Hacker News new | past | comments | ask | show | jobs | submit login
Apple redirects Google Safe Browsing traffic through proxy servers in iOS 14.5 (the8-bit.com)
391 points by CharlesW on Feb 12, 2021 | hide | past | favorite | 264 comments



I'm really tired of how much phone-home Apple products do these days. At this point I don't even put a SIM in my phones any longer, and only permit them access via a travel router (which does have a SIM, for LTE backhaul) which runs a VPN client and on which I have root to inspect/block traffic. My latest blog post shows the dozens of dozens of connections that a Mac running Big Sur will make just sitting idle at the desktop on a fresh install.

Apple's products are only private if you want privacy from their commercial competitors. If you want privacy from Apple or the US federal government to which they provide tons of user data (without warrants(!) or due process), you're in for a constant uphill battle.

Using everyday devices should not be creating hardware-serial-linked permanent records that the state can download at any time; to me that's stuff of a true dystopia.

Apple has not yet integrated this viewpoint, and seem to regard privacy as only important against companies that aren't Apple. Device backups (full message history and attachments), as well as Photos stored in iCloud, are not end to end encrypted permitting Apple (and by extension the state) to read and access all of it without your involvement.

It's a bummer they're extending this attitude to browser-related traffic too. There seems to be a new trend inside of Apple that they're still figuring out here (see also: the addition of ContentFilterExclusionList in 11.0, and then its quick removal in 11.2).

Did you know that if you entirely block access to all Apple hosts, you can't even add a Gmail account to an iPhone?


I wouldn't call it dystopia, it's just that as technology is eliminating these barriers to entry for such sort of thing, it's inevitable to have happened and will become more pervasive as the tech develops further. And you can't fight it either as long as you're in their ecosystem, as you'll be one man against an army of engineers working 9-5. Linux, open-source, opting out of personalized solutions - that's the only way, and it's still a battle you can't win, just delay the loss.


You go through all these hoops then want to add a Gmail account???


Very few of us want end-to-end encryption of everything. People say they do, but they really don't. For example, full e2e means that Apple can never access your content with having your password. This sounds great unless you've ever worked tech support. The first time someone loses their mind because they forget their phone's PIN and now can't access their wedding photos, which of course they've never backed up anywhere else, it becomes apparent that most people want Apple to be able to access their stuff as long as it's in service of doing something convenient for the person.

You and I want true e2e everything. We have our encryption keys backed up safely. We make ourselves enter our passwords regularly enough that we can't forget them. We willing and capable of taking full responsibility for protecting our data. You and I are not like most people. They don't want to be bothered with "all that nerd stuff". They just want all their photos to magically show up on all their devices, and to have a support person they can call to let them in when they've forgotten their password for the second time this year. That doesn't mean those people are less intelligent, or ignorant, or any of that. It means they have different priorities than you and I do, and their priorities are absolutely reasonable and appropriate for most people. They look at us and say "WTF, those guys don't work for the CIA. Why are they so obsessed with protecting their recipe collection and text messages, at the risk of losing all their data if they forget a password?" And frankly, that's a completely OK and normal mindset.

Apple's privacy stance is the correct one for the market they're trying to sell to. I personally think your and my privacy stance is better, but most people would reasonably say it's impractical given the threat model we actually face. I'm OK with that because I like doing these things for myself as a hobby, but I don't think Apple has made a bad or unjustified decision. They just different priorities than we do.


> The first time someone loses their mind because they forget their phone's PIN and now can't access their wedding photos, which of course they've never backed up anywhere else, it becomes apparent that most people want Apple to be able to access their stuff as long as it's in service of doing something convenient for the person.

This is a false dichotomy.

Apple had invested significantly in doing a form of key escrow with trusted other devices and other users, possibly involving secret sharing with trusted friends-and-family, that would permit users to have end-to-end encrypted data that could still be recovered without Apple having keys.

The FBI nixed the plan, and Apple obeyed.

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

Apple employs tons of world class cryptography experts, and has designed several end-to-end cryptosystems, and is perhaps the foremost leading expert organization on what comprises good UX "for the rest of us". This is a solvable problem, and the "they can't do e2e because" excuses that people throw up (such as the one you provided) fall down when we see that they had a system ready to go that was ended on the initiative of those who would prefer surveillance.

Even Google figured out a way to do e2e device backups for Android in a privacy-preserving way. Apple is at least as competent as they are at designing cryptosystems, possibly more so.

The technical issue can be solved, but not as long as Apple doesn't want to upset the FBI.


Apple devices have been found to phone home much less frequently than the alternative.

>A new study has found that a stationary iPhone sends data 50 times less frequently to Google's servers than a stationary Android phone.

That's according to a 55-page report titled 'Google Data Collection', carried out by Professor Douglas C Schmidt, professor of computer science at Vanderbilt University.

The study comes as Google faces criticism and now a lawsuit over the revelation that turning off Location History does stop it tracking iPhone and Android users' location.

https://www.zdnet.com/article/want-google-to-track-you-less-...


Your quote doesn’t cover Apple phoning home at all. It covers the frequency Apple devices send data to Google.


You would prefer a different quote?

>According to a research paper published by Vanderbilt University's Professor Douglas Schmidt Aug. 15, Google’s Android phones are sucking information from your private life at a much higher rate than Apple’s iPhones — almost 10 times more, on average.

https://www.tomsguide.com/us/android-privacy-vs-iphone,news-...



> to Apple at all times (to APNS, for the receipt of push notifications)

Push notifications can't be implemented otherwise... so you'll have to trust Apple for that one.

Mozilla Push Service is the Mozilla equivalent for example. Push notifications are an expected feature of every device nowadays, routed through a server owned by the OS/browser provider by design.


This happens on a device with no apps installed, with no apps running. No Apple ID. Fresh install.

Also, locally running apps can trigger their own notifications.


> This happens on a device with no apps installed, with no apps running. No Apple ID. Fresh install.

On a fresh install you have Software Update, News, Safari, iTunes Store, App Store, Stocks, etc. which are all going to be a part of polling for available push notifications. When a new device update releases you will get a notification about it, even without an Apple ID signed in.

Yes, locally running apps can trigger time-based notifications but all network-based notifications should be handled by Apple's push services as iOS doesn't allow long-term persistent background tasks due to battery drain and it doesn't make sense for every app to have its own individual polling occurring at random times.


Locally running apps constantly polling for push notifications kills battery life, so in this case I can see where they are coming from


This particular article is about a feature that was "phoning home" to Google, and Apple changed it to do it to Apple instead.

In what ways do you think your point is relevant to this article?


It's yet another thing added to the long list of things that Apple devices phone home to Apple servers about, even if you don't want to use any Apple services and opt out of all of them (all that you can; App Store/Apple ID is mandatory as there is no sideloading).

There's a growing list.


Agreed. The only alternative (in terms of OS) would be Linux, but as soon as you open a browser the vultures will still get you.


Does the specific feature mentioned in the article have to do with any of this? I fail to see how this proxy can be abused by Apple as you seem to be implying because they won't be able to see the contents of the queries, which is secured by TLS.


The TLS will necessarily be terminated by Apple, so they could definitely see the hashes if they cared to.


I was under the impression that Apple would just tunnel the encrypted connection.


Really nice post there! Enjoyed reading it. (Also agree with the bit regarding xps 13. I was given one at work and they expected me to have a 'wow' reaction to it and made remarks what a 'beast of a machine' I was getting. Lol.) edit: typo.


To all the kind people downvoting, I am referring his blog post, not his post here. https://sneak.berlin/20210202/macos-11.2-network-privacy/


Am I the only one who thinks that this is a neutral move with some pedestrian reason like "we'd like to be able to dynamically change our Safe Browsing endpoint in the future" or "let's not hardcode our API keys into Safari"?


Definitely not... because there's no need to proxy all the requests just to be able to dynamically change the endpoint (or other details about how/if it accesses the safe browsing endpoint).

In aggregate, that's not insignificant traffic, so you wouldn't want to use your own resources to process it without a worthwhile reason.


The head of Webkit says this is related to privacy (preventing an info leak). I think that's a pretty good confirmation that the reason is not (simply) pedestrian. https://twitter.com/othermaciej/status/1359736220809531393?s...


Apple servers are whitelisted in adblocking and firewall APIs, so this move makes sure Safe Browsing works when the user or some app messes up with those.


Why would apple's servers be whitelisted but not google's? Considering all the google devices/software out there (eg. android, chrome), not whitelisting google is probably going to cause more issues than not whitelisting apple.


Because Google runs ad servers. Using an ad blockers would be pointless if Google domains were allowed to bypass.


Again, like I said previous comment google runs a bunch of other services that you can't just block the entire google ASN and not expect stuff to break. As for who's doing the blocking, there are basically two groups: enterprise sysadmins (or their vendors) and hobbyists running pi-hole at home. The former would certainly care about breakage, and likely isn't concerned about ads. Not to mention if they block safebrowsing (or google software updates) and they get hacked because of it, that'd look really bad on them. Hobbyists would care less about breakage and more about ads, but I suspect the same hobbyists don't care much for safebrowsing and probably has it disabled so whether it gets whitelisted or not is irrelevant.


I think that's Google's problem and very much a scenario they created for themselves. I'll give Google a lot of credit for serving the majority of their ad content off of intentionally distinct server groups but that line has been getting greyed and, if they make themselves untrustworthy, that's on them.


> google runs a bunch of other services

Trust does not compartmentalize.


The point isn't that you must trust google or anything, but that if you are serving users other than yourself, blocking the entirety of google isn't a viable option. In the case that you're only doing it for yourself, you likely have safeblocking disabled or know how to whitelist the safebrowsing endpoint yourself (it's a separate domain) that it's a non-issue.


> if you are serving users other than yourself, blocking the entirety of google isn't a viable option

This is a fair assumption to challenge. Lots of developers co-mingling their traffic with an ad company doesn't mean everyone has to whitelist their servers. It's an impediment. But Apple has navigated those.


Because Apple doesn't control Google's servers.


Why should whitelisting depend on popularity?


Why wouldn't it? More popular = more users = more people complaining when stuff breaks = more political pressure to get it fixed.


Why should we allow stuff just because “stuff breaks”? It’s totally fine to have “stuff break” if they don’t benefit the objective laid out. We “break” a lot of stuff in our society with our laws.


>Why should be allow stuff just something “it breaks”?

what??


It is fine to break stuff even if it is popular as it doesn't achieve the overall objective. There's no compulsion to allow something just because it is popular.


Nope. Mother Nature doesn't have to care whether her rules are popular, the laws of thermodynamics are actually very unpopular, but they apply anyway.

However people can disobey our laws and so if they aren't popular enough they're worthless. The UK used to have laws controlling the ownership of dogs. Each dog required a license, licenses were taxed and you could be refused a license. But that law was very unpopular, and so it was abolished - not because licensing dog ownership wasn't a good idea, but because even if it was a great idea it was too unpopular to succeed.


The laws of thermodynamics are incredibly popular. The explanation they provide for the ticking of time, and how they enable us to produce incredibly efficient systems is fantastic.

Without the human invention of entropy, we'd have no clue why our perpetual motion machines aren't working.

For the mechanics those laws describe, they're great too. Pretty sure there would be constant unwanted explosions everywhere if energy could keep transforming in any way where it's conserved. I like that my table doesn't decide to be a bomb at random


> Mother Nature doesn't have to care whether her rules are popular, the laws of thermodynamics are actually very unpopular, but they apply anyway.

I am pretty sure whitelisting servers don't follow the laws of Thermodynamics or nature.


They certainly follow both. Require energy to run and give off heat energy as waste


And those laws have no effect on what should be whitelisted and what shouldn't. Let's not argue for the sake of arguing. The aim is to not debate but move the discussion forward. I don't see that happening.


In the context of this discussion (blocking at enterprises), I doubt any sysadmin is going to be able to convince the leadership that blocking all google services is an acceptable trade-off.

If you're doing the blocking yourself on your own network then sure whatever, you don't really care whether google stuff breaks, but you probably also have safebrowsing disabled, or know how to whitelist the safebrowsing endpoint yourself if you need it, so the whitelist argument isn't relevant in that context.


> In the context of this discussion (blocking at enterprises), I doubt any sysadmin is going to be able to convince the leadership that blocking all google services is an acceptable trade-off.

If that was the case, here was the original comment.

> Apple servers are whitelisted in adblocking and firewall APIs

What exactly did you disagree with?


Yes. Or, google/apple have a payment structure between them, and it's just easier to aggregate usage and charge for it this way.

this doesn't really pass the smell test of "is there something fishy going on around here?"


It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services? I'm sure Apple pays Google for the service, and probably on a per request basis, so proxying and caching data will reduce their costs... In theory, I'm sure there's contractual obligations in place.

(from personal experience, we used a service in a project once to fetch stock market data. It was a good faith agreement, we had to maintain our own tallies of how often a stock price was fetched, tell them, and we'd be charged accordingly. This made sense because from them we just got a 20 mbit inbound pipeline of stock updates, which we fed into a Gemfire (which is now apparently called "VMware Tanzu™ GemFire®") cluster and exposed to end-users via a simple REST API. (It was a bank, of course we couldn't change firewall rules to allow websockets or whatever was available at the time).


> It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services?

I'm sure Apple doesn't need to build APIs to do data mining on their own users. It would be very un-apple to create an API like this and allow non-apple devices to use it. So where is the benefit on data mining?

Privacy (in a consumer and marketing sense) is a major market advantage. I think that Apple has determined that keeping data away from 3rd parties is a good way to capitalize on that market edge vs. giving up the edge and engaging in the same consumer exploitation as their competitors.


> Privacy (in a consumer and marketing sense) is a major market advantage. I think that Apple has determined that keeping data away from 3rd parties is a good way to capitalize on that market edge vs. giving up the edge and engaging in the same consumer exploitation as their competitors.

I agree, this seems like the simplest and most straight-forward explanation to me.


Yet it would be ridiculous to claim a privacy advantage by doing this move, since the only change here is sending your browsing activity to Apple instead of Google. And the Safe Browsing stuff is already kinda high in the "anonymized" scale anyway, up to the point Mozilla uses it.

If they wanted to claim privacy advantage, they could offer these lists for rsyncable download, like antivirus of more civilized eras used to do.


> I'm sure Apple pays Google for the service, and probably on a per request basis, so proxying and caching data will reduce their costs... In theory, I'm sure there's contractual obligations in place.

It's free. https://developers.google.com/safe-browsing/v4/pricing


No such thing. A company like Apple doesn't just click through a Google developer agreement and generate some API keys and off they go. All integrations will have explicit agreements reviewed by an army of lawyers.


The cited page literally states "All use of Safe Browsing APIs is free of charge."

Emphasis 'all'. There may be meetings, but it's still free.


>It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services?

How is this about "data mining"? If they have built their own safe browsing service they'd be in the exact same position to do data mining!


> It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services?

How does Apple building its own service smell like "data mining"? You can build your own service and not be a data miner.


> It smells like data mining to me

Whether it is or isn't (at the moment) data mining I won't debate.

My concern is sending that much of my behavioural information through a point controlled by one party.


Like Google?


Next fonts and jquery stuff, please. These requests have Referrer in them. And can we have it for MacOS too?


If you’re worried about the Referer header leaking information, Firefox has numerous config settings to control the value sent.

https://wiki.mozilla.org/Security/Referrer


Nice, thanks, but I use Safari


https://marketingland.com/apples-latest-itp-updates-what-mar... suggests that "When a user loads a web page with embedded content from another domain, as in a tracking pixel, the request header referrer for the tracking domain will no longer contain the full web address of the host page, only the domain name." This is the case when "Prevent cross-site tracking" is turned on.

Not the same thing as hiding your IP and the domain name, but we're getting closer to full privacy, slowly. The problem with proxying is that it would only work with a small list of third-party asset hosts, and it would break the ability for CDNs to work unless it was a distributed proxy... that sounds like more headache than its worth except maybe as a new type of browser extension, something similar to a content filter but instead loads cached or proxied copies.

But at that point it's worth considering VPN or compression proxy services for content compression as Chrome and Opera Mini might do, and MITM everything the browser loads so nobody gets your IP except Apple. I imagine folks might pay for an Apple VPN service, I'm just not sure Apple wants any headaches that might go along with it yet. :)


> the request header referrer for the tracking domain will no longer contain the full web address of the host page, only the domain name

Why not just remove referrer header for all 3rd party requests? Or remove it in Private browsing mode. VPNs nice, im using one, but other VPN companies are not, such a cutthroat business :) And you can not self-host VPN, it defeats the hide my IP feature.


As a developer, you can already use https://www.w3.org/TR/referrer-policy/

https://caniuse.com/referrer-policy

Hoping the defaults for sending such metadata will change eventually


I've seen some browser extensions that use local copies of the usual CDN scripts and such. I wonder how much better that could be if it was a proper browser feature coupled with some sort of a privacy proxy? Though I imagine that the same local cache fingerprinting issues might still apply here.


Decentraleyes


Better look at LocalCDN instead as it gets updated more often:

https://www.localcdn.org/


Oh, you mean localcdn is not yet ready?


Sorry, I reworded my comment. I meant that Decentraleyes isn't getting updated.


Don't all browsers cache ( common, like jQuery) js and css stuff locally?


Most browsers changed that to a site-based cache instead of a global one.

https://www.zdnet.com/article/firefox-to-ship-network-partit...


They might cache it if the server allows them to cache it.

But evil servers don't.

Example: gravatar.com gives an expiration time of 5 minutes.

curl -q -i --output - https://www.gravatar.com/avatar/70d9b050bfe39350c234d710fadf... | grep -a xpires

expires: Fri, 12 Feb 2021 11:54:40 GMT


I suspected it, thanks for confirming. What about fonts.googleapis.com, is it cached client side?


There is no sane reason to load external scripts from a CDN rather than your own host.


There used to be performance improvements since it would be cached already.


Only if cached. Otherwise you had (or have) TCP+TLS overhead, which I doubt is faster than the already established connection.


Browser extensions like LocalCDN protect against this sort of things.


This article is about iOS. How are you going to use LocalCDN on iOS?


With Firefox


Can you use extensions on Firefox for iOS? Browsers on iOS can't use their own engine. They're essentially Safari with a different skin on top.


I think you're right, wasn't aware of that.


I think Apple software (like Safari) shouldn't talk to google servers by default, so this move makes sense.


What makes this pair special?


That it's the one this post is about. In general software should avoid using third party servers as much as possible, because they're outside of its control.


So Apples going to war with Facebook and Google citing privacy.

Google violates privacy, yes but so does Apple.

Real privacy on phones means removing google play services from your phone, using fdroid, not using any proprietary apps and self hosting services instead of relying on gsuite or ms365.

Not the fake privacy shit that Apple does, where they move the power from Google to themselves.


Your bar for privacy is very high and accessible only to nerds. That's great, but not helpful for average users.

Apple is not absolute, ironclad privacy. Don't rely on them for covert ops missions. But they ARE providing a very reasonable model of doing business that requires no special skills on the part of the user and does not engage in the unrelenting surveillance that other companies bake into every corner of their products.

Is it "privacy"? I'm not sure. But it is definitely "not surveillance". And that's a very reasonable place to start.


What Apple does is partly "privacy theatre" in my opinion.

They shame third party apps you have given background location permission for using your location in the background (eg. gps dog collar app) while never alerting you when the first party Apple apps do the same "Apple maps / friend finder / Siri / etc. used your location in the background"


Where does privacy end and surveillance start?


I think many are defining privacy as “no one has even the possibility of accessing your data”. To me, surveillance is actively instrumenting and recording data from a user . Apple seems live in a middle zone where the do not engage in surveillance, but sometimes make technical choices where they could in theory access or intercept data from you, though they have they have promised not to.


What you're suggesting isn't that far from "don't use the internet".

That's fine -- your privacy will go way up -- but I don't think that's the solution very many people are looking for.


Agreed. On the long-term, Apple is the one which might harm Privacy the most because they will kill the real Privacy alternatives by pretending they are one.

People use Google & Facebook because they are dependent on their services but some of them know they are unethical (for e.g the recent WhatsApp scandal shows that at least some people are kinda aware).

Apple on the other hand lies and does propaganda about their fake Privacy and people (even on HN) think they are the solution, and that's far more dangerous I think.

Many people think real Privacy solutions are not worth supporting because they have Safari, IOS & Icloud. Well guess what, ICloud is not even (end2end) encrypted, employees have been listening to your Siri conversation, HomeKit doorbells are doing nonconsenting facial recognition on you & your friends, Apple tracks every app you lunch & when (and no that's not necessary for security, you could just download a blacklist instead of sending Apple your history), and no, Apple does not audit or read any line of code of the apps on the store.

It's killing me that my friends think it's okay to install Facebook, Instagram & Snapchat or whatever on their phone because "No but it's okay, I have an IPhone so Apple has checked the app and everything". For them, Apple is magically going to protect them whatever they do.

That's where you see their lies & propaganda really worked.

Apple is like a polluting gas car that sells & market itself as a green clean ecological electrical car so that people can use without conscience issues


What about your ISP? They know every websites you consult, every phone calls and texts and they triangulate your position...


For all but the position aspect of that, switching to a trustworthy VPN provider (e.g. ProtonVPN or Mozilla VPN) and using Signal or another VOIP system can provide mitigation. For the position data, that is harder to mitigate but you have to consider your threat profile. The truly paranoid keep their phones with battery removed (when possible) and/or in a faraday bag unless they are actively using them.

You do, of course, pay for this privacy with significantly reduced convenience.


I'm not sure who I distrust more between a VPN provider and my ISP, but for sure I don't trust either.

Signal has received financing from the CIA so my trust level isn't high (even though I use it).

My point is that privacy is an illusion on any connected system and particularly a smartphone.

You can make less privacy damaging choices but IMHO there's no panacea.


> Signal has received financing from the CIA so my trust level isn't high (even though I use it).

More like Signal once received funding from a fund that included funding from an organization that was once run by the CIA.

Still, I agree with your overall point. To be truly private, you need to disconnect. Other than that, you need to consider each trade off. Historically, this was difficult because companies barely disclosed what they did. Since GDPR and CCPA, a lot of the veil has been lifted.


> However, since Apple now proxies Google Safe Browsing traffic, it further safeguards users’ privacy while browsing using Safari.

It still shares the same amount of information, it's just being shared with Apple instead of Google. If it was a privacy problem before, it remains so.


If it's a simple proxy tunneling HTTPS traffic to Google, Apple probably doesn't know anything about the content of the queries, and Google doesn't know who sent them. If each kept records, they could get together and combine them to get the hashed URLs, but still a much better situation than directly querying a single endpoint.

Signal actually uses a similar approach to anonymize queries to GIPHY from users of its app. https://signal.org/blog/giphy-experiment/


I think it would have been way more private if they had used tor, defaulting to apple servers if tor wasn't available.


That would probably single handedly bring down the tor network


This is a significant improvement if you trust Apple more than Google.


I don't trust either but knowing how each makes their money one might be less inclined to abuse my data over the other.


Sometimes I think people are not aware that Apple also has an ad business.

https://searchads.apple.com/


Have you noticed that these ads appear only in the App Store and are not based on invasive tracking across apps and the Internet?


Sure, but it’s got a considerably better privacy model than Google’s ads: https://searchads.apple.com/privacy/ . For a start, you can see what information they used to target you by pressing on the “Ad” button (which is my case is nothing because I’d previously flipped a single toggle switch in settings telling Apple not to use personal data to target ads to me).


Google have a whole website dedicated to that ( what it knows about you), and there are toggles if you want that to be used for ad targeting or shared with third parties.

adssettings.google.com


It’s kind of disingenuous to compare Apple’s search ad feature for just promoting an app inside the App Store, with Google’s Adsense online advertising platform which is multi-platform with video, text, and image ads, even audio at one point in the past, on multiple device types being so ubiquitous it’s almost hard to get away from them.


Search Ads are for the App Store and are completely contextual - eg. you search "translate" and a random translate app shows above Google Translate as an Ad. They don't have ads that target the user, only the search term.


Not to mention iAds. Though apparently they shuttered that a few years ago.


What are you basing this information on (besides a pinky swear of a corporation which happily forgets their values when it comes to repairability and labor force) ?


> "knowing how each makes their money"

Probably gave it away?

> "their values when it comes to repairability and labor force"

Apple obviously doesn't have any positive values about labour force and repairability, but both of those have about 0% to do with privacy, so they aren't relevant in this case I'd think.


I get that Apple seems more trust worthy in this setting but if one trusts others depends on everything they do. It would be better if they combined forces to create a separate entity. Safe browsing currently gives both companies the ability to block websites. They could do this when they feel like it but also when ordered to.


> so they aren't relevant in this case I'd think.

It’s just the classic “Apple’s bad, therefore they are absolutely doing anything nefarious I could come up with”.


You can look into SEC 10K filings for both firms.


And those filings say that Apple is rapidly changing itself into online service firm where most services heavily rely on users data.


I am sure you've also made a keen observation that those services revenues heavily come from subscriptions, not from user data.


An online services firm that is 100% different in how it works compared to Google/Facebook's models. All of it's services are subscription based and tailored for people who bought their devices.


And even if you don't, it still reduces your surface area, because your iPhone is already talking to Apple anyway.


It would be better if it didn't talk to their servers, adding more on increases the surface area and impact.

In this particular case with Safe Browsing APIs, there wasn't a 'surface area' in the way that you mean, to begin with. The article, and commenters, are incorrectly making it appear that way.


The Safe Browsing protocol does have a theoretical vulnerability whereby a malicious provider could create hash buckets on demand with the intent of guessing user URLs. This change would protect users from this theoretical risk. Also, it prevents Google from getting free info about user IP addresses and other info visible via a direct network connection.


I'm guessing this information is next to useless. All they get is an IP address, and all it signals is someone is using a device. It is highly unlikely this is a useful signal for anything given the fact that they're getting much better user IP data from practically dozens of other services people use.


> It would be better if it didn't talk to their servers

As long as you have a 'smart' phone, it will talk to servers. Messages, email, contact sync, online backups, tools to give you trace possibilitiies if your phone is stolen ... everything needs some kind of server. And if you use an iPhone, a lot of those will be located at apple. If you use an android phone, those servers will be located at google (and possibly also at the hardware vendor eg samsung etc)

Aside from the whole 'company A can be trusted more then company B' thing which is in my opinion a personal matter, this specific item where apple will route the traffic to a 3rd party through apple to hide the ip etc of their customers is a good thing.


Both are required in the US to turn over user data and logs to the US federal government without a warrant, pursuant to FISA orders.

Apple compromised over 30,000 of their customers in such a fashion in 2019, as documented in their own transparency report.

The F in FISA stands for foreign, but at least one person who worked on the program has told us that it is used to obtain the data of Americans without warrants as well.


For the US Government it's just a different phone number they have to call to get your data...


Typically, people who are trying to defend themselves from nation state threat actors aren’t using iPhones or stock Android phones, and absolutely wouldn’t use safe browsing if they did.


And the U.S. Government isn't making a phone call to get the data.

They have a "law enforcement portal" they can log in to in order to request the data.


Are we classing the FBI as a "nation state threat actor" now?


If you're outside the US, yes.


What does that have to do with the threat posed?


I don't think it's about the FBI as much as the rest of the three-letter soup. NSA, CIA et al. most certainly are a threat to anyone outside the USA holding valuable secrets.


It always should have been. I'm not sure anyone would not class them as a nation state threat level. It's one of the most powerful government agencies in the most powerful nation in the world. If they don't fit that definition who would?


Ever heard of Edward Snowden? He exposed how three letter agencies were engaging in mass surveillance, even including American citizens in violation of their very own constitution they've sworn to protect.


Why not? Every system holding PII poses a potential threat, at the very least because every system can get hacked, and at worst because folks with “legitimate” access to that data can still abuse it.


Well, it is an actor and it is a government agency...


For the Chinese government it's a direct feed from Tencent, which Apple devices sent URL data to.


No silver bullet. This is a counter against surveillance capitalism but not against surveillance states. In the long run the only sure way to prevent data misuse is to remove the data, but moving existing data to entities without the financial incentives to misuse it is still a step in the right direction.


Which I guess would be more of a given if you've decided to buy and use an Apple device.


This. Would be better to not have to trust anyone!


There is no significant improvement - the data was already hashed/anon to begin with and posed no risk. IP addresses on their own aren't a problem, it's when it's available with additional data that you start to worry.

This is purely a move to further lock users in while being touted as being privacy friendly through persistent PR.


If you are an iOS user, then Apple is necessarily in your trust model. Google, not so much.

Google’s implementation of k-anonymity in Safe Browsing does not account for their own ability to correlate multiple queries and narrow down which specific website corresponds with the hash.


> IP addresses on their own aren't a problem

I'm the only person using my IP address, ergo it's personally identifiable. Seems pretty clear cut to me?


Not at all. IP addresses are not PII under any definition. Feel free to browse CCPA, GDPR, etc. Even without those regulations, it's still not PII as it takes just a few seconds to enumerable every IP address. If it actually were PII, you would have controls in place to prevent it leaving your device in the first place.

IP addresses are only when identifiable metadata is linked with it. I can only guess that you are being deliberately obtuse on this - I had momentarily forgotten that I was on HN so my comments weren't welcome sadly.


Lock users in? What does it change from that point?


The hashes are hashes of a small set of public data, and so reversible via rainbow tables.


It still shares the same amount of information, it's just being shared with Apple instead of Google. If it was a privacy problem before, it remains so.

Apple’s business model is not based on exfiltration of personal data, in fact their business of selling hardware is only boosted by adding privacy features.


Software update and other features already expose your IP address to Apple. This solution doesn't add another company, so that's a win.


Giving all your information to a single company where it's easily pooled and abused is a win?


No, it’s segmenting which information goes to which company. Apple already has your IP address so why also give it to Google? Meanwhile the https traffic is only proxied through Apple, so they don’t see the content.


Apple doesn’t collect and use information the same way Google does.


It is true, Apple handles it way worse. With Google you have access to a whole dashboard where they explain in very simple terms what they know about you (per service) and how they use that information. And of course you can opt-out with a few clicks.


Apple has the same thing[0].

A journalist requested their data from Apple, Google, and Facebook a few years ago[1],

> The zip file I eventually received from Apple was tiny, only 9 megabytes, compared to 243 MB from Google and 881 MB from Facebook. And there's not much there, because Apple says the information is primarily kept on your device, not its servers. The one sentence highlight: a list of my downloads, purchases and repairs, but not my search histories through the Siri personal assistant or the Safari browser.

Also curious how, if as you say Google is so transparent with this information, they abruptly stopped updating all of their iOS apps on December 8th, the day that Apple required them to publish the data that their apps collect[2,3].

0: https://privacy.apple.com/

1: https://www.usatoday.com/story/tech/talkingtech/2018/05/04/a...

2: https://twitter.com/Thomasbcn/status/1356645088697454596

3: https://www.macrumors.com/2021/01/05/google-hasnt-updated-io...


It’s interesting that one using data as a selling point is worse than one that doesn’t. In any case, Apple gives you access to all information they have on you and you can opt-out with a click. I’m not sure that’s a differentiator in any case.


Except that if you’re using Safari, you’re already putting some trust in Apple to protect your privacy. Reducing the number of parties to your data is certainly a privacy win.


Apple doesn't know whatever requests you send. Apple only knows your IP address, whereas Google only knows the request content.


> If it was a privacy problem before, it remains so.

That is a very binary view. Yes, it is still a privacy problem; but now the privacy problem is with a company that is not abusing personal data on a massive scale.


Apple is going to extremes to get more power over users and force others to have less. Of course it can be painted as being "for privacy" but, really, anyone believe that coming from Apple?

EDIT:

Come-on HN. Google has nothing to do with how trustworthy Apple is. You can distrust both. This whole "for privacy" push from Apple is clearly more about hurting others than protecting users. I'm surprised HN'ers are buying into this marketing ploy.


It's not worth it on HN. Everyone here is completely pro-Apple anti-Google it's not even possible to have a good-faith discussion. I agree with you distrust both of these corporations, Apple's figured out that by pushing the "privacy" marketing ploy they can defeat Google strategically, that's all this is about. If it would benefit them to abuse user privacy, they would.


> Everyone here is completely pro-Apple anti-Google

Both extremes exist here, just like everywhere else. Anti-Apple articles/posts/discussions also get a ton of upvotes and frequently end up on the front page, and the discussions are filled with comments of people swearing off Apple forever.

Apple is a polarizing company in the tech world and that is just as true on HN as anywhere else.


Yep. Absolutely - trust them a lot more than I trust Google.

I love what 14.5 is doing to shake up the privacy invading practices of the large internet co's.


You can distrust both.

>I love what 14.5 is doing to shake up the privacy invading practices of the large internet co's.

Sure, but just don't believe it is for your privacy's sake.


Why not? It seems like a pretty clear cut move to increase privacy, drive up consumer satisfaction and loyalty, and increase sales. Yeah, they're doing it to sell more iPhones, sure, but I don't see how that's a bad thing.


Apple makes money selling devices; Google makes money selling targeted ads. Making devices more secure will benefit Apple's business, so is collecting more user data to Google's business.


Apple also makes significant money from services and app store. They might not have an incentive to violate your privacy but they absolutely have all the incentives to lock you into their walled garden as much as you'll take it, and then some. They will happily do it under the guise of protecting user privacy too.

So no, they shouldn't get a pass on everything they do in the name of privacy just because they aren't an ad company. Although in this case the proxy server is reasonable I think.


For the vast majority of people, the walled garden is irrelevant. They're going to run the same apps on either Android or iOS, but on Android those apps have more ability to invade your privacy and Google is doing whatever it is they do to make money off you. On the other hand, Apple has every incentive to respect their users privacy.


Apples service revenue is rising every year and they've actively pivoting away from making money with devices.

Don't read the marketing materials, read the actual financials.


Exactly this. Apple has been sugar coating their initiative as privacy moves while they are actually strategic moves with every step towards crushing Google.

The problem starts they focus on services revenue. The old days Steve Jobs would built Services to sell more products. Now Apple are building services only to extract more profits and revenue.

And as the web include Apple ID for login, more users will forever be lock into Apple ecosystem even on the web. You no longer have users or customers direct relationship. Everything goes through Apple. And in the name of good and privacy Apple is standing in between every business and their customers. All while acting badly in the case against Epic when things dont go their way.


But their services revenue is from selling stuff (apps, in-app purchases, music/video/game subscriptions, cloud storage) to their users, it's just digital stuff instead of hardware. That doesn't change anything fundamental about the business model. They make money from selling stuff to their users. How is that at odds with the grandparent comment?


Is selling their search bar to Google (very significant part of services revenue) "selling stuff"? Seems like it's more like the "you're the product" line Apple likes to market.


OK but are they pivoting to ads? That would be relevant.


Google also has a multi-billion dollar hardware business.

Source: https://www.theverge.com/2020/2/3/21121492/google-hardware-m....


Google's revenues are closing in on 200 billion a year. If the hardware business makes, say, 2 billion a year, it's safe to say that the hardware is a pretty insignificant part of the overall business. The data gathered from that hardware on the other hand...


What Google does is irrelevant to how much you can trust Apple.


> clearly more about hurting others than protecting users

How is that clear?

I don't have rosy feelings about Apple. But their primary business is designed around making the iPhone environment pleasant and unscary. While Google's is about optimally monetizing information about me.

I trust Apple and Google just the same... to both do their best to follow their business interests. It just happens that one happens to align more with my interests than the other.

If you think Apple and Google handle privacy essentially the same aside from superficial marketing, I think that means you don't understand what either of them want.


I do unless proven otherwise


Yes I trust a hardware company over an Ad company any day of the week.


Just my thought:

"So, these behemoths have now started to eat each other to satisfy their never ending appetite for money and control. What next? Remaining ones colluding together to prevent entrance of new competitors?"


I'm hoping what's next is:

"With mobile and social media platforms having finished their market expansion, and their product categories having settled, privacy-respecting open source alternatives catch up in functionality and usability. Anti-trust and regulation to enforce privacy and interoperability ensure these new entrants get a chance in the market, and consumers have a real chance to escape the clutches of the behemoths"

Tall order? Sure - but all progress starts with a dream.


I'm not sure social media platforms will ever settle. I have already seen one round of proprietary IM networks being toppled and replaced with Jabber. Only for some evil bastard to apply a EEE strategy to Jabber and actually succeed, so we end up in the current situation of yet another round of proprietary IM networks.

It is also not a matter of "catching up in functionality and usability". It will never catch up. Proprietary networks can build on top of free ones, but not viceversa. Also, every pseudo-feature introduced by a proprietary network soon becomes mission-critical (e.g. people will say free network X is not "up to the task" because one cannot easily send animated cat pictures with it, in the same way IRC suddenly became "not up to the task").

In summary, it is absurd to wait until free networks "catch up". They will never "catch up", for some users definition of "functionality and usability", and network effects will take care of the rest of users. The only way this works is if users are willing to actually prioritize free-ness and to actually trade off some features to gain it. Boycott closed networks, even.

But that will never happen.


My mom was never going to use IRC. But she DOES use iMessages.


> apply a EEE strategy to Jabber and actually succeed

You talking about Google killing its Jabber compliance?


There's more than one. Google, Whatsapp, Apple for starters. All of these 3 started from an XMPP server and then fenced it.


The problem is they have enormous budgets for promotion and marketing, and they already own multiple direct channels. And the inertia effect is enormous - people simply don't like to change their habits without a very good reason. So the decisive factor is for people to understand they already have a good reason. I don't think this understanding is something mainstream yet though.


understanding isn't mainstream

so, yeah, inertia is certainly a factor, but the staggering level of tech incompetence among the masses is also a likely factor.


Will happen the year linux starts dominating desktop.


I've been promised that for 20 years, and waiting for 27. I'm willing to see whether or not Linux ever really "desktops".


It's starting to dominate mobile already!


Android != linux anymore than iOS == BSD. Both have open source kernels but all the stuff that matters on both OS's is closed source. As long as there is money to be made on selling computing devices open source will ALWAYS be at a big enough disadvantage that it can't catch up. Simply because Apple, Google, Microsoft etc.... can take the ideas from open source and build it into it's OS's but Linux can't. I'd personally love if Open Source ruled the consumer market but that's not going to happen.


I am not speaking about Android. I also did not say "started" but "starting". Here are the GNU/Linux phones with constantly increasing number of sales (but still tiny of course):

https://en.wikipedia.org/wiki/Librem_5

https://en.wikipedia.org/wiki/PinePhone


I love Open Source but I can't ever see them competing with Apple or Google. Literally billions of devices out in the world tied to services that are critical to everyday live. I think this war is already lost.


Please stop spreading learned helplessness. I see a lot of people don't like both Apple and Google, so GNU/Linux phones will definitely spread significantly.


I'm not spreading anything, if you think a lot of people don't like Apple and Google enough to consider linux phones that are objectively less useful then you live in a tech bubble. The VAST majority of people just want their phone to text, show google maps, browse Facebook, and shop Amazon on the apps they know and are used to. It's unlikely in the Extreme that we will see mass migration to Linux. That's not helplessness, I can and have run linux as my main desktop at various times for the last 20 years. It's simply not as good as the commercial alternatives. It's just reality.


> if you think a lot of people don't like Apple and Google enough to consider linux phones that are objectively less useful

I think that Linux phones are going to be very useful very quickly given huge interest of the community and openness of the platform.


Isn't it insignificant in mobile?

Linux dominating mobile should not be about Android using the Linux kernel underneath the scenes...


I'm just going to issue a prediction that as long as "recompiling components of the OS" remains a satisfactory answer to a technical problem on linux subreddits, this will never, ever happen.


This is an absurd remark, yet often made.

Whenever a solution to a technical problem is "recompile components of the OS", this means the answer to the same problem in a "non-linux"/non-free system would be "piss and moan and bend over and take it up the tail pipe". aka: no solution whatsoever. The developer's way or the highway.

The point is: once your problem is complicated enough that your only resort is to edit the software, free software _at least_ gives you the chance to do that. It's no wonder people actually suggest doing it. Proprietary software does not. It's no wonder people _don't_ suggest doing it.

If it was supposed to be a complain, better rephrase it.


> Whenever a solution to a technical problem is "recompile components of the OS", this means the answer to the same problem in a "non-linux"/non-free system

The kicker being that such problems are so rare as to be functionally nonexistent, and even in such cases, usually contacting the vendor can at least give you some options. A few anecdotes from my own experiences:

1) Windows\MacOS have never simply refused to use a network card, for no apparent reason.

2) MacOS has never destroyed it's own bootloader because it was Tuesday and it was bored: Windows did it once, but it was repaired automatically by the recovery partition.

3) Windows\MacOS have never refused to play audio after resuming from standby until rebooted.

> The point is: once your problem is complicated enough that your only resort is to edit the software, free software _at least_ gives you the chance to do that

But conversely, I don't have to edit software I paid for that's built on a reliable, if imperfect, OS. A reboot fixes almost anything wrong with Windows, and sure, I'd appreciate it if it could be like linux and stretch it's uptime into years, but also, a reboot takes less time than a run for coffee.

That a solution technically exists is less important than the accessibility of the solution.


> That a solution technically exists is less important than the accessibility of the solution.

No, it's not, and I really want to emphasize that. If the alternative is _no solution_ then the accessibility of the solution is a rather moot point. That is the point I was trying to make.

What you want to say is that it does not matter if free software makes it _possible_ to solve your problems, because (you claim) you don't have these problems with proprietary software, or (you claim) you have a simpler solution available for those that is only applicable to the proprietary software.

I am not going to enter that particular discussion. I just wanted to point out how it is absurd to simply claim that "as long as people keep recommending recompiling stuff open source won't work" when actually A) people recommend it _because you can actually do it_ , unlike alternatives B) being able to recompile stuff is actually a major if not the main strength of free software, so it is a strange argument to point it as a negative.


> I just wanted to point out how it is absurd to simply claim that "as long as people keep recommending recompiling stuff open source won't work" when actually A) people recommend it _because you can actually do it_ , unlike alternatives B) being able to recompile stuff is actually a major if not the main strength of free software, so it is a strange argument to point it as a negative.

And my reply to that is, in the context of mainstreaming Linux to the wider computer using audience, that's ridiculous. You might as well tell every person who owns a car to never pay for repairs again, because you can, via the proper hardware, reprogram the ECM. That "solution" applies only to an interested subculture of (awesome) people who hack shit.

To say to my aunt Doris that Ubuntu can be better for her to use than Windows and then require her to learn a fair bit of bash script and C# to complete that journey is ridiculous.


> You might as well tell every person who owns a car to never pay for repairs again, because you can, via the proper hardware, reprogram the ECM.

No one, absolutely no one is saying that (specially the part about "never pay for repairs again" -- another common nonsense).

What I am saying is that between a otherwise-identical non-reprogrammable ECM and a reprogrammable ECM, the objectively better choice is the reprogrammable ECM. Because even if you don't know how to do it, you at least have the choice to let someone else do it. It doesn't matter if you personally do or don't understand how to reprogram ECMs. The choice is still clear.

> my aunt Doris that Ubuntu can be better for her to use than Windows and then require her to learn a fair bit of bash script and C# to complete that journey is ridiculous.

Your aunt Doris doesn't have to learn C#. But she _has_ the option to, she has the option to follow the instructions from someone she apparently read on the Internet (what motivated this discussion, I thought), AND she has the option to convince/hire someone to do it for her. When your aunt Doris hits the same issue with Windows, .... she's stuck! Better luck with Apple!

I suggest that if you have any interest whatsoever in free software, spend some time to understand this aspect, because it can and does reframe the discussion. If you remove the free part from "free software", what remains is basically just software; the same as any other piece of software, a rotting bug-laden piece of shit. Why deny this feature?


>2) MacOS has never destroyed it's own bootloader because it was Tuesday and it was bored: Windows did it once, but it was repaired automatically by the recovery partition.

Must have been one hell of a hangover from that Mardi Gras ball.


Unfortunately, given today's new story[1], it doesn't look like at least one Open Source vendor is taking the "privacy-respecting" high road.

1: https://news.ycombinator.com/item?id=26114194


They already do that.

Google has been paying Apple $8-12 billion per year to be the default iOS search engine. In more realistic terms, it's payment for Apple not to create their own search engine.


Which part of the quote do you think applies here? Are they eating each other or colluding? It seems to me like they're collaborating to make users safe and private. I don't see how this positively or negatively affects either company (don't think Google cares about the IP address of users querying safe browsing).


Well they’ve already done that, so this isn’t next it’s the past, which will continue to repeat itself. Big Tech companies will probably start behaving more and more like oil companies.


Isn’t Apple selling the default search spot to Google already collusion to prevent entrance of new competitors?


Here's an implication of your collusion comment. If a default spot is sold to an organisation with highest market share, it is collusion. Can you imagine scenarios in which this implication wouldn't be true?


It's not just an organization with the highest market share. It's an organization that has the only competing web browser and mobile platform. Apple and Google collude because it gives them 100% control over mobile and the web.


Not in any possible interpretation of the situation...

For one, the user can change the default search spot.

Second, selling it doesn't have any difference that having it just be Google (without money changing hands)

Third, why did some upcoming challenger overbid Google for that spot and they were rejected?


Your first point was already clarly rebutted by the EU in the Internet Explorer case.


No it wasn't, that was Microsoft defaulting to it's own browser. Using it's market dominance to give another of it's products an unfair advantage. If Apple made a search engine and defaulted to that engine it would be the same. Exactly how Google does on Android. That should fall under the exact same area as IE did.


Yes, and they have a long history of colluding, including artificially suppressing engineering salaries.

https://time.com/76655/google-apple-settle-wage-fixing-lawsu...


Why would you collude when you have shared incentives? Capital is perfectly capable of shutting out smaller competitors without it, and in fact we've seen this for decades now.


Only explicit collusion would be new there. The big tech companies have been strangling any particularly strong looking startup in the cradle through acquisition for years now.


Explicit collusion wouldn't even be new. They've been doing it for a long time to keep salaries down:

https://time.com/76655/google-apple-settle-wage-fixing-lawsu...


What gives you the impression that Apple is trying to eat Google here? For all you know, it could've been a collaborative project between Apple and Google.


According to the Apple documentation, if the user is in China this check "may" be done via Tencent.

https://support.apple.com/en-us/HT210675

>For users with China mainland set as their region in Settings > General > Language and Region, Safari may also use Tencent Safe Browsing to do this check.

Are these checks proxified as well?


Before using Google, all these service and data go through Tencent for years.


It's highly unlikely. It is required by CCP law to record user activities up to 90 (or 30? vague memories) days.


> 90 days

Actually sounds pretty good. In Australia it is 730 days.


>> It's highly unlikely. It is required by CCP law to record user activities up to 90 (or 30? vague memories) days.

> Actually sounds pretty good. In Australia it is 730 days.

No, it doesn't. China requires the content of user activities to be saved, so your chat history is literally being sent to the local police in real time for scanning. The result is stuff like this: https://www.youtube.com/watch?v=MiMLVYK4hEc (Chinese police casually asserting their dominance by locking some poor guy in a tiger chair for badmouthing them on a private WeChat chat). A few years back someone found an analyzed an unsecured Mongo DB that was storing these messages: https://www.bleepingcomputer.com/news/security/open-mongodb-...

IIRC, Australia only has metadata retention requirements.


The Australian implementation is "metadata", but what that is and means is still rather ambiguous.

After a five year court case, the Federal Court decided in 2017 that the average citizen isn't allowed to access all data that may be about them, despite being allowed to do so under the Privacy Act. If that sounds ambiguous... It's because it is.

Without an ability to say with is metadata and what is not, everything may be getting stored, and some companies will be overly conservative in how much data they are storing.

Not to say that this is worse than the Chinese implementation which is far more explicit in its demands for privacy invasion, just that the Australian case is... Worse than it sounds.


That's eye opening if true.


Surveillance in China is completely ubiquitous to an extent that most westerners don't realize. There is an excellent book on the subject, "We Have Been Harmonized" by Kai Strittmatter that discusses it. As an example, if you jaywalk in Shenzen, facial recognition technology will trigger and have your face and name posted on a television screen before you have even finished crossing the road.


I am sorry, but how do we know that youtube video is real? The channel it is uploaded to doesn't seem trustworthy at all.

>China requires the content of user activities to be saved,

Do you have a source for this? I find it hard to find information on this, I assume it's because I don't speak Chinese.


> I am sorry, but how do we know that youtube video is real? The channel it is uploaded to doesn't seem trustworthy at all.

The copy I linked is clearly a re-upload of a re-upload, it was just the first copy I found.

How do we know anything is real at all? I don't have a specific chain of custody for the video, but I judge that it's likely true because the practices shown are consistent with other reports (e.g. https://www.youtube.com/watch?v=M8PgCUap1Vg, https://www.hrw.org/report/2015/05/13/tiger-chairs-and-cell-...). It gets other details right, like the anti-motorcycle crackdown. Also, the low-level Chinese police that would create a video like that very likely do not understand how bad the optics of it are when seen by foreigners.

> Do you have a source for this? I find it hard to find information on this, I assume it's because I don't speak Chinese.

https://en.wikipedia.org/wiki/WeChat#State_surveillance_and_.... It wasn't hard to find.


>https://en.wikipedia.org/wiki/WeChat#State_surveillance_and_.... It wasn't hard to find.

This says nothing about the amount of days. Neither do the sources.

>Its parent company is obliged to share data with the Chinese government under the China Internet Security Law and National Intelligence Law.

Can be said about the US as well, companies can be forced to share their data with the government.

edit: Thanks for the HRW report, I'll have a read


> This says nothing about the amount of days. Neither do the sources.

Is the amount of days really the most important aspect of this?

> Can be said about the US as well, companies can be forced to share their data with the government.

While the US is definitely not perfect, that's a false equivalency. One can only draw superficial parallels between the US and China on this topic. The key difference is actually in the area of political culture. For instance: both the US and China make a big deal about the "rule of law," but they're actually talking about very different things. The the US, it means the law is applied consistently and even constrains the government. In China, the government is in a very real sense above the law, and the phrase merely means that they demand you comply with their rule through the laws they make.


>Is the amount of days really the most important aspect of this?

No, but if people cannot get such a simple thing right, and find citations for that, I also don't trust they got the rest right. No one has linked me anything that says "all messages from everyone need to be stored for whatever amount of days".

If you are going to paint China as the bad guys, at least do it over stuff that can be supported by facts, or if it is supported by fact make sure you can show them if someone asks.


[flagged]


This breaks the site guidelines and we ban that sort of account. Please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here. Also, if you could please stop posting unsubstantive comments generally, we'd be grateful—we're trying for something a bit different on this site.


[flagged]


I didn't need to see more "CCP oppresses people" proof. I asked specifically for the linked video and the specific law. Just because other bad things happen doesn't mean all things are true. You are bringing unrelated topics into the conversation that are sure to start a nationalistic flamewar.


[flagged]


And how is asking for sources denial?


Thank you for standing up for yourself and asking for sources here. Asking for an original source is totally fair, and I think it’s extremely valuable to ask. I’d like to see them too. There’s nothing wrong with asking for proper citations.


[flagged]


For climate change, if someone links a fake study that comes to the right conclusion, you can still call them out for it. If they bring up some statistics you can still ask where they come from, and see if they are generated in a valid way. If someone asks you shouldn't link them other studies.

There is nothing wrong with asking how we can know some specific source is truthful or not. So far no one has answered my actual questions.


[flagged]


Please don't take HN threads further into flamewar, or post in the flamewar style generally. We're trying to avoid that kind of thing here.

https://news.ycombinator.com/newsguidelines.html


I'm simply replying to their comments.

Are you seriously going to side with the person claiming my 100% CCP related comments aren't related to the CCP? Please don't give into the gaslighting dang.

Edit to add: actually, please point out where there's any anger in anything I said, or the other person said, flamewar - "angry or abusive messages." If you read the messages as perhaps intense, maybe you could define them as intense - as they are important topics. I'd really like clarification on how this qualifies as flamewars. Really curious who flagged this as well? Was the person involved in trying to suppress the conversation on the CCP one of them who flagged it?


When people start getting into meta-argument like "I never said $X" and "You're ignoring all my points", that's a clear marker of degeneration into flamewar, especially the tit-for-tat-spat variety. That, combined with the drift in the generic-nationalistic direction, is enough to count your comments as taking the thread further into flamewar. This is not a hard call. Just look at the number of generic hops it takes to get from "Apple redirects Google Safe Browsing traffic through proxy servers" all the way to "CCP doesn't allow United Nations inspectors". That is exactly how internet discussions become more repetitive, more predictable, and nastier. The basic principle of HN moderation is to try to nudge threads in the opposite direction to that. Lots more explanation about those things here if anyone cares:

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

"Gaslighting", "suppress the conversation", "CCP" are red herrings. We don't care which high-order bit you've got set on your views. We care about the conversation as a whole. It would be just the same if you were arguing the opposite side. Actually I don't even bother figuring out which side people are on any more—the flamewar comments are basically interchangeable either way.


Thanks for the response. I agree it was leading into a potential flamewar, however no anger or harassment was said by either side.

I'm not sure how the # of hops it takes matters if a conversation is still related, why there is gatekeeping - other than it makes it a quantitative decision for you vs. qualitative - cutting out moderation responsibility of actually determining if one party is speaking in good faith and the other is not, which it sounds like you admitted to not caring about. So if a pattern matches you flag/hide it. I can understand why a sole moderator may take that, however that's a terrible thing for holding space and helping people learn their behaviour isn't okay - in fact, you're teaching people to not hold the line for integrity.

Do you not care for people to learn, for lines to be held in regards to integrity and good faith conversation - just like how you responded to me, and I'm responding to you?

Also, those aren't red herrings at all from my understanding of that term; does me saying that mean this is degenerating into a flamewar and should be flagged/hidden too, or perhaps my previous paragraph is somehow considered a personal attack - when no malice was intended (and is valid conversation unless invalidating by gatekeeping to make moderation easier)?

I'm curious too - how does my reply getting flagged/hidden to others nudge conversation rather than censor/suppress it to others who may then add to the replies - on either side of the discussion - or maybe upvote/downvote lazily?


The more hops a thread takes in generic directions, the less related it becomes. Worse, the generic topics are predictable. They are like large planets that suck in all passing spacecraft. We want HN threads to meander in less predictable ways—this is literally the biggest issue with discussion quality on the forum, so it's a big deal. I'm not sure what else to tell you other than the links I mentioned above.

I certainly didn't say we didn't care about good faith. I said we didn't care about the 'high-order bit', meaning whether you're battle for left vs. right, $country1 vs. $country2, and so on. I'm not saying that for theoretical reasons, just empirical ones: it doesn't make a difference for discussion quality, and actually the comments of people on either side of the hard divides resemble each other (e.g. in being rigid, predictable, adversarial) more than they resemble anyone else's.

If there's still a question here that is super important to answer, I'm happy to try to answer it, but I need to know specifically what it is.


The less related it becomes to the original post but how is gatekeeping that relevant, other than using it as a quantitative metric to use to simplify moderation decisions?

And of course generic topics are predictable. If you don't think global security, a generic topic, as important - of whatever planet you're from, or whatever countries/nations - whomever happened to be the first one to excel at capitalism first, and then the other to benefit from capitalism + lower labour costs to accelerate themselves to a global power - then I don't know what to say. You're moderating repetitiveness which is strange, like you don't like boring conversation, another quantitative/pattern based moderation metric vs. qualitative - strange gatekeeping, though I understand how it simplifies it and it is then a narrative you can state as a justification that doesn't require you to actually engage or understand either side.

And I strongly disagree that my comments are interchangeable with the other person's in this case - however yes, if some person is arguing in bad faith and someone else puts the effort into holding people to integrity and good faith, then that conversation will be predictable - especially someone like you who all day long you're seeing patterns of conversation, and adversarial, by definition - there's friction at the point of bad vs. good; perhaps you're bored and/or overwhelmed, so you just pattern match and create quantity-based decisions instead of qualitative to hold the space in a more nuanced way.

There's no question, just perhaps some judgement on the "dumbed down"/simplified moderation practices - ideally there'd be 10 to 100 of you so you could afford the time to not condense things in such a way.

Thanks for engaging.


Gatekeeping that is relevant because moderation's job is to prevent the system from ending up in the failure modes that it will otherwise default to. By "the system" I mean HN as a whole: community, software, moderation, etc. Someone needs to monitor the global state of the system and intervene to nudge it when it drifts off course. Moderation is like a small feedback control mechanism to regulate that, and little else.

What determines what counts as "failure modes", "off course", "on course", etc.? That sounds vague but it is actually easy to answer. We're trying to optimize for just one thing, namely intellectual curiosity [1]. Everything follows from that. For example, since curiosity fades under repetition, we try to avoid too much repetition [2]. Similar with nastiness. Repetition plus nastiness is sort of the essence of flamewars, so those are particularly a moderation concern. And so on. Actually the fact that HN has a clear definition of what it's going for, and it's possible to derive all sorts of interesting and counterintuitive consequences from that, is my favorite thing about the job. We're not claiming that any of these rules or judgments should be universal—simply that they're necessary for the kind of site HN is trying to be.

[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

[2] https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...


Those points are not related to this topic, and derail the conversation. This is not what HN is for. We can start this discussion but it would fully derail anything related to Apple redirecting Safe Browsing traffic. It also doesn't answer if a video is truthful, or a law that people talk about actually exists as described.


It's looking like your account is hovering on the edge of using HN primarily for political and/or nationalistic battle. That's a line at which we start considering banning an account, because it's not what this site is for, and it destroys the curious conversation that HN is supposed to exist for. Would you mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules when posting to HN? We'd appreciate it.

More explanation on how and why we moderate HN this way:

https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...


Can you tell me how to deal with people who bring up unsourced things that I feel aren't (fully) true, or are "fake news"? I agree that I can sometimes get stuck in a discussion, but I also feel like it's harmful to let unsourced claims spread. In this thread I mostly wanted people to source the claims they were making, and for that I got downvoted and called a shill. How should I approach this in the future?


Gatekeeping the conversation is another bad faith argument, and a control/suppression tactic, and I assume why others are downvoting you; your logic is incongruent as well, we did start the conversation - and then you keep trying to avoid it, you could just not respond if you didn't want to get into it - in fact you opened up the conversation asking a question in regards to the CCP.


It definitely uses Tencent Servers for China.


> Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit.

That is false. Google produces the hashes and can easily reverse them.


IIRC a non-identifiable portion of the hash is given to the Google, then Google returns a bunch of potential matches with associated safety score, and then it’s up to the client to either block or not.


How many of human-kind's inventions been to thwart our own bad behaviours? I hate this kind of tech purely because the reason we have to do it at all is to thwart nefarious behaviour.

Google Safe Browsing exists because people are shit heads. Apple proxy servers exist because Google is a shit head.


From the article:

> According to Apple, before visiting a website, Safari may send hashed prefixes of the URL (Apple terms it “information calculated from the website address”) to Google Safe Browsing to check if there’s a match.

Does anyone have links to algorithms for such "hashed prefixes of an URL"?


Yes, it's clearly documented at https://developers.google.com/safe-browsing/v4/urls-hashing. It's a public API (with more than one compatible implementation) that anyone can use so it's not like the algorithm could be a secret.


I assume it's the same as when it was mentioned in 2019

"A 32-bit hash prefix like "ba7816bf" would represent the first eight characters of a 256-bit, 64-character SHA256 digest of a full URL.

Before it loads a requested website, Safari, like other browsers that implement a safe browsing lookup system, will hash the URL of the website to be visited and compare its hash prefix to the received hash segments of malicious sites."

https://news.ycombinator.com/item?id=21254166

https://www.theregister.com/2019/10/14/apple_china_tencent/

https://developers.google.com/safe-browsing/v4/urls-hashing#...


"A 32-bit hash prefix like "ba7816bf" would represent the first eight characters of a 256-bit, 64-character SHA256 digest of a full URL."

Is this done for 'privacy'?

Pretty thinly veiled attempt, because they could easily create hashes for every url their crawlers come across, and do some statistical wizardry to try to find out which of the 1000 urls with that prefix you visited. Right?


It's as good as you can get without resorting to maintaining the database on the client.


Of course it's done for privacy. If Google created hashes for every single URL it crawled, the hash prefixes that are downloaded by clients would be enormously large, wasting multi gigabytes for on-device storage of these hash prefixes.


> Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit.

Can anyone explain how this works? It isn't making sense to me. If the hash is unique enough to match in a database identifying malicious websites (without false positives), isn't it also unique enough to identify the website the user is trying to visit? At least to anyone with the hashing algorithm? Doesn't it have to be, in order to work at it's intended effect, to match a list of malicious websites?


Occasionally, you download a list of hash prefixes. This local database is used to do a probabilistic match as to whether it might be a malicious website.

If it might be, you send that hash prefix to Google, who respond with a list of full hashes with that prefix, and then you can go through that list (locally) and determine whether the computed hash is in the malicious set or not (without false positives).

The important point is that the full hash is never sent over the wire from the end user: only a prefix (typically four ASCII-encoded hex bytes) is ever transmitted.


aha, thanks!


It's not about hiding the website you visit but about hiding the ip it was visited from. If Google can't tie your ip to the website request they can't use it to market to you. I'm not sure why the hash is made a big deal but hiding your ip is the real value here.


So, you're saying that the URLs visited are not the important bit, just that "someone under this IP is browsing internet" is the most marketable bit?


No it's the combination of the two. If they tie the ip to the domain and then tie that ip to non-safe browsing websites that were visted by that same ip and they can easily start to identify the "safe" sites you visited. If you stop that IP from being identified (also stopping most if not all browser fingerprinting techniques) than it's MUCH harder to identify you as the person that visited those sites. It's the relationship that really matters. Apples proxy breaks that relationship. So does a good VPN setup.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: