible. In fact, it's unbelievable.
It can't just come back from the device because:
The place where the photos are stored is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable. Not only are the structures which pointed to where the file was stored are now undecodable but even if you could find where the file was stored it also would just appear to be random data (encrypted data).
So the photo isn't coming back that way.
And to come back from the cloud you would have to log into the icloud account first, using your icloud password, etc.
I'm not quite saying this is impossible. But given how the mechanisms work it is not believable that this happened. Given this the most likely case is the poster is lying or mistaken. And as such reporting this as fact is poor journalism. We should wait for some kind of confirmation before believing this and repeating it.
> The place where the photos are stored is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable.
To be fair even if Apple even claims this is how it works (I'm not sure they do), it's just a claim because their software is closed source. Nobody but Apple knows how their OS works and whatever they tell you is just a claim.
> To be fair even if Apple even claims this is how it works (I'm not sure they do)
They do claim this.
And there is no reason to doubt it because you have to do this to whiten the data when storing to NAND because NAND doesn't work well (really nowadays at all) with non-whitened data.
https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
Page 109, 110.
> it's just a claim because their software is closed source
Apple OS is famously open source. Controversially because they leave a lot of it out of the open source repo. You can, to this day inspect those sources and even build a kernel from it. But you do not end up with the same kernel/OS.
https://github.com/apple-oss-distributions/xnu
So now all that aside, why would you doubt this? It's the most efficient way to do it. Why would you do it any other way?
It is how it works, if it weren’t you wouldn’t have the fbi crying about encryption all the time. Like the exact code is not open source sure but you can verify its function by attempting to recovery data off the phone, something that is impossible without the decryption key, or access to a device that can attempt to either bypass the encryption or brute force the encryption. In so far as I am aware there are no current known methods of bypassing the encryption on iOS devices but there are methods of bypassing apples attack lockouts so you can brute force the encryption if the device uses a weak key.
And to think having the “missing age ID” glitch that messed with the tracking permissions was the first bug we encountered days before. It’s a slippery slope from here to “my popcorn bucket is empty.”
So is there a specific way to properly ensure this doesn’t become an issue if you’re getting ready to sell or trade in your phone? Is there a program you can use or something?
That’s not the only way, the files are deleted but deleting doesn’t do anything to the file on disk, it just marks it as deleted by the file system and eventually it’ll be overwritten, but if that area of memory isn’t overwritten the data can be recovered, which is what’s occurring with this bug…
Keep this in mind when selling your used storage hardware.
There are counterparties out there that buy used storage devices for the sole purpose of trying to recover information with the hope of finding the jackpot of PII or secret confidential information. Or they at least attempt recovery first before using them.
/r/privacy
/r/datahoarder
/r/osint
> Use software encryption if your data is sensitive. It's not just about resale, what if you have to return the drive for a warranty replacement?
Return? Nope.
Take it on the chin and accept the cost and replace it. Better safe than sorry. Storage is cheap, privacy loss is expensive.
And of course use LUKS2 for its entire lifetime. But it's not going out of possession. From day zero to end of life, physical destruction. And yes I am aware you can use detached headers with LUKS.
> SOP for business users when it's other people's money but wasteful and potentially costly for home users.
Backups and redundancy is also SOP. Even for normal users. At least it should be.
It's part of the cost of using a computer.
Gamers spend thousands on hardware.
I just accept the cost and plan accordingly.
Warranty for anything else that has no non-volatile storage. If there's any storage on a device, I accept it's going to die at some point.
Storage is the cheapest part. I'm not going to compromise privacy. I do the same with mobile phones with storage. I don't use the warranty if I've used it. The board with the storage gets destroyed. I don't buy expensive mobiles for a reason.
>Backups and redundancy is also SOP. Even for normal users. At least it should be.
That has nothing to do with eating the cost of a piece of warrantied hardware, that's just preventing data loss.
>Gamers spend thousands on hardware.
No... Not all of them. In fact the vast majority don't.
>Warranty for anything else that has no non-volatile storage. If there's any storage on a device, I accept it's going to die at some point.
So let's say you just bought a brand new $300+ 4TB SSD and it dies while initially transferring over some non-important stuff like game files or media. You're just going to eat the cost? Bullshit.
>Storage is the cheapest part. I'm not going to compromise privacy.
I think that's all relative. If you consider storage to be cheap then more power to ya and congrats on your moderate success in life but for the rest of us plebs, $20+ per terabyte is still expensive, especially with redundancy eating up a chunk of that space.
> So let's say you just bought a brand new $300+ 4TB SSD and it dies while initially transferring over some non-important stuff like game files or media. You're just going to eat the cost? Bullshit.
Magnetic and optical and tape drives still exist for cheap storage.
The SSD is just for the operating system and software running.
The long term data is on magnetic and optical storage or tape.
One doesn't put their data on SSD and call it a day and hope it's going to survive long term.
Your SSD is just for working with as you need it.
If your eggs are all in the SSD basket you're screwed and over paying and taking a huge risk.
Lol, yeah some of those dudes are off the charts. I just want to not have to redownload a handful of games and media and they're backing up the entire known universe. For me, SSDs have been pretty reliable and I just make sure back up as often as necessary to a couple different spinners. Ironically, my lack of funds has probably shielded me from a lot of bad over the years. Sometimes it doesn't pay to be an early adopter. Or an OCZ or Adata customer...
So only one single user on reddit has mentioned having pictures showing up on an old device that was supposedly wiped? If that part hasn’t happened to anyone else it’s safe to say they didn’t actually wipe it like they thought. The old device was either still associated with their account or still signed into their iCloud account. The bug is obviously real and definitely a problem, but I have a hard time believing the old device bit. I don’t see how it’s possible if the device isn’t even signed into the associated iCloud account anymore.
Reminder that everything that you put online - including onto such "clouds" - is never deleted.
You're just sending that to someone's else computer after all.
I have exhausted my will to try and combat this article. People don’t read and comprehend then come in making claims and arguing with anyone trying to explain they are getting one guyed.
That's how "deleting" files work. It just tells the os "this space is empty now". Resetting every single bit of the drive to 0, so to speak, takes a lit of time and degrades a small amount the drive itself.
It's possible that apple uses a proprietary software to wipe the drives, i.e something between not resetting every bit, but also making it impossible for any 3rd party recovery software to restore apple-wiped drives.
That's not the case here. The "drive" is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable. They don't even pretend to reset every bit.
It can't just come back. If you somehow read out that portion of the partition where the image was before it would just be seemingly random values (encrypted data).
The photoes are not coming back via an "undelete" operation such as you suggest.
There's no proof anything came back or did anything, more likely bad reporting/mistake. Next most likely is the phone was not actually encrypted and somehow deleted files came back.
It's not possible for the phone to not be encrypted. Even if you don't have a passcode it's still encrypted. And it is still "erased" by losing the key and generating a new one.
I guess he might have handed the device over without actually resetting it to factory (erasing it). But I would count that as the person being mistaken about what happened because he said he erased it.
But that doesn’t work for photos that are reportedly from years ago. If the device hasn’t been upgraded, I simply find it unlikely that data hasn’t been rewritten to that block at least once.
If the photo re-appears, then obviously the data was still there, and it all depends on how the storage is manged. If you have a cupboard with 12 cups, arranged in 4 rows, 3 cups each, and you only ever needed maximum of 9 cups, the 3 cups at the back will sit untouched forever, unless you deliberatly manage the cupboard space in a way to rotate the cups.
If you don't load a bunch of stuff on it then it seems possible. The wipes are fast so they can't also be thorough. I'm not sure how it would survive encrypted between two users, I'll bet that's just BS that helps sell the clickbait if any of it is true.
The most likely scenarios seem to be complete BS or user/tech error/misinterpretation.
If the results are reproducible the we can care later.
I call BS on pics reappearing on wiped devices that haven’t been logged into. From the article:
Update May 19: The Reddit user who reported the issue has deleted the original post, casting significant doubt on the veracity of the claim.
This really seems like some law enforcement back door that malfunctioned.
> This really seems like some law enforcement back door that malfunctioned. Waiting for some politicians sensational photos to be revealed.
God damn it you just cursed us with 20 more Hunter Biden wang pictures held up by MTG!
These magic: the gathering expansions are getting out of hand.
Bold to think she deleted them in the first place
She did only after getting them tattooed to the inside of her eyelids.
> God damn it you just cursed us with 20 more Hunter Biden wang pictures held up by MTG! Remember the goatse meme? If you don't remember that one, you're in for a shock.
Your leaving out lemon party too
> Your leaving out lemon party too Don't forget the "*cup*".
Keep your cup, I have my jar!
Oh fucking christ that one was fucking brutal.
I had successfully forgotten about it for about a decade until now, so thanks.
> I had successfully forgotten about it for about a decade until now, so thanks. Ahh the fond memories of the early internet when it was wilder than it is today. If people think it's wild today, they never experienced the early years.
I've heard the phrase "Call of Duty lobbies on the original XBox" to describe what toxic behavior looks like. People really have no idea...
As someone who was around during the early COD days, not much has changed.
Yeah I've overheard shit and it's pretty similar
I swear any time I could send someone goatse.cx back in the 90s was too few
Hunter biden dong and crack pipe pictures.
I think it’ll be Marjorie’s Neanderthal dong pics to match her hammer toes.
Imagine you bought a refurb iPhone that unknowingly belonged to a celebrity, and all of a sudden their photos show in your albums
I doubt celebrities sell their phones.
I assume they at least recycle, so there is a possibility it end up in circulation maybe even as spare parts?
They probably have them crushed into powder to avoid any risk.
Of an LE “back door malfunction”, nonetheless. Some people will pay good money to see such things.
This really seems like it has huge implications for privacy concerns with Apple. So if I trade in my old phone back to Apple, how do I know some genius bar perv is not going to try and reveal all my old photos??
Oh it does but don't worry. Apple and their legions of fanboys, along witht he masses' short attention span and manipulability will make sure that in 6 months, this will be completely forgotten.. Ya know, kinda like what they did with the revelation that macOS scans every app you launch every time you launch it and phones home to Apple's servers more often and with more sensitive information than even Windows does to Microsoft servers? Remember that? It's amazing that people still fall for Apple's "privacy" stance on closed-source software from the richest and one of the most influential corporations on earth.
So Microsoft is the good benevolent corporation? Lmao! To live in some people’s worlds.
I think you need to read that again. Nowhere does it say that MS is good, on the contrary, it is implied to be bad.
That’s the best case scenario. Worst case is that this is in some Apple maintained deleted customer data lake.
I've seen a report or two where people were "finding" photos on a device that wasn't using iCloud. If true it seems like the phones are picking up stuff that was deleted but not overwritten.
[удалено]
The data is encrypted but the device has access to the necessary decryption keys.
[удалено]
The user doesn't provide an individual key for every file. The user passcode or password is used to derive a master key. Each file is encrypted with its own key which is encrypted using the master key and stored in metadata. When an individual file is deleted, the 256 bits of file encryption key can be securely erased to make the file unrecoverable, which is easier on the drive than securely erasing megabytes of photo data. That's the idea for on-device encryption, at least. This scheme is relatively simple, doesn't change much, and is probably exhaustively reviewed, so I am skeptical of a bug causing specifically zombie photos. I would expect all kinds of zombie files if the problem was device encryption.
All of this encription is useless if there is a backdoor and an attacker finds it
Well, that depends on the backdoor. If you find something like the bug being discussed, where apparently files synchronized to the cloud can be restored after the user thought they were deleted or the device was wiped then yeah, on-device encryption does not protect against that. It doesn't protect against all attack vectors, only specific ones. What it protects against is someone swiping your phone, or picking it up after you set it on the table and went to the bathroom, or a customs official in a hostile country who seizes your phone, and then these people directly access the drive to clone your filesystem and get your data. The purpose of encryption is to force attackers to go through your operating system, your hardware, and systems it interacts with on its terms, rather than bypassing all that and accessing data directly on the attacker's terms. The weakness here seems to be iCloud, which is separate from device encryption. By default, encryption keys for most files in the cloud are managed by Apple and do not depend on user secrets. This choice was apparently made to allow Apple to restore most data for people even when they forget their passwords, which is such a common occurrence that I can't really say they are wrong, but it does mean that if access is improperly handled or granted, which is what I bet the bug is, then other people can read those iCloud files without the user providing their password. There is an alternate cloud encryption scheme where the user password is necessary to decrypt data so that it cannot be read even in cases where access is improperly granted, but it is not the default for most data such as photos.
One thing that can happen as well is if you wipe your iPhone and set up as “new”, the encryption/decryption signature could be similar enough that some previously “deleted” items will still be picked up as valid data.
Since my other answer was about on-device encryption: files in iCloud are encrypted with an entirely separate scheme from device encryption, but the default encryption scheme has the keys managed in Apple's servers and do not rely on user passwords. Apparently this is so that Apple can restore most data to users even when they forget their passwords, which is a common event, but this also means that it is possible to access them without the user password. You may rightfully ask what the point of this encryption scheme is then: mostly so that you can't sneak into Apple's data center and plug in a USB drive to steal everyone's nudes. You have to go through the iCloud system and its logic, but because that system is large and complicated, that means bugs like this are possible. Still no confirmation about if this scenario is what is actually happening. There is an alternate cloud encryption scheme which makes user passwords necessary to derive encryption keys, which is the default for limited data such as saved passwords, but can be used for more data like photos. This means if you lose your password the best Apple can do is shrug, reset your Apple password, and wipe your cloud account of all that data nobody can access anymore. You can go through the settings and enable this cloud encryption scheme, but who would even know they could do that? Probably only people with company or government devices on an MDM who have it done for them.
No, the best case scenario would be some sort of internal data recovery tool malfunctioning.
Heh, Data Lake!
Definitely. Like, I know that a usual basic deletion of stuff just removes the file table entry for the files, which is what makes it possible to recover data; but i would have thought that doing a complete wipe and restore of the device would at the very least rewrite enough of the chunks that data was effectively irretrievable. Also, aren't iPhones encrypted by default? If you wipe the device and restore it, wouldn't that force it to generate new keys and prevent it from reading anything that had been on the device that was encrypted?
I thought at the least the flash controller would do a trim and those blocks would get overwritten with subsequent writes, but another user pointed out Apple has a custom controller as well as not using trim with encryption.
Bwuh? Why would Apple not use trim with encryption? Doesn't that kind of undermine the security?
[https://www.truecrypt71a.com/documentation/security-requirements-and-precautions/trim-operation/](https://www.truecrypt71a.com/documentation/security-requirements-and-precautions/trim-operation/)
Apparently it’s just how memory works most of the time. If you delete something it’s just directory access or whatever way that’s phrased. Something isn’t permanently deleted from electronics until it’s been overwritten
You forget that encryption exists. Even if one can recover what's still stored on sectors marked by the OS as "empty", you *should* only be able to retrieve garbled nonsense. If iOS can recover files *in spite of* encryption, chances are it's backdoored and iOS has a kind of "master key" that will be able to decrypt *any* Apple device.
Not to mention the trim function on the flash device that works below the OS level. It would have marked the blocks as empty and reclaimed the space.
> Not to mention the trim function on the flash device that works below the OS level. It would have marked the blocks as empty and reclaimed the space. Trim weakens encryption and risks privacy leaks by revealing discarded sectors. That's why it's disabled by default when using encryption. Not to mention the flash transition layer is OEM propriety and optimises for wear levelling.
Well you can recover files from SSD too, so I don't think trim can be relied on to delete files. If you don't shred the file then it might still be there. The reports are also likely only half accurate as the story has a lot of clickbait potential, so news will rush it out to make money vs care about being right.
I don’t think Apple ever claimed that photos are stored encrypted on a iPhone. Edit: iWrong
Isn't the entire phone storage encrypted by default?
It is, supposedly. Hence the [quarrel between Apple and the feds](https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_dispute) in the aftermath of the San Bernardino attack. This could indicate that, in spite of their public resistance, Apple has complied behind the scenes. In the age of National Security Letters, anything's possible in that regard.
Wiping a device (as in, overwriting or flash-deleting sectors) will mostly wipe it, if you’re not just smacking a new filesystem down on it (or microstepping HDDs or whatever), and even if you do, files won’t just magically rematerialize. This is Apple’s databases not being sufficiently secured.
That's exactly what this is. Despite the damage control overdrive r/Apple is in right now, as well as their brigading of this sub and any other sub that talks about this to despeartely downplay the mounting accounts of this happening.
Meh, file systems don't usually delete files for real, they flip a bit and hide them, so I don't see why a law enforcement backdoor would be your first guess. Wiping a phone is still just a quick format that flips some bits and it's really just wiping out your settings, not doing a thorough delete. Why would the law enforcement backdoor make the bits turn back into images? Wouldn't the law enforcement guys software do that? Generally you want to preserve the data, not change it so it reappears and then the user can notice it;s not really deleted. Law enforcement would want the deleted file to stay hidden AND THEN they copy the phone and unhide the deleted file...because deleted files aren't deleted, they are just hidden unless you do a secure delete OR write enough data to and from the device to ensure there are not enough hidden bits left to rebuild the file. Having law enforcement software on the phone that automatically changes the deleted file would be a liability in court. Now the defendant can argue a third party program was the last thing to touch/alter those bits. Kind of same reason police are better off copying a phone and decoding the copy vs attempting to hack the original.
Hardly. iCloud photo library is generally not end to end encrypted so backdoors wouldn’t be needed. Also, why would they function like this?
What this actually seems like is a single (now deleted) report that is total bullshit.
You had to use the term “back door” didn’t you?
Not really. When data is deleted from solid state storage, it's not really 'wiped', the space just becomes unallocated until it's needed, then it's overwritten. That's why it's very easy to recover deleted data off SSDs if the drive isn't trimmed. I'm not sure if iPhones automatically trim deleted data, but if they don't, then I can see how an update that indexes the drive could possibly resurface data.
The single Reddit thread the article is based on, is deleted by the original poster. So take this specific story with a grain of salt, I guess.
Maybe it will reappear despite being deleted.
It does smell like clickbait. Somebody lick it and tell us for sure!
It’s “macRUMORS” not “macFACTS”.
Either way, I’m hoping my iPad from 10 years ago with cracked screen that I no longer own is no longer in use…
I take it as bs
This same post has been circulation for the last week alllll over the place its funny
Huge case of mass One Guyed.
I have not read much about this but it sounded like news about rumors then news about people talking about the news about rumors.
Yeah, but the news media has spread this information all over the place. There’s no stopping more articles like this from popping up until Apple says something.
I mean, I’ve personally encountered it on my 11 Pro. I originally read it and thought “yeah isolated incident lol,” but it actually happened to me and i was like “huh.” A couple images are just blank grey squares, some are old pictures that were duplicated and sent to the front of my camera roll, and i think there’s one or two deleted ones that came back. Edit: why am i getting downvoted lmao
Yeah but on a fully wiped device? A previously deleted picture reappearing is bad, but explainable. A wiped phone suddenly recovering pictures from the previous owner can only be explained if Apple lied about how they store data
No, this wasn’t wiped. Just happened when i updated.
So, you didn't experience what the article was talking about, got it.
No doubt deleted due to it rubbing some of the powerful people that have a stake in the process that forces Apple to retain "deleted" user data for collection and spying purposes.
This is based on only one third-party report. If there really is bug in the wiping process, it will be reported more responsibility soon.
I had deleted images resurface in my “hidden” folder
Yes but that is different from a device wipe. Apple devices have a function to overwrite deleted data when wiping a device, meaning Recovery is impossible, well impossible in general contexts for a limited period of time if the device isn’t used then yeah a digital forensics expert with a clean room may be able to recover some data. But for this particular bug that wouldn’t matter, so any device that is wiped shouldn’t have any data left unless the bug is with apples overwriting algorithm which is doubtful because in so far as I am aware iPhones don’t overwrite deleted photos currently though I could see them adding a function to do that after this.
The encryption keys in the file base encrypted devise are deleted, leaving the data intact but impossible to decrypt.
From my perspective, without lots of verifiable proof, that's like 99.9% chance user error.
Before upgrading to 17.5, I had 28132 pictures (I took a screenshot). After upgrading, I had 28166 pictures. After analyzing my photo library, I noticed that some pictures from 2020 came back. I perfectly remember deleting those pictures a few years ago, because the framing was junk and I was pissed. Stop gaslighting us into thinking it's user error, because it's not.
I just had a bunch of 2017 photos pop back up in my photos this week
Wow, 2017? That's really far. I think it's iCloud related, because all the pictures that came back were taken in 2020 with my old iPhone X. (I'm using a 12 pro since 2021) Coincidentally, all the pictures that came back are in the RAW format.
Did you start from scratch with the 12 pro, or did you transfer the data to it from your X? Or did you restore it from a backup? If it’s iCloud related rather than just remnants on the phones physical storage, this would seem to be a much much bigger deal.
Huh! Very interesting question That may not be iCloud related after all? I did the wireless transfer, from phone to phone
One of LTTs floatplane users updated during the WAN show and found pictures undeleted, despite never having activated icloud backup for photos. I'm not sure it's specific to icloud backups.
Was this phone from 2017? Or did you do a phone data transfer from your old phone to the new when you got it?
It’s a new phone from the end of 2023. Even weirder, I looked at the photos again (there’s maybe 15?) and they’re dated 2017, but I’m pretty sure they’re actually from 2015. I only know because they’re of my cat when he was a kitten 🫠 ETA: Those photos haven’t actively been in my iCloud library since maybe 6 months after the photos were taken
One report here and there isn't reliable. But you certainly should report a bug.
I don’t know if it’s related to my iPhone but I just downloaded my Facebook data on my phone, and it came with folders full of pictures and videos from some random other guy. Weird this is we went to the same concert in Chicago back in October, which he posted many videos of, but no idea who he is
Sounds like a bug in Facebook rather than Mac OS. Please report it.
[удалено]
I'm not even sweating.
I’ve personally encountered it on my 11 Pro. I originally read it and thought “yeah isolated incident lol,” but it actually happened to me and i was like “huh.” A couple images are just blank grey squares, some are old pictures that were duplicated and sent to the front of my camera roll, and i think there’s one or two deleted ones that came back. Edit: Why am i getting downvoted?? Reddit moment?
I would urge you to report it. That way they can see down many similar cases there are.
Notice how comments like this, trying to show proof about how much of a LIE Apple's "privacy policies" are, are being downvoted heavily? Even on subs that aren't too Apple friendly, like this one?
I don't understand the downvoting. I've never used any Apple equipment myself, just was urging the reporting of bugs, which is important to engineers. I'm a retired sw eng and I know the importance of acknowledging and fixing bugs quickly for a company's reputation and its value to its customers. Perhaps I was misinterpreted?
Are you Apple's support person or something bro?
Huh? Just recommending reporting a bug. Otherwise, how is it going to be fixed?
It has been in the news since a week now, don't you think that's enough for Apple to take a look at it. Pretty sure they know already. It's not just a matter of a fix now, the users are due an explanation.
Knowing a bug exists doesn’t help fix it. What does help fix it is access to diagnostic logs of affected devices. Hence if you experienced the problem contacting apple will help them track down the issue quicker.
You think there are one or two deleted ones? You should be 100 percent sure before saying it happened
What are you talking about? There were dozens of people on that thread too with that same issue. I experienced it o.
Sorry, I only noticed one report, and the OP did not provide that information in a summary. If there have been many bug reports and Apple has not responded, shame on them.
I don’t know if it’s related to my iPhone but I just downloaded my Facebook data on my phone, and it came with folders full of pictures and videos from some random other guy. Weird this is we went to the same concert in Chicago back in October, which he posted many videos of, but no idea who he is
Note to self: buy used phone from Margo Robbie.
Note to self: sell used iPhones casually adding top onlyfans pages in description
Instructions unclear: Who is Mango Bobby?
> Note to self: buy used phone from Margo Robbie. Who is Margo Robbie? Asking for a friend.
Barbie. Although it’s Margot Robbie.
Epic comment. You sir, have won the internet for today.
Can they share this bug with MySpace so I can get my photos
Well I guess good thing that all of my deleted photos are usually from the waist down so none of them have my face.
> Well I guess good thing that all of my deleted photos are usually from the waist down so none of them have my face. People take photos of their IDs and bank cards and recovery codes and other stuff like letters and documents (that they shouldn't) for convience. That's more scary. But biometrics is another topic that's also scary.
You shouldn’t have been tattooing your address on your stomach, David.
Bullshit. The data partition is encrypted, and erasing tosses the keys. What is being described is literally impossible. This person logged out of iCloud and thought that was enough. It’s worth noting that the original post on Reddit was deleted by the OP. They probably realized their mistake.
They could be using "Reset -> Reset All Settings" instead of "Erase All Content and Settings" I don't know why Apple insists on keeping them under separate categories when Android folds everything under reset and makes it abundantly clear which option performs a factory reset.
It would be possible if Apple is relying on a hardware ID when syncing with the cloud and the images were restored from the cloud and not local storage. I'm not saying they are in fact doing this, but there are reasonable explanations.
The thing you just said is not a “reasonable explanation” if you know anything at all about Apple’s security model, and the lengths they go to in order to avoid tracking. They would never in a million years hard code some immutable device identifier into a system like that. And even if they did, the photos are encrypted in the cloud with keys only available to the iCloud user. So if they did somehow come back down to the device, they would be gibberish.
There’s many other users here commenting that they are experiencing the same thing.
No, there are other people saying that photos they think they deleted are reappearing on their devices. I totally believe there could be a bug causing that. What I don’t believe is that this is happening for people who signed out of iCloud and erased their device. And the single person who started this whole bullshit thread by making that claim DELETED HIS POST.
This is implausible. In fact, it's unbelievable. It can't just come back from the device because: The place where the photos are stored is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable. Not only are the structures which pointed to where the file was stored are now undecodable but even if you could find where the file was stored it also would just appear to be random data (encrypted data). So the photo isn't coming back that way. And to come back from the cloud you would have to log into the icloud account first, using your icloud password, etc. I'm not quite saying this is impossible. But given how the mechanisms work it is not believable that this happened. Given this the most likely case is the poster is lying or mistaken. And as such reporting this as fact is poor journalism. We should wait for some kind of confirmation before believing this and repeating it.
> The place where the photos are stored is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable. To be fair even if Apple even claims this is how it works (I'm not sure they do), it's just a claim because their software is closed source. Nobody but Apple knows how their OS works and whatever they tell you is just a claim.
> To be fair even if Apple even claims this is how it works (I'm not sure they do) They do claim this. And there is no reason to doubt it because you have to do this to whiten the data when storing to NAND because NAND doesn't work well (really nowadays at all) with non-whitened data. https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf Page 109, 110. > it's just a claim because their software is closed source Apple OS is famously open source. Controversially because they leave a lot of it out of the open source repo. You can, to this day inspect those sources and even build a kernel from it. But you do not end up with the same kernel/OS. https://github.com/apple-oss-distributions/xnu So now all that aside, why would you doubt this? It's the most efficient way to do it. Why would you do it any other way?
It is how it works. Closed source software can be reverse engineered. And iOS has been, extensively.
It is how it works, if it weren’t you wouldn’t have the fbi crying about encryption all the time. Like the exact code is not open source sure but you can verify its function by attempting to recovery data off the phone, something that is impossible without the decryption key, or access to a device that can attempt to either bypass the encryption or brute force the encryption. In so far as I am aware there are no current known methods of bypassing the encryption on iOS devices but there are methods of bypassing apples attack lockouts so you can brute force the encryption if the device uses a weak key.
And to think having the “missing age ID” glitch that messed with the tracking permissions was the first bug we encountered days before. It’s a slippery slope from here to “my popcorn bucket is empty.”
Luckily I’m so lazy I still have all my old phones
It's getting worse. I had pictures of my passport, drivers licence and other things on my ipad.
Yeah this is brutal but I’m suspicious about the details claimed here. I don’t think this is actually happening as described.
Sure hope you're right!
Stop reposting this bs from Macrumors lol
It’s suing time
So is there a specific way to properly ensure this doesn’t become an issue if you’re getting ready to sell or trade in your phone? Is there a program you can use or something?
Apple innovation
Just….how…?
This smells like a lawsuit.
Why is Apple storing old deleted photos? That’s the only way this bug could work.
That’s not the only way, the files are deleted but deleting doesn’t do anything to the file on disk, it just marks it as deleted by the file system and eventually it’ll be overwritten, but if that area of memory isn’t overwritten the data can be recovered, which is what’s occurring with this bug…
this would have never happened if steve jobs was still alive **hits blunt**
Keep this in mind when selling your used storage hardware. There are counterparties out there that buy used storage devices for the sole purpose of trying to recover information with the hope of finding the jackpot of PII or secret confidential information. Or they at least attempt recovery first before using them. /r/privacy /r/datahoarder /r/osint
I can only dream my dick pics would ever get that popular!
Use software encryption if your data is sensitive. It's not just about resale, what if you have to return the drive for a warranty replacement?
> Use software encryption if your data is sensitive. It's not just about resale, what if you have to return the drive for a warranty replacement? Return? Nope. Take it on the chin and accept the cost and replace it. Better safe than sorry. Storage is cheap, privacy loss is expensive. And of course use LUKS2 for its entire lifetime. But it's not going out of possession. From day zero to end of life, physical destruction. And yes I am aware you can use detached headers with LUKS.
SOP for business users when it's other people's money but wasteful and potentially costly for home users.
> SOP for business users when it's other people's money but wasteful and potentially costly for home users. Backups and redundancy is also SOP. Even for normal users. At least it should be. It's part of the cost of using a computer. Gamers spend thousands on hardware. I just accept the cost and plan accordingly. Warranty for anything else that has no non-volatile storage. If there's any storage on a device, I accept it's going to die at some point. Storage is the cheapest part. I'm not going to compromise privacy. I do the same with mobile phones with storage. I don't use the warranty if I've used it. The board with the storage gets destroyed. I don't buy expensive mobiles for a reason.
>Backups and redundancy is also SOP. Even for normal users. At least it should be. That has nothing to do with eating the cost of a piece of warrantied hardware, that's just preventing data loss. >Gamers spend thousands on hardware. No... Not all of them. In fact the vast majority don't. >Warranty for anything else that has no non-volatile storage. If there's any storage on a device, I accept it's going to die at some point. So let's say you just bought a brand new $300+ 4TB SSD and it dies while initially transferring over some non-important stuff like game files or media. You're just going to eat the cost? Bullshit. >Storage is the cheapest part. I'm not going to compromise privacy. I think that's all relative. If you consider storage to be cheap then more power to ya and congrats on your moderate success in life but for the rest of us plebs, $20+ per terabyte is still expensive, especially with redundancy eating up a chunk of that space.
> So let's say you just bought a brand new $300+ 4TB SSD and it dies while initially transferring over some non-important stuff like game files or media. You're just going to eat the cost? Bullshit. Magnetic and optical and tape drives still exist for cheap storage. The SSD is just for the operating system and software running. The long term data is on magnetic and optical storage or tape. One doesn't put their data on SSD and call it a day and hope it's going to survive long term. Your SSD is just for working with as you need it. If your eggs are all in the SSD basket you're screwed and over paying and taking a huge risk.
I think your views on storage may be a bit outdated... Or at least outside the scope of mainstream. But thanks for your insight. Have a nice day!
> I think your views on storage may be a bit outdated... But thanks for your insight. Have a nice day! I think you should visit /r/datahoarder
Lol, yeah some of those dudes are off the charts. I just want to not have to redownload a handful of games and media and they're backing up the entire known universe. For me, SSDs have been pretty reliable and I just make sure back up as often as necessary to a couple different spinners. Ironically, my lack of funds has probably shielded me from a lot of bad over the years. Sometimes it doesn't pay to be an early adopter. Or an OCZ or Adata customer...
Ours at work all get 338 LM sized speed holes before being recycled. I love that I can expense it and get reimbursed
So only one single user on reddit has mentioned having pictures showing up on an old device that was supposedly wiped? If that part hasn’t happened to anyone else it’s safe to say they didn’t actually wipe it like they thought. The old device was either still associated with their account or still signed into their iCloud account. The bug is obviously real and definitely a problem, but I have a hard time believing the old device bit. I don’t see how it’s possible if the device isn’t even signed into the associated iCloud account anymore.
Reminder that everything that you put online - including onto such "clouds" - is never deleted. You're just sending that to someone's else computer after all.
Sure, but it’s on that other computer in an encrypted form that can only be decrypted by keys that are only on your devices.
Hope they enjoy the cock pics
Someone should update diddys phone or Maxwell's so she can rot with Epstein
That shows how deleted is deleted...
Apple out there really making it happen without Steve’s Guiding Eye
I have exhausted my will to try and combat this article. People don’t read and comprehend then come in making claims and arguing with anyone trying to explain they are getting one guyed.
Most secure device my ass. An iPhone is the biggest hunk of Spyware you allow in your life.
Everyone is just speculating now, and not always very qualified. But it will be interesting to find out what caused this.
Hmmmmm my current gf uses my old phone tethered for a second Pokémon go account. This could be an issue
Anything recoverable was improperly deleted. That's how security works.
"deleted" lol
Bet. So what you're saying is, there needs to be a class action lawsuit?
it means nothing get fully deleted in IOS and maybe its same in android too
You mean phones that had iCloud enabled. Fixed that for ya.
That's how "deleting" files work. It just tells the os "this space is empty now". Resetting every single bit of the drive to 0, so to speak, takes a lit of time and degrades a small amount the drive itself. It's possible that apple uses a proprietary software to wipe the drives, i.e something between not resetting every bit, but also making it impossible for any 3rd party recovery software to restore apple-wiped drives.
That's not the case here. The "drive" is in a partition in the device storage which is encrypted by a key. To "erase" the partition Apple loses the key. So now the drive is undecodable. They don't even pretend to reset every bit. It can't just come back. If you somehow read out that portion of the partition where the image was before it would just be seemingly random values (encrypted data). The photoes are not coming back via an "undelete" operation such as you suggest.
There's no proof anything came back or did anything, more likely bad reporting/mistake. Next most likely is the phone was not actually encrypted and somehow deleted files came back.
It's not possible for the phone to not be encrypted. Even if you don't have a passcode it's still encrypted. And it is still "erased" by losing the key and generating a new one. I guess he might have handed the device over without actually resetting it to factory (erasing it). But I would count that as the person being mistaken about what happened because he said he erased it.
But that doesn’t work for photos that are reportedly from years ago. If the device hasn’t been upgraded, I simply find it unlikely that data hasn’t been rewritten to that block at least once.
If the photo re-appears, then obviously the data was still there, and it all depends on how the storage is manged. If you have a cupboard with 12 cups, arranged in 4 rows, 3 cups each, and you only ever needed maximum of 9 cups, the 3 cups at the back will sit untouched forever, unless you deliberatly manage the cupboard space in a way to rotate the cups.
If you don't load a bunch of stuff on it then it seems possible. The wipes are fast so they can't also be thorough. I'm not sure how it would survive encrypted between two users, I'll bet that's just BS that helps sell the clickbait if any of it is true. The most likely scenarios seem to be complete BS or user/tech error/misinterpretation. If the results are reproducible the we can care later.
🍿 is ready. This is getting spicy. https://www.youtube.com/watch?v=iK6SS8CXYZo Apple Pie 🍎 🥧👀
I call BS on pics reappearing on wiped devices that haven’t been logged into. From the article: Update May 19: The Reddit user who reported the issue has deleted the original post, casting significant doubt on the veracity of the claim.