Ah user testimony on a very complex distributed synchronisation system. This is going to be a fun one. I suspect this is a mix of something technical and something human and the two may or may not overlap or be two separate issues, one giving credence to the other.
What would be nice is a “we are looking into this” from Apple. One of the most annoying things about them is the deathly silence.
I will note I have been shot by iCloud sync bugs before. The was a nasty one in Numbers which would overwrite a change if you did something on two devices at once. They quietly fixed that.
I initially brushed this off, but the comments around the internet are making me think there is something legit. I hope an independent security researcher looks into this, because I don't trust that Apple can be honest about it.
Submission note: I’d normally chalk this up to user error and a lapse of recall and not give it a second thought, but given the other commentary on the issue and the unanswered questions (it does seem to affect photos that were deleted from iCloud altogether, so either they’re still kept or else there’s a device where they weren’t wiped that ended up re-uploading them) I figured this would be an additional datapoint worth at least accounting for when discussing this iCloud bug.
I don’t understand why SSD’s or other storage hardware wouldn’t be formatted when you perform a “factory reset”. It seems such a quick, safe and good thing to do, no?
Also, if you delete the decryption key of the specific storage volume (and have no way to recalculate the same key) then it should be impossible to access deleted content, no?
This all reads as massive design flaws. Or possibly a nation state forced Apple into technically bad practice to be able to get to deleted files anyways ?
> Also, if you delete the decryption key of the specific storage volume (and have no way to recalculate the same key) then it should be impossible to access deleted content, no?
That's what's odd to me - I was under the impression that Apple always encrypted everything on iOS devices, so I don't understand how it's possible to screw this up without doing something negligent. (And Apple being negligent would be surprising)
> I don’t understand why SSD’s or other storage hardware wouldn’t be formatted when you perform a “factory reset”. It seems such a quick, safe and good thing to do, no?
Formatting can be fairly quick, but it doesn’t overwrite all data on a disk. Wiping definitely isn’t quick on “other storage hardware” and may not be that quick on SSDs.
Luckily, as you indicate, there’s an easy solution: always encrypt all data on disk and, before reformatting, destroy the key.
As to this issue: extraordinary claims require extraordinary evidence. Because of that, I don’t believe this claim yet.
If it is true that photos resurface on a device that was factory reset, my money would not be on the photos surviving on the device, but on the photos getting redownloaded from iCloud.
Design flaws massive enough to cause me to reconsider the entire platform - this coming from someone who's been an iPhone user since 2010. This is like Cyber Security 101 stuff they completely screwed the pooch on. Makes you wonder what other massive design flaws are lurking?
> The latest report suggests that the erased and sold iPad is somehow restoring old photos from an Apple ID that is no longer signed in to it. The Reddit user says the photos that are reappearing are from 2017, which is in line with similar reports. The images were initially taken on an iPhone, and so had been synced to the iPad via iCloud Photo Library before the iPad was wiped and sold.
This is probably iCloud related, I guess that's what you get for using unencrypted storage.
Ente is finally a realistic encrypted alternative for Google photos / iCloud if you are looking for one, it's also open source, but it's yet another subscription and it's not cheap at all.
Recovering failed Photos is needed. Of 170 000 photos, I've seen dozens to hundreds bit rot on each photo sync service (Amazon, Google, Apple).
If Apple started using something like today's vision capable LLMs to understand if JPEGs and RAWs are technically correct but visually corrupt, then going back to some WORM storage to restore problem images, that would be incredible.
Recovering to a factory wiped hardware device under an unrelated AppleID makes no sense, and it would seem all online conversation about this may trace back to a single, possibly confused, reddit comment.
But something happens (used to happen) where a file gets corrupted on cloud end, on my end, or in transfer, then it seems a sync detects a difference and assumes it must be an update, so replaces a good file with a corrupted file, and then, well, that's it for that image.
Tools like this can try to help, but usually fail:
I shoot on redundant CF cards, I back those up to long term RAID backed by S3/Glacier, so someday I can re-import the ones that are "lost", but determining which those are is surprisingly difficult when what you see in the UI isn't the file on disk any more, it's a generated thumbnail, and when the corruption doesn't affect the JPEG or RAW file format integrity, it's just a few bits flipped here and there.
I haven't found any CLI or GUI tools that correctly identify all of them. I haven't yet tried using vision LLMs, discouraged by the cloud LLM cost or local LLM compute time that would take.
NOTE: This hasn't happened in years. Perhaps entirely coincidentally and anecdotally, hasn't happened to me since all Apple devices are on Apple Silicon with none running any Rosetta-requiring software (I don't let Rosetta install at all), implication being the entire ecosystem is now code from within the past 5 years.
Bit rot is very much an issue on NAND. Reading causes disturbances. Flash chips have to compensate for drift in the voltage levels of cells that occurs as things age. While there are layers of protection using error correcting codes, in my experience corruption is more common with SSDs than HDDs. I've retired at least 3 SSDs from various generations over the past 14 years because of data corruption, and 1 SSD that simply refused to show up anymore. In comparison, the HDDs I've had have almost all failed without returning corrupt data, mostly due to mechanical failure.
Sadly, Apple doesn't believe in using ECC memory on their devices. The photos might get corrupted in RAM on the phone, or on an Apple laptop or who knows where. Without end to end checksums, there's no way to know when and where the photos are getting corrupted. Modern filesystems with built in checksumming are definitely worth the overhead.
> If Apple started using something like today's vision capable LLMs to understand if JPEGs and RAWs are technically correct but visually corrupt, then going back to some WORM storage to restore problem images, that would be incredible.
hahaha what?
they should be checksumming things, not applying hilariously irrelevant and overcomplicates software to this problem.
170,000 photos. Dear god. Please tell me how you manage such a large collection. Folders by dates, locations, people? How do you search for something? What software do you use? Apple photos is not the fastest even on the latest Mac machines.
Once upon a time it was Aperture. Because Adobe's Lightroom didn't have some things I wanted, I stubbornly stayed with Aperture including using "Retroactive":
It stayed that until Apple eventually managed to bring Photos library up to the same spec including RAW support, non destructive edits, etc., and eventually even import Aperture libraries w/o loss.
Since then, stayed with Photos, and it's BnL fine if you mostly ignore "folders" and let it do dates and people and now objects search on-device.
To prevent errors, I've found I must maintain at least one machine where all originals are on a RAID array.
I wonder if this affects tvOS as well. I got my first Apple TV from a friend, wiped it, and recently bought a second brand new Apple TV.
My girlfriend was attempting to install an app on the new ATV and it prompted for my friend’s Apple ID to log in. The only association this new ATV should have is to my ID which is logged in on both devices.
So "wiping" an iOS device doesn't actually wipe an iOS device? Really Apple? How is software reviewed at that company? How does this get sign-off? What the hell is happening? Though it may appear to be seemingly unrelated, this is why I don't use iCloud. I don't like the "it just works" black magic shit and you as a user don't really understand what's going on and have extreme crude and coarse-grained controls for managing it.
MacRumors really needs to get editors to proofread the copy before it gets published.
You use “early” to state an older time, “late” to state a more recent time. As in, an early model Ford from 2010, or a late-model Ford from 2023, or the latest model from 2024.
Ah, for the Good Old Days - when you could low-level format the hard drive, and trust that nobody without near-CIA technical prowess could recover the data.
Was someone at Apple trying to tip us off to the danger with that "Crush" ad?
I can understand the earlier reports, but the devices that are wiped and disassociated from the original iCloud account? That seems like a major failure of design.
Something about this story doesn't smell right. I am looking forward to the post-mortem that iPhone forensics folks will do, but the story so far feels far-fetched to me.
I think it’s iCloud because I updated my phone the other day and after I checked my photos there were over 500 pictures and videos that had come back. And some of these were pictures and videos I deleted before I got a new phone.
What would be nice is a “we are looking into this” from Apple. One of the most annoying things about them is the deathly silence.
I will note I have been shot by iCloud sync bugs before. The was a nasty one in Numbers which would overwrite a change if you did something on two devices at once. They quietly fixed that.