In the wake of recent news concerning celebrities, sensitive photos and the possibility of a iCloud hack being involved in this fiasco, media and public attention has turned to iCloud photo streams and their security.
It's still not clear whether the fiasco stems from an inherent iCloud vulnerability or if it's something else (like social engineering) and it would be imprudent to jump to conclusions about iCloud, photo stream or Apple security. But this is a good time to verify and tighten your security settings for iCloud photos and photo stream.
Understanding Photo Stream
Apple's Photo Stream was designed to help two kinds of use-cases.
#1. To help users have their photos on all their iDevices/Macs/PCs. You click photos on one device, have them show up on all connected devices.
#2. To help users share photos with their friends and family without relying on stuff like email. In this instance, Photo stream works as a private, invite-only social photo sharing with live updates.
Like all technologies, Photo Stream works as a boon and a bane. While on the one hand it helps you share photos across devices and people seamlessly, it can also increase the risk of your photos being discovered/found by some hacker getting into your account (or someone else's who you share a photo stream with.)
Protecting your Photo Stream
Photo Streams don't have passwords. Photo Streams aren't public by default but you can create a public photo stream with a URL accessible by anyone. And photo streams aren't inherently locked down with privacy settings like some of the other services that Apple offers. So how do you protect your Photo Stream under these circumstances?
There are some options to explore:
#1. Disable Photo Stream Completely
If you don't use Photo Streams regularly, turning them off will help. To begin with, this will stop photos from your camera roll ending up in your photo stream. Obviously, this means photos you click on your iPhone won't show up on your iPad but there are always several alternatives (Dropbox, email, goodl old iTunes sync) that can get the job done.
Disabling the photo stream is easy: on an iOS device, all you need to do is go to Settings -> iCloud -> Photos -> turn off Photo Stream.
Here's more on how to disable/turn off Photo Stream.
#2. Delete Photos / Albums from Photo Stream
Disabling photo stream stops photos from getting up there but it doesn't delete existing photos. If you have some sensitive photos in any of your photo stream albums, you might want to delete them. Note that when a photo ends up in the ‘stream', it can take a long time for it to disappear even after you've deleted it.
This tip comes in handy when you don't want to turn off photo stream completely but only want to remove some photos/albums. One way of making sure that a photo you removed is really deleted from the stream is to check the specific album/photo from another device (an iPad or a Mac/PC).
An aside tip: if you have turned on Photo Stream, chances are that all of the ‘burst photos' end up on the stream too. Here's how to disable this.
#3. General iOS Security Tips
Keeping your iCloud account (of which, photo streams are a part) safe does not involve rocket science. It's the simple things like changing passwords frequently, not sharing sensitive data, not using patterns or recognizable passwords, keeping NSFW stuff out of your shared/public accounts that can keep your data safe.
Embarrassment apart, it's only sensible and logical to keep photo streams (and other shared activity/service feature) free of NSFW stuff.
Here's some general iOS security tips to protect your iPhone, iPad, and Apple ID from hackers.
#4. Two-Step Verification?
Can two-step verification help? I used to think so. But a new study finds out that Apple's two-step verification is largely to prevent someone from making changes to your account. Most of this analysis is true as the 2-step verification is designed that way.
But this feature also prevents someone from logging in your Apple ID (from a new device) without entering the pin that's sent to your iPhone. Come to think of it, two-step verification will – to a certain extent – prevent hackers from getting into your data.