The most persuasive argument for Apple as trustworthy on privacy was weak: that because they didn’t monetize data as rapaciously as Google or Meta, there was less incentive for them to spy on users.
But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.” But placing trust in a company on privacy due to the relative lack of financial incentive seems hopelessly naive.
Yeah this one has pissed me off generally. I'm slowly working out how the hell I get out of the ecosystem but I realise I'm heavily locked in and it's difficult so I'm going to have to do it very slowly and methodically.
Edit: just bought a desktop PC off ebay which I will install Ubuntu on and see how I get on.
I sympathize. It is probably the most difficult ecosystem to get out of. Nextcloud was one of the most important pieces of software for some I know who got off of Apple. You can setup your own private cloud or use a community server you trust to replace pretty much everything on Icloud: Files, photos, music, notes, tasks, contacts, calendar, passwords, bookmarks, facetime, and many more. Migrate everything there, and then you can switch to any operating systems you want.
At least when I de-appled in 2016, the local info database was accessible for things like MP3 ID info, but it required mapping w/ Python. Moving over to local PC storage was simple through USB (Ubuntu or Fedora as OS at that point, no doubt).
I don't know if it is as simple or if they have data checkout options. Good luck with it!
Oh I'm screwed. I'm fully in on Apple Photos, Music, Calendars, Notes, the lot. I will pull things out carefully one service at a time over the space of a few months or I'll get pissed off and give up.
One thing I am looking forward to is a keyboard that isn't shit.
I have a 14" M1 MacBook Pro. The keyboard is "ok" but not great. It occasionally misses keypresses when I'm typing fast or hit the edge of a key.
Also I never really got on with the keyboard layout. Some things are just better on other platforms like position of hash, usage of meta-keys and discoverability. I find, despite rarely using it, that I can navigate around windows 10 better on a keyboard than I can on a mac.
I mostly use my mac in "desktop mode" with an Apple studio display (that's the most difficult thing to give up) and a TKL Durgod K320 cherry MX red mechanical keyboard so I will reuse the keyboard for "the other platform"
Build quality on non-Apple machines have been rough for me. I burned through both an XPS 15 (caseflex causes restarts with keyboard use) and a Framework (random restarts, never could pin down the hardware issue even with mainboard replacement). The I've settled on a good ThinkPad and, honestly, I set the power settings simple and just keep it in a docked state. Never even think about it!
Yeah I have owned a few thinkpads. I went for a desktop because I am totally fucking done with owning laptops now. I don't need one so I'm not bothering any more.
I've been passively looking for a means to get my Notes in some offline format. So far I've just been exporting them to PDF which isn't ideal for me, but at least captures the note more or less.
You should be able to download the music you bought from iTunes DRM free. For the movies/etc, just pirate them. You already "bought" them so morally you're in the clear. For the software/etc, walk away from it. Sunk costs.
The hard part is if you have a lot of content on icloud. Ive yet to find a reliable way to pull content from icloud locally. Apples first party download service doesnt really work for large icloud accounts, the downloads just fail to complete and you have tens or hundreds of gb to download. Ive tried third party command line tools and they silently crash after a couple dozen files, as in they will just hang until I notice they have failed so I cant just automate something to restart the script after fail. I’m actually at a loss here how to migrate from icloud.
I have little software investment (mostly pixelmator) but I am using Apple Music subscription. I've paid for it for over 3 years so I think I've paid enough anyway...
not trying to start a distro war, but I would advise against using ubuntu for the time being as their custodian has been somewhat incompetent in recent years, and they have been forcing users to use their "snap" system. It may give you a bad first experience.
I haven't tried it, but I've heard Pop_OS! is a pretty popular distro these days. If you want something really lean and unobtrusive (though you may need more up front setup), you may want to look at an XFCE based distro (my personal favorite).
Just remember, most distros have live usb stick distros so you can always try out a bunch before you decide on the right one for yourself.
Thanks. Pop_OS! is a candidate for testing here already if Ubuntu doesn't work out. I picked Ubuntu as a first point because I grabbed a Lenovo Neo 50s desktop and that supports it out of the box. That will set expectation for hardware compatibility and issues for other distributions or variants.
I like Fedora and Pop_OS! I'd recommend Pop_OS! first for newcomers but Fedora is great for a work desktop if you're reasonably technical and don't mind upgrading at least once a year. Pop_OS! offers an LTS edition so you can stay with a release for several years.
I'd second mint for anyone who wants a "it just werks (TM)" experience with minimal configuration to throw on anything except a server.
For servers, these days I'd recommend Alpine on ARM architecture for a very good mix of high performance and having sane defaults set up so you can easily set up a reverse proxy, web server, etc.
OpenSUSE is nice. It has btrfs/snapper configured by default, which makes upgrades low-stress (if anything ever goes wrong, just reboot into the snapshot automatically created before every upgrade.) It also has a decent GUI (YaST) for system administration tasks.
I love OpenSUSE (esp. Tumbleweed), but every time I see a tutorial about ML stuff, they are using Ubuntu. I wonder if there's any inherent advantage to Ubuntu that other distros don't have (e.g., having some libraries preinstalled, sane default configs, etc.)
> I wonder if there's any inherent advantage to Ubuntu
No advantage, but Ubuntu is the most popular distro for regular users / tutorial customers. Ubuntu also has the widest availability of support resources, even though the information is often not Ubuntu-specific.
If you use a non-Ubuntu (or non-Debian-derived) distro, you'll need to do a little bit of package-name mapping to get the prerequisites installed. This is annoying but only has to be done once (take notes!).
The bigger problem I've had with ML libs is that they're very picky about version compatibilities. Once you settle on a set of working/compatible versions (libs, python, python pkgs), make some effort to preserve your sources. Package versions can get deleted from the official repos, be prepared to build from source, etc.
Controversial statement - with the amount of scrutiny, hate and FTC oversight over companies like Facebook I have more trust in their privacy than Apple. Apple weaponized privacy to be able to enter their competitors market, all while very openly lying it’s all about the user.
How is Apple lying that it's all about the user? Their support documents clearly outline what is E2E encrypted and their explicit justification for not locking iCloud backups is specifically because of situations where users are locked out of all their information because of a forgotten password.
Unless there's evidence that Apple has sustained a security breach as a result of this posture, it seems to me that they actually are caring about the user. The only incidents that I'm aware of with regard to Apple are social engineering and brute-forcing due to weak user passwords. Is there a situation or evidence that Apple is lying here?
1. It seems to me that they do care about user privacy. I haven't seen any evidence yet to suggest that they don't. Tim Cook, of all people, has every reason for this to be a priority and a truthful statement.
2. The privacy tracking controls only restrict tracking across apps and websites. Individual apps are allowed to collect data and it would be impossible for Apple to guarantee that an app couldn't collect data since they clearly can't be aware of every since implementation within the app. Notice what the terms for end-users explicitly state since a company like Meta can't get info from Apple about users across FB and Insta, for example, but may have ways to tie users together based on data they're collecting on the platform itself. Apple can't really stop that. They can only make it more difficult (which they have, as evidence by FB's reaction to the new privacy controls).
3. Where do you get the idea that they're not subject to the same restrictions? I don't see any evidence that this is the case.
> It seems to me that they do care about user privacy. I haven't seen any evidence yet to suggest that they don't.
I think it's about priorities. The way you can tell when a company cares about something is when you see them give up something else they want to have it. In the case of privacy, they could show that they care by not collecting gobs of telemetry about every time a user plugs in their laptop, every time an executable is run, and exactly what a user looks at in their app store, and for how long. But they do collect all this data because it helps them both with advertising and with "improving" the product (using scare quotes because it's not clear to me what metrics are used to gauge "improvement"). I don't see _any_ effort made to protect Apple's users from Apple itself, and that's the core privacy problem: the mere existence of a massive store of all this data presents a very real risk to users.
> Where do you get the idea that they're not subject to the same restrictions?
The lawsuit alleges that Apple is not subject to the same restrictions it imposes on others. From the article:
> Apple’s iPhones and other devices contain settings that purport to disable all tracking and sharing of app information, but the tech giant continues to collect, track, and monetize their data even after consumers have chosen to disable sharing, it said.
Logically, this suggests that iOS will restrict other apps from tracking behavior across apps/sites, but Apple is leveraging its privileged position as the device and OS manufacturer to remain immune to those exact restrictions.
>the mere existence of a massive store of all this data presents a very real risk to users
You're assuming this massive store exists with no evidence for it. One of Apple's central tenets with regard to privacy is that all the telemetry is done on device and never leaves the device except in an anonymized form. Based on what's been shown, this is still accurate. Apple is able to still collect data about how its users behave without any data that's tied to an individual.
>The lawsuit alleges that Apple is not subject to the same restrictions it imposes on others.
That is not evidence that this is true. From the lawsuit itself, they seem to be misunderstanding both how that info is used and how users have consented to it. I don't have enough information to say for certain but, based on the way the article and others are talking about the data and the video that's been presented that shows what data is being sent, there seems to be a misunderstanding between the settings that Apple provides that are meant to prevent cross-application and cross-site data collection with data collection from a single source. Additionally, I think they're making an assumption that the IDs being sent to Apple are shared across applications because I haven't seen any evidence to suggest that that's the case. That means that, unless some evidence is presented that proves it is being shared across apps, Apple is being truthful in what it's saying. It's collecting anonymized data that is then aggregated.
>to remain immune to those exact restrictions.
Again, that's not what has been shown so far. Until it's actually shown, rather than assumed, that Apple is using this tracking information across apps or across sites, Apple is doing what they say they're doing in their privacy policies.
3. Every other app has to ask user to "opt in", default is "opt out" while for apples own prompt the user has to "opt out", default is "opt in". This alone is evidence they are not subject to the same restrictions.
Not quite. Apps subject to ATT rules have to ask permission to permit tracking across apps and/or websites. All apps have to declare what personal information that they’re interested in. Here’s a link to Numbers: https://apps.apple.com/ca/app/numbers/id409203825?mt=12
It declares:
Data Linked to You
The following data, which may be collected and linked to your identity, may be used for the following purposes:
Analytics
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Diagnostics
Performance Data
Other Diagnostic Data
App Functionality
Contact Info
Email Address
Name
Phone Number
User Content
Photos or Videos
Audio Data
Other User Content
Identifiers
User ID
My bet is that the Stocks app says the same thing, and that people are confusing OS data collection permissions with app data collection permissions.
It is meaningful in that people generally have separate expectations from the OS itself than from apps. That is, IMO the current hullabaloo about the Apple stock app (which can be uninstalled), etc. is nonsensical as it would fall under the privacy declaration of the app, not under the OS itself—but it’s presented as an iOS problem.
It may be an Apple problem regardless, but OS settings about data collection do not control app settings about data collection. Should the apps have those data collection settings? Certainly. But now you’re getting into something that Apple would be building that you can guaran-damn-tee that they will force other applications to implement (because it’s good for the user).
You're being disengenous, Apple's own apps request location data the same as any other. I know this because of having denied the permission when prompted.
Yeah I just setup a new phone and the prompt is "would you like to enable location services?" then it lists the reasons it will use it, including weather, find my, etc. I typically hit disable there, and then manually enable it for the things I do want to give access to.
Do you have any evidence of this? Setting up an iPhone or iPad asks the user to opt-in to Apple's tracking. The only reason it would be opt-out is if you opted in previously and a software update has revised the permissions/tracking for that app. If you've previously opted-in, then the default is not opt-in. You're just seeing it that way because of your previous allowance.
Maybe youre right, that its remembering previous opt in setting and defaulting to opt when setting up new iphone, but I am 100% sure its not the same behavior for other 3rd party apps, they always default opt out regardless what option you chose the previous time you installed the app.
Could you be specific about what tracking restrictions Apple imposes on others which they don’t follow themselves?
My understanding was that Apple asks for user consent before letting ad networks track users across many apps run by different companies. Apple doesn’t do that themselves as far as I know?
> Unless there's evidence that Apple has sustained a security breach
I don't think thats a strong argument. FB's security was never actually breeched during cambridge analyitica. It was information given to a study by paid subjects, plus scraping of their friends graph, plus a fucktonne of PR to say how great their data was. Sure they had information on n million people. But they didn't have _detailed_ information.
With apple, they have unrestricted access to the location of you, your laptop and tags. With that you can work out friendship graphs. Not only that but all the information that every app collects plus a boat load more metadata.
If they cared about the user, they wouldn't be collecting this information, instead they seem to be wanting to muscle into FB and google's advert game.
But, dont get this as me saying meta/google are good. No, they are just as bad as apple, but with varying levels of PR.
This would only make sense if abusing personal data were actually illegal. As it stands, the FTC maybe has the power to create a slight inconvenience for the legal department, and only if something goes really bad to the point of creating widespread demonstrable harm.
The process for working with user data today at Facebook is super rigorous. Accessing anything requires requesting permissions which are auto expired. Any analysis build on user data is auto deleted without 24 hours etc.
I doubt many companies that haven't been hit as hard as Meta have the same sort of systems set up.
Apple always wanted to get into ads business, but the contenders were too strong and Apple doesn't have an edge for competition unlike Google Search, Amazon Marketplace, Facebook's user tracking etc... So instead of directly jumping into the business they decided to first level the ground with IDFA and ITP. The natural next step would be to monopolize user tracking data within the Apple ecosystem. I'm almost sure that this is "Manifest destiny" for Apple, but the question is "when".
Imo incentives-based reasoning is the only way of thinking about corporate behavior that isn't naive. What's happened here is that the incentives changed, which- maybe you could call it naive to assume they wouldn't
But there's also a bias, when presented with only two real options, of telling yourself that the less-bad option isn't just less-bad, it's actually good. Because it helps you sleep better at night and because there's nothing you could really do about it anyway. Same thing happens with two-party politics
> which- maybe you could call it naive to assume they wouldn't
Definitely. I think the correct way to think about public corporate behavior is as if they're psychopaths. I don't mean that necessarily with the negative popular culture connotations, but just that they will always behave in what they see as the optimal personal benefit regardless of what it does to others.
That's just what a large and for the most part anonymous ownership that expects growth coupled with a set of people to steer operations that is mandated to work in the best interest of those owners results in.
So, think about your relationship with companies as you would with a friend you suspect is a psychopath but is amiable and somewhat beneficial to associate with at the moment. Just because they don't have an incentive to spread all your private info around at the moment doesn't mean they won't have reason to later, so be careful what you expose, and trust them only as far as it makes sense to. They aren't a real friend, you're just using each other for mutual benefit, and that doesn't generally last forever.
> But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
This might about as clear-cut a case of unfair trade practices as there ever was.
FWIW the slight of hand mentioned here isn’t in the article. I presume it means the fact iCloud backups aren’t end to end encrypted with your iCloud Keychain passphrase, which was reportedly either:
A) because apple wanted to be sure you could restore a device to which you lost the key (not implausible user experience story, but one you could imagine folks opting into)
B) the FBI complained and they caved
C) both A and B
Note that iCloud backups include the keys needed to decode your ostensibly end-to-end encrypted iMessage history. Effectively key escrow, but they don't market it like that.
That seems like a bad way to think about security threats. The fact that the door is open at all is severely problematic, regardless of how many people have walked through it.
That wasn't my point. The OP suggested that Apple was being deceitful about its position that this posture is "for users". To me, the fact that a user can potentially (and accidentally) lock themselves out of their own data with no recourse is a justification for a more relaxed security posture that completely lines up with being "for users". If there is no evidence of a security breach as a result of this lowered posture, then the lowered posture is both "for users" and also worth it. I, personally, would rather have the higher security posture but I can't see any way for Apple to implement that that wouldn't result in someone's grandparent unintentionally locking themselves out of years worth of data. I already see it when people don't backup their phones (to iCloud, since it's so easy) and then lose all their data when they drop their phone and it gets run over by a car. Apple must see the trade-off as worthwhile to be able to offer users the ability to gain access to their data after an extensive verification process vs. having the strongest security posture possible.
I think you're missing a key difference here, though: Apple is not selling that data to their advertisers. The key difference between Apple's privacy argument and others is that your data in the latter case is being sold to those advertisers along with the targeting. Apple, on the other hand, is using your data to personalize what you see but none of that information is sent to Apple and none of it is sold to third parties. All the personalization is being done on your devices and you can turn it off if you choose to so that you just see generic advertisements that everyone else sees.
All together, I don't see how that makes Apple's trustworthiness weak in this space. In the current state of the internet, advertisement runs everything so they're still delivering on ads to their customers without selling your data or even giving those third parties a way to track you as an individual. That, to me, still equals privacy, at least as far as what Apple is saying.
If this is true I'd be genuinely surprised. Are you saying Apple's model is "Advertise through us. You'll get absolutely no feedback on the users who respond to your advertising. We will just send you a bill, 'x clicks * y cents/click'."
Without arguing about whether it should or shouldn't be and the other deeper considerations, I can't see that as a compelling use of marketing dollars.
No, I'm saying that Apple is promising advertisers aggregated data about their ad performance and people reached without ever handing over individualized data. Apple, like they do with all of their third-party services, is acting as the gatekeeper between users and advertisers/third parties. They're leveraging user trust in their brand/company to say "we'll provide you with data" to advertisers while being able to tell users "we don't share your individual data with third parties". It's the same reason they insist on Apple Pay being the only method of payment for apps within the app store. They don't want to lose user trust by allowing apps to collect payment information from users. Some people think they're doing it to take advantage of their position as the device manufacturer (not a stretch, in my opinion) but I think their consistency across all devices and platforms makes the argument that they are actually doing what they're claiming for the reasons they're stating.
I've responded elsewhere but the big difference is that Apple has always operated this way while FB and Google have changed their positions. Since they have had prior data breaches, it's not difficult for a malicious actor to use old data combined with new data to restore data models. The only situation where this wouldn't apply would be for users whose accounts were created after the policy changes.
They do now but only because they leaked a bunch of individual user data models in the past. Apple has always operated this way so there's nothing for someone to tie together. Facebook's position is basically useless when someone can recreate user data models for anyone that was on FB before the policy change.
Google is currently in a lawsuit brought by several states in the US for tracking users without their consent because they continued to track users after people explicitly denied/disabled that tracking. While I did say "leak" in my original response related to Facebook, I think arguing that is a little pedantic since my point was that Google/Meta have a history that Apple does not. Google's history wasn't necessarily with leaking data but moreso collecting and selling data that they told users they weren't collecting/selling.
There’s probably something to be said for targeting simply the group of people who are on apple devices, given they as a group tend to have higher disposable income. Marketers did their work without direct metrics for a long time, it’s not impossible.
Apple would undoubtably not be able to charge as much as they could if they had those sorts of metrics to give, but there is a value proposition there.
Meta is also not selling data to advertisers. Advertisers buy ads and Meta decides who sees them. Advertisers only find out who sees their ads once they click on them.
Now. This is a policy change that was a direct result of the Cambridge Analytica leak. Cambridge explicitly used the cross-site and cross-app tracking to build the models that they sold to people/companies/governments.
Facebook was not selling data then either. Users gave their explicit consent to Cambridge Analytica to use the data in the surveys. The mistake Facebook made was giving Cambridge Analytica access to those users' friends data, which qualifies it as a data breach. Again, Facebook never sold data to third parties.
That's not accurate. Facebook sold the data to Cambridge Analytica. You're right that users gave consent for their data to be used but the data bundle sold to Cambridge Analytica included data that was not collected in the surveys. The entire issue wasn't just that FB gave CA access to those users' friends data. It's that they sold it to CA insomuch that CA was paying FB for that additional data.
>"We have to seriously challenge the claim by Facebook that they are not selling user data," commented Damian Collins MP, chair of the UK Parliament's Digital, Culture, Media and Sport Committee.
>"They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together. This is just another form of selling."
Did Cambridge Analytica pay for access though? IIRC they just created an app that utilized the "Login with Facebook" feature which then gives the developer some metadata. I've looked around but couldn't find any sources on whether or not Cambridge Analytica actually paid for this access.
This is not true at all. It matters from both a principle standpoint and also a data availability standpoint. If I tell you that I won't sell your location info to people starting today but I was selling it in the past, how difficult do you think it would be for someone to use that past information along with current information to figure out what your favorite restaurant is or where you work?
It matters very much that a company only stops selling or tracking your info because they got caught or had a data breach. Look at Google right now. They're being sued by several states for tracking location info for people and then selling it to advertisers without those users' consent. It matters very much to me if Google is suddenly claiming that they're privacy conscious because their actions explicitly speak to the fact that they're not.
Meta has swung hard in the other direction. Now privacy reviews are so comprehensive that development speed is significantly hampered. Some teams say they're half as productive as they were before the privacy-first changes. Meta seriously does not want to make the same mistake again. Source: I'm an engineer at Meta.
That's good to hear but it doesn't undo the reputational damage from the past. Even if Meta says they're privacy-conscious, I already don't trust them because they were willing to exploit it for gain and recently at that.
There has been some weird misunderstanding on the business models of ads network. They have zero incentive to sell user data to advertisers or whoever else. That data and model is the only meaningful difference between ad networks, advertisers and their potential competitors, beside of established infrastructures. You don't sell your strategic weapons to your enemy right? They may provides some targeting and contextual information for bidding, but given that many ad networks are moving to automated bidding systems I think this also will be gone eventually.
Microsoft has also never sold your data to advertisers. And yet I despise them for collecting my data and not giving me the option to turn that off. Apple is now doing exactly the same thing. So I despise both Apple and Microsoft equally.
But hey, at least I can game on my Windows PCs, so...
> App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.”
I don't get why these are automatically considered sinister. Measuring how people actually behave is an excellent way to improve your product. If this is done with sufficient care and anonymity, with no financial incentive to betray the user, I don't see the issue at all.
People don't like being watched. There's additional cognitive load in having to decide all the ways you might later regret giving that information away.
Once the information is out the door, it's out. You can't recall it. Apple or whatever company can have a change of leadership, mission or strategy that's incompatible with your values. But they still have your data and likely still can claim they have permission to use it.
For those of us who are older, it's also just discomfiting. We had at least a plausible illusion of privacy in our homes and our comings and goings. Now you have to take drastic and active steps to preserve privacy.
That's not to say I am fully against telemetry, but you asked why they're considered sinister. I think companies or organizations have a lot of work to do in order to comfort users.
> Measuring how people actually behave is an excellent way to improve your product.
It might be if done correctly but often telemetry is only used to justify existing wants. A typical example is removing a feature that isn't use a lot even though a) users might want the feature but don't even know about it because it is too hidden (which might even have been done intentionally as a first step preceding the telemetry-based removal) or b) might not be needed often but is absolutely essential in some cases. Like other statistics, telemetry can be used to justify almost any choice.
Meanwhile the same people using telemetry will happily ignore users trying to talk to them directly, including those users that make it clear that they don't want telemetry. So if you aren't going to listen to users why should anyone believe that your use of telemetry is going to be in those user's interest.
> If this is done with sufficient care and anonymity
And as a user you have no way of knowing that it is.
> with no financial incentive to betray the user
When is there not a financial incentive to betray the user? Any use where telemetry even makes sense is already a few to many relationship where users are at least somewhat replaceable. Data breaches are common but usually there are no real consequences for those that collected the leaked data even though they didn't really need it. Even intentional acts like selling the data will be forgotten soon enough, that is if they even come to light in the first place.
To me it's an issue of consent. And not the "agree to us collecting everything or GTFO" kind of consent that companies love to stick in their EULAs. Telemetry is fine as long as I have the option to disable it completely. If that option does not exist, my assumption is that there is a revenue-generating reason why this stuff is being collected and it's not just being used to "improve user experience".
I'm confused about this entire thread and the lawsuit considering that, as far as I can see, Apple's privacy statement explicitly says "across apps or websites". There's nothing about the privacy policy that states that they can't track you within a single app. I don't see any evidence, in the video or otherwise, that what's going on and what's shown is going against that policy. Maybe I'm naive to think that Apple doesn't cross-pollinate this data but I don't see any evidence to suggest that that's not the case or that any of this is malicious.
> If this is done with sufficient care and anonymity, with no financial incentive to betray the user, I don't see the issue at all.
Even if a public company somehow managed to pass all of those caveats today the moment their leadership changed it would all go back out the window. And even a private company might go public or change leadership.
Facebook was one of the first big companies to implement https in a non-payment / checkout page. They also have not suffered a data breach as far as I can remember.
So your data is safe with Facebook too.
The only difference that I see between Apple and Facebook is that Apple is doing the labeling of its users on device, while Facebook does it on the cloud.
At the end the result is the same: targeted ads to specific classes of users.
“In the 2010s, personal data belonging to millions of Facebook users was collected without their consent by British consulting firm Cambridge Analytica, predominantly to be used for political advertising.
The data was collected through an app called "This Is Your Digital Life", developed by data scientist Aleksandr Kogan and his company Global Science Research in 2013. The app consisted of a series of questions to build psychological profiles on users, and collected the personal data of the users’ Facebook friends via Facebook's Open Graph platform. The app harvested the data of up to 87 million Facebook profiles.
[…]
Aleksandr Kogan, a data scientist at the University of Cambridge, was hired by Cambridge Analytica, an offshoot of SCL Group, to develop an app called "This Is Your Digital Life" (sometimes stylized as "thisisyourdigitallife"). Cambridge Analytica then arranged an informed consent process for research in which several hundred thousand Facebook users would agree to complete a survey for payment that was only for academic use. However, Facebook allowed this app not only to collect personal information from survey respondents but also from respondents’ Facebook friends. In this way, Cambridge Analytica acquired data from millions of Facebook users.”
Here's Zynga doing it in 2010 [0]. Obama campaign crawling the social graph hoovering up 10s of millions of users [1].
"We ingested the entire U.S. social graph," Carol Davidsen, director of data integration and media analytics for Obama for America, told The Washington Post this week. "We would ask permission to basically scrape your profile, and also scrape your friends, basically anything that was available to scrape. We scraped it all." [2]
Facebook has had several high profile data breaches, 530 million users' data in an unsecured database in 2019, and several issues surrounding data sharing with third party apps on their platform.
> At the end the result is the same: targeted ads to specific classes of users.
Is there any evidence that Apple is using the unique identifier for advertising? Also isn’t the unique identifier necessary for users who actually opt-in to tracking?
What Apple does with all the data they collect may be one of the best guarded secrets in the world. Assuming they invest heavily to collect the valuable data and do not use it for financial or power gain does not make any sense.
I just opened Apple News, it has a for you page and it shows me articles that are interesting to me (tech and cars), and a nice ad below them for cheap car loans.
How did the Apple server know what articles to serve me? I never asked for them explicitly.
So I was labeled as a user that likes tech news and cars, and the server automatically sends me stuff relevant (articles & ads) to these labels.
Apple will probably get away with that as it is all in the fine print. But,
1. Let's not forget vast majority ( if not all ) of people on the Internet, inclusive but not limited to Main-steam Media, HN, Reddit and Twitter who commented between 2017 and 2021 thought privacy meant anonymous. And before anyone disagree, very very few on HN even bother to downvote or stand up against the notion of privacy meant anonymous.
2. Apple play this card, both in PR and marketing, along with media ( Submarine Article or not ) as a tool against Facebook. Or Social Media but let's be honest we all know they mean Facebook. And of course, for people from US, after 2016 Facebook is the most evil company on planet earth. Any Facebook bashing equals great.
3. A lot of people were brought into the idea of privacy meant anonymous. So in other settings, Apple use the word "personalised" instead of Data Collection, cough, I mean tracking.
4. The good thing about all of these, anything illogical will have to unfold some day. ( Just like Crypto ) Apple of course collect Data from you. Apple of course has all the Data about your usage pattern. So when some people came to realise privacy doesn't mean anonymous, I guess they aren't so happy?
5. Apple's true definition of privacy is that All Apple's user Data belongs to Apple. Any data to third party are by definition "Tracking". Since Privacy is a Fundamental Human Right, I guess the only choice is to give Apple all your Data?
6. Most people, especially tech nerds will likely play the I trust Apple more than Google card. Because Apple are not in the Ad business! - That was 2017 to 2021 if not 2022. They have their ads business right infront of you for a long time. They have been preparing their Ads business for a long time. Most tech nerds, or Apple apologist just turns a blind eye to it.
> 5. Apple's true definition of privacy is that All Apple's user Data belongs to Apple. Any data to third party are by definition "Tracking". Since Privacy is a Fundamental Human Right, I guess the only choice is to give Apple all your Data?
Are we so naive to believe that we are not be tracked by the big tech companies all the time?
If I use Office 365 Microsoft knows about my document writing habits and may be privy to company secrets if I had to write some sensitive company memos.
Google has the vast majority of my email if not all since so much email goes through their mail servers. Even if I avoid using GMail, I can’t stop my contacts from doing so. Google knows all my search habits as well.
Amazon knows my spending habits, the list goes on and on. And then there are the traditional means of tracking someone via credit card expenditures or your cell phone provider knowing your whereabouts and usage patterns.
You give away tracking data all the time. The issue is how these companies use that data. If they are doing something nefarious like what Cambridge Analytica did then we should be outraged.
Otherwise it’s just hypocrisy to play the blame game on any one company.
You are generally right that most of those proprietary products and platforms track you to different degrees. They are not transparent about how they use it. I can attest that many of have been off all of these for years other than when we are forced by workplaces to use them. You may be like many people who are unaware of the alternatives because they are free and not advertised.
I am aware of alternatives, but I was trying to come up with examples from competing companies that many people use. People don’t seem to be up-in-arms about all SaaS products but just those that are owned by corporations that they have a particular bias against.
But my argument is more that we’ve already given up a lot of our privacy by interacting with today’s technology. ISPs, cellular providers, credit cards, banking, the list goes on and on regarding areas where we have give up privacy for the sake of convenience.
I think you are touching on the aspects of scale (how much data collected) and harm (how it is used against us). Another important aspect is time since the older the data is, the less valuable it is to corporations and governments. Debate between which corporations are better or worse comes down to trust and PR. Some people believe that all publicly traded corporations are structurally incapable of protecting users over profits.
It is frustrating. It is clear that people won't sacrifice convenience, thus they will sacrifice their future. No, a "dystopian future" does not await us, it is already dystopian. But big-tech controlled social media is the only thing that most people understand of "the internet". And the discourse there is limited to the triviliaties of daily life, and then these triviliates are fed into the surveillance-capitalist machine.
What are you trying to argue for? That we should all just throw up our hands and give up trying to protect our privacy? What course of action should be taken to improve things?
I’m arguing that the price for our technological advancement is the loss of privacy. It’s unavoidable. If one is not willing to bear such a price then they should completely unplug from technology and go live out in the woods away from civilization. Because just interacting with someone who is plugged in is a privacy risk.
All I hope is that the megacorp that I trust doesn’t go and sell off all my personal data to some nefarious people. What other course of action would you recommend to improve our privacy?
You cannot blindly trust in the continuing good intentions of executives who have as much power as Tim Cook does.
Meta and Alphabet are already committed to profiting from users' private information. Apple is not, at least not yet.
I'd be happy to have laws that enforce (at a minimum) the natural implications of the good behavior that Apple has claimed in marketing for years. But this would destroy Google and Facebook.
>may be privy to company secrets if I had to write some sensitive company memos.
This is the thing that has blown me away as I've watch our privacy get flushed down the drain. When a handful of corps (not to mention Govt. TLAs) have access to everyone's data and comms, doesn't that enable them to spot and mitigate any possible disruptions to their business by upstarts?
On the other hand, it's hypocritical for any one company to pretend they're better than the others if they still engage in the same data tracking behavior.
> Because Apple are not in the Ad business! - That was 2017 to 2021 if not 2022. They have their ads business right infront of you for a long time.
If you look at their careers page, they have been hiring quite a few adtech talent in Texas for the last half year. I won't be surprised they are waiting for their competitors to die off before swooping in. Corporate strategy and PR teams deserves a raise.
> And of course, for people from US, after 2016 Facebook is the most evil company on planet earth.
You mean for the ones that voted against Trump in 2016 & 2020, and think FB won him the election (as opposed to reflecting what people who watch Fox News and listen to AM political radio talk think), not the flawed candidates who ran poor campaigns he was up against. Or the Electoral College.
Anyway, I know people who won't use Google but implicitly trust Apple for reasons you stated.
> Even when consumers follow Apple's own instructions and turn off "Allow Apps to Request to Track" and/or "Share [Device] Analytics" on their privacy controls
Reading the description in Settings for both of these switches, we learn the following:
1. Allow Apps to Request to Track specifically "Allow[s] apps to ask to track your activity across other companies' apps and websites." This clause clearly doesn't apply to any internal analytics process.
2. Share [Device] Analytics is a bigger issue, and is the problem. The switch says that it sends information about how the user uses the operating system and Apple services. That clearly includes the App Store, so switching this off should switch off App Store analytics.
Including the first point seems stupid, since it muddies the claim against Apple.
A note about the App Store privacy information. It (separately) indicates that they collect the information this article alleges - so Apple IS disclosing it. However that doesn't change the fact that the Analytics toggle reasonably seems to apply to the App Store as well.
> Share [Device] Analytics is a bigger issue, and is the problem
Personally, I've always assumed that Device analytics (which I always turn off) referred to iOS, device and network performance, what apps are launched and crash etc. and that it didn't cover in app usage analytics.
But the App Store privacy notes still state they record usage so they can personalise ads (which are optional) and show trending apps and searches etc (I think not optional)
I don't think I agree with your assessment of this for the following reasons:
1. Nothing here is being tracked "across other companies apps and websites", unless there's something here that shows Apple is cross-pollinating their data internally (which is possible but I don't see any evidence for here).
2. I disagree that this includes "App Store" app. The description given when you click the "About Analytics & Privacy" link explicitly states what the differentiation is and, to me, that does not include the App Store app.
> The researchers uncovered these findings using a jailbroken iPhone running iOS 14.6. Notably, while the team discovered similar iPhone activity on a non-jailbroken phone running iOS 16, the data was encrypted and it was therefore not possible to determine exactly what it contained.
And this is why "security" to prevent user control or even knowledge of "their" devices is so important.
My hope is that this case or another uncovers just how much user tracking Apple does. It is a lot more than people know. And the efforts to "de-anonymize" collected data are laughable and not de-anonymized, and there is no real oversight for compliance. But that's all I am going to say on that.
I don't think it's surprising to anyone how much apple tracks its own users. They actually have a page on it and what they're tracking, https://www.apple.com/privacy/labels/. It's also clearly stated that a lot of data collected isn't anonymized at all.
You're right there is no oversight for compliance to their own terms and that is the real issue. It is also an issue if they're getting a competitive edge by bypassing their own rules. It wouldn't be surprising to me if they were but based on the articles there isn't a whole lot of proof.
> It is also an issue if they're getting a competitive edge by bypassing their own rules.
And it's not like that would be the first time they've done that. Pretty common on all sorts of levels.
My "favorite" was the ability of Apple apps on macOS to bypass most of the TCP/IP stack and send traffic directly, regardless of on-device filtering or firewalling. Apple claimed it was "a temporary measure while they dealt with updating software", but I'm still at a loss to explain why an app like TextEdit would have ever needed a kernel network extension in the first place. That to me was almost certainly a post-facto attempt at justification when they were caught with their hand in the cookie jar.
I'm somewhat surprised. I had bought into the "all machine-learning is done on-device" messaging and thought that Apple Maps was taking pains to anonymize data by only sending small chunks of your route data for traffic congestion analysis/etc.
When Apple was starting their machine learning division I'd heard they had trouble retaining top talent because the engineers would show up and "okay! where's the data?" and Apple would reply "uhh, we don't have any it all stays on-device".
But with Apple getting into advertising I don't think this could stay this way, if it ever actually was in the first place.
Do you have evidence for these claims? I'm not sure I understand how any user data can be de-anonymized when all the user tracking is done on-device and never leaves said device.
Obviously the case even without Mysk’s research. Apple’s vision for the future is the walled garden of tech utopia. It makes sense that they want data to retain users and lock them in further to the brand. It’s so devilishly hypocritical to track users and pass it off as normal business practice when they have clearly positioned themselves as the defenders of user privacy against the likes of Alphabet and Meta. Alas, I’m typing this in an iPhone because I don’t know of another viable option for now.
The distinction is that Apple doesn't monetise your data by sharing it with third party companies.
Personally I'm fine with a company I choose to do business with storing information about me and about how I interact with their services. It just seems obvious that they will need to do this in order to provide their services. I understand that some of this info may be more than the strictly necessary minimum, but I have no evidence so far that any of this info has been used for purposes I consider nefarious. If they do, ok I'll reconsider.
I do understand the argument that they're providing an option to opt out of tracking, and that some of this data appears to be what is reasonably considered tracking info. That's a potential concern, sure, but again are they actually using this for anything I'd consider nefarious? If so then again I'm interested, but if not then ok, they should stop doing it, but that's as far as my interest goes.
Apple is forced to share the data with the federal police and other agents of the state, oftentimes (30k+ per year) without a search warrant.
If you think it’s not a risk because they don’t sell it to advertisers, think of all of this lifestyle data, times a billion people, being used nefariously to undermine human rights by someone worse than whoever you think the most repugnant US president has been.
The collection of the data is the problem, because there is a player in the game who is not Apple but has 100% access to all data that Apple has.
If it were the FBI collecting all this dragnet data in bulk, would you be concerned or alarmed?
Using the data to target ads is as good as sharing it with third party companies. Apple is monetizing you, ostensibly at some point they can just stop making products and survive by advertisers paying to advertise on Apple devices with perfect accuracy given the data Apple has on all of us.
I think you're misunderstanding what this is. They only use it to target ads in their store, they still need to actually sell you stuff or they get nothing. You may be thinking of what Microsoft does, getting paid to put ads in their products like Windows, but Apple isn't doing that. If they do, I'll worry about it then.
Google Pixel + GrapheneOS is an excellent alternative to an iPhone in terms of usability, privacy, and security, and hardware + software longevity.
I know it seems weird to recommend a Google phone, but one can completely eschew the issues around Google tracking, by not using Google services, or using them within the on-device sandbox giving them standard privileges.
It's not exactly clear to me based on the article or the ones linked if they are out of line with their own privacy policy. Denying app tracking on a specific app doesn't actually prevent the app developer from collecting analytics data. If they are breaking their own rules that's not entirely surprising and hopefully they are forced to follow them as well.
It is kind of sketchy that they have a way to turn off "device" analytics which one would assume is tied to apple's apps but that doesn't seem to be the case.
It might not violate the fine print, but if their advertising or other official communications give the wrong idea, they could still be on the hook for misleading customers.
I do actually think it violates the fine print. We agree that the App Store is both part of the operating system (it cannot be deleted) and is an Apple Service. The switch for Device Analytics says the following:
> iPhone Analytics may include details about hardware and operating system specifications, performance statistics
So far, no problem. All of these could be construed to mean the Springboard (homescreen) layer and below. Not apps, even shipping in the OS.
> and data about how you use your devices and applications.
Starting to get concerning. App Store use is clearly "how you use your devices" and is also clearly an application. However, it gets worse...
> This information is used to help Apple improve and develop its products and services.
I believe a reasonable person would interpret this to mean that if the Analytics is disabled, Apple collects no data from you that improves [your phone] and the services you interact with.
I completely agree that "Ask Apps Not To Track" is not the problem here - the fact that the Analytics switch doesn't work in an Apple service is the problem.
I'm confused - the article (and what I read of the suit) seems to be using the term "Tracking" for both tracking users across other companies apps and websites (what Apple lets you opt out of) and recording users interaction inside an app.
They are very different - there's over a million websites that use Hotjar alone (which sounds similar to what Apple is recording in App), and every news site will record how many view people read each article if not using some analytics front end JS code to read for how long for.
Macrumours.com itself is using Google Analytics, and the suit it links to is using Adobe Analytics which do much the same.
From what the article says I don't see how this breaks any of the Apples "Anti Tracking" policies - I'm not saying they're not recording too much just that it doesn't break their policies.
Two weeks ago I attended an Apple Event for Government and Education in Chicago. From my perspective was absolutely alarmed at how open they were about tracking data and sharing. I think their marketing on "privacy" was dishonest at the least.
Apple puts constant pressure on the user to use an iCloud account. Apple puts constant pressure to manage apple Devices with a MDM profile based system. In both cases user privacy is lost.
> I think their marketing on "privacy" was dishonest at the least.
> Apple puts constant pressure on the user to use an iCloud account.
I do think Apple's use of the term "privacy" is not completely honest. But we should note the difference between privacy and anonymity. Using iCloud provides privacy for the user; that is, Apple won't access your iCloud data. It is not however anonymous.
What an odd take for Apple. If they really respected user privacy they would cancel their ad business stop the collection and monetization of user data. Their insatiable quest for revenue has destroyed the primary reason you should buy an Apple product. Apple has crossed the Rubicon and their image is forever tarnished for the sake of adding additional percentage points to their quarterly revenue.
What once differentiated Apple from Google, Amazon and Facebook no longer exists. I can't imagine Steve ever going down this road.
I'm happy that these sort of posts are actually getting some traction on Hacker News these days. Up until 3-4 months ago, I was still getting pummeled with downvotes and flags if I even suggested Apple are hypocrites building an ad empire.
Yeah, I don't care what mobile phone it is, I don't trust it with respect to privacy.
I have to use a phone for apps like uber and I use one to browse random content like HN that has no privacy issue for me if the world saw most stuff I read but I have moved away all other use cases to a simpler harderned Linux laptop.
It feels a bit weird and more isolated with that plus no social media but I have seen improvments in my quality of life and I have confidence that the handful of privacy or securiry sensitive data or interactions I have are difficult to compromise.
Plenty of ads in core apps already. I would say that App Store ads are "ads in the iPhone". You also get a bunch of nags in Settings to enable Siri and FaceID features when you get a fresh iPhone or apply a major update. I consider these ads. Probably the least intrusive type of ad, but still.
I'm starting to think nobody reads the things they click "I Agree" to. The terms of the agreement are right there but you can't say you 'didnt know' if you agree to them without reading.
You're just starting to think that? They're massively long, convoluted, legalese documents. It's literally a cultural joke that no-one reads those.
I believe there needs to be a change in how terms and conditions are written - people need bullet points.
By clicking "I Agree", the user (you) agrees that:
1. [COMPANY] can sell your data to third-parties. This data includes [x, y, z]
2. [COMPANY] will retain your data for [X YEARS]
3. [COMPANY] will allow you to delete your data by visiting [WEBSITE]
That sort of thing. People don't read; right, wrong, or indifferent, people don't read. They especially don't read convoluted, exceedingly long terms and conditions that they HAVE to accept to use a product.
> It's literally a cultural joke that no-one reads those
I read every single document I sign my name to, every time. I'm not alone either. I assume we're mostly engineers here, some of us maybe are involved in contractual things, so tell me: in your job do you sign your business's name or your own name as Officer to contracts you haven't read? Now tell me, if work is less important than your personal affairs why on earth would you review the terms for work agreements, but not for yourself? If I agreed to contracts without reading them in a job context, I'd be in the unemployment line so fast the IRS would send me their condolences.
Do I read all work contracts and terms? Of course.
Do I read all contracts in my personal life related to property, finance, or other important things? Of course.
Do I read the 10 pages of EULA every time Angry Birds updates new levels? Absolutely not.
In the context of Apple: When you activate a phone, the salesperson who sets it up (most people in middle america still do go to the store to get their phones activated) literally flashes the screen at you and says something to the effect of, "do you agree? If not, you can't use this phone."
What is your strategy when it comes to updates? Say you hop into your Tesla, see a pending software update and are prompted with a EULA type document. Do spend the next hour reviewing it before accepting? Assuming you are an engineer and not a legal expert, do you consult with a lawyer about ambiguous wording or clauses? How do you repeat this x100 for all of the software embedded in your life?
Most people definitely do not read click-through EULAs in a business context any more than in their ordinary life. When Jira or AWS or whoever send updated policies to businesses on their public plans, almost nobody pays attention. The likelihood of being fired for this behavior surely approaches zero.
And this is where the problem lies. It may be high times to see if EULAs are contracts or not. It would certainly clear some things up really fast. It is not impossible that this case may actually force this clarification.
>It may be high times to see if EULAs are contracts or not.
Abso.fucking.lutely. I believe the state of technology has progressed to the point that EULA are just weasel words. People view them as necessary evils that don't really impact their lives (or, rather, shouldn't) but companies treat them like legal documents.
Because the reality is those "user contracts" have no real value and if you ask me, it's good they are not printed because they would be a waste of paper.
Of course that reality does not suit well companies and they try very hard to create their own bubble world of user contracts.
Proper country laws enforce consumer laws instead based on intent
I am no longer convinced that even that is enough when the relationship is not even close to symmetric. Network effects, psychological manipulation via ads, sunk cost fallacies, bait and switch etc. all mean that companies have so many options to pressure users to agree to terms that they don't really want to. Yes, if everyone acted rationally that wouldn't work. But people are not rational beings. And you certainly don't can't make others whose choices influency you act rationally.
So ultimately when it comes to company-user relationships nothing short of making some rights including privacy inalienable will prevent this shit. That's why we need laws like the GDPR and similar ones in other regions. Because corporations have shown again and again that if there is a profit to be made of abusing users they will find a way to get away with it.
Nobody does, that's why you can claim you didn't know. The law has to respect what most of society would do. Famously, hockey teams were held liable for people getting injured by flying pucks, despite each ticket to the game having an agreement that if bought the ticket you accepted the risk. But nobody reads the back of the ticket. In the end the arena put up nets to catch the pucks.
Um. Yes. Technically yes. And in several different ways too. I do not necessarily want to assume what you intended to write here. Would you care to elaborate a little? I was going to open with a history of law and how certain level of distance of court from the mob's wishes is desirable for a societal reason, but I decided against it since I might be assuming what you were trying to say.
Pragmatically speaking, there really isn't much of a disagree. Sure, you can chose to not buy an Apple device, yet then you'll buy an Android device, with its own ToS.
If you didn't know, you can say you didn't know. You're alluding to the fact that no one cares. Even that's hardly fair, as it's near impossible to get a mobile device at the same usability as iPhone or Android without similar tracking involved.
No it isn't, AOSP is open source (it's right in the name) and there are projects like CalyxOS, GrapheneOS, and LineageOS which make it extremely easy for anyone on HN to get away from having Apple or Google on their mobile devices.
No wonder, at work we noticed all of our Macs collected ad personalization data by default. Even when installing from fresh, there was never a prompt asking whether one consents to ad personalization data being collected or not, it was just enabled by default in system settings
Also we are within the EU, IANAL but to me this seems like an obvious violation of GDPR.
There are quite a few advertising and tracking domains you can safely block without any negative impacts to Apple devices. Parsing my logs at NextDNS (nextdns.io), the domains below are the most commonly blocked. It looks like most of the popular blocklists, including the default NextDNS blocklist, already include these domains.
First thought that popped into my head was Zuck in his VR avatar chomping on a tub of virtual popcorn reading this saying, "Send this man a bouquet".
Won't be long before shady lawsuits along similar lines follow. It will soon be more about tapering Apple's ad-network ambitions than genuine concern about user privacy.
But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.” But placing trust in a company on privacy due to the relative lack of financial incentive seems hopelessly naive.