cross-posted from: https://sopuli.xyz/post/12670977
iPhone owners say the latest iOS update is resurfacing deleted nudes
Good thing I already knew Iphone wasn’t private.
I mean, they make you sign in with an Icloud ID
Never accepted the agreement, it constantly asks me to but works without it
Having said that, I am sure it still steals my photos because it’s close sourced
Are they not happy when they got back what they thought was lost? :-)
Dang must suck being on a proprietary locked down platform you have no control over. That’s literally impossible on my deGoogled android running GOS.
I still don’t get why people take pictures of themselves being nude and complained when it got leak because data breach
You don’t? Really?
I don’t, I didn’t even shower naked
There are dozens of us.
Tobias, is that you?
Maybe if you turned the water temperature up.
“I don’t understand why people have sex and then complain when they can’t get an abortion because of Roe v Wade being appealed.”
This is what you sound like. Blame the system, not the individual for having a better sex life than you.
Pretty sure physical contact is far superior to… sending nudes. But if that’s having a better sex life, hey good on you LOL
I appreciate this thread’s nuanced discussion of how file deletion works from a technical standpoint depending on storage medium. But as a user, when I delete something, it should go away forever. I don’t care how.
That is what thermite is for.
The second drive bay is the right size for a handy block of data erasing c4
No one will ever read my Zuck / Bezos fanfic.
Lol. I actually used to know a guy that claimed he used to have computer setup with a small thing to thermite on his hard drive and had set it up so if there were too many wrong passwords it would set the igniter off for the thermite. I don’t know if you really, did but he definitely had the technical skills to do that. He was one of those extreme early adopters of BSD and Linux who never used GUI. Oh and he was batshit crazy, legitimately I can see him thinking that was a good idea.
If every time an OS had to delete something it had to fill the space with zeros or garbage data multiple times just to make extra sure it’s gone, we’d all be trashing our flash chips very fast, and performance would be heavily degraded. There really isn’t a way around this.
The solution to keep private files private is to put them into an encrypted container of some sort where you control the keys.
Step away from hardware constraints for a moment, and consider the OS:
If the OS says a file is deleted, under no circumstances should the OS be able to recover it. Sure, certain tools may exist to pull it back; but it should be unavailable to the OS after that. And yet, apparently a software update was enough to recover these files. Thus, the concerns about data safety in an environment where the OS cannot be trusted to remove data when it says it has been removed.
So let’s stop calling it “deleted” then, and call it what it is. “Forgetting”.
I’m not sure what you actually want the OS to do about it other than as I said, fill it with random data.
I think this is just semantics at this point, but to me there is a difference between “deleted” and “erased”. I see deleted as the typical “moved to trash” or
rm
action, with erased being overwritten bits, or like microwaving a drive.Edit - If i remember correctly deleting something in most OS’s/File Systems just deletes the pointer to that file on disk. The data just hangs out until new data is written to that sector. The solution, other than the one you mentioned about encrypting stored data and destroying the key when you want the data “deleted”, would be to only ever store data in volatile memory. That would make for a horrendous user experience though.
You can delete files by overwriting the data. On Linux its shred -zu [file]. Its slow but good to do if you are deleting sensitive data.
Its good its not the standard delete function.
Well, the storage device should handle that then. And modern NVMEs do. Self-encrypted drives are used to hide deleted information from an attacker that desolders the storage chips.
That would apply in my “encrypted container of some sort” solution, yes.
Deletion commands are unfortunately not very reliable on many SSDs
I don’t care how
grabs your phone, throws it on the ground and blasts it with a shotgun
There you go! =)
Well… if you really want to delete them…
takes blasted phone, insert remnants into small iron cup, places in inductive furnace
Hey at least I know it gets the job done
Hmm. I don’t know. Like, the actual surface involved in the storage is a lot smaller than the actual phone, and I imagine that you may-or-not destroy it with a given pellet.
I remember '80s movies – from a time when a lot of people weren’t all that personally-familiar with computers – where someone “destroying a computer” consisted of shooting its screen, which might be not that far off what would be happening. here. In fact, I bet that that probably has a TV Tropes entry.
googles
Well, they have a guy punching it, same kind of idea.
https://tvtropes.org/pmwiki/pmwiki.php/Main/ComputerEqualsMonitor
I will destroy this machine!
Yes! Now the other side will have to spend a whole $100 to replace it!
Might be kind of the same idea, just writ small.
I’ve started seeing people, who really should know better, referring to the PC tower as the CPU. As in, “I bought a bracket that mounts to my variable height desk which can hold my CPU up off the floor and let it move with my desk”.
Bro I’m looking at a picture of a custom water cooled PC here, you should know the fucking difference between a CPU and a computer case.
At one time I remember people commonly referring to the case as the hard drive.
I learned everything about how to build a PC from buildapc… like 12 years ago. Nowadays it has been infested by idiots who don’t know shit but act like they do, and also think more RGB = more better.
I don’t know what happened, but I put together a PC for the first time in some years, and holy mother of God, all the components have RGB LEDs slapped on them now. I had to actively work to find parts that didn’t have RGB LEDs on them (and I still accidentally wound up with some on the motherboard). I mean, yeah, LED case fans have been a thing for a while, and there was always a contingent that put electroluminescent strips on their computers. And it kinda grew into a lot of keyboards and mice. But now it’s a large portion of CPU fans, most cases, RAM sticks have RGB LEDs, motherboards have RGB LEDs. I didn’t have trouble finding non-RGB LED NVMe storage, or non-RGB LED SATA drives, but even there, you can get them. Hell, there are RGB LED cables.
I can only assume that a large portion of the people building PCs these days are doing it to have them physically blinged up.
Like, nothing wrong with wanting to do that, but I couldn’t believe the tiny proportion that wasn’t doing that.
I actually like having lights on the keyboard. Mostly because I can find rarely used keys in the dark.
Eh, that’s been a thing for a long time. Decades at least.
I think that the problem is that there isn’t really a great term to clearly refer to the “non-monitor-and-peripherals” part of the “computer”. “Case” would refer to just the case, not what’s in it. “Tower” or “desktop” is overspecific, refers to particular form factors. I have a tower, but some people have under-monitor desktops (though that’s rare today) or various times of small form factor PCs. If I say “computer”, that doesn’t really clearly exclude peripherals.
And honestly, we don’t really use the term “GPU” quite correctly either. I’ll call a whole PCI video card a “GPU”, but I suppose that strictly-speaking, that should only be talking about a specific chip on the card.
Cloud’s deleted folder enters the chat.
Objective updated: shoot cloud server
John Connor has entered the chat
I’ve been pleased with their messaging on that - “deleted items remaining trash for [some period]…“ (IIRC)
Easy peasy
The OS should never let that happen. It always should abstract the partition into a filesystem.
But as a user, when I delete something, it should go away forever.
Years of working tech support in my past tells me that this is a lie. “OMG restore this!”
The article is being disingenuous about data not being deleted unless it’s overwritten with 1’s and 0’s. Technically that’s true, but:
Most data being deleted is equivalent to a piece of paper being placed in a trashcan, and it’s “permanently” deleted when that trash gets hauled away to a landfill (or supposedly recycling but that’s another topic). Technically it’s still forensically accessible, but it isn’t accessible by any normal means. That piece of paper may not have been incinerated, but for the majority of practical purposes, it’s gone.
Apple never hauled the trash away, even though they claimed they did. There should be no way for them to accidentally restore those photos, just like there’s no way for you to accidentally get a piece of paper back in your trash bin after it’s been sent to a landfill.
Focusing on the 1s and 0s skips past the fact they failed to complete the first, obvious, essential step. If they didn’t delete it the simple way, they would never have gotten to the 1s and 0s step. This isn’t just a simple oversight, and those pictures were still very easily accessible, just not to the people who should have been in control of them.
This is the best summary I could come up with:
Apple appears to have a bug that’s dredging up data that iPhone owners thought was gone.
Some iPhone owners are reporting that, after updating their phones to iOS 17.5, their deleted photos — some quite old — are popping up again, according to a Reddit thread that MacRumors spotted.
People reporting the apparent bug say that they’re seeing old photos appear in their Recents album after Monday’s update.
iOS does give users the option to restore deleted photos, but after 30 days, they’re supposed to be permanently removed.
The person who started the thread claimed that NSFW photos they had deleted “years ago” were back on their phone.
Computer data is never actually “deleted” until it’s overwritten with new 1s and 0s — operating systems simply cut off references to it.
The original article contains 288 words, the summary contains 131 words. Saved 55%. I’m a bot and I’m open source!
Hm… I curiously checked my phone, deleted images/videos are still deleted and haven’t resurfaced. Then again I don’t mix technology with nudity. /shrug
Did you think some else’s nudes might have resurfaced there…?
I think mixing tech and nudity is awesome! I love getting dickpics!
I love mixing technology with nudity. But I have also avoided this problem because I don’t mix technology and Apple.
You don’t mix technology and YOUR nudity 😉
haha…
There are tons of reasons to take nude photos… you often have to send in nude photos for the beginning stages of surgery consultations.
And sexting is fun.
This comment comes across insanely judgemental of the individual, when the issue is that Apple deleting data and thus violating privacy.
It’s not just nudes, though. This could happen for any deleted picture. I’m not really expecting them to zero out the file system block or anything, but this implies they’re not even doing file system level deletion.
Yeah… I think I’d rather do that in person than to video record or take images of myself nude. Privacy and security is a pretty big deal to me. Hence, I don’t mix technology with nudity.
You’ve never been in a long distance relationship? And as I said, some people need to take nudes for medical reasons. It’s not a hypothetical situation, I know multiple people who have done this.
It’s fine that you have your own personal philosophy for taking nudes, but your post is coming off as judgemental of those who do.
It’s not the individual’s fault, it’s Apple’s fault for being unclear about what the delete feature is actually doing.
Hm… I never felt a need to expose myself (using tech) to another person to feel validated or to get their (or my) rocks off or for any other reason, honestly. I’m not trying be morally superior, I’m just saying I don’t expose myself with technology as a medium. In fact, I’ve never posted a photo of myself on any social media. I take privacy and security seriously.
Plus look at the consequences of exposing yourself to others through tech… blackmail, image-based abuse/exploitation, revenge p*rn etc…
My initial comment was simply stating that Apple’s latest update hasn’t undeleted any of my photos/videos in general but that then again I don’t have any nude images/videos on my iphone/iCloud storage if the claim is that nude images/videos exclusively are getting undeleted.
Ah okay. I didn’t interpret this as only nudes being undeleted, so I was reading your comment in that light. Understandable.
Cool
Next up, it starts showing other peoples nudes
That’s a feature, not a bug
“I know it’s not your nude, but it’s a nude and that’s what you were looking for, right?”
Of course it’s company policy to never imply ownership in the event of a nude. It’s always the indefinite article “a” nude. Never “your” nude.
Is it just nudes or is it all old photos?
The former would be hilarious, it would mean that iOS explicitly classified those images as nudes.
Indeed. But Apple does have the tech to analyze images/videos:
Apple’s CSAM detection capability is built solely to detect known CSAM images stored in iCloud Photos that have been identified by experts at NCMEC and other child safety groups.
It’s using hashes, no?
which means they exported this task to some Indians overaeas… fuck which is just worse
I’m an android user and I shred my files using a app that uses an algorithm that overwritten that bytes of the file
I’m an android user and I shred my files using a app that uses an algorithm that overwritten that bytes of the file
I suspect that it doesn’t actually work. I mean, they can overwrite the logical positions in the file file if they want, but that doesn’t entail that it actually overwrites the underlying physical blocks, for a number of reasons, starting with some of the stuff at the drive level, but also because of higher-level issues. What filesystem does Android use?
googles
Looks like yaffs2, at least on this system.
https://stackoverflow.com/questions/2421826/what-is-androids-file-system
rootfs / rootfs ro 0 0 tmpfs /dev tmpfs rw,mode=755 0 0 devpts /dev/pts devpts rw,mode=600 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0 none /dev/cpuctl cgroup rw,cpu 0 0 /dev/block/mtdblock0 /system yaffs2 ro 0 0 /dev/block/mtdblock1 /data yaffs2 rw,nosuid,nodev 0 0 /dev/block/mtdblock2 /cache yaffs2 rw,nosuid,nodev 0 0 /dev/block//vold/179:0 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
https://en.wikipedia.org/wiki/YAFFS
YAFFS is a robust log-structured file system that holds data integrity as a high priority. A secondary YAFFS goal is high performance. YAFFS will typically outperform most alternatives.[3] It is also designed to be portable and has been used on Linux, WinCE, pSOS, RTEMS, eCos, ThreadX, and various special-purpose OSes. A variant ‘YAFFS/Direct’ is used in situations where there is no OS, embedded OSes or bootloaders: it has the same core filesystem but simpler interfacing to both the higher and lower level code and the NAND flash hardware.
Yeah, note the “log-structured” bit there.
https://en.wikipedia.org/wiki/Log-structured_file_system
A log-structured filesystem is a file system in which data and metadata are written sequentially to a circular buffer, called a log.
So, what happens is that when you write, it’s going to the log, and then there’s a metadata update once the write is complete saying “I wrote to the log”. The app probably isn’t writing to the previous location of the data on the disk, because writing to byte offset 32,000 the second time in a file will go to a different logical location on the storage device than the first time you wrote it, causing the thing to not actually be overwritten.
googles
https://arxiv.org/pdf/1106.0917
Secure Deletion on Log-structured File Systems
We address the problem of secure data deletion on log-structured file systems. We focus on the YAFFS file system, widely used on Android smartphones. We show that these systems provide no temporal guarantees on data deletion and that deleted data still persists for nearly 44 hours with average phone use and indefinitely if the phone is not used after the deletion. Furthermore, we show that file overwriting and encryption, methods commonly used for secure deletion on block-structured file systems, do not ensure data deletion in log-structured file systems.
I’d also note that this is a lead-up to proposed solutions, but that’s only handling things down to the level that the OS sees, not what the flash device sees; they don’t mention things like wear leveling, so they probably aren’t taking that into consideration.
EDIT: Oh, they do mention it, but just to say that some of their approach might work (like, what they mean is that if it writes enough data in the background, it might eventually overwrite whatever, even if the OS has no control as to what’s being written):
Wei et al. [16] have considered secure deletion on flash storage in the context of solid state drives (SDDs). An SSD makes use of a Flash Translation Layer (FTL). This layer allows a regular block-based file system (such as FAT) to be used on flash memory by handling the nuances of erase blocks opaquely through the FTL’s layer of indirection. This layer has the same effect as a log-structured file system, where the FTL writes new entries at empty locations, so old entries remain until the entire erase block can be reclaimed. They executed traditional block-based approaches to secure deletion and determined that they do not properly sanitize data on flash storage. They also showed alarmingly that some built-in sanitization methods do not function correctly either. They propose to address this concern by having flash hardware manufacturers make use of zero overwriting, and add it into the FTL hardware. They state that circumventing the problem of a lack of secure deletion requires changes in the FTL, but depending on how the FTL is implemented, our userlevel approaches may also succeed similarly without requiring hardware changes.
So if I am reading this right thermite is the safest way to permanently delete my data right?
Well, physical destruction. Thermite maybe isn’t the best route.
Nope regardless of the situation. Thermite is always the best solution
It will be effective as fuck though.
Just the nudes. Nothing else.
Not true, it specifically states in the article that, for example, one user had over 300 photos reappear, “some of which were revealing”. This is obviously not great but it isn’t likely as scandalous as it’s being made out to be.
It’s scandalous regardless. The nudes just highlight the danger of this.
The joke --------->
You ¯\_(ツ)_/¯
It was kinda wrote like a statement. People who didn’t read the article will read it as such, misinforming people
Since we’re being pedantic: the word you’re looking for is “written” not “wrote”.
I think you may have speeded to a conclusion.
I don’t see where I’ve mentioned a small English mistake. I said that it was written like a statement, which could misinform people
Have you always been a pedant or is this a recent development?
There’s so much misinformation online, sure it could have been a joke but it’s so easy to just be lazy, read the comment straight and move on acting like there’s some kind of operation going on at Apple stealing your nudes. I don’t really care if it’s a joke or not, and you’re not even the OP so who are you to say it’s for a fact a joke?
That was the case for me, until I decided to read the article
What article, it’s just a link. If I can’t read it here it ain’t there.
We shouldn’t encourage post-bot behaviour in the posters, title+summary or gtfo.
If misinformation is a minor issue to you, then I can’t do better
Surprise backup
Oh, it’s up!
I dont trust that client side scanning or other system components arent going through these half deleted files