(This is a REPOST from WIRED)
OUR FRIEND OVER at Ars Technica answer reader questions, and this one seems like one many iPhone and iPad users will want answered, not to mention future OS X Mountain Lion users: How safe is my data stored in iCloud? Chris Foresman’s answer also touches more generally on the issue of storage in the cloud vs. on-premises:
The simple answer is that your data is at least as safe as it is when stored on any remote server, if not more so. All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP. All data except e-mail and notes—more on that later—are stored and encrypted on disk on Apple’s servers. And secure authentication tokens are created on mobile devices to retrieve information without constantly transmitting a password.
iCloud stores photos in your Photo Stream, documents stored in iCloud, backups for iOS devices, @Apple says all data is stored encrypted on disk except e-mail and notes. The exception for e-mail may be due to performance reasons, including supporting features like searching messages on the server or partially downloading messages and attachments, he writese-mail, contacts, calendars, Safari bookmarks, reminders, and notes, Foresman notes.
Notes are also not encrypted on iCloud servers. The reason is that iCloud currently syncs notes using IMAP, and a result of this method is that your notes are synced on Mac OS X via Mail. However, OS X 10.8 (Mountain Lion) will include a proper Notes app when it’s launched this summer, so it’s possible that future Notes will use iCloud’s document store APIs, and these notes will be encrypted on disk like the rest of iCloud data.
What Apple won’t talk about: The methods used to encrypt data on disk. It claims to use industry standard practices to ensure user data is stored securely. Ars makes some educated guesses.
Have a full read of Ars Technica’s low-down on how safe your data stored at iCloud is and share your thoughts: Is it it safe enough? Do you trust Apple, or any cloud storage/sync provider to keep your data safe and private?