Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am confused. Everything I read on the website is very vague.

What exactly is their issue with Apple? Apple is already privacy focused. I can imagine what it could be (mistrust of closed source, big corporations) but they never say so. What exactly are they building? Are they just a distro or are they building their own software?

EDIT: All the replies focus on Apple. But my point is not that Apple is privacy-friendly. When I say Apple is privacy-focused, I just mean Apple claims they focus on privacy. They can disagree, but should provide some arguments.



Why does everyone keep repeating this idea that Apple is the privacy company? They are just less bad than Google, but that isn't saying much. It's a marketing point for apple, but they still collect hoards of data and work directly with governments and agencies.


Source? Everything we've seen in terms of technical publication about the design of their software and hardware says the opposite. They're intentionally baking privacy into their services where others have done the exact opposite.


Requiring a physical address to create an Apple ID to download free apps doesn’t seem privacy oriented to me.

Sure, I can use a fake address, but what if they start to check against it and then lock me out of my account?

It’s bad enough all the players require my full name. I do use an alias whenever I can, but for vital accounts, I don’t because I’m afraid one day they’ll ask for a government issued ID to verify my account or I get locked out.


Usually “None” is an available option for payment method. This does depend on your region though.


You can do without by using prepaid cards you buy with cash.


> Source?

Exactly. Without source code you have no idea what they're doing. All you know it's what they say they are doing. Two completely different things.


No, you know a lot more than that. Apple is a public company. Take a look at their quarterly reports. Note the distinctive lack of dependence on ad revenue. This alone sets them apart from Facebook and Google.

Apple makes money by selling stuff to people, not selling people to advertisers.


Untrue. You can sniff outgoing connections and reverse engineer whatever you’d like (I sure have and am glad to have a full understanding of everything going out).


Time is another dimension here, you'd have to indefinitely monitor the device to make sure there's nothing sent out. There's also the possibility of stenography and remote-activation.

> (I sure have and am glad to have a full understanding of everything going out).

That's impossible.


There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out. However, do not exist in iOS. Anything can happen in the future, and those future versions can also be examined to find out if any such functionality was added.


You're delusional if you think you can audit every line of code running on your iPhone. That'd be something newsworthy.


Your comment contains an insult with no additional substance to back up the claim.


The first part of my sentence only applies if you think you can/have audit(ed) every line of code running on your iOS device. If anything you're the one saying it can be done by you without any substance.


> There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out.

Hint: You do not need to manually, personally, audit every single line of code to discover the use of such functionality.


That isn’t an argument for claiming the opposite.


Here's a recent blog post that describes some of the massive amounts of data that iPhones collect: https://www.mac4n6.com/blog/2018/9/12/knowledge-is-power-ii-...

Granted, this data is on-device, and we don't know how much (if any) leaves the device, but if Apple really had privacy as their top priority, they wouldn't collect that data in the first place. Privacy is surely important for Apple, but it's not the absolute top.


Um, on-device means it's not collected. At least not yet. By definition.


The phone collects data and stores it on device. "Collect" data does not mean "transmit" data.

After data is stored, it can be extracted by attackers who exploit a vulnerability in the OS, or by anyone with physical access who finds out the passcode. (eg. by coercion, by camera surveillance, or by simply looking over someone's shoulder)

If an operating system truly put privacy first, all that data would never be stored in the first place.

Obviously it's a tradeoff. If you want smart recommendations and all the "AI" features, you need to collect and store a lot of data.

If you value privacy above all else, you have to store as little data as possible, and you have to say "no" to features that require analyzing a lot of data.


This data is on-device precisely to avoid the usual route of uploading it to the cloud. None of that is uploaded to Apple.


Most of the OS is proprietary, you can't say it isn't uploaded.


I'm generally inclined to believe that companies--and people--aren't lying outright, unless there's evidence to the contrary. Apple seems to be making a real, concerted, and good faith effort in the realm of data privacy. This effort ought to be recognized.

Would it be _better_ if all Apple software was fully open source and could be independently audited by anyone? Yes. Does that invalidate everything else? No.

Also, Wireshark is a good way to monitor what data your phone is sending to what servers, even if it's incredibly imperfect.


With ubiquitous use of TLS and the advent of certificate pinning Wireshark is becoming less and less useful. Even if you convince the phone to accept your man-in-the-middle certificate with a provisioning profile, there's no way to proof that it sends the same data as if it got the real certificate.


If iOS was changing the data it sent out depending on which root certificates were installed, that would be a huge scandal, as I cannot imagine _any_ non-malicious reason to do that.

That's not proof of anything, but again, at some point I feel you have to assume good faith. Apple does not have a history of doing stuff like this.


Exactly, you're assuming good faith. Instead it should be proven good faith.


So to be clear, you are arguing that we cannot blackbox anything and see what network connections it's making or amounts of data being sent to whom or timing of it because proprietary? Nor for that matter find security vulnerabilities that lead to jailbreaks and then further deep dives right? Since it's proprietary that means nobody can possibly find any issues? You might want to think about this one just a little bit longer.

Seriously, the fundamental issue with proprietary is maintenance, ie., not finding but fixing (in a good way) problems and then making those fixes available to other users. Adding features to scratch niche itches is another, though arguably not as critical a matter. But for merely reverse engineering, decompiling, probing memory, fuzzing and all that lack of source code is effectively zero barrier. If it wasn't then source/algorithm obscurity really would be effective for security rather then a bad joke.


You can’t say something isn’t collected either.


I can say that on free (as in freedom) systems.


You can sniff the network traffic.


And all you'll see is a lot of encrypted streams to lots of servers.


Check the NSA PowerPoint that came with Snowden's revelations.


You ask for others to provide sources to back up their comments, but don't provide any of your own.


Ignoring the fact that it's EXTREMELY easy to find links showing Apple's commitment to privacy:

https://www.google.com/search?q=apple+privacy+efforts&oq=app...

https://www.apple.com/lae/privacy/approach-to-privacy/

https://www.theverge.com/2018/10/17/17989608/apple-data-down...

When you are the one making a claim refuting what is generally considered common knowledge, you're expected to provide SOME citation of your disputed claim... not to mention it's such a common internet troll tactic to spew BS just to make people do research to prove you're full of it that it's just kind of common courtesy to start with links (assuming you aren't a troll).


Equally easy to find recent articles outlining Apple is getting billions from Google to have Google search by default in Safari. Doesn’t sound fitting commitment to privacy.

http://fortune.com/2018/09/29/google-apple-safari-search-eng...


While I'm sure apple's default choices are partially profit-motivated, defaulting to Duck Duck Go would be a poor UX for the vast majority of iPhone customers.

There is a valid discussion to be had as to whether UX or data privacy should be prioritized, but I'm inclined towards UX--most people just want to get the best search results possible.

If anything, on the UX <--> privacy scale, I'd argue Apple has sometimes been prioritizing privacy too highly as of late. As a heavy user of custom Applescripts, the new TCC dialogs introduced in Mojave have been causing me a lot of grief.


You can change that to DDG with a click, if you want.


What about transferring Chinese users' cloud data to a Chinese company? Is it a part of commitment to privacy too?


It’s not possible to prove a negative. Do you want a quote from Tim Cook?


>It’s not possible to prove a negative.

_Of course_ it's possible to prove a negative. Why do people insist on repeating this as if it's actually true?


Because it's shorthand for "the burden of proof is on those making the claim, and negative claims are much harder to prove or disprove." If your rebuttal to my assertion that Taylor Swift is not, in fact a zebra boils down to "you SAY that none of those zebras are secretly Taylor Swift, but maybe that just means Zebra Taylor Swift is just that good," I mean, I can't technically disprove that, but shouldn't the burden of proof be on you?


> negative claims are much harder to prove or disprove.

No, they aren't.

One, disproving a negative claim is exactly proving the opposite (positive, if the same style of expression is used) claim (and vice versa), so it can't be harder to both prove and disprove negative claims, even if they were real distinct classes.

Second, “positive” and “negative” claims are largely phrasing choices; it's quite possible to have positive and negative claims that are semantically equivalent.


If the intention is to talk about burden of proof, then that's what we should be talking about. That's clearly not the case because the parent comment replied asking how it was possible. They seemed to have meant it very literally that negatives are impossible to prove. It's a common saying and it's flatly wrong.

Additionally, in this case, the claim that a company can be trusted is much more difficult to prove than the claim that they cannot be. Burden of proof, difficulty of proof, and whether the claim is expressed as a positive or a negative have no intrinsic link.


"you SAY that none of those Apple devices are secretly spying, but maybe that just means Apple devices are spying just that good"

Are you saying that Apple can be proven a company that can be trusted to keep user data secure?


Could you educate me on how this would be achieved?


And the switch to Apple meme only works for those fortunate enough to live in countries with a monthly wage that actually makes it a viable option.


Source?


Exactly. It's one of their main competitive features in each of their annual reports, yet they collect just as much data...


From e Foundation website: "our mobile phones, even when using no Google service, connect to Google Servers tens of times per hour (91 times per hour for an Android mobile with a total amount of 11,6MB of data sent on a single day, and 51 times per hour for an iphone, corresponding to 5,7MB of data sent to Google servers)." With a reference to: https://digitalcontentnext.org/wp-content/uploads/2018/08/DC...


Thanks. I didn't see that. Why exactly do iPhones send data to Google servers? Ads on apps/websites?


Section F, page 4 has a summary:

f. While using an iOS device, if a user decides to forgo the use of any Google product (i.e. no Android, no Chrome, no Google applications), and visits only non-Google webpages, the number of times data is communicated to Google servers still remains surprisingly high. This communication is driven purely by advertiser/publisher services. The number of times such Google services are called from an iOS device is similar to an Android device. In this experiment, the total magnitude of data communicated to Google servers from an iOS device is found to be approximately half of that from the Android device.


From the article, I gather that the traffic is for google ads as you browse the web (AdSense).


Don’t forget Google Analytics, Google Fonts and Google AMP?


iPhone uses Google as built-in search engine in Safari, thus indirectly compromising data privacy. And Apple is reported to get billions from Google for this https://community.e.foundation/t/google-could-be-paying-appl...


Google is "built-in" as far as it's the default. It is changeable and can also be set to Yahoo, Bing, or DuckDuckGo, as well as Google.


>Apple is already privacy focused.

Says you (and say them).

>I can imagine what it could be (mistrust of closed source, big corporations) but they never say so.

Yes, that's exactly it. With proprietary software I have no idea what my device is doing. Maybe they're spying on me! Maybe they aren't! Who knows!

The reasoning behind the people that say "Apple respects privacy" is always "because they say so".


> With proprietary software I have no idea what my device is doing. Maybe they're spying on me! Maybe they aren't! Who knows!

This is entirely untrue. You can sniff the outgoing connections to see what data is being sent. Here's instructions for how to do it on a Mac: https://medium.com/@jamesmarino/monitoring-ios-https-network...

On Windows, a similar thing can be achieved through Fiddler.



Oh please. Take your tinfoil hat off. Hell, take your tinfoil suit off.

Apple's biggest claim to fame in the last few years has been defending users' privacy. It is in their best interest to be as transparent about this as possible because any revelation that they are publicly saying X and privately doing the opposite is going to completely tank them as a company. They're not about to jeopardize their entire company by going so far as concealing tracking information in other information that is transmitted from the device. Especially while at the same time going so far as implementing many security and privacy features like FileVault, E2E encryption, and the Secure Enclave. Everything they have said and done, and analysis of the data that leaves their devices points to them not doing it.

Sure, it's theoretically possible. But it's about as far from probable as Pluto is from Earth.


>Apple's biggest claim to fame in the last few years has been defending users' privacy.

The vast majority of Apple's buyers don't know or don't care about privacy. To assert "this is their biggest claim to fame" is ludicrous.

>It is in their best interest to be as transparent about this as possible

This is still the only argument for Apple that I've ever seen. They maybe aren't doing this, because maybe it doesn't make business sense for them, and maybe we could detect it if they were. Nothing about this is solid; for me it's just wishful thinking.

>any revelation that they are publicly saying X and privately doing the opposite is going to completely tank them as a company

Literally hundreds of companies have been caught doing the exact same thing and next to none of them have "tanked".

>Especially while at the same time going so far as implementing many security and privacy features like [...] Secure Enclave.

The Secure Enclave is an unauditable chip running god knows what software. Completely outside your control; someone else has the power to dictate what it does and doesn't do. The notion of paying money for my device and having it subject to the control of someone else is... like buying a car with my own money and having it be controlled by someone else.


> The vast majority of Apple's buyers don't know or don't care about privacy. To assert "this is their biggest claim to fame" is ludicrous.

The users don't care, but the media and government are going to pounce on whatever they can, especially the government after the FBI debacle and subsequent refusals to cooperate. If you don't think such a revelation isn't going to completely upheave the company, then you're the one that's being ludicrous. Just because the end user doesn't care now doesn't mean they can't be made to care with the right messaging from someone who takes advantage of such a discovery.

> This is still the only argument for Apple that I've ever seen. They maybe aren't doing this, because maybe it doesn't make business sense for them, and maybe we could detect it if they were. Nothing about this is solid; for me it's just wishful thinking.

Did you somehow miss my grandparent comment, or just decide to completely ignore it because it doesn't fit your narrative? If you don't trust them, then go do what I said to do in said comment and audit the data that is being sent by the device to their servers. This isn't rocket science, it literally takes a few minutes to set up. Just because you don't want to doesn't mean that trusting them is somehow the only option you have. And just because you don't see the source code doesn't mean you can't possibly know what data is being collected and sent. That's literally the whole reason these MitM proxies exist -- to inspect data leaving your device for various purposes.

> like buying a car with my own money and having it be controlled by someone else.

So, what already happens today and has been happening for at least a decade now?


"Says you" works in both directions.

Apple at least has that case whith FBI, anti-proprietary activists have just their doubts. Would be interesting to read some story about traffic analysis with some suspicious activities, but all I see is just compilation of doubts and talks about what is possible.


Apple also has a case where it transferred Chinese users' data to China government.


I am very curious to learn more details about how they handled this, with specifics.


Not a lawyer, but I'd assume Apple's marketing, public statements and explicit messaging on device about privacy would restrict them at least in markets like Europe? Surely they'd be into unlawful false advertising at this point.


In the US, you have to do what you say you are doing in your privacy policy, and the government enforces that.


With a billion iOS devices out there, if Apple was truly collecting information about you and selling it to third parties, there would have to be some evidence that compromised data is out in the wild. To date, no one has found any.

So it's pretty safe to say that yes, you can trust Apple.


> Maybe they're spying on me! Maybe they aren't! Who knows!

I suspect we would all know if Apple were spying on us. Really think there still secrets anymore?


Of course there are huge secrets that have yet to be revealed. If there's anything to learn from the 20th century it's that huge projects can be maintained in relative secrecy from the public so long as the denial is plausible. After all, it's become clear that "secret" is not sufficiently revealed when those convinced of its truth are regarded as cranks and crazies.

I'm certain that decades hence we will be shocked to discover what is going on now, under our noses.


Apple costs a fortune and only runs on specialized hardware.

As technologists, I think we should stand against the notion that personal privacy is a luxury feature for those wealthy enough to afford it.


Ethically, I think just about everybody agrees with you. However, as soon as the ad-supported device is 10% cheaper, it's going to capture most of the market.

I don't think the market can solve personal privacy issues - only legislation can.


Nice summary. For example buying an iPhone in Turkey is harder than buying a car in UK in terms of an avarage middle class person's monthly income.


You've met technologists who were for the notion that personal privacy is only for the rich?

I've met a ton of technologists interested in privacy, and none of them were for the notion that only the rich should have it.


All that advocate switch to iOS as solution to the security issues on Android.

On plenty of countries getting an Android device is already a dream come true, let alone being able to get an iPhone.


Since that /e/ thing allows you to self-host the cloud part, you need neither Google nor Apple.

Apple may, of course, be better than Google at defending user's privacy. Apple's efforts are laudable, but Apple still controls access to your data.

With self-hosting everything, you are in control of your data. This may be more secure, or less secure than Apple's cloud, depending on how well you manage it, but now you're in control.


No. You are suggesting that we should trust Apple (why?) and upload all our data to their cloud. By why cannot we just keep our data on our phone without sharing them with anyone.

Nothing stops Apple from becoming a new Google. And nothing stops NSA from installing backdoors in Apple's data centers as they did with Google.


So what’s your threat model here? Are you worried about being targeted individually or in aggregate?

In aggregate it’s not clear that the risks of putting your data in the cloud are as dire as everyone fears. If your worried about being targeted individually then you’re already screwed. There’s no way a single individual can guard against state level actors.



Like seemingly every other post taking this position, again this post totally ignores one of the big problems Apple is solving, which is protecting the interests of the user.

Search the article for these words: roommate. boyfriend. partner. family. household. abuse. abusive. stalking. stalker. spying.

No hits.

The article is 100% free of any mention of one of the top dangers Apple addresses for users with its built in protections. No phone can fix the problem completely, but iOS bends over backwards to ensure that a user who takes an active interest in protecting their own privacy has the tools to do so.


I do not fully understand your point. If you have free software on your phone you can do anything, including protect yourself from a neighbour/partner. All it takes is to find the software and install it. If your phone supports GNU/Linux, it's surely a solved problem.

Apple creates a walled garden, where they decide what you can and cannot run on "your" device. Even if such devices are useful in specific circumstances, the problem of freedom is still there.


It’s not so much that you as a HN user and presumably very computer literate person can protect your own device. It’s more about others who are not like you, and what an evil version of you can install on their devices while tricking them to think there is no problem.

If the phone owner is not knowledgeable about the dangers, they should not be required to become a security expert and download special apps in order to deserve protection from those who would install privacy invading apps on their devices.


Let me remind you that the original question was "What exactly is their issue with Apple?" and the answer was "The lack of freedom".

Now, it seems you are trying to argue that not computer literate people need a single chef (Apple) to tell them what to do and what not to do with their devices. Let me explain to you that freedom, which Apple devices lack, would allow such people to choose, whom they trust, increasing the competition and improving the market situation. For example, you go to a repair shop you trust and ask them to install any operating system they think is reasonable. It also concerns physical repairs. Apple more and more prohibits independent repairs.

Even if Apple is solving "big problems" as you claim, the answer given is still legit. There are people who need freedom and Apple goes against it in many ways. And it is not always possible to switch to other vendors, see "Vendor lock-in" in Wikipedia.

tl;dr: You do not have to be computer literate person to benefit from such freedom.


Sure, but there are tradeoffs that must be dealt with.


Apple is focused (theoretically) on privacy now, but that doesn't mean they won't change, and if they do change, Apple users won't know about it until their information is sold.


(a) it’s not really theoretical, considering both their public stance on it and the design choices that they’ve made; (b) “but they might change” is a bugaboo that could apply to anyone. An open source project could get compromised, taken over or bought by a malvertiser who replaces the software with a signed malware - and we have ample evidence that this has happened before to many projects (e.g. Chrome addons).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: