Hacker News new | past | comments | ask | show | jobs | submit login
Apple Launches Portal for U.S. Users to Download Their Data (bloomberg.com)
625 points by uptown on Oct 17, 2018 | hide | past | favorite | 217 comments

I've been an Apple customer for the past decade or so, starting with the white 13" macbook, and the first iPhone. I've heard the argument many times that Apple is just as bad as Google/Facebook when it comes to collecting data.

I checked my data when the GDPR came into effect, and was pleasantly surprised to find only information i "expected". It has my complete purchase history over every Apple product I've ever _registered_ as well as iTunes/AppStore, it has every service/repair call/appointment I've ever made. It then goes on to list everything I've uploaded to iCloud.

There were no unpleasant surprises. No records of phone calls, no text messages (I don't use iMessage in iCloud), and absolutely no data i wasn't expecting them to have.

Google/Facebook have become greedy, and i expect a backlash will happen eventually (if not already) where people are fed up with them siphoning every little detail of their lives.

Did you ever grab your Facebook data? When I did, I was astonished to find out just how much they had collected and stored. Numbers I hadn't seen in years even, and a lot from back in the days I had a Blackberry and there was seemingly no option for "don't eat up my contact list." at all. It was frightening and eye opening at the same time.

I grabbed my Facebook data when the GDPR came into effect. Besides what I've "willingly" shared they don't have much data on me. No phone calls, no text messages, no locations, no contacts.

I attribute this to always having used iOS, and me always having been rather conservative with what permissions I give out to apps. I never give out address book permissions, location updates is allowed if _I_ have use for it within the app, etc. I've never used Google apps on my iPhone.

Mostly though, it's probably due to iOS. It has always had better/finer privacy settings, and where Android used to require permissions up front, iOS asked for them when you actually used the feature within the app.

The option to disable background updates also helps a great deal. Can't very well siphon my entire location history if you only receive location updates for 6 minutes per day.

Have you found anything unexpected in your data download from Google? I agree that Google & Facebook (esp. Facebook) appear more greedy when it comes to data collection but that should be visible in the downloads they provide.

The problem is in trusting that the data they (Google, Facebook, Apple, etc) provide really is everything they have. I know Google has the DLF, but that’s more oriented to providing export access to your data stored in Google services, rather than a register of data stored about you.

We need to be careful to distinguish between data we store in these services, and data these services store about us and our use of those services. Providing a summary and exports or access to the first implies nothing about the second, or who any of this data might have been sold to.

The data they return is data you basically entered. So you get it back.

Inferences though... things that they think might describe you, which is changing over time, does not come out. Something like profilelens.com might provide these insights.

I think the CCPA talks about data flows too. Ask for data flows. Ask for justification.

>who any of this data might have been sold to

They have to share who they shared your data with on your request.

I'm actually selling my Pixel 2 XL off to a friend after having it for 3 months, Google's got too creepy I'm switching back to my old 5s. As much as I hate the price, I have privacy.

Look at it this way, Apple doesn't grab or sell your data, so when they sell you a device that's all the money they're going to make from you.

When Google sells you a device they can afford to "discount" it as they'll make more money whenever you use the device.

>There were no unpleasant surprises

Did you verify you got 100 % of the data they had/have on you? Or was the problem of verification a surprise to you?

Since I dont see a link in the article, the page is https://privacy.apple.com/

Although im in the U.S. and i dont see the option to download my data. Perhaps it hasn't rolled out to everyone? or am i looking in the wrong place?

In this article (https://techcrunch.com/2018/10/17/how-to-download-your-apple...) they say:

>If the “obtain your data” option isn’t immediately available, it may still take time to roll out to all customers.

Time to sit and wait!

I just asked to download my notes and the ETA is one week according to the web page.

I was able to initiate the request - I'm in Australia

Thanks for the link. I see an option to download all my data and I'm in US. I guess they are slowly rolling this out.

I'm surprised that nobody mentioned how big of a target this is for the criminal enterprise. Gaining unauthorized access to someone's account through this portal would be a gold mine, even better than iCloud alone.

I just tried it. Someone would need my apple id, my password, access to one of my apple devices (I had to enter a code that appeared on one of my devices), and access to my email. If someone already has all of that, I'm hosed no matter what.

So IOW someone would just need your iPad.

I was quite surprised it let me verify from the device I was actively using.. Is it really 2FA if it pops up the code on top of Chrome?

2FA prevents people who successfully phished you (e.g., they managed to send you an email that opened a fake Google login page that you put your password into) from logging in with your username and password without being in your physical vicinity.

2FA popping up on your personal device that you authorized, even when that's the same device you're trying to log in on, doesn't reduce the security of that.

Not to mention, how many people only have one Apple device?

That would be my wife.

Exchanging her phone for a new one meant we could not activate her new phone without creating a new account.

How would it know it wasn't your current device? They'd have to leak some special data via Safari. Furthermore, does it matter? There's a fair chunk of users who only have one Apple device, capable of producing those codes, anyway. If the attacker already has an unlocked phone from the user, chances are they're already pwned anyway..


And would have to know your password.

Read: the government.

As this is HN I wouldn't think it necessary to state that that is how it is supposed to work.. but it never does. You should know that. It will be abused.

Unless there is a weakness in that authentication.

Which authentication? My password manager authentication? My email authentication? My apple device authentication?

Apple’s authentication of those factors, or a separate entry point. It is not certainly not unheard of to leave gaping security holes, sometimes ones which bypass multiple security measures (why the downvote?).

Like no rate limiting of the FindMyiPhone API, lol

Then they would have access to my iTunes account anyway...

But then they can easily exfiltrate, which would allow it to happen programmatically and in mass.

So i cannot download my data without using an apple product? And that interaction will only add to the data? Seems like they just assume that all past customers are current customers too. And what of those who have onlh ever interacted with apple via work? Apple has thier data but they may not have access to the needed devices.

This is because of hardware-based encryption. It is physically impossible to retrieve a good deal of data without access to keys in one of your devices’ enclaves.

The user to whom you’re replying most likely has Two-Step Verification enabled on their account, which is why they received a prompt on their Apple device. If you do not have an Apple device this particular step could not apply to you.

And once enabled, you can never disable... Heaven help you if you only have one device, and want to re-auth your account, to get rid of the nag prompts to login again.

It falls back to SMS for 2FA if you don't have a trusted device on the account (e.g. if you only have one device and are doing a reset of said device)

Yeah, and I no longer work for the company with that second device. I don't get the down-votes (Apple apologists). I had to go through this just a couple months ago.

Why would you activate a device from your employer with your private apple id?

I had a similar issue. I removed the device from my account with a call to Apple so it could fall back to SMS.

What would you prefer?


"The release of iOS 11" ... "also made a number of other changes under the hood" ... "Each and every one of these changes was aimed at making the user’s life easier (as in “more convenience”), and each came with a small trade off in security. Combined together, these seemingly small changes made devastating synergy, effectively stripping each and every protection layer off the previously secure system."

"The passcode. This is all that’s left of iOS security in iOS 11. If the attacker has your iPhone and your passcode is compromised, you lose your data; your passwords to third-party online accounts; your Apple ID password (and obviously the second authentication factor is not a problem). Finally, you lose access to all other Apple devices that are registered with your Apple ID; they can be wiped or locked remotely. All that, and more, just because of one passcode and stripped-down security in iOS 11."

I don't know if it got any better with iOS 12.

Elcomsoft is in the business of FUD to sell their software. While they are not wrong by default, this is one of their statements that is simply false.

> false

I’d still like to see anything that disproves their claims and support yours which appear to be unsupported. Elcomsoft documents in details what changed in the whole system. And the post was already discussed on HN and I haven’t seen anybody disproving it:


The statement that the sum of the parts if different from the sum of the parts that it used to be turns a secure system into an insecure system is false. The article seems to equate changes in parts to a less secure environment against any threat model, which is universally false.

That is was never the argument of the article. Let me simplify it, as I see it's missed completely:

Until iOS 11 what existed was

1) your "digital identity" by Apple (Apple ID and Apple ID password)

2) your "physical identity" (fingerprint) stored only at the device(s) and impossible to extract.

3) the "device key" that allowed the access to the device, but not to the (1)

And they were separated.

Since iOS 11, snooping the (3) and stealing the device is completely enough to overtake (1). Before iOS 11, that was simply not possible.

That's the whole point of the article I've quoted: if I just simply see which passcode you type and then I get an access to your device, you lose your Apple ID and everything it protects but that is not on your device.

It your Apple ID doesn't protect some additional material that is not on that single device, you don't have to care. If it does, it does make a difference. It's real.

And it's on topic. The post to which I've replied claimed:

"Someone would need my apple id, my password, access to one of my apple devices (I had to enter a code that appeared on one of my devices" ( https://news.ycombinator.com/item?id=18241224 )

Whereas in fact since iOS 11, somebody needs just access to one of his devices and the passcode, Apple ID and the password he can obtain having only the passcode and the device, since iOS 11.

It was a response to mirkules's fear that this might be a big target and your response on that, that according to Elcomsoft, the sum of changes would make this a weaker target. This is false. While you can probably always find a scenario or edge case where it would not be strictly false, in general and within the threat model of 99.99999% of the users, it is still false.

Once again, no. It was response to "Someone would need my apple id, my password, access to one of my apple devices."

The Elcomsoft's article explicitly claims that no, you don't need Apple Id and password when you have an access to the device and the passcode.

And nobody was able to disprove these very specific claims that are the actual topic of Elcomsoft's article.

What you assert, in the words you assert "the sum of changes would make this a weaker target", was claimed nowhere as the "argument". From the two paragraphs I've quoted the first was a mere introduction (how the reduced security level was achieved, specifically, "Combined together, these seemingly small changes made devastating synergy", and yes, such changes can actually make the system easier to exploit, everybody wit experience in this field knows that). The second was explicit:

"The passcode. This is all that’s left of iOS security in iOS 11. If the attacker has your iPhone and your passcode is compromised, you lose your data"

It was just your interpretation, based only on one of the only two paragraphs I've quoted (and your unawareness of both the second paragraph and the whole article) which obviously missed the whole point. Yes, the user "convenience" decisions did lead to having the Apple Id password irrelevant (obtainable by just a plain and typically simpler passcode). Sorry that you missed that. Any I won't reply to this thread anymore, because I've written all the arguments. Anybody can check the whole thread and compare.

And yes, also read the Elcomsoft's article and prove them wrong, if they are wrong. But I haven't seen anybody achieving that up to now.

You keep repeating yourself and missing the point, which is: no, it does not matter and does not change the overall security of pretty much all users. It is simply not within the threat model. Unless you have to consider a technically advanced adversary or highly automated attacks, it's simply still not relevant.

None of the iOS related things apply to the download portal, and none of the intercept/local access exploits apply to normal users.

> it's simply still not relevant

It is absolutely relevant for this very thread: it disproves the initial claim in the thread that the attacker would need “device, passcode and appleid password”. The article proves that the third (appleid password) is not needed (that was the main topic of the article) and you never demontrated anything else.

I don’t care for other kinds of relevance or irrelevance as they never were never claimed by me.

If you want to scope the thread to the OP article: If you go to the portal on Apple's site, you need an AppleID, and if the AppleID has MFA enabled you need a device. The is no way around that.

If you want to scope the thread to the Elcomsoft article and specific on-device physical extraction, sure you'd have a different story.

I haven't "scoped it" that way, the parent poster of my answer did it so:

"Someone would need my apple id, my password, access to one of my apple devices (I had to enter a code that appeared on one of my devices), and access to my email." Note: "someone would need my" -- as in "an attacker", not "me as the owner of the device."

And the answer, supported by the Elcomsoft's article is, no, the attacker just needs the device and the passcode. Nothing more. Since iOS 11, everything else he can extract from that.

There's still a hole in Apple's user ID mapping that doesn't recognize first.last@gmail.com and firstlast@gmail.com are the same person and the e-mails go to the same place.

If you accidentally approve creating an Apple ID that's some variation on your e-mail it opens up your account to human phishing attacks. Just call apple support and raise hell until someone makes a mistake.

The RFC mentions dot-atoms in address elements are locally interpreted. There's no rule specifying if x.y.z or xyz are equivalent or not. The issue for me is that an Apple ID looks just like an e-mail address. x.y.z@gmail.com and xyz@gmail.com are equivalent to Gmail but not to Apple. From that I believe it creates an opportunity for confusion.

That's not a hole. Those are different email addresses according to the email standard.

How exactly would this attack even work that you have in mind? And wouldn't it even be easier to conduct this so-called attach on an email host that actually treats first.last@domain.com as a different email from firstlast@domain.com since it wouldn't even require the 'victim' to click anything in their email?

The right answer is for Apple to keep treating them as separate emails and refuse to give people access to accounts with different email addresses. It's that simple.

>Those are different email addresses according to the email standard.

Not really. It's left open to interpretation from my reading of the relevant RFC. The spec says the dot-atom form should be used but does not say in what way it should be used. Google collapses x.y.z@gmail and xyz@gmail.com to the same thing which is fine they're welcome to do so. However the Apple IDs x.y.z@gmail.com and xyz@gmail.com are entirely different entities. So we have a namespace collision in one space but not the other because although an Apple ID looks like an e-mail address it's not. I'm just saying that can create a problem.

   An addr-spec is a specific Internet identifier that contains a
   locally interpreted string followed by the at-sign character ("@",
   ASCII value 64) followed by an Internet domain.  The locally
   interpreted string is either a quoted-string or a dot-atom.  If the
   string can be represented as a dot-atom (that is, it contains no
   characters other than atext characters or "." surrounded by atext
   characters), then the dot-atom form SHOULD be used and the quoted-
   string form SHOULD NOT be used.  Comments and folding white space
   SHOULD NOT be used around the "@" in the addr-spec.

> It's left open to interpretation from my reading of the relevant RFC

No. The part of the spec you quoted says that if the local part of the email address is in the format "atext+ (\. atext+)*" where atext is "Any character except controls, [spaces], and specials", then the quoted-string form shouldn’t be used. In other words, don’t use quotes when you don’t need them. This has nothing to do with how to "interpret" dots; they are interpreted like any other char except they can’t occur everywhere in the local part (e.g. "foo.@bar.com" isn’t valid).

>The locally interpreted string is either a quoted-string or a dot-atom

That's pretty clearly stating (to me) that the dot-atom is locally interpreted. It doesn't say anything about how to interpret a dot-atom. Just to use it in preference to the quoted string if the rules you mention apply.

You're mixing up two different concepts. E-mail address and mailbox. Multiple e-mail addresses can be used to deliver to the same mailbox. That's what "local intepretation" means. a.a@b is still a different address than aa@b.

And in the end is what happens with gmail. You have one mailbox and all versions of your mailbox with dots in between the characters as alias automatically.

x.y.z@gmail.com and xyz@gmail.com are two entirely different email addresses.

It just so happens that Google decides to treat them as the same for incoming mail.

Apple is under no obligation to treat them as the same. Neither is any other web service.

If you expect the web services you use to treat them as the same, then I foresee major disappointment in your future.

> It's left open to interpretation from my reading of the relevant RFC.

For security, I would prefer the more stringent interpretation over those that are more forgiving.

I don't understand. Can you describe the hole? It seems preferable to treat foo@gmail.com, fo.o@gmail.com, and foo+bar@gmail.com as different addresses.

From Apple's own two-factor account support documentation:

"While [Apple Support] can answer your questions about the account recovery process, we can't verify your identity or expedite the process in any way."

Even if you manage to confuse a support agent, they cannot do anything to speed account recovery or be socially engineered into account compromise.


CAN and CAN'T in this kind of documentation should sometimes be interpreted as WILL and WON'T, or HAVE BEEN TRAINED NOT TO.

A friend of mine used to work in Apple's account security phone department, and can confirm that they really do mean CAN'T. Support techs can view a few bits of information that aren't displayed to the user, but cannot change anything.

I cannot speak for other email providers, but my understanding for the past 10 years: this is a Google thing vs. Apple. Google both allows and ignores periods in emails. first.last@gmail.com is the SAME email address as firstlast@gmail.com you CANNOT log in with both accounts. If you created your account as first.last@gmail.com, you can only log in by using that email address.

For more information from Google on this topic: https://support.google.com/mail/answer/7436150?hl=en

>If you created your account as first.last@gmail.com, you can only log in by using that email address.

I don't think that's quite right if I'm understanding what you are saying. I've logged into my gmail account using both my.email.address@gmail.com and myemailaddress@gmail.com. Both work and both take me to the same account.

Based on my own limited testing, it seems like you can remove dots but not add them during login.

So if you created your account as my.name@gmail.com, you can also log into Google with username myname@gmail.com.

But if you created your account as myname@gmail.com, you can't log in with my.name@gmail.com.

Correct! I forgot, there was a little nuance there. Thanks for posting that.

What does this have to do with first.last@gmail.com being the same as firstlast@gmail.com? IMO the correct thing to do is treat the local part of the email address to be opaque.

Calling apple support and raising hell until someone makes a mistake is more social engineering than email address security vulnerability.

They mention they use the seven day period "to verify that the request was made by you". I am very curious as to what that includes.

If it’s the same they do in the EU: 2FA, notification by email, 7 day cooloff period and download link via mail.

Probably. The particular wording makes it sound like there might be more to the 7 day thing than just a cooloff period. Not sure what that would even be, really.

The way my supermarket did it is mail an archive by email and the decryption key as signature required in snail mail to my stored physical address.

Wait .. your supermarket did that? That’s .. pretty impressive, but now I want to know what exactly your supermarket had on you (assuming you had some sort of loyalty card they tracked you with).

Purchase history for two years and classification of what I buy. Yes, loyalty scheme.

Anything other than that? Sounds super interesting, glad to see a place get it right :).

My bank hasn’t heard of encryption and thinks security questions + SMS 2FA are cutting edge. What the hell supermarket is this?

Closest thing is UPS mailing me a PIN to authenticate the address for the My Choice portal.

Fourth-ing the other commentors; what supermarket is this and are they interested in expanding into personal banking?

BILLA Austria, part of REWE.

That's really cool honestly. Which supermarket was this?

BILLA in Austria, part of REWE.

What did you buy?

7 days to make sure that this isn't part of the Import flow of a competing app :D

If nothing else, that’s plenty of time for the real user to see the email notification and complain.

Sure but if a malicious user is going to request access to someone's iCloud, they can probably also access their emails and delete this one.

Reminds me of how when I sign into my Gmail from another computer, it sends me an email saying "alert! someone signed in from this computer!" which I could immediately delete if I was a hacker. Seems useless to me.

Many (I'd guess most, but I have nothing but anecdotal experience to base it on) people have a non-Apple-hosted email account tied to their Apple ID. Sure, in some cases if someone's iCloud account is compromised, their non-Apple email account is compromised, too, but in plenty they aren't.

That's why you setup and alternate email in your google account. It also sends the same alert to your alternate.

Useless in most cases but at one point I did have emails set to come up on my iPhone's lock screen and such an email would have popped up immediately.

On top of what was already mentioned, this could also help with unexpected vulnerabilities. Like say a vulnerability is discovered where you can request someone else’s data - as long as they notice the vulnerability within 7 days, they can shut things down before there’s a data breach.

Perhaps. Note that it's not unprecedented. Google, and likely others, offer a similar service: https://support.google.com/accounts/answer/3024190?hl=en

Lmao my first thought

Google had this for a long time, also Facebook and also Microsoft I believe- especially after it became a GDPR requirement most companies just rolled it out worldwide. Bloomberg's quality of research is going down a bit recently.

Apple had this in the EU since May~ish. It's now available in the US though.

I am curious (seriously, not sarcastic), which of these 4 companies has rolled this out worldwide? Surely Apple will never be able to roll this out in China?

Well for now, Google has no China presence.

Google Takeout has been available everywhere for years. June 2011 according to this.


Google has had "Google Takeout" for a fairly long time I think (I heard it started as someone's 20% project a long time ago but is a legitimate team there now but that's just hearsay)

It would be cool if someone could figure out how to crawl LinkedIn to parse org charts... I bet you could do that to solve problems like this. Only question is whether the participation rate in LinkedIn for that workplace is high enough

I don't think LinkedIn has information as to whom someone reports to. It could somewhat be inferred by looking at the connection graph, but would be ridiculously noisy (for example I have connections to managers and directors I have never reported to).

I'm not too surprised after recent debacles.. Trust, but verify I suppose.

Does anyone else think this is really cool? This makes me think even more that Apple is really a supporter of privacy and a good actor. What do you think?

Google and even Facebook have had this for quite some time. So nothing new here - it's a GDPR requirement.

> Google, Microsoft and even Facebook have had this for quite some time.

Deployed and available outside the EU, and more specifically in the US?

The Data Liberation Front team was formed at Google in 2007, and released Google Takeout in 2011, worldwide, well before the other big companies had anything similar in place.


For more up-to-date information see the Wikipedia page:


This service works quite well, I'm using it to backup the whole of my Google data every few months, including Gmail, Photos and Drive.

To be fair, Apple has for the longest time allowed export of contacts (.vcard), calendar items (.ics), photos (several formats), music (except for music purchased in the iTunes store for some time that was DRMd), mailboxes, etc.

While I feel locked in to an extent because I don't want to give up macOS/iOS/watchOS and their integration, I never felt that my data was locked up with Apple.

Apple Notes is different. Notes stored in iCloud (default for iOS & macOS) are stored in a fairly inaccessible local database. They cannot be exported to any format other than single notes as PDFs. The service offers no public API.

Although you can transfer them to any IMAP enabled service, and then export them (emails essentially) however you want

It's different.

Google Takeout was/is a nice user feature. Google is not required to pass all of user's data.

GDPR compliance is different, companies are required to pass basically a database dump by law.

How is that relevant? If anything, that actually goes to show the point being made, which is that Google had this available everywhere before GDPR even existed. Most other companies, including Apple, are only doing this because they have to in Europe, whereas Google did it arguably for better reasons.

The GDPR was wonderful. One of the websites I use had an export option but it only gave some of the data which didn't include the bit I wanted and then the GDPR came along and now I get a CSV dump of every table for my user.

Google Takeout has been available for years: https://takeout.google.com/settings/takeout?pli=1

For google, if you don't like the format of Google Takeout (a huge dump of files without UI to browse it), you can also check out a live stream of all data they are collecting:


Or for specific products, you can figure out the demographic inferred for you on ads, or gps tracking for maps:



Yes, not just US and EU - for everyone.

Yes (at least for Google and Facebook)? I think the types of content differ between regions (EU includes some legally mandated data in addition to the standard set) but user created content is definitely available for download in all regions.

i downloaded my (US) fb data when i deleted i 2014; it didnt have my social graph or anything but had all the content i posted

Tinfoil hat: as others have already noted, Google and FB have had this feature for awhile (e.g., Google Takeout) but the media likes to hype up Apple vs. GoogFace as GoogFace are direct competitors of traditional media and have been responsible for their decline.

It's not even a media thing. It's fact that Apple has always been more privacy-conscious than Google or Facebook. They didn't create the Secure Enclave for kicks, and they stand more to gain (financially) from inspecting your unencrypted data than your Enclave-encrypted data.

Isn't this being done for GDPR compliance? I think they are just making it available for all instead of trying to regionalize it.

Although I'm European I'd like to say that having only the way to download all harvested data and ability to correct the basic information provided like name, last name etc. is not enough. There should be also a way to request data purge on their servers - the descriptions of categories I saw when log in there aren't something I wish they would store and process - no matter how blurred or meaningless they are. That's still data about me and I believe I should have the control over it. Moreover, the purge request should be the industry standard (and that's what was missing in my opinion in GDPR) - even if it would take time to process the request, I would like to have such ability.

The site introduced under www.apple.com/privacy/ address is from my PoV, of power user not something that I'm not aware - maybe it will be helpful to the masses but I don't find such "tips" useful at all. Overall tone of this page is no different than any other similar and says "trust us, we won't do bad things". Which sided with leaks, privacy breaches we had doesn't give me the positive vibes - despite of Apple approach to the privacy.

I think it's more so baffling this is only happening now (likely due to GDPR) considering how other big players have been doing this for quite some time.

What I mean is it's innovation.

The issue is that they ALSO still have your data, yes you have it now (hey, thanks for my own data) but they and god knows who else at this point have it and they really can do literally anything with it without your knowledge.

What we really need is a TRUE DELETE FOREVER YOUR DATA with 0% chance of recovery by anyone. People want to be able to log into google, microsoft, apple etc. download and then delete accounts completely if they fee like it. My data, i own it, i should be able to take it out of the system forever.

THAT we will never get. Why? Because customers personal data is gold and no one wants or will throw that away.

I agree that Apple is a support of privacy. But this by itself I don’t think indicates anything. Especially since Google and Facebook already have the same thing and they are definitely not supporters of privacy.

Then they wouldn't degrade user security to the single point of failure - PIN code, in recent iOS versions.

Usability and security are usually at opposite ends of the spectrum - and keep in mind that even a pin code + face/touch ID is infinitely better than the zero security most people had prior.

I was talking about better security that was present in iOS10 and then degraded by Apple in iOS11. See the link - https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-r...

> PIN code

Then write down your PIN code somewhere else, now you don't have a "single point of failure".

How is writing down PIN related to security? It is still a single point of failure, attacker knowing PIN can gain access to everything in your account - iCloud, password backups etc. And in iOS10 security was better, so Apple consciously decided to degrade it in iOS11. See source - https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-r...

> This makes me think even more that Apple is really a supporter of privacy and a good actor.

That's the point... this is a publicity stunt. Corporations don't have feelings, and the board that drives the company is primarily concerned with company health and growth above all other things. Leadership may, however, set a strategy that capitalizes on recent public scrutiny of user privacy concerns to push the narrative that will sell more iDevices. Humanizing corporations is a dangerous game, because it plays right into their hand. Don't let them fool you into it.

I believe that this is a very simplistic view. Of course corporations can’t have any feelings, but corporations are still led by human beings who can have truthful views and steer a company such that they do some good. I believe Tim Cook and most of his top managers have good intentions. At least they have been very consistent on some topics like privacy, minority rights and the environment. Is Apple perfect? Of course not. But I have not the feeling they need to do these things just for publicity reasons

Corporations will do "good" things when it aligns with their product goals. You can be sure that if Tim Cook or anyone at a publicly traded company started steering a company away from profitability they would be replaced. The company will always be susceptible to market forces, and the needs of its shareholders and employees before users or the world, unless regulation steps in or public opinion would hurt their profitability.

While you make a fair point, the commenter is suggesting that Tim Cook is well-intentioned, and the comment that a company like Apple is suspectible to market forces is not an indication that Cook is not well-intentioned.

(Not that intentions matter particularly either way.)

At the same time:

We don't need to humanize companies.

If they behave nicely because it is profitable that's a win-win in my book.

In fact that is even better than said company being nice because the current CEO is nice :-)

Avoiding humanizing faceless corporations doesn't preclude holding companies accountable. We've known since the industrial revolution that companies left to market forces alone will turn society into a hell on earth in the search for greater profitability. That's why the government tries to step in with regulation to stop companies from abusing your data, making you work seven days a week, or pump garbage into the ocean. CEOs are also not kings. In a publicly traded company they are replaceable the moment they stop doing their job (to drive profit and growth for the board). Companies do not care about you beyond your dollars. It is a rare exception to find a company that isn't unequally distributing their wealthy even among their own employees, or has found success in the manipulation and floundering of rivals and government agencies.

I mean...corporations consist of people (i.e., employees) with feelings and values which - at least to some extent - govern their collective choices and actions. Granted it's tough / probably impossible to disentangle this from profit motive.

A company is not a collective. Most of the employees will receive an unequally small portion of the total profit compared to the upper echelon, and have very little say in the overall direction. In fact, a public company is run by its board, who are free to remove leaders who do not grow the company or lead it the way they like.

Sorry to be off topic, but if Apple really wanted to provide a complete “home” for customers inside their walled garden, I would suggest to them to allow tying a custom domain name to Apple email service. I trust Apple more than most other companies as I am sure many others do also. Email, calendar, iCloud storage, and Apple devices would provide a reasonably good one stop shop for privacy seeking customers.

Apple is one of the only major email providers that does not encrypt user email data at rest.

Reference for this?

The Apple support page at https://support.apple.com/en-us/HT202303 shows "No" for on server encryption for iCloud Mail.

That’s pretty far from their business model. They’d have to charge a lot for it to make the economics work (they don’t have the service economics of say Google), which would limit the market size, which would limit how interesting the concept is to a trillion dollar company.

I think that's actually arguable. They have all the pieces in place to make it work; they have an email service, they have calendar, contacts, they've got everything. The only thing they don't have is the custom domain names, and they could consider becoming a registrar themselves and making that process really seamless.

I'm not saying it'd be easy, but it not like they don't already offer PIM services for all their customers on iCloud, essentially for free. No one is suggesting that they should suddenly compete with G-Suite and offer business accounts.

Note that once you request your data, and indicate the maximum file size you can handle, the following message is displayed:

Thank you. We are preparing your data.

When your data is ready we will notify you

As a reminder, this process can take up to seven days. To ensure the security of your data, we use this time to verify that the request was made by you.

You can view and check the status of your request on this site at any time by visiting privacy.apple.com/account.

To me the interesting point was how little data Apple keeps, compared to Facebook or Google.

Many people have commented on this, and the response I typically see (and which makes sense to me) is that Apple makes so much money from their products that they don't need to collect and monetize detailed user data (unlike Facebook, Google, et al.) and can easily afford to come to the user's defense and protection in that realm.

The other thing to remember is that collecting all of that data costs time/money, not only for storing it, but for protecting it. Apple, by virtue of not having that data, doesn't have to waste resources trying to protect it.

I'm curious where you are getting that data from? The article says nothing about the data contained, and most other people in this thread either don't have access at all, or are stuck behind a 7 day wait time. Have you managed to get yours?

Also, what is your metric here? A lot of "journalists" comparing the takeouts from Facebook or Google use horrible metrics such as byte size, which make zero sense because these takeouts contain videos from Photos and files you've uploaded to Drive. It's in no way an indicator of how much "data" these companies collect.

What he says is true - this has been available by via support requests or for EU residents for a while.

When I went to https://privacy.apple.com/, I could only correct the info tied to my Apple ID, or access my purchase history. No option to download anything. Maybe that's not the right link?

  If the “obtain your data” option isn’t immediately available, it may still take time to roll out to all customers.

I'm from the UK with an Apple account registered here and it let me request a copy of all my data, so not just limited to U.S. users it seems.

> not just limited to U.S. users it seems.

'course not, it's GDPR stuff, it was rolled out in the EU back in May (https://9to5mac.com/2018/05/23/download-all-apple-id-icloud-...)

They're doing what they originally pledged: rolling it out globally instead of limiting it to where they're legally required to.

Works for me too (EU)

Just tried it, it takes a bit of time:

Thank you. We are preparing your data. When your data is ready we will notify you at XXXXXXXXX@XXX.com

As a reminder, this process can take up to seven days. To ensure the security of your data, we use this time to verify that the request was made by you.

It seems to be as a measure of safety, not because it takes 7 days. They’re giving time for the user to notice an unauthorized export attempt.

This is nice. Ok, thanks for letting me have my own data.

What i really, really want is a DELETE button that wipes out all of my personal data on Apple's servers FOREVER with 0 chance of recovery.

I want to press DELETE and i disappear forever from Facebook, Google, Apple, Comcast etc. Pewfff like i never existed... THAT would be cool my friends!

Wake me up when that happens.....(not a chance that will ever happen).

Time to wake up then. When you log in on this page, both temporary deactivation as well as true deletion are both also offered.

Headline is confusing. To clarify, this applies internationally. The 'U.S. users' is misleading.

I just did it from NZ.

Privacy to me isn't letting me download my data, it's not letting others download it. I'm not sure how opening a door keeps others shut more tightly...

Privacy also includes data transparency and knowing what data they store about you. The best way to do this is to provide you with all data they do store about you.

How do you feel about getting your credit report? Are there errors on your credit report? How would you know if you had errors on your credit report if you didn’t have access to your credit report?

Is it possible that seeing the information on your credit report would give you more information, and you would change your behavior when you saw what data was recorded there?

True, but in this case the content behind the door is obfuscated. This reveals, or at the very least reiterates, what is behind the door. In some cases, that might result in us deciding that a bigger lock was required (or moving the contents somewhere more secure ... and so on).

Actually, privacy is not taking that data in the first place.

As a digital forensics practitioner this is amazing. Court orders can be served on users instead of having to rely on Apple. Usually just having information preserved is enough for both sides to come to a fair settlement.

You want to use a court order on a user to not provide information it has, but actively perform actions to obtain new data in order to hand it to law enforcement?

Is this legal?

This is available for Australia, Canada, New Zealand and the United States.

Works in Canada too.

I think this is an indicator that large centralized companies are starting to see that users' are valuing privacy and this is them signaling that they are part of the solution, when in reality this is more of a publicity stunt or a check box (so they an say, "see, we care about your privacy") than anything.

Or perhaps, more accurately, due to following legal requirements (GDPR) and then not keeping the feature regional.

Maybe this is what will force companies to understand that stored user data is both an asset and a liability.

Does anyone know if it would support exporting iOS backups saved in iCloud?

It does not.

So how to request Apple not collect this data?

You have to tell your iphone to stop sending it.

Depending on your iphone's settings, and what data you don't want Apple collecting, that could mean anything from turning off iCloud to not using iTunes and the App Store.

Basically, any app is likely giving Apple data on you. (Well I take that back. Apps will give some company data on you. But they won't necessarily give it to Apple. Obviously for full and complete privacy you would need to turn off any google, facebook and amazon stuff as well. Also any ancillary apps, like mileage meters, or health and wellness type stuff. A lot of games too now I think about it.)

> health and wellness type stuff

This is very crucial and I really don't see any alternative services to the ones like Strava and RunKeeper for iOS.

Even an app that does the job w/o any social features would do (in fact I never use the social feature aspect of these apps)

Have you looked at apps by David Smith? Pedometer++, Workouts++, etc. They integrate with Apple's Health app, but don't sync anything on their own. And Apple's health app is encrypted to your device.

Thanks. I installed Workouts++. I will try to use it to record my runs and how activity data is presented. Though I am not yet sure I can use it w/o an Apple watch.

The default workout app on the Apple Watch doesn’t do any social stuff unless you try really hard to do so, and even then it’s very minimal sharing (no maps etc)

1. stop using icloud for synching and storing stuff (since it goes through Apple and is not E2E encrypted as your devices don't share keys)

2. stop using publication stuff (gamecenter) since that's literally public information Apple broadcasts for you

3. that's about it, the rest is various accounts information e.g. your appstore/itunes purchases, your retail stuff, repairs, … basically your files at Apple, the only way to request that Apple does not generate it is to delete your account (which the portal lets you, there's an option to nuke your account entirely and permanently) and stop interacting with Apple entirely, or at least in such a way that they can link things together (e.g. appleid when purchasing devices, that kind of stuff)

> stop using icloud for synching and storing stuff

Just a small correction: although most of iCloud is definitely not E2E encrypted, a small portion, iCloud Keychain, is. It's a great way to sync passwords and secure notes across devices.

Synced iMessage/SMS history ("Messages in the Cloud") is also E2E encrypted - unless the user enables iCloud Backup on an iOS device, which must keep a decryption key in escrow to support restore scenarios.

This is largely data that you have provided to Apple (account information, purchase history, etc) along with a few iCloud logs, and data that you choose to store in iCloud. Apple doesn't really do any 'collection' of data. I know this is kinda hard to believe, and goes against pretty much everything their competitors do, but it's the case.

TLDR; if you're not actively asking Apple to store data for you, they probably aren't.

Can I request they destroy it?

You can request to delete your account. Not all of your data can be destroyed, due to legal reasons. For example, anything related to financial transactions (e.g. app purchases, subscriptions, etc) can't be deleted.

Game.changing. apple is elitist, no doubt, but in a good way.

Apple's late, others already had this for years. Sure they're elitist in that they convince everyone this is revolutionary game changing one of a kind when it's normal.

The only link in the article takes me to Bloomberg's page about Apple, which is useless to me as someone who is interested in visiting this privacy portal.

If you are going to take a few minutes and write about a launch or release like this, please take the extra few seconds to include a link for your readers. Make your content useful.

Relevant: https://privacy.apple.com/

I still don't get why reporters or publications seem to refuse to link to the most obvious and central key piece of material to an article.

Article on a new law being passed... no link to the raw text of the law. Article about a new scientific study that has come out... ofcourse, no link to the study. Famous person issues a statement or makes a speech... sure, we'll give you a few quotes but no link to the full text.

It's like, come on!

>I still don't get why reporters or publications seem to refuse to link to the most obvious and central key piece of material to an article.

Because people would click the link and leave the article/news website as soon as possible, since the link will probably have more pertinent information than the drivel on bloomberg. Or, they're just that dense.

journalists also like to maintain their status as gatekeepers of information

I suspect this is the primary reason. This happened before the internet too -- articles never include full references to their public sources -- not because a reader could just switch to reading the source (you couldn't before the internet) but because they want to maintain their power over the reader as their authoritative source of information and make sure they come back. The world is full of people looking for gates they can lock, monopolies they can secure (natural or otherwise), regulations they can capture, and gardens they can build walls around; journalism isn't exempt.

This relates to my other peeve: trying to find the original video when something goes viral. Let's say I hear that Alice was seen telling Carol secrets about Bob. I go to Google/DDG/Youtube and search "Carol Alice secrets Bob" and get several dozen video results. ALL of them are other people trying to repackage the original video with their own commentary. News sites, bloggers, etc.

How do I locate the OG footage?

I remember putting a feature request that Google append to the video description the original source. But then you devolve into the whole authenticity realm like with Twitter verified badges.

For certain things sorting by time is the easiest way to test for authenticity. It doesn't always work but it's usually the easiest way. This feels like a problem that Google should be able to solve, with their web crawler and video/photo recognition capabilities.

Oh for sure. I know it can be tricky to make that decision. Having some advanced search tools would help me do it on my own. What if I could see the results, and tell Google to show me the earliest video that has a runtime between x:xx and y:yy and is visually similar to a chosen result? With at least 50,000 views?

Maybe filter out all results posted by media orgs. Or show only those results that don't have cuts in them (almost all original footage is a continuous shot of a situation, with no titles, cuts to reporters or anchors, or introductions)

I think I'm headed down a rabbit trail of leveraging ContentID smarts for better searching and filtering.

That's exactly what we built internally. Not only a capability to identify the original video, but which portions of it are being shared the most, what's the most popular video, etc.

Technical challenge is one thing, but getting people to choose some random search engine over Google is incredibly hard, as Google spends billions of dollars to divert all the traffic to themselves.

Agreed. But if the original video was posted on a paywalled site then I would be looking at another site for it. So what I think it is, is that we want immediate access to the information we need to make are own judgement in this case a video. Then maybe we want to read some commentary. Most sites try force the commentary in your face coupled with adds before you find the actual video.

Because Bloomberg articles are for Apple investors, not Apple customers.

TechCrunch, for example, not only has links to the privacy pages, but has a screen shot of what the page looks like. That page also links to another separate page that shows exactly how to download your data.


I should actually say:

"Because Bloomberg articles are for <some company's> investors, not <some company's> customers"

It would also seem appropriate for Bloomberg to link Google and Facebooks export features - I'm not sure why this is a story about Apple with no reference to others who have offered this for a long time. Otherwise it seems more like a paid article to promote a feature.

> I still don't get why reporters or publications seem to refuse to link to the most obvious and central key piece of material to an article.

They don't like to "advertise" other companies and get traffic out of their sites.

I remember, many years ago, when I was doing some freelance web development, one of the customers didn't want to put a link to his Facebook page on his website, because "we won't be advertising Facebook for free".

Yelling at them got the BBC to fix this. Of course they (in the UK at least) are just providing a service, not trying to maximise advertising exposure.

They were even moderately effective at teaching journalists to write links in a natural style, ie not telling readers to "click here" or putting everything in numbered footnotes like it's still the 1980s

Probably SEO. They don't want the other page rank higher in Google than their article, so they don't pass link juice.

Would rel=nofollow work in that case? Makes me sad, but I'll let it go if they just put something there.

I don't think so. In this case not linking to the privacy page is likely just an oversight from Bloomberg.

Other publications that do this want to rank for the keywords they are linking to—those words are a vote for the internal article that is being linked. Just look up any Verge article about the Pixel 3. All the keywords link to other internal articles.

They should add links and use words like Original Source or Original Video—less valuable keywords, that would still be helpful to readers. They could even nofollow those.

It's about engagement. They want you to click another article, another section, etc, while remaining on their property. Every link away is a potential loss of further reading, and is competition for your attention.

Modern journalism is about controlling what you think. If you read the source material yourself, you would form your own opinions instead of the ones they want to give you.

Unlike old journalism, which wasn't about that at all.


But then how else would Bloomberg keep you on their page needlessly long while you hunt for a relevant link? ;)

I just tried it and got:

Your request could not be completed. This action could not be completed because of an error. Try again later.

what about the other regions user

What's to stop law enforcement circumventing the phone and just going this route to get user data for court cases? Or, is there stuff on the phone that won't be included here?

> What's to stop law enforcement circumventing the phone and just going this route to get user data for court cases?

This is data which Apple has/had already, nothing has changed there and law enforcement could already request it.

This is them starting to roll out GDPR-related tools globally (it's been available since May for EU accounts).

> Or, is there stuff on the phone that won't be included here?

Anything which is not sent to Apple, or is only sent device-encrypted (as in, encrypted with a key which does not leave the device) or E2E encrypted.

According to the section titles, the data here mostly contains account data (appstore, retail, appleid), public/shared data (gamecenter stuff) and cloud-synched stuff (bookmarks, reading list, notes, contacts, …) as well as ancillary data ("Marketing subscriptions, downloads and other activity").

This doesn’t download data from the phone at all. This only downloads data that was already stored with Apple.

This doesn’t make any additional information available to law enforcement.

Wouldn't a complete history of every App you're ever downloaded from the App Store be super useful to law enforcement to know which third parties to get a warrant for?

Apple may not collect that much data, but they enable a platform which allows massive data collection. They're not exactly banning Facebook from the App Store are they? In a way, this allows them to have their cake and eat it, by avoiding criticism from 1st party data collection, but selling a curated platform that deliberately approves of it from third parties.

If the FBI founds out you downloaded a white nationalist, or Islamic app, they now know where to continue their fishing expedition. This isn't exactly benign information.

Potentially gives law enforcement an easier way to get the information? Instead of compelling Apple to give it out (they can afford lawyers), they can try compelling individuals instead.

If the police can compel individuals to give up their passwords then none of this matters.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact