
Tim Cook says Facebook's collection of user data 'shouldn't exist' - SirLJ
http://www.businessinsider.com/apple-ceo-tim-cook-on-facebook-cambridge-analytica-scandal-2018-3
======
kerng
It makes a difference having a CEO that is so vocal about this, it changes
what everyone in the org does and sees as "right". It's a good thing.

At Facebook the understanding seems to be more Orwellian community like,
spearheaded by Mark Zuckerberg. They envision and build a future where
everyone is under surveillance at all times - so collecting a bit more doesn't
matter, more to the contrary. Last week there was a story that FB internally
also does surveillance on employees and they know what employee click and
hover over on, and they monitor their messenger conversations. And it's all
okay in their world view. Good to see some balancing conversations.

I believe Apple took even a toll and fell a bit behind the last few years in
regards to eg. Siri as they take personal data more of a liability rather than
an asset. So, much respect from my side to Apple and Tim Cook for this. And
I'm really not much of an Apple fan, but reconsidering with statements like
this one.

~~~
jodrellblank
_the CLOUD Act (S. 2383 and H.R. 4943), a measure pushed by Apple and other
tech industry giants but strongly opposed by privacy advocates._

\- [https://appleinsider.com/articles/18/03/23/apple-
supported-c...](https://appleinsider.com/articles/18/03/23/apple-supported-
cloud-act-passes-congress-will-change-how-governments-share-data)

~~~
yardie
They didn’t push it. They were just glad something was finally in writing. The
alternative was letting the courts and companies battle it out. And all it
takes is one bad precedent to fuck everyone. Laws are malleable, they can be
massaged through the courts and have to be to be renewed. Precedents are much
harder to fix and can only be overturned in a higher court. No one is happy
about this, but they are relieved.

~~~
walterbell
Any examples of the types of cases/precedents they were trying to avoid?

~~~
my123
Microsoft v United States of America about access to data in Ireland for US
authorities

~~~
walterbell
EFF has outlined several problems with the CLOUD act. Will US tech giants
lobby for improvements?

[https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-
ex...](https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-expansion-
police-snooping-cross-border-data)

------
tonyztan
It is worth noting that Tim Cook said this in China, where Apple happily hands
over all user data to the Chinese government.

[http://money.cnn.com/2018/02/28/technology/apple-icloud-
data...](http://money.cnn.com/2018/02/28/technology/apple-icloud-data-
china/index.html)

~~~
wmeredith
You’re editorializing with “happy” and it’s a false narrative. Apple
specifically said they weren’t happy about it and fought against it, but that
the end result was they could either close shop in Chins or comply with the
law so they decided it was better to be there than not.

~~~
smsm42
So they'd defend the privacy as long as it doesn't require any serious effort
from them - like denouncing Zuckerberg - but the moment the interests of their
business and their users contradict, they'd throw the users under the bus.
Understandable position, probably, but not exactly the one that should be a
source of pride.

------
replicatorblog
Apple's business model is unlike Facebook's business model in that it does not
make money from ad targeting.

Facebook's business model is unlike Apple's business model in that it does not
make money from sending 12-year-olds into cobalt mines.

[https://www.amnesty.org/en/latest/news/2017/11/industry-
gian...](https://www.amnesty.org/en/latest/news/2017/11/industry-giants-fail-
to-tackle-child-labour-allegations-in-cobalt-battery-supply-chains/)

~~~
cdmoyer
Huh, I expected much worse than “Earlier this year, Apple became the first
company to publish the names of its cobalt suppliers, and Amnesty’s research
shows it is currently the industry leader when it comes to responsible cobalt
sourcing. Since 2016, Apple has actively engaged with Huayou Cobalt to
identify and address child labour in its supply chain.”

~~~
replicatorblog
Apple became the most valuable company in the world in 2012
([https://www.forbes.com/sites/davidthier/2012/08/20/apple-
bec...](https://www.forbes.com/sites/davidthier/2012/08/20/apple-becomes-the-
most-valuable-company-of-all-time/)) and had been a leader for the better part
of ten years before that.

A recent change in procurement doesn't change the fact that they grew their
business on the backs of teenagers who were sent into unreinforced holes in
the ground to dig while kindergarten age children crushed the ore without the
benefit of any protective gear.

I'm an iPhone user and I understand the world is a messy place. My point is
it's rich of Cook, whose sub-contractor had to install nets outside of windows
to prevent suicides, to lecture Zuckerberg about morals.

At the end of the day, Facebook has built an incredibly powerful adtech
platform. An unpopular person used it to get elected. That's bad. Tim Cook's
career has been spent building workplaces that either crushes spirits, leading
to suicide, or literally crushes bodies in mine collapses.

------
IBM
I hope Apple follows up on this by actually lobbying for a GDPR bill to be
passed in the US.

~~~
IBM
It's funny that this comment has 10 upvotes but fell to the bottom of the
page. No doubt there's a lot of vested interests against privacy legislation.
To the Facebook and Google employees: it's already in the EU, and it's likely
coming to the US in some form. If not at the federal level, certainly at the
state level.

~~~
jaweb
GDPR is a rare area where I see as many positive and negative opinions on it
in communities such as HN. Will be interesting to see how this develops with
further fallout from the Facebook story, and with GDPR actually coming up to
the deadline for implementation in May

------
kendallpark
I think there have been some valid points made in this thread about business
models. Facebook is the least diversified company out of the big five when it
comes to how much of their business model depends on collecting user data (and
how personal that data is). At the same time, Facebook, Amazon, Google, Apple,
and Microsoft weren't just _handed_ their business models. Each company
decided to what (and what not) to pursue, and _how_ they would pursue it. (Can
anyone forget how utterly PUSHY Facebook was at getting people to use
Messenger?)

At the end of the day we all checked off Facebook's EULA and Privacy Policy
box and uploaded thousands of artifacts from our lives onto the platform.
Perhaps it was a bit naive and overly trusting, but it was our decision. This
does not dissolve Facebook of its ethical responsibility to not abuse customer
data, but we, at the same time, shouldn't think that we're handing off our
private data to some benevolent force that's just going to hold onto it
without using it for their own gain.

TBH what disturbs me the most is how much data Facebook has on people's
children. There's going to be an entire generation of people whose conception
to high school graduation has been archived in Facebook servers, without their
consent.

~~~
qwaitwhat
>> TBH what disturbs me the most is how much data Facebook >> has on people's
children. There's going to be an entire >> generation of people whose
conception to high school >> graduation has been archived in Facebook servers,
>> _without their consent_.

I find it unsettling that Facebook has built profiles on kids who can not,
legally, _give_ consent, I mean, _at all_. Facebook probably has a profile on
me (although I have never visited them) because I am active in a community of
heavy smartphone users; but at least I am an adult and you could argue that
people/institutions/organizations that I interact with have kinda given
consent on my behalf (without asking me) by agreeing to these websites' Terms
& Conditions. So for adults, you could say it is "Indirectly Implied Consent".

But how can you apply this argument to kids' profiles collected/built/scraped
without consent?

We have a lot of work to do, as a society. A combination of laws, co-ordinated
across countries, and social shaming perhaps?

~~~
kendallpark
> I find it unsettling that Facebook has built profiles on kids who can not,
> legally, _give_ consent, I mean, at all. Facebook probably has a profile on
> me (although I have never visited them) because I am active in a community
> of heavy smartphone users; but at least I am an adult and you could argue
> that people/institutions/organizations that I interact with have kinda given
> consent on my behalf (without asking me) by agreeing to these websites'
> Terms & Conditions. So for adults, you could say it is "Indirectly Implied
> Consent".

Yeah, this would line up with privacy laws about photography/videography, at
least in the US. Say I'm not a Facebook user, but I go to a party with my
Facebook-using friends. My photo is taken spilling food all over my shirt and
that gets posted to Facebook. My participation in an event that had no
reasonable expectation of privacy means that any photos of me can be legally
taken and posted to Facebook.

> But how can you apply this argument to kids' profiles
> collected/built/scraped without consent?

Well, one of the problems is that as it stands right now, parents/guardians
control that consent. And parents are largely the ones posting pics and FB
statuses about their kids. I think there would have to some kind of laws that
give children rights to a certain degree of privacy outside of their parents'
control.

There was a case in 2016 where an 18 year-old sued her parents to remove 500
of her baby photos from Facebook:

[https://www.usatoday.com/story/news/nation-
now/2016/09/16/18...](https://www.usatoday.com/story/news/nation-
now/2016/09/16/18-year-old-sues-parents-posting-baby-pictures-
facebook/90479402/)

It seems unfortunate to me that she had to wait until she was eighteen in
order to address the issue. A lot of social damage can be done before
eighteen.

------
forapurpose
> "At Apple, we believe privacy is a fundamental human right."

I agree and think Apple promoting and implementing it in their products is
wonderful. But most of the world can't afford Apple products and therefore are
effectively denied this human right.

It would be great if Apple could provide a low-cost line, probably under a
different brand name, that implemented the privacy technologies in otherwise
basic phones, laptops, etc. Or maybe license the privacy tech to someone else
who does that. (I realize it might be much more complicated than what I
describe; for example, the security tech could be too tightly integrated with
the rest of the product. Would they have to license iOS? A stripped down
version?)

I'm not complaining; it's not Apple's job to solve this problem created by
other phone and OS makers. But they could make a big impact and I don't think
it would take sales from Apple products; an otherwise cheap phone with Apple's
boot security subsystem isn't going to compete with an iPhone.

------
darawk
Of course Tim Cook would say that. His business model doesn't depend on it.
When he decides to unwall the iPhone garden, i'll give him the time of day on
issues like this. Until then, he's just looking out for his own interests, as
far as i'm concerned.

~~~
gaius
Apple, Microsoft and Amazon will be perfectly unperturbed when the so-called
“attention economy” goes away. They are real companies offering real goods and
services.

~~~
htormey
I think it will hit them as well, just not to the same extent as Facebook &
Google.

Microsoft owns LinkedIn, which is an advertising company. I also seem to
recall that they make a reasonable chunk of change from search advertising and
other online properties.

According to this link they took in a little over 6 billion in advertising
revenue last year:

[https://www.statista.com/statistics/725388/microsoft-
corpora...](https://www.statista.com/statistics/725388/microsoft-corporation-
ad-revenue/)

According to this link, amazon took in somewhere in the region of 1.7 billion
in revenue from mainly advertising last quarter alone:

[https://www.statista.com/statistics/725388/microsoft-
corpora...](https://www.statista.com/statistics/725388/microsoft-corporation-
ad-revenue/)

~~~
ModernMech
Microsoft for example has several billion dollar businesses aside from
Windows, Office, and enterprise. Their Surface and Xbox hardware, for example,
pulls in that much revenue each. They'll be fine.

------
grzm
Discussion from yesterday (over 20 comments):
[https://news.ycombinator.com/item?id=16667709](https://news.ycombinator.com/item?id=16667709)

------
jacksmith21006
Yet Cook hand over their customers data to the Chineese government?

Not sure people that live in glass houses should throw rocks.

[https://www.amnesty.org/en/latest/news/2018/03/apple-
privacy...](https://www.amnesty.org/en/latest/news/2018/03/apple-privacy-
betrayal-for-chinese-icloud-users/) Campaign targets Apple over privacy
betrayal for Chinese iCloud ...

------
p2t2p
Have they deleted Facebook's Messenger from App Store yet for the way they
bully people into enabling access to contacts? No? They could kindly quit
bullshiting us then.

------
tbyehl
Maybe Tim Cook should put Apple’s money where his mouth is and give us an
alternative social network that respects users’ privacy.

------
dogma1138
With the data Apple collects including via Apple Pay and Health I’m not sure
there is that much difference in all honesty.

What the data is used for is another issue.

~~~
cmelbye
That’s misleading, Apple goes through pains to keep data on the device, or
limit their exposure. They don’t store your transaction history for Apple Pay,
and I believe the same is true for HealthKit. iCloud backups are a glaring
privacy issue but you can also manage your own backups locally.

------
AHMagic
Do you really want to live your days feeling dependent on this sort of
"service"? Do you really want to say, "but I need Facebook!".

In today's age, you need a phone number and e-mail. It's ok - they are
decentralized. Don't let a centralized platform of Facebook's evil nature
become necessary for you to live your life.

Delete and forget it existed. Ignore and move on. Give up the benefits and pay
the cost.

------
macspoofing
Apple's non-investment in cloud is starting to pay off. Hey Tim, how about
letting app developers and browser makers use a non-safari rendering engine on
the iPhone?

~~~
r00fus
Tim has watched _War Games_ apparently.

iCloud exists but facilitates storing only core data and otherwise is a sync
mechanism.

Social aspects of iCloud are what's "missing" so even a large breach wouldn't
result is 100x users being exposed.

The most galling part of the FB failure was that the people breached weren't
the ones who installed the misbehaving app. And society at large paid for it.

~~~
macspoofing
>And society at large paid for it.

What's the cost again? I'm still experiencing cognitive dissonance over the
fact that this is news _here_ on HN. What Facebook was doing was common
knowledge (for the last 8 years?). I assumed all those spammy facebook apps,
like candy crush, had access to the entire social graph of facebook (not just
US) or at least built it up over time. All those stupid "Log in with Facebook"
apps almost always asked for your friend information.

~~~
asadotzler
Did you also assume they were exfiltrating that data and selling/giving it to
third parties? I didn't.

~~~
macspoofing
Whose 'they'? And after all those sketchy apps asking for your friends list
all these years? Yeah. Yeah I did.

------
bobcallme
What about the data that Apple collects in macOS 10.13 users? Anonymous data
collection is not really anonymous. IP addresses and other logs leak lots of
identifiable information even with all of the collection settings toggled off
in various preference panes. It is kind of hypocritical for Tim to criticize a
practice that Apple currently engages in (you can't claim otherwise once you
jump down that rabbit hole).

~~~
millstone
What data collection are you referring to? Apple collects crash log data if
you opt-in, which can contain logs. It also collects "device analytics" using
differential privacy (not containing logs); this is stronger than anonymized
data because it retains some privacy even if it is de-anonymized, and is also
opt-in. Is there another practice I'm not aware of?

~~~
starsinspace
Not OP, but back when Yosemite came out, there was a lot of buzz about privacy
issues, such as:

[https://github.com/fix-macosx/yosemite-phone-home](https://github.com/fix-
macosx/yosemite-phone-home)

[https://arstechnica.com/information-
technology/2014/10/mac-o...](https://arstechnica.com/information-
technology/2014/10/mac-os-x-yosemite-reportedly-leaks-location-search-data/)

Don't know what came out of these things in later OS X versions.

------
daenz
What actually said differs from the headline:

>"The ability of anyone to know what you've been browsing about for years, who
your contacts are, who their contacts are, things you like and dislike and
every intimate detail of your life — from my own point of view it shouldn't
exist."

He said that the ability to _know_ what they've collected about you shouldn't
exist. Very different.

~~~
djrogers
You’re reading that incorrectly, the headline is right.

