If Apple is the only organisation defending our privacy, it is time to worry
theguardian.comI see a bunch of comments talking about how Apple is being self serving and not at all altruistic when they defend our privacy.
And my response is - well duh. And this is supposed to be a problem how? Apple wants my money and nothing else. They aren't motivated to protect my privacy out of the goodness of their hearts. I am happy to pay money for more privacy.
The fact that they only do this because they want my money isn't really the interesting question to me. The interesting question to me is, why is it that they are literally the ONLY large tech company that is willing to offer me this tradeoff? I'm willing to pay a premium of probably hundreds of dollars on a phone because I want privacy, and nobody else will even consider selling me one? How much is my data really worth to advertisers? Like, a hundred bucks a year? Ok sure, where do I pay to get ownership of my data back?
Samsung, Google, Facebook, Amazon and Microsoft don't sell privacy, or if they do, they're sure doing a bang up job hiding it. None of them have any altruistic motives either, so I can only conclude that they either don't want my money or they're really bad at what they do?
Is there really no other company that wants to get in on this privacy game? Because the people who really care about this are probably affluent and willing to pay a lot for it.
The relevance of criticism on Apple's privacy stance is in pointing out the limits of Apple's commitment to privacy.
Companies like Signal are founded on privacy and encryption, but with Apple, privacy is a nice-to-have, limited to its other business objectives (like how Apple is "committed" to reducing waste to the extent it can sell dongles, chargers, and earbuds separately, but not in terms of repairability). You can count on Apple to value the appearance of privacy, and in protecting information from third parties without user consent, but not so much being private from Apple itself.
For example, here's an article on Apple and privacy from a couple months ago https://www.politico.eu/article/apple-privacy-problem/ .
>and in protecting information from third parties without user consent
Is this true for every country where Apple operates? Especially where it's forced to host servers in? We know for certain that Apple cannot do its business in certain high value market(s) unless it offers unrestricted access to its customer's data.
But we don't see *privacy applicable to U.S. or X countries only disclaimer in any of it's marketing or promo materials. An uninformed Journalist or Human rights activist can be at severe risk due to this.
Especially when,
> Cook argued that people choose iOS specifically so they won’t have to make risky decisions with sensitive data.[1]
[1]https://www.theverge.com/2021/5/22/22448139/tim-cook-epic-fo...
Apple's marketing is quite genius. They spun iOS being a closed system into a plus.
You can't install your own apps. Safari is not fit for PWAs. Repairability is not encouraged. All of this is for your own benefit and privacy. Want those things? Go to Android and sacrifice your privacy.
With this approach, Apple comes out looking privacy-focused, justified for their App Store fees, and their stance on right to repair.
I'm not educated enough to know if those restrictions are absolutely needed for privacy or privacy is a blanket excuse for how Apple operates.
It's more of an opportunity left by Google. If Google wasn't a spyware company masquerading as a search engine company, their team of brilliant engineers could create the most open, most reputable, most user friendly, and most privacy protecting system on the planet.
I still hope something like this happens one day. There is definitely a need for privacy-enabled Android that is compatible with major brands. I'd gladly pay €50 more for it. This system would have to be mostly API-compatible with Android so that developers could easily recompile their apps for it. There is a huge smoking hole waiting to be filled. Librem 5 (when it's released...) is simply not enough and frankly speaking simply too expensive for a popular privacy solution.
And at the same time, MacOS phones home every time you run anything, and logs exactly what you ran, on what you ran it, and where you ran it. Inb4: "This isn't a privacy issue, it's a security feature".
It's a great read. Why not link to it?
To be completely honest, I was about to, but got distracted. Thanks for linking it.
I think the distinction nowadays is what happens with the data after it has been collected. We are way past data being collected.
Running on linux, with software I can to a fairly large extent control, I beg to differ. This is also the default, and not some crazy power-user iptables/proxy filter shenaningans either.
There are positive and negative aspects to it being a closed system, just as there are positive and negative aspects of Android's open system. Marketing just chose to emphasize the positive aspects. Not really a genius play, IMO, that's just what any marketing team does.
Good point, but iOS was a closed system from the get-go and this was seen a drawback of iOS back then. The privacy focused marketing started 3-4 years ago.
Speaking of which it is a little weird that Apple sells iOS on having superior privacy to an Android device when Safari will still frequently hit a Google CDN in order to load open-source fonts that they could readily just ship themselves.
Maybe this is just a shallow read of it, but it feels like sort of a similar dichotomy to that between Apple's rhetoric about objectionable content on app stores and... well, its inclusion of a web browser.
Yes but the privacy people need to be less angry about it and life in general. When signal makes a phone I will certainly consider it. Until then Apple is the only game that really makes sense that is still mainstream and usable without having to accept a bunch of bugs and subpar performance.
I completely agree, and would love to see a competitor to Apple in terms of privacy focus.
I think the reason we don't see it from competitors is that Apple is years ahead of everyone else in terms of customer experience, and privacy is part of that experience, so they focus on it.
You just have to look at how many different models of phones Samsung sell vs how many Apple sell to see how unfocused Apple's biggest competitor is. They will throw anything and everything at the wall to see what sticks. There's no focus on privacy because there's no focus on anything.
>the reason we don't see it from competitors is that Apple is years ahead of everyone else in terms of customer experience
If I might offer a less glowing perspective
Apple is a highly vertically integrated company unlike anybody else in the "top end" of SV. They don't "need" your data
Facebook only exists as a website, so of course they want to data mine you to death, use psychological tricks to keep your eyeballs scrolling their website so they can shovel ads at you
Google effectively gives away Android. They make money by data mining you for advertisements and through providing a wide array of services (Gmail, Maps, Search etc) to augment the things you do on a day to day, in exchange for the reams of data it provides about you
Amazon doesn't really data mine you nearly as much, since their business is more selling you physical goods (or the dominance of AWS, depending on your point of view)
Microsoft wants to chase after what Google and AWS are doing, though their products feel more like pale imitations than anything. Granted that isn't particularly new for them (Zune vs iPod then is Bing vs Google today)
Apple doesn't "need" your data. They have no reason to. They've created products that effectively half of the first world wants to buy through iPhones and iPads
They've spent two decades working to build themselves an outright fortress. They sell you a phone they make, which runs apps from their app store that requires developers to play by their rules
The amount of money Apple makes simply by collecting its 30% revenue cut on everything done on iPhones alone dwarfs what they could get if they even attempted to muscle in on Google in the ad revenue business
To add to your point: Apple uses privacy as a weapon against the other FAANGs. When they add adblock software they reduce the bottom line of their competitors. Less resources for Google and Facebook is eventually more money for Apple.
However the point of GP still stands: people can take advantage of Apple tactics and probably enjoy more privacy by default.
Personally I'm not using Apple devices for a number of reasons and I still believe I'm OK with my privacy because of a number of precautions. Most of them are out of the reach of non tech people, but given that I'm a tech person I can avoid to buy from Apple and still give as little data as possible to Google and Facebook.
There are competitors: The Linux phones (pinephone, librem). In fact, privacy has been one of the selling points of desktop Linux forever. The problem is it doesn't sell, or at least it hasn't till now.
This is what Apple is trying to change, basically convince people (through ads) that they need to care about their privacy, because they know it's a competitive advantage they have when compared to the other big companies.
Privacy was also a selling point of BlackBerry/RIM and was successful but it’s hard enough to convince people it’s worth switching over to Firefox from Chrome so I think you’re right.
It is interesting that Apple can market themselves as protecting our privacy if for no other reason than all their competitors do the bare minimum.
> I see a bunch of comments talking about how Apple is being self serving and not at all altruistic when they defend our privacy.
Right, I don't want Apple to help safeguard my privacy out of a sense of altruism. That company would be highly vulnerable to ambitious managers moving up the ranks.
And besides, nothing's a zero-sum game. Securing a better outcome for yourself doesn't require self-flagellation from your trading partner.
The better outcome is the one we have, where the company's motives are genuinely aligned with their customers' motives. Where there is bankable incentive to do the right thing.
As another comment pointed out Signal as one software, we also have Purism[0] for privacy-minded hardware
[0] https://puri.sm/
Neat that there's a competitor to system 76. I'll have to look into them later.
I use a T500 I plucked from the trash for secure libre street cred. No blobs anywhere afaik.
T500 has blobs at minimum: CPU microcode, UEFI boot firmware, EC firmware, GPU firmware, HDD/SSD firmware, Ethernet/WiFi firmware, battery controller firmware, display firmware etc.
While true, those issues are present even in system76 and purism. They're even worse because the T500 doesn't have a dedicated GPU or TPM. I know the combination of hardware I have in my T500 has all FOSS drivers and I assume purism is the same.
I have it mostly as a toy and I'm sure most purism customers are the same.
The only other company I could think of that is playing in this privacy game is: Signal. And well they are a nonprofit and they prove that privacy is not only made affordable for the rich and affluent and anyone can have private communication whether they donate to Signal or not.
And Signal still leaks phone numbers to people, that's why I refuse use it for group chats. For encrypted 1-1 with people I already know it's fine though.
Get a Twilio number and use it for pretty much everything.
Twilio is awesome, I even have my Twilio workflow configured to receive "2FA" calls and hit the # key without my intervention, and I have it set up mess with unknown callers by putting them on hold indefinitely with music.
Wouldn’t using Twilio effect the security of 2FA?
Yes, but I don't do phone-based 2FA; I only use U2F or TOTP.
When I have a massive, immobile desktop in front of me it makes no sense that the desktop isn't the 2FA device, and that I'm asked to go search for an easy-to-steal tiny 5" device.
Also, I don't believe in phone numbers being 1:1 correlated with a device; for convenience I should be able to take a call from any device that I happen to have with me. So phone numbers should never be used for 2FA IMO.
Why use 2FA at all then? It doesn’t seem like you’re gaining any security using it.
They insist on it, not me.
I'm all for 2FA if it uses U2F but if it's going to be phone-number based I'd rather pass. That isn't an option though, so I automate the phone response.
Better than Zynga, right? Corporation which has leaked kids data. Clones games, manipulates kids and adults in spending thousands of $$$ on virtual things, screwed employees from stock compensation.
It's easy to criticize, right? Signal and Apple are at-least doing better than Zynga.
I'm not sure if this is what happened, but if you tracked down where someone works and are using that to attack them, that is a serious abuse and the sort of thing we ban accounts for—so please don't do anything like that on HN. (If you didn't do anything like that, ignore this comment.)
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
Care to share evidence before making such allegations.
>I'm willing to pay a premium of probably hundreds of dollars on a phone because I want privacy, and nobody else will even consider selling me one?
how much of a premium are most of the target market willing to pay however.
Google, Facebook, and Amazon don't sell privacy because privacy goes directly against what their business strategy is.
Samsung has based their stuff on Android an OS that, heavily influenced by Google, I suspect might be difficult to make as private as Apple can make its stuff. I suspect Samsung does not care about privacy because it has determined it will not make much money from it, and that most of the market that cares about privacy will go to Apple.
I don't know why Microsoft doesn't care as I think it would totally align with their business goals.
The idea that a company can "sell" privacy is completely fabricated by those who are collecting vast amounts of data about users.
Revenue-producing mass data collection by "tech" companies creates a "privacy" issue. Is the solution to "sell" privacy. Of course not. Data collection makes more money. That is why "tech" companies offer so many things to users for "free". There would be little or no money to be made in selling these things, relative to using them as fronts for data collection and surveillance.
Apple does not try to claim, "We make no money from collecting data on Apple customers." Instead they claim they protect customers' privacy from other companies, who also want to collect data on Apple customers.
When Apple itself stops collecting data about users, only then can I start to consider Cook's claims that the issue of privacy is so important. At present, Apple's actions do not match its statements. There is no privacy from Apple and the company has built datacanters to hold vast amounts of private data collected from customers.
These companies have certainly swooned some, judging by the comments I see on HN, into believing they must make "tradeoffs". How did we reach a point where anyone could believe that a company who is collecting vast amounts of data on users of its products is some sort of privacy crusader or privacy merchant. Anyone who cared about privacy would not be doing surveillance and data collection.
The only answer I can come up with is that these people who cannot see any alternative besides "tradeoffs" were born into a world of where companies were already engaged in dragnet data collection from the internet as a "business", and they never saw what the internet was like before this nonsense began. They honestly do not know what a reasonable level of "privacy" is because they never had it.
The idea of "paying for privacy" is no different than paying protection money to a mafia or paying ransom to a ransomware group. The solution is to stop the wrongful behaviour, not to make payments to the organisations that are engaged in it.
Show me a phone that works as well as my iphone plus has better privacy and I'll be the first one laying my money down on the counter. I don't think you need to remind us of the dead obvious trade off of apple vs android vs linux, we're all techies around here.
The willingness to pay big for privacy is a signal that you are an interesting person to track.
Or that you’re someone who understands they are accepted by the government and societies of today, but weren’t yesterday, and might not be tomorrow.
There are still countries where being LGBT is a capital crime, where the colour of your skin will be used against you, or where your political affiliations can be used against you.
When governments and societies start to turn against people who are different from them, the mass surveillance and profiling makes it much easier to locate all of these people to round them up.
Privacy is fundamental human right. Don't need to be interesting person.
Indeed. I don't have anything special (in my current world / country) to hide, but I still want to hide it.
It tells one bit about us: that we are privacy conscious. Nothing else really.
I think the point is that it signals someone with a lot of money since they can spend hundreds on something they could live without.
Two major critiques:
1- Privacy should be the default, free as in beer, not a pay-per option
2- Apple is all willing to break its own encryption to cooperate with law enforcement. See the recent example https://www.theregister.com/2021/05/17/sci_hub_apple_fbi_cla...
Microsoft definitely sells privacy to business customers. For consumers they are probably just trying to lead gen for business sales.
Microsoft's privacy policy for sharepoint says thst Microsoft employees have accesss to all data in sharepoint.
So Microsoft's privacy is worth as much as its poorest paid employee with access.
Do you have a reference for that?
Yes, the privacy policy issued by Microsoft to your company regarding SharePoint.
Microsoft’s privacy efforts are limited to what’s minimally required to achieve certain data storage or other compliance conformance.
Even worst, consumer products like Windows 10 and tools like Visual Studio Code come with extensive telemetry and tracking enabled by default. Remember recently the office 365 fiasco when they thought it will be ok to track employees and make reports out of it?
> The interesting question to me is, why is it that they are literally the ONLY large tech company that is willing to offer me this tradeoff?
Maybe other corporations consider it unethical to charge their customers a premium for a false sense of privacy and security?
> Samsung, Google, Facebook, Amazon and Microsoft don't sell privacy
And neither does Apple, they just sell you on the promise of privacy. The reality is quite far removed from the perception most customers are given by their marketing and PR campaigns.
Apple might be a bit more stringent on enforcement of data sharing with third parties compared to other large tech corps, but that doesn't magically mean your privacy is invulnerable through their devices and services.
There have been multiple cases of them being caught out being hypocritical in regards to privacy, there have been multiple data breaches of Apple services and platforms to varying degrees of severity. Since the recent Epic lawsuit, it's also been revealed that Apple decided to not notify some 150 million of their customers who were victims of a data breach.
Anyone who actually thinks Apple cares even remotely about their privacy is living in a fantasy land. Unless you think being not alerted of your personal data getting exposed in a data breach of their systems is somehow not in your privacy's best interests.
> they just sell you on the promise of privacy. > there have been multiple data breaches of Apple services and platforms
What makes Apple different, is the decision to design all their products and services in a way that limits (or avoids all together) collection user information. For example, almost all of the "smarts" of the iPhone are executed on the device, without sending your data like location and pictures to Apple's servers for processing.
Apple also enforces through App Store review that app developers are mindful of user's privacy and every instance where data is collected needs to be explained and properly justified.
Regarding the story about the 128 million infected devices, it was a virus which infected developer Macs, resulting in some apps also including malicious code. No user data was leaked and it seems end-users suffered no ill-effects cf. https://www.macrumors.com/2021/05/07/xcodeghost-malware-2015...
Of course, no product and service can be 100% secure forever... hacks and malware happen sometimes. That's when practices like app isolation or sandboxing (which is very strict on the iPhone) and explicitly asking users for permissions (so apps can't just choose to get any sensor telemetry they want) comes into play. If an app has been compromised, then the malware is limited to the permissions already granted to the compromised app. Nothing more.
If you accept that corporations are not driven by ethics, then that doesn’t make sense.
Privacy as a product or feature is generally considered a regression, mainly because people see it as a value, not a value add.
The line of thought goes, what's privacy worth to you? What's security worth to you? The price, likely, will fly upwards until it is saturated to nil.
>None of them have any altruistic motives either, so I can only conclude that they either don't want my money or they're really bad at what they do?
That's a non sequitur.
I don't think privacy is a thing that most people happily pay, same as security. Only Apple can sell privacy feature bundled with luxury devices.
I have a similar sentiment.
But when apple introduced ads to the App Store, a part of me became quite sad.
Like no amount of money would ever be enough...
If that is the case, the please stop glorifying every single apple IPhone or product release like it is a gift from god and that Steve jobs and Tim cook can do no wrong.
Straw man. Who does that?
This is not true. As I have submitted on HN earlier, Apple is using the purchases data to customise ads. https://support.apple.com/en-in/HT208477
You can make a case that the ad targeting is just on App Store, News and Stocks but that is just for now, Apple used to have an ad platform iAd which wasn't that successful, so it was discontinued. Once they milk other revenue streams and are more of a monopolistic power in other web properties(like Maps), I am quite sure ads will make a return.
Bottom line is, at this point Apple is also building user profiles like Facebook.
Edit:
It seems like Ben has deleted his tweet. I will just update the link to Apple's support page and quote the relevant section.
"""We also use information about your account, purchases, and downloads in the stores to offer advertising to ensure that ads on the App Store, Apple News, and Stocks, where available, are relevant to you."""
That tweet's been deleted, so it's hard to judge it exactly, but my recollection is that someone else pointed out "payment data" here is just App Store, iTunes, etc purchases. "Apple targets ads on the app store based on previous app store purchases" is, IMO, much less of a privacy invasion than "Facebook targets ads based on your friends list, messages, browsing history, real-life purchases, and other things I can't think of off the top of my head".
Apple's profile of me, I imagine, is much less detailed than Facebook's, despite Apple's capability to build just as much of one (after all, they own iMessage and my iCloud contacts) if they wanted to.
I updated the link above.
I am not sure how much information Apple gets but if with an in app purchase of say a eBook, they get to know which eBook it was, it is creepy.
Apple really doesn't have to do any ad personalisation but still they are doing it as it is just more money for them. My fear is, eventually when they monetize more of their web properties, the data collection will increase.
While they might not allow others to sniff your data, they are in too much of a dominant position to not use it for themselves like the purchases data.
For me, this fight will always be, who will watch the watchmen? Regulatory hammer seems to be the only long term solution I can think of. As Apple's integration of hardware + software + software gateway + services, is just too scary and eventually will give them too much power.
If you've chosen to buy something from Apple, it's hard for Apple not to know that you've bought it.
I don't think that's an issue.
What is an issue is the cross-correlation of any given company's data on you with lots of other "big data" companies, building a profile, not just of what you've bought from X, but from Y, Z, hell throw in the whole alphabet, why not ?
Then there's the machine learning that says when X,Y,Z are all bought within a small time window, that means alpha is likely, and decisions can be made on that basis.
It's the spread of the network that is the problem, IMHO, not the knowledge per se. My butcher knows what cuts of meat I like, there's no need for my cobbler to be aware...
As far as I read the support doc, it seems like if say I purchase an ebook from a third party App, should Apple have this data because they mandated the forced use of their payment system. (I don't like user profiles based on purchase data from their store itself as well)
In this example, Apple is not just the store but also your payment processor(a forced one at that). So, they know about which cuts of meat you like and will use that info to target ads when your cobbler pays for some advertisement.
It is not like FB is selling your data, why would they when they earn the most by keeping it to themselves. Quite sure, Apple will do the same thing like they have already started.
But apple does not allow for that. So in that sense, they do not allow businesses for targeted advertisement. Please correct me if I am wrong.
Their processes and org structure is not built for that either with siloed teams. So much that quite often some teams will not know what kind of data is being collected by other teams even.
Apple doesn't allow the third party store to do that but they can do whatever they want, it's their system (and arguably their phone as well.)
>Apple's profile of me, I imagine, is much less detailed than Facebook's
Apple certainly is not shy about collecting biometrics. They have the most complete set of biometrics of the FAANGs. I'm not certain what their motive is.
Source? They specifically say they do not collect any of your biometrics. Touch ID and Face ID data is stored in an encrypted form on the Secure Enclave chip and never leaves your device.
Wait, what is your problem with this? Who the hell would enroll in a scientific study to share their data and not expect their data to be used in that study?
I didn't say I had a problem with it, just that they have access to more biometrics than any other FAANG and I don't know what their motive is.
Its also mentioned "We are obligated to provide some non-personal information to strategic partners that work with Apple to provide our products and services, help Apple market to customers, and sell ads on Apple’s behalf to display in the App Store and Apple News and Stocks."
Why a privacy focused company is into Advertising?
We should be able to opt out of similar tracking with stock Apple apps if Apple is not disclosing they are tracking for advertising purposes that is a huge issue that needs to be exposed.
I can't seem to open the Tweet you provided, nor could I find the relevant tweet on the timeline. Can you fix your post?
Thanks for the heads up, just added Apple's support page link.
If you could please elaborate, what did the tweet say and who exactly was it by?
A lot of folks are aligning Apple's motive to somehow gain advantage in ads business as if they'd able to compete with Google, Amazon or Facebook someday in ads biz. I don't think that is their real motive. I believe Apple's real motive with all these privacy centric features such as ATT, Sign in with Apple, Apple card data not being tracked for targeting etc. is to create a privacy centric moat and platform/ecosystem that is simply missing from the market right now and they know that they have real advantages of keeping people in their ecosystem with this moat. I'm actually happy that they are doing this.
I think you’re right about the privacy moat. But I think it flows from a focus on improved user experience. Ads are terrible for user experience because they slow your browsing, block content from your app, take up space in your start menu and are a malware vector.
Once ads are off the table, what else can Apple do?
God I wish the ads were actually off the table, don't even want much else so as long as I get to keep TLS too.
Apple also has a question mark attached to its commitment to privacy in China.
Even though the Twitter thread below is by a NYT reporter, it sounds directionally credible given how embedded Apple is in China, both from a manufacturing point of view and also as a growing market.
2021-MAY-18
"NEW: Apple is jeopardizing its Chinese users’ data and augmenting the Chinese government’s censorship to placate authorities and keep its business running. Here is our multiyear investigation into Apple's Faustian bargain in China: ..."
They have a big question mark attached to it anywhere. Who do you know doesn't back up their device to Apple?
It is unfortunate, but I think that's partially what the article also implies - it can't be up to a single company to fight the good fight.
Also, Apple needs to comply with local legislation to be able to provide services in other countries. China also happens to be the country source for most of Apple's supply chain - it's not exactly viable to start fighting the local authorities.
Imagine if other big companies with impact in China (like Epic?) choose to align and apply pressure in the name of user privacy (instead of wasting time and money on pointless litigation)... then perhaps, it will be much harder for a local government to get its way.
Google doesn't provide services in China, because to do so they'd have to censor for the CCP, like Apple does.
There's still a huge elephant in the room. How are we supposed to trust Apple, Microsoft or any other tech company when it emerged that they fully cooperated with the NSA and their PRISM program.
We have to just assume that's still running. Businesses could keep a lot of secrets from us and they're not transparent or accountable to the public.
Look, if you're worried about that, I don't know how you get through life without being totally paralyzed.
You live in the USA. All persons and companies are subject to whatever intelligence activities that we got a glimpse of which are happening.
You adjust your life accordingly and live on. Because I don't know where else you can go that has the similar benefits of being a US citizen and the environment we enjoy.
Or if you do, it's probably time to put your money where your mouth is and move there. There's not a lot of good in raising these impractical concerns when there's no good alternative or change you can effect.
> I don't know where else you can go that has the similar benefits of being a US citizen and the environment we enjoy
I'm honesty surprised that in 2021 people still believe the US is the only good place to live/be a citizen.
>I'm honesty surprised that in 2021 people still believe the US is the only good place to live/be a citizen.
There are lots of great places to live but the US is one of the best and easiest places to live if you're a US citizen.
Unless a person's native country is a legitimately bad place to live, living where you are born is going be one of the best options for anyone. There are lots of good places in the world to live but for non-natives its frequently not a guarantee you'll be allowed to live there. Its also not a given that you'll have an easy time living the same quality of life as you could in your homeland. Or be able to find a job that pays well. More importantly, its not always easy for a person to integrate and be accepted by the community in another country.
If I didn't have a family that wanted to stay I'd probably consider moving somewhere else, but there would be a lot of anxiety and uncertainty about my future for a long time.
This is all just Theorie or personal. I know plenty people that moved country (including myself) that face none of these issues and have no interest moving back ever. My quality of life is better, jobs are better, moving was not hard either.
>This is all just Theorie or personal.
It depends on where you go, your specific circumstances, etc. Its an objective fact that not every wealthy/safe country has open borders or easy immigration. Not all of these places pay tech workers anywhere near what they could make in other places, even adjusting for inflation and cost of living. Its also objectively true that not every such country welcomes outsiders with open arms, gives them equal opportunities, and allows them to become part of the community.
As an example Japan is a beautiful country and seems like it would be a good place to live, but they have a process for immigration that involves a points system. If you don't naturally have enough points from your education/experiences you can do some kind of charity work or get involved with various things that contribute to Japan. But from reading about the process it doesn't seem like I would be guaranteed a visa just because I apply.
I'm sure there are many places that do all of these things right. But I wasn't intending to make a universal statement to scare people away from it. I'm just saying that to a person that's thinking about it, those are all concerns that need to be explored before moving. And its also partially an explanation for why some of us stay.
Since you and your friends have had good experiences, can you recommend some countries to look into?
> You live in the USA. All persons and companies are subject to whatever intelligence activities that we got a glimpse of which are happening
No, I don't, yet i use tech made by American companies, and my (meta)data was also probably lumped in there for use by american intelligence agencies, who have zero jurisdiction over me.
Well, that's just rank defeatism.
It’s basically impossible for an American company to defy the American government. They can try in court but ultimately the government has F-22s and nuclear weapons and Apple does not.
Thanks, now I'm imagining a dystopia where large tech companies have their own militaries.
If you want to watch a fictional version, the scifi shows Continuum and Dark Matter both portrayed a future where corporations ran the governments or were the governments.
See the Citizen app that was front page a day or two ago.
This is completely untrue. Tell me the last time the US government used nukes and F22s on a company lmao. You always have courts and laws.
All laws are backed by the threat of overwhelming violence. If you have a corporate fine, and you don’t pay it, the state will seize your property. If you stand in your doorway and obstruct the sheriff, he will arrest you. If you resist the arrest with weapons, he will bring his own weapons. If you have enough weapons to require a military response, a military response is what you will get.
What about Apple's fight with the FBI over iPhone encryption? https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...
It's definitely not common, but it happens.
If the military went against the law then they'd be rebels. The fed doesn't let rebels drive the tanks.
They don't need to use weapons to spy on citizens. The constitutional right to privacy was stripped in the Bush era and it's been open season ever since.
How do you suggest any corporation to not cooperate with government agencies? For US based businesses it's illegal, right?
And, how's this Apple's problem or fault? Vote and elect your interest. If you live in democratic country then vote and elect sensible smart honest representatives who will protect your interest.
To me, this is the most accurate point.
When people are upset that a company violates their privacy with the government of their country, I feel as though their ire is misplaced.
We had a time in United States history when companies were essentially more powerful than the government that organized the structures in which they operated. John Rockefeller, through Standard Oil, became the wealthiest and most powerful single individual in the entire world. He routinely told governments to pound sand. He was a kind and generous person to those whom he felt deserving or who treated him well. He was ruthless to those whom he felt had slighted him or stood in his way. I don't want to go back to that.
Does it frustrate me that my government is essentially spying on me? Yes! Can I hold Apple responsible for that? Not for my government having made those decisions, no. That's asking that Apple be stronger than my government when, given a choice, I'd rather have an elected government operating transparently in free elections than a company that's primarily responsible to its owners.
Apple can very much fight this fight on behalf of its customers. Every time Apple refuses to write backdoors into its products at the behest of a law enforcement agency here, Apple is taking on that fight. Apple will sometimes lose that fight, as it is currently losing in China. Apple, as a participant in United States society, will sometimes win that fight, too. But ultimately it comes down to the decisions that our government(s) make.
That's not exactly the point tho. I live in an actually democratic country where the government respects my privacy. However apple is not respecting my rights or privacy when I would use their devices. Ergo this whole thread is bullshit as they can't even protect any privacy from the state they operate in in their situation.
I feel despair because my government is supposed to be upholding my fundamental right to privacy but, clearly, the Fourth Amendment is something that can be selectively upheld or discarded. So what’s left? For me to hope that some company will respect my “rights”?
>For me to hope that some company will respect my “rights”?
Is that reasonable? If the government is your adversary and you suspect they aren't playing fair, then it's only a matter of time before the government puts the pressure on that company as well. Either they play ball, or they fold like Lavabit did.
At that point you need to self host all your infrastructure as well as you can, and it becomes difficult to trust anyone else.
I don't get this either. Apple is a private US company, making every privacy aspect more or less obsolete. I can't even trust them to not leak private data to foreign servers, which is definitely not what I understand as data privacy
https://en.wikipedia.org/wiki/Warrant_canary
Of course they'd have to want to do this.
A good stack of Apple's ecosystem is fully encrypted, so that Apple can't give anything to the authorities.
For example: Apple Maps retrieves routes in segments, with changing identifiers. Apple can't figure out where you navigated to.
This is laughable. Your icloud data is in the cloud, your imessage (if you choose to backup) is in the cloud, they have the keys, and they give that data to the authorities. And why should apple even BE storing my navigation history on their servers? You can even read their policies for yourself.
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
Google knows exactly where you have been, how you got there and where you visited and for how long. They use all of this data for their own purposes.
Apple actively tries not to know any of that as much as possible.
Reminder: while it's true that Apple protects your privacy in the context of third party app data collection on your devices, it doesn't make it an “organization defending our privacy either”. They collect tons of data about you, and share them with third parties as they wish and their privacy policy is pretty explicit about it:
> Personal Data Apple Collects from You
> Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data
> Location Information. Precise location only to support Find My, and coarse location
> Health Information. Data relating to the health status of an individual, including data related to one’s physical or mental health or condition. Personal health data also includes data that can be used to make inferences about or detect the health status of an individual. If you participate in a study using an Apple Health Research Study app, the policy governing the privacy of your personal data is described in the Apple Health Study Apps Privacy Policy.
> Fitness Information. Details relating to your fitness and exercise information where you choose to share them Financial Information. Details including salary, income, and assets information where collected, and information related to
> Apple’s Sharing of Personal Data
> Apple may share personal data with service providers who act on our behalf, our partners, or others at your direction. Further, Apple does not share personal data with third parties for their own marketing purposes.
> Partners. At times, Apple may partner with third parties to provide services or other offerings. For example, Apple financial offerings like Apple Card and Apple Cash are offered by Apple and our partners. Apple requires its partners to protect your personal data.
While some worry that Apple's the only organization defending privacy, others are attacking it for trying to control its ecosystem (in part so it can defend their users' privacy).
That's the world right now.
For what it's worth, I'm one of the people that's doing both. I want the store monopolies to be greatly reduced for my benefit as the consumer - and yes, I will continue to acquire and purchase things through the app store, in general, because I trust their system a lot; BUT, I also applaud them and primarily purchase their hardware because I appreciate their privacy.
It's possible to have nuance in these positions.
The mistake that many people do is requesting a systematic change, and then ignoring the systematic effects of it.
Maybe in theory "more stores" sounds like "more good" to you as a consumer.
But the large mass of consumers are not in a position to judge things like safety, performance, reliability, sustainability. They're only in position to judge things like "$3 is less than $4".
So the systematic effect of multiple stores will be that everyone will flock to the cheapest stores, which won't have the means or motivation to do what Apple does. Many of those stores will also be offering pirated applications.
So this will destroy many developers who will lose a lot more than 15% or 30% of their potential revenue to piracy, and it will also end up destroying Apple's own store.
This is what "be careful what you wish for" means. Eating fast food every day is cheaper and tastes better than whole foods, for you as a consumer. By the time your body is destroyed, it'll be too late to have some important realizations.
Except that we already know what that landscape looks like on Android and... it's fine. Everyone still uses the Play Store.
App Store has double the revenue of Play Store despite Play Store serving a much bigger audience (more Android phones) and having the same 15%/30% cut as the App Store. This directly means the Play Store is a lot less used by its users. They buy way less from it relative to App Store.
You can attribute this to less trust, or more piracy, more likely both.
In part because of this, Play Store is less funded, and less regulated and has way more malware than the App Store.
Also, despite 13% of known app installs come outside the Play Store, 33% of known malware comes outside the Play Store, clearly confirming that non-Play Store installs are way more likely to be malware than Play Store apps.
So in short, Play Stores gets way less sales, gets way more malware, and there's EVEN MORE malware outside the Play Store.
The situation is not fine at all. All of the effects I mentioned are exhibited by Android's ecosystem.
Of course, we probably have different tolerance for what "fine" is. Maybe you don't care that developers do several times less sales per user on Android than on iOS. Maybe you don't care about the malware, and think you can teach everyone you care about to just "be careful" or something.
But if Android is fine, then Android is all yours. It's the majority of phones. So use that. Why do we HAVE to destroy everything that's different and make it like the rest? Why should iOS be Android? Let Apple do Apple. They're clearly doing something right if their parameters are way better than the Play Store.
> App Store has double the revenue of Play Store despite Play Store serving a much bigger audience (more Android phones) and having the same 15%/30% cut as the App Store. This directly means the Play Store is a lot less used by its users. They buy way less from it relative to App Store. > You can attribute this to less trust, or more piracy, more likely both.
I don't attribute it to either: it's pure demographics. Apple users are wealthier.
Nobody is asking for the destruction of anything, that's pure hyperbole. Opening up a marketplace in which you are both a participant and controller is not "destruction". It's what's fair for everyone.
> Nobody is asking for the destruction of anything, that's pure hyperbole. Opening up a marketplace in which you are both a participant and controller is not "destruction". It's what's fair for everyone.
Apple creates the hardware and the OS. No matter what they do, even if you crucify Tim Cook, they'll never be considered equal to some random guy with a Mac who submits their app to the store, for as long as they made the hardware and the OS. Which they have to do. So this "it needs to be fair" argument is simply a backdoor for Apple to make greater and greater concessions over their control of the ecosystem, until there's no control over the ecosystem.
But the ecosystem needs control. Countries need governments. Employees need bosses. And so on. Fair doesn't mean everyone is the same. We can't all be the same. Systems don't work this way.
"Fairness" is always contextual, and it's always a deliberate decision. It's not a default. Apple has created a system that's fair in some aspects, to some people, in the interest of the whole.
So you need to find another argument here.
As a consumer and shareholder I expect Apple to provide both security and choice.
Apple regularly uses security to justify eliminating choice. Which if you're paying attention isn't always true in every circumstance --so then I'd assert the motivation isn't coming from a place wholesome to the consumer.
Apple says I bought their device so I should follow their patterns. I disagree. Think Different.
Having additional marketplaces available for me doesn't affect you.
> Having additional marketplaces available for me doesn't affect you.
The comment you said this in reply to talked about how it affects _everyone_ both using the platform and developing for the platform.
You mean the bit about pirated software? Nope. Just a classic feeder line Apple gives to developers as a scare tactic. 30% is likely a heck of a lot more than what a canned c&d letter costs to get a pirated app removed from a trusted/authenticated app store variant.
Truth is Apple doesn't want competition for their large cut of "advertising/distribution" revenue.
If I develop an app for my existing customers and I want to support their device (Apple in this case) I have to agree to give Apple a 30% cut. Apple wouldn't have provided any direct service here for an unlisted app. I'm willing to host it and provide any merchant and billing support for it. I told my customer how to install my app. Apple's App Store wouldn't be providing any "distribution" services as it were (which as I understand is where historically the 30% rate originated --for that they should be paying for all my hosting and logistics).
I want to pay $100/year for Apple to verify my identity and make sure I'm not malware. That's all. In this universe I really don't even have an interest in using their closed-source compiler, or have to keep up with their programming language, but I do it cause it makes the numbers work.
Allow me to explain what is implied: More options for ways to get apps won't make app developers more money. This is shown by the difference between profits developers get by developing apps for iOS vs Android. Android has a larger user base, but it's still more profitable to develop for iOS. That's how it affects devs.
Less money to be made means devs are less incentivized to put as much quality into their apps. Some still will, of course, but others won't, and some will simply stop developing for the platform, so average app quality goes down. And less restrictions mean more crappy apps out there. This is how it affects users.
I'm not saying either system is better. I fully sympathize with the hurt of the 30% cut that Apple takes. And I sympathize also with wanting a more open platform. All that I'm pointing out is that by opening up Apple's platform in the way you're proposing, it will indeed affect everyone in some negative ways. There will be positive ways, too, of course. Such is the nature of change.
If revenue was more in a non-Apple ecosystem, would it not be the case that devs would all move to a non-Apple ecosystem.
Android also has the problem that users are far less likely to be as educated (since target audience is not white collar but blue collar) and far less likely to report problems, issues or malware. So I'd even take the reported values to be lower than what the actual case is.
With the exception of FOSS/privacy nuts who use f-droid. And everyone is happy in the end. I think the only mainstream sideload app is Youtube Vanced which removes ads.
I switched to an iphone but I still keep an android phone around to run a couple of sideload only apps which violate the App Store and Google Play guidelines like the app that loads the hack payload on to my Nintendo switch on boot.
I've seen this approach go over people's heads far too many times over the years. I'm a huge Apple fan/advocate. I'm also a huge critic. It's not even nuance --it's just the way it needs to be.
I truly wonder why people still believe they have any privacy, any right to privacy, or, that they could do anything about it.
Sun Microsystems‘ Scott McNealy was vocal about this already in the late 1990s: „you have no privacy, get over it“
Look, even if you were able to get FAANG et al. to honor privacy, there will always be the one player that does not. Then, the people who write privacy laws have no clue what they are doing. Plus, I’ve seen software professionals copy/pasting encryption algorithms that contain errors from stackoverflow into production code.
It’s time to face reality, this ship has sailed, stop whining, finally start adapting to an environment without privacy: Treat all your data as if they would become public one day.
Use your energy to teach others to be tech literate to understand what this means, how to deal with this and how to behave.
> I truly wonder why people still believe they have any privacy, any right to privacy, or, that they could do anything about it.
The GDPR (very good legislation forming one of our rights to privacy), and a host of UK/Europe national Data Protection Acts preceding it would take issue with this statement.
Its enforcement is severely lacking though, to the point where you wonder if the parties supposed to enforce it are actually benefiting from the status-quo.
Scrub forward until you see a yellow note pad.
https://m.twitch.tv/videos/1032025987
The source to complete it is on my GitHub. My IG of same handle has progress pics, recently marketing and sales.
I’m sure there are many more similar projects out there, unsure if like I they are angling for physical communities and local taxes.
TDC and iSL have initial docs, and the CarPuter machine is like $750 of parts.
I have many app designs up the stack. Captured as video or drawings or in slices as prototypes.
City Apper. IG, .com... still turning the lights on.
I picture each community having one, like a community center. B corp.
If others run with the idea then great.
I have some unique work constraints on the .com mockup modeled after a successful real life organization and my own experience bootstrapping and being close to it.
I’m my own customer for a few years, now homeless it runs at 4-9W even Twitch streaming screen cap, web cam, and using headset audio.
Ie. we can DIY and reasonably commercialize 1-off hardware. My favorite tacos seem more expensive than chain tacos, but are way more nutrient rich thus worth the cost.
Decentralized. In line with Internet OG. RSS friendly, merchant integration, XMPP, EmailInABox, iCal, LUKS, GPS, USB 3, LTE modem, CDN caching, ....
The author gives Apple credit for solving a problem Apple created.
Apple doesn't care about protecting you. They care about protecting their own advertising market share. They don't want to stop tracking your iPhone. They want competitors like Google to stop tracking your iPhone (for free). Apple wants to get paid for that.
If Apple cared about you then tracking functionality would not exist.
You didn't get it. Apple is not making any decisions on whether to allow apps to track or not. They are simply delegating that choice to their users (and rightly so). The user has power to chose which advertisers he or she can trust showing them the useful ads and allow those apps to track. If ads are not useful or are exploitative of their data then they can chose not to allow tracking. As simple as that.
I believe it is you who has a misunderstanding. Let's word this differently.
Apple gives apps the ability to track and users the option to disable that feature, but they built it with dark patterns.
Now they've removed the dark patterns, but you can still have this awful feature that nobody wants. Why?
And why is Apple getting credit for removing dark patterns that they created earlier? Why does this feature exist if 99.999% of people don't want it in the first place?
You seem to be implying that when Apple opened their App Store, just 13 years ago in 2008, that it was an intentional decision to allow “dark patterns,” but this really does not seem to be born out by Apple’s practices. After releasing a gigantic/global app store in 2008 Apple has done nothing but reduce and limit the ability of third parties to track iOS users, amongst other actions that are purely protective of users. Furthermore, I see some beneficence in their actions, in that it’s not like there is a huge public uproar directed at Apple compelling them to make these changes (though my hunch is it’s more about cutting away at FB and Google profits than anything else).
It wasn't a dark pattern per-se. They assumed good faith and relied on morals and compliance with the law to be sufficient.
Keep in mind that when the GDPR went in effect (and maybe before that with the "cookie law", as the advertising ID is equivalent to a tracking cookie), using the system-wide advertising ID (which is enabled by default - the dark pattern you were talking about) would be in breach of the regulation; apps should still ask for consent before using it and allow users to decline.
I can't fully fault Apple for expecting that the GDPR would actually be enforced and clean things up. It clearly wasn't the case however and they're thankfully making changes to mitigate that.
Except Apple is putting its own ability to track you under a different opt-out (default opted-in) that isn't set when you first launch the iphone.
You don't get it. Apple doesn't allow you to opt out of THEM tracking you. You have 2 options
1. zero tracking (not even sure you can do this)
2. apple tracking, and the ability to chose others who track you
To be equal Apple would have to allow blocking Apple's own tracking while still allowing user selected 3rd parties to track. Apple doesn't give this option. If you don't want them to track you you're required to turn off all tracking, not just Apple's tracking.
Apple provides core services that forces all 3rd party apps to run "on top" of. I don't see how the toggling of options could work better considering this.
Tech has a long tail - if you generalize from the big players track record things may look grim, but that is ignoring the rest of the field. That is to say, no - it is not only Apple who defends our privacy - and yes you should dig deeper when thinking about these things.
Weird the The Guardian of all people are calling Apple an "organisation" rather than "company".
As for organisations that cater to personal privacy, I don't see any mention in the article about Purism, Mozilla, LinageOS, F-Droid, QubesOS etc.
The privacy debacle on tech is yet another case of anyone in pistons of power making decisions about technology knowing absolutely nothing about it.
The big consulting firms have monetized this. Silicon valley ad-tech too.
I keep hoping it can't last.
If Apple offers real privacy now, that's good for them and the consumers who are willing to pay premium for privacy. Two questions:
1. Is there a way to verify that Apple is not using or selling the user's data?
2. What is preventing Apple, after gathering all the users data, from changing its EULA/ToS and starting to sell the user data? Is an average user going to export all the data from Apple and jump to another platform (if there is one offering better privacy)?
Nothing. So your options are to pick a company that openly tracks you and is funded on tracking. Or a company that tells you it doesn't track you, bases a huge amount of their marketing on that promise and is funded by selling you expensive devices.
One option is clearly better from a privacy perspective even if you have no control over what Apple does.
I am somehow seeing this as a good/evil cycle -- Google and Amazon, even Facebook at times used to be the good guys. Now Apple and Microsoft are getting higher on the horse. It may revert eventually, I assume "don't be evil" is counter-incentivised by many things.
But now the most interesting thing to me is if FB/Google really are pushed by this privacy narrative to change their business model.
The only reason behind the iOS changes is because Apple failed to compete with Facebook ads. If Apple didn't sell ads using the same data I could maybe believe there privacy bullshit.
Apple is a hardware company, they make most of their revenue from selling actual physical stuff. I think the second one is the cut they take for selling software to said physical devices.
Ads are a sliver in the earnings pie chart.
FB and Google though are advertising companies with services and hardware sales to support their core business.
>Apple is a hardware company
They definitely consider themselves more than that. They pride themselves in being the farm, to hen, to egg, to plate "lifestyle" service.
Maybe one day they'll start making decent software though.
With all due respect that is nonsense. How would they come close to competing with Facebooks ad system which is built into the FB product?
The overwhelming majority of Apple revenue and profit is still hardware, app store and music etc. Whatever Tim Cook et al truly think about their customers privacy they can take the "moral high ground" when it comes to privacy because they are in a different business and it doesn't hurt their revenue (and perhaps helps it).
I don't think its nonsense, I think you didn't read what he is saying. I also believe that if Apple had been successful at building its ad business when it tried to, they would not be talking about privacy now.
Apple sees all your data before it is ever sent to Facebook.
Sure - if they were arms dealers or a drug company they would be doing other bad things, but their business model doesn’t need targeted ads.
People and companies should be judged on their actions not on what you think they would do if they were in some other business.
Sure, but what we are saying is that Apple _is_ a bad company, and that we don't believe they are on our side. (or that they are trying to protect us.)
They are not on our side when it comes to repairing our devices. They are not on our side when it comes to running software we want to on the hardware we own. They are not on our side when it comes to walled gardens. They are not on our side when it comes to how quickly they stop supporting the hardware they sold us.
If they _were_ in the business of selling data, they would not be on our side there either.
Apple is on Apples side. However, the fact that they are "defending our privacy" (as the article states) in this small way compared with what Facebook and others are doing is a good thing. Apple don't sell ads in the same way as Facebook do and have never done so (unless they are doing it secretly and illegally - they are not - it would be worth so little to them and the potential loss if they were discovered would be so huge).
Whatever their motive is, or how bad they are in other aspects of their business, or how different it would be if they had a different business model the fact that they are providing this 'privacy' to their users is a good thing.
Apple is in it for themselves too. Stop falling for this.
Obviously. But just because Apple is in it for themselves doesn’t mean that their customers can’t also benefit. Clearly, it’s mutually beneficial - customers get privacy-focused devices, and Apple gets money from people that care about privacy.
All that said, the level of privacy Apple offers in any of its devices is superficial at best. There are way more problems Apple needs to solve before any of its devices can be considered “private.”
Your IP still gives away your location, apps can remember if they were installed on your phone, you can’t turn off network or sensors for individual apps, etc.
> Your IP still gives away your location, apps can remember if they were installed on your phone, you can’t turn off network or sensors for individual apps, etc.
I agree with your last point, but the first two is asking for the impossible. You'd need multiple technological breakthroughs for that to happen.
> You'd need multiple technological breakthroughs for that to happen.
For (1), at the very least, Apple could provide a VPN by default.
For (2), why is this the case? Apple mostly just needs to delete content from the Keychain for deleted apps and throw a wrench into some APIs used for fingerprinting.
> For (1), at the very least, Apple could provide a VPN by default
Exactly how well a VPN improves privacy is highly controversial to say the least. Quite a few would go as far to say not at all, although I believe it's a bit more nuanced.
But most importantly, Apple directing traffic to their VPN by default would be an unwise move on all levels. It would put them in a position to be able to scoop up data on users, regardless of intent. Not only would that be devastating for their reputation, it would actually harm user privacy. If a single company can directly capture almost every single packet flowing in and out of user devices, governments are bound to demand access to it without an option to refuse. Even in the most democratic countries, government agencies aren't known for their restraint when it comes to accessing user data.
> For (2), why is this the case? Apple mostly just needs to delete content from the Keychain for deleted apps and throw a wrench into some APIs used for fingerprinting
Wouldn't that break iCloud syncing? Besides, preventing turing complete programs from uniquely identifying users on real world devices is an unsolved problem for all I know. It's not as simple as disabling some APIs here and there.
Of course Apple is in it for themselves, it’s just that Apple’s interests and mine overlap, as is supposed to be the case in the classical formulation of economics. I don’t mind that Apple or LEGO or Pixar is “out for themselves” — I care when the companies I transact with choose to enrich themselves from someone else’s pocket for someone else’s interests rather than from my pocket for my interests.
"Apple is in it for themselves. As opposed to those other companies, who track us without abandon and sell our data to whomever will pay. Those companies are in it because they love us."
Stop falling for the trope that it’s bad when the incentives of corporations and individuals are aligned. That’s literally the ideal scenario.
I'm surprised to not see too much discussion about GDPR here.
But the question I have is under what legal basis do companies use the tracking identifiers? Surely the only legal basis available to them is consent? So Apple has kindly made the consent collection infrastructure part of iOS (and therefore standardised and therefore user friendly).
So are the complaints about Apple forcing them to obey the law? That seems pretty strange to me.
The whole ATT thing merely forces companies to do what they were supposed to do 3 years ago when the GDPR came into effect, and maybe even earlier if you consider the ePrivacy Directive ("Cookie law").
The regulators should use any company's complaints about the change as evidence of past GDPR breaches, but then again the reason ATT was required and companies complain is that the regulators are so incompetent that the regulation is routinely broken in total impunity even 3 years down the line.
I just don't think that there are that many Europeans on HN percentage wise.
I think there's a lot of people on HN that profit from breaching the GDPR, so it's unlikely to have a good reputation here
Apple should not have to lead the charge for user privacy. The government (particularly Congress, in some cases State Legislatures) needs to step up and create modern rules for a modern society.
While you can’t “cook up” new laws as quickly as an engineer can a prototype, trusting a private entity - with only the power to regulate its own devices and activity - is foolish, if just merely in scope. The interests of a private org just complicate the picture further.
EU has GDPR and California has CCPA.
Y'all just need to get your elected officials to copy & paste CCPA to a federal level.
To be fair, the GDPR is only good in theory but its enforcement has been severely lacking, as demonstrated by all the companies suddenly complaining about App Tracking Transparency, despite ATT only mandating what they should've done to comply with the GDPR anyway 3 years ago.
Yea, GRPD and the cookie thing could use some extra supervision and enforcement.
People are mostly going by hunches and third hand knowledge on these.
I know HN will downvote the hell out of people who doubt Apple, but Apple is most certainly not defending any privacy with their closed-source OS.
For one, it takes quite a bit more on an iOS device to jailbreak it and use an MITM proxy to inspect what apps are doing under the hood than it does for an Android device to do the same. I feel much more peace of mind that I know exactly what apps are sending to their servers and back and that I can inspect it at any time, and Android forks such as LineageOS provide for actually sending fake sensor data back to apps instead of just denying them permissions, which in many cases just cause apps to refuse to function.
I’m a bit lost here. If all you want is to do MITM, what stops you from installing a certificate and a “VPN profile” on the iOS device and proxying the communication for analysis with appropriate apps? You don’t need to jailbreak to do any of this, as Charles Proxy for iOS (paid app) [1] shows.
Of course, if you need to do more than intercepting network traffic, then it gets a bit more cumbersome on iOS.
Most apps now use certificate pinning, i.e. they have the root certificate included in the app and signed as part of the app, so that method won't work.
On Android it's much easier to intercept and modify the behavior of apps and tell the system to disregard signatures and things of the sort.
Maybe you live in an alternate reality, but in this reality most apps aren’t remotely sensitive enough to use cert pinning.
Also, since Android 7, even non-cert-pinned apps simply ignore user/admin-installed certificates; you can’t do anything without (1) rooting and injecting cert into root trust store; or (2) binary patching. Neither is easy, whereas installing a certificate as a profile on iOS is a trivial process.
They use cert pinning anyway.
I spent a while reverse-engineering Clubhouse's API and what data they were sending, and even they use cert pinning. Most of the big apps all do.
> On Android it's much easier to intercept and modify the behavior of apps and tell the system to disregard signatures and things of the sort.
This really doesn't increase my confidence in Android as an OS. I'd rather prefer it to be really hard to intercept and modify the behavior of apps and to make the system disregard signatures.
When I say it's easier, that doesn't mean any app can do it in user space, it's only easier because the OS itself is open source, you can modify it to your liking, and there is a decent community around alternate (also open source) images such as LineageOS which can give you very good control over what user space apps can and cannot do.
If you use an open source version of Android you can prevent even Google from tracking you. With iOS no matter how hard you try you can't really stop Apple from getting your info.
OK, how about that: everyone who wants to manually inspect the bytes coming out of their phone 24/7 can use Android, while everyone else can use iOS.
(also, iOS supports proxies)
MITM proxies don't work when apps use certificate pinning. Many popular apps do this.
> everyone who wants to manually inspect the bytes coming out of their phone
== everyone who actually gives a damn about their privacy
Do you even know what your phone apps are sending about you? I know what my apps are sending about me. Some of it is pretty scary, honestly.
So you like an OS that sends fake sensor data to apps, but you trust it to send real network data to you? What if it doesn't? What if the hardware sends fake network data to the OS? You clearly don't give a damn about your privacy, because everything you do can be subverted through any of those components.
People who give a damn about their privacy write their own OS, apps and install it on their custom built hardware that was built into their own semiconductor factories, using personally sourced materials and designs.
Yes, I can also play this game.
> on their custom built hardware
Sure, make your own phone, I'll very much support and admire you if you do.
Until then, since I don't have that hardware engineering prowess, I'm at least a few steps ahead of any iOS user and at least have control over my OS and what my apps do.
iOS users on the other hand just surrender their privacy management to almighty Apple and trust that Apple does no evil, and trust that the signed apps they run on their devices do no evil.
Yeah, if Qualcomm does evil in their Snapdragons I'm screwed, but at least I've reduced my privacy risks by a few notches, better than nothing.
iOS is also better than nothing.
It's the best solution to people who have better stuff to do, but want relative security compared to Android.
> just denying them permissions, which in many cases just cause apps to refuse to function.
Factual question: which apps in your experience "refuse to function" when you deny them permission to track you?
That’s a hold out from the Android world, where apps are generally written to expect the user to provide requested permissions. Before Android 6, apps would get all permissions requested for on installation (or the user wouldn’t be able to install the app). From Android 6, when the permission model changed to be similar to iOS to get it at runtime, apps didn’t get written for this new world and would crash or refuse to work. Even today, there are apps that will refuse to function if some (non-critical) permission is not granted.
I deny functions to apps in Android all the time. I've yet to run into an app that will refuse to run unless that denied function is explicitly needed for that app to do what it was designed to do: eg, location for maps.
There are plenty. Try getting a Roborock vacuum cleaner and getting it to vacuum your floor without giving away GPS permissions on your phone, it's impossible unless you take the damn thing apart and solder some wires to the RX/TX and root it with its dev serial port.
Wechat also for a while didn't even allow logging in without location permissions. They may have changed that but there are lots and lots of offending apps.
This is a complex one. I'm almost certain the reason is they want to scan for bluetooth devices to pick up the vacuum cleaner in the app.
The problem is that scanning for bluetooth devices basically is GPS because marketers started putting beacons all over the place and using their tracking toolkits in apps to pick up these beacons.
So android changed the permissions so you had to ask for location access to scan for bluetooth.
So as an app dev, you get the option to ask for location access and make setup easy, or you can direct the user to go to the bluetooth settings and pair with the vacuum and come back to the app to continue.
That sounds more like a hardware cost cutting measure than an issue to do with Android itself.
At one point WeChat wouldn't permit logging in without location permissions. RoboRock vacuum cleaners also must be set up using an app that requires GPS permissions, and they send your GPS and Wi-Fi passwords and things to their server. It's sad, but they make one of best actual vacuums.
I'm not sure if that's the case still but I've run into several other apps that do similar things. It's pretty widespread.
In any case, it's awesome to have an OS that can make apps think they got permissions and just shove fake data at them.
True, it’s very difficult to see what iOS apps and iOS itself are doing. And we can assume that third-party apps are collecting whatever info they can - even after 14.5, when they presumably disclose what they’re collecting.
But, can’t we infer from Apple’s earning statements how much they’re monetizing user data? Currently that seems like not much. Then again, they probably wouldn’t have recruited Antonio Garcia if they weren’t interested in milking that particular cow.
The Journal says Apple’s ads business is estimated at $2 billion currently (but this isn’t reported in their financial statements): https://www.wsj.com/articles/apples-privacy-changes-are-pois...
Apple’s services category made $16 billion in revenue last quarter and includes ads in addition to other businesses like music and TV. Apple’s growth story to investors hinges on the services category.
>But, can’t we infer from Apple’s earning statements how much they’re monetizing user data? Currently that seems like not much.
That only tells you how they're doing competing against the other ad networks, not how much they're trying to monetize the data. Instead since they couldn't compete, they drew a moat around their devices where other companies can't get the data apple can, now.
https://mobile.twitter.com/antoniogm
That guy was just fired by apple after a staff revolt described as "woke" which made news.
Separate to that, his alumn is facebook, specifically ads. Whatever spin they put on it he was literally hired to monetize for apple the private data they hold that belongs to you. There is zero contractual it enforceable commitment by Apple to prevent them from stealing and doing literally anything they like with your data for a reason. They will do it the instant it is worth the reputational hit for officially announcing their privacy marketing is knowingly dishonest. Which it is.
If they had any value at all on your privacy it would have contractual protection. Cannot be sold, cannot be provided to a third party without being legal compelled, cannot be used by Apple. It's easy to do this and they have chosen not to. It would cost dramatically less than their "these things are private" ad campaign. Orders of magnitude less. It would get orders of magnitude more reach than their ad campaign. They don't have this in contact for a reason. That reason is bait and switch. Their advertising overtures to privacy are worth even less than Google's lack of them. Apple are utterly foul.
The bar is so unbelievably low and apple, google, facebook, and all their ilk compete to get deeper below it and bash us harder.
It's our fault. We didn't do... Like they commanded. See what we made then do?
/Waves to apple zealots and gravy train riders.