Migrating iCloud Photos to a NAS

The Ridiculous Law

If the data is not in your hands, it does not belong to you. Having worked in cybersecurity firm for years, I believe privacy is not a choice.

In early 2025, Apple officially disabled “Advanced Data Protection” (ADP) for iCloud in the UK. The reason was simple. The UK government’s Online Safety Act and related amendments attempted to force tech companies to drill holes in their encryption walls.

This is utterly ridiculous. Encryption is binary. It is either 0 or 1. There is no such thing as a “backdoor just for the good guys.” Once Apple is forced to hold a backup of the decryption keys, iCloud is no longer end-to-end encrypted. As an engineer, I cannot entrust my private memories to a black box that can be legally forced open at any moment.

Beyond privacy, this move is about freedom. Even if I leave the Apple ecosystem in the future, I won’t have to worry about migrating thousands of images. A NAS is platform-neutral.

From iCloud to Synology

I happen to own a Synology NAS, but if you prefer another brand, that works too. The hardware matters less than the principle. This is the optimal solution to “own your data.”

1. Exporting the Library

The best approach is to use the Photos app on a Mac to export the original files. This ensures you do not lose critical metadata. Make sure you choose Export from the menu rather than drag and drop.

I have been using the HEIC format for some time, but my library was still cluttered with random JPGs from AirDrops or older cameras. I decided to do a format conversion to unify everything. I selected “Export x Photos” (Shift+Cmd+E) to standardise the files. However, for videos, do not complicate things. Just select “Export Unmodified Originals For x Videos” (Option+Cmd+E)

Notes:

  • You can use Smart Albums to automatically filter HEIC, JPG, and video files. This makes it much easier to handle them in batches.
  • When using “Export x Photos”, any edits (like crops or Portrait mode effects) are flattens into the image, meaning you lose the Edit History and the Revert to Original option. Choose “Export Unmodified Originals For x Photos” if you want to keep the untouched source.
  • Sometimes the export comes with .aae files to record special edit data. You might want to keep them, just in case they’re useful in the future.

2. Organising

If you pursue minimalism and peace of mind, this is a perfect opportunity. Since becoming a father to two daughters, my photo and video count has grown faster than Bitcoin.

I used this migration to review old memories and delete the meaningless bursts or blurry shots.

A quick side note: I used to take pictures of food. I realised it was meaningless. Now, I use the selfie angle to capture the people and the food together. It records “who I ate with” rather than just what I ate.

I also took the step of renaming all files based on their timestamp. This is optional for many, but I despise filenames like “IMG_7867.HEIC”. I used the terminal to navigate to the export destination and used exiftool to mass rename them.

Install ExifTool (Mac):

brew install exiftool

For Exported Original HEIC Images:

exiftool '-FileName<IMG_${DateTimeOriginal}.%e' -d "%Y%m%d_%H%M%S%%-c" .

For HEIC Exported from JPG:

exiftool '-FileName<IMG_${DateCreated}.%e' -d "%Y%m%d_%H%M%S%%-c" .

For Video:

exiftool '-FileName<IMG_${CreationDate}.%e' -d "%Y%m%d_%H%M%S%%-c" .

Debug:

# If the renaming fails, check what time metadata is available on the file.
exiftool -time:all -a -G1 -s random_image.jpg

3. Moving to NAS

Since I am not sponsored by Synology, I won’t cover too much here. If you haven’t done it before, there are plenty of tutorials online. The process is similar across different NAS brands.

Extra:

For those who want to go deeper, here is how I secure the setup:

  • No QuickConnect: If you want extreme security, avoid using QuickConnect. I use a VPN or a Tailscale tunnel to ensure that all remote access remains fully encrypted. You don’t need this when you are on your local network at home.
  • Kill the Relay: Strictly limit the NAS outbound traffic in your firewall settings.
  • Off-Site Backup: A NAS is not a backup if it is the only copy. Use Hyper Backup to another NAS, or use CloudSync (with local encryption) to a cloud provider. This fulfills the 3-2-1 backup principle without trusting the cloud provider with the keys.

Technology should not serve incorrect laws. If you care about privacy as I do, now is the best time to leave the public cloud and reclaim your data sovereignty. This isn’t just about avoiding a ridiculous law. It is about guarding the final boundary of our digital lives.

#Personal Note

Read Next

The Issues of a Free Website

A free website is an expensive choice. I suggest managed services for business owners.