
How much does Apple know about me? The answer surprised me - tanu057
https://www.usatoday.com/story/tech/talkingtech/2018/05/04/asked-apple-everything-had-me-heres-what-got/558362002/
======
mmastrac
I have a theory that the only reason Apple is today's beacon of user privacy
is that they couldn't manage to compete in either the ad (iAd), mail (at least
not at G-scale) or social network world (see: Ping).

The only path left for them was to say they were all about user privacy. If
Apple _had_ succeeded wildly in any of those three spaces, I think they'd be
caught up like Google, Facebook et al.

I'm not saying this is a bad thing for the tech ecosystem, but I do think it
was lucky positioning on their part.

Interested to hear opposing opinion on this.

~~~
wil421
Or they realized that hardware and software (App Store) is the better long
term approach. Hardware is what Apple has always been known for and Jobs in
general if you add in Next.

Google and FB sell ads and their products are built around better selling ads.
Privacy is counterintuitive to their business model. Apple and even Microsoft
can and should focus on privacy because their business models won’t be
impacted as much. They can strengthen their relationships with customers who
buy into their ecosystems.

Android is the oddball for google and I don’t know enough to comment about
privacy.

~~~
solarkraft
Google collects tons of data on Android through their Apps (Chrome, Search,
Maps) in connection with Play Services.

That doesn't seem like a less sustainable model, it seems better in the longer
term. As the hardware market is saturating Apple has a harder time selling
newer phones (turn up the marketing machine), but Google can still sell
personalised ads.

------
deaps
_< Your Siri requests —"Show me how to get to PF Chang's," or "What year was
Steve Jobs born?" go back to Apple — but it uses a random identifier to mask
your identity. So a Siri search for the closest Chipotle restaurant will only
tell Apple that a user requested the data, but not associate it with me.>_

I find that comforting. In fact, if I was a large organization and processed a
ton of user data, I'd want to store that data anonymously too, due to the
sheer risk of having that personal data.

~~~
ajmurmann
And then you have users who always go to the same PF Changs but use navigation
in case there is traffic and they should use an alternate route. Your
competitor app will learn this and adapt and yours won't. The average customer
will have no idea you aren't storing their data and likely doesn't even care
while they aren't reading an article about privacy. While I personally wish
everyone were to take your approach is also tying one arm behind your back.

Edit: I once worked with an ex-googler who told me to always store all the
data you have because you never know what you can use it for, you can't get it
back if you change your mind and storage is cheap. Hard to argue with this if
it's "just" about competitive advantage and monetization.

~~~
falcolas
> always store all the data you have [...] storage is cheap.

Here's the flip side: You can't lose data to a breach that you don't store.
You can't have a rogue employee crow on social media about how they have
access to data you don't store. You can't be liable for GDPR violations about
PII you don't store.

Data is certainly an asset, but it's also a huge liability - and laws are
starting to catch up in order to enforce how big of a liability it really is.

~~~
consp
> Here's the flip side: You can't be lose data to a breach that you don't
> store.

That means NO storage, not even "anonymous". (which Apple clearly does)

> You can't have a rogue employee crow on social media about how they have
> access to data you don't store.

Requires NO storage, which they clearly do.

> You can't be liable for GDPR violations about PII you don't store.

If you store it "anonymous" you can, since the only requirement for it is to
be personal data and there is zero change it can't lead to the person and
anyone working with those 'unique' identifiers can tell you they most likely
aren't that anonymous and the data can be used to trace a single person.

~~~
falcolas
> That means NO storage [...]

There's a difference between storing only the data required for conducting
your business, and storing all the data you possibly can for some imaginary
future use. I'm suggesting the former is a better practice.

> If you store it "anonymous" you can

Anonymity via random-but-unique IDs is a tenuous protection at best when
storing everything you possibly can. Take, for example, the fact that with a
gender, a zip code, and a birthday, you can be uniquely identified with around
85% accuracy [0]. None of those are traditionally considered to be PII, and
it's pretty likely that these are the kinds of things stored "anonymously" by
the "store it all for later" kinds of companies.

[0] [https://www.eff.org/deeplinks/2009/09/what-information-
perso...](https://www.eff.org/deeplinks/2009/09/what-information-personally-
identifiable)

------
itsdrewmiller
Clickbait headline - could it get changed to clarify the alleged answer is
“very little”?

~~~
misterbowfinger
Agreed, headline is very clickbait-y, should be changed

------
bpicolo
To be fair, MB of data is kinda a crummy metric because for Facebook that's
primarily photos and videos

------
falcolas
I always question the effectiveness of obfuscating data using "unique
identifiers" against a party determined to de-obfuscate the data. Aside from
that, however, this is an encouraging read.

~~~
psergeant
You may enjoy learning more about Differential Privacy.
[https://machinelearning.apple.com/2017/12/06/learning-
with-p...](https://machinelearning.apple.com/2017/12/06/learning-with-privacy-
at-scale.html)

~~~
ldayley
Some interesting previous discussion regarding the limitations of Apple's
differential privacy can be found here:
[https://news.ycombinator.com/item?id=15224312](https://news.ycombinator.com/item?id=15224312)

------
jacksmith21006
Apple needs to create a dashboard exactly like the Google one.

Their agreement allows them to collect tons of data but there is no
transparency on what they have and no ability to remove or download.

The Google one also has all your devices in one place with what apps and
permissions you have granted. Exactly what I would like for my Apple devices.

~~~
falcolas
Ironically, complying with these asks would require more data to be pushed off
the individual devices.

~~~
ndr
Doesn't that already happen when you upgrade to a new device?

~~~
falcolas
A lot of the data transferred to a new device happens over an encrypted
channel - a channel that Apple has no access to, and thus can't populate on a
dashboard.

------
csomar
Okay, wait. So tech company can store all that data under “xyz anon user” and
then they don’t have any data about you?

~~~
grigjd3
Depends on the data but yes.

------
dwighttk
It would be nice to have more than "Apple also offers data downloads in the
privacy section of its website. It's hard to find..."

I can't find it... I started at icloud.com which sent me to appleid.apple.com
which sent me to apple.com/privacy/ and I never found a data download link.

------
ghosttie
How can it direct you to the nearest Chipotle if it doesn't know where you
are? It must know who you are at least at the time of the query

------
mgliwka
Just pointing out the obvious: Absence of evidence is not evidence of absence.

The only eyeopening part would be the fact, that Apple doesn't store much
about it's users, which isn't verifiable.

Also unique identifiers are not the only way to link data. And due to
differential privacy the guarantees that the data cannot be linked decays over
time (see
[https://news.ycombinator.com/item?id=15224312](https://news.ycombinator.com/item?id=15224312))

~~~
scarface74
The question is motive. Apple's business model isn't predicated on having a
lot of data on you. They have to keep a list of your purchase history for
instance so you can redownload purchases.

Also, why would they risk lying? What's in it for them?

~~~
mgliwka
I'm by no means implying any malfeasance. I fully agree with your thesis about
Apple's business model.

Depending on your threat model in regards to your privacy the assurances made
by Apple may be enough.

To me, it doesn't really matter. As long as I have no proof or control over
how my data is being processed, it's better to just assume the worst case and
practice data minimisation.

------
tinus_hn
This click baity title didn’t come from the article. You’ll never guess what
happens next!

------
lumisota
The title of this article is click-bait, surely? Apple have made much PR out
of their privacy stance. Indeed, the article says: "Apple makes a big deal
about its different approach to privacy on the company website".

How is this eye opening?

~~~
sykh
The eye opening part was how little data there was and the hoops needed to
verify the recipient. This is in comparison to Google and Facebook. Both have
orders of magnitude more data and sent the data with, apparently, little
verification.

~~~
ntsplnkv2
It's not really eye opening considering Apple products cost money. Their
business does not lie upon selling data to advertisers or other entities.

~~~
sykh
But they could collect data and presumably profit more. If they did collect
more data and profited from this data collection would they really lose enough
customers to offset this increase in profit? It seems to me they wouldn’t. I
think they are taking a moral stance on the issue at least for the time being.
This may change in the future.

It is surprising though for the company not to lie about this given the
shenanigans that many large companies engage in.

------
Cenk
Did we really need a photo of the author holding a prinout of the data?

> It kept a copy of every app and song I'd downloaded, every tune I'd added to
> my iTunes music library, and every time I needed repair on a multitude of
> Apple devices going back a decade.

Is this surprising in any way? If you buy something (or "buy" it for free on
the App Store) of course the company you buy it from keeps records of that.

~~~
gumby
> Is this surprising in any way? If you buy something (or "buy" it for free on
> the App Store) of course the company you buy it from keeps records of that.

It need not; for example it doesn't need historical data that have been
superseded; if it no longer has an app available for download it could purge
the fact that you bought it; it could give purchasers an anonymized download
key that their phone could store (or cache in icloud someplace).

~~~
gumby
I'm not complaining per se, but quite puzzled why someone would downvote this
factual comment. Plenty of companies sell you things without maintaining a
record (say, a brick and mortar shoe store) and there's typically little
reason to do it online either.

Yes, I know plenty of online companies _do_ routinely spy on users but I see
no reason to consider this "of course". This is admittedly creeping into
meatspace (there's absolutely no legitimate reason for causing things like
automatic toll tags or driving licenses to supply privacy-busting data to
third parties, but on the other hand plenty of sandwich shops manage to have
"frequent diner" programs that are simply a card the _customer_ carries which
is punched each time a sandwich is purchased. There is no reason why an online
business shouldn't do the same -- and GDPR should drive businesses to do so.
It's in the _customer 's_ interest.

------
IloveHN84
8days= more time to filter user content and claim they have no data about you

