Hacker News new | comments | show | ask | jobs | submit login
Learning with Privacy at Scale (apple.com)
132 points by gok on Dec 6, 2017 | hide | past | web | favorite | 16 comments

Of the big tech companies (GOOG, FB, MSFT, APPL) I really respect Apple for the things they do to protect privacy. From standing their ground against three letter agencies to ensuring user privacy even while collecting information. Albeit they don't earn the major portion of their revenue from ads unlike GOOG and FB its still commendable.

The funny thing is that Google was the first to introduce Differential Privacy to a production service into Chrome . Also differential Privacy was first created at Microsoft. Apple just followed Google and publicized it much more

Funny thing is Google is the last company I expect to respect my privacy and I'm usually correct.

Apple has incorporated differential privacy in all of their products so yea they get to publicize it more.

How do you feel about brazenly breaking all of those principles to make money on the Chinese market. Do you with think iPhones sold in China protect Chinese citizens from surveillance?

I think their principled stand in the US is somewhat diminished because they take no risks from it, it comes mostly with free marketing differentiation. But when the rubber hits the road and they face a choice between selling a compromised product based on government demands or deciding to refuse, they bow down.

What does that say about what would happen if one day they develop a multibillion dollar revenue stream for profiling say, app installs and store behavior. Would they be able to resist that if their stock is otherwise sagging because the market demands the new revenue stream?

To me, Tim Cooks statements on commitment to privacy are hypocritical and contradicted by legitimizing and even failing to criticize openly the actions of Beijing.

Some people will say "but he has to follow local laws". IMHO, "just following orders" is too often an excuse for enabling evil behavior. If you are stately that you are strongly principled about issue X, and then decide you're going to go to Region Y where it is well known they don't respect X and with high probability will compel you to act against X, then you don't get to make the excuse you have no choice but to jettison your principled stand on X while in Region Y. You could also just decide not to sell in Region Y so as not to be subject to compulsion against your principles.

This whole episode makes their stance look like a marketing campaign. It's easy to say "I don't do X" if not doing X doesn't cause you to lose any money from your existing business. Hey, my work doesn't make weapons that bomb people. We're taking a principled stand and pledge not to include any feature that could be used for bombs. Very brave. But then one day, a government contract forces you to sell something to a bomb maker, and suddenly you're like "I have no choice. They won't buy my coffee makers unless I sell them this timer that can be used to make bomb triggers."

I like that they provide great privacy protections when they can by law. Most companies don’t. Very few companies put so much effort into privacy.

I don’t expect them to break laws. And I don’t expect them to pull out of entire countries, let alone the most populous one on earth.

Doing everything on device is cheaper than running a large service, and exposes you to less risk. Ingesting a billion photos a day and running say, ML on them server side is more expensive than having the consumer pay for it on their local device.

It's unlikely any online service they can come up with from data will come close to their iPhone business, so it would mostly be a cost and distraction and a risk. That's why I say, investing in differential privacy or running photo recognition on device is a much smaller effort than scaling out a billion user service.

That's not to say what they're doing is bad, but I don't think it's a brave stand, and I don't buy it as a principled stand, because of the complete silence on China, not just obeying the government actions, but not even verbally protesting them -- even in Western media.

In the US, Apple, if compelled by an FBI warrant to hand over data, would do it, but would publicly resist and complain about it. Not only does Apple comply with Chinese demands, they don't even dare criticize the Chinese government or resist in any way. This to me is selling your soul for marketshare.

And Tim Cook's appearance at the Wuzhen conference extolling China's "open" internet just made him look like a tool.

> Albeit they don't earn the major portion of their revenue from ads […]

That's the most important bit when it comes to trust them on privacy. They don't have a major incentive to exploit user data.

And this is the most important line of thinking to pursue when considering your own privacy and the topic of trust in general.

Corporate responsibility is not about good and bad people, it is about incentives. You can pick from any number of stories to learn the lesson from: Enron, Wells Fargo, etc.

If you are not in a customer relationship with Google and they provide you a free service, you must simply assume you are the product they are developing. It’s not because they’re evil and Apple is good; it’s because both have a fiduciary duty to their shareholders, and Apple can increase your value to them by offering you value in return. Google cannot seem to find a way to do so at the scale their business already exists.

In the absence of evidence in either direction, assume rational actors.

The 4 big tech companies are Google, Microsoft, Apple, and Amazon. Facebook is climbing, sure, but not yet in the top 5. In the data I saw from 2015 it was in top100.

Google has also done some foundational research on learning with privacy:



It's hard to know for sure what they (or any company) are doing in production, but I'd be surprised if they don't use these things internally.

Well said. I’ve come to distrust FB and Google so much I am very unlikely to buy their products or leverage their services.

Now if they could just stop introducing passwordless root access bugs.

I'm really glad Apple takes these positions in privacy. I think their efforts benefit all users, not just Apple users, because the other companies have to respond.

I would love to see them take it further by reducing the amount of "trust" required, such as more open sourcing and support for open source OSes (like Linux). They have definitely improved from "closed end to end" of Steve Jobs, but they could do even better.

Is this sufficient to satisfy the GDPR?

They use a term "privatized records" that is not directly recognized by the GDPR. If this is equivalent to data anonymization or pseudonymization is a mathematical proof, that I'm not familiar with. Still kudos to Apple for doing "something", then it remains to be seen how well it stands the test of time.

Not sure but from what it reads like, Apple's servers won't be holding data subject PII and data subjects have choice to opt-in or out. Though this process may need to be may need to be easier to toggle.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact