- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
cross-posted from: https://sopuli.xyz/post/12670977
iPhone owners say the latest iOS update is resurfacing deleted nudes
You must log in or # to comment.
The article is being disingenuous about data not being deleted unless it’s overwritten with 1’s and 0’s. Technically that’s true, but:
Most data being deleted is equivalent to a piece of paper being placed in a trashcan, and it’s “permanently” deleted when that trash gets hauled away to a landfill (or supposedly recycling but that’s another topic). Technically it’s still forensically accessible, but it isn’t accessible by any normal means. That piece of paper may not have been incinerated, but for the majority of practical purposes, it’s gone.
Apple never hauled the trash away, even though they claimed they did. There should be no way for them to accidentally restore those photos, just like there’s no way for you to accidentally get a piece of paper back in your trash bin after it’s been sent to a landfill.
Focusing on the 1s and 0s skips past the fact they failed to complete the first, obvious, essential step. If they didn’t delete it the simple way, they would never have gotten to the 1s and 0s step. This isn’t just a simple oversight, and those pictures were still very easily accessible, just not to the people who should have been in control of them.
In your analogy, they never even put the photos in the trash can. They just put a postit on them saying “don’t show to user”. Then the updated software forgot about the postits (and started to post tits).
Computer data is never actually “deleted” until it’s overwritten with new 1s and 0s — operating systems simply cut off references to it.
That’s not entirely correct, and I would expect a tech news site to know but ig not.
It’s true with spinny’s since they store data magnetically on the platter with 1s and 0s, but SSDs store data on the NAND as a held charge. If there’s a charge in the block it’s a 1 if there’s no charge it’s a 0.
With spinny’s, when a file gets marked as “deleted” the residual magnetic 1s and 0s will remain on the platter until eventually overwritten like they say
But with SSDs, when a file gets marked “deleted” then within no more than a few minutes TRIM comes along and ensures the charge on the NAND is released (Which means that data is gone, permanently) for that data, there’s no residuals to worry about like with spinny’s and is in fact necessary to ensure decent lifespans.
Which means that data is gone, permanently) for that data, there’s no residuals to worry about like with spinny’s and is in fact necessary to ensure decent lifespans.
I doubt that the firmware is doing an overwrite of TRIMmed data. Rather, I expect it’s marking it as having been TRIMmed, and so can report that it’s zeroed to higher layers. If a higher layer queries the firmware for its content, sure, they might get zeroes returned. But if you can modify the firmware or otherwise bypass it, you may be able to get at the underlying media.
There is also the “bad block” issue, where storage media can take blocks – which may contain readable data – out of use, so that higher layers cannot access them. That applies to rotational drives and it looks like SSDs do the same thing. Again, might require bypassing or modifying the firmware to get direct access. But there can be data leaked there.
I also wouldn’t be terribly surprised if there is lingering information even after zeros are written to an SSD that might be recoverable if you could directly access the media, though I’m not familiar with the situation there. That is the case for rotational drives – the drive platter itself is “analog”, doesn’t just store a discrete string of ones and zeroes at the physical level. I once knew a cryptographer who was working on quantifying that leakage for rotational drives.
Now, attacking some of that is a pain and probably not a concern, but there are some cases where it might be a target. I once knew a professor who used to work at the Department of Defense, and he’d talk about their disposal process for rotational drives:
-
Drive has N random overwrites.
-
Drive gets passed through a rock-crusher device.
-
Remains get put in an acid bath.
I don’t know what they did if Step 1 couldn’t be completed due to drive failure. Maybe they were allowed to skip that step in that case.
That being said, probably most people don’t have to worry about the same level of resources being aimed at them.
I doubt that the firmware is doing an overwrite of TRIMmed data. Rather, I expect it’s marking it as having been TRIMmed, and so can report that it’s zeroed to higher layers. If a higher layer queries the firmware for its content, sure, they might get zeroes returned. But if you can modify the firmware or otherwise bypass it, you may be able to get at the underlying media.
TRIM is garbage collection and is a part of the wear leveling system. The whole point of TRIM is to have the SSD only hold the charge it needs too for still in use (i.e. not deleted) data. It’s the charge that damages blocks over time, so to extend lifespans it clears everything not needed. It’s not overwriting data for security or anything per se, but rather just a result of its longevity processes
Now, I’m sure there are cheap no name SSD controllers out there with ineffective TRIM operations that just lie about the operation, but any controller worth its salt is gonna have proper TRIM.
There is also the “bad block” issue, where storage media can take blocks – which may contain readable data – out of use, so that higher layers cannot access them. That applies to rotational drives and it looks like SSDs do the same thing. Again, might require bypassing or modifying the firmware to get direct access. But there can be data leaked there.
Part of that process is to move the data to another block and release the charge to prevent further damage, it’s possible the block is damaged in such a way that it won’t even release the charge, but if that’s the case it’s incredibly unlikely to be readable.
I also wouldn’t be terribly surprised if there is lingering information even after zeros are written to an SSD that might be recoverable if you could directly access the media, though I’m not familiar with the situation there. That is the case for rotational drives – the drive platter itself is “analog”, doesn’t just store a discrete string of ones and zeroes at the physical level. I once knew a cryptographer who was working on quantifying that leakage for rotational drives.
Yea it’s possible, but now you’re in the needing x-ray machines, powerful microscopes, full clean room labs and people with extensive, specific skill sets which means $$$$$$$$$$$$$$$$$$$$ or in other words, state level budgets range. 99.99999% of people will be fine
TRIM is garbage collection and is a part of the wear leveling system. The whole point of TRIM is to have the SSD only hold the charge it needs too for still in use (i.e. not deleted) data. It’s the charge that damages blocks over time,
I’m pretty sure that that is not correct.
The limiting factor is the number of writes. The reason that TRIM enhances life by facilitating wear leveling is that it lets the firmware know that the block no longer has useful data, so it can be returned to the pool used for wear-leveling. Without that, the firmware doesn’t know whether or not it can switch the physical block used to represent a given logical location and safely overwrite the existing contents of that new block.
The reason that TRIM enhances life by facilitating wear leveling is that it lets the firmware know that the block no longer has useful data
Ah I see the disconnect, TRIM doesn’t live in the OS outside of the firmware, TRIM is part of the controller firmware and is exposed as an ATA command for the OS to utilize
The study I have linked in my original comment goes more in-depth
Ah I see the disconnect, TRIM doesn’t live in the OS outside of the firmware, TRIM is part of the controller firmware and is exposed as an ATA command for the OS to utilize
Yes, I know.
The study I have linked in my original comment goes more in-depth
I’m on a phone, and it only partly showed up.
I mean, I read the PDF, the problem was the viewer bogging down.
googles
This sounds like what I expected:
https://superuser.com/questions/1060831/triming-as-alternative-to-securely-erasing-a-ssd
If data security is your concern, it should be noted that neither a SECURE_ERASE nor a TRIM actually erase the flash cells. The SSD firmware keeps a list of which cells are allocated and which are not. A TRIM simply marks a cell as unallocated the same way deleting a file causes the filesystem to mark a cluster as unallocated. No attempt is made to actually erase the data. A read request from an unallocated cell simply causes the device to return 0x00 (or some other bit pattern) without actually checking the cell’s contents.
There is no effective way of securely wiping an SSD. Forensics tools that can interface with the firmware directly can see the cells’ contents. Also, there is more storage on the device than what is accessible from user-space. These extra cells are used in garbage collection. Garbage collection can reallocate cells on-the-fly and can still work even on a drive that is 100% full. A SECURE_ERASE may (probably does) TRIM those cells, but a blkdiscard or fstrim certainly wouldn’t, since they use sector numbers to identify the areas to be TRIMmed.
The only way to securely erase an SSD is to destroy it. This is the policy of most companies in health care, banking, and government when surplussing equipment.
EDIT: I took a look at your PDF on a desktop. While it’s pretty light on the specifics of how they tested that the data was present, nothing there talks about anything below the OS level. My expectation is that what they did for their test was try to do reads from the device at the OS level and see whether it returned zeroes. They aren’t going to look below that. If they were interfacing with the drive at a firmware or below level, I’d expect them to have mentioned it, as it’d be a significant amount of additional work. And they don’t list relevant information like model number, much less firmware revision on the drive.
-
This is dependent on the TRIM schedule. It could be size based (execute a TRIM when 50% of the blocks are used).
It could be or maybe the SSD has its own on-firmware TRIM schedule, but all major OS’s execute a TRIM on a time based schedule no longer than every 10-15 minutes.
Afaik the default for windows 10 is weekly via disk defragmenter, and that assumes it recognizes the drive as an ssd. I’ve had drives cloned to ssds that retain the hdd flag and had to setup a 3rd party tool that actually saw it properly and would trim as expected.
11 might have reigned that in… but probably not.
Perhaps, but this is unrelated. The magnetic charges may still be there, but if the reference to the content is deleted, how is the filesystem meant to know what file is there? This seems really suspicious to me.
TRIM works outside the filesystem, it does not care about 99.9% of it, the only part it cares about is if there is a reference in filesystem to the block charges. No reference == data to be released
There’s most certainly residuals, I’ve accidentally deleted then installed Windows on top of a bunch of my game saves. I found some random file recovery application and let it run for awhile. Guess what? Nearly everything was readable despite the fact it got wiped and then had a whole windows install.
NAND also experiences minor permanent damage on writes. Actually clearing the NAND involves a write as the charge has to be forced out (a write of 0s)
This can happen when TRIM is disabled
Here’s a study published last year I read that goes through this exact thing
In consideration of results obtained from the experiments, it concluded that the behavior of Wear Leveling in different SSD manufacturers having the same storage capacities does not match. It varies based on the number of files, types of files, and sizes. The recovery of files from different SSD manufacturers showed different results. In all SSDs, not a single trace of any file found in disk format scenario(s). Whereas, some of the data recovered in the delete case and from only one drive. It clearly showed different behavior of data recoveries in format and delete cases. The obvious finding from this study is that the time interval of image acquisitions played a significant role, and the longer time interval supports few chances of data recovery because the TRIM and Garbage Collection process effects clearing residual data from the drives
Edit: corrected links
I’m an android user and I shred my files using a app that uses an algorithm that overwritten that bytes of the file
I’m an android user and I shred my files using a app that uses an algorithm that overwritten that bytes of the file
I suspect that it doesn’t actually work. I mean, they can overwrite the logical positions in the file file if they want, but that doesn’t entail that it actually overwrites the underlying physical blocks, for a number of reasons, starting with some of the stuff at the drive level, but also because of higher-level issues. What filesystem does Android use?
googles
Looks like yaffs2, at least on this system.
https://stackoverflow.com/questions/2421826/what-is-androids-file-system
rootfs / rootfs ro 0 0 tmpfs /dev tmpfs rw,mode=755 0 0 devpts /dev/pts devpts rw,mode=600 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0 none /dev/cpuctl cgroup rw,cpu 0 0 /dev/block/mtdblock0 /system yaffs2 ro 0 0 /dev/block/mtdblock1 /data yaffs2 rw,nosuid,nodev 0 0 /dev/block/mtdblock2 /cache yaffs2 rw,nosuid,nodev 0 0 /dev/block//vold/179:0 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0https://en.wikipedia.org/wiki/YAFFS
YAFFS is a robust log-structured file system that holds data integrity as a high priority. A secondary YAFFS goal is high performance. YAFFS will typically outperform most alternatives.[3] It is also designed to be portable and has been used on Linux, WinCE, pSOS, RTEMS, eCos, ThreadX, and various special-purpose OSes. A variant ‘YAFFS/Direct’ is used in situations where there is no OS, embedded OSes or bootloaders: it has the same core filesystem but simpler interfacing to both the higher and lower level code and the NAND flash hardware.
Yeah, note the “log-structured” bit there.
https://en.wikipedia.org/wiki/Log-structured_file_system
A log-structured filesystem is a file system in which data and metadata are written sequentially to a circular buffer, called a log.
So, what happens is that when you write, it’s going to the log, and then there’s a metadata update once the write is complete saying “I wrote to the log”. The app probably isn’t writing to the previous location of the data on the disk, because writing to byte offset 32,000 the second time in a file will go to a different logical location on the storage device than the first time you wrote it, causing the thing to not actually be overwritten.
googles
https://arxiv.org/pdf/1106.0917
Secure Deletion on Log-structured File Systems
We address the problem of secure data deletion on log-structured file systems. We focus on the YAFFS file system, widely used on Android smartphones. We show that these systems provide no temporal guarantees on data deletion and that deleted data still persists for nearly 44 hours with average phone use and indefinitely if the phone is not used after the deletion. Furthermore, we show that file overwriting and encryption, methods commonly used for secure deletion on block-structured file systems, do not ensure data deletion in log-structured file systems.
I’d also note that this is a lead-up to proposed solutions, but that’s only handling things down to the level that the OS sees, not what the flash device sees; they don’t mention things like wear leveling, so they probably aren’t taking that into consideration.
EDIT: Oh, they do mention it, but just to say that some of their approach might work (like, what they mean is that if it writes enough data in the background, it might eventually overwrite whatever, even if the OS has no control as to what’s being written):
Wei et al. [16] have considered secure deletion on flash storage in the context of solid state drives (SDDs). An SSD makes use of a Flash Translation Layer (FTL). This layer allows a regular block-based file system (such as FAT) to be used on flash memory by handling the nuances of erase blocks opaquely through the FTL’s layer of indirection. This layer has the same effect as a log-structured file system, where the FTL writes new entries at empty locations, so old entries remain until the entire erase block can be reclaimed. They executed traditional block-based approaches to secure deletion and determined that they do not properly sanitize data on flash storage. They also showed alarmingly that some built-in sanitization methods do not function correctly either. They propose to address this concern by having flash hardware manufacturers make use of zero overwriting, and add it into the FTL hardware. They state that circumventing the problem of a lack of secure deletion requires changes in the FTL, but depending on how the FTL is implemented, our userlevel approaches may also succeed similarly without requiring hardware changes.
So if I am reading this right thermite is the safest way to permanently delete my data right?
Well, physical destruction. Thermite maybe isn’t the best route.
It will be effective as fuck though.
Really, it depends on your definition of best.
Nope regardless of the situation. Thermite is always the best solution
I’m a paper user and I burn all my letters using a large amount of heat.
I’m a stone tablet user and I throw my tablets off Mt. Sinai.
I’m a signal flare user and this metaphor is really falling down
Im an etch-a-shetch user, and a good shake is all it takes.
Etch-a-sketch is clearly the superior technology. Everyone should just keep their nudes in etch-a-sketch form.
Instructions unclear, aluminum powder stuck in my naughty bits.
It helps erase whatever you drew if you shake the etch-a-sketch too!
Surprise backup
Oh, it’s up!
No way! Prove it
This is the best summary I could come up with:
Apple appears to have a bug that’s dredging up data that iPhone owners thought was gone.
Some iPhone owners are reporting that, after updating their phones to iOS 17.5, their deleted photos — some quite old — are popping up again, according to a Reddit thread that MacRumors spotted.
People reporting the apparent bug say that they’re seeing old photos appear in their Recents album after Monday’s update.
iOS does give users the option to restore deleted photos, but after 30 days, they’re supposed to be permanently removed.
The person who started the thread claimed that NSFW photos they had deleted “years ago” were back on their phone.
Computer data is never actually “deleted” until it’s overwritten with new 1s and 0s — operating systems simply cut off references to it.
The original article contains 288 words, the summary contains 131 words. Saved 55%. I’m a bot and I’m open source!
Dang must suck being on a proprietary locked down platform you have no control over. That’s literally impossible on my deGoogled android running GOS.
Is it just nudes or is it all old photos?
The former would be hilarious, it would mean that iOS explicitly classified those images as nudes.
Indeed. But Apple does have the tech to analyze images/videos:
Apple’s CSAM detection capability is built solely to detect known CSAM images stored in iCloud Photos that have been identified by experts at NCMEC and other child safety groups.
It’s using hashes, no?
which means they exported this task to some Indians overaeas… fuck which is just worse
ok so probably not, CSAM detection, specifically modern detection the kind that MS does, is based on image hashes, and how it works is that the law collects and creates the hash sets for these images, and distributes them to tech companies, who can then use them to calculate against hashes of existing photos, and if a match returns, ladies and gentleman, we got em.
I still don’t get why people take pictures of themselves being nude and complained when it got leak because data breach
“I don’t understand why people have sex and then complain when they can’t get an abortion because of Roe v Wade being appealed.”
This is what you sound like. Blame the system, not the individual for having a better sex life than you.
Pretty sure physical contact is far superior to… sending nudes. But if that’s having a better sex life, hey good on you LOL
You don’t? Really?
I don’t, I didn’t even shower naked
Tobias, is that you?
Maybe if you turned the water temperature up.
There are dozens of us.
Just the nudes. Nothing else.
Not true, it specifically states in the article that, for example, one user had over 300 photos reappear, “some of which were revealing”. This is obviously not great but it isn’t likely as scandalous as it’s being made out to be.
The joke --------->
You ¯\_(ツ)_/¯
It was kinda wrote like a statement. People who didn’t read the article will read it as such, misinforming people
Since we’re being pedantic: the word you’re looking for is “written” not “wrote”.
I think you may have speeded to a conclusion.
I don’t see where I’ve mentioned a small English mistake. I said that it was written like a statement, which could misinform people
Have you always been a pedant or is this a recent development?
If misinformation is a minor issue to you, then I can’t do better
There’s so much misinformation online, sure it could have been a joke but it’s so easy to just be lazy, read the comment straight and move on acting like there’s some kind of operation going on at Apple stealing your nudes. I don’t really care if it’s a joke or not, and you’re not even the OP so who are you to say it’s for a fact a joke?
That was the case for me, until I decided to read the article
What article, it’s just a link. If I can’t read it here it ain’t there.
We shouldn’t encourage post-bot behaviour in the posters, title+summary or gtfo.
It’s scandalous regardless. The nudes just highlight the danger of this.
Cool
Next up, it starts showing other peoples nudes
“I know it’s not your nude, but it’s a nude and that’s what you were looking for, right?”
Of course it’s company policy to never imply ownership in the event of a nude. It’s always the indefinite article “a” nude. Never “your” nude.
I mean that’s what is happening if the phone used to belong to someone else
That’s a feature, not a bug
There’s a post on reddit about some dude who gave his phone to a friend (wiped it, new iCloud, everything), and the undeleted photos are from when OP owned the phone.
With a factory reset the phones encryption keys will be destroyed and nothing should be retrievable from that device. Even if the data isn’t overwritten, without the encryption key no one could read it.
At least that’s my understanding of the modern safety- and encryption features of recent phone models/mobile OS’s.
The worst part: Apple’s iCloud is end-to-end encrypted and even Apple can’t see the users files, at least that is what they say.
If what the dude on Reddit states is true, then this is bad, really really bad! 😮
It does happen I have a buddy who sold his phone to another buddy they reset it but there was still random files and stuff on it even after factory reset
hey guy I’ve got a buddy too
Not all of iCloud is end to end encrypted unless you manually activate their extra secure mode (which disables a few features too)
you can enable end to end encryption, it’s optional. I don’t think it’s enabled by default.
Good thing I already knew Iphone wasn’t private.
I mean, they make you sign in with an Icloud ID
Never accepted the agreement, it constantly asks me to but works without it
Having said that, I am sure it still steals my photos because it’s close sourced
Hm… I curiously checked my phone, deleted images/videos are still deleted and haven’t resurfaced. Then again I don’t mix technology with nudity. /shrug
There are tons of reasons to take nude photos… you often have to send in nude photos for the beginning stages of surgery consultations.
And sexting is fun.
This comment comes across insanely judgemental of the individual, when the issue is that Apple deleting data and thus violating privacy.
It’s not just nudes, though. This could happen for any deleted picture. I’m not really expecting them to zero out the file system block or anything, but this implies they’re not even doing file system level deletion.
Yeah… I think I’d rather do that in person than to video record or take images of myself nude. Privacy and security is a pretty big deal to me. Hence, I don’t mix technology with nudity.
You’ve never been in a long distance relationship? And as I said, some people need to take nudes for medical reasons. It’s not a hypothetical situation, I know multiple people who have done this.
It’s fine that you have your own personal philosophy for taking nudes, but your post is coming off as judgemental of those who do.
It’s not the individual’s fault, it’s Apple’s fault for being unclear about what the delete feature is actually doing.
Hm… I never felt a need to expose myself (using tech) to another person to feel validated or to get their (or my) rocks off or for any other reason, honestly. I’m not trying be morally superior, I’m just saying I don’t expose myself with technology as a medium. In fact, I’ve never posted a photo of myself on any social media. I take privacy and security seriously.
Plus look at the consequences of exposing yourself to others through tech… blackmail, image-based abuse/exploitation, revenge p*rn etc…
My initial comment was simply stating that Apple’s latest update hasn’t undeleted any of my photos/videos in general but that then again I don’t have any nude images/videos on my iphone/iCloud storage if the claim is that nude images/videos exclusively are getting undeleted.
Ah okay. I didn’t interpret this as only nudes being undeleted, so I was reading your comment in that light. Understandable.
I just want to appreciate an argument where both user names check out, considering the stances taken by the “whore” and the “square” per the names.
🔥🔥 YES
Did you think some else’s nudes might have resurfaced there…?
No they’re just feeling morally superior for no good reason.
I love mixing technology with nudity. But I have also avoided this problem because I don’t mix technology and Apple.
I think mixing tech and nudity is awesome! I love getting dickpics!
You don’t mix technology and YOUR nudity 😉
haha…
