PSA: Turn off autosave of in-progress documents containing sensitive data.
Article by Dan GoodinSource: http://arstechnica.com/security/2014/11/critics-chafe-as-macs-send-sensitive-docs-to-icloud-without-warning/
Representing a potential privacy snare for some users, Mac OS X Yosemite by default uploads documents opened in TextEdit, Preview, and Keynote to iCloud servers, even if the files are later closed without ever having been saved.
The behavior, as noted in an article from Slate, is documented in a Knowledge Base article from December. But it nonetheless came as a surprise to researcher Jeffrey Paul, who said he was alarmed to recently discover a cache of in-progress files he intended to serve as "temporary Post-It notes" that had been silently uploaded to his iCloud account even though he had never intended or wished them to be.
"Apple has taken local files on my computer not stored in iCloud and silently and without my permission uploaded them to their servers," Paul wrote in a recent blog post.
Once upon a time, in-progress files were stored locally on a Mac, a design that gave users more ability to prevent sensitive files—say, those created on the fly to store passwords, a Social Security Number, or confidential client-attorney work product—from being accessed via law enforcement or national security dragnets. Whereas locally stored files residing on a FileVault-protected Mac require the adversary to have physical access and possession of crypto key, the bar for accessing files stored in iCloud is lower, according to former National Security Administration contractor Edward Snowden.