Recent developments in the UK have once again highlighted the importance of user-controlled encryption for protecting personal data. Due to government demands in the United Kingdom, Apple has recently announced that they have stopped offering end-to-end encrypted iCloud storage, Advanced Data Protection (ADP), to new users, and will disable the feature to all users in the country at an unknown point in the future.
What does this mean for you?
In the short term it means that UK user data is less protected, and potentially vulnerable to misuse or breaches. Without end-to-end encryption (E2EE), data stored in iCloud is accessible to Apple and, by extension, potentially to government agencies and bad actors. In the long term it sets a dangerous precedent that Apple can turn off this crucial security feature for any group of users at any time, raising concerns about digital privacy worldwide.
What can we do about it?
The answer is relatively simple, we need to encrypt our own data.
Relying on a third party to keep our personal data safe — even big names like Apple, Amazon, or Microsoft — will always carry risk. Policies change, and external governmental pressures can force providers to weaken security measures, leaving the user exposed.
By layering End-to-End Encryption (E2EE) on cloud storage services ourselves, we can ensure that our data is protected from unwanted access, even from the storage services themselves (in case they want to mine the content of our data).
And the best part? We can do it for free by using DIDComm!
What is DIDComm?
One powerful and open-source solution for encrypting data before cloud storage is the DIDComm protocol. Hosted by the Decentralized Identity Foundation (DIF), DIDComm provides a secure, private communication methodology built on Decentralized Identifiers (DIDs).
When used to establish an end-to-end encrypted channel, DIDComm ensures that only essential delivery metadata remains in plaintext, while everything else — including the body, attachments, etc — is encrypted for intended recipients only. In practice, this means that we can use the DIDComm message format to encrypt files as they are prepared to be synchronized from a local folder to the cloud storage service and ensures that only the intended recipient (you) can access them.
How to use DIDComm for cloud encryption
Steve McCown, Chief Architect at Anonyome Labs, was the first to create a practical method for encrypting files with DIDComm before storing them into the cloud. His recent GitHub release provides a thorough breakdown of how it all works and offers a step-by-step guide.
For those looking to dive deeper,
- Join one of our upcoming DIDComm user group calls
- Join the discussion on DIF’s Discord in the #didcomm-user-group channel
