
Apple’s approach to privacy - braythwayt
http://www.apple.com/privacy/
======
Tangokat
Apple is in a good position in the market to do this, but it is just really
hard to trust any US company. They say they will never give anyone access to
their servers but how can they make that promise when they don't make the
laws?

As an aside I am finding it really difficult to delete my iCloud account, in
fact it seems that is impossible.

~~~
Bud
Changes in laws cannot provide access to data that was never gathered and
stored in the first place.

Similarly, laws cannot force a company to divulge encrypted data if the
company does not hold the encryption keys.

So as long as you trust the company, the country it's in is not relevant, at
least for the situations outlined above.

~~~
treerock
> Changes in laws cannot provide access to data that was never gathered and
> stored in the first place.

Laws can and have been written that require companies to gather data.

> Similarly, laws cannot force a company to divulge encrypted data if the
> company does not hold the encryption keys.

Laws can and have been written that require companies to use weaker or broken
encryption.

~~~
spott
>Laws can and have been written that require companies to use weaker or broken
encryption.

Source? Example? I don't know an example of this. (At least in the US)

~~~
zerohm
I would also consider the NSA meddling with Bitlocker and RSA behind the
curtain to be conceptually equivalent.

[https://www.schneier.com/blog/archives/2015/03/can_the_nsa_b...](https://www.schneier.com/blog/archives/2015/03/can_the_nsa_bre_1.html)

[http://gizmodo.com/nsa-paid-security-firm-10-million-
bribe-t...](http://gizmodo.com/nsa-paid-security-firm-10-million-bribe-to-
keep-encryp-1487442397)

~~~
MichaelGG
That's saying that agencies can break TPM chips and get Bitlocker keys. Which
is obviously true, as even a private individual has done so to a TPM.

------
subliminalpanda
I was reading their guidelines for law enforcement requests:
[https://www.apple.com/privacy/docs/emeia_le_guidelines_final...](https://www.apple.com/privacy/docs/emeia_le_guidelines_final_20150916.pdf)

Interesting note: "P. FaceTime FaceTime communications are end-to-end
encrypted and Apple has no way to decrypt FaceTime data when it is in transit
between devices. Apple cannot intercept FaceTime communications. Apple has
FaceTime call invitation logs when a FaceTime call invitation is initiated.
These logs do not indicate that any communication between users actually took
place. Apple has no information as to whether the FaceTime call was
successfully established or duration of a FaceTime call. FaceTime call
invitation logs are retained up to 30 days. FaceTime call invitation logs are
available only following receipt of a legally valid request"

iMessage is not mentioned. Does this mean they are capable of intercepting
iMessage?

edit: in the FAQ it says "Can Apple intercept users’ communications pursuant
to a Wiretap Order? Apple can intercept users’ email communications, upon
receipt of a valid Wiretap Order. Apple cannot intercept users’ iMessage or
FaceTime communications as these communications are end-to-end encrypted."

~~~
Jerry2
>Does this mean they are capable of intercepting iMessage?

You know what the best way is to see who cooperates with law enforcement and
to what level? Court documents!

I've been trawling court documents for the past few months (I'm writing a blog
article on this) and I'm yet to find iMessage being used in court (unless the
access to the conversation was given by one of the parties). iMessage really
does seem secure from legal system point of view.

For a comparison, I've found dozens of court documents from Google, Facebook,
Microsoft handing over chat logs from Hangouts, Whatsapp/FBMessenger, Skype.

Anyway, if you want to see the level of cooperation and want to double-check
privacy policies, actual court documents are the best way.

~~~
cryptophreak
“Parallel construction is a law enforcement process of building a parallel -
or separate - evidentiary basis for a criminal investigation in order to
conceal how the investigation actually began.”

[https://en.wikipedia.org/wiki/Parallel_construction](https://en.wikipedia.org/wiki/Parallel_construction)

~~~
frandroid
Police use parallel construction when they don't want to reveal their methods.
I seriously doubt law enforcement would engage in parallel construction if it
had access to iMessage but Apple asked it to.

~~~
MacsHeadroom
> I seriously doubt law enforcement would engage in parallel construction if
> it had access to iMessage but Apple asked it to.

Why? They've been using parallel construction to avoid violating NDAs and
giving up their capabilities for years. [http://www.wired.com/2014/03/harris-
stingray-nda/](http://www.wired.com/2014/03/harris-stingray-nda/)

~~~
frandroid
That's exactly the case I was thinking about with my comment

1) Police don't care that APPLE doesn't want to reveal its methods, and 2)
Unlike the Stingray, it wouldn't be illegal for them to use iMessage evidence
in court if Apple provided it to them (especially with the use of a warrant!)

~~~
haldean
I think it's more about the police not wanting the public to know that
iMessage is owned; having trusted-but-broken communication services is a
serious advantage for them.

------
tedd4u
Apple says "Less than 0.00673% of customers have been affected by government
information requests." That's approximately 1 out of every 14,000 -- seems
like a lot to me!

~~~
mikro
It also says that 94% of requests are "Device requests - Law enforcement
seeking a stolen device."

~~~
smackfu
The trick is telling the difference between that and: "Device requests - Law
enforcement seeking a device they claim is stolen."

~~~
jfoutz
well, put a number on it. Of the "Device request" class, clearly at least
_some_ of them really are stolen. So that can't be zero. In fact, I'd bet the
vast majority of those claims are indeed stolen phones.

I'll give you P(spy) = .01, which feels plausible, around 140 incidents, but
we have zero evidence. For something like P(spy) = .1, 1400 requests, I'd want
more evidence. It dosn't need to be particularly good evidence, because i
don't hold the NSA side to be particularly good.

But, you know, still more than vague comments about the state oppressing a
vast number of people with undocumented shady tactics. They've been proven to
use undocumented shady tactics in the past, but they also seem pretty bad at
keeping that stuff secret for long.

------
knd775
I guess I should have expected a number this high, but I didn't. 750-999
national security requests in half a year? Not warrants, but national security
requests. That just seems insane to me.

~~~
themartorana
When national security requests come with built-in gag orders, little-to-no
oversight, and are probably easier to issue/get than warrants (no pesky judges
or explaining to do) why would one ever use a warrant again?

~~~
jsprogrammer
Low-level enforcers don't have easy access to such orders.

~~~
themartorana
We don't know that. We do know that the FBI, NSA, and other federal agencies
are overly anxious to support local law enforcement - by providing wartime
hardware and weapons, as well as support in spying. We know local police
patrols use Stingray devices, disrupting cell service and sweeping up private
communications without a warrant - that's just a single instance.

We have no idea how easy it is for local law enforcement to pick up the phone
and request "support" by having a NSL issued.

~~~
jsprogrammer
One could infer how difficult it would be to maintain secrecy as the number of
privileged enforcers expands. The longer that secrecy is maintained, the less
access probably exists to the privilege.

I'm comfortable assuming that my local beat officer probably can't signal to
his superior to pull an NSL on me and start reading every piece of data my
devices are streaming over TLS.

------
polysome
[https://commons.wikimedia.org/wiki/File:Prism_slide_5.jpg](https://commons.wikimedia.org/wiki/File:Prism_slide_5.jpg)

[https://commons.wikimedia.org/wiki/File:PRISM_Collection_Det...](https://commons.wikimedia.org/wiki/File:PRISM_Collection_Details.jpg)

~~~
tomschlick
Does anyone else have the suspicion that Prism was named prism because instead
of getting companies to co-operate with the program they were siphoning off
data like they did to google by tapping their fiber lines?

That would fit more in line with what we have heard about the tapping
stations/rooms at AT&T/Verizon over the years.

I mean if they were really involved with back dooring the individual servers
of google/apple/facebook that would involve hundreds of employees at each
company to make that happen. Someone would have spoken out by now with some
evidence to prove it.

To my knowledge that hasn't happened. Just this shitty looking powerpoint
outlining when the data was starting to come in...

~~~
bduerst
Wouldn't HTTPs prevent that?

~~~
tomschlick
Yes, but according to google they were tapping the "dark fiber" (private lines
only carrying google traffic) that were not encrypted between their data
centers.

Those lines were for things like data replication so it was a goldmine for the
NSA to tap. Those transmissions have since been encrypted.

------
erostrate
I don't know if Apple actually means that, but the EFF gives Apple 5 stars out
of 5 when assessing which companies protect their customers from government
data requests: [https://www.eff.org/who-has-your-back-government-data-
reques...](https://www.eff.org/who-has-your-back-government-data-
requests-2015)

------
verusfossa
I'm just going to leave this here

[https://www.youbetrayedus.org](https://www.youbetrayedus.org)

~~~
mahyarm
This website is about the CISA bill and says:

Apple, Microsoft, Adobe, Symantec, and a handful of other tech companies just
began publicly lobbying Congress to pass Cyber Threat Information Sharing
legislation, like CISA, a bill that would give corporations total legal
immunity when they share private user data with the government and with each
other. Many of these companies have previously claimed to fight for their
users' privacy rights, but by supporting this type of legislation, they've
made it clear that they've abandoned that position, and are willing to
endanger their users' security and civil rights in exchange for government
handouts and protection.

------
diafygi
> _Apple has never worked with any government agency from any country to
> create a “backdoor” in any of our products or services. We have also never
> allowed any government access to our servers. And we never will._

Did Apple ever provide any insight into what access the Prism program had?
They denied knowing about it[1], so either they are lying or it was a mole.
Did they ever follow up with an investigation or conclusion as to what exactly
the government had access to?

[1]: [https://www.apple.com/apples-commitment-to-customer-
privacy/](https://www.apple.com/apples-commitment-to-customer-privacy/)

~~~
snowwrestler
Prism in general was mischaracterized by the early reports. It was first
reported as a persistent backdoor into servers, but it was actually just a way
for NSA to automate requests for information through the FBI. This was
detailed in later reports.

Edit: for those skeptical about my comment above, here is more detail from a
discussion about a year ago:

[https://news.ycombinator.com/item?id=8333844](https://news.ycombinator.com/item?id=8333844)

~~~
TazeTSchnitzel
Ah, so then Apple wouldn't be lying if they said they hadn't allowed access to
their servers, even under a broad interpretation.

------
0x0
It's a shame the options to disable sending your local spotlight queries to
bing and apple are hidden away in a huge list of other apps. I wish they had
one giant button for disabling all remote queries instead of 4-5 options
spread throughout different settings sub-pages.

~~~
acqq
I still don't know which setting actually disables that.

~~~
coldtea
It's half a google away.

[https://www.google.com/search?q=disable+spotlight+queries+se...](https://www.google.com/search?q=disable+spotlight+queries+send+to+bing&oq=disable+spotlight+queries+send+to+bing&aqs=chrome..69i57.9678j0j7&sourceid=chrome&es_sm=119&ie=UTF-8)

~~~
0x0
Doesn't really address iOS 9 which changed things around a bit, and to even
find anything about iOS at all you have to start looking at the 4th or 5th
result on some random domain. And - even then - there are multiple odd places
in the settings you need to check and verify, some of which are hidden in a
long list of other apps.

~~~
joosters
It's detailed in the help page, the link to which is on the same settings
screen that contains the switches to turn off.

Likewise on MacOS, there's a 'About Spotlight Suggestions & Privacy' button on
the Spotlight settings page. Again, it's on the same screen that contains the
switches to turn off the feature.

You don't need internet access to find these options, and I can't think of a
better place to put the help. Knowing that these options exist in the first
place is another problem though...

~~~
0x0
In iOS9, there's at least "Siri Suggestions" at the top, then intermixed with
all your apps there's "Bing Suggestions" and "Spotlight Suggestions", then
there's a "Suggested Apps" in the separate "Handoff & Suggested Apps" settings
screen, then there is "Suggested Apps" in the "App and iTunes Store" settings
screen, then there is "Safari Suggestions" and "Search Engine Suggestions" in
the "Safari" settings screen. I have no idea what half of these actually do
though. Very confusing.

~~~
joosters
Confusing, definitely. But in the context of your initial question, bringing
up the Siri settings seems a little strange. By definition, if you are using
Siri, you are using a remote query... Likewise, if you have hand-off enabled,
it's going to be talking over the internet, how else can it work?

~~~
0x0
Handoff should work with just local bluetooth.

And "Siri suggestions" appears on the spotlight search screen to the left /
when dragging downwards, so it is not at all obvious what the difference
between "siri" and "spotlight" is. Yes, even when I want to do a local
spotlight search.

------
happywolf
I use Apple products, including the MBP on which I am typing this post. I paid
big bucks and my expectation is Apple should respect my privacy. Services like
Google I use them for free, and as such, monetization is fair. Not for Apple,
and I hope it won't let me down.

~~~
devcpp
Or you could use free software, and stop hoping for people around you to be
honest.

~~~
mrmondo
Free != open source

~~~
dandelion_lover
[https://www.gnu.org/philosophy/free-
sw.html](https://www.gnu.org/philosophy/free-sw.html)

------
6stringmerc
_We’re going to make sure you get updates here about privacy at Apple at least
once a year and whenever there are significant changes to our policies._

Translation: We set up this page to reference for the inevitable future
articles and critcisms of our policies.

Not saying it's a bad idea, but it's very lawerly to me. Like this one:

 _We don’t build a profile based on your email content or web browsing habits
to sell to advertisers. We don’t “monetize” the information you store on your
iPhone or in iCloud._

That makes sense, and I figure it's a true statement as written. But, bear
with me here, I feel like it could still also be true they build a profile
based on X, Y, or Z for internal use by Apple in the name of "making services
better" as it were.

What I'd like to see at the bottom of the letter - and don't see even after
clicking through a couple of the links - is a link to review all stored
content by Apple in a nice, clean two-factor authenticated dashboard, and
settings for all devices to be managed in one central location. That would be
rather helpful to individuals...a big gesture of that buzzword "transparency"
and all that! Yet I highly doubt such a portal / review capability would be
implemented by Apple without much metaphorical kicking and screaming.

~~~
popctrl
I was going to suggest that this page was meant to serve as a warrant canary
but it looks like Apple had a warrant canary but it's gone now (Explanation of
a warrant canary for the uninitiated in link):
[http://apple.slashdot.org/story/14/09/18/2216222/apples-
warr...](http://apple.slashdot.org/story/14/09/18/2216222/apples-warrant-
canary-has-died)

------
staunch
If it wasn't for Tim Cook this would be considered an insanely radical view by
most people. Thank you Tim!

------
cryoshon
Remember this: [http://www.theguardian.com/technology/2011/apr/20/iphone-
tra...](http://www.theguardian.com/technology/2011/apr/20/iphone-tracking-
prompts-privacy-fears) in which the location history of users was tracked and
offloaded to the user's PC when synched? I get that the "problem" was
allegedly fixed, but there's absolutely zero reason to trust anything Apple
says here. The potential of getting hit with National Security Letters with
built in gag orders invalidates any conception of trust between users and
groups that handle their data.

There could also be hardware or software backdoors/exploits that Apple has no
clue about-- I would say almost certainly, given how inventive the NSA has
been with both of those angles.

------
trevyn
"We have also never allowed any government access to our servers. And we never
will."

That's a pretty bold statement.

~~~
Dirlewanger
That's because it's a lie. It's like the lawyers (and everyone else here)
forgot the Snowden leaks occurred.

~~~
nemothekid
I'm still confused if the Snowden leaks meant that the NSA was cooperating
with the companies listed, or had developed backdoors with the companies
listed.

There were Google security engineers that seemed to be in the dark about the
level of NSA engagement.

[https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG](https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG)

------
m4110c
Dubious, given Apple's support of CISA.

------
rufugee
As a long time Linux user and a long time Google product user, I'd be willing
to go all in on Apple if:

    
    
      * They were truly, actively committed to defending a user's privacy.
    
      * They allowed using your own domains (I currently have around 30 domains pointed to the same GMail account). 
    

If both of the above were true, I'd ditch my Cyanogenmod-running HTC One M8
and buy an iPhone today. My privacy is worth more to me than the ability to
install whatever music player, keyboard, etc that I want or drop to a command
line (though I do love having that ability and would miss it).

~~~
nemoniac
Nope. Just nope. I'll stick with choice _and_ privacy over promises of privacy
by a for-profit.

~~~
rufugee
You really think you get privacy with Android? Have you ever monitored
outbound connections on your device? There's a LOT of activity there. Even
with Cyanogenmod's Privacy Guard, which at least improves the Android
permissions debacle.

Combine that with GMail. I _pay_ for the business version, yet the privacy
policy is still hard to understand and I still get suspicious ads popping up
which seem to have come from no where else but my email. Could be wrong, but
it's uncanny.

I have a hard time trusting Google.

------
teekert
Nice but recently I was asked to enter the admin password of my MBP into a
webform at an Apple reseller, it was a requirement for getting the GPU
repaired (as part of a recall.) Isn't that very strange?

~~~
jws
You don't have to. It just lets them better test and repair your device. If
something is gorked up in your system files they can fix it using an admin
account. I just dropped two laptops for repairs and didn't know an admin
password on one. It wasn't a problem, though I suppose it might be more likely
to come back with a wiped disk.

~~~
teekert
Why can't they just boot of an USB disk for testing?

~~~
jws
They do boot over the network for hardware testing. That doesn't help them if
the problem is in your software install.

------
chmaynard
I'd like to see Apple commit to making Apple Pay available for online
commerce. That would allow Apple to get rid of the hundreds of millions of
credit and debit card numbers they retain in their private servers. If Apple's
card number information ever got hacked, it would be a disaster for Apple and
their customers.

------
ttflee
By 'government', does Apple mean the government of the U.S. or any governments
of nations Apple exports its goods and services to?

I am still skeptical about any company in a hypothetical case where private
information of its customers is sought by governments like China. BTW, I am
living and going to live in China in future.

------
Shivetya
So how will we ever know until it happens if the encryption on Apple devices
is weakened by government demands? I understand they have a posted stance on
privacy and such but the US government has shown it will threaten even those
who divulge requests.

It is to the point I don't upgrade i devices until weeks after just to be
sure.

~~~
harmegido
Isn't that problem solved by the 'canary in the coal mine' ? A company can
have strong privacy language in their documentation. If any or part of that
language disappears suddenly one day, you can know that a government forced
the company to go against this language?

~~~
Fradow
Sadly, Apple isn't on [https://canarywatch.org/](https://canarywatch.org/) Did
I miss another way to know about that information (that does not involve
parsing all Apple documentation by myself).

------
acconsta
Along with iOS ad blocking, this seems like a big shift in Apple's stance
toward Google.

------
miah_
Sorry Tim, you've already lost me as a customer. Next computer I get from work
will be running Linux.

------
notNow
Can we get Apple on board with RWD since they seem are up to their ears with
"protecting" their users' privacy to the point of neglecting this crucial
aspect of modern web design?

------
muddi900
Wasn't the Fappening because of a iCloud hole?

~~~
jbob2000
No, it was because celebrities are normal people and tended to use the same
password for multiple services. One service was compromised, which compromised
every other one because the passwords were the same.

~~~
muddi900
Source? Most of my google has netted the blame on Apple and a conspiracy throy
of this beng a PR scandal.

~~~
josso
Really? It seems to me that most articles conclude that it wasn’t iCloud that
was hacked but the celebrities.

Apple also released a press release[1] saying that they “have discovered that
certain celebrity accounts were compromised by a very targeted attack on user
names, passwords and security questions, a practice that has become all too
common on the Internet. None of the cases we have investigated has resulted
from any breach in any of Apple’s systems including iCloud® or Find my
iPhone.”

[1]: [http://www.apple.com/pr/library/2014/09/02Apple-Media-
Adviso...](http://www.apple.com/pr/library/2014/09/02Apple-Media-
Advisory.html)

~~~
muddi900
What most articles? You are giving me Apple's press release...

The news on it has died down over the past year, with a recent items search
bringing up only links to pron sites hosting the content. This is the best
summary I could find: [https://www.nikcub.com/posts/notes-on-the-celebrity-
data-the...](https://www.nikcub.com/posts/notes-on-the-celebrity-data-theft/)

It clearly shows that iCloud was very susceptible to basic social engineered
attacks. Their statement on the subject is vague and misleading. There was no
breach of iCloud passwords database, but if somebody just "guessed" the
answers to the security questions, that counts as a breach for everybody else.

FBI has made one arrest and the investigation is still on going. We probably
would not know until it's over, but at least one celebrity, Kirsten Dunst
suggested her images were taken from the iCloud:
[https://twitter.com/kirstendunst/status/506553772114317312](https://twitter.com/kirstendunst/status/506553772114317312)

Again, what most articles you have besides Apple's hand waving?

------
chinathrow
To my understanding, an NSL could mean "give me everything you have". And the
NSLs have no disclosed accounts linked to them.

Edit: Why the downvote? If my understanding is false, please indicate so.

~~~
tedunangst
Perhaps you could post the source for your understanding?

------
keejkl
No, I don't trust you. That trust is long gone, you will have a long way to go
to earn it back. These are just words, and they can write whatever they want
since there is no way to validate the claims.

------
mtgx
I'll take them more seriously when they stop voluntarily giving the NSA zero-
day vulnerabilities months before they get fixed, essentially giving them
"temporary backdoors" to their systems.

~~~
donut2d
Source?

~~~
0x0
Stuff like gotofail took a while to get patched (weeks?), and things like
[https://github.com/kpwn/tpwn](https://github.com/kpwn/tpwn) has been around
for a while which is still not patched in any public, non-beta release of OSX.

~~~
donut2d
While it's definitely plausible, and probably likely, I was looking for a
source to the specific statement that Apple is "voluntarily giving the NSA
zero-day vulnerabilities months before they get fixed". Are they giving them
to the NSA? Is this why they're holding out on fixing them? Do we have
evidence that this is their intention?

