
Why I’m Willing to Pay a Premium for Security, Privacy, and Peace of Mind - codyogden
https://tirania.org/blog/archive/2020/Aug-28.html
======
politelemon
This is an exercise in self-validation because author has invested into an
ecosystem. The examples are cherry picked, and motivations are invented to
justify author's own bias, while ignoring all the evidence that would
discredit the arguments. Notice additionally how the legal 'mitigation' is
assumed to be flawless and can only ever be used against bad actors, it's the
classic cartel defense of "their store their rules". Think _very_ carefully to
when you saw a similar set of behaviors and what impact those had on the
technology ecosystem.

This is a legal between two greedy, monopolistic bullies. It is not necessary
to pick sides, and it baffles me that so many commenters feel the need to do
so. Neither company cares for you; their interests may sometimes _align_ with
yours, and they will exploit whatever means necessary, market whatever
features necessary to focus your attention on those specific attributes. But
make no mistake that their first duty is to their investors.

No dear author, I disagree that you are paying for any of those virtuous
virtues that you tout. You are paying to enable a terrible set of behaviors
which you are unable to forgive in another company, while you advertise your
iBlinders™ to the readers.

~~~
caiobegotti
I think you were a bit unfair because this is Miguel de Icaza, Google him up.
He has probably invested (both in money directly and/or programming hours)
into EVERY ecosystem you can think of in the last 25 years, paid and unpaid
ones.

~~~
orand
Agreed. Coming from Miguel, this has 100x the weight of some random schmoe on
the internet. Tons of respect for what he's done over his career, and his
position on technology and freedom issues.

~~~
craigsmansion
>and his position on technology and freedom issues.

In the linked article he is cheerleading in favour of closed-off platforms,
and promotes ceding control of your software to a third party as a good thing.

But even before this Miguel de Icaza had no integrity left to speak of in my
opinion. Some random schmoe actually would have been more believable.

~~~
spfzero
Well, the alternative we all face is ceding control to many various hidden,
anonymous, and often malicious actors. Thereis a lot at risk: your privacy,
avoidance of falsified information, your possessions. I am all for closing
that off.

~~~
nix23
>Thereis a lot at risk: your privacy, avoidance of falsified information

Like Facebook Google and Amazon?

------
chacham15
I completely understand the argument here, but the problem is that there is no
other option. I think that there is a middle ground here if Apple allowed
users or apps (i.e. a secondary app store) to install other apps without going
through the Apple app store. If you want to stay in Apples walled-garden you
have that choice, otherwise, install your own apps.

There are arguments about how well this works in the Android ecosystem, but I
think that simply having the ability to do it, even if inconvenient is a world
of difference than being beholden to a single entity. Imagine if Windows only
allowed you to install apps from its app store. You could make all the same
arguments that it should be able to do this just as you would for the Apple
store.

~~~
mbreese
_> If you want to stay in Apples walled-garden you have that choice,
otherwise, install your own apps._

That’s not the only option here — you could also just use an Android phone to
begin with.

I’m a happy iPhone user and the fact that it _is_ a closed ecosystem is part
of the reason why... I’m happy to pay that premium (both in cost and
flexibility). I don’t want my phone crashing because some developer pushed out
a buggy update and they didn’t want to pay the iOS developer fee.

~~~
emsy
You can be perfectly happy so long as the app you rely on is available. If
Apple decides to axe it ( _cough_ Hey _cough_ ) you and the developer are at
their mercy. It doesn't matter that you could've bought an Android to begin
with. The rules are changing while you're holding onto a device and that
should not be possible.

~~~
mbreese
I like to play Fortnite with my kids. I hook up an Xbox controller and play on
my iPad Pro. One kid is on a Switch, the other on an Xbox. As of yesterday, I
can’t play with them. I very much miss that experience.

However, I still support Apple’s decision to pull them from the App Store.
Why? Because I don’t want there to be another mechanism for in-app purchases
on iOS that isn’t subject to parental controls. I love my kids, but there is
no way that they should be able to buy anything from an App that I haven’t
approved.

Note: I’m _sure_ this would never happen with my kids as they know better and
we’ve discussed the perils of in-app purchases and avoiding installing games
they see in ads. But their accounts are locked down, just the same.

~~~
emsy
I absolutely agree with Apple's decision to pull the app. However I don't
agree that you should be forced to use the App store. If Epic had the choice
maybe parents wouldn't let their children play because of the lack of parental
control. That would be a good thing, since that's actually market competition
at work. As it is now, Epic's model isn't even allowed to fail.

------
codetrotter
> Since apps run under a “sandbox” that limits what they can do, you do not
> need to reinstall your iPhone from scratch every few months because things
> no longer work.

One thing I really wish, is that this would apply to all apps that ship with
iOS as well. That you’d be able to remove any application from your phone and
reinstall it, including things like Camera, Notes, Messages, Calendar, Wallet,
etc, etc. I realize that this is probably not feasible, because these included
apps might be integrating with the system in a deep way. But it’d be really
nice if it was possible. As it stands, Photos on my phone is consuming a lot
of storage space from photos that were removed months ago. The only path
forward in order to reclaim my storage is to do a factory reset – I just
haven’t gotten around to it yet because I have some device-only data that I
need to save elsewhere first.

And furthermore, in this way, if I could replace some of the built-in apps
along with their integrations, with custom alternate apps of my own. But this
I think will never happen. Still, it is the one thing I wish iOS supported. So
that I could for example use a custom camera app directly from the lock-screen
instead of only being able to use the built-in camera app from there.

~~~
scarface74
Apps that you can remove.

[https://support.apple.com/en-us/HT208094](https://support.apple.com/en-
us/HT208094)

------
caiobegotti
I totally agree with Icaza's points and they are the reason I'm still an Apple
happy customer but there's another side to this that of all the players that
could fight Apple it just happened that Epic was the first one to gather
momentum (and have the actual balls). What I am saying is that it's a bullies
fight and just because the one pointing fingers is an old dirty bully at the
school yard we can't ignore the uncompetitive bully Apple is right now. It's
easy to forget this after all the arguments of the article.

~~~
bilal4hmed
very true and this scenario can play out like this, when Google is broken up
and we are left with only Apple for mobile solution, what do you think Apple
will do then if not checked right now ? If we are looking at a future of Apple
only mobile phones then it is good to check em.

~~~
Jtsummers
What reasonable scenarios do you see that would lead to a world where only
Apple made smartphones?

~~~
bilal4hmed
Google being broken up

~~~
Jtsummers
So if Google broke up (and you give this a high probability of occurring?) you
think every smartphone manufacturer besides Apple would fold?

~~~
bilal4hmed
yeah because you lose Google Maps, Gmail etc etc....all the other services
that make Android. Without that all those other manufacturers are making
bricks.

Google is facing anti-trust with the DOJ looking to split them up, so its a
very certain future.

That future is already there with tablets and smartwatches

~~~
Jtsummers
Ok, so in your scenario it’s not a break up. But a nuclear strike. Everything
Google has ceases to exist if this happens and no one else steps up to take
over or fill the gaps?

There are no other email providers? There are no other map providers?

~~~
bilal4hmed
email sure, who else other than Apple maps comes close to Google Maps ?

~~~
Jtsummers
Maybe Open Street Map? But if your fear is that Android would die without
Google Maps I’m reasonably confident a replacement could be found that isn’t
an Apple hardware device.

The same is true for the other services that Google provides.

------
Veserv
Non-quantitative security arguments are nonsense and really need to stop.

"Consider the iPhone. The hardware, operating system, and applications were
designed with everything a security professional loves in mind. Even so,
modern systems are too large and too complex to be bullet-proof."

That statement, and many others like it in the article, leads you to believe
that the systems are good, but provides no actionable information other than a
hedge saying that the system is imperfect. How imperfect is it? What is a
viable threat? What quantitative effect do the mitigations have? Without this
type of information it is just parroting content-free marketing speak.

Here is actionable information. Bug bounties correlate strongly to the cost of
discovery for a class of attack. Therefore, Apple thinks it takes less than
$1M to create a remote no-install zero-click kernel arbitrary code execution
[1]. If you need one click, then $250K. If you need an install, then $150K.
Given the nature of software, after such an attack is discovered it can be
deployed in bulk with minimal extra effort, so you really need to divide the
cost over the number of targets that can feasibly be attacked to evaluate the
"marginal cost per attack". How widely you think a remote no-install zero-
click attack can be distributed will tell you what that number is.

To provide an example of such an attack here is a post-mortem done by Google
Project Zero of 5 exploit chains being exploited for 2.5 years before
discovery [2]. They mention that the sites received thousands of visitors per
week, so a conservative estimate would be 130k visitors/5 exploits for an
average of 26k targets per exploit. Assuming this falls under the first
category of attack, that means the marginal cost to fully compromise an iPhone
is ~$40.

So, the total effect of every mitigation they do is raising the cost of
exploiting to $40/iPhone which is not secure by any objective metric.

[1] [https://developer.apple.com/security-
bounty/](https://developer.apple.com/security-bounty/)

[2] [https://googleprojectzero.blogspot.com/2019/08/a-very-
deep-d...](https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-
into-ios-exploit.html)

------
lapcatsoftware
"In the battle over the security and privacy of my phone, I am happy to pay a
premium knowing that my information is safe and sound, and that it is not
going to be sold to the highest bidder."

Meanwhile, "Secret Service Bought Phone Location Data from Apps, Contract
Confirms". [https://www.vice.com/en_us/article/jgxk3g/secret-service-
pho...](https://www.vice.com/en_us/article/jgxk3g/secret-service-phone-
location-data-babel-street)

~~~
dredmorbius
Um, that would tend to support de Icaza's argument, no?

The app in question would presumably be denied by Apple.

~~~
lapcatsoftware
> The app in question would presumably be denied by Apple.

Why would you presume that? How would Apple even know?

Many popular apps collect location data, and this is allowed on iOS. Once the
location data has left the device and been transmitted to 3rd party services,
Apple has no control or knowledge of what happens to the data.

------
emsy
This article does not answer the question how Apple‘s privacy and security
model would be impacted by 3rd party stores. In fact, there already have been
3rd party stores with business certificates and you can sideload without a
developer subscription, although the app will stop working after a week. None
of this has impacted the App Store model so far. I have yet to hear a good
argument that this will be the case.

~~~
abc-xyz
Because most people are not tech-savvy and will accidentally end up installing
malware and whatnot?

I’ve had to help factory reset quite a few Android phones because they were
being spammed with sex ads notifications and the search engine was being
hijacked (wouldn’t be surprised if they had also been infected with keyloggers
and secretly uploading photos and such).

~~~
emsy
As I said these issue already exists with sideloading and private App Stores.
Some of those issues are alleviated with the OS model, which simply doesn't
allow to change the search engine and install keyloggers. If someone chooses
to leave the App Store and be vulnerable to issues such as sex ad
notifications and secretly uploading photos the issue should be how it's
communicated. I haven't used an Android device in a while, but the last time I
used one it was a simple dialog and you could install whatever you like. On
the Mac you have to open the settings and permit every unsigned application if
gatekeeper is active. Something like this seems like a reasonable solution.

------
sbazerque
That's fine, Miguel. But it should be a choice. Apple's market share is large
enough to have them forcibly unbundle their app store and OS businesses (like
Microsoft and IE in the precambric era).

~~~
Jtsummers
Is your position (that they should unbundle the App Store and OS) based on
their market share or actual principles?

As in, do you think that console platforms should also unbundle those things
to make it easier (or possible in some cases) to run separate app stores
and/or apps on them?

Because, and maybe this is just me, I really don’t see what market share
matters here. Certainly not as a comparison to MS of the 90s.

~~~
8note
I see an obvious benefit to having unbundled console stores -- if I could buy
the game from steam, I could run the same game on whatever console I have

Then. They'd have to compete on the quality of the console itself, rather than
exclusives or moats based on sunk costs in owning copies of games

------
boogies
This article seems to simply use “iOS shouldn’t be Windows” as a strawman for
“iOS must be iOS.” GNU/Linux doesn’t have the garden walls of iOS and yet I
somehow don’t feel any need for an antivirus or any of the other Windows
problems this blog seems to be erroneously alleging are inherent to freedom-
respecting OSs.

~~~
abc-xyz
Perhaps because targeting Linux users isn’t worth the trouble? It would be
trivial to implement malware on Linux (e.g. here’s Valve accidentally deleting
people’s home directory [https://github.com/valvesoftware/steam-for-
linux/issues/3671](https://github.com/valvesoftware/steam-for-
linux/issues/3671)).

Windows, and increasingly Android, suffers from viruses because they’re
valuable targets. If Apple made it possible to install apps from third-party
stores or websites then they’d similarly suffer.

------
kml
The problem with his argument is that his premise just isn't true. TikTok is
still able to spy on the user, so we are not much safer in an Apple world.

~~~
olliej
Yes, and Apple considers any ability for any app to do that to be a security
flaw that needs to be fixed.

Why shit like this hasn’t gotten apps pulled annoys me :-/

------
orand
If you don't know who Miguel de Icaza is, read this first.
[https://en.wikipedia.org/wiki/Miguel_de_Icaza](https://en.wikipedia.org/wiki/Miguel_de_Icaza)

It will put his thoughts (and those of uninformed commenters) in a very
different perspective.

~~~
alynn
Thank you so much for posting this link. I already knew he’d written Mono, the
open-source implementation of .Net, but am now in awe at seeing his many other
accomplishments, such as starting the GNOME project and making major
contributions to initial RAID and Sparc support in Linux.

Thanks Miguel!

------
justizin
Great, but this really doesn't anything to do with the conflict.

As a parent concerned with his children being coerced into in-app payments
likely tied to his credit card, he gets utility out of Apple being the go-
between, even though .. he pretty much complains that he wants it to be more
stringent, so they aren't really delivering the utility he wants for that 30%.

As an adult, if I want to put my own credit card into a vendor's website, what
utility is Apple providing except for slight convenience? I don't even keep my
credit card attached to my Apple ID because I don't like how they batch
payments and always seem to want to pull one 3 days before payday. I go onto
Amazon or other sites and buy digital gift cards which I preload into my Apple
ID.

And for this _extreme_ inconvenience, I pay a 30% premium. Funk Dat.

BTW, because someone will come here and say, "Why in the world would you do
such a convoluted thing?", an apple payments support tech suggested it to me.
In fact they outright recommended against anyone attaching a payment method,
ever.

------
k__
Apples rules are arbitrary and protect nobody, probably don't even Apple
itself.

------
qwert12345887
Please Apple continue on this this path and force every bit of tracking to be
opt in through very annoying popups and hopefully decimate the whole targeted
advertising segment and this greed of extracting as much data as possible from
devices.

------
chj
It is amazing that while Americans are trusted to hold guns, they can't be
trusted to run apps. Isn't pulling triggers much more dangerous than clicking
on OK buttons?

------
r2b2
This is why I started building my latest project.[1] I want better privacy
from all digital services (that use my personal email for logging in), and
better security for my inbox (eliminating spam, phishing attempts, malware).

A world where digital advertising fades away, and security and privacy are
always prioritized, can't come fast enough.

[1] [https://owlmail.io](https://owlmail.io)

------
goerz
I would and do pay a premium for all of those things too, but that doesn’t
mean I’m ok with not being able to buy books directly in the Kindle app, or
genuine (sandboxed) terminal emulators not being allowed on iOS for arbitrary
reasons. Several of Apple’s policies around the App Store are user hostile and
prevent innovation, and have nothing to do with security or privacy.

------
Jonnax
Personally I understand the arguments of Apple's ecosystem being locked down.

But I think Apple and Google both have a significant revenue stream from world
society as most people use smart phones.

Like AT&T and RCA of days gone by they need to have their free money spout
regulated.

They've clearly made billions but that 30% cut needs to go down. At least
that's what I see as a solution.

Something like 7 to 10%. Thoughts?

~~~
CraigJPerry
I don’t think we should get to tell Apple what the % is, they’re a private
company.

However, i am ok with adjusting the amount we charge them for use of public
services - their reliance on the rule of law, that we’re not at war etc. etc.
becomes more valuable in absolute terms to a company, the more payments it
accepts within a jurisdiction.

I think it’s totally fair to invoice for govt services based on the value of
them to the company.

To be clear this would not be like taxes on profits, i’m proposing an invoice
against receipts.

~~~
mbreese
That would introduce a level of red-tape that would make any bureaucrat faint.
Can you imagine billing any company for the cost of government services
directly? Billing for the “rule-of-law”? That would be a completely unworkable
system.

Plus, if you did this, what would stop the company from increasing their
percentage in order to pay for your new taxes?

But what you’re describing is the logic behind a progressive income tax. The
more money you make — the more important the system (rule of law, security,
etc) becomes to you, so the more you should pay. At least, that’s the
theory...

~~~
CraigJPerry
>> That would introduce a level of red-tape

    
    
        Jurisdiction X hereby decrees the tariffs for tax year 20/21 as:
    
        Receipts not more than $X = tariff of $Y
        Receip...
    
    ?

------
coronadisaster
Too bad he gobbles up Apple's speech... he should know by now that actions
speak loader then words.

------
m0zg
Author works for Microsoft: company which ships un-removable spyware in their
flagship product (Windows).

~~~
Hnrobert42
Do you have thoughts on the merits of his argument or only ad hominem attacks?

~~~
m0zg
I prefer not to argue with hypocrites - it's a fruitless endeavor 100% of the
time.

------
olliej
Given people like pointing out that consoles lose money on each sale, I wonder
what the profit margin of an iOS device is over the average supported life
time?

Major Android vendors selling at similar prices to Apple, who don’t even have
to pay for OS development seem unable to afford to provide support for 6
months, let alone The 5 years Apple supports a device.

What is the margin after 5 years of support?

Who is paying to provide that support, if not the companies that are
benefiting from the platform, and that platform’s longterm support and
consistency?

------
bluecalm
It's the developer who pays, not the user. The price is set according to
demand. If Apple takes 30% from that or not doesn't influence what price you
can set because it doesn't influence what people are willing to pay.

The author is not paying any premiums. He is happy that the developers pay
them for him and he doesn't care at all that the creators now make 30% less
and have no way to go around that system.

~~~
aftergibson
Surely the developers charge more and in the end it’s the users that pay more?

I mean that’s literally what Epic was doing.

~~~
bluecalm
No, not surely. This is basic economics. The price isn't influenced by what it
costs to produce. The price is set according to what users are willing to pay.
What users are willing to pay is influenced by how much money they think it's
worth, how much money they have and how costly other options are.

In case of Fortnite there is no competition (no one else can offer that game
and there isn't really any similar option) so additional money comes purely
from developer's pocket. Sure, they could have been charging more to make a
point or because they think iOS users are willing to pay more in general but
the users don't really care where 30% of the price goes to. It doesn't
influence their buying decisions at all.

