Apple silently uploads your passwords and keeps them

Original Article ↗ Hacker News Discussion ↗

iCloud Keychain Behavior & Encryption

  • iCloud Keychain syncs passwords across Apple devices; some users were surprised when previously local “Local Items” keychain contents became cloud-synced after an update or config change.
  • Thread consensus: passwords are stored as encrypted data, not plaintext; Apple documents AES‑256‑GCM and end‑to‑end encryption, with keys held on devices (e.g., Secure Enclave/TPM), not on Apple’s servers.
  • Some link to Apple’s security docs and talks describing escrow-based recovery and end‑to‑end design; others note that this remains a black box and cannot be independently verified.

Consent, Defaults, and Silent Changes

  • Core complaint: iCloud Keychain was toggled on “silently” after being off, uploading local passwords to iCloud and to a low‑security test machine.
  • Several participants argue syncing should always be explicit opt‑in; others reply that all major browsers and platforms default to cloud syncing once you sign in.
  • Some distinguish between initial opt‑in and later re‑enabling after an update, calling the latter especially problematic.

Control, Trust, and Closed vs Open Platforms

  • Many comments argue that on closed platforms you must either trust the vendor completely or not at all, since they control OS and hardware and can bypass local protections.
  • Others push back, saying large companies have strong incentives not to exfiltrate passwords due to reputational and legal risk.
  • Several advocate for open or local‑first alternatives (Linux, OpenBSD, GrapheneOS, local password managers) as the only way to maintain real control.

Deletion, Data Retention, and Regulation

  • Some say you can delete passwords via Keychain or iCloud clients; others note that this only affects visible copies and doesn’t prove server‑side deletion.
  • Debate on whether enforceable regulation and heavy fines are necessary to make deletion meaningful, versus relying on vendor goodwill.

Password Storage Mechanics

  • Confusion arises between password hashing (for authentication servers) and encryption (for password managers).
  • Multiple replies clarify that managers must use reversible encryption, not one‑way hashes, because they need to supply the original password to websites.

User Experiences & Usability Issues

  • Reports of family sharing unexpectedly exposing one person’s passwords to another’s keychain.
  • Complaints that iCloud sync (photos, history, passwords) is too aggressively default‑on and hard to keep consistently disabled across devices.