58

Currently, iCloud sync does not encrypt data end-to-end (E2E). This is a loss of privacy, compared to what Safari [1] and Firefox [2] offer by default, and what Chrome [3] offers through a manual setting. It means that a compromised iCloud account will reveal private details of tabs, bookmarks, and perhaps one day browsing history that is synced. It may be possible to use iCloud encrypted values [4] to achieve E2E to reduce development time. As a Safari and Firefox user, this is a requirement for me before switching to Orion as the default browser. Thanks for the work on this excellent project, and I'll be watching to see how this evolves.

[1] https://support.apple.com/en-us/HT202303
[2] https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
[3] https://support.google.com/chrome/answer/165139
[4] https://developer.apple.com/documentation/cloudkit/encrypting_user_data

    9 days later
    3 months later
    5 months later

    No idea how relevant this is, but with Advanced Data Protection, there's likely to be a bit more awareness from users about E2EE.

    CloudKit APIs appear to already support this from an app layer perspective, and ADP should add encrypted client device backups to complement this. Not really seen enough to tell whether you'll get encrypted "app" data stores on iCloud drive, or if you still need to use CloudKit though - imagine that will become clear once more people are using ADP.

      a year later

      Awesome update! Thanks for suggesting it @kedar

      Looking forward to updating RC and trying it out

        19 days later

        Disregard. I see this came to iOS a on 12/20. Thanks so much!

        No one is typing