iCloud Drive is backing up files you haven't saved yet

iclouddrive
Credit: Apple

The line between local and remote storage started blurring long ago. The moment you could save a file from within a program on a Mac or other OS to something that wasn’t a physically connected hard drive—whether a network file server, a remote AFP volume elsewhere on the Internet, or a Finder-mounted whatever—you had to make a conscious effort to remember what was entirely within your control and what was not. Sure, remote files used to take longer to save: we’d watch a progress bar or beachball on larger files, and the latency reminded us.

Cloud storage and backups typically remove that latency by relying on synchronization instead of real-time transfer. This is an advantage, as we can keep working and have a stream of data leave our computer or mobile device, and, in the event of loss, crash, or theft, often recover what we lost. BBEdit and Adobe InDesign have long saved my bacon with local “journaling,” writing nearly every keystroke into a local file used for recovery—after an app or system crash, the saved file is brought up to date with the journal, even if I haven’t saved. Dropbox and Crashplan have likewise had the same impact when I hit the save key sequence frequently. If I put my Application Support folder for BBEdit into Dropbox, I get the advantage of both.

But this same seamlessness is problematic if we’re not taking specific volition about where a file is stored. A particular case of this erupted last week when Jeffrey Paul documented how he discovered all of his unsaved documents in TextEdit and some other applications in Yosemite were being copied to iCloud Drive.

Michael Tsai, a long-time Mac developer, looked into it, and it’s not new to Yosemite; Tsai offers advice on disabling this feature. (Paul’s post has a NSFW work title, but is linked in Tsai’s write-up.) Apple added this feature a release or two ago, and has a support document explaining it as part of Documents in the Cloud. I recall having unsaved documents on one Mac occasionally pop up, undesired, on other Macs in the past, perhaps due to network issues; I vaguely knew this was Apple’s default behavior.

Even when you don’t ultimately save a file to iCloud, until you choose a name and destination, it’s being quietly written to help you against loss. But that’s a problem with the cloud and an era in which we have justifiable paranoia about data being used by companies, criminal, and governments against our wishes and our interests.

Security expert and tireless privacy advocate Bruce Schneier reacted to Paul’s post with alarm and then, as he received more information, less alarm and more appropriate cautionary words.

Apple is absolutely not engaged in some kind of undisclosed information harvesting—I’m not suggesting it implicitly or explicitly—but it is storing information that a rational person wouldn’t expect it would record. As a result, as with Yosemite’s Spotlight suggestions, more explicit disclosure to users is warranted.

icloud security primary 100412912 large

Since some data is more sensitive than other data, iCloud users should get to decide if unsaved files are cached locally or backed up to iCloud Drive. 

No regular user knows that, by using iCloud in Apple’s approved manner, his or her unsaved documents are stored in iCloud. Many technically advanced users aren’t aware of this, either. It’s a feature, to be sure, but also carries the same risks of any cloud-stored document, no matter how much one trusts a company’s intent and security measures.

Despite Apple recently aggravating the FBI and NSA by making its mobile devices secure against the company’s own ability to crack them on behalf of the government, its behavior appears suspect to many because it just works and because Apple controls app-level integration. Dropbox is an explicit folder. Crashplan, Backblaze, and the like copy your data because you install and authorize them to do so.

By trying to make it magical, invisible, and simple, Apple takes away some of a user’s agency on privacy unless that user is extremely vigilant. No, I don’t want modal dialogs to pop up all over my screen that read, “We are about to store your unsaved changes in iCloud. OK.” Rather, I want them to make it clear to everyone where the data goes—and an option to opt out and later change our mind.

In the iCloud preference pane, enabling iCloud Drive could bring a simple message: “iCloud Drive stores unsaved changes for all apps that use it,” and two choices: “Keep Unsaved Changes in iCloud” and “Keep Unsaved Changes on Your Computer.” A checkbox could allow a later change of heart.

Apple can wrap elegance inside of explicit disclosure and choice. As the company gets battered again and again with avoidable “gotchas,” perhaps it will give its users more credit for their ability to make a choice without removing the sparkle from OS X.

Subscribe to the Best of Macworld Newsletter

Comments