Why does everyone keep repeating this idea that Apple is the privacy company? They are just less bad than Google, but that isn't saying much. It's a marketing point for apple, but they still collect hoards of data and work directly with governments and agencies.
Source? Everything we've seen in terms of technical publication about the design of their software and hardware says the opposite. They're intentionally baking privacy into their services where others have done the exact opposite.
Requiring a physical address to create an Apple ID to download free apps doesn’t seem privacy oriented to me.
Sure, I can use a fake address, but what if they start to check against it and then lock me out of my account?
It’s bad enough all the players require my full name. I do use an alias whenever I can, but for vital accounts, I don’t because I’m afraid one day they’ll ask for a government issued ID to verify my account or I get locked out.
No, you know a lot more than that. Apple is a public company. Take a look at their quarterly reports. Note the distinctive lack of dependence on ad revenue. This alone sets them apart from Facebook and Google.
Apple makes money by selling stuff to people, not selling people to advertisers.
Untrue. You can sniff outgoing connections and reverse engineer whatever you’d like (I sure have and am glad to have a full understanding of everything going out).
Time is another dimension here, you'd have to indefinitely monitor the device to make sure there's nothing sent out. There's also the possibility of stenography and remote-activation.
> (I sure have and am glad to have a full understanding of everything going out).
There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out. However, do not exist in iOS. Anything can happen in the future, and those future versions can also be examined to find out if any such functionality was added.
The first part of my sentence only applies if you think you can/have audit(ed) every line of code running on your iOS device. If anything you're the one saying it can be done by you without any substance.
> There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out.
Hint: You do not need to manually, personally, audit every single line of code to discover the use of such functionality.
Granted, this data is on-device, and we don't know how much (if any) leaves the device, but if Apple really had privacy as their top priority, they wouldn't collect that data in the first place. Privacy is surely important for Apple, but it's not the absolute top.
The phone collects data and stores it on device. "Collect" data does not mean "transmit" data.
After data is stored, it can be extracted by attackers who exploit a vulnerability in the OS, or by anyone with physical access who finds out the passcode. (eg. by coercion, by camera surveillance, or by simply looking over someone's shoulder)
If an operating system truly put privacy first, all that data would never be stored in the first place.
Obviously it's a tradeoff. If you want smart recommendations and all the "AI" features, you need to collect and store a lot of data.
If you value privacy above all else, you have to store as little data as possible, and you have to say "no" to features that require analyzing a lot of data.
I'm generally inclined to believe that companies--and people--aren't lying outright, unless there's evidence to the contrary. Apple seems to be making a real, concerted, and good faith effort in the realm of data privacy. This effort ought to be recognized.
Would it be _better_ if all Apple software was fully open source and could be independently audited by anyone? Yes. Does that invalidate everything else? No.
Also, Wireshark is a good way to monitor what data your phone is sending to what servers, even if it's incredibly imperfect.
With ubiquitous use of TLS and the advent of certificate pinning Wireshark is becoming less and less useful. Even if you convince the phone to accept your man-in-the-middle certificate with a provisioning profile, there's no way to proof that it sends the same data as if it got the real certificate.
If iOS was changing the data it sent out depending on which root certificates were installed, that would be a huge scandal, as I cannot imagine _any_ non-malicious reason to do that.
That's not proof of anything, but again, at some point I feel you have to assume good faith. Apple does not have a history of doing stuff like this.
So to be clear, you are arguing that we cannot blackbox anything and see what network connections it's making or amounts of data being sent to whom or timing of it because proprietary? Nor for that matter find security vulnerabilities that lead to jailbreaks and then further deep dives right? Since it's proprietary that means nobody can possibly find any issues? You might want to think about this one just a little bit longer.
Seriously, the fundamental issue with proprietary is maintenance, ie., not finding but fixing (in a good way) problems and then making those fixes available to other users. Adding features to scratch niche itches is another, though arguably not as critical a matter. But for merely reverse engineering, decompiling, probing memory, fuzzing and all that lack of source code is effectively zero barrier. If it wasn't then source/algorithm obscurity really would be effective for security rather then a bad joke.
When you are the one making a claim refuting what is generally considered common knowledge, you're expected to provide SOME citation of your disputed claim... not to mention it's such a common internet troll tactic to spew BS just to make people do research to prove you're full of it that it's just kind of common courtesy to start with links (assuming you aren't a troll).
Equally easy to find recent articles outlining Apple is getting billions from Google to have Google search by default in Safari. Doesn’t sound fitting commitment to privacy.
While I'm sure apple's default choices are partially profit-motivated, defaulting to Duck Duck Go would be a poor UX for the vast majority of iPhone customers.
There is a valid discussion to be had as to whether UX or data privacy should be prioritized, but I'm inclined towards UX--most people just want to get the best search results possible.
If anything, on the UX <--> privacy scale, I'd argue Apple has sometimes been prioritizing privacy too highly as of late. As a heavy user of custom Applescripts, the new TCC dialogs introduced in Mojave have been causing me a lot of grief.
Because it's shorthand for "the burden of proof is on those making the claim, and negative claims are much harder to prove or disprove." If your rebuttal to my assertion that Taylor Swift is not, in fact a zebra boils down to "you SAY that none of those zebras are secretly Taylor Swift, but maybe that just means Zebra Taylor Swift is just that good," I mean, I can't technically disprove that, but shouldn't the burden of proof be on you?
> negative claims are much harder to prove or disprove.
No, they aren't.
One, disproving a negative claim is exactly proving the opposite (positive, if the same style of expression is used) claim (and vice versa), so it can't be harder to both prove and disprove negative claims, even if they were real distinct classes.
Second, “positive” and “negative” claims are largely phrasing choices; it's quite possible to have positive and negative claims that are semantically equivalent.
If the intention is to talk about burden of proof, then that's what we should be talking about. That's clearly not the case because the parent comment replied asking how it was possible. They seemed to have meant it very literally that negatives are impossible to prove. It's a common saying and it's flatly wrong.
Additionally, in this case, the claim that a company can be trusted is much more difficult to prove than the claim that they cannot be. Burden of proof, difficulty of proof, and whether the claim is expressed as a positive or a negative have no intrinsic link.
