
Apple does right by users and advertisers are displeased - DiabloD3
https://www.eff.org/deeplinks/2017/09/apple-does-right-users-wrong-advertisers
======
boyter
Which is exactly why as of last month bought my first iPhone. The pro privacy
stance that Apple is taking is wonderful to see. No idea if anyone pushing
this at Apple will ever read this but you have a customer for life if you
continue to do so and will champion your products to their entire sphere of
influence.

~~~
hellbanner
Is your iPhone more secure than an open source version?

~~~
evilduck
AFAIK there's no such thing as a completely open source cell phone.

~~~
hellbanner
Unfortunately not. Even if there was, it's the mesh network they run on that
breaks security - corporate & gov controlled cellular towers

------
arca_vorago
It cracks me up how much the hn userbase has changed. Apple has traditionally
been very user hostile, but they make some grandstand PR move and so many
people fall for it like Apple cares about user privacy/freedom, etc.

As Richard Stallman said, Apple puts the user in a prison. Just because the
warden is getting better at playing nice some of the time and making the
prison more beautiful doesn't change the fact it is a prison.

In a free system, the users could have done this themselves years ago instead
of waiting for Apple.

~~~
bbatha
Unless you're installing AOSP android on your phone, you're in the same boat
with Google. You're increasingly limited to what Google will allow on the play
store. You may have some more flexibility, but to continue your analogy:
android is a like a low-security prison run by gangs you may have more freedom
but at the end of the day you're still on the inside and now you run the risk
of getting shanked.

~~~
tonyztan
(Almost) All Android phones allow you to sideload apps without having to root,
AFAIK. So you aren't really limited by the Play Store.

~~~
skinnymuch
I have little idea about how the android market is. But when I had a rooted
phone, the rooted market of apps/tweaks wasn't too impressive. I personally
felt like iOS's jailbreak market was doing better even though it had
dramatically shruken too. This is about 2 years ago.

So if the rooted tweaks and apps market isn't that strong for Android, how big
would the side loading market be? I'm obviously thinking there's not much
there. At least not for people where Google services and apps are included
normally with Android like the US.

------
specialist
Yes, this benefits Apple customers. I'm pleased.

But it also attacks the revenue of the other 3 horsemen (Google, Facebook,
Amazon). Which also pleases me.

If I was Apple, I'd mess with advertising, just because.

~~~
exelius
Apple knows this; in fact, I'd say it's their core business strategy. They did
this before with the iTunes Music Store, and they will continue doing it as
long as they exist.

Apple focuses on the mass consumer as their sole and perpetual customer. This
allows them to maintain laser focus on solving the problems of the end users
rather than solving the problems of an advertiser and forcing the solution on
end users.

Apple's refusal to "innovate" on its business model has actually put them
where they are today. Most other tech companies have other motives in making
mobile devices: Amazon wants to sell you content, Facebook and Google want to
show you ads, while Apple just wants to make the best damn phone out there and
sell it at a very high price.

If the market definition of "best damn phone out there" starts to include
"protects your privacy", Apple doesn't have the conflicts of interest that
Google or Facebook do. I'm sure everyone else will eventually follow suit, but
Apple is the only one with the capability to take the lead on privacy.

~~~
hyperbovine
Oh spare me. Apple is waaay in bed with rightsholders when it comes to DRM.
It's all wine and roses as long as you're 100% bought in to their ecosystem.
Try playing your iTunes purchase on a non-Apple product and you're SOL. I fail
to see how this solves "the problems of the end users."

~~~
tomjakubowski
> Try playing your iTunes purchase on a non-Apple product and you're SOL

What are you talking about? Did iTunes add back DRM? Around 2009 or so Apple
made all of iTunes DRM-free and were, I believe, the first major online music
store to do so. It was a huge deal; Apple published an open letter from Jobs
on their home page and everything.

[http://www.nytimes.com/2009/01/07/technology/companies/07app...](http://www.nytimes.com/2009/01/07/technology/companies/07apple.html?mcubz=0)

"iTunes Plus refers to songs and some music videos* in high-quality AAC format
that don't have Digital Rights Management (DRM). All songs now for sale in the
iTunes Store are iTunes Plus."

[https://support.apple.com/en-us/HT201616](https://support.apple.com/en-
us/HT201616)

and, as of 2014, you could kill DRM on DRM-ed iTunes purchases made before
2009 [https://www.wired.com/2014/03/kill-itunes-
drm/](https://www.wired.com/2014/03/kill-itunes-drm/)

~~~
criddell
Movies are still generally protected with DRM. Do you know if you can play
iTunes movies with a third party player (like VLC).

~~~
agentdrtran
Who sells DRM free movies?

~~~
criddell
gog.com

Plus, not all DRM schemes are equal. One that is exclusive to Apple is worse
(IMHO) than one that isn't. For example, I can go to a store and buy a DVD or
BluRay disk that has DRM yet I am very sure that I can play it on every player
I own.

~~~
ender341341
As big of a fan of gog as I am and as much as I dislike itunes I think it's
pretty disingenuous to compare their movie store to itunes. They have 56
movies on their store and I don't think any of them could be considered
mainstream.

~~~
criddell
Oh I agree with you.

I was originally responding to the person that said the iTunes store doesn't
sell DRM'd stuff. The movies definitely are but I don't know if the DRM
restricts the movie to being played on an Apple device or if it uses some non-
Apple DRM making it playable elsewhere.

------
dalbasal
Browsers are really where privacy needs to come from.

I know a lot of people have hopes for a legislative solutions, but I think the
EU (also UK and others) "cookie law" really needs to make us consider how
effective they can be. The motivation for the law was good. They put their
finger in the right place. . We got nag screens and little improvment in
privacy.

Not every piece of privacy legislation does as little as this, but I still
think we need to be wary. Browsers, OTOH, are in a great position to improve
user privacy.

Maybe instead of letters to parliamentarians, letters to browser makers?

~~~
gaius
_Browsers are really where privacy needs to come from._

There's only so much a browser can do against someone who can follow your IP
address around. What we _really_ need is ISPs who randomize what the server
sees from their pool of IPs and NAT it internally.

~~~
nottorp
That would remove any way that you had to run a server on your home machines -
trade one freedom for another?

~~~
gaius
Static IP is already an optional extra on most UK ISPs, so most people would
lose nothing

~~~
nottorp
It's an optional extra just about anywhere, but most routers have dyndns or
some equivalent built in these days, and besides your address changes so
seldom that you can run a server for a small group by just telling them the
new IP when it changes.

~~~
gaius
Well, it's a trade-off. Personally I just use cloud VM now and don't run a
home server anymore (previously I had DynDNS and would SSH X11 tunnel into my
IRIX box from outside).

------
dvt
Was recently telling my dad about this. I might get an iPhone X just because
of Apple's new stance on browsing privacy. I recently quit my ad-tech job and
what FB/Google does with tracking is incredibly sketchy.

Glad to see a large company with leverage fight back.

~~~
blubb-fish
Why not an iPhone 6?

~~~
alien_at_work
Don't know why people are downvoting this, but the 5C just got "obsoleted" so
that could mean the 6 is right on the brink of update oblivion. So that could
be a reason.

~~~
blubb-fish
could be - but the question is so stupid - not worthy to actually reply.

In the light of such pretentious behaviour I have no idea why apple users have
a reputation of being pragmatic and down2earth. </irony>

~~~
alien_at_work
I'm an apple user, perhaps even a fan. I don't have a clue why your comment
was downvoted. Is it a lot? Maybe it's a misclick.

~~~
blubb-fish
just joking. nonetheless my question was serious.

I wouldn't like to pay more than €500 on a smartphone. And ...,iP6 < €500 <
iP7,...

Actually I am a happy Android user. But I don't like too much of my data in
one basket. Which is why I would consider iPhone for my next phone.

But the praise of iOS regarding privacy is rather new. So my question aims at
whether I could expect also the privacy for older iPhones or if this is only
coming with newer versions.

Of course data safety is in this case a result of an Apple policy - which
would affect all products - but possibly older iPhones still send too much
data to Apple.

F.x. let's assume a Catalonian opposition politician who's investigated by the
Spanish police and a judge decides his data should be searched. With this
warrant they contact Apple. Would apple now send all their data about the guy
to the police - how much do they have?

That's another question I ponder besides ad tracking policies.

~~~
alien_at_work
Well, the data sending is (AFAIK) about the OS, not the phone itself. So if
did they made this policy change for iOS 11 [1] then all phones that run iOS
11 get it. And honestly, the 6 is probably fine. They stopped updated 5C and
before because they were 32-bit phones. I expect 6 and on to keep getting
security updates, etc. for a long time. At least I hope so because I had
planned on staying with my 6 for as long as I can.

For your spanish case, I would refer to the case of the US terrorists: Apple
prefered to pay a fine to the US government rather than unlocking it.

[1] I think they've always had this kind of policy, for the record.

------
gnicholas
I wonder if Apple will make it easier to block tracking pixels in emails. I
know they let you turn off remote image loading in total, but this is a pretty
blunt instrument and makes many emails hard to read.

I would love if they came up with a smart solution that blocked all pixels,
but didn't by default block substantive images. This is increasingly important
as new email apps come out that offer consumers the ability to easily send
emails with tracking pixels [1].

1: [https://techcrunch.com/2017/08/18/rapportive-founders-new-
st...](https://techcrunch.com/2017/08/18/rapportive-founders-new-startup-
superhuman-is-what-gmail-would-be-if-built-today/)

~~~
joosters
You can load images on an as-needed basis in mail. Generally, any email that
is solely images and has no text is not going to be worth looking at.

I can't see how defining 'substantive' images could ever work. The other issue
is that email clickable links are often unique and tracked, so images are
unfortunately only part of the problem here.

~~~
xoa
> _I can 't see how defining 'substantive' images could ever work_

You can't? Seems pretty straight forward, so long as you remember first and
foremost that 100% accuracy is completely unnecessary. The "load all images"
option can still be there, so all that's needed is a solution that's good
enough to suffice the majority of the time and shape norms and standard-case.
That leaves lot of low hanging fruit. To start with are basic heuristics like
that there is no need in email for 1x1 or 2x2 or 3x3 or whatever pixel images,
or images where the pixels are entirely set to transparent. A lot of tracking
stuff, particularly mass scale efforts tied to multiple parties beyond the
sender, is pretty blatantly content free for even a totally dumb static rule
set. Slightly more smarts could be used to discriminate based on simple sender
trust heuristics, such as whether the email is cryptographically signed,
they're in your contacts book, whether you've ever replied or clicked through,
etc. Finally this could be another area where, just as they did here with
cookies, Apple applied some basic ML to answer the "likely substantive"
question. Again, remember that failing here doesn't necessarily matter because
it can still be an improvement over the status quo.

~~~
joosters
Sure, I agree that blocking pixel images and similar stuff like transparent
images is an easy win, but the workaround for that would be for trackers to
start supplying more substantive parts of the email appearance, such as
company logos and so on.

~~~
gnicholas
Yeah, the question is what is the proportion of low-hanging fruit versus
persistent actors. We didn't just give up on spam because "spammers will find
a way around".

And if we can eliminate a bunch of low-hanging fruit (e.g., from consumers who
don't care enough about tracking to put a trackable company logo image in
their signature), that's better than nothing.

~~~
lastyearman
Just cache all images in apple's servers (even if the user doesn't open the
mail) by default and tracking is useless.

------
phasecode
Hopefully FireFox and-or IE will be the next to step up. I don't see Chrome
stepping up until every other browser has.

~~~
tryingagainbro
Firefox, I doubt it. They love the ad money so biting the hand that feeds them
is risky, never know who will feed them next and how much.

Microsoft might, even though Bing is profitable and in 2015 brought in ~ $1b a
quarter [https://techcrunch.com/2015/10/22/bing-is-
profitable/](https://techcrunch.com/2015/10/22/bing-is-profitable/) . Might be
too much money for Microsoft to ruin it.

All Apple right I think, but if they wanted to hurt Google they could start a
search engine, maybe by buying DDG.

~~~
mda
DDG is not a search engine.

~~~
__sr__
Can you elaborate? DuckDuckGo[1] sure looks like a search engine to me.

[1] [https://duckduckgo.com/](https://duckduckgo.com/)

~~~
manquer
OP probably means that DDG uses Bing search results to populate the index

------
cm2187
Would I be right to assume that safari on iOS defeats browser finger printing,
given the absence of flash and the fact that you can't really customise the
platform, adding new fonts, etc, so the entropy is close to zero?

~~~
delta1
It doesn't seem so, visiting Panopticlick[0] on my unmodified
Safari/iPhone7/iOS 10.3.3 gives "your browser has a nearly unique fingerprint"

[0][https://panopticlick.eff.org/](https://panopticlick.eff.org/)

~~~
mnw21cam
So, panopticlick marks down my browser because it doesn't unblock third
parties that promise to honour "Do not track".

In what way is this bad? (Yes, I have third party cookies blocked. No, I'm not
unblocking them.)

~~~
qbrass
The more things you do that aren't like what everyone else does, the easier it
is to single you out from the combination of those choices.

------
simonh
> Apple does right by users and advertisers are displeased

Looking at all the anti-Apple bile and conspiracy theory crap on this thread,
it looks like the anti-Apple crowd are completely unhinged by it as well.

------
wruza
I usually turn off 3rd party cookies in my browsers and it is fine with mostly
all sites, but often I forget about that and can't log into few services,
cause they implement logging in a somewhat wrong way. For a big example,
Atlassian lost me (and my small dev department) because their auth is too
complicated to fit in one domain, while all I wanted was a simple svn hosting
backed by serious player, no matter the price. /mycookiestory

~~~
tajen
I'll write a theorem that every company ends up with single sign on, no matter
how poor it is (oh hi Youtube, hi Ted Cruz).

------
twobyfour
From a consumer privacy standpoint, Apple has the advantage over Google that
they are not beholden to advertisers for any significant portion of their
revenue.

------
glasz
you folks remember steve's letter on flash?

[https://www.apple.com/hotnews/thoughts-on-
flash/](https://www.apple.com/hotnews/thoughts-on-flash/)

i'd love to see such thing wrt the ad industry whinging like this. it would be
so great.

------
alanh
Related: Check if your browser is currently allowing third party cookies
[https://alanhogan.github.io/web-experiments/3rd/third-
party-...](https://alanhogan.github.io/web-experiments/3rd/third-party-
cookies.html)

------
krausejj
Beyond ads/retargeting, does this render analytics services useless? Will
Google Analytics and Mixpanel show anyone who isn't a daily active user as
"new"? Will Optimizely not be able to customize my site and have that be
retained for that user going forward beyond a day?

------
Symbiote
For the first time, I'm also tempted by an iPhone.

But, it's still a proprietary system, and there are far fewer open source apps
in the App Store compared to the Play store.

Maybe I'm better continuing as I do now -- Android, but with Firefox +
blocking plugins installed.

~~~
criddell
I think you are looking at it the right way. If the software you want to run
isn't available on some platform, that should rule out the platform.

I've always had an Android phone and an iPad so I've tended to choose
applications that are cross platform so switching is easy for me. I think my
next phone is going to be an iPhone because I'm starting to feel like a
sharecropper on the Google farm.

------
Theodores
Does anyone have a guide as to how this affects things for ecommerce?

If I have a third party reviews module - Feefo, BazaarVoice etc. - will that
work?

Is this the end for 'AddThis' and other tracker things marketing type insist
on bulking the page load times with?

------
freedomben
If Apple really wants to do right by users, they need to open source their
software.

I don't like any giant company saying, "trust us, our code is completely
closed and we put up tons of road blocks for you unless you use it the way we
say you should, but we take your privacy seriously. Trust us <EvilSmile />"

As long as Apple is a closed and secretive company, I won't consider them
advocates for users.

~~~
GabeRicard
If you have that view of Apple and don't trust them, then what would be
different if the code was open source? You think they couldn't do a special
"evil" build for devices where you can't access the binary and then provide
the "non-evil" source for it?

------
dx034
Does that mean the feature is also present in chrome on ios? Or is that
controlled by the interface?

------
justin1364
why don't site and advertiser just set up a subdomain of the primary site, and
point the DNS to an ad server?

~~~
justin1364
(maybe this is just too much work?)

------
eps
This is all lovely and all, but... cookies?

If I were an ad network, I'd long ago switched to local storage and browser
fingerprinting. Especially if it's my very survival as a business is at stake.

~~~
scarlac
The localStorage is not readable across sites. Cookies are. The issue is
mostly with 3rd party cookies which many in the industry rely on to do
tracking.

~~~
eps
My main point was in browser fingerprinting.

LocalStorage is just an icing on top to better cross-reference users in the
scope of the same site.

------
libertine
"Does right by users" is quite a claim, to deprive users of targeted
advertising.

Be aware of this - we all know advertising is abused, and has tired users -
but it's tricky to find a vendor of hardware being the gate keeper of such
stance.

Next step is main media groups start to block safari browsers.

~~~
rsynnott
> deprive users of targeted advertising

Poor users, deprived of the joys of targeted advertising :(

~~~
libertine
You would rather be blasted with pet snake food, hemorrhoids cream and nail
polish - over the laptop with a drop in price after you visited a website and
added it to the cart.

But if giving all your biometrics data to Apple and limit yourself to their
brand is the way to go - mate, you're using the right products. In a near
future your world will be all-Apple, and you won't even notice.

~~~
codyb
? You don't give your biometrics data to anyone when you use touch or faceId.
Are you sure you know what you're talking about?

Right now Apple _might_ be a dominant share in the SmartWatch category but
certainly not in any other category they produce products in (phones, tv
boxes, computers).

In a current future some people buy almost everything through Amazon, do all
their socializing with Facebook, and do all their e-mailing and internet
searching with google. All three of those comoanies track you as you go around
the web and exploit every little bit of information they can to build
expansive profiles about people in the world.

Apple doesn't track you around the web and is (and has, they stopped apps from
tracking users in particular ways in the past) activitely making it harder for
entities to follow you around the web.

Kudos to Apple.

~~~
libertine
> ? You don't give your biometrics data to anyone when you use touch or
> faceId. Are you sure you know what you're talking about?

That data is stored in your phone - when the FBI has to ask permission to
Apple to have access to a phone, that phone doesn't belong to you - it belongs
to Apple. They can blast through your door and get through everything you have
- phone records, phones, laptops, photos, documents, even your bank account.
But not your Apple smartphone - that's some fucked up shit going right there.

> Apple doesn't track you around the web and is (and has, they stopped apps
> from tracking users in particular ways in the past) actively making it
> harder for entities to follow you around the web.

Apple doesn't need to track you around the web - Apple knows who you are. They
just don't want everyone else to know who you are - keep you locked up.

~~~
matwood
> That data is stored in your phone - when the FBI has to ask permission to
> Apple to have access to a phone, that phone doesn't belong to you - it
> belongs to Apple.

Not even Apple can gain access to the secure enclave as this older article
explains: [https://blog.cryptographyengineering.com/2014/10/04/why-
cant...](https://blog.cryptographyengineering.com/2014/10/04/why-cant-apple-
decrypt-your-iphone/)

The SE has advanced further since then, with Apple's stance appearing to be
even if compelled by law they would rather be able to say there is nothing
they can do to help.

------
beager
Two things:

1\. Methinks the advertisers doth complain too much. iOS devices have
essentially no way to block advertising. Not in the browsers, not by
configuring certain settings. Advertisers should count their lucky stars over
this.

2\. Don't assume altruism here. Apple is a gatekeeper of very valuable data
for advertisers. Afaik they don't have an ad tech arm, but they're sitting on
an inordinately large amount of strong signal. They could sell it, and sell
advertisers into their own ecosystem.

Edit: I'm told by several commenters that I'm wrong. And I'm happy to be. I'd
like to move my goalposts and say that native apps do not have those
capabilities :)

~~~
teknologist
Actually you can now download ad blocker extensions for Safari in the App
Store.

------
infinita740
Meanwhile they allow locations services to continue even after the user "turns
off" the wifi following android footsteps(1). So tracking in apps will be
worse for users.

As a customer really it seems they talk a lot about privacy yet implements
"sneaky" changes like this, it seems a bit dishonest.

1\. I know the feature is a different in IOS (it only disconnects connected
devices) but for location services/tracking this is effectively the same as
android. see: [https://support.apple.com/en-
us/HT208086](https://support.apple.com/en-us/HT208086)

~~~
joeblau
You seem to be confused about that post. That _only_ refers to turning off
WiFi from Control Center. If you go into settings and turn off WiFi, it will
actually turn the radio off. Separately, in Location and Privacy, you can
disable location for your whole phone or on an App by App basis. Control
Center WiFi is not tied to this.

~~~
kevingrahl
It is a massive step backwards though in my opinion, changing the
functionality of the toggle in control center from disabling WiFi to just
disconnecting the device.

A privacy conscious user now has to do 4 actions (Unlock, open Settings, WiFi,
disabling it) instead of two (swipe up, disabling it) to disable the WiFi.

I doubt many normal users would notice the difference, maybe thinking the
toggle has the same functionality as before thus thinking they won’t
constantly broadcast their known WiFi networks and thereby the pretty accurate
location of their frequently visited places.

Please correct me if I misunderstood something!

Edit: I meant standard as in: If no other option than SMS 2FA is available.

~~~
joeblau
You got it, you're right, and I agree.

I rarely go into Settings to disable WiFi, but it seems like I'll have to
start doing that now.

------
ak39
This is a complete guess ...

Apple "does right by users". That's ok. But I'd wager this is only because
that type of positioning is now Apple's chosen market differentiating*
strategy. Against Google. Apple seems to want to position itself as the device
that guarantees privacy and security. Apple would like to maintain exclusive
access to a market segment that values security and privacy above all.

It worked for BlackBerry. Strong and almost cult-like loyalist following
mostly guaranteed BB's reach in the executive circles. Even after BB became
"Veblen", the device was in high demand. In such a market segment, the price
per device doesn't really matter. My view is consistent with the apparent
"horror" prices seen for the new iPhone.

If my guess is right, it's a shame about Apple's chosen direction. I love
their products.

~~~
sjwright
> Apple would like to maintain exclusive access to a market segment that
> values security and privacy above all.

You make it sound like Apple has some kid of unfair advantage over
competitors. Or that Apple has monopoly power over the ideas of security and
privacy. Bullshit.

> it's a shame about Apple's chosen direction.

I can't believe anyone could say that with a straight face.

~~~
ak39
You misunderstood.

Security and privacy should be a given. Security and privacy should never have
been an easy opportunity for Apple to differentiate against its competitors.

Edit: Would I expect my wife to cook me a lovely welcoming dinner if I phoned
her from work to tell her I had been an honest and loyal husband for the whole
day? No.

(She would, had I had gotten her flowers without saying a word though! But
that's another thing.)

~~~
criddell
> Security and privacy should be a given

I couldn't agree more. The news shouldn't be that Apple is doing something
remarkable, it should be how other browsers fail to protect their users in
similar ways.

