
A message from Tim Cook about Apple’s commitment to your privacy - dombili
http://www.apple.com/privacy/
======
isomorphic
"Our business model is very straightforward: We sell great products. We don’t
build a profile based on your email content or web browsing habits to sell to
advertisers. We don’t “monetize” the information you store on your iPhone or
in iCloud. And we don’t read your email or your messages to get information to
market to you. Our software and services are designed to make our devices
better. Plain and simple."

Shots fired.

(At Google, obviously.)

~~~
pookieinc
Interesting you mark this section of it, this part also stood out to me.

As a longtime Apple iPhone lover, I switched over to Google Nexus 5 around 6-8
months ago and with it, I decided to try and be as open as possible with my
data. This means that I opted into allowing Google to read my mail, save my
Chrome searches (and start using Chrome), saving my notes in Google Keep, and
then regurgitate all that information back to me on my Google dashboard. I
thought to myself: "Once the next iPhone comes, I'll determine if I should go
back."

At first, it was striking that one day I booked a flight and then about two
weeks later, my dashboard mentioned to me that I should leave 40 minutes early
for my flight because of a traffic accident. It knew my flight information,
when I should leave, and routes to the airport. I followed Google's suggestion
and made it to the airport on time, taking an alternate route Google displayed
for me. Once I landed, Google updated my dashboard about the currency
exchange, surrounding events, restaurant reviews, foreign news, and more... it
"knew" I wasn't home anymore, but across the world. It was initially strange,
but with more trips and more experiences, I grew to like that Google could
give me handy data.

Another strange thing, when reading my mail, it would point out words like
"... On Saturday, Sept. 4...", then ask me if I wanted to save it to my
calendar. Small touches like this grew on me and kept my life in sync.

Now, having spent many months with the phone and with the release of iPhone 6,
I've come at a crossroads in trying to find out how "okay" I am with giving
Google my data. I wonder to myself, "how can Google use this data against me"
and come up short. There are things I wish to be private and for those things,
they are rare and I use the appropriate channels (Incognito Mode, other email
accounts, etc.), but those are much more rare than the typical. It does
sometimes bother me that ads show my interests, but other times, I've actually
found it surprisingly useful and it has led me to learning about other
products available.

I suppose for Apple to release this comment, I agree on the one hand and can
see their point, but I wonder... Sometimes it's nice to have certain services
available to you, if that means giving some information out.

~~~
cperciva
_I grew to like that Google could give me handy data._

I agree that this is useful; but sometimes I think Google tries a bit too hard
to be helpful. For a few months, I visited my girlfriend every Thursday
evening (and at other times as well, of course, but Thursday evenings were
consistent). After we broke up, my phone would helpfully let me know every
Thursday evening how long it would take to drive to her apartment.

~~~
blinkingled
Ha! In my case it sometimes insists that I travel to work at random places at
not really normal office times. Wish I could tell it I work from home or
better yet it figure that out!

~~~
nightpool
There's actually an option for this in the Google Now settings, but I don't
have my Nexus anymore so I can't tell you exactly where. Should be something
like unchecking "give me recommendations based on where I go" or something. I
know you can also set home and work locations manually.

~~~
cperciva
I run into this despite having set my work location manually. Either it's
failing to handle identical work and home locations or it ignores the manual
settings given enough "evidence".

------
llamataboot
I think what strikes me the most about the new privacy policy* (and the
associated mini-site) is just how /readable/ it is. No legalese. No 50 pages
of undecipherable jargon. It's plain text an Apple clearly /wants/ you to read
it and understand what their privacy policy is and privacy practices are. Yes,
there's still the questions about PRISM etc and the NSA, but in terms of
everyday use of their products, what they share with 3rd parties, and their
law enforcement policies - I find the language very refreshing.

*[https://www.apple.com/privacy/privacy-policy/](https://www.apple.com/privacy/privacy-policy/)

~~~
Elepsis
This is actually part of a broader and encouraging trend of non-shitty terms
of use and privacy policies. Microsoft and Google actually also write in
relatively readable, plain English.

Microsoft - [http://www.microsoft.com/privacystatement/en-
us/windowsservi...](http://www.microsoft.com/privacystatement/en-
us/windowsservices/default.aspx) (unfortunately the page itself is a bit of an
eyesore, though.)

Google -
[http://www.google.com/policies/privacy/](http://www.google.com/policies/privacy/)

------
hellbanner
So what about this vanishing of the warrant canary?
[https://gigaom.com/2014/09/18/apples-warrant-canary-
disappea...](https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-
suggesting-new-patriot-act-demands/)

------
droopyEyelids
This is getting weird. (Background interview with Charlie Rose
[http://youtu.be/Bmm5faI_mLo?t=35s](http://youtu.be/Bmm5faI_mLo?t=35s))

I dont understand:

> Finally, I want to be absolutely clear that we have never worked with any
> government agency from any country to create a backdoor in any of our
> products or services. We have also never allowed access to our servers. And
> we never will

Either he's hiding the fact that they'll provide what data they have (timings,
ip addresses, contact metadata) when the warrant comes, he doesn't think it's
valuable to publicize the ways they cooperate with the government legally, or
he is actually thinks Apple will break the law when the lawful requests come
in.

Second, he doesn't address exactly how everyone lost their data in the nude
celebrity thing. A straigtforward answer would address the elephant in the
room, and give us facts to think about, what we need to look out for, and how
their recent moves address the vulnerabilities. Right now all we have is
informed guess work and inferences from (admittedly great) detectives like
[https://twitter.com/nikcub](https://twitter.com/nikcub) Still different than
hearing it from people with the facts.

~~~
snowwrestler
I doubt he's hiding it; there is a whole page about their responses to
government requests:

[http://www.apple.com/privacy/government-information-
requests...](http://www.apple.com/privacy/government-information-requests/)

He seems to be drawing a distinction between providing some information to the
government in response to a request, vs. providing "access to our servers."

------
llamataboot
"On devices running iOS 8, your personal data such as photos, messages
(including attachments), email, contacts, call history, iTunes content, notes,
and reminders is placed under the protection of your passcode. Unlike our
competitors, Apple cannot bypass your passcode and therefore cannot access
this data. So it's not technically feasible for us to respond to government
warrants for the extraction of this data from devices in their possession
running iOS 8."

But law enforcement can still brute force the encrypted image right?

~~~
yzzxy
From a Feb. 2014 Apple Security whitepaper[0]:

"The passcode is “tangled” with the device’s UID, so brute-force attempts must
be per-formed on the device under attack. A large iteration count is used to
make each attempt slower. The iteration count is calibrated so that one
attempt takes approximately 80 milliseconds. This means it would take more
than 5½ years to try all combinations of a six-character alphanumeric passcode
with lowercase letters and numbers."

There's more info on the file encryption in the paper, around page 8.

[0]
[http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.p...](http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf)

~~~
readerrrr
How were the iCloud accounts then attacked if they didn't have physical access
to the device?

 _The passcode is “tangled” with the device’s UID, so brute-force attempts
must be per-formed on the device under attack_

Even with the password you need the device, which they didn't.

~~~
penprog
I think a lot of it was social engineering and bad passwords. If you are using
multiple services and one is compromised you can pretty much give up access to
everything if you use the same password all around.

------
Schweigi
I think more interesting is the section about what Law Enforcement can access
and what not - which is explained in detail on this page:
[http://www.apple.com/privacy/government-information-
requests...](http://www.apple.com/privacy/government-information-requests/)
The page also contains three PDFs with more details for US/EMEA/APAC.

I always thought with the iOS7 encryption everything is encrypted but it looks
like this is only the case with iOS8.

~~~
Geee
iPhone's full-disk hardware encryption is not active after the device has
booted and has been unlocked for the first time. There's second layer of
software encryption for important data, which includes now much more (but not
everything) in iOS8.

~~~
astrange
That's not quite true; iOS doesn't use "full-disk encryption", but only file
encryption.

You can read about it under File Data Protection in
[http://images.apple.com/privacy/docs/iOS_Security_Guide_Sept...](http://images.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf).

~~~
comex
Actually, the parent is correct - the PDF you linked suggests otherwise:

> (NSFileProtectionNone): This class key is protected only with the UID, and
> is kept in Effaceable Storage. Since all the keys needed to decrypt files in
> this class are stored on the device, the encryption only affords the benefit
> of fast remote wipe. If a file is not assigned a Data Protection class, it
> is still stored in encrypted form (as is all data on an iOS device).

but AFAIK, the way this is actually implemented is that the non-None file
protection settings are an additional layer on top of full disk encryption. On
my jailbroken iPhone 5s on iOS 7.1, the /var partition is mounted from
/dev/disk0s1s2 - where the double partition is due to a CoreStorage block
layer between the filesystem and the actual disk. If you dump some data
/dev/rdisk0s1s2, you'll find a HFS+ filesystem with plenty of strings, but if
you look at /dev/rdisk0 itself, they're nowhere to be found, i.e. the
CoreStorage volume is encrypted. (There's probably a more direct way to
determine this, but CoreStorage is closed source and undocumented, so meh...)

------
sergiotapia
"Finally, I want to be absolutely clear that we have never worked with any
government agency from any country to create a backdoor in any of our products
or services. We have also never allowed access to our servers. And we never
will."

The way this was worded is so plain and to the point, it's refreshing. I
sincerely hope it's true! Great job on Apple and Tim Cook for laying it all
out there.

~~~
jellicle
So when the NSA's internal Top Secret slides say that Apple was added to the
PRISM program as a "provider" in October 2012, that provides "Email, chat,
videos, photos, stored data, VOIP, file transfers, video conferencing, logins,
online social networking details" to the NSA, how then should we reconcile
these statements?

Is the NSA lying in its internal slides to itself?

Is Tim Cook lying in his statement to the external world?

Is Tim Cook splitting hairs in some fashion? For instance, is he defining
"backdoor" to mean "illegal backdoor", which therefore excludes everything
done with the FBI/NSA under a veneer of legality?

~~~
xenadu02
People really want to make something out of this, but it's very simple: the
NSA found the "goto fail" bug and exploited it. (We know they also exploited
heartbleed.)

We know they have active programs looking for holes in open source code and
fuzzing commercial services looking for vulnerabilities. How is that so hard
to believe?

~~~
wfunction
> We know they also exploited heartbleed.

Do you have links that show this is true?

------
baddox
Well, that might be the most impressive official comment I've ever seen from a
large business. It wasn't too technical (from a legal or technological
perspective), but also wasn't too dumbed down. It was clear and frank, and not
once did my "BS alarm" go off.

But I'm generally a fan of Apple, and a frequent user of iOS devices, and I've
always liked Tim Cook. Maybe I'm biased.

------
RoboTeddy
> In the first six months of 2014, we received 250 or fewer [national security
> requests from the US government]. Though we would like to be more specific,
> by law this is the most precise information we are currently allowed to
> disclose.

[http://www.apple.com/privacy/government-information-
requests...](http://www.apple.com/privacy/government-information-requests/)

------
drderidder
The way user data fits into Apple's business model (ie. to make the product
better vs. generating ad revenue) is appealing, but unfortunately it's gotten
to the point where pledges of privacy from US companies have a hollow ring to
them. I expect a gradual migration away from US-based SaaS/PaaS and OS
offerings to open source alternatives and self-hosted utility computing,
particularly for business and government applications.

~~~
jqm
Exactly. Once trust is broken, it's hard to regain.

An entity changing behavior after being caught doesn't really inspire
confidence in what it might do when it believes no one is watching.

Trust is a fragile thing. Hard to build, easy to destroy.

I don't necessarily blame these companies though. They are profit oriented and
they almost certainly have to play by certain rules to grow to any size. But
the surveillance crew certainly has certainly shot themselves (and us) in the
foot to some degree. I just hope what they got out of it was worth it, but I'm
doubtful. If they had just played a little more by the rules and vetted
important matters rather than being lazy, their jobs (and everyone in the
Western tech industry) might be a lot easier going forward.

Unfounded hubris and lack of foresight seem to be very common pitfalls for
military, security and policing services. At least in the U.S. And probably
everywhere throughout history.

~~~
drderidder
It's Celine's First Law.

------
tonysuper
Really great to see a company acknowledging that privacy is a major concern.

It's also a great business decision, because privacy is one thing that Google
will never be able to beat Apple on. They pretty much have no way to for them
to respond if Apple starts running ads about privacy.

------
thisisdallas
>We have also never allowed access to our servers. And we never will.

That's good to read but, technically, it's not their choice, correct?

~~~
isomorphic
They can hand over copies of data (after being presented with a warrant)
without giving "access to our servers."

~~~
scintill76
Maybe I'm just really cynical, but now I'm imagining scenarios like mirroring
their disks to copies someone like the NSA is allowed full access to. Would
that be "access" to their "servers"? Maybe they don't include Apple's own
private keys, so at least the NSA can't impersonate them, just read every byte
of data they have?

Then again, it's sort of moot because they can probably be legally forced to
provide full "access to [their] servers". Some comments here are pointing out
they have the choice whether to obey the law, so is Cook actually saying they
will disobey it?

------
Tangokat
As much as I like this message. I just don't believe him. We KNOW the US
government will issue a gag order and not allow him or anyone else to speak
about what they recieve.

The only way to be sure is to provide the source and allow people to complile
it themselves, which is just never happening.

~~~
dmishe
[http://images.apple.com/pr/pdf/131105reportongovinforequests...](http://images.apple.com/pr/pdf/131105reportongovinforequests3.pdf)
has warrant canary "Apple has never received an order under Section 215 of the
USA Patriot Act."

~~~
skuhn
It is gone from the 2014 report:
[https://www.apple.com/privacy/docs/government-information-
re...](https://www.apple.com/privacy/docs/government-information-
requests-20140630.pdf)

~~~
dmishe
Yeah the timing is crazy

------
yellowcake
I find it amusing that this is being served on an unencrypted unauthenticated
page. There is no HTTPS redirect or HSTS header.

~~~
rsl7
Fortunately, it's not a secret message.

~~~
blinkingled
But how do I know a MITM is not modifying this message to claim things Apple
hadn't intended to say? :)

~~~
Geee
That's some next-gen shit.. Also, using HTTP gives Apple plausible
deniability. "No, we didn't actually say that, it was MITM..."

------
pc
I couldn't find anything that describes whether Apple can access your iCloud
data in response to a law enforcement request. (I.e., whether it's encrypted
in situ.) Does anyone know?

~~~
stdgy
_All your iCloud content is encrypted in transit and, in most cases, when
stored (see below). If we use third-party vendors to store your data, we
encrypt it and never give them the keys. Apple retains the encryption keys in
our own data centers, so you can back up, sync, and share your iCloud data._

If I'm reading this correctly, it looks like most things are encrypted while
on iCloud. Namely:

    
    
      - Photost
      - Documents
      - Calendars
      - Contacts
      - iCloud Keychain
      - Backup
      - Bookmarks
      - Reminders
      - Find My iPhone
      - Find My Friends
    

But these aren't encrypted on iCloud:

    
    
      - Mail and Notes (Though they are encrypted in transit)
    

I would think this means that Apple is able to hand over Mail and Notes data
sans encryption?

On another page it reads: _On devices running iOS 8, your personal data such
as photos, messages (including attachments), email, contacts, call history,
iTunes content, notes, and reminders is placed under the protection of your
passcode. Unlike our competitors, Apple cannot bypass your passcode and
therefore cannot access this data._

I read this to apply only to items stored on the device itself. Not on iCloud.

But I hope I'm reading this wrong, and Mail storage is indeed encrypted on
iCloud.

~~~
foobarqux
It doesn't matter what is encrypted, Apple has the keys, as the paragraph you
quoted notes.

~~~
stdgy
I thought that the data would be encrypted with your device's key, not Apple's
key.

Here's a quote of his from the Charlie Rose interview: _We’re not reading your
email, we’re not reading your iMessages. If the government laid a subpoena on
us to get your iMessages, we can’t provide it. It’s encrypted and we don’t
have the key._

Perhaps that's not the case? Or rather, perhaps that's literally only the case
with iMessage? I don't think iMessages are ever stored on iCloud, and instead
only ever propagate from device to device...

~~~
foobarqux
I am pretty sure you can retrieve data on multiple devices and also restore
without the phone.

All of which is moot since Apple can simply be ordered to write software to
leak or capture passwords and decryption keys.

~~~
xenadu02
Actually within US law and case law, even the horrible Patriot act, that is
not true. The government cannot require you to design your photo service (for
example) to allow eavesdropping. They almost made that a law back in the 90s
but enough tech companies freaked that it got shitcanned.

Similarly, you cannot be ordered to lie and say the NSA has not been given
access to your servers, you can only be ordered not to discuss it if it has
happened.

~~~
foobarqux
They do for certain technologies (see CALEA) but even for others they would be
required to take reasonable effort to comply with court orders. Intercepting
passwords isn't particularly difficult, assuming they don't have them already.
Lavabit was required to do something like this.

------
hellbanTHIS
How long until Apple buys DuckDuckGo, minutes or seconds?

~~~
lmedinas
Hope they don't buy it but at least donate! :)

------
apaprocki
So does the last statement about never sharing data with a government agency
serve as a sort of warrant canary? If they were served with a national
security letter to hand over encryption keys for an entire service, wouldn't
they have to remove that line?

------
tszming
Commitment and capability are two things.

I am not saying Apple does not have the capability to protect user privacy,
but I trust Google more in term of their capabilities.

~~~
gress
But Google doesn't protect user privacy from itself.

------
linguafranca
Sorry, am I missing something here? What's the context? Is Apple accused of
some recent scam? Is this because of them forcing U2 into our accounts?

~~~
barrecan
In light of the recent "iCloud hacking" as well as the launch of health
monitoring with iOS8, questions about security arose.

------
nikiiv
So in general, to be read as: "Please continue to upload nude selfies, they
are more secure then ever" :)

------
holri
The interesting thing is that they obviously think that there is now a market
and selling point for privacy.

------
squid_ca
And yet, they had the gall to force an album down our throats during their
reveal last week.

When I saw that U2 album in iTunes, I had to stop and ask myself why I was so
pissed off about it. In theory, it was simply a nice gesture. But in reality,
it was just a reminder that Apple is in control of my software, not me. It was
a reminder that, ultimately, this company (and, in fairness, most companies)
is going to fuck me over if it means more money for them.

So, sorry Tim Cook! but you are full of shit. You will totally roll over and
fuck me when money is on the line, either as a business opportunity or to
avoid a fine. And guess what? I am screwed no matter what I do, because the
choice is between convenience and Richard Stallman-esque software self-
cripling, and the Dead Kennedys already know how that plays out.

