alt Hacker NewsTell HN: iCloud with Advanced Data Protection doesn't delete your files
I discovered something concerning about iCloud's Advanced Data Protection (ADP) that Apple doesn't disclose: deleted files are never actually removed from their servers. The Test: I have a 5 Mbit/sec upload connection. I copied 6GB of my personal files (music, videos, photos) to iCloud Drive. They "uploaded" in 15 minutes— which is impossible at my bandwidth. The files were previously uploaded a long ago and deleted since. To verify, I checked Activity Monitor: only 3.42GB total data sent since boot, including web browsing. The 6GB upload never happened.
Confirmation Test: Created a 100MB file with random data: dd if=/dev/urandom of=randomfile.dat bs=1m count=100 Uploaded to iCloud: took 2-3 minutes, Activity Monitor showed 122MB sent (correct) Deleted the file from iCloud Drive "Permanently deleted" from Recently Deleted and emptied any files from Data recovery. Re-uploaded the identical file: completed in 1 second Activity Monitor: essentially zero data sent
Apple kept the encrypted blocks even after "permanent deletion."
The month-long test (in progress): I'm keeping the random file and will attempt to re-upload it after 30+ days to see if Apple purges data on any schedule, or retains it indefinitely.
Why this matters: ADP is marketed as giving users exclusive control over their data "Delete" and "Permanent Delete" options imply data removal Upload progress bars show fake "uploading" status for deduplication operations Users cannot verify what data Apple retains. To attempt permanent deletion, you must disable ADP web access
What's unclear: Does this apply to Health data, Passwords, and other ADP-protected content? How long does Apple retain "deleted" encrypted blocks? Can users ever truly remove their data?
I'm not claiming the encryption is weak—it's probably fine. But Apple's lack of transparency about data retention and deduplication with ADP is concerning. "Permanent delete" should mean permanent delete. Has anyone else noticed this behavior? I'll update this post after completing the 30-day retention test.
I mean, you didn’t give it enough time. All of these cloud storage platforms are databases at their core. When you delete the file you’re updating the database entry, the data (and the record of it) is still there until their purge process runs, which could be days or weeks.
If it’s still there at a month I’d be surprised and be checking terms of service to see what they commit to.