One of the biggest surprises of WWDC 2021 was Apple’s launch of iCloud +, an updated version of its existing service that is available at no extra charge and offers users secure email and VPN security.
iCloud was just becoming a useful business tool
The introduction of these features will turn iCloud into a very useful remote business tool, although it will be interesting to see if all of these features are available to companies using Managed Apple IDs for their business tools. For now, let’s assume they will, given the great value they promise to those in the sector.
These new tools mean iCloud-using employees:
The email opening activity is not tracked by invisible pixels, as explained here with Mail Privacy Protection. Will be able to sign up for mailing lists with fake email addresses. Get access to a built-in VPN with iCloud Private Relay. Can create domain-based email addresses.
A game of cat and mouse
Apple will continue to invest in this protection. Confirming that Apple views cybersecurity as an ongoing challenge, Apple’s Crag Federighi, vice president of software engineering, told Fast Company:
“The incentives to ‘innovate’ in the world of exploitation are high, and so there have been many advances in the art of tracking; much progress in the art of security exploits. And so we think that there will continue to be a game of cat and mouse in both areas. We believe we have many tools in this battle and we can largely stay ahead of it and protect our customers. But it is something that we recognize as a struggle that we will fight for years to come. “
In some ways, Apple’s decision to secure its platforms reflects the reality that as the space in the business increases, Apple will become a more viable target.
“As the company has grown, Apple devices are now a major target of security threats,” writes Jamf senior manager Garrett Denney.
“This, coupled with remote work and schools accessing sensitive cloud resources, increased the demand for even greater security on the Apple platform. And with the improved security, there is a need to balance privacy and the end-user experience in a number of contexts. New data protection-oriented functions such as Hide My Email and Private Relay put user privacy first and enable data protection regardless of where the devices are used. “
Star of the show: iCloud Private Relay
Private Relay is a built-in internet privacy service that resides in iCloud. It is designed to allow you to connect and surf the internet in the most secure manner using Safari, and it protects both the site requests you make and the places you visit from being identified.
This encrypts the traffic (e.g. web destinations) leaving your device so that the requests are unreadable even from Apple or the network provider.
It works like this:
When you make a request, it is encrypted and then sent through two separate internet relays. The first Apple-powered relay gives you an anonymous IP address that matches your region, but not your actual location. The second relay, owned by a third party, decrypts the web address and forwards you to that destination. The magic here is that by dividing up the information in this way, nobody can see who a user is and what websites they are visiting. Apple can only see the IP address you have requested, while third-party providers can only see the website you have requested.
The system raises the bar for personal security by hiding who is surfing and where the data comes from. it effectively means that you now have a free VPN in Safari.
In a WWDC presentation, Apple stated that Private Relay will also include DNS queries and some traffic from apps.
What works with iCloud Private Relay?
Apple Says iCloud Private Relay Works With:
All Safari web browsers; All DNS queries when users enter site names; All unsafe HTTP traffic.
What is wrong with iCloud Private Relay?
Apple also said iCloud Private Relay doesn’t work with:
Local network connections; Queries from private domain names; VPN traffic; Internet traffic via proxy; Anyone who pretends to be in a different region.
Federighi says that with classic VPN protection you have to trust your provider.
“And that’s a huge responsibility for this intermediary, and it involves the user making a really difficult trust decision to make all of this information available to a single entity.”
In other words, Apple’s system may be better than a VPN because while VPN providers know who you are and what you are seeing, Apple doesn’t have that information. Such protection seems like a necessary step given the number of unsavory and untrustworthy VPN services.
At its simplest, it makes targeting an Apple user much more difficult, which also makes it much more costly to do it. This should reduce the overall risk environment, although security should never be taken for granted.
You are using “Hide my email”
Hiding my email address, which is loosely based on Sign In with Apple, allows you to share unique, random email addresses that will forward messages to your personal inbox instead of sharing your actual email address. This tool, built into Safari, iCloud Settings, and Mail, is far better than the ad hoc aliasing system we’ve used so far that is controlled online in iCloud. In addition, users can create and delete any number of addresses.
In simple terms, it means that you and your employees with Apple devices now have an unlimited supply of burner email addresses to use when it comes to security.
You can also use a custom domain name with iCloud +. Apple positions this as a family-oriented service. This means that a family that owns a domain like SmithFamily should be able to create a range of email addresses like email@example.com that will work and be recognized by iCloud.
We don’t have many details on this yet, but it will be interesting to see if this extends to (or can be expanded later) to include Managed Apple IDs for enterprise use.
The digital legacy tool
Remember the old days when, in the event of the death of a senior executive, it might have been impossible to retrieve the strategy document they were working on from their device – even with the help of their grieving family?
This should no longer be a problem with digital legacy. This allows users to designate relatives or friends as people who have access to digital data, such as photos and other personal data, that remains in someone’s iCloud account after they die.
To set up the feature, a person must specify who can access the account in the event of death. These old contacts will then be able to access this account but will have to go through a verification process, the details of which are currently not clear.
We believe there is still a lot more to learn about iCloud +. After all, the idea of a “plus” service means that there will still be a basic service, and I can’t help but wonder if the free 5GB service could be kept but easily expanded.
There are also some useful changes in the recovery feature that now allows you to assign friends or family members you can trust to have security codes on your behalf if you lose your device.
Prices stay the same: 50 GB of storage with a HomeKit Secure video camera (99 cents per month), 200 GB with up to five HomeKit Secure video cameras ($ 2.99 per month), and 2 TB with an unlimited number of HomeKit Secure video cameras (9 .99 USD per $) month).
The number of cameras used is a maximum of five, and the storage space for those cameras no longer counts towards your iCloud limit. Existing iCloud users (presumably those on paid levels) will be upgraded to iCloud + this fall, when iOS 15, iPadOS 15, and macOS Monterey ship.
Please follow me on Twitter or visit the AppleHolic’s Bar & Grill and Apple Discussions groups on MeWe.
Copyright © 2021 IDG Communications, Inc.