"Knowing these photos were deleted a long time ago"
Well I guess they really weren't deleted then.
Naked photos of celebrities including Sports Illustrated model Kate Upton, Jennifer Lawrence and Ariana Grande have been published online by an anonymous hacker who reportedly obtained the explicit pics from the victims' Apple iCloud accounts. Nude photos of 17 celebrities have been published online. The anonymous hacker …
Just goes to show, people with a lot of money are not as clever as they think :-)
Agent, got a part for you and need a Pic of your tits
Star, oh got loads of them, bit busy doing star things, can I share it with you on my very secure cloud thingy.
Agent, sounds great, email me the details, but make sure you delete it later.
Star, Oh, well of course, (eyebrows narrow, in deep thought), exit stage left ....
"Facebook has the same issue - when you delete something it's not really gone, it's just the pointer to it that has been deleted - but anyone with the direct URL can still load it."
Not true. The raw URL can be used to get around permissions, but when a photo on facebook is deleted, the request is batched out to the CDNs. Obviously it's not as instant as the apparent deletion on the HTML side of things (and facebook did once get into a bit of hot water for not flushing the CSN's in a timely manner), but it is done.
Apart from the legal ramifications, why on earth would they want to waste storage on a photo that will never be shown again on a 'proper' page with commercials and sponsored links?
Any outfit worth its money will run a rotating backup resource. This is not really for the benefit of individual users but more for service disaster recovery, but the fact remains that "deleted" doesn't equate to "irretrievably gone" until the data has rotated out of the backup scheme.
In addition, I would like to point out that some countries have mandatory retention requirements - a "delete" there could merely mean "accessible to everyone who pretends to be an official, but not to the hoi polloi unless they have medium level hacking skills"
Last but not least, certain outfits give themselves rights into perpetuity to help themselves to your content the moment you store it with them. The excuses vary, but the consequences of that can be that a delete is only a change of access control. Just in case they need to, umm, "convince" you - more likely if you are of the politically engaged persuasion.
In a nutshell, you better think very, VERY carefully before you hand off personal data to 3rd parties, whoever they are.
When you upload, submit, store, send or receive content to or through our Services, you give us (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services
That implies that what you delete is not deleted, otherwise they could not claim later rights. QED.
(this, btw, is taken from Google - I took the identifier out because I use this often in presentations. It gets interesting reactions when people realise just what they have agreed to when using Googleb services).
(this, btw, is taken from Google - I took the identifier out because I use this often in presentations. It gets interesting reactions when people realise just what they have agreed to when using Googleb services).
When starting to build the online presence for our company we had a look at such licenses (thankfully I had an inkling we'd see this and worse from FB, LI etc).
Even then I was somewhat shocked at how bad Google is, so our G+ page has had little work. I refuse to put our logo or other graphics on there because of this license. Might pinch their streetview photo for a picture of the shop front (let them steal their own IP) but anything I value? No.
LI is worse than Google - not only does it have much the same license, but you have to wade through a hell of a lot more text to reach it. And IIRC it's not in the area you'd expect to find it (so any company who has a logo on Linked In - guess what, you don't own the rights to your logo any more, you've given them an eternal to use it in any way they want, to make derivatives of it, to sell your logo or any derivatives and so on, you've lost control of it).
I was shocked and very pleasantly surprised to see that FB promise that anything you delete is deleted (with a caveat that it may linger in backups for a few weeks but will be deleted in due course and not human-reachable). Their licensing basically reads (at least when we put our logo and other artworks there, hope they haven't changed) that you have full rights over your work, but you give them a license to modify it for the purpose of displaying it in the manner you allow, and only for so long as you have an account with them.
(Note : Not a farcebook user (that's entirely the business partner's job!), nor a fan or supporter of FB. The less people on it the better.. Though it does take attention away from the more interesting places out there...)
If you ran a de-dupe data store, why would you ever delete data?
Mark it as deleted, if a user attempts to upload the same file you can just flag back instantly and say done and unmark it. Data storage is cheap, I/O is not. Its a waste of resources to write zeros to a disk if you are not specifically required to.
By "cloud" I assume you mean CDN, and if that's the case - there's two operations a CDN needs to do to be considered a CDN - load content onto the CDN, and invalidate assets at the edge.
Same goes for "cloud" - reclaiming freed up storage actually makes financial sense at scale.
This is exactly the kind of scandal that is needed to wake people up to the hazards and dangers of relying on cloud storage. It is NOT secure and never will be, no matter how much buzzword fluff the marketing droids and three-letter-spooks throw around. As to all those who brush off their reliance on cloud with "I have nothing to hide, so nothing to fear" - you fucking well have plenty to fear now!
I've never understood, why they would upload such photos onto an online service in the first place. Surely these are personal and private photos? They have no reason to be on an online service, if they are supposed to be private, don't store them in public.
It seems stars have always had nude photos of themselves and sometimes they were stolen from their homes, but now it seems they are getting more and more lax about their security.
That said, it doesn't excuse the abhorrent hacking of their accounts and publishing thr photos.
I don't know about iPhones, but it sounds like the celebs just went with iCloud, which means as they're mailing stuff around, it's staying up on their "cloud" account.
Seriously, don't these people have *people* to tell them not to do that sort of thing? I wouldn't expect JLaw to know about the difference between iCloud, IMAP and POP3, but surely they have someone that does things like securing their wifi for them?
A British woman judge has had criticism for pointing out that if women get very drunk, the laws of evidence then make successful prosecutions for rape (where there is no physical harm) almost impossible, because "I can't remember what happened but I think I was raped" isn't terribly convincing in court. It's the criticism that amazes me, but it is clear that for a significant number of people nowadays, saying "if you do foolish things bad things may happen" is Nanny Statism, denial of rights and Bad.
In this case one foolish thing is (assuming you really needed to take the pictures anyway) letting them out of your control because, what could possibly go wrong? And the other foolish thing is cloud services that don't warn people of the possible consequences of storing unencrypted data. To say this is not to excuse criminals, just to point out that attempts to make everybody law abiding haven't met with success at least since Hammurabi had his tablets written, so it is unwise to assume that being in the 21st century has suddenly made everybody good.
"A British woman judge has had criticism for pointing out that if women get very drunk, the laws of evidence then make successful prosecutions for rape (where there is no physical harm) almost impossible, because "I can't remember what happened but I think I was raped" isn't terribly convincing in court. "
Although a bit OT here, the latest "scandal" is that many "no crime" rape reports are being re-opened because if the girl was that drunk then consent was impossible so it "must" be rape. I'm not sure how I feel about that.
[quote]
Although a bit OT here, the latest "scandal" is that many "no crime" rape reports are being re-opened because if the girl was that drunk then consent was impossible so it "must" be rape. I'm not sure how I feel about that.
[/quote]
And yet Rochdale still happened. One case had two detailed rape reports by a 15 year old, plus 2 sets of DNA tying the two perps to the "crime scene" and that wasn't taken to court as she "was 15 and a girl and so unreliable as a witness"!
The CPS and the police need to sort out what the rules actually are. Hint: The girl has to be both capable of consent and have given consent. (Yes, I know that's very complicated.)
This post has been deleted by its author
Unfortuantely a lot of people don't appear to be in blackout to people around them. As a recovered alcoholic I can confirm that many's the time I have been so wasted as to not remember what I'd been doing for a whole week on an alcoholic binge but people I was around at the time have later told me that I was acting fairly "normally".
…if the girl was that drunk then consent was impossible so it "must" be rape
On one hand, too drunk to give consent is rape. On the other hand, too drunk to remember drunkenly giving consent is not rape. On the third hand, drunk enough to want to sleep with him, but sobers up quickly is definitely not rape. Tricky to distinguish between the three.
> In this case one foolish thing is (assuming you really needed to take the pictures anyway) letting them out of your control because, what could possibly go wrong?
To be fair, all that has gone wrong appears to be the subject gets a bit embarrassed (depending on their prudes), and their marketability might have been affected (not necessarily in a negative manner).
Yeah, it's not cool in the same way it's not cool to publish someone's home address or anything private¹ on the internet, but the consequences are hardly disastrous, so it is possible that people have actually thought "what could possibly go wrong" and decided to take the smallish risk anyway.
¹ Such as private parts².
² Yeah, I know where my coat is, thank you.
Rape most certainly a matter of consent. That is the key element that determines rather a mundane and perfectly legal activity is actually a crime.
However, this distracts from the fact that this particular situation includes a 3rd party that was tasked with being responsible. It doesn't matter if the starlet was drunk. She had a body guard and that body guard failed to do his job. Regardless of the existence of the criminal, the security professional is equally responsible for his malpractice.
Except holding Apple responsible would violate the media narrative that so called journalists have decreed will be propagated about Apple.
"I've never understood, why they would upload such photos onto an online service in the first place"
You've completely missed the point. This is not a case of people explicitly "uploading" anything to an online service ... this is an automatic and supposedly trusted backup service which uses an online repository to store the data in order to be accessable to all of the users devices. It is largely transparent to your average user.
As per previously highly upvoted comments, the issue here is that your average user has no idea of the implications of their backup data living in what is effectively the public domain!
"you fucking well have plenty to fear now!"
Well no, not really. I'm not a complete twat who'd even contemplate posting anything as moronic as a naked picture of myself in a public place!
IT lesson #132 for Normal People - Internet = Public Town Square. If you won't do it down the local town square, then don't do it on the internet!
"If you won't do it down the local town square, then don't do it on the internet!"
Really? So you won't be sending any business or personal sensitive information by email/text either? You don't mind your phone logs being posted in the local town square?
I've no idea if those bits of data are stored on the iCloud, but, I suspect, neither do you... this seems to support me - http://support.apple.com/kb/PH12519?viewlocale=en_US
> I'm not a complete twat who'd even contemplate posting anything as moronic as a naked picture of myself in a public place!
Famous last words.
Can you be *really* sure that none of your data anywhere goes at some point all cloudy? Not even in the future when you install upgrade 'X' to your OS?
And btw, it is only "moronic" if you do not want those pics to be there. Plenty of people are actually perfectly OK with posting nude photos of themselves online. There are whole websites dedicated to the stuff, some porno-ish, some not.
note to self, don't store nude selfies in the cloud, especially a cloud beginning with a lower case vowel...
Don't expect this little wibble on the www to wake people up. The kool-aid has been consumed long ago or the village idiots have the keys to kingdom.
I wouldn't know these naked chicks if they were sitting on my couch.... well, I hope I'd heard their name. Sorry what was that? Her name? Sorry, you've lost me... your name reminds me of a city.
But the reality is, no one will wake up. Apple will fix the hole, will assure everyone things will be fine, and life will continue while short memories fade. This will all be forgotten in a few months (or sooner) as the distribution becomes less public and falls back into the underbelly of the Internet. Not a single celebrity's life will be ruined by this leak, and besides, they are celebrities and live at a level well above the average person. I mean, I am no Jennifer Lawrence or Leelee Sobieski, so who wants to ever peek at my nudies? Everyone will continue using cloud services, ignoring the rain which falls from them, happily oblivious thanks to the it-won't-ever-happen-to-me mentality.
If, what was it, 100GB of leaked private photos from Facebook failed to wake up the masses, will this? Maybe we will finally reach the tipping point of a lack of privacy, but what exactly is privacy today, anyway? Especially when we are encouraged, if not required, more and more to use these kinds of services for our day-to-day interactions.
@Anonymous Cowherder: we have been beating that drum for years. YEARS. Still no one hears it. "But it it's private! I can block people!" Sure, a great service with a lock... but it is a shitty lock.
As to all those who brush off their reliance on cloud with "I have nothing to hide, so nothing to fear" - you fucking well have plenty to fear now!
I don't rely on it, but I do use it as an integral tool for backing up the servers (data that needs to be protected is encrypted at the server level, stuff too sensitive for cloud backup won't be on the web servers anyway), and for some web dev work - syncing files between machines (must set up Owncloud if it's any good).
Used right "cloud" is a good tool that makes life (especially some distributed backups) easier, and can be used to shift some load off the server (ala CDN and a few other services). Used wrong, it's an embarrassment looking for a paper to be published in.
I don't have anything to fear from using it. I am quite selective in what I allow on there, and the only thing I could be embarrassed about is some of the test code that may reach that level.
I am somewhat more seasoned than the average netizen, and I'm quite sure that many of the average ones will put all sorts of wrong stuff on there. But that's not me - I know I have nothing to fear from a breach at my provider because I don't put data on there that could be a problem.
Treat the net as the front page of the local rag. If you won't want it in one, don't put it in the other.
(SaaS is another matter - I like my machines to be able to be offline and still usable without any "phone home" nonsense, and over here the cost of mobile bandwidth has me counting every byte -so I don't want any extra programs dialing out)
"They might not have even known that Apple was backing up their Camera Roll pics to iCloud, it's just built in by default."
You have to create the iCloud account and then enable backups to it, but once you've done that it operates transparently in the background.
Apple store staff tend to helpfully set this up for you if you're not all that tech savvy like my wife and take your iPad in to them with the voucher for the 'free setup'.
Someone raised an interesting question earlier ... once you delete the photo on the device, what does iCloud do with the backup? Presumably it keeps it for some period in case you want to restore from the backup ... I imagine it functions much the same way as Time Capsule does.