The overlap between “criminal” and “fundamental understanding of online security” is fairly small.

I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.

I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.

Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.

I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".

To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.

I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.

> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.

Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.

https://support.apple.com/en-us/108756

Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.

The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.

So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.

> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.

Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.

The average "criminal" is an idiot.

News stories seem to indicate that many criminals use computers just like any given person does.

Even people concerned with security who know a little seem to be terrible at it.

A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.

The average people have zero idea about these things. They just use phones, and do not care how they function, what they do in the background.

> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.

Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.

Don't iPhone photos automatically sync to your iCloud?