this post was submitted on 18 May 2024
239 points (94.8% liked)

Privacy

31921 readers
1084 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 44 comments
sorted by: hot top controversial new old
[–] [email protected] 100 points 5 months ago (1 children)

It restoring deleted photos onto wiped devices that have been resold is a privacy nightmare.

[–] [email protected] 33 points 5 months ago* (last edited 5 months ago) (2 children)

I wonder if they’re doing that to reduce the write cycles on the cells and since they’re “encrypting” the contents of the cells they figure the overall IO flag of the data being deleted is “good enough”.

So, in a perfect world, when you wipe the phone it’s basically just trashing the encryption key and so it’s useless data.

That’s all assuming that the encryption method/keys are foolproof which is always a bad bet.

And, this here makes me wonder how effective that is.

And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.

That’s a huge issue. Not just for photos but also files for sensitive data, secrets, etc. this, if true, is a massive issue overall since it even happening at all shouldn’t be possible.

[–] [email protected] 21 points 5 months ago

Indeed. If true, it means Apple’s technology doesn’t work the way they claim. Which is a really big issue.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

It seems unlikely that this is accidentally reading old encrypted data blocks. The filesystem wouldn't even try to access data that it hasn't written to yet. So you would need both filesystem bugs and bugs with encryption key management.

I think the theory that iCloud is accidentally restoring images based on the device ID is much more likely. It is also quite concerning but seems more plausible to me.

[–] [email protected] 4 points 5 months ago

Offloading the data to the cloud and making it accessible on other devices no longer signed into iCloud.

That is so much worse if true.

[–] [email protected] 62 points 5 months ago (2 children)

So now we know, iPhones and iPads don't TRIM their storage memory.

[–] [email protected] 6 points 5 months ago

thats really bad for longevity

[–] [email protected] 5 points 5 months ago (3 children)

$.05 explanation for those unfamiliar?

[–] [email protected] 24 points 5 months ago (1 children)

Here’s the ELI5.

Imagine there’s a set of lockers in a school.

When a student leaves the school or changes lockers they remove the label on the locker but don’t empty it.

A TRIM, however, means that they not only remove the label from the locker by also clean out its contents.

[–] [email protected] 17 points 5 months ago (1 children)

Not quite; the contents all go in a bag labeled “trash” — someone still has to remove it from the locker.

[–] [email protected] 2 points 5 months ago

Good point.

[–] [email protected] 9 points 5 months ago (1 children)

TRIM is a command / instruction for solid state storage to release a block of data, so it is blanked and ready to be written again.

[–] [email protected] 14 points 5 months ago

No, it actually isn't. TRIM doesn't erase data.

https://www.techtarget.com/searchstorage/definition/TRIM

Trim marks blocks for deletion. It doesn't delete anything.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

Usually when you "delete" data on a storage medium you really just remove a reference to it. The data is still sitting on the disk if you know where to look. TRIM is a command that tells the storage device "I don't need this anymore" and usually the hardware will return empty data the next time you read it (really the hardware is doing the same thing of just forgetting that there is data there, it is turtles all the way down, but it will track that this block is supposed to be empty and clear it when you next read it).

However I think this is an unlikely theory. It would require two bugs:

  1. The OS would be trying to read data that isn't supposed to exist. This would be a bug on its own that would likely be quite visible.
  2. The iPhone uses disk encryption, and when you reset the device the key is (supposed to be) reset, meaning that even if you read the old data it would be useless.

Both of these would be very significant and unlikely to last long without being discovered. Having both be present at the same time therefore seems very improbable to me.

[–] [email protected] 30 points 5 months ago (3 children)

That's unnecessarily clickbaity, the article doesn't mention it's specifically nudes that came back, just old photos.

[–] [email protected] 4 points 5 months ago

I was wondering about that (but thought that that what you said would probably be true), this would have been very interesting if it just restored nudes ...

[–] [email protected] 2 points 5 months ago

The person who started the thread claimed that NSFW photos they had deleted “years ago” were back on their phone.
Another Reddit user said that they saw photos from 2016 show up as new images but that they didn’t think they’d ever deleted them. And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,”

[–] [email protected] 23 points 5 months ago

I wonder if this has anything to do with Apple’s CSAM scanning. You know, hang on to the photos as evidence, and, for an added bonus, sell more iCloud storage because the “System Data” now exceeds the free iCloud data storage quota. Win-win!

[–] [email protected] 21 points 5 months ago

One user also said they saw a photo return even though they don’t sync their phone or use iCloud

I was assuming that all these people had photos save to iCloud when it launched years ago and are seeing them appear now. If it’s not an old desync bug between deleting images off of iCloud/local device then this will be interesting.

[–] [email protected] 19 points 5 months ago

This is the best summary I could come up with:


Some iPhone owners are reporting that, after updating their phones to iOS 17.5, their deleted photos — some quite old — are popping up again, according to a Reddit thread that MacRumors spotted.

People reporting the apparent bug say that they’re seeing old photos appear in their Recents album after Monday’s update.

iOS does give users the option to restore deleted photos, but after 30 days, they’re supposed to be permanently removed.

The person who started the thread claimed that NSFW photos they had deleted “years ago” were back on their phone.

And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.

Computer data is never actually “deleted” until it’s overwritten with new 1s and 0s — operating systems simply cut off references to it.


The original article contains 337 words, the summary contains 149 words. Saved 56%. I'm a bot and I'm open source!

[–] [email protected] 18 points 5 months ago (3 children)

And a person claimed in a later post that “around 300” of their old pictures, some of which were “revealing,” appeared on an iPad they’d wiped per Apple’s guidelines and sold to a friend.

How would that even work? Wiping a device resets the encryption keys, doesn't it?

[–] [email protected] 6 points 5 months ago (1 children)

And the images are tied to an Apple ID.

So somehow the fully factory reset iPad accidentally logged in to the old Apple ID and merged deleted photos to the new Apple ID

[–] [email protected] 3 points 5 months ago

Both seem equally improbable.

[–] [email protected] 5 points 5 months ago

It actually doesn’t seem possible as there are too many systems that need to fail for it be true. The encryption key, access to another Apple ID and Photos having access to it all.

We are finding out that it’s not the images that are restored, but the thumbnails. Which is why the images are low quality when opened. The original photos are gone but the thumbnails still survive on Apple’s servers. Likely just cached. Which of course only applies to those logged into their accounts, not on other wiped devices.

[–] [email protected] 5 points 5 months ago

It sounds like these aren't still on the device somewhere, but re-downloaded from iCloud.

So presumably the device ID is somehow being used to incorrectly "authenticate" to iCloud and old images are being restored.

This definitely raises some major concerns about how iCloud authentication works.

[–] [email protected] 8 points 5 months ago

Watch them claim it's their property...

[–] [email protected] 6 points 5 months ago (2 children)

Taking nude pics on any "smart" device is just a bad idea.

[–] [email protected] 6 points 5 months ago

The issue is not really that people are using smart devices for whatever, but that they were explicitly promised that the devices were safe enough to guard your private data. And that was a lie from Apple to sell more devices.

This is 100% on Apple's head. Not the consumers that were lied to.

Besides, which devices are so "not smart" these days that there is no chance of data leakage or recovery?

[–] [email protected] 3 points 5 months ago (2 children)

I should absolutely be able trust my phone to store my private data. If my phone isn't trustworthy that is an issue that should be resolved. I mean sure, every copy of data is a risk, but there are a lot of more valuable data (in my opinion) on my phone than nudes.

[–] [email protected] 1 points 5 months ago

Yes you should, but you have take your data safety into your own hands. You cannot trust Google, Apple, and other big tech companies. That is not to say that these companies should get away with the things they do, there should be punishment.. but that is the reality.

[–] [email protected] 3 points 5 months ago (1 children)

I'm sure this is a dumb programming error (files are not deleted until overwritten with new data with solid state media). A boneheaded fuckup. Another person reported old voicemails being flagged as new. Either way, I'm waiting to upgrade to this version as a result.

[–] [email protected] 12 points 5 months ago (1 children)

File systems have a record where the binary data for a file like a photo is stored. That's deleted, without that you'd have to extensively scan the whole memory and hope to recognize that a chunk is an image file.

Whatever Apple is did in this update, it's probably not good

[–] [email protected] 13 points 5 months ago (2 children)

If it is indeed a boneheaded mistake, then it’s probably because of over reliance on RPC-type calls from the front-end that displays the data, to the back-end that actually handles the data. User deletes photo, and the front-end, instead of actually deleting it, tells the backend to do it… and then hides the photo from view, maybe updates its index of photos marking them as “deleted” regardless of whether the backend actually deleted the photo.

Then an OS update comes along, and rescans the filesystem, and report a bunch of new photos to the front-end, that then happily add them to the GUI to the user’s surprise.

Modern APIs and software architectures are a bloated, unnecessarily complex mess, and this is the result.

[–] [email protected] 7 points 5 months ago (1 children)

It's quite possible, although I'm inclined to blame it on turnover and pressures for deadlines

I've come to see software kinda like a plant. If you neglect it, it rots, because all software is contextual and the world moves on. If you keep growing it, it starts to rot from the inside. If you carve out down to something smooth and streamlined, it can last a long time and just need TLC to bounce back

Ultimately, if you want something to be big and to last, you have to prune it, transplant it, and continuously work on it. There's no direct money to be made there though

And it helps a shit ton to have people around long-term. It can take years to learn a big stack, but having someone go "wait, if we do this we need to rexamine how we delete photos" is how you avoid fuck ups like this

[–] [email protected] 1 points 5 months ago

Wow, beautiful analogy! I’m going to use that in my professional career if you don’t mind. Also with your permission I’d like to give you credit with a link to this comment, if that’s OK with you, of course.

[–] [email protected] 1 points 5 months ago

Some unit tests might have been lacking. But yea. I personally like to keep things simple, but a lot of tech companies seem to prefer quite the opposite sometimes

[–] [email protected] 2 points 5 months ago

Apple, or as I've taken to call it, Mother Superior.

[–] [email protected] 2 points 5 months ago

laughs in DOS

[–] [email protected] 2 points 5 months ago

I hope we will get to the bottom of this, because all the armchair experts with tons of different explanations for how this happened are annoying. There are so many people confidently explaining different conflicting theories.

[–] [email protected] 0 points 5 months ago (1 children)

I didn't use a single Apple device and I wouldn't do it anyway so who cares..

[–] [email protected] 0 points 5 months ago

so who cares

All the other people who do use one?