Hacker News new | past | comments | ask | show | jobs | submit login
A Day in the Life of Your Data [pdf] (apple.com)
135 points by abouelatta 35 days ago | hide | past | favorite | 80 comments



It's a good pdf by Apple. And clearly aimed at Joe Public. Getting Joe Public to understand some of the damage being done via data mining is not easy. Policing abuse of that knowledge through unenforced laws, business ethics, or guidelines, has failed. Now Governments internationally are going to impose new laws on the giants. It'll level the playing field for those with already with ethical practices, but for sure, greater restrictions will be bound in to the new laws that spoil things for everyone, and it'll be within 12-24 months.


" If John had used Apple Maps to check the traffic, his location data would have been linked to a random identifier, which is regularly reset and not linked to John. As a result, no one but John would end up with knowledge of his location. " Well, no-one except your cell provider of course which knows precisely where you are anyway and will use and sell this data anyway.

" If John had bought the ice cream using Apple Card, his bank would not use his transaction information for marketing purposes. Had he used Apple Pay, Apple would have used on-device intelligence so that John could view his transaction history on his iPhone without Apple obtaining information about where he shopped, what he purchased, or how much he spent. " Without Apple knowing maybe but not without Mastercard/VISA knowing everything anyway?


I'm missing your point here.

You seem to be suggesting that just because some data leaks which is outside Apple's control that it's ok for all data to leak? But that makes no sense.


Just that at least the first statement is technically incorrect. And that the second is a bit misleading IMHO.

Edit: And adding that some of the data in question is in Apple's control (the IMEI for instance that could also be randomized/changed).


Yes, as you rightly point out, and although I applaud this from Apple, it is carefully worded.

But we knew that. It's for Joe Public.


Your Apple iOS device still doesn't let you:

  - figure out if and when your apps are active
  - figure out if your apps using the network
  - figure out what sites are they contacting
  - block network access
Additionally apple collects tons of data. On iOS it is not blockable. Even coarse data like your zipcode can be used to raise prices.

On macos, they may have updated it so the third-party Little Snitch can block apple traffic (untested).

Even anonymous data shouldn't be collected without asking. And as google is showing, a fingerprint be deduced from imperfect data.


Sure, it's not perfect, but it still miles a head of everyone else in consumer tech.


If ads are just restricted to intent based on page/video/query, small advertisers lose out on effectiveness but is this is a big issue for big advertisers?

I have read FB engineers comment on HN that FB has a long tail of advertisers. Is that why they are being more vocal out of all companies?

In any case, I personally don't have a problem with ads as a revenue medium for companies, just the expansive data mining, especially when it is not communicated to the user clearly. Ads do provide a very good avenue for revenue generation for products where most users won't pay for the service because of competing products or just the frequency in which they use them. On the advertiser side, they do help push information about new products which we might not have known earlier.


It seems reasonable to me that data collection enables more cost-effective targeting for small businesses. At the same time, it's done involuntarily and has privacy and self-censorship implications. It's likely that reducing user-identified data collection will both be a win for privacy, but also a detriment to the long tail. Of course, when Facebook makes this argument, it seems false, given their long neglect and, indeed, antipathy toward privacy. It also seems false because it uses small businesses to cover for large ones (who probably need less targeting anyway, given their mass-market products.) Tide won't suffer but artisan knitting needles might.


> If ads are just restricted to intent based on page/video/query, small advertisers lose out on effectiveness

Any research proving this?


Just quoting FB's wording and my hunch. As the other commenter gave an example, if you have a niche product which only a fraction of people would be ever interested in, it would help if you can know who those are, and restrict targeting to them.

I can search for knitting needles or be viewing a knitting post on Instagram. If an artisan needle seller wants to target his product it doesn't help targeting people who are not interested into artisan stuff. So to maximize the ad budget impact the ads are better left targeted specifically to people who have a higher likelihood of buying artisan stuff. This problem doesn't affect some mass market knitting needle seller.


I'd imagine that the advertiser could only show needle ads next to content about sewing / knitting and be very effective at reaching the desired audience without resorting to collecting PII about that audience.

Any reason this wouldn't work?


As I wrote in my example, this intent based method works for a big advertiser which is making a mass market product; but say someone producing a niche artisan knitting needle which only say 1 in 100 people who are interested in knitting needles will be interested in, would benefit from targeted advertisement. Otherwise, they would end up spending a lot of money on ad space not worth bidding for.

A nitpick, the advertiser is not collecting and getting PII. FB the ad platform, owns and controls that data.


Understood. My suggestion was that Facebook "target" based on the content of the post/article/website. Thus a needle ad is shown next to a kitting post. This can certainly be an artisan needle producer buying 1000 impressions...

Fully understand that Facebook is keep the PII close - that's their differentiation.


Apple knows they're going toe-to-toe with Facebook, and they don't seem to plan to lose.


Well, it’s because it’s a winning strategy to anyone who remotely gets concerned or paranoid about being spied on.


Considering how much digital spying happens, it is not paranoia to be concerned about it. If you caught your neighbor peeking in your windows 5 times a day, putting up a fence isn't being paranoid.


The fence manufacturers and installers would like to remind that all your neighbors are peeking in your windows.


What part of this document is about Facebook and not Google?


Facebook is at least for the moment the company which is vocally fighting this. Google probably just quietly changed their API to use undetectable fingerprinting.


has google updated their apps yet?


This feels to me like Apple creating a convenient Orwellian enemy. They're not even competitors, because Apple doesn't have a social network, Facebook doesn't sell computers, and indeed Facebook is currently among the grossing apps in the iOS App Store, 30% of which Apple gets.

If Facebook was as terrible as Apple makes them out to be, why would Apple allow Facebook in their App Store and take 30% of the generated revenue? It's hypocritical for Apple to criticize Facebook. If anything, the App Store made Facebook more popular than ever, so it's a "monster" that Apple helped create.

EDIT: My perspective is that the App Store and iOS lockdown have been harmful to user privacy, and Facebook is merely a convenient enemy to distract from the harmfulness of Apple's own current business model. On the Mac, I can install Little Snitch and prevent software from phoning home to both facebook.com and apple.com. I can't do any of this on iPhone. (And indeed, Little Snitch is not even compatible with the restrictive Mac App Store rules, so it has to be distributed outside the MAS.) The iPhone platform is designed such that software like Facebook thrives, and software like Little Snitch cannot exist.


> This feels to me like Apple creating a convenient Orwellian enemy.

Apple isn't "creating" an enemy here. They aren't running full page advertising against Facebook. Apple is making it so users have to give permission before companies can utilize an API. Just giving that one power to end users has apparently scared the hell out of Facebook.

> ...why would Apple allow Facebook in their App Store and take 30% of the generated revenue?

Apple doesn't get 30% of Facebook's generated revenue. It gets 30% of sales and in-app purchases. Facebook doesn't use either as far as I know.

> If anything, the App Store made Facebook more popular than ever, so it's a "monster" that Apple helped create.

If they had perfect foreknowledge, Apple would likely have done this from the start. Steve Jobs made it very clear at the time that Apple itself should ask permission before collecting information every time. If they'd foreseen influential companies like Facebook creating APIs which were widely spread through the App Store, they'd have likely closed this door a long time ago.


> It gets 30% of sales and in-app purchases. Facebook doesn't use either as far as I know.

Facebook does have IAP, as already discussed in other sub-comments.

> If they'd foreseen influential companies like Facebook creating APIs which were widely spread through the App Store, they'd have likely closed this door a long time ago.

It's been more than 12 years since the App Store opened. Apple didn't need perfect foreknowledge to take action long before now.


> If Facebook was as terrible as Apple makes them out to be,

Where is Apple doing this? Far as I can tell Apple are just saying that people don’t understand how their data is being used, and that companies should educate, and get informed consent.

It’s Facebook that’s demonising Apple here, not the other way around. Other than in direct responses to attacks by Facebook, where has Apple even used Facebook’s name?


> Other than in direct responses to attacks by Facebook, where has Apple even used Facebook’s name?

They don't have to use the name. Everyone including the news media knew that Apple was implying Facebook.


I’m not sure that’s true. All of Apple announcements seem to more broadly target the large data brokers you’ve never heard of.

Facebook seems to be making themselves look like the target for browny points, that plus their recent data fuckups means they’re probably the first name that pops into people heads when you say “abuse of peoples data”. But that’s just an inditement of Facebooks dodgy data practices, not evidence that Apple implying or targeting them.

Quite frankly I don’t think Apple gives a shit about Facebook. Why the hell would they? There’s no profit in targeting them specifically.


> they’re probably the first name that pops into people heads when you say “abuse of peoples data”

> I don’t think Apple gives a shit about Facebook. Why the hell would they? There’s no profit in targeting them specifically.

I think you answered your own question. :-) Facebook is a convenient punching bag. Which is the point of an Orwellian enemy, who isn't actually an enemy except for the need of some enemy.


Your premise is still based on the idea that Apple has deliberately made out that Facebook is their enemy, but you’ve provided zero evidence for this. You claim that Apple have implied Facebook, but are you sure it isn’t just you incorrectly inferring Facebook?

If I say “I believe that company’s that abuse my data are bad, and we should do something about that” have I also made Facebook an Orwellian enemy?


> you’ve provided zero evidence for this. You claim that Apple have implied Facebook

There were dozens, maybe hundreds of news media stories yesterday stating that Apple was attacking Facebook, so it's not just me. Here are 2 examples:

https://gizmodo.com/tim-its-pronounced-facebook-1846152682

https://www.engadget.com/tim-cook-privacy-cpdp-2021-slams-fa...

Moreover, the original comment that I replied to said "Apple knows they're going toe-to-toe with Facebook", so I'm not even the first one in these comments to make the suggestion. Some commenters are acting like this all came from me, but it didn't. https://news.ycombinator.com/item?id=25958158


Now we've come full circle.

You claim Apple "Created" an Orwellian enemy. But all Cook did was describe a company which spies on people to make money, We didn't need him to call out who it is because everyone knows who it is based on the Orwellian description.

Yet Apple somehow (You claim) "Created" them.

Facebook is this Orwellian, we all know it based on what we know about Facebook. Tim Cook didn't fabricate this, it's public knowledge.


I said: "This feels to me like Apple creating a convenient Orwellian enemy. They're not even competitors"

In other words, Apple is creating an enemy for themselves, an enemy of Apple. When in fact the two companies are not enemies in the business sense of having competing products, and indeed Apple profits directly from the In App Purchases in the Facebook app — IAP which do exist, contrary to several other false claims in these comments — and profits indirectly by having Facebook in their App Store. Facebook too has profited and become more popular by being on iPhone and the App Store.

But now Apple's App Store is under serious scrutiny, not to mention lawsuits, so Apple is looking to justify its lockdown, and "privacy" fits the bill there, despite the fact that Facebook has always been "creepy", since the beginning of the App Store and before.

The purpose of an "Orwellian" enemy is to justify the heavy-handed control of the rulers and to distract the populace from that situation. "Good thing we have Apple's strict App Store rules to protect us from evildoers like Facebook!"


This whole idea is convoluted.

We're talking about adding a permission the user can select.

This is increasing the amount of control users have over their device. Yet you want to use this bizarre Machiavellian scheme to try and make it look like some sinister Apple Plot.

Guess what. Adding a dialog that warns me people are trying to spy on me isn't bad. Ever.


This week, Mark Zuckerberg declared that Apple is one of their biggest competitors[0].

Apple may not see Facebook as a competitor, but that feeling is not mutual.

Given Apple's focus on privacy combined with their huge footprint in the US, Facebook may see them as an existential threat, and be using the word "competitor" to represent that.

0. https://www.cnbc.com/2021/01/27/facebook-ceo-zuckerberg-says...


> Given Apple's focus on privacy combined with their huge footprint in the US, Facebook may see them as an existential threat, and be using the word "competitor" to represent that.

I agree that Apple is an existential threat to Facebook, given that Apple has absolute control over software distribution on iPhone. In that sense they're competitors, but not in the standard sense of having competing products.


Because Facebook users are Apple customers. If Apple kicked Facebook off the platform you know as well as I do that the number of people screaming at Apple for doing so would be overwhelming. And that's before the media got involved.

It's the lesser of two evils for Apple. So instead of pissing off their customers, they have chosen to piss off Facebook.


Apple kicked Parler off the App Store, and a lot of people are screaming at Apple, including powerful politicians.

In any case, part of my previous comment was noting how the decade+ of the App Store has actually contributed to and encouraged the advertised-financed "attention economy". Apple wasn't just an innocent bystander that whole time; they designed the platform and the App Store.


Apple gets no revenue from Facebook, their app is free and has no in-app purchases.


Please check the App Store before you make obviously false and easily refutable assertions.


I wish you had posted the constructive form of reply, e.g.:

  Recently, Facebook added in-app purchases for things like X.
Because here I am still wondering what the hell X could possibly be.


Hmm, looks like a recent feature. I doubt it is particularly large.


> I doubt it is particularly large.

Facebook is currently 43 in the list of the top grossing apps. I'm still running iTunes 12.6 which shows these lists.


Ok, so Facebook is the 43 top grossing app. What exactly do you want them to do? Single them out and not allow them to use IAPs?


I think Apple will win this war and FB will lose.

Nobody cares that small businesses benefit from targeted FB ads except FB and small businesses, customers certainly don’t, users don’t.

The small group of users that would care about that is the same group that hates Facebook and Amazon already and won’t be persuaded by FB on this or really even listen.

Apple’s argument is clearer and more directly benefits their users.

FB and small businesses don’t have the political power to force a win here and their argument isn’t as persuasive as Apple’s.

It doesn’t look great for them.

I think they’re probably correct about the long tail ads and the benefit to small businesses, but I also don’t care. I’d rather the targeted ad model fail.

Ben Thompson argues that if Apple wins this then only FB, Google and other ad monopoly mega corps will be competitive in the ad space because they’re the only ones that can collect information on users in other ways even with Apple’s move to stop tracking.

That may be true in the short term.

If legislation trends in the CCPA, GDPR direction and users prefer the moves Apple is making then the ad model may start to falter for them too.

The sooner, the better.


> Nobody cares that small businesses benefit from targeted FB ads except FB and small businesses, customers certainly don’t, users don’t.

This is about Facebook, not small businesses. There is little evidence that small businesses will be significantly impacted by this. I'm sure some ad-supported developer firms will be hit, but most small businesses won't notice this.


They get hit indirectly, not because the small businesses sell ads - but because they buy targeted ads on Facebook (and those targeted ads work).

Edit: Smaller companies also rely on these IDs because they aren't able to track in other ways in the way that the large companies can.

That said, I still think this ad-driven model is bad and if it became non-viable I'd hope long term privacy restrictions would also make it non-viable for the large players too.


These vague claims this will impact the ability of apparently all small businesses are blown way out of proportion. Small businesses did just fine before FB.

If you run an Italian restaurant, how does this impact you? You can still sell advertising to Facebook users in your area because Facebook itself has your location. Facebook still knows you eat at Italian restaurants every Tuesday night because they buy your credit information.

Facebook still has piles of user information to sell targeted advertising against. So tell me again, how is this impacting small businesses advertising?


I think the issue is a little different than I suggested (though the small business ads are a part of it).

I think this is a worthwhile read: https://stratechery.com/2020/privacy-labels-and-lookalike-au...

> "Small businesses did just fine before FB."

You can't really compare the old pre-internet, pre-amazon world with our current one and assume things that were 'just fine' then still apply.

A local restaurant is a bad example, better examples are small companies making a niche product or independent platforms in a niche. This affects companies buying ads on FB, but also those trying to understand their own customers to compete with Amazon and the other large companies. I don't work in ads, but I've talked to Googlers that do and the ads really do have a big impact for small businesses. I'd believe this is true.

From that Stratechery article:

"Amazon, meanwhile, is increasingly where shopping searches start, particularly for Prime customers, and the company’s ad business is exploding. Needless to say, Amazon doesn’t need to request special permission for IDFAs or to share emails with 3rd parties to finely target its ads: everything is self-contained, and to the extent the company advertises on platforms like Google, it can still keep information about customer interests and conversions to itself. That means that in the long run, independent merchants who wish to actually find their customers will have no choice but to be an Amazon third-party merchant instead of setting up an independent shop on a platform like Shopify.

This decision, to be clear, will not be because Amazon was acting anticompetitively; the biggest driver — which, by the way, will also benefit Facebook’s on-platform commerce efforts — will be Apple, which, in the pursuit of privacy, is systematically destroying the ability of platform-driven small businesses to compete with the Internet giants."


> A local restaurant is a bad example, better examples are small companies making a niche product or independent platforms in a niche. This affects companies buying ads on FB, but also those trying to understand their own customers to compete with Amazon and the other large companies. I don't work in ads, but I've talked to Googlers that do and the ads really do have a big impact for small businesses. I'd believe this is true.

This is kind of my point.

People keep echoing this phrase "Harming Small Business", the implication is it's an issue which affects all small businesses. It doesn't.

It's not even clear based on your post what type of business is impacted, or how many. Just some niche products... what does that even mean? Sellers on Etsy?


If it doesn't affect small businesses then who is buying all of the FB ads?

If you look through your ad feed what do you see? When I had FB, most of the ads were for products (or services) from small businesses. Maybe you can dispute small, but that was the majority.

> "Sellers on Etsy?"

I think that'd be included yeah, also anyone with a shopify store, etc.

I'm not the right person to ask but I'd believe there's large volume here, I'd also be happy to be proven wrong.


> When I had FB, most of the ads were for products (or services) from small businesses.

What makes you think the quantity of quality of advertising on Facebook is going to change? They still have:

- Your location

- A list of what you post about, what you link, what photos you've shared, what activities you've attended, what groups you are in, etc etc.

- All of the above about many of you friends and family members just in case there are interests you don't talk about on Facebook.

So how exactly is whether Facebooking that I checked the weather on the corner of 3rd and Center at 7pm going to help those small businesses advertising on Facebook?

Is there going to be some flash umbrella store around the corner if rain is in the forecast?


We don't really disagree, FB, Google, and Amazon will be less affected by this change than everyone else that can't do all of the things you're suggesting. That's the harm Stratechery is talking about.

The affect on FB ads specifically I don't know, I'd suspect it being harder for FB to be as effective with targeting which could make the ads less useful (and that could harm small businesses that use them).

The ability for other non-megacorp companies to understand their customers is more the issue.

I think you're focusing on a narrow thing and ignoring the rest.


I think the emphasis on small businesses is a distraction from the main point. (See it's working!)

Fundamentally, whether this is going to favor the mega-corps or not, I don't want people tracking me. I don't want companies having the sort of information Facebook and Google have, they've demonstrated they are poor stewards of our data. At the same time, I don't want additional companies to gain access to a stream of information about me, regardless of whether that helps FB and GOOG or not.

If helping FB and GOOG is the cost of keeping more information about myself (My family, etc) private, then I guess I'm Ok with that. It's the lesser of 2 evils.


I’m wondering what kind full page response will Facebook make now. :D


I've got a pixel 2 at the moment and it's working alright. I think I'd like to switch to an iPhone next. Which of the older models of iPhone is good? I don't want to spend the large price for the newest iPhone, I'd be happy with a generation or two back. Does this privacy setting affect older generations?


Try iPhone SE, it's the cheapest one with a good processor, and will probably be supported for several more years, I'm still using the iPhone SE first gen from 2016.


iPhone XR is still very good and about half the price of the 12. Has the new design, bigger screen, smaller bezels, FaceTime. I don’t know about this privacy setting, but Apple is good about supporting older phones with new iOS releases, and the changes from XR -> 12 are much less than 8-> XR.


The regular user just clicks "accept" on every prompt they see. Yes there might be days that privacy is the top news. But most people ignore it. $FB is down because of this new cycle but mark my words. Facebook will make even more billions using data people "clicked accept to share".


A lot of this is about Google, not Facebook. Why are we talking about Facebook.


Are we witnessing a veiled announcement of Apple Search where it would be a key driver for Apple One adoption?


why is this a PDF? Sure for portability or to make it seem like 'official' 'whitepaper' etc....but geez, put it on a website with an added download c'mon


The way Apple paints this is that it's them vs. evil Facebook. Don't get me wrong, Facebook has certainly overstepped several times in their data mining practices, but a lot of these changes will almost exclusively hurt small and medium sized businesses that have been able to inexpensively reach target customers for niche and/or local products.


Just because you built a business on technologies and techniques that cause social harm, doesn’t mean you have the right to continue using those technologies and techniques after society has decided they no longer wish suffer the harm they cause.

Certainly some business will die, but I suspect the vast majority will find other inexpensive avenues of reaching their customers, without having to step on their privacy.


First and foremost, no company should benefit from this kind of lopsided non-arrangement to spy/ track me. I don't care if it's Facebook or Bob the window washer, they shouldn't be tracking me this way without permission.

Also, I don't agree that this is going to broadly affect small businesses. I accept that it's possible a few businesses in some places will be hit, but there isn't a ton of evidence that it's going to have a broad impact. Facebook still has massive profiles of users to provide a broad set of ad targeting tools.

The hair dresser down the corner isn't going to lose sleep over this. Nor is my favorite taqueria or sandwich shop.


I'd argue it's impossible to enact any change that would only hurt large businesses and not small/medium sized businesses.

Also, for niche products wouldn't keyword advertising be just as effective?


I wonder which one is easier to implement. A future utopia where every thing is great for everyone or an ad-less society.


Note that this article is from 2010, 3 years before Apple joined the NSA's PRISM program approx 6 months after Steve Jobs passed. Jobs reportedly wouldn't go along with it. The data flow is much different now.

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

How about hardware implants? https://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-rep...


> Note that this article is from 2010

Which article? The one above is new.


The document is dated 28 JAN 20201.


Apple products do a lot of things with your data without asking; this seems like farce to me.

I'm all for marketing to one's strengths, but Apple products leak so much data (hardware serial numbers, for example) that this sort of marketing strikes me now as actively dishonest.

Apple collects just as much data (sometimes more!) as all of these shady data broker types they vilify in the document.


Care to share any examples or references of where Apple is being dishonest here?


The Jobs quote on page 2. All iOS devices and all M1 macs maintain a persistent serial-number-linked connection to Apple at all times, even if you don't use iCloud, don't have an Apple ID, don't use FaceTime/iMessage, don't use the App Store, and have analytics turned off. No indication that this is happening is displayed, and there's no way to turn it off.

Your client IP discloses the city the device is in, and the ISP. This means that Apple has a city-level, ISP-level location tracklog of every iOS device and all M1 macs (and possibly intel macs too) by serial number.

You're not asked, you're not even told. This is the exact opposite of their headline founder quote on the first non-title page of the doc.


Again, it would be nice if you presented evidence of your claims.


It's called APNS, and the evidence is in the network traffic of every M1 mac and every iOS device. This isn't a secret, the way APNS works has been documented for years.

Would you like a pcap? I can send you a pcap.


APNS is the notification service? Notification tokens are randomly generated, and are refreshed regularly. I have heard zero suggestion anywhere that they would be used for any kind of tracking, other than routing notifications to the correct device.


>I have heard zero suggestion anywhere that they would be used for any kind of tracking Yet it could.

GP just said Apple has the info and it can't be turned off.

Which I find interesting in the context of the PDF above.


Has what info?


I would like a pcap.


Email me, I have done the testing on M1 systems recently (I bought one just for the purpose!).


You don't seem terribly interested in providing any evidence to back up these claims.




Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: