1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
2) details of what they backup securely, besides photos (which is top priority for me): iCloud Drive: Includes Pages, Keynote, and Numbers documents, PDFs, Safari downloads, or any other files manually or automatically saved to iCloud Drive.
3)BUT, perhaps the BIGGEST news here is that Apple is making a backup statement to what they've been saying for years and what they've recently gotten negative attention on: They don't want your data. They're not Goodle/FB/Amazon. They're giving you 2TB+ of space and you can encrypt it to the point that you'll lose your data and they don't care -- they don't want to mine your data, they don't want to know what you store on there, the don't care to scan your pictures with AI 20 different ways, they don't want to monetize it, etc, etc., just pay them money for their service and transactionally they give you only thing that you want in return -- reliable, secure, private service.
seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
It's good to be passionate, but blind devotion is dangerous, especially since we already know by now Apple is positioning itself to become a major player in the advertising space and - with a dwindling economy and an increased pressure to sustained growth from shareholders - that's going to continuously encroach on our privacy guarantees for monetization purposes.
I'm advocating for an open and interoperable ecosystem of operating systems, services and applications, which is the only way to ensure sustainable customer freedom. Unfortunately that ecosystem doesn't exist yet so we're stuck with the duopoly of evil-doers (and while Google openly admits it is their business model to monetize you and your data, Apple has been caught with their hands in the cookie jar a bunch of times already and they're just developing a sweet tooth, so...).
Full disclosure: I've been using only iPhones for 12 years and am still using one today.
> we already know by now Apple is positioning itself to become a major player in the advertising space
We don’t know that. We know that they put ads in the App Store, that’s it. I wish they did not, because it made the store even more of an unusable mess, but it really is not even in the same league as Google and Facebooks, systematic surveillance.
> increased pressure to sustained growth from shareholders
This sounds truthy, but is there any evidence of this? Apple is famously the company that tells rent seekers after more ROI above all to fuck off (both Jobs and Cook).
> I'm advocating for an open and interoperable ecosystem of operating systems, services and applications, which is the only way to ensure sustainable customer freedom.
Now that’s a real point, which deserves more than being buried after a paragraph of half-truths (and I almost entirely agree, FWIW).
> It's good to be passionate, but blind devotion is dangerous,
After starting a post like this, it is disappointing that you fell in the trap you warned the OP about. Being contrarian and using mis-informed tropes is not a good way of having a rational discussion. It is not being cool or clever at all.
> We don’t know that. We know that they put ads in the App Store, that’s it. I wish they did not, because it made the store even more of an unusable mess, but it really is not even in the same league as Google and Facebooks, systematic surveillance.
They also put ads in Maps, Stocks, and News, and they "started asking people last year if they wanted to enable personalized ads on these apps."[0]
> This sounds truthy, but is there any evidence of this? Apple is famously the company that tells rent seekers after more ROI above all to fuck off (both Jobs and Cook).
"Inside the ads group, Teresi has talked up expanding the business significantly. It’s generating about $4 billion in revenue annually, and he wants to increase that to the double digits. That means Apple needs to crank up its efforts. "[0]
Plus the advertise iCloud in the Settings app with a red badge, which is just annoying.
> "Inside the ads group, Teresi has talked up expanding the business significantly. It’s generating about $4 billion in revenue annually, and he wants to increase that to the double digits. That means Apple needs to crank up its efforts. "[0]
This doesn't mean they need to do it with targeting/data mining. I swear all the data mining does is show me ads for stuff I just purchased 3 days ago, and that's with google-level surveillance.
I don't like the idea that we discuss this as a law of nature.
I am an iPhone user since three years ago but if at some point I get a better deal elsewhere, I'm off.
And with Apple I pay extra for premium, and there is only so many ads[1] one can shove in before the premium feel is gone.
As for the targeted ads, I share your feeling that the targeting is badly over hyped, except you are lucky compared to me:
Ads for products I bought 3 days ago would be wildly relevant compared to most of the ads I can remember from Google. It was almost always scammy-looking dating sites. For a decade. Don't know what I did wrong but it seems there was a fluke with my account. Or they just god more money from scammy-looking dating sites than from anyone else.
Oh, and when it wasn't ads for scammy-looking dating sites it was pay-to-win games, and based on the ads you could be forgiven for thinking they were made by the same folks.
[1]: I'm no hardliner here: contrary to many on HN I actually see value in some ads and think I have sometimes made better purchases/been reminded to do things I wanted to do anyway.
> It was almost always scammy-looking dating sites. For a decade.
Every time people tell me that AI is great, I remind them that the most frequent ads I see are: 'Goth Muslim hookups' and 'automatic chicken coop door'.
It unfortunately seems to work if you don't go out of your way to block all trackers everywhere and never sign up for anything. I don't personally get any ads I would ever give a crap about, but my wife has been complaining like crazy and constantly blowing up our family plan with data overages since I started ad-blocking at the DNS level because she's constantly being served ads for stuff she actually wants and tries to click on it only to get blocked by my DNS server when it tries to go through a known tracker redirect to grab conversion stats for their campaign or whatever, and then she switches from WiFi to data in order to use the ISP's DNS instead.
They either have to do way more ads, or way more targeted ads. Would you prefer an endless stream of low-relevance ads, or a few high-relevance ones that required massive amounts of data mining to produce?
For a maps app I'd imagine it'll be more a case of businesses will be able to 'boost' themselves to people in the area. Slapping big banner ads across a maps app isnt going to generate much ROI given most people will be using it in carplay mode.
> Apple’s VP of advertising platforms Todd Teresi has been asked to bolster annual revenue into 'double digits' from about $4 billion today" (Aug 2022)
Double digits isn’t a major player. Google and FB are already making nearly 200B ad revenue each. If every Apple app and device showed ads constantly it still wouldn’t come close to the views that fb and web pages get to display ads used by Google and Facebook.
Just to put everything onto the same scale, 4 to "double digits" requires a 2.5X increase. "Double digits to triple digits" would require a further 10X increase.
Basically take everything lost by Meta/Facebook directly attributed to ATT and you'll get a very clear picture on what they can very easily get back with their own ecosystem.
> If every Apple app and device showed ads constantly it still wouldn’t come close to the views that fb and web pages get to display ads used by Google and Facebook.
I can’t begin to imagine how irritated Tim Cooke is by the revenue Google and Facebook make from adverts on iOS and he clearly wants in on it.
Given that both those ad companies make revenue off iOS, it’s not unreasonable to aim for a similar level on the platform.
That's only the immediate goal. It would be bad for them to eat up the percentage of the market lost by their competition right away; that would get some unwanted attention regarding monopolistic behavior.
They clearly want a slice of that market, and they have the patience needed to wade in.
Tim Cook told ROI-focused investors to "get out of the stock."
Unfortunately now you've unlocked the "haven't you heard of platform fees (Google Play) or walled gardens (Nintendo eShop) before?" tangent.
There is no new information here - some people are perfectly happy with Apple's walled garden business model as it is and/or don't think Apple should be forced to change, while some think that Apple should be forced to change it so that customers can have more freedom or developers can collect more money.
You mean “infamous” as in what every other platform does - including Google and the console makers? The console makers even force game developers to pay a royalty on every physical game sold.
> 30% of all revenue that passes through an iPhone
A bit of hyperbole there. 30% of revenue from sales of digital goods after the first $1m (15% before).
I’ve probably spent $20k on Amazon using my iPhone this year alone. You don’t think Apple takes 30% of that, do you?
Besides, it’s so funny when people use “rent seeking” as a pejorative. Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?
A bunch of years ago I made several hundred thousand dollars from the App Store. You know how much I would have made without the app store? Zero. Do you think I begrudge the 30% I paid, any more than I begrudge the rent I pay for this house?
I understand people who dislike the Apple walled garden and want no part of it. I do not understand people who want all of the benefits but expect Apple to provide it for free.
> 30% of revenue from sales of digital goods after the first $1m (15% before).
Not quite - if you go over $1m in revenue you pay 30% on all revenue in the following year.
I honestly believe that if the App Store were to start now, they would feel entitled for a cut of all physical goods transactions that happen.
I don't believe Apple produces 30% of value when someone (hypothetically) signs up for Netflix on an iPhone. Apple's App Store actively hinders value creation when they prevent Netflix from using their existing saved credit cards to re-subscribe a user on an iOS device.
> Do you think I begrudge the 30% I paid, any more than I begrudge the rent I pay for this house?
It sounds like you saw value in something, and you paid for it. A competitive product would be able to stand on it's own and developers (and users) could make a decision on what product they wish to use - I'm sure that a lot of developers would continue to use Apple's payment infrastructure because they find it easier!
> I honestly believe that if the App Store were to start now, they would feel entitled for a cut of all physical goods transactions that happen.
There must be a name for this fallacy, where one bases their opinions on speculations about how things would be different today if their already-held opinions had been true long ago. Some kind of retroactive confirmation bias?
> It sounds like you saw value in something, and you paid for it. A competitive product would be able to stand on it's own and developers (and users) could make a decision on what product they wish to use - I'm sure that a lot of developers would continue to use Apple's payment infrastructure because they find it easier!
You're not paying for the payment infrastructure. You're paying for the discoverability and distribution. I cheerfully paid 30% to reach a few hundred thousand users when I could have reached, maybe, tens of users on my own. I find it hilarious when people explain how I was ripped off with exorbitant fees.
>Besides, it’s so funny when people use “rent seeking” as a pejorative
"People" including anybody from Marx to the left, all the way to Friendman and Hayek to the right, including Adam Smith...
Sorry, rent-seeking is milking assets without producing value (or with only minimal investment/maintainance costs). It's the opposite of a functional market.
>Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?
No, you're supposed to not want an economy where people don't mouch off of standing assets, but actually contribute to making value (and products and progress and stuff).
Rent-seeking 101: "Rent-seeking activities have negative effects on the rest of society. They result in reduced economic efficiency through misallocation of resources, reduced wealth creation, lost government revenue, heightened income inequality, and potential national decline."
The Apple ecosystem is not the App Store. They make money off the sales of physical products and their own services like iCloud.
Making money off of the App Store is pure rent seeking. It's maintainance and (very infrequent) improvement costs (negliblible compared to its profit) don't make it any less so. Heck, actual rented properties like houses also incur some maintainances costs on the owner.
> Besides, it’s so funny when people use “rent seeking” as a pejorative. Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?
They mean "rent" the econ jargon, not "rent" the thing you pay to your landlord.
Everyone uses Google Play because it's convenient. But as a notable example, Fortnite refused to use Google Play for a while precisely because of that 30% fee, and it worked out pretty well for them. Eventually they gave in and put Fortnite on Google Play. Although Google kicked them off later (they pushed an update which allowed users to bypass Google's 30% cut using their own payment system) so it's back to direct download from the website.
> Apple is famously the company that tells rent seekers after more ROI above all to f off (both Jobs and Cook).
One of my favorite CEO moments comes from Tim Cook on an earnings call:
“If you want me to do things only for ROI reasons, you should get out of this stock,”
And then more recently “If you're a short-term trader, do not invest in the Apple stock,”
I understand both, but it’s so odd to hear a CEO tell people “no, we don’t want your money” and I will grant that Apple is luckily not in the position of needing it.
Keep in mind when a stock is trading the original company doesn't get any of that money unless they have shares.
What Cook is saying is that Apple is in the enviable position of being to make long term plans. Not every decision can immediately be boiled down to an ROI calculation, but that's what short term thinkers want.
For example, how much has Apple invested to develop this E2E system (the tech, support, etc...), and what is the ROI? IMO, over the long term it should have a positive ROI, even if I can't draw a direct link from quarter to quarter right now.
Doesn't matter what they claim, look at the numbers and what they're actually doing. Apple has a good product with the iphone but they aren't running a charity, it's a hugely profitable business that puts money over everything, even human lives (see how they aid the CCP's totalitarian regime as an example).
For users to trust them as a guarantor of privacy and rights is naive at best if not outright idiotic. Since they comply with Beijing why would one assume they won't feed your data to Fort Meade and Brussels - who as a sidenote are planning to outlaw end-to-end encryption for major apps: https://www.patrick-breyer.de/en/posts/messaging-and-chat-co...
So the fact that you don’t have to use Apple’s in app subscriptions for users to be able to subscribe is irrelevant to the argument that apps have to use in app purchases for subscriptions?
You're missing the point. The lack of alternative app stores or the ability to accept payments and control subscriptions via other gateways is the problem. You either use Apple app store/payments and accept the fee or you don't have any transaction ability in the app.
I want to make an iOS app. I've already paid Apple the $100 bucks per year or whatever it is, so I've "done my part".
Then, I want to have in-app subscriptions and payments, and I found a great service, XYZ, that does this.
So, on my own time, with my own device I bought (which by the way, in another money-grubbing move, HAS to be another Apple device, even though there are 0 solid technical reasons to force this), I write the app, I put in the integration for XYZ.
Can I publish this to large amounts of iOS devices?
They're both Turing machines, if that's what you're getting at.
In practice, no, a console is not a general purpose computing machine.
On iOS, by design, you can install almost any kind of application even without jailbreaking it. Which people do, you can have Excel and Maps and IDEs and whatever.
Consoles, by design, do not allow that. It's almost strictly meant for games and media.
And again. I don't care. Both types of walled gardens should be abolished.
I don’t think Apple is seriously considering a major play in ads and if they are I think this signals pretty hard that they won’t be doing it off the back of consumer data.
It just doesn’t make sense to their business strategy. Apple is premium, ads are the antithesis of premium. Just doesn’t make business sense.
> After starting a post like this, it is disappointing that you fell in the trap you warned the OP about. Being contrarian and using mis-informed tropes is not a good way of having a rational discussion. It is not being cool or clever at all.
Once a brand starts to build large-scale mindshare, there is of course the inevitable brand-wars fanboy faction, but there also pretty reliably seems to emerge an anti-brand faction - this pattern is consistent across NVIDIA, Apple, and many other leading-but-controversial companies. The mere mention of these companies in a positive context gets another faction reliably winding up about how awful they are and how everything they do is actually fake and a lie and intended to rip off customers unlike my favorite brand, etc.
It's essentially another form of parasocial relationship - but it's a negative parasocial relationship instead of a positive one. People gain identity from opposing the brand-signifier rather than supporting it.
The existence of fanboy factions is oft-observed at this point, but I rarely see anyone acknowledging the opposite side - the people who just are reflexively contrarian and negative about anything surrounding a brand, regardless of any counterbalancing concerns or factors. The hateboy, if you will.
And blind hate is just as destructive to nuanced conversation as blind devotion. It's also destructive to actual progress - positive steps need to be acknowledged and encouraged even if you think it's still the overall worse option, and negative steps from a brand you favor need to be acknowledged even if you think they're still the overall better option.
To do otherwise is to oppose actual progress over what amounts to parasocial tribalism - in both directions. The hateboys are just as toxic as the fanboys to reasoned discourse.
I can see your point, but wouldn't classify myself as an Apple "hateboy": I've been using iPhones since the 3GS (we have 4 iPhones in the family, 2 iPads and a MacBook).
I've just been extremely disappointed by their hypocrisy around privacy (which is a subject I'm very passionate about). They've betrayed my trust when they announced the on-device scanning functionality a few years ago; yes, I know they eventually dropped it after massive pushback from everyone that understands its privacy implications but before doing that they treated us "screeching minority" like dirt, I've never seen such condescending behavior from a legitimate company, especially one that I previously respected.
Their massive push in the ad space, combined with other scummy behavior (phone-home on macOS, backdoor access that sidesteps firewalls from 1st party apps, etc.) just paints a bleak future where all the big players (Google, Microsoft and now Apple) treat us like sheep; it's just so frustrating and sad...
The only way for a 2T business to grow is by expanding the Services business significantly, in some market that is already known to be close to half a trillion dollars in revenue.
You really think Apple is trying to make small change with ads in Apple Maps?!
> Google, for instance, used to show you ads based only on your search keywords.
This is still true. You basically never see personalized ads on search, since getting a contextual ad for cruises when searching for programming answers probably isn't going to end up with many clicks. Instead, it's only really 'Google Ads' (AdSense on other websites) and YouTube where personalized ads result in higher CPMs.
(Although Google does indeed use your search history for ad targeting.)
> (Although Google does indeed use your search history for ad targeting.)
Yes, and it's not the advertising part that is evil. It's the part where they spy on every aspect of your life because doing so makes ad sales more profitable.
Point of order: their inline-ad-placement on search results is evil. It exists to trick the unwary, including vulnerable people like the elderly, sometimes into landing on scams, thinking they're legitimate because Google presented them as top-level search results.
> Point of order: their inline-ad-placement on search results is evil.
I don't think that is necessarily evil, but it certainly is embarrassing for Google since Google used to make fun of competing search engines for that exact behavior back when Google was still the underdog.
Spying on everyone's credit/debit card transaction data, on the other hand, is definitely evil.
> as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases
Personalized is "we're showing you ads for local gyms because we noticed that you've been watching a lot of Youtube videos about workout routines". Or whatever.
If I see ads posted in the wall on a subway in Manhattan, that they are talking about restaurants nearby and not in San Francisco does not cross the threshold of 'personalized advertisement'.
If a digital panel switched to show me restaurants in San Francisco because they detected that I travel there a lot, that is absolutely personalized.
Similarly, if a maps service shows me restaurants near my destination that have paid for placement, thats not personalized. If they show me fast food restaurants on my route because I got directions to one previously, that is personalized.
It is a moot point because Apple isn't anti-advertising _nor_ anti-personalization. They are pro-privacy. Like Google, they will just move ad determination onto the device.
I'd argue that the difference is memory. When a service provider starts making decisions based on an individual user's history, rather than only using factors which they can infer on the spot, that's the point at which I'd call the behavior "personalization".
We aren’t talking about blind devotion, though, are we?
We have a tangible actual important thing. Apple can’t plumb our backup data for their own profit.
You want to be careful not to ignore information just because it doesn’t comport with your preconceived assumptions. At least consider weighing them against your assumptions? I’m never going to be against a cookie-based metaphor, but that doesn’t make it apt.
> It's good to be passionate, but blind devotion is dangerous
Agree with you there -- the data might be encrypted on Apple's servers but that doesn't mean Apple can't scan your data on your device and report the findings back to the mother ship. They've made it increasingly difficult to know or control what system processes do.
"Unfortunately that ecosystem doesn't exist yet so we're stuck with the duopoly of evil-doers..."
That is no longer the case. There are projects starting to come out which are open source and building on top of AOSP like GrapheneOS, CalyxOS and a few others but those two are solid options at the moment.
I am not sure why GrapheneOS doesn't get mentioned here on HN but it's seriously a wonderful project that includes privacy features not available even on iOS. They are this far ahead of the game when it comes to privacy and security. Highly recommend checking them out.
> I am not sure why GrapheneOS doesn't get mentioned here on HN
Probably because with GrapheneOS you have to rely on Android phone vendors which lock down the devices more every year. In my opinion, this is not a sustanable solution in the long term. GNU/Linux phones could be more sustainable.
>Apple is positioning itself to become a major player in the advertising space and - with a dwindling economy and an increased pressure to sustained growth from shareholders - that's going to continuously encroach on our privacy guarantees for monetization purposes.
Or they could sell us a rugged iPhone with a removable battery and SD card slot to extend storage but keep the proprietary OS to keep the music/movie ppl happy plus keep out malware not sent via FISA warrant, but if they did that Tim Cook might jump off the top of the donut apparently, so they keep going the way you describe.
> Or they could sell us a rugged iPhone with a removable battery and SD card slot to extend storage but keep the proprietary OS to keep the music/movie ppl happy plus keep out malware not sent via FISA warrant, but if they did that Tim Cook might jump off the top of the donut apparently, so they keep going the way you describe.
I'm sure 3.5 humans who want that will appreciate that product.
> we already know by now Apple is positioning itself to become a major player in the advertising space
There's a fundimentally different approach to advertising by Apple than say, Google or Facebook. For one thing Apple isn't doing web ads. They've not got an adsense style platform and likely never will.
The ad network they're building is for inside their own apps, and likely eventually for app developers to integrate into their own apps - apps only.
In addition those ads are for items within their existing ecosystem, ie more apps.
In terms of data collection this means they dont need the insane levels of information that Google and Facebook collect. All they need is a rough idea of your interests, which can be gained from the apps you use, and your activity in their own apps. Everyone using an Apple device must know they store your location, so that ones an obvious no brainer.
They dont however need to know your browsing habbits. Would it help target better? Absolutely, but the whole aim of their ad network is to keep you inside apps, not browsing the web. If you're using Chrome, Safari, etc they cant advertise to you as again, its not a web-based ad network.
As data collection goes, the way they're doing it is about as least intrusive as you can get. Theres no following you around the internet going on, which has always been the biggest issue with Google and Facebook.
I'm not saying Apple is a 'saint' in all of this, but its not even close to the level of tracking other companies use.
> The ad network they're building is for inside their own apps, and likely eventually for app developers to integrate into their own apps - apps only.
The money generated there will affect behavior elsewhere. These walled garden profit centers always do - having disproportionate number of resources for the task and with it the ability to ignore the needs of the greater business.
Can you give examples of some of the times Apple has been caught with their hand in the cookie jar? Otherwise it seems like a bit of a false equivalence.
I can't generalize, but could point out to the contraction of venture capital investments, for example. Does that mean "dwindling economy"? Maybe not, but it does constitute some type of signal.
Yeah, this has been so depressing to see. I disliked that there were ads when I signed up, but it was part of a bundle with other things (arcade, music, tv, fitness, etc.), so I gave it a try. But they've been increasing in frequency and they've been added to places they didn't exist before (like when you swipe to see the next article). It's still nowhere near as bad as reading a web page without an ad blocker, but it's definitely past my threshold of pain, and so I'm just using it less. I want the other things in the bundle, so they'll count me as a subscriber, but I'm using it less each day.
What's particularly odd is that some articles have no ads at all. Some have the same ad repeated literally 3-5 times in a short 1,000 word article. And the ads are all trash. They seem like those awful chum-boxes you see on web sites. Who in their right mind thought this would be appealing to the typical Apple user? I mean, regardless, I have never intentionally clicked on any ad on the web in 30 years, and I'm not going to start now.
It's sad because it's exposed me to regional newspapers from around the world. I live in California and see articles from newspapers in Idaho, Utah, Connecticut, upstate New York, Dallas, Miami, Chicago, etc. and even from other (mostly English-speaking) countries like Canada, England, Ireland, Isreal, and Australia. They even include some (English-language) stuff from China. I don't normally see news sources that diverse on the web because it takes more effort. But the ads just make it not worth it to continue using.
News+ silently dropped one of my preferred news sources last week. No updated articles for a week now and it's no longer listed on the news sources page on the web site. Oh well, I'm still in a free 6 month trial but no longer intend to become a paid subscriber next year.
Even with the amount of leverage they have to control third parties, media companies are too big for them to control. I’d be willing to bet they had little choice but to let the various publications run ads as they please. Those companies don’t need to be available on Apple News+ to survive. But Apple News+ has no chance without them.
Are these ads? If I see a large derivative, I can usually glance down at the relevant news to see why. More often than not, it says "No Recent Stories", which shouldn't be the case for an ad.
The news articles in the main view are just top business stories from Apple News. I don't see anything ad like at all, actually.
I hate ads, but for most people paying some bucks a month to make sure their 2nd brain of photos/notes/passwords/texts/etc is totally (and now privately) backed up is a worthwhile insurance policy.
I think the argument that advertising iCloud plan upgrades in settings, where you’ll be pointed to if you run out of backup storage, is very benign as far as ads go. Although I do think that they should have a method to dismiss it(I don’t see this so I’m projecting that they don’t).
I don't have ads on my phone or my desktop. Why should I settle for a shittier experience A? The fact that there is an even shittier experience B is no argument.
The only 'ads' I've seen from Apple have been the aforementioned iCloud invitation in Settings, there is also a prompt to sign up for iCloud when first setting up the system. That's an element of user choice - 'use our service, or don't, we won't ask twice'.
Unlike MS - you have to link everything with an ID when first setting up W11, no choice unless you go to extreme workarounds. Constant nagging and manipulation thereafter.
With that said, what platform are you using that has no ads at all? Presumably Linux on the desktop, which I can almost use. But unfortunately I can't use it on mobile, I have too many use cases in the personal and business world that require a 'normie' grade phone.
Yes, Apple is slightly less bad than Windows. On the other hand, Linux doesn't have any ads (other than the silly ones Ubuntu is trying to push on the command line these days).
Calling a onetime pop-up of a service offering an ad is stretching the description somewhat. Also, it's losing sight of the main argument - ads driven by gathering personal data is what causes concern.
If you consider that an ad, then we are not talking about the same topic. Like sure, pedantically it is an ad, but is not the kind people mind or hurts their privacy at all, nor does it have shady incentives (it is not a third-party service).
Nextcloud is more a backup-adjacent system. You can use it for backups, but you're on the hook for maintaining that system and keeping it secure. Maybe you have time and will to do so but most don't. It's a lot simpler than it used to be on Ubuntu (nowadays just `snap install nextcloud` and you're good to go) but that doesn't make it carefree.
I ran my own Nextcloud instance for ~3 years, recently moved to Syncthing for simplicity. But that use case is more about making certain pieces of data available to all my devices, not for backups.
File backup is just one of its many capabilities. I use these apps in Nextcloud currently which sync to all my devices:
News/RSS reader
Cospend like Ihatemoney
Contacts
Calendar
Music
Mail
Photos
Talk for voice and video
Bookmarks
Deck/kanban board
Tasks
Notes
Maps
Polls
Forms
Money
Health
Passwords
Collectives/Wiki
I did the same with my instance. More power to you if the tools are good enough for you, but I found them too clunky to use compared to dedicated products in the space.
Still, I did appreciate the breadth of apps that one could install.
Nextcloud ecosystem is best of class rather than best of breed. Not every app is the best, but many are under active development and improving rapidly. I might have too many eggs in one basket, the the maintenance is very easy this way.
Subjective and rhetorical, but yes lots of people think there's too much money on the table to just eschew ads in their products. Let's be honest, Apple has a captive market, and their largest real issue is that they make too much money and can't find anything to spend it on.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
Their software is not open source. Before this announcement you had to trust Apple not to look into the files you store in the cloud, now you have to trust that they're actually going to encrypt your files and not save the decryption key. Ultimately you still have to trust Apple.
A combination of any open source OS, any cloud provider and Cryptomator or Veracrypt wouldn't require as much trust in one company.
You're trusting somebody no matter how you do it unless you own all the hardware that supports your ecosystem.
The Free Software world has had ample opportunity to produce something as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.
I've watched the whole FOSS world happen in my career, and there are places where I cannot IMAGINE choosing a closed source solution, given my druthers. But it's also become super clear to me that the FOSS world isn't interested in producing polished user experiences. Sure, you or I could cobble together a FOSS-only phone-and-syncing stack, I guess, but I don't care to. Most people aren't us; doing so is beyond them.
Suggesting a normal person use something OTHER than iOS at this point is questionable at best.
A bazaar cannot produce things that are coherent and smooth: it takes a vision of a single person to control a large amount of aspects, implemented by other people the way the leader prescribed. That requires the cathedral approach.
Sometimes it works with a right BDFL, for some time (like Python). It also works with solo projects, and with projects with large commercial support (like Blender), especially those which don't normally accept your pull requests, except as a proof of concept (SQLite).
But the normal open-source model produces things like Linux, git, ffmpeg, VLC, etc, which are wonderful and have immense power, but are hardly sleek or excessively coherent. And each of them is much, much smaller than macOS or iOS.
Something I've come to understand is that just as we have "time vs. space" tradeoffs in, well, primarily computing (but can be applied to virtually everything), we can also reduce essentially all preferential decisions down to "freedom vs. convenience".
The kind of person that uses Apple products/services cares about convenience. The person that uses the third party Android ROMs, in particular, cares more about the freedom.
FOSS people who see themselves as digital freedom fighters LOVE to trot this out, but I don't think it's true in any meaningful sense.
It's more accurate to frame it as preferring low hassle to high hassle. Or to preferring well-designed tools to haphazard efforts. Or, from the other side, preferring some degree of DIY to turnkey products. (In particular, I think this is a HUGE piece of it; lots of hackers want to build their own toolchain, and then they get to feel noble because they're doing it for "freedom.")
I'm pretty "all in" on the Apple ecosystem. Each step of the way, I thought pretty deeply about my choices, and still ended up with an Apple option. But to characterize this as me caring more about convenience than "freedom" implies that I have somehow given up or endangered MY freedom, which isn't the case.
I'm able to do anything I want to do in this ecosystem. Macs are general purpose machines; I can build from source, and I can run code from any repository I want.
iOS is closed by design, and the result has been a very stable and predictable platform that I do not believe is possible WITHOUT that closed nature. I can't hack code on my phone, but I also don't WANT to. There are lots of appliance devices in my life I don't want to hack, and that I just want to USE.
You're right, you have the freedom to choose a device with less freedom. And that's fine. I'm not trying to be condescending to people who prefer convenience. It's a reasonable preference to have. I don't see how this disproves my point though.
I will admit, Macs are much better in the software realm, but the hardware has almost no internal upgradeability. There's some, but it's less. That's my point. And yes, many non-Apple computers also have that same problem. My gripe isn't with Apple. It's with companies who don't give maximal freedom with their devices, as I prefer more open systems, personally.
I am one of those FOSS people. I was all in on Apple up until about 6 months ago (iPhone 13, 13" M1 MBP, AirPods, an iCloud+ sub and some peripherals). My wife still is.
The main reasons I left are repairability and upgradability; forms of freedom that you simply cannot deny Apple isn't great at, from design all the way up to policy. Privacy was also a reason. It is true that you have to place trust somewhere up the chain when it comes to the way specific software handles your data, but things like where it is stored and how it is encrypted are in your own hands when you DIY.
These things are not theoretical; if I want to use a different Wi-Fi adapter, a new SSD, RAM, a replacement screen, speakers or barrel jack then I can. There are parts available for very reasonable prices as well as the manufacturers' repair manual. It doesn't require solvents or esoteric tools.
Now I use a business notebook with Linux that is worse than the M1 in some respects, but in hindsight I'm willing to give up the battery life and cool runnings for the ability to repair and upgrade (and ports! Ethernet, yay!). Same goes for the phone (I went for a FairPhone).
It isn't as polished, very true. There's some rough edges and it takes a little more work, and yes, sometimes a bit of frustration. But the upside is tangible, it's not some form of feigned nobility.
Wild. I can't imagine that transition. I can't imagine that thought process. It seems goofy to me. It's not just that you abandoned the high-polish, high-usability world of Apple; it's that you also had to bail from high-quality, high-polish hardware from any vendor. I've seen the kinds of laptops you're talking about; they're kind of awful, miles away from the best that Apple or even Dell or Lenovo are bringing to market. But you do you.
Honestly, I suspect you just like having to tinker with your stack to get work done. (I mean, I've been there - I use OrgMode.)
Sure, being able to swap out parts is theoretically nice, but you'll do that maybe once in the useful life of a computer -- but I haven't needed or wanted to do either in easily a decade. How often does this really come up? On the other hand, you'll confront that lack of whole-package QA and general polish every time you turn your computer on.
And I'm really curious about anyone's privacy needs if they abandon APPLE for roll-your-own. Yes, it's all in your hands now, but most people don't have the time or inclination to be sure they're doing all the right things, security-wise and privacy-wise, to stay safe. There's a good chance your DIY approach is less secure than iCloud unless you literally do this sort of thing for a living. I mean, this is why I don't run my own mail server anymore (hello, Fastmail!).
So yeah, I think lots of people say "freedom" when they mean "I just want to tinker with my toolchain a lot and occasionally feel superior about it."
>it's that you also had to bail from high-quality, high-polish hardware from any vendor. I've seen the kinds of laptops you're talking about; they're kind of awful, miles away from the best that Apple or even Dell or Lenovo are bringing to market. But you do you.
I use an HP 830 G5, a high end 13" thin notebook from 2018. It cost me 350 bucks. I sold my M1 for 70% of what I paid, and I can replace this thing for something similar, so it makes financial sense in my case. It's just a platform, I don't really care about the thing itself. It hooks into a thunderbolt dock for a lot of it's life anyway.
>Honestly, I suspect you just like having to tinker with your stack to get work done. (I mean, I've been there - I use OrgMode.)
I run Fedora 37 (35 and 36 upgraded without issue). I'm in the process of building a new house, which requires insane amounts of paperwork and communication as well as document storage and exchange. I need this to be rock solid, running E2EE on a NextCloud VPS in combination with this workstation setup does that for me. It's a little work up front, but it's been smooth sailing ever since setup was done. It just gets out of my way; I don't care about this WM versus that, this display manager, the whole systemd discussion. Everything except the fingerprint scanner just works, no tinkering required.
>Sure, being able to swap out parts is theoretically nice, but you'll do that maybe once in the useful life of a computer -- but I haven't needed or wanted to do either in easily a decade. How often does this really come up?
You can't predict breaking your computer. I managed a pretty large fleet of Macs for a living for about 2 years; build quality is great but they're not infallible. When they do break, you're at the mercy of Apple, and I simply do not have the time to wait for their repairs. With this setup, not only can I upgrade whatever, whenever, but anything that will run Fedora and has a modest amount of local storage can replace it for at least the time being.
Compare that to the situation I was in: Any repairs that I couldn't have DIY'd probably would have cost me at least the total cost of this computer (maybe even twice over) and would have put me out of business for a few days.
>And I'm really curious about anyone's privacy needs if they abandon APPLE for roll-your-own. Yes, it's all in your hands now, but most people don't have the time or inclination to be sure they're doing all the right things, security-wise and privacy-wise, to stay safe.
Sure, but I do. I simply hate surveillance capitalism with a burning passion; I honestly think there is a logical set of steps from that to political division and a worse world to live in. So I don't want any part in it. I must admit that that sounds like philosophical grandstanding, but I promise you it's a sincere belief. It's not so much about privacy from state entities; that's a lost battle in my threat model.
If you're locked into an ecosystem that you cannot easily get out of (and there's a BUNCH of dark patterns Apple applies to try and poke you to stay as well as the obvious loss of software licenses) you're a boiling frog. I see Apple going in a worse direction incentive-wise. Nowadays, I just don't care about where they're going anymore, it's not my problem.
Well, that one's not so bad, but is also mostly a commercially-supported endeavor and has been for a long time.
Now, the Linux desktop is a shitshow, sure. It'll remain that way until they can settle on One Windowing & UI Toolkit to Rule Them All, which looks to be happening never and is definitely in part a consequence of so many very basic parts of the GUI being swappable and having tons of competing options. Though the kernel's attitude toward providing stable driver ABIs (or rather, not doing so) isn't helping.
Is it a shit show, though? Things were more rocky two decades ago, but my computing experience with Linux today is unmatched by any other kernel or operating system. Comparatively it feels like the UX of OS X and Windows are the total shitshows.
> as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.
Some of us prefer Android to iOS :) Having used iOS as well, the one thing I miss in Android is Continuity. Other than that, I find Android gives me a better experience. I'm certainly an outlier in many ways though compared to the average user.
My favorite part of android is how security patches go through a multi-tiered trickle-down system of testing to make sure they work with the dozens of custom flavors each manufacturer has so that by the time you get patched it's been in the wild for weeks or months. Oooh, ooh, no that's not my favorite thing, my favorite thing is how each cellular company gets to put their own bloatware on top of the bloatware that each phone manufacturer gets to add to it. Oh wait, maybe it's patch support ending for new phones 3 years after they were released. There is so much to love about how Android turned out it's hard to pick just one thing.
> My favorite part of android is how security patches go through a multi-tiered trickle-down system of testing to make sure they work with the dozens of custom flavors each manufacturer has so that by the time you get patched it's been in the wild for weeks or months.
This is not the reason for security patches taking too long to be released to certain phones; Google has a monthly cadence of releasing security patches and zero-days have rarely (I can't remember a case of that happening but maybe it has happened) missed do you have a source for it?
> Oooh, ooh, no that's not my favorite thing, my favorite thing is how each cellular company gets to put their own bloatware on top of the bloatware that each phone manufacturer gets to add to it.
There are unlocked phones available and honestly this problem is mostly a US problem. Rest of the world isn't in the iron fists of their carriers.
> Oh wait, maybe it's patch support ending for new phones 3 years after they were released.
You can vote with your wallet and choose vendors where this is not the case; Google, Samsung and Recently OnePlus offer 5 years of security updates.
>There are unlocked phones available and honestly this problem is mostly a US problem. Rest of the world isn't in the iron fists of their carriers.
In the rest of the world phones are unlocked in terms of being able to use different SIM cards, but mostly the bloatware is still there and can only be disabled (not removed)
> This is not the reason for security patches taking too long to be released to certain phones; Google has a monthly cadence of releasing security patches and zero-days have rarely (I can't remember a case of that happening but maybe it has happened) missed do you have a source for it?
Yet and still Microsoft solved this problem years ago. Why can’t Google? Hell my 2006 Mac Mini got years of Windows 7 updates after installing Windows on it.
This is interesting, they’ll try to tell you it’s because the cellular modem requires extra testing by the carriers and manufacturers, but windows can support upgrades that don’t affect an add-in card cell modem… so what gives?
I'm sure they do the same testing but because they control all the hardware and there are so few models to test on, it makes things much easier. I don't think there's anything in particular about Apple's process that would scale better to the number of devices supported by Android.
I don't, and that's not what I said. My point was that Apple doesn't have to think about testing vendor-specific bloatware every release across a wide range of very different devices.
Tbf the pixel phone does have issues making emergency calls, every time they claim to have fixed it we hear another report of an updated phone not being able to connect.
>The Free Software world has had ample opportunity to produce something as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.
You mean the same OS that allows you to build your own open mobile OS as opposed to a closed source locked down OS that permits only 1 app store and 1 payment system?
>Suggesting a normal person use something OTHER than iOS at this point is questionable at best.
It's only questionable if you prefer the prison that is iOS.
Acceptable security afforded today - through usability - is better than superior security, that could've theoretically been gained, but wasn't, because it was too difficult to set things up.
In particular, reviewing open source code has been repeatedly proven to be way harder of a task, than the proponents of this strategy are painting it to be. If you want an auditable codebase, you pretty much have to throw Linux, Chromium/Firefox, Gnome/KDE all out the window - there's just way too much code.
Auditable code is naturally always preferable to non-auditable, but you need to choose your trade-offs - or at least stop pretending you can read a hundred million lines in your life time.
On top of that - do you know a single non-tech person who knows how to set up a VPS, or knows what Veracrypt is? OTOH I can just show my wife: click here to enable backups.
Let me reframe the problem: What is your threat model? How much effort are you willing to commit to mitigate the dangers?
This is a succinct explanation of the problem. Do we give the vast majority of users extremely easy, frictionless access to very high levels of security and privacy? Or do we give the vast majority of users a fundamentally insecure solution that with lots of learning and configuring and time can be have very very very high levels of security and privacy?
The crazy thing is that apple hardware beats most other hardware, too, at a high price. Better phones, better tablets, better laptops. More secure, more private OS than the popular consumer alternatives (Windows, Android). Arguably much better OS all around, too (at least IMO -- iOS beats even stock Pixel Android at use-ability, MacOS v Windows is like the Harlem Globetrotters playing the Washington Generals.)
> stop pretending you can read a hundred million lines in your life time.
For me, and I assume most others, it's not that we expect to read all the code ourselves. It's that there's a large developer community and security researchers who have access to the code who will collectively read it all. Of course this isn't a guarantee that there are no security flaws, and you still have the pipeline problem of ensuring the binaries you get actually come from the code you think they do. But all else being equal, I think open source provides a significant level of threat mitigation.
Even if you fully trust Apple not to intentionally back door anything, there's far fewer eyeballs on their code. Given that access to source code also has the potential to reveal security holes that may have gone unexploited, there of course a tradeoff here too.
> It's that there's a large developer community and security researchers who have access to the code who will collectively read it all. Of course this isn't a guarantee that there are no security flaws.
Yeah, about that, I'm as much of an Open Source buff as anyone, but:
> Analysis of the source code history of Bash shows the Shellshock bug was introduced on 5 August <<1989>>, and released in Bash version 1.03 on 1 September 1989.
[...]
> The presence of the bug was announced to the public on <<2014-09-24>>, when Bash updates with the fix were ready for distribution, though it took some time for computers to be updated to close the potential security issue.
Especially older Open Source software tends to have maintainers that haven't adopted modern software development practices so we're back to square one, since most of this older software is foundational technology, like Bash.
I'm not sure I understand the concern. I don't think it's at all unlikely that there are such long standing bugs in closed source software that's been around the same amount of time. We might just never hear about it or those bugs might never be found. Of course, I have no proof that's the case, but I'm not convinced that finding longstanding bugs in open source software is evidence of inferior quality (this is what you seem to be implying, but I may be mistaken).
> but I'm not convinced that finding longstanding bugs in open source software is evidence of inferior quality (this is what you seem to be implying, but I may be mistaken).
I'm not implying inferior quality, I'm implying no correlation.
There was a very strong assumption from back in 1999, that "lots of eyes make all bugs shallow", with a focus especially on security.
In reality, there's no correlation.
You need those eyes to actually be looking at stuff proactively, you want automated scans, you want modern software development practices and CI/CD pipelines, you want those eyes to actually be qualified to look at what they're looking correctly, etc.
Just putting stuff out there and assuming "people will look at its insides" is a bad assumption.
Open Source in my experience is not inherently superior from a security perspective to proprietary software.
I think this is less of an issue than you might think - if they're going to decrypt for law enforcement then it will become painfully obvious there's a backdoor literally the first time evidence is brought to a court that shouldn't have been available without a decryption.
But that could be a very long time if they just apply some form of parallel construction to most cases. They aren't going to burn such information on the first low level criminal/CP target they find. Instead they will wait 5 years and then sweep up a bunch of people involved in some criminal "ring".
And the problem with all these services that provide some kind of E2EE encryption and still have a way to push application updates (or run something in your browser), is that they just slip a version on your machine that sends the password to the feds/whoever when you type it in.
Thing is, if law enforcement is patient they can get the data off the actual devices themselves, if they're still alive. Yes, a fully patched iPhone tends to be a fortress of might to anyone other than a nation state willing to burn a few very expensive 0 days, but with almost any phone if you wait a year or two something will inevitably come out that will allow the ol' Cellebrite crowbar a cranny to slip into.
Notably, the only other serious competitor in the space is also not open source. Sure, you can probably carefully construct a phone from only FOSS, with some compromises of course. But this is unfeasible for regular users, who have for all practical purposes only two choices. And those same users are unlikely to go for alternative replacements for built-in functionality just to reduce their exposure. Convenience wins every time.
my comment was not against someone 100% paranoid using grapheOS and doing their own backups somewhere and trying to figure out how to get a good google maps alternative in open source.
my comment was that against main stream companies apple leads the way, and it's overall great for a consumer.
do you personally expect every piece of open source software? do you run your own email servers, music servers, photo backups, etc.? If not, you somehow trust those companies -- why?
> 1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
This is an excellent point as to why you shouldn't even bother trying to develop software for apple machines. If it's anywhere near successful apple will just destroy you, after having taken a 30% cut from your revenue for years.
You pretty much have to be on their store to sell something, which means you give them access to your sales and customers. Which is a concept that is absolutely wild in any normal healthy competitive landscape.
Then they'll monitor and if you manage to actually be successful, 3 months later there's an Amazon Basics version of your product.
It's so incredible to me how these practices get no push-back. There used to be a time where in the case of Windows, people were wondering if its fair that they ship it with a calculator program. Now you can just use your massive platform and extend in every possible direction, seize secondary markets, nobody seems to care.
I think this is the part that is not legal, and which they say the don't do, etc
* Amazon uses third-party seller data to copy the site's most popular products, an antitrust report by the House Judiciary Committee alleged on Wednesday.
* Former Amazon sellers told an antitrust subcommittee the company released new products almost identical to their own and "killed" their sales.
* Amazon has denied accusations of this behavior in the past.
"We have a policy against using seller-specific data to aid our private-label business," Amazon CEO Jeff Bezos said in July.
> There used to be a time where in the case of Windows, people were wondering if its fair that they ship it with a calculator program. Now you can just use your massive platform and extend in every possible direction, seize secondary markets, nobody seems to care.
Windows was artificially crippled by the DoJ ruling and not including a PDF reader by default. I, for one, like it when more is built into the OS by default.
Well on the optimistic side, they might buy your product or company, which they have done numerous times in the past like with Beats, Shazam, Siri, etc..
ok, i may buy your argument from a perspective of a brand new cloud storage provider that's try to come up online and break into the market, but you're telling me that Dropbox, OneDrive, Box., etc., are all indie developers living in their parent's basements? These companies made a conscious choice not to offer encryption and now got the rug pulled out from under them. steve jobs famously said that this "Storage" is just a feature, not a product, and now they've proved it.
additionally, as far as i can see, those apps all free to download and you can buy their plans outside of the apple ecosystem and thus they get a free ride in the App Store without giving away any cut to apple.
While I am the very first one to fight for allowing side loading on apple devices, didn’t Netherland’s dating services decided in the end to go with Apple’s payment processing even with that cut?
I get this sentiment, but where do we draw the line? Shouldn’t OS makers (Apple, Microsoft) add additional apps just because third party developers have done it already?
"If you buy a phone or general purpose computing device, you have the legal right to choose your app store and applications installed on it seperate from manufacture demands".
The particular problem with Apple is not only duplicate your app, they can underprice it by 30% because they don't self pay their own store tax, and they can kick you out of the only app store for whatever reason they choose to make up that day.
I remember back in the early days of the iPhone, new feature releases would coincide with lots of apps being removed from the app store with the reason "this app duplicates core functionality of iOS."
> If you buy a phone or general purpose computing device
Point of clarity, the devices we are discussing are neither telephones, nor are they general purpose.
They are smartphones, a sort of miniature computer with a bunch of general-purpose sensors, and actuators viz. a screen and a speaker and some haptic feedback. They don't really do much computing per se; we outsourced most of that to The Cloud some 15-odd years ago. These things are just highly capable I/O devices, or clever terminals if you prefer.
And while Android has the PlayStore or whatever they call it this week, one can usually choose to load rogue APKs and one can usually succeed; and things like the Pinephone or Fairphone have been attempted that leave more power (and responsibility) in the hands of the user, but in practice it seems that they simply don't _work_ that well.
I agree with you wholeheartedly; I just think the "if" part is a bit out of sync with reality.
I like this view, though many people aren't just purchasing the phone from Apple, they are purchasing the OS and integration into the Apple ecosystem. Definitely think the user should have the option to pick the app store though
Apple doesn't seem to be in the business of selling software very much. Instead it's mostly used to increase the value of the hardware. The stuff I've seen them incorporate that at one time were apps weren't 30% cheaper when bought from Apple, they were free (i.e., they came with the device).
If they think some third party feature should be part of the core experience, they're going to incorporate it. This is true when building on anyone's platform (e.g., Microsoft, Facebook). Non-core experiences, like domain specific software, are less likely to suffer this fate. It's similar to when MS decided to ship a browser. God help you when the platform you're on decides they want to subsume your features.
> Apple doesn't seem to be in the business of selling software
As sheer hardware revenue growth slowed, they moved their focus to services [0].
That’s also what we’re seeing on their push into more ads for instance, and this new feature goes the same direction: to benefit these encrypted backups you’ll need to sign up for storage. For most people wanting to cover more than one device, they’ll probably end up with the 2Tb plan which is at 10 bucks a month, the bare minimum 50GB being at 1$ a month.
> Apple doesn't seem to be in the business of selling software very much.
This is veritably false, they made $80 billion selling software this year. You might not see the App Store as software revenue, but Apple certainly does.
The context of the text you quoted seems to pretty clearly be about Apple selling their own software, e.g., as a publisher, not as a distributor. This whole branch of the discussion thread is, after all, about whether Apple adding end-to-end encryption for iCloud backups is "sherlocking" other cloud backup providers (spoiler: no).
People who didn't live through that era really don't appreciate a key aspect of it, which was that MSFT OWNED the desktop -- like, 90+% of the market. There were no other real options. For a good chunk of that period, Apple was seriously on the ropes and might not have survived. (Michael Dell famously said it should be sold off and the money returned to the investors.)
Microsoft had deals in place with PC makers so that it was impossible, nearly, to buy a computer without buying a Windows license. BillG specifically told Netscape he planned to "cut off their oxygen supply" by shipping a browser with Windows, and he did this because he was smart enough to see that browser-based software could endanger their control of computing. That was literally illegal.
No one has anything like the control they had back then. The desktop market is still mostly Windows, but Apple got healthy and took a decent chunk back. Now there's also ChromeOS and Linux out there, too -- plus, we have mobile, which is an even BIGGER chunk of the platform market, and it's split between iOS and Android.
So that's at least 6 different software platforms a hypothetical user could pick in 2022, and they're spread over dozens of hardware manufacturers. That's been the norm for so long now that it's easy to forget how little choice we had in 1998.
*ANYWAY* the bigger point is that adding features to your system isn't a problem if you're not acting as a monopolist. Microsoft WAS in the 90s. Nobody has that ability now.
Apple just undercut this by creating an ecosystem which funnels something like 80% of mobile profits in their pockets.
Then they just point at marketshare and say: "we only have 30% worldwide". Yeah, but your stuff is aspirational and the vast majority of Android users have lower disposable income so spend less and many switch to iOS when they have enough money.
It's very sneaky and it's breaking everything down.
They do not control the market, and thus are not subject to -- and should NOT be subject to -- the kinds of restrictions justifiably imposed on actual monopolists.
>Android is stagnating, if anything despite the free and Open Source operating system
I might argue that Android is stagnating BECAUSE it's free/open source, and as such lacks effective leadership.
If a company could have 1 single user and that user could pay them $500bn in perpetuity for a product costing $1, they'd only want that customer.
They want more customers because they can't have that ideal case. First of all nobody would pay that much for such a cheap thing, secondly, nobody lives for ever. So companies expand to make more money (= profit) and to future proof themselves.
Again, as I said, very sneaky from Apple, and I'm arguing it's breaking down existing economic models.
It's basically another run-around at "winning capitalism". Monopolies were one way. This is another one.
I think you misunderstand why monopolies are regulated.
There is AMPLE computing choice today. There is even healthy choice available in mobile alone.
Monopoly regulation is about preventing those with market-controlling power from exploiting that position in unfair ways to the detriment of consumer choice. Microsoft did this when they tried to destroy Netscape by bundling a browser with Windows. There really WASN'T another viable desktop system at the time, and mobile didn't really exist; they owned the market.
Apple is free to improve their offerings in any way they see fit. They are even free to incorporate features into their systems that began life as products from other vendors; this is the normal way of things. If you don't like how Apple is behaving, you are free to shift your desktop to Linux or Windows or ChromeOS, or to migrate to mobile devices running ChromeOS or Android. That's a functioning market.
There's nothing sneaky about openly continuing to improve one's offerings.
HN is really, really bad about ascribing dark motives to every tech company not on the Approved List (which, of course, is constantly changing). Apple is pretty smart. Adding encryption to their backup scheme is one of those scenarios where yes, it's good business, but it's also the right move for customers.
There are still a lot of companies out there with significant control over their respective markets. Apple, for example, still has a huge control over the mobile device market and is not afraid to use it to their advantage. Companies like Amazon and Google also have significant control over their respective markets, particularly in the technology space.
Seems like we can never relax, always some company waiting for the chance to take over a space. Gotta stay vigilant.
Microsoft had something around 95% of the desktop market share in the 90s. Apple is not anywhere close that. I would agree it's similar in behavior but not intent. Microsoft was terrified of the Internet and applications that could "run anywhere" so they tried to control how people accessed the Internet. Apple is arguably adding these features because it's what their user's want.
> Microsoft was terrified of the Internet and applications that could "run anywhere" so they tried to control how people accessed the Internet
I see reflections of this throughout the history of the iPhone. Apple has always controlled how people access both the internet and even what applications they can install. Every "browser" on iOS is just Safari with a skin for example, because Apple will not allow any other browser engine.
Apple will not allow other browser engines because they are a subset of "programs that run arbitrary code".
Allowing anyone to put their browser engine on iOS through the App Store would open the door to a wide variety of security problems. It would also effectively bypass the App Store, as Google (just as a totally random example) could release their own iOS "browser" that's actually their own platform for apps that they sell. Not to mention inserting their own ads into anything people browsed on it. And tracking literally every single tap and text entry that people do in that browser, including bank passwords, credit card info, etc.
On a platform like the Mac, that doesn't matter very much, because it's small enough that basically no one would bother.
On iOS? If you could get 0.0001¢ per website visit from even 1% of iOS users, that would be a money-printing machine.
> Apple is arguably adding these features because it's what their user's want.
Apple would certainly argue that, yes. Foremost though, they're adding it because it's what Apple wants, and conveniently converges with the desire of the user.
Why do people act like what happened in the MS anti trust case is lost to the annals of history? Absolutely nothing came of the bundling IE with Windows in the US. There was never a time that IE was not bundled with Windows because of the lawsuit and there was no browser choice mandate in the US.
Spotify is pretty successful and yet, Apple went in direct competition with them, using APIs that only Apple gets to use in their Music app (like integration with Siri).
In the car today I asked Siri to play me a particular song (I have had Spotify defaulted for a while), it helpfully signed me up for a 7 day preview of Apple Music Voice and started playing it there! Where's the FTC? Is Apple too big to fail?
Or use Linux, the highly advanced MPRIS protocol is capable of tracking multiple media applications and presenting their playback controls. It's like space-age tech!
In recent versions, the "default" is just whatever last played media—if you were watching a YouTube video yesterday, and the tab is still open, pressing the play/pause key will start it playing again. There's even a little menu bar widget (it's called the Now Playing menu, and you can find it under Control Center in the system settings) that shows all the instances of actively- or recently-playing media the system knows about. Whatever is on top (IIRC) is what will automatically be controlled by the media keys.
I think you and I have vastly different ideas about what "giving" means.
I get 5GB of iCloud storage, unless I pay them £6.99/month for 2TB. No idea what the rate is over 2TB.
Have I missed a trick to getting this 2TB+?
(I have 7 Apple devices in my possession and have owned a further 2 that I've passed on to my kids; given the premium I paid for those I almost expect that I should get 5GB PER DEVICE, but of course that's fairly unreasonable in reality)
You can't even get over 2TB unless you subscribe to Apple One and even then you only get another 2TB. Pretty useless as a large scale backup service if the maximum you can ever pay them for is 4TB.
Per user. I know you would probably like to backup your linux isos to icloud but besides that the 4tb per account/user is pretty much all one would need.
This is for personal use, not business ;)
Been seeing a lot more of these snarky sort of comments on HN as of late, and its not encouraging. Can we keep it civil without making light jabs at others preferences or tech needs?
Oh come on, that's over-sensitive. The person made a lightweight remark, complete with wink at its conclusion. It was on topic and conveyed information.
Your reaction is derailment because you grabbed the wheel and steered the topic down a road about you and your expectations of discussion standards.
Part of respectable human interaction includes humorous, short and sharp casual responses on occasion. In this case, the post was replying to someone who called Apple's storage limit "pretty useless"... so we're well and truly in the fun zone of casual conversation. Not sure what you're seeking, the equivalent of a formal meeting with diplomats and official representatives?
Except the previous comment had no level of snark involved. You clipping out the "pretty useless" from the context is also misleading. You turn to hyperbole and end of your reply insinuating that I'm expecting some sort of formal discourse. I'm commenting on the "linux distros" portion and the which makes it sound more like a cheap karma harvesting reddit post.
Just imagine if more people made these sorts of quips out of the blue and how crap it would make the forum over time?
I wasn't aware linux distros would push the limits of 4TB cloud storage, so for me it was micro-informative. I also wasn't insinuating, I was asking you directly how much formality you want in online tech discussions.
All good. I don't want to drown in cheap karma-harvesting reddit posts either, but I don't see that happening here.
When "snark" is measured like spice in cooking, it adds flavour. I'm not suggesting popping the lid and dumping a jar of snark in the broth!
Except the previous comment had no level of snark involved. You clipping out the "pretty useless" from the context is also misleading.
You then add on hyperbole to end of your reply that I'm expecting some sort of formal discourse. I'm commenting on the "linux distros", which seems irrelevant. Putting a ;)
Unless something has recently changed, Apple One gives you either 200GB or 2TB to share in a family group. It’s not per user. Each user can purchase an iCloud+ plan on top of the shared iCloud storage included in Apple One.
Of course you are correct, Apple is not giving that storage away.
They do make a family plan for Apple Plus ($30/month) fairly compelling: 2TB per family member, Apple TV both has some good original content as well as serving as a quick index into most other stream services, the Arcade Games are fun enough, Fitness+ is something I use about 90 minutes a week, and Apple Music. That is a lot of “stuff.”
Then there are some things that Apple gives away for free. Their podcast app is free and lets you subscribe to a lot of interesting stuff that I might otherwise subscribe to Spotify for. Handoff saves me about 5 minutes a day. Anyway, I don’t much like the walled garden aspect of Apple, but for value and convenience they must be difficult to compete against.
sorry, yes, i meant it that you can can now purchase 2TB of stand alone E2E storage from apple for 9$/mo, or get it as part of iCloud+. "giving" was a poor word and should have been "available".
> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river
Ok, come on. What apple’s done here is great, and I personally use an iPhone, but you couldn’t think of a good reason to use anything else? An open-source OS?
The GNU/linux distros (in contrast to android) available for mobile phones are so far from usable, it is not funny. Android is a viable choice, but only if it doesn’t come with all the shit from the vendo/Google, which gives you effectively.. a pixel phone with GrapheneOS? Not too much of a choice, especially if you would like to filter based on hardware as well (where apple is just laughably ahead, iphones are ~2 generations ahead in raw performance)
I don't bring this up to start an argument, only because someone reading might look at this comment and assume they can't use a DeGoogled ROM for their phone unless it's a mainline Google flagship -- but LineageOS maintains a list of fairly lengthy list of supported devices, so if you want to use something other than your phone's stock ROM, you should definitely check to see if it's supported, it very well might be.
I also encourage people to check if their devices are supported by LineageOS when they run past their support period, it can be a good way to keep getting security updates past official support windows.
Good point, though pay very close attention for which device you have, some vendors (e.g. Sony) will wipe their camera’s fancy firmware or pull similar shenanigans. That way the tradeoff may very well not be worth it.
Yep, thanks for bringing that up. I should have mentioned that.
The forums should list some caveats for the device if they exist, but don't assume just because it shows up on the list that everything will work perfectly out of the box -- double check to see if there are any downsides.
Also, I should bring up that LineageOS comes in two variants: one without Google services and one with Google services. If you want to actually de-Google your phone, check to see that you are not going to run into problems with the apps you use.
Occasionally I see people who don't realize how deep Google services can go on Android, which in some ways gets back to your argument about how "open" Android really is. So it's just good to make sure that your stuff will all work afterwards if you're planning to go down that route.
You cannot match the features or usability of iOS with anything open-source. Full stop. It's not even a comparison.
Sure, if you're so laser-focused on privacy that you want some obscure phone which will do nothing aside from text, call, and send Signal messages, go buy the weirdest one you can find. otherwise you won't be finding anything remotely enjoyable if it's not iOS or a major android flagship. And out of those options, only one respects the user's privacy and security.
Apple has a lot of things going for it, but let's not pretend they're perfect and anyone who doesn't use their products is unreasonable.
iOS still doesn't allow you to sideload without shenanigans (requiring your to not only have a Mac, but also have it resign any custom apps every week is beyond unreasonable). Some people don't care about that, but I do and not being able to do so is 100% a dealbreaker for me.
Not using Apple because you disagree with their decisions does not make one intentionally "going out of their way to swim up river." It just makes one a normal person who doesn't want to use, what it to them, an inferior product.
> the don't care to scan your pictures with AI 20 different ways
This is especially ironic as another post on the HN front-page today is about Apple giving up on their plan to scan iCloud photos for CSAN after months of pushback.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
This is a little hyperbolic. E2EE backups are fantastic; Apple seriously deserves a ton of praise for this. And iPhones have been getting a ton of security/privacy features that I really love, I am not going to dismiss their contributions to privacy. And while I wish some of their services like the Apple VPN/masked emails were better done, they are still fantastic features that I encourage iPhone users to enable, and that I am thrilled to see rolled out to a mass audience.
Alongside that praise, I am though going to point out that the adblocking on the iPhone is sub-par[0] because mobile Safari lacks Firefox's extension APIs, and I'll point out that their app store model blocks some privacy apps like Newpipe, which forces people into using more invasive alternatives that require stricter privacy controls. I'll point out that it is harder in some ways to get away from the default tracking that happens in Apple's apps than it is to root an Android phone and disable/swap Google services.
Threat model and personal expertise matters here; I like a lot of what iPhone do, but I also dislike a lot of what they do. Personally, I feel more confident in my ability to secure a rooted Android device than I do to secure an iPhone against the majority of privacy attacks I'm worried about. That doesn't mean that iPhones aren't the correct choice for a lot of people. I feel much less confident in a family member's ability to secure an Android phone if I can't give them advice or help them through the process.
And all of this is ignoring that privacy is one aspect of consumer freedom and rights. I think we can praise Apple for what is objectively a great move for privacy without being this over-the-top.
----
[0] Before someone complains, I'm not saying that iPhones don't have adblocking. They do have adblocking and I encourage you to use it, it's great. But that adblocking is objectively not as powerful or comprehensive as it would be to use a tool like Ublock Origin.
I think this might be the single strangest objection to using an adblocker I have ever heard. Are you implying that installing uBlock Origin in a browser raises your risk of being tracked online?
I don't think I've ever seen someone make the argument that Gorhill should be trusted less than the advertising industry, that's a new one for me.
Well seeing there is a proven alternative method with iOS that allows ad blocking without the extension being able to intercept your browsing history, you don’t have to make that choice.
I already explained this in my parent comment, but the Safari APIs for adblocking are factually, objectively less effective at blocking trackers than uBlock Origin is. It's not a matter of opinion, there are things that uBlock Origin can do that Safari adblockers can't do.
People get really offended when I bring this up. I'm not saying that Safari adblocking is useless (you should use an adblocker with Safari, and there are devs doing excellent work to get around Apple's limitations, I have a lot of respect for them), but you are making a tradeoff for that sandboxing/permissions in the form of a less effective adblocker. This isn't just me saying this, if you talk to people writing iOS adblockers, they will tell you the same thing.
If you are so scared of Gorhill that you need to make sure he isn't tracking you, then sure, make that tradeoff. Or more realistically, if there are other privacy features on iOS that you care about more than adblocking, then make that tradeoff. But it's not just silly to pretend that the browsers are equivalent, they aren't.
And it's even sillier to pretend that an Open Source standard in adblocking should be rated higher on someone's threat model than the actual websites that are tracking you when you use a browser.
Once again, it's OK for people to like iOS or to point out that it has some excellent privacy features that make it a good choice for privacy-conscious consumers. And I'll give Apple praise that on iOS, the default browser supports an adblocker at all -- it doesn't require you to install a separate browser to get access to one. But we don't need to get hyperbolic and start arguing that Apple is somehow leading the pack on literally every single privacy issue; they aren't. It's OK to say, "in this specific issue, it isn't possible on iOS to get the same anti-tracking behavior that we could get on Android or on a desktop PC/Mac."
This is specifically looking at (pre-manifest-V3) Chrome, so there are some other differences with Safari, but CNAME uncloaking is the most obvious example.
See also some of the previous comments I've made about this in the past (https://news.ycombinator.com/item?id=23622206). A few of these details might have changed (I vaguely think I remember Apple raising the rule limit), but I think the fundamentals are all still true.
> Did you personally vet the open source code? Did you compile it from scratch and install it on your phone or are you trusting it’s the same code?
I have read through parts of uBlock Origin's code, yes, but ultimately I'm trusting the broader Open Source community to say it doesn't have holes in it. And yes, I'm trusting Mozilla's vetting process for its "trusted extension" category. I think that's a reasonable thing for most people to do.
Of course, I could compile the extension myself, but I think to a certain degree that would be security theater.
----
Again, just really surprising to see an argument that boils down to "this Open Source application might potentially spy on me, and that's a greater danger than the websites that I know are actively spying on me right now." If Safari adblocking is good enough for you and your threat models, great. You don't need to justify that by pretending that uBlock Origin is insecure.
I will note, by the by, that Safari's limitations mean that (at least on desktop) the top-rated adblockers like AdGuard have shifted to running as external applications separate from the browser (https://adguard.com/en/welcome.html). This is not a dig at AdGuard, I think the AdGuard devs (as of last time I checked) are doing really great work. But if you're worried about sandboxing, running a desktop app is a lot more invasive than running a browser extension. I don't know if there are ways to do the same circumvention on iOS, so it's possible that AdGuard devs are staying in the browser sandbox there; I'd need to double-check.
Of course, you can use apps like AdGuard as pure extensions in their more limited form (I don't recommend a specific iOS app, but unless something has changed since the last time I checked, AdGuard is a solid choice) -- but you will get a more limited adblocker as a result. The performance might be good enough for you, and that's fine. But it's still correct to say that it will be more limited.
----
I will also add to this just to preempt anyone arguing otherwise that I am not saying that browser extensions shouldn't have better sandboxing. They should, extension sandboxing is awful and it needs to improve. What I am saying is that the specific sandboxing model that Safari uses (and that Chrome is moving towards) for adblocking limits their effectiveness.
This. Technically the iphone can process images locally. Photos app shows what is in the picture (faces, pets, food) and can do ocr on text in screenshots and photos. This is a very real possibility to outsource the processing to your device.
The camera itself does software processing and you can't encrypt the light. It detects faces even before you click the shutter for capture. There is no way to keep the device itself from ever knowing what it was looking at. Something that sensitive is something you don't photograph.
we agree I believe. I am saying that technically the device gets thst information on-device, and could send it. Idk if that is the case, but it is possible.
Edit:The ocr and face recognition on the iphone is definitely more advanced than usual, thanks to the custom hardware on device.
I mean, if you can’t trust the very OS that handles your encrypted data, then you are lost either way, so that argument doesn’t make sense. It is similar security LARPing then hardware kill switches.
* Their executives admit that they want you and your family locked into their ecosystem (leaked emails).
Sorry, but advocating for them seems like very bad idea. Google was cool, pro-customer company once too. Until they had position to not be anymore. Open standards, without any vendor lock are only reasonable way.
>>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
Well for your use case maybe, but I do not find the value of trading privacy for freedom to be a good one, specifically since I can secure my data other ways including not storing it at all on my phone.
My phone is a tool, and I prefer to own and control completely that tool
What phone do you own and control completely? I was under the impression that every phone capable of being a phone contains BLOBs that you have no control over.
Not to mention a veritable panoply of chips that you could probably spend a lifetime on trying to prove correct and not malware'd, assuming you could even get the schematics, etc.
Can I use AppleTV+ without them tracking what programs I'm watching? Can I get them to stop showing me an ad in front of each program? Can I use Apple Music without them tracking the music I listen to? Can I use the App store without them tracking what apps I browse and download? Can I remove the ads from the App Store? Can I remove the ads for Apple Music from my iPhone?
> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
Except they only control 50% of the smartphone market and 15% of the PC market. So there is still a large market they're not covering
> Can I use AppleTV+ without them tracking what programs I'm watching?
Can I buy something from my local supermarket without them knowing what I bought? Can I create an EC2 instance on AWS without Amazon knowing who created the instance?
I don't like a super powered monopolistic company as much as the next guy and I totally agree that ads situation in App Store is not a straight business but come on.
Some people want to use their computer completely privately and that's totally fine, but when you are using a cloud service, they probably will know how you use it. What they do with that data and how they handle it on the other hand is of importance. The problem with the whole tracking fiasco starts when the provider sells your data or "access", collected using dark patterns for example to others.
I interpreted GP's comment to be more about how it's inevitable that businesses track consumer patterns, because after all it's directly their data. Who bought it is usually irrelevant.
That still leaves the purchase data freely available, and if you purchase the same kinds of items regularly you can probably build a profile. The purchase data itself is still valuable and still tracked.
I don’t know about you but when I go to our local supermarket and use cash to buy a beer, the person behind the register kinda sees me and recognizes what I picked. They even happen to know my name as they live in the neighborhood. Do you cover your face when you shop? Because this is the scenario I was talking about.
Apple doesn’t control ads shown on TV outside of Apple TV+.
How will they do recommendations if they don’t keep track of what you listen to? How will they do recently played lists?
How will they know if they should send notifications to your phone for your apps if they don’t have a record of what apps you have installed? All notifications are bundled together and sent from their servers to save battery life.
So two words I can't find in this thread are "lawful intercept". If a judge comes down on Apple and says they are required to produce your private content, is Apple going to throw up its hands and say, "Nope, it's e2e encrypted." No, they will not. They will either run something on your device to scan it, or they will exfiltrate your encryption key, because at the end of the day they own your device. Maybe this makes it harder for man-in-the-middle attacks or whatever, but if someone with the right amount of power cares, your data isn't secure.
so that means if your iphone breaks or gets stolen the data is lost? I guess they would have to enable exporting the encryption key to users to make the backup useful in these cases.
Give me open source dev tools for the iPhone and I'll jump.
While it is a closed garden, I'll begrudgingly accept it can be marginally better in some fields than other options, but Apple tries very hard to be a proprietary island in a world that has switched to free software.
The world of phones is based on free software. Android is based on the Linux kernel and AOSP - iOS is based on XNU, which is a combination of GNU implementations and BSD patches.
The fundamental iCloud product itself however is subpar and until that is dealt with, it won't be that huge.
Few examples:
Still can't keep photos on iCloud and delete thumbs on the phone. A real issue my old iPhone had insufficient space and I had to move to OneDrive.
Support for other operating systems is lacklustre. One of the core benefits of cloud is accessing your files anywhere when you need them, not possible unless you're lucky enough to find yourself on a Mac at that moment.
This is the biggest gotcha that causes people to lose data every day. They try to free up space on their phone only to unwittingly permanently delete photos.
The other really annoying thing is you pay $3/m for 200gb or $10/m for 2tb… there’s no middle ground, I’d like to pay $4 for 500gb or $6 for a tb.
I don't want to be offensive but this comment really feels like an intelligently-made shitpost. Or maybe I hope it is, and I hope OP doesn't have as much devotion to any company as they are displaying through this comment.
Apple offers hi res audio, but most cant and wont take advantage of it. Why? because most users of apple music use AirPods, and apple claims lossless wireless audio is not possible (despite the existence of LDAC). Therefore, you are streaming hi res audio to your phone only to downscale it when listening via your headset. Only people who really benefit are carriers, who can rate limit your data.
"most can't and won't take advantage" of it is a broad statement. i would think there are a lot more DAC/lighting adapters and analog headphones in the world than there are of AirPods, anyone that wants to listen to CD (16/44) quality can probably do so for free or a few $ already. my home "hi-fi" now consists of an old iPhone 8+ hooked up to a DAC piped into my receiver utilizing 24/96 setting from iTunes, no longer need for Tidal or Qobuz.
With high enough “resolution” does it really matter? (Don’t trying to start a fight, genuinely curious as I’m not too well versed in audio)
We don’t cry over bitmaps vs vector graphics in most contexts, especially that the hardware is trivially limited. It’s probably a bit more nuanced with speakers, but I imagine that they also have very real limits on distinguishable outputs for a given input, even if it is not as trivial to see as in the case of a w*h pixel grid of depth n.
It might be possible that with very ($1000+) high end headphones about 5% of people could tell a difference, but even that is questionable. I have done many blind A/B tests with my $500+ headphone setup and no one has ever been able to accurately tell the difference repeatedly. There is absolutely no way that someone would be able to discern the sound difference between 320 and lossless on an AirPod-quality speaker.
I’m not sure about large speakers however. I assume that it’s equally difficult to tell any difference, and I couldn’t when I tested my setup. However, I have listened to some incredible $4000+ speakers before, and at that level I wouldn’t be surprised if differences emerged.
There’s so much snake oil in audio and placebo can effect sonic perception so heavily that it’s nearly impossible to find anything objective. There’s also a lot in the chain - the DAC, the AMP, room acoustics… that will effect the sound, sometimes substantially - let alone the speakers and the actual source.
While microphones obviously exist, you can’t measure sound the same way that you can measure the nits and white point of a monitor - it’s far more intangible.
It does to some - I recently rediscovered my love of CD's and was surprised to find they sounded much better than I remembered - I am currently in the process of upgrading my music to CD quality and higher, and was equally surprised to find that Apple doesnt support a hi-res codec for their wireless headphones, even though they offer hi-res music. For me, it makes their $549 (!!!) AirPod Max product extremely confusing, laughable even.
So yes, I think mp3/aac to CD, the change is very noticable. CD to HD (24bit), not so much
Using lossless audio with AirPods is still preferable. Rather than re-encoding a lossy stream with another lossy codec, you only encode it once. Is it minor? Yeah. Can I actually hear it on AirPods? No. But it's not entirely moot.
This is true. It's better than nothing, but the price they are asking for ($549) for a top tier headset that CANT do hi-res audio is offensive if you know what you are looking for.
> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
Cross platform support is always a problem though. And frankly I don't buy the "like they did to the hi-res music industry"-- Spotify is still king here.
> 1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
This is not something to celebrate IMO, Apple keeps doing this and then pushing out the 3rd party options either by pure positioning and bankruptcy or by app store policy.
The result is no choice, no competition, and over time a worse product due to absence of market forces ... beyond the high resistance threshold of getting bad enough for a user to flip the table and exit the entire iOS ecosystem they've invested in - this is the danger of 100% vertical integration.
That was a bombastic final sentence. I'm going to assume you're ignoring third party Android ROMs like Graphene, Calyx, Divest, etc.? And all of the excellent open source projects that substitute Google's stuff?
i'm speaking from the perspective of the mass consumer and thus am comparing them to other mass consumer product companies.
what you're describing is not the norm and those options should always be available, but the effort to value is simply not there to large portions of the mobile users.
> the don't care to scan your pictures with AI 20 different ways
They actually systematically scan photos and declare people to the police if IA determines it looks wrong.
With Apple, you’re at risk of losing your business just like with any other company who wants your data. Apple didn’t solve the “An offline account is better than a Cloud account” problem.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
That's an awfully bold statement! I'm quite happy in the Microsoft ecosystem for OneDrive, etc, and I'm not reading this and jumping to Apple. I'm not sure if most people care about these claims, and the people who are very security aware probably don't believe them.
That’s a non sequitur. Also, there is no reliable way to check whether a given source code is the actually deployed version, neither on servers, nor local devices.
>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river
Fanboyism is expected, but this kind of statement is always bizzare to me. I run an aosp build with no Google software. How can a closed, proprietary system which pinky swears they will not do nasty stuff with your phone possibly be better than that?
> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
... so, they... didn't? Plenty of those services, including Tidal, probably the most prominent one, still exist.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
This is the top comment in this thread right now, and I'm guessing it's because the readers of Hacker News value satire. If Apple's ecosystem is so bewilderingly excellent that nobody in their right mind would choose anything else, why did Apple start offering a bunch of their services, like Apple Music and Apple TV, on other hardware ecosystems?
I genuinely do not understand why you say other backup solutions aren't secure. Do you have anything to back that up?
re: point 3 - they really TRIED to scan all your data with your CSAM tool but got too much pushback. They are only doing this now because they are dropping CSAM and trying to garner public favor.
so did apple, you could encrypt through iTunes for decade, and if you're that paranoid about encrypted backups i would trust an off-line encrypted backup more than i would an encrypted backup in google's cloud.
> they just ate every other 3rd party "secure" backup services lunch...
Really? Isn't this the same Apple that told the FBI that they could get access to a suspect's data from their iCloud account. And the same Apple that was part of the US government's PRISM program to sell user data to the NSA? What makes you think people happy with competing services will jump to them blindly?
> They're not Goodle/FB/Amazon.
They are exactly like them. All of them claimed they care about user privacy, before massively collecting the private data of their users and then exploiting it.
> ... reliable, secure, private service ...
Reliable, sure. "Secure" is debatable when the keys are stored on the iDevices that only Apple can access any time. "Private" is laughable when every Apple product now comes with a disclaimer / popup permission informing that they will use your data to enhance personalised ads served to you by their ad platform.
So that they are legally saved from “storing child porn on their servers”. They explicitly wanted that feature so that they can freely upload user content, fully encrypted, without worrying about that - it was just grossly miscommunicated.
> just pay them money for their service and transactionally they give you only thing that you want in return -- reliable, secure, private service.
In every country they operate in? Especially those run by dictators, autocrats and wannabe dictators/autocrats?
If not would their next Ad or Speech on humanity, morals, rights, privacy and other virtue signalling include a disclaimer that those are not available in such countries?
I'm baffled that the information security requirement has reduced from zero-trust to trust the shiny hardware maker because 'they say so'.
> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
I'd happily swim (or) drown trying instead of blindly trusting privacy claims of a Child labor exploiting, Union Busting, Virtue Signalling insanely hypocritical ultra-mega corporation.
> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
Did Apple ever implement the ability to run software without first phoning home and asking for permission? The last time I checked they had not followed through on their promise to do so.
> they don't want to mine your data, they don't want to know what you store on there, the don't care to scan your pictures with AI 20 different ways, they don't want to monetize it, etc, etc...
What's stopping them from doing this scanning at acquisition or access by the user? We already see Google running models on your phone for things like Magic Eraser.
All Apple has really announced here is that if you're using Apple Apps and Services then they're the only ones who can mine your data. This pivots nightly into their Ad Services.
> They don't want your data. They're not Goodle/FB/Amazon. They're giving you 2TB+ of space and you can encrypt it to the point that you'll lose your data and they don't care -- they don't want to mine your data
Their devices are still sending a bunch of telemetry. They're still in the ads business
Not saying that this recent move is bad, it's good to see. But at the same time, I'd rather manage and encrypt my own files on my own dfs than get trapped in the walled garden
>"seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river."
Not sure how common is my attitude but I do not give a flying fuck about what Apple does. I keep my own backups (been doing it since the 80s). Today's Apple to me looks like a money company that makes some hardware by accident.
and in general, the less I attached / depend on a single company for anything significant, the better I feel.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
If there's anything I learned about any offers made from big tech, I would never trust any of them until proven for long-term usage for half a decade at bare minimum.
3-2-1 strategy is still a proven method for decades and will still be over any cloud services out there, including iCloud's.
It's fine that very few people care Apple is very good at attracting customers without it anyway, so it's not the classical situation where we, tech people should feel sorry that non-tech people "just don't get it" and don't use Apple services.
And lastly, if indeed no customers care, then that speaks for even bigger respect toward the individuals working at Apple who pushed for this and made it happen. (But I think Apple believes this will be a good business decision, not altruism.)
Yeah, and this also shows that the future is not necessarily all decentralized/run by crypto punks in basements. There is an elegant way we can move to a safer, more reliable Internet all while using the current stack that might be hyper-centralized, but has proven to be the most cost-effective and reliable way to do things.
You’re calling out FB here but they’re one of the few to have rolled out similar backup encryption for WhatsApp messages and that was quite a while ago at this point.
I think FB really wants data about your behavior but based on what they’re been doing with chat security I don’t get a sense they want to or need be able to read through peoples chat history to get that.
> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
Probably. Android is getting locked down with remote attestation anyways. There's no point to it anymore, might as well choose the better tended walled garden.
So up until now the government have had access to all your data because of the backups. This renders the e2e encryption on their different messaging platforms useless. Kind of a joke:"your convo can't be read because it is e2e encrypted, bit when we backup, we can read it".
What's the truth though? Are they able to coordinate with law enforcement if needed or not? I find it hard to believe there's no government agency paying attention to iMessage of criminals. Am I mistaken?
Yeah but it’s still basically the great philosophical question of the douche or the turd sandwich.
With everything that has happened with Apple since Job’s death, my trust has been eroded so much that yeah I still use Apple but they are the turd sandwich at the end of the day. I trust Google a percent or two less.
I like that they are doing with this E2E encryption. It protects against hackers better. It doesn’t protect against Apple though… they will still continue to sell the analytics on you. Which is fine if you don’t care.
>BUT, perhaps the BIGGEST news here is that Apple is making a backup statement to what they've been saying for years and what they've recently gotten negative attention on: They don't want your data.
If they don't want their user's data then why are they running an ad business?
Seriously. Your data is probably going to be mined on-device. Would make way more sense to further screw you by using your resources to mine you while you sleep.
Jesus, the Apple fanboys truly are a different breed. E2E encrypted backups are nice, great even, but the rest of your post and especially the last paragraph are cringe worthy.
you know your first two sentences aren't really honest. there's the secondary market, considering that apple keeps updating their devices past typical android equivalent you're getting same $/years of use value. there are SE models that are in line to cheaper android alternatives.
if you're poor you're probably not data hording TBs of data, because you've got other problems, so yes, this is all speaking from the point of the privilege, and you being here is also from the point of privilege.
and to answer your 3rd question -- i'll bite and say that this maybe true. but is it really apple's problem or the problem overall? where we're all mined for data and now when someone does offer security you scream that it's unfair. shouldn't you take the equivalent effort and write your legislator and ask them what they're doing about bringing the bar to the level that apple is bringing it to, for all of the poor people out there?
Obviously a device doesn't become useless once it stops receiving OS patches. For one, it'll keep receiving security patches for other components (eg the browser, which is in many ways more important than the OS) for many years past end of life.
>>>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
Lol I would never advocate for any company I engage with to use apple products. Why? Because they suck.iphoto and iCloud are pieces of trash. Most basic thing like, delete local but keep cloud copy seems to be missing. Can't keep a iPhone synced and do this with iCloud. Lulz worthy sitcho.
Also can't even copy files off device easily. Can't put custom apps on devices easily. The company actively kicks back against things like, freedom of information, following standards, reducing e-waste.
You know some of us make decisions around the companies we support on greater levels than just feature a or b is present in device. Apple are a predatory company that in no way promote a software or hardware ecosystem that is ethical imho and they don't promote one I want to participate in.
I wouldn't touch their shit with a barge pole and ontop of this due to being IT everytime I'm forced to I'm mostly confused by wtf folks think is so great. I legit find the kids toy ux difficult to work with, borderline impossible.
I also like blowing clients away with simple tasks like....copying photos to a usb...browsing files on my phone on a pc. You know the basic stuff like they used to do when they were younger but apple cucked it along the way for zero reason lol.
> You will, from May, thanks to the EU Digital Markets act.
Is this fact? Last I read about this the law was passed, but it's still unclear if apple will actually allow this.
I absolutely would love if I could use the latest version of iOS and install apps that are not in the app store. I'm currently using trollstore to do this but that means using older versions of iOS that are vulnerable to exploits.
The law has passed - but it also has exemptions for security.... So we can expect a lot of negotiating between the EU & Apple/Google on what they actually have to do.
Downloading some random GitHub app to access a phones storage sure as shit won't be happening on any managed corporate devices I deploy. Or unmanaged devices tbh. That's the kinda shit I leave for quarantined VMs.
Data is still not easily accessible once it's on a iPhone.
Okay... then use iTunes on Windows or Mac? (Not sure how those work, never used them, but I assume they provide the same functionality as imobiledevice)
Nah I thought that was the case too. Turns out it is not. Had a clients employee as me for help w/ her iphone about 2 weeks back. 32gb phone, no storage space left on device so it legit just stopped working, wouldnt recieve texts or anything cus it was full. So clients like, help me get photos off phone onto a USB or set photos to store in icloud only and ill delete the phone copies (well this is what I thought was an option because I can do it w/ just about every other backup software I use). Turns out big fat nup to either options. Only way she could delete phone photos but keep cloud ones was to disable sync entirely (lol wtf is the point of linked cloud if sync is so shithouse?). Plug phone into itunes, all you get re. access to device is no ability to view pics as files too extract, you cant even control apps on the device (good luck finding out what apple referred to as other apple software that used up >30% of phones internal space it just gets all lumped in under one grey color of storage being used.
Got forced to use a iphone 11 or someshit a few years back as a company issued device. Man it was alright at making phone calls, complete POS for doing any actual work on. Basically found it to be an overpriced paperweight that could take ok photos but was impossible to retrieve photos from. No i dont want a icloud account or any of that bs i just want to plug in to pc and pull files like I've been doing for 25+ years on every other platform ive ever used.
"Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage..."
Photo checksums can't be e2e encrypted huh? They reported today they abandoned their plans to do CSAM scanning on people's devices[1] and connecting the dots it seems like they wont need to since they can just do it in the cloud.
The abandoned plan was perceptual hashing, which should return the same hash for very similar photos, while the new one is a checksum, which should return the same hash only for identical photos. I don’t think that invalidates the point, but it does seem relevant. It certainly makes it much less useful for CSAM scanning or enforcing local dictator whims, since it’s now trivial to defeat if you actually try to.
The big difference is with photos end-to-end encrypted, Apple can't (by choice nor force) have human "content reviewers" look at photos to inspect them for unlawful content, as was the intention under Apple's 2021 plan [1] after a threshold of 30 hash matches was met.
Although it was starting on CSAM material, it wasn't clear which other illegal activities Apple would assist governments in tracking. In countries in which [being gay is illegal](https://www.humandignitytrust.org/lgbt-the-law/map-of-crimin...), having Apple employees aid law enforcement by pointing out photographic evidence of unlawful behaviour (for example, a man hugging his husband) would have been a recipe for grotesque human rights abuses.
With photos encrypted, Apple can't be pressured to hire human reviewers to inspect them, and thus cannot be pressured by governments that enforce absurd laws to pass on information on who might be engaging in "unlawful" activities.
>The abandoned plan was perceptual hashing, which should return the same hash for very similar photos . . .
Is there any proof they actually abandoned this? NeuralHash seems alive and well in iOS 16[1]. Supposedly the rest of the machinery around comparing these hashes to a blind database, encrypting those matches, and sending them to Apple et al. to be reviewed has all been axed. However that's not exactly trivial to verify since Photos is closed source.
Anything over a network can be decrypted and inspected with a MITM proxy (manually adding its root certificate to the trust store), as long as only TLS (no application-level encryption) is being used.
There are a multitude of ways to inspect the decrypted traffic of your own device, whether it's a jailbroken iPhone provided by Apple to the security community or a non-kosher jailbroken device. People inspect this traffic all the time.
> . . . as long as only TLS (no application-level encryption) is being used.
Therein lies the rub: the payload itself is protected by an encryption scheme where the keys are intentionally being withheld by either party. In the case of Apple's proposed CSAM detection Apple would be withholding the secret in the form of the unblinded database's derivation key. In the case of Advanced Data Protection the user's key lives in the SEP, unknown to Apple.
By design the interior of the "safety vouchers" cannot be inspected, supposedly not even by Apple, unless you are in possession of (a) dozens of matching vouchers and (b) the unblinded database. So on the wire you're just going to see opaque encrypted containers representing a photo destined for iCloud.
The original implementation also involved sending a "safety voucher" with each photo uploaded to iCloud, which contained a thumbnail of the photo as well as some other metadata.
The vouchers were encrypted, and could only be decrypted if there were, I believe, 30 independent matches against their CSAM hash table in the cloud. At that point the vouchers could be decrypted and reviewed by a human as a check against false-positives.
It sounds like with a raw byte hash they might be able to match a photo against a list of CSAM hashes, but they wouldn't be able to do the human review of the photo's contents because of E2E.
That would be interesting. Then all someone has to do is generate images that collide with the ones in the CSAM hash database and airdrop them to someone, then they’re suddenly the target of a federal investigation. I remember someone posting about a year ago a bunch of strange looking images that produced those collisions. If it’s all E2E then all Apple sees is a matching hash and can’t do any further review other than refer to law enforcement.
Someone mentioned here but I didn't confirm that Apple is stopping the CSAM scanning. It makes sense because there's nothing they could reasonably do even if they found matching hashes. It seems unlikely they'd report these findings to the police if there's no manual ability to review the contents first.
I'm assuming these are normal checksums (bitwise hashes), whereas before they were doing a hand-wavy AI-based thing that they called "checksums" but weren't really. The latter captured rough visual qualities of the images in question, which is why it had a false-positives problem. A real checksum shouldn't have that problem; in theory you'd only be able to detect an exact match of a file you already have and are looking for. So it is meaningfully different.
I assumed separate checksums are made from the file name and the contents. Though even if not, it would seem useful for eg. syncing between devices ("does file X already exist so we don't need to download it?")
Uhm... that's a significant leak. Most files you have are not unique, including personal photos (if you shard them). So all Apple needs to do to uncover a significant part of what you have on iCloud is get all the hashes of your files and find the same hashes in others accounts that don't have e2e enabled and other sources to recover the content. And even without content, it is a great way to find connections between people (but they already have non-e2e encrypted contact data to do that...).
Personally, I don't think Apple intends to screw you, and they have a good reason, but isn't not trusting your provider the entire point of e2e encryption?
It is one of the first question I asked myself: "with e2e encryption, it means no de-duplication, it will be expensive for Apple". Turns out they still have de-duplication, and therefore weaker privacy.
Anyways, "As we continue to strengthen security protections for all users, Apple is committed to ensuring more data, including this kind of metadata, is end-to-end encrypted when Advanced Data Protection is enabled". It would be interesting to see if they really are committed. For now, I don't blame them, it is already better than most offerings, and it just came out. However, it will be an interesting point to watch for in the future: it is a privacy feature that actually costs Apple money to run, will they do it?
Note: I assume a standard hash like SHA, working at byte level. Not the CSAM scanning thing that can match similar pictures even if the files are not exactly the same.
Can you elaborate on this comment in terms of how no de-duplication is in any way expensive to Apple? People have to pay for their cloud storage generally (past 5GB) and Apple presumably has their price structure setup in a way where it is either profitable or at least only negligibly costs them as a loss leader for its expensive products.
If someone has all kinds of duplicates, so what? Eventually, they have to pay and up their subscription price for the additional cloud storage. The only way de-duplicating could possibly save money is if two or more people with the same file are both pointed to that same file in a location that is not within their account.
"checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage"
This is likely describing content-addressable storage. It is the underpinning of many iCloud services that store user files / blobs. It is also a commonly used pattern in backend services generally.
The problem is that a stream cipher is going to have some per-object uniqueness (a salt, IV, etc.), so by design even if you feed it related input blocks you will get different output blocks. This is, of course, antithetical to deduplication: so you need to check/store the hash of the input before it goes through the cipher.
The presentation about ZFS' native encryption[1] covers many of these sorts of trade-offs necessary to do full-disk encryption at scale.
I always thought the client-side hashing plan was something of a giveaway to authoritarian governments which would have demanded Apple check their own list of verboten files against what the users had uploaded to iCloud. E.g. tank man photos.
So I read this as Apple quietly saying "we're not bending to China on privacy". Which is the first step toward probably being banned from providing Apple services in China.
People sharing images that an authoritarian government considers banned might still be exposed by such a scheme, given they are likely to be exactly the same data. There are, after all, no new photos of tank man being photographed, any that are shared would be identical to someone elses, unless every recipient opened them up and modified them, and even then I'm not sure that actually modifies the data if done on an iOS device, as modifications done to images can be undone suggesting to me they are only a layer on top of the unchanged image, which would still return the same hash.
Unfortunately, I think the privacy problems surrounding iCloud Photos remain to an extent.
Given that modifying just a single bit in an image results in a wildly different hash digest, I think the risk is a little overblown. There are probably easier ways for authoritarian governments to figure out who's sending illegal content, like just taking somebody's device and looking at their messages.
It's a little hard to take any percentage of 1.4B peoples phones, get them to comply unlocking their devices, and then inspecting those.
It's a lot easier to tell vendor X that "in country Y list Z is the one that should be used when looking for CSAM", and then add some known Tank Man derivative hashes to that list and find out directly who to arrest.
According to the Wired article linked by parent, there is no longer any hashing or client-side scanning scheme at all, except one that can be enabled locally by parents and doesn't report anything to Apple.
But in the documentation[1] under the heading "Encryption of certain metadata and usage information" they state:
> Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage
This checksum is described as:
> The raw byte checksum of the photo or video
This hash can technically be shared by Apple, since they own the key used to encrypt it. And depending on when the hash is computed (post-encryption it's no problem, pre-encryption we have a problem), this could technically be used to find people sharing known undesired images e.g. Tank Man or CSAM.
Apple already has different terms of service for Chinese users. They simply won’t have this feature, or is it turned off silently on authority requests.
There is no way for a user to verify if Apple has actually end-to-end encrypted their backups or not.
I always thought that program was technically limited from the start. It seems like it would be very easy to rotate a small value of the file, even a single pixel, and return a different checksum.
"People rioted when we scanned for CSAM in a privacy-preserving manner but don't give a shit when we do the same thing when it's not privacy preserving so I guess just do that."
How is this a win? Either is bad, who wants them to keep a database of their image hashes? In some ways this is arguably even worse. If they keep this data online leaks and/or third party access are almost guaranteed. At the very least by authorities with a perma warrant looking for "CP" or "terrorist" material.
And that's exactly the problem and why I put CP in quotation marks. With everything we know about these completely unaccountable agencies, what guarantees you it will be limited to a actual crimes against children? For the children is the oldest trick in the book. Already if we talk terrorism, it's explicitly political. One woman's freedom fighter is another man's terrorist.
Maybe I'm confused. From the Wired article and other sources, it sounds like they have abandoned the idea doing any form of hash comparison or client-side scanning. Am I reading that wrong?
If that article is correct it doesn't sound like they've abandoned the idea at all, only modified. It's still the same thing essentially, they check your file hashes for "known illegal images or other law enforcement inquiries".
One must understand that E2EE is used when you don't trust your service provider to handle your data. In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?
They can remotely wipe apps. They can force-install apps and force updates. It is not too far-fetched to think that they can just remotely copy anything stored on your device to their servers. So, with an adversary that capable, I'm not sure encrypted backups provide a meaningful improvement to security and privacy.
> In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?
The adversary in this threat model isn't the service provider. The adversary is someone attacking the service provider, like a hacker or a government with a warrant, and getting access to Apple's storage of your data.
Now of course it's not impossible for such an adversary to also defeat other systems at Apple and get your data another way, for example by controlling Apple's ability to send over-the-air updates to Apple devices. But I think that is a sufficiently distinct threat that it's not worth dismissing solutions to the first threat. That would be like dismissing the importance of a web server storing passwords salted and hashed, since attackers could just use a totally different attack to bypass the web server's database access control. Another way to illustrate this might be to point out that attackers can physically coerce you to hand over data regardless of any security measures any service provider could possibly make, but that doesn't mean we should dismiss all such security measures.
remember Lavabit [0]? will Apple choose to shut down rather than to comply [1]? if the government comes with a warrant, it will be with a gag order, and they will be compelled to silently update your phone to extract whatever the govt needs over the course of a few months.
What is your actual point here? It feels like we’re just playing a game if hypotheticals that are no longer based in reality.
Sure Apple could update your device to send all your photos unencrypted to them. They could also remotely turn on the mic and spy on all of us. They could also add key word detection to iMessage and flag law enforcement if you text out the wrong words.
I think everyone here understands what Apple could do. Which is why it’s a good thing that signs point to Apple not wanting their customer data. And why Apple refusing government orders that they feel violate their customers is unequivocally a good thing (even if they’re doing it for selfish reasons)
that e2e encryption by a third party does not give you privacy from the US government if that third party can remotely control or update your device and is subject to US laws. it is a direct reply to the assertion made in the GP: "The adversary is someone attacking the service provider, like a hacker or a government with a warrant, and getting access to Apple's storage of your data."
> will Apple choose to shut down rather than to comply
Apple will probably comply, just like I would probably comply rather than go to jail or suffer injury to myself or my loved ones. But I think it's fair to treat that as a distinct threat.
I disagree - the service provider should be considered an adversary and their service - and your tooling - should make it possible to obfuscate every single bit of data and metadata that you store there.
rsync.net is great and I've always appreciated the exposed ZFS capability, even if at this point 3x the cost per gb for a small scale users vs B2 is a lot more painful. Having encryption, including for transfers, also be part of the filesystem (which is open source) is great. Pity but for a small turn of history ZFS didn't become the native FS for Apple. And I think backups in particular is one of the focused completely unambiguous areas where Apple really has behaved in textbook anticompetitive fashion, and they should be required to allow people to point their iOS devices at any 3rd party service (including their own!) they wish that implements the right API (which Apple should have to document and follow themselves).
Still with all that said:
>I disagree - the service provider should be considered an adversary and their service - and your tooling - should make it possible to obfuscate every single bit of data and metadata that you store there.
If you're using Apple devices at this point then I think they do unavoidably form some part of your core trust foundation. With current hardware Apple is everywhere in the stack right down to the CPU level, heck arguably below that since they have a special license with ARM and can implement their own custom extensions. If you really think they're an adversary to the point of doing custom backdoors explicitly going after you, then the hardware just can't be trusted.
It's not unreasonable though to look at both Apple's incentives and the state of American law at least and see distinctions between Apple being compelled (or hacked) to provide something they have passive access to on their side anyway vs being compelled to engage in non-consensual active work and feature development (or having that slipped in and make it into general deployment) on things that necessarily must go out to end user devices. The former is both bog standard warrant/subpoena territory and not inherently detectable outside of Apple and the government, since it doesn't directly involve the user as a party at all. The latter is very arguably illegal and provokes far more public response, and involves deploying in ways that make it far harder to keep concealed (and open up other avenues of challenge).
I don't get it. If you don't trust Apple, then you don't take photos with an iPhone. There is no possible service they could offer that assures you every bit of data and metadata is obfuscated end to end in any sense of before Apple software has a chance to see it. At bare minimum, the camera app has to put together a file before there is anything to encrypt. A malicious Apple could just keep a second copy of that file, and even if you used a different backup service, they'd still have it.
However, as with all things here, you can just email and discuss with a real person and we'll set you up the way you need to be set up wrt billing and pricing, etc.
I think that's a separate issue. I'm not saying that Apple or any other service provider should not be considered a potential adversary. I'm saying it's still a good thing for service providers to implement solutions to threats.
I think the right way to advocate for this really is to focus on the warrant aspect. It’s not about preventing law enforcement but keeping it above board where there’s at least the possibility of oversight and targets can exercise their rights to things like legal representation.
I think it mostly matters in the context of US case law, specifically the third party doctrine.
> The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have "no reasonable expectation of privacy" in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.
There are multiple meanings of trust in this scenario: belief in honesty, and confidence of ability. Eg I can trust you to tell me the truth but not trust you to protect me from a missile.
I trust Apple’s honesty. I don’t trust many attack vectors. Someone could gain access to their data center. E2EE protects that. A gov could legally compel them to provide data. I trust when they say they’ve engineered it in such a way that they can’t currently do it, and that they would publicly cause a scene and legal battle if attempted-as they have before. Accidental data leaks also happen. In all these scenarios I trust Apples intentions but know that nothing is perfect. E2EE adds a lot for me.
Also, companies like Apple are huge, with thousands of staff.
These protections aren't there to protect you from "Apple", but Apple staff.
So for example if someone at Apple has been compromised by a foreign state, they can't copy sensitive customer data just willy nilly. They'd have to jump through a lot of hoops that would be prohibitively difficult.
Google had issues like this in the past where some employees were sending data to the Chinese government. E.g.: information about dissidents, political opponents in Taiwan, etc...
This is one of the reasons Google encrypts even internal server-to-server traffic, because the threat is on the inside of the firewall!
In theory it adds a speed bump. Apple as the cloud service provider can respond to the legal order by saying they don't have the key. And then the police can ask for a booby trapped update for just your phone which may or may not happen. Or they can lobby the legislature for an encryption backdoor for all devices which will force them to show their hand in terms of "lawful intercept" capability.
If you want maximum security use an air gapped computer. But that won't let you send messages on the go.
> If you want maximum security use an air gapped computer. But that won't let you send messages on the go.
You can, with some inconvenience, use optical diodes to transmit data from a trusted input device to an untrusted network device for transport over tor, and then push the received messages over a second diode to a display device that decrypts the messages, so that even if you receive an exploit/malware, there is no physical connection that allows unencrypted data to be exfiltrated.
If you want maximum security then just obviously don't use Apple services, or any other provider that has a capability to fetch your data under any circumstances.
Starting in May next year, the Digital Markets Act [1] requires Apple to "allow the installation of third-party software applications [...] by means other than the relevant core platform services of that gatekeeper."
I'm still on the fence about whether this will end up being a net good or not but people don't seem to consider the potential knock on effects of this. Apple puts some nice pro-consumer, along with some less nice anti-developer, requirements on Apps in the AppStore. Easy subscription management, privacy disclosure, parental controls etc. If the developers of an app decide to only make it available outside the AppStore you as a consumer may be forced to choose between using that app and getting those benefits.
> If the developers of an app decide to only make it available outside the AppStore you as a consumer may be forced to choose between using that app and getting those benefits.
And Apple already chooses the reverse for you by not allowing apps you may want and by charging at 30% tax for doing so. There is a vast disparity between the behaviors!
It won't help to download apps on an iPhone, which, I must say, isn't even yours: you don't get to decide which apps you can install on your phone. Apple gets to decide. Factually speaking you're merely renting the iPhonefrom Apple, which, being the device owner, decides the terms under which you can use it.
In practice this distinction is meaningless. In fact I trust Apple more than my own government. To take your argument to an absurd logical conclusion, I don’t own ANYTHING because my government can take it.
It is known that Apple would do quite a lot of what governments will ask of it. It removes app from national AppStores on a simple request from countries like China or Russia. (Well, now Apple might ignore Russian takedown requests, but prior to the war with Ukraine they were very receptive to their demands)
This is why side-loading and the option for alternative app stores is so crucial. If Apple bans Signal or other E2EE messenger apps from your national app store, you can't get them. Full stop.
If people in China and other privacy-hostile countries can side-load from alternative app stores (like F-droid for Android), the government/Apple doesn't control user access to particular undesireable apps.
There's obviously reverse concerns to this side of the coin but the overall concept has arguably always existed eith jailbreaking (Cydia store, AltStore(?)) and I haven't heard any stories about people becoming massively compromised in the way all the naysayers and Apple would have us believe.
Yes, I have heard of the GDPR and in my opinion it has improved/consolidated my digital privacy rights and not affected the "web browsing experience" in any negative way. I believe you are referring to the ePrivacy Directive (aka cookie law). As you may know, it's only mandatory to inform the user when the website is collecting information from the user beyond what is necessary for technical purposes - and in that case I do want the option to refuse that.
They don't have to lobby anyone for this. Apple has operations in aus. We have laws here gov can force you to put a backdoor in software or hardware and you are not allowed to tell even your employer you have been requested to do so.
Tbh in theory apple aren't allowed to tell you they have done it or otherwise. So their phones have probably been backdoored for a few years now at request of aus gov.
I would not be surprised if there is a backdoor already. Either explicitly ordered or secretly inserted like Dual_EC_DRBG. They’re not burning a zero day vulnerability or certificate authority just to convict one defendant. They’re saving them for something like Stuxnet.
Nothing is secure. Once we remember that, we'll stop nitpicking improvements.
Use your own server? Great, it's secure software-wise, but if someone broke into your house, it's all of the sudden the worst liability ever. The next thing you know, your entire identity, your photos, everything is stolen. You have excellent technical security, perhaps the weakest physical security.
So new plan, you use a self-hosted NextCloud instance on a VPS somewhere. That's actually not much smarter than using iCloud - VPSs handle data warrants all the time. They also move your data around as they upgrade hardware, relocate servers, and so forth.
So new plan, you use iCloud E2E encryption. You have to trust that Apple does as they say, and trust that their algorithms are correctly functioning. Maybe you don't want to do that, so new plan:
You use a phone running GrapheneOS, with data stored on a VPS, with your own E2E setup. Great - except you need to trust your software, and all the dependencies it relies on. Are you sure GrapheneOS isn't a CIA plant like ArcaneOS was? Are you sure your VPN isn't a plant, like Crypto AG? And even if the VPN is legitimate, how do you know the NSA doesn't have wiretaps on data going in and out, allowing for greatly reducing the pool of suspects? Are you sure that even if the GrapheneOS developers are legitimate, the CIA hasn't stolen the signing key long ago? Apple's signing key might be buried in an HSM in Apple Park requiring a raid, but with the GrapheneOS developer being publicly known, perhaps a stealth hotel visit would do the trick.
So new plan, you build GrapheneOS yourself, from source code. Except, can you really read it all? Are you sure it is safe? After all, Linux was nearly backdoored with only two inconspicuous lines hidden deep in the kernel (the 2003 incident). So... if you read it all, and verify that it is perfect, can you trust your compiler? Your compiler could have a backdoor (remember the "login" demo?), so you've got to check that too.
At this point, you realize that maybe your code, and compiler, is clean - but it's all written in C, so maybe there are memory overflows that haven't been detected yet, so the CIA could get in that way (kind of like with Pegasus). In which case, you might as well carefully rewrite everything in Rust and Go, just to be sure. But at that point, you realize that your GrapheneOS phone relies on Google's proprietary bootloader, which is always signed by Google and not changeable. Can you trust it?
You can't, and then you realize that the chip could have countless backdoors that no software can fix (say, with Intel ME, or even just a secret register bit), so new plan. You immediately design and build your own CPU, your own GPU, and your own silicon for your own device. Now it's your own chip, with your own software. Surely that's safe.
But then you realize there's no way to verify, even after delidding the chip, to verify that the fabrication plant didn't tweak your design. In which case, you might need your own fabrication plant... but then you realize that there's the risk of insider attacks... and how do you even know those chip-making machines are fully safe? How do you know the CIA didn't come knocking and make a few minor changes to your design, and then gag the factory with a National Security Letter from giving you any whiffs about it?
But even if you managed to get that far, great, you've got a secure device - how do you know that you can securely talk to literally anyone else? Fake HTTPS Certificates from Shady Vendors are a thing (TrustCor?). You've got the most secure device that is terrified to talk to anybody or anything. You might as well start your own Certificate Authority now and have everyone trust you. Except... aren't those people... in the same boat now... as yourself... And also, how do you know the NSA hasn't broken RSA and the entire encryption ecosystem with that supercomputer and mathematicians of theirs? How do you know that we aren't using a whole new DUAL_EC_RBG and that Curve25519 isn't rigged?
The rabbit hole will never end. This doesn't mean that we should just give up - but it does mean we shouldn't be so ready to nitpick the flaws in every step forward, as there will be no perfect solution.
Oh, did I mention your cell service provider always knows where you are, and your identity, at all times, regardless of how secure your device is?
Edit @INeedMoreRAM:
For NextCloud, from a technical perspective it's fantastic, but your data is basically always going to be vulnerable to either a technical breach of Linode, an insider threat within Linode, or a warrant served (either a real warrant, or a fraudulent warrant, which can happen).
You could E2E encrypt it with NextCloud (https://nextcloud.com/endtoend/) which would solve the Linode side of the problem, but there are limitations you need to look into. Also, if a warrant was served (most likely going to be authentic if police physically show up, at least more likely than one they served your data over), you could always have your home raided, recovery keys found, and data accessed that way. Of course, you could destroy the keys and only rely on your memory - but, what a thing to do to your family if you die unexpectedly. Ultimately, there's no perfect silver bullet.
Personally... It's old school, I use encrypted Blu-rays. They take forever to burn, but they come in sizes up to 100GB (and 128GB in rare Japanese versions), they are physically stored in my home offline, and I replace them every 5 years. This is coupled with a NAS. It's not warrant-proof but I'm not doing anything illegal - but it is fake-warrant-resistant and threats-within-tech resistant, and I live in an area where I feel relatively safe (even though this is, certainly, not break-in-proof). Could also use encrypted tape.
I run Nextcloud on a RPI at home with fail2ban, brute force protection, MFA, and E2EE which is backed up remotely using encrypted Borg backup. The 4TB SSD drive safely serves my friends and family too. My laptop and Graphene phone's files, apps and settings are backed up automatically to it daily. I have too many apps installed on Nextcloud to list, but it is basically an all in one solution to your cloud needs.
Both Nextcloud and GrapheneOS are FOSS which addresses your concern about it being a government trap.
My partner is able to access my Bitwarden account if I were ever to be indisposed.
Sure nothing is perfect, but tell me how this is not a better solution than trusting the closed source ecosystem of the biggest corporation in the world.
“Both Nextcloud and GrapheneOS are FOSS which addresses your concern about it being a government trap.”
I was merely referring to the fact that unless you build the code yourself, there is no certainty that you have that a government has not shipped a custom hacked build to your device and stolen a FOSS signing key. Unlikely? Yes. Possible? Yes. Also, backdoors, as seen in the 2003 Linux incident, can be as hidden as a deliberately missing equals sign in 1 line of code - so, a sneaky government commit with the smallest backdoor could be undetected even if FOSS. I still think it’s better than proprietary - don’t get me wrong - but it’s not invincible which was my main point about how security does not end.
Right, but nobody can write all the code they need for every service. I agree nothing is invincible. We put varying degrees of trust in people and processes of communities who maintain the SW. FOSS requires much less trust than proprietary SW developed by megatech.
> Use your own server? Great, it's secure software-wise, but if someone broke into your house, it's all of the sudden the worst liability ever.
this doesn't invalidate the rest of your point, but if your data isn't encrypted at rest on your own hardware, that one very particle point? that's your own fault.
you will need some kind of remote mounting mechanism. Imagine you are abroad and your power at home is off for a short period of time. How to boot remotely and mounting the encrypted filesystem?
Not an easy task. You will need some kind of dropbear ssh that you dial into and input your encryption key. Many moving parts. Don't get me started if you have to update the packages due to security fixes.
I've been running my own Nextcloud instance on a Linode with 2FA and your response made me question how secure it is.
Even though I get an A+ on the Nextcloud Security Scan (https://scan.nextcloud.com/), have 2FA, and custom IP blocking set up in my .htaccess file, it's disheartening to know that I'm not as secure as I thought I was.
I removed all my photos/files from iCloud for privacy reasons, and now I feel helpless contemplating how Linode may just hand my data over if served a warrant.
Any other Nextcloud hardening tips besides Fail2ban and reverse proxying you'd recommend? May I ask what your workflow looks like for preserving files throughout time?
Nextcloud has three recommended add-ons that you can install in a few clicks:
-Brute force protection
-End to end encryption
-Multi-factor Authentication
> And what good is that encryption, if Apple obviously can do almost anything with your device?
Because apple isn’t in control of apple for data at rest, and that’s the specific risk.
You have to trust control of the device sure, but you cannot trust cloud data - almost at all - between subpoenas from over eager LEOs and break ins from criminal and state hackers
> Because apple isn’t in control of apple for data at rest
That's not really true if Apple also holds copies of your iCloud decryption keys. If they want to access your data, they already have all the necessary components.
Now we're going in full circle, so I'll just point you to the parent thread:
> One must understand that E2EE is used when you don't trust your service provider to handle your data. In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?
Ironic, since if you follow the thread you'll learn that since Apple still has complete control of your device, it essentially still has access to the keys.
Let me re-phrase, by giving Apple control over the keys, you give control over the data to whoever controls apple - which is non-zero (Eg. LEO), and whoever may gain control (security vuln).
Apple isn't a monolithic entity. For example, a rogue engineer might be able to access your iCloud data, but it's orders of magnitude more complicated to push a specifically manufactured app to your device.
There's a similar variance of complexities for hacking and law enforcement overreach scenarios.
E2EE isn't a solution for all attack vectors, but it's a significant mitigation in itself.
Technically no. I still have Fortnite on my iPhone, it just can't be opened. Apple can't wipe apps from your phone, but if they're App Store installed (as opposed to Ent MDM/Sideloaded), they can render them inoperable by revoking the certificate attached to the bundle.
It's all a closed source jumble though. Even if they can't do it right now, they have the power to install an update that allows them to add that power, if they had to.
What's the functional difference between "remotely deleting" and "remotely rendering inoperable"?
Remotely deleting probably just exposes them to all kinds of legal issues, since it would wipe user data too (which you can otherwise possibly still extract, e.g. through the "Files" app).
What’s missing is context - Fortnight’s account is in breach of the agreement and can’t deliver updates to address issues with the latest version of iOS.
This is identical to any developer that doesn’t deliver updates or suspends their developer account.
Those which have downloaded Fortnight at least once can still download and use the game on earlier versions of iOS and even with iOS 16 by following certain mitigations.
Contrary to some online posts Apple haven’t done anything unique to the fortnight account.
One must also understand that you're wrong. My threat model isn't Apple. My threat model is
a) Overreaching law enforcement, which want to take a look at what I'm up to.
b) Data breach at Apple exposes all my data
c) Errors where my pictures gets in another users photo album, as seen on Google Photos once.
It is becoming increasingly difficult to not just recommend an iPhone to the average person with privacy/security concerns. Sure, you can tell them to go the GrapheneOS route, but I don't think you can trust the average user not to just go and install Google Maps/Google Photos/etc as soon as the alternative FOSS option inconveniences them. I've certainly struggled with this. Then they're arguably worse off than if they'd just stuck with the Apple equivalents.
Apple produces a very nice set of golden handcuffs. Polished shiny look, comfortable fur lining. Customers are really going to going to scream bloody murder when Apple latches them down tight.
The problem here is we are wholly dependant on Apples goodwill. It is not required in anyway (hence Googles behavior). At any moment Apple can revoke said goodwill and exploit us to our hearts content and we will have no fallback what so ever because we decided to let the market codify our freedoms rather than preventing companies from being ruthless.
It's because the "lanes" that non-tech juggernauts break out of are typically pretty restricted, much in advance (aside from "Emergency Use Authorization" etc). Maybe it was "paranoia" (thinking of conditional incentives ahead of time), or people had to suffer enough before these to come into existence.
What's the equivalent of the FDA but for consumer privacy?
That has nothing to do with Apple. Just because the American government doesn't understand the importance of technology doesn't mean Apple is in the wrong.
Let's assume they do eventually flip their brand on its head and turn on the users.
While waiting for them to latch you down tight, you could have already been enjoying the most consumer-centric and privacy-conscious mainstream mobile OS since 2007.
>Let's assume they do eventually flip their brand on its head and turn on the users.
Chinese customers don't need to wait. Apple flipped sometime in 2017 and gave up all user emails, photos, messages, etc. to the CCP to stay in the market.
People complain about TikTok spying for China, but Apple is one of the biggest CCP spies around. That runs counter to the brand headspace they keep investing in though.
I'll never understand people who expect Apple to try and fight the CCP and inevitably get themselves barred from the Chinese market. It's not principled, it's just dumb and will completely screw over all of their current customers in the country who will now have useless devices. Apple is not a nation-state and has no judiciary or military power, and if they're to have any hope of making positive change in the country they need to play ball to some extent and become a large player who can actually exert some influence.
>I'll never understand people who expect Apple to try and fight the CCP and inevitably get themselves barred from the Chinese market.
People have this expectation because other companies have done this.
For example, Google employees revolted when dragonfly was leaked, and got the CCP search-spying project killed. It's weird to think that Google cared more about user privacy than profits than Apple does, but that's how weird the branding works here.
"I am in a benevolent dictatorship, nothing ever could go wrong"
Just because Apple is playing nice at the moment, there is no reason not to force them, and all the other players to have a legal requirement of playing nice. I mean, the hog that is fattened for slaughter thinks its life is great, right up until its not.
I've been using an increasing number of Apple products since 2006 or so, after having used Linux for a decade and Windows from 3.1 through 2000.
If it's a benevolent dictatorship, it's undeniably been a good one to me over nearly half my life. If they ever do turn, I can always just leave. But what is and/or was my alternative? The less-benevolent dictatorships of Google or Microsoft? Spending inordinate amounts of time and effort making a hodgepodge of various Linux devices work together (often unsuccessfully)? I'll pass.
Except Apple does not have a police force that will detain you if you try to leave after they institute less-desirable products, and I'm sure they'd lose a lot of money and value if they literally disables data exports.
I used to think Apple could be forced to play nice, and again and again that doesn’t seem to happen. The hammer never fell on their 30%, nor on Safari binding, nor on third party stores. And the funny thing is Google sees that and just goes the same direction, so if tomorrow Apple goes south it’s not like Google would rise as a bastion of vertue.
The question could be less if Apple should be trusted, and more if phone makers in general should be allowed to be dictators.
Why should phone makers not have ultimate control over their devices?
Say I make the Avocado Phone:
- my entire shtick is that "you can only run apps we make, and we vet the source code of every one of the few thousand third-party apps we allow on our device. We will pay you $10,000 if you get compromised using our phone"
- Of course, to achieve this, the phone can't be susceptible to "informed" evil maid attacks (as in, say the hotel's cameras capture you entering your passcode and Avocado ID Password) that replace your OS with an identical one preloaded with Malware. This means that, even as a user, you literally can't load any other software onto the bootloader or OS that would touch the operating system.
- it also takes every opportunity to prevent third-party apps from gaining access they don't need, which includes disabling JIT compilation (ruling out third-party browser engines, unless they want to use a slow javascript interpreter).
At what point does my phone turn from a product that services the security-conscious crowd with a completely bulletproof device, into something that people want to be able to preload software onto, because they didn't realize that security comes at a price? Is it when I sell enough? Is selling 10 million a year enough to where my market presence becomes a problem? 100 million a year? Why would people buy it if the government forces it to be 'open' at the cost of invalidating its entire use-case of being a secure device?
> Why should phone makers not have ultimate control over their devices?
First part is, fundamentally these devices are sold. You could eschew the very notion of property and make it a pure rental, but it’s not the point we are now.
The second part is, as you point out, your idea is completely valid until your service becomes life critical, a huge portion of the country’s population relies on it day to day, you killed any competitor that had a significantly different value proposition and it would have catastrophic consequences if you were to screw it up badly. Basically you became part of the infra. Is it 100 million units ? It’s up to your regulators to decide.
I think a lot of the privacy-conscious Apple users would wholeheartedly support laws that guarantee better privacy than is currently required. That said, we have to act in the world we live in not the world we want it to be.
In any case, I don’t see how using Apple products is at odds with supporting better privacy laws. If anything, they are perfectly aligned since it demonstrates a $2 trillion alternative to surveillance capitalism.
the fact you believe this is true today is most telling, I do not find them to be "consumer-centric" they have very draconian policies and if your use of the device fits in their narrow band of use cases then it is find, if it does not you are SOL
Given they accommodate over 50% of United States residents[0], I'm not sure the band is as narrow as you say it is. Of course, for those it doesn't accommodate, there is a different product that hopefully better fits their use cases.
Market share is irrelevant if there’s a high enough barrier to entry and cost of switching for the user. For instance Comcast probably has a very good market share and competitors too on paper.
Is the cost of switching that high? People at the phone store do 'data transfers' already (seemingly just texts, pictures/videos, and contacts), and, hilariously, the transfer to Android is a lot better than the 'move to iOS' app that has terrible reviews[0]. I bet most of the time being spent on switching will be on reinstalling all your apps and logging back into them.
It is, depending on how long you've been using the platform.
For instance if you've been on iOS for a few years and bought a healthy amount of music, those are virtually gone after moving to android. You can mitigate that by either
- forever keep paying Apple through an Apple Music subscription
- somewhat extract the tracks and DRM free them (tracks were DRM free when bought from the Mac, but not when bought on iOS last time I tinkered with it). Of course Apple will make as hard as they can to block this route.
Same for movies and books, and for games/apps as well if they don't have a multi OS pricing scheme.
Switching cost is not just time spent to get used to, more often than not it"s a non significant amount of money lost in the process.
Same deal the other way round of course: Google is more diligent on exposing their content on iOS, but there will stil be paid games and apps to be lost in the process.
If I don’t like what Apple does with iMessage, I can move to WhatsApp. If I don’t like what Apple does with photos, I can move to Google Photos. If I don’t like what Apple does with iCloud, I can move to Dropbox. If I don’t like what Apple does with iOS, I can move to Android.
> If I don’t like what Apple does with photos, I can move to Google Photos
I can’t. I don’t use Apple Photos, and I can’t set Google Photos as the default photo handler, nor default source or destination, nor tell any iOS device to never save photos in Apple’s silo.
> If I don’t like what Apple does with iCloud, I can move to Dropbox.
I can’t either. I wanted to backup my phone elsewhere and there is no option outside of iCloud.
How have you hacked your system and how long will you be able to?
To use Google Photos on iPhone: install the Google Photos app and grant it access to your phone's photos. Then you can go into the Google Photos app to see and manage all your photos.
To keep Apple from saving your photos: turn off iCloud Photos, or log out of iCloud.
To back up your iPhone without iCloud: make a local backup on your Mac or PC. You can even encrypt the backup with a password you choose. You can sync these backup files in any way you would like, including via Dropbox.
You can also sell your iPhone and get a different phone if you don't want anything to do with Apple.
You're skirting around the issues, as Apple just won't allow you to get out of their system in the key parts. Any of the alternative you describe are just clunky workarounds with utterly broken parts (local backups through a Mac have severe issues compared to cloud backups)
> You can also sell your iPhone and get a different phone if you don't want anything to do with Apple.
If you come to that conclusion, it's basically the answer to your "How am I handcuffed to Apple?" question. If you need to give up the system to properly manage your backups, it's pretty much a situation where you're handcuffed or not, with no clear negotiable middle ground option.
I use Firefox just fine on iOS. Sure, it's just user chrome and Firefox Sync, but those are the things I care a lot more about than the rendering engine.
I'd love to support Gecko on mobile too, as I've moved the vast majority of my desktop usage to it, but Webkit is still fighting the Blink/Chromium hegemony, too, and that's still fighting the good fight.
I appreciate that you feel that way. I think most users don't care about the details of rendering engines and think user chrome choice (not Google's Chrome specifically; it's stupid Chrome confused pre-existing browser language) is enough. I mostly agree, as I already stated, and I'm okay with the compromise on rendering engine for security and I'm okay with the compromise on rendering engine to keep at least one non-Blink renderer high enough on caniuse usage statistics that I can fight back some in corporate projects that "Chrome is the only browser we need to support" because we have enough iOS using users and many of them are executives. That's a more important fight to me than "user rendering engine freedom". I don't personally need IE6 2.0 "Chrome is the only supported browser for the next few decades" (whether or not you think Google would declare victory in the same way that Microsoft did and stop innovating on Chrome entirely that very minute that happens), and I don't think the web as a whole needs that either. So I'm with Apple right now on their compromise choices.
I don't expect you to agree with me. I just want you to know it is a perspective of its own merits. The web has seen what happens when one rendering engine gets enough market share to dominate and that had a decade or more of repercussions, especially in enterprise application development. We're so dangerously close to that happening again. You may think you are fighting the most for freedom of the two of us, but from my perspective you are fighting a proxy battle in the Cold War and I'm much more worried about the Cold War and the freedoms it may lose us in the long run.
In the future Chrome might achieve a monopoly, therefore we should give Apple a monopoly on Safari today? If we're doing Cold War metaphors, this sounds like "we had to destroy the village in order to save it".
I'm much more worried about the Cold War and the freedoms it may lose us in the long run.
I will have to disagree that freedom is advanced by an OS that forbids you from using software that hasn't been approved by a megacorporation.
Apple's usage of Safari on iOS is much more akin to a monopsony than a monopoly (though we are busting at the edges of the anti-trust analogy). Apple is only the only (allowed) "buyer" of rendering engines on iOS, and so is only buying Apple. So it is a bit of apples and oranges when comparing to potential monopoly where Google is the last supplier remaining for rendering engines.
We're probably all going to keep disagreeing because it is apples and oranges no matter what analogy we try to use. I do think "potential monopoly" is worse than "practical monopsony" (especially when it is a proxy monopsony and people are still free to not buy Apple and thus not buy Apple's rendering engine choice), but you are welcome to continue to disagree. Again, I appreciate why a lot of y'all see the "practical monopsony" as the larger and more immediate threat.
Whatever you label it, it's an arbitrary limitation of technical capabilities that is done for the user without asking them. You can backpedal as far as you'd like, but you can't apologize away the fact that the user should have more power over their iPhone than Apple does. That shouldn't be contentious on a site called 'Hacker News'.
I'm not backpedaling, I stand by my opinion that "this isn't a technical user choice that matters to many users (including me)". That's the first thing that I said on the subject, and that's what I've been sticking to. I don't know why my opinion is upsetting you so much, but consider toning things down a bit before they get personal or hurtful?
What may sound like "backpedaling" is that I am admitting sympathy for your concern, despite disagreeing with it. I think you've made good points. I don't find anything "contentious" about it. I still disagree with you, and I'm not apologizing for disagreeing with you. I can understand your points just fine, and also still disagree with them. I would like you to consider my point of view, and maybe engage with me on this issue that it is much more complex than a simple "good versus evil". I hope this not to change your mind, but in the hopes of a better overall discussion than just "Apple is evil and doing evil things because Freedoms". The reality is not that simple. I don't blame you for thinking it is, and you are free to continue to do so, just don't yell at me for saying "well I think it's kind of complicated", please.
I'm not yelling at anyone. You're making weasel-y statements, and I'm calling you on them outright. If Apple wants to lead the way in browser development, then they should do so on their own merits. They're welcome to pre-install it on my iPhone, and they can even make it impossible to delete like on Mac. Just don't use it as an excuse to prevent alternative browser engines, it's not a solid argument. The concerns over Javascript engines and JIT compilation was sketchy at best, but I won't stand around and listen to people defend an opportunistic greed magnet for trapping their users.
There can be no free or fair market here. The barrier to entry for new companies to enter the phone market is just unbelievably high with all the patents.
Modern human communication, phones, are too important to be held hostage by just two companies, neither of which are acting in consumers best interests.
IMO this is the time that governments should be acting on behalf of the people, and not the corporations with the deepest pockets.
There is a Chrome app on iOS. I don't think many people pick their browser based on rendering engine, but rather on actual browser UI and features (like sync).
Is it really that hard to switch from Apple to/from Google or to/from Windows/Linux?
I mean, I really emjoy my current Apple ecosystem, and I do have all the devices, and I like how everything works currently. But, a switch is mainly a matter of movies my files and exporting/importing photos, contacts, and email. It might take a few years to cycle out ALL the devices, but I don't feel like there is a ton of friction in switching my data over.
It is more that everything is working so well together that I don't want to switch right now.
I do stay away from Apple home automation though, for this very reason. I want something open and local that I control since that WOULD be a huge pain to try and swap away from.
>Because in theory Apple could go completely against their own philosophy and our decades of prior experience with them, you should instead give all your information to Google so that they can sell it
I’m a FOSS person and run Linux as a daily driver. But I recommend every single person who asks to just buy an iPhone or a Mac (if they can afford it). The user experience alone is so superior to the other options. Security and privacy too, these days.
Apart from some very niche options, so is everything else.
This is about trust. If you don't trust the manufacturer of your hardware (or developers of software), that puts you down a very specific path of what you can happily purchase.
This was tied to an action in the App Store. Not sure how you purchase apps without tying it to your Apple ID. It is also laid out in the ToS "We use information about your browsing, purchases, searches, and downloads. These records are stored with IP address, a random unique identifier (where that arises), and Apple ID"
No one (or even the author) has been able to replicate it or find the Apple ID in any other logs calls.
> Sure, you can tell them to go the GrapheneOS route, but I don't think you can trust the average user not to just go and install Google Maps/Google Photos/etc as soon as the alternative FOSS option inconveniences them
Isn't it fine to install Google Maps, etc, in a separate profile, inside GrapheneOS?
A small number of comments here are not about E2EE backups but rather the security key announcement. If there's a more detailed URL for that part of the story, we can factor it into its own thread.
> Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage — all without having access to the files and photos themselves.
> • iCloud Drive The raw byte checksums of the file content and the file name
> • Photos The raw byte checksum of the photo or video
That means that you’re not safe to store known files your local dictator doesn’t like, isn’t it? Wouldn’t a sort of per-user salt allow the same functionality and give more confidentially?
If there is a "Revolution Plan (WIP)" document shared amongst a few agitators, and someone in power gets their hand on it (and its "checksum" or whatever), then can they figure out _who else_ has it?
More or less, yes. Apple could search for a list of iCloud users with that hash in their account and single them out without breaking the encryption (not that they can't do that too).
My understanding of how E2E encrypted iMessage works is that in group chats it does indeed send 30 copies of your messages, individual encrypted for each recipient in the group.
Perhaps they're doing multi-recipient encryption, ie. the data is wrapped with one key, and that private key is then encrypted with the public key of each recipient, so everyone ends up using the same private key to decrypt the file data itself. This means the actual file data isn't sent 20+ times (although the data is indeed stored in everyone's Messages backups separately; if Apple is doing de-dupe based on file data+filename, they're probably benefiting from deduping group message images).
> APNs can only relay messages up to 4 or 16KB in size, depending on the iOS or iPadOS version. If the message text is too long or if an attachment such as a photo is included, the attachment is encrypted using AES in CTR mode with a randomly generated 256-bit key and uploaded to iCloud.
Only the attachment encryption key and URL need to be encrypted to each recipient.
This is a great step, but I really hope Apple also change their position on no longer allowing users to provide a high-entropy passphrase to unlock all of this end-to-end encrypted data.
As it is, my iPhone unlock PIN is everything that's needed to decrypt the data server-side [1], and I'm not changing to an alphanumeric password on my phone only because of that.
[1] https://support.apple.com/en-us/HT204915 ("You might also be asked to enter the passcode of one of your devices to access any end-to-end encrypted content stored in iCloud.")
You are not limited by 6-digit passcodes only, you can also
“…Or tap Passcode Options to switch to a four-digit numeric code, a custom numeric code or a custom alphanumeric code.” which is on their support web site[1]
Yes, but then I need to enter a custom alphanumeric password every time I unlock my phone or tablet.
I want to be asked for it if and only if I grant a new device access to my end-to-end encrypted iCloud data.
I don't think this is an absurd demand. WhatsApp supports this security model, for example. Evem Apple used to, before they forced every iCloud keychain user to switch to their HSM-based model!
Do you not use FaceID or TouchID or unlock with the Watch?
I switched my pin to alphanumeric because I’m not putting it in every time I pickup my phone. I can live with the inconvenience of putting the passcode in every couple of days or so.
I just want to second this. I use a long alphanumeric password to unlock my iPhone plus FaceID.
I enter the password at most a few times a week after reboots and if someone plays with the phone and gets FaceID to fail too many times. It’s not annoying at all to unlock with the keyboard rarely.
Lately I've found FaceID can't handle my 'first thing in the morning and haven't had my coffee' face. I'm not sure if it's me or if Apple updated the algorithm.
If you haven’t already, I would nuke and pave the facial recognition. Haven’t faced anything like that since TouchID but that would be a red flag to me that the recognition data set is betraying me.
I see what you're asking for, but I don't think Apple would ever do it. A passphrase that is only used once every few years is a recipe for endless support calls.
Then hide it behind an option deep in the settings, and label it "only for advanced users, and if you lose it, all your data will forever be gone".
Apple even had this exact setting in the past! And they still have a similar thing for Mac disk encryption (the default is iCloud escrow, but a local-only recovery passphrase is also an option).
I’ve been using an alphanumeric passcode for about 7 years now. I’ve gotten used to it. It’s not too long to be annoying but better than a numerical pin.
Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.
> Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.
Unfortunately, that's not the case:
If you trust the secure enclave (for the device unlock scenario) or Apple's HSMs (for the key escrow scenario), a 6-digit PIN is just as secure as a 4-character alphanumeric password. In both cases, you get 10 invalid attempts before your data is wiped, and the odds are negligibly small in either case (10/10*6 vs. 10/62*4).
If you don't, i.e. you are concerned your adversary can somehow perform a brute-force attack, you need way more than four alphanumeric characters.
It's not exactly what you want, but one mitigating factor is if you're using FaceID, TouchID, or Apple Watch -- Those things will dramatically reduce the frequency that you're prompted for your password.
I want to use a low-entropy PIN on my phone, because I enter it dozens of times per day, shoulder-surfing is a concern as big as hacking in many scenarios, and because I trust Apple's hardware to be capable of efficiently limiting local PIN attempts and wiping high-entropy keys if required.
At the same time, I log in to new iOS devices with my Apple ID about once per year. I would love to be able to use a high-entropy key in that scenario. (As a point of reference, WhatsApp allows exactly that for encrypted backups!)
If that's still baffling to you, I'm glad I could introduce you to a very different viewpoint :)
There's still too many situations in which I do end up having to enter my passcode.
Mask unlock isn't perfect, wet hands can throw off Touch ID, and once per day I believe they will just reset and as for the passcode anyway. It's also required for software updates and reboots.
I'm not asking for this to become the default, or even an option given in any setup wizard. Just allow me to set up my own end-to-end encryption recovery passphrase and let me remove all of my device passcodes, i.e. allow me to opt out of HSM-mediated key escrow.
Is your Apple ID password not a sort of "secondary passphrase" as you're wondering? You enter the Apple ID password to download the encrypted data and the low-entropy passcode to decrypt it.
Not really. The Apple ID password is a regular server-verified password and does not contribute to end-to-end encryption in the cryptographic sense. In other words, it gates access to the end-to-end encrypted data, but not the keys used to encrypt them.
If you trust Apple to never get hacked or hand over your data to any third party, that's perfectly fine, but that is not the scenario that end-to-end encryption is designed to address.
Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure, as that's what stands between an advanced attacker (that can compromise your 2FA), or somebody able to compromise/apply sufficient pressure to Apple, getting into your iCloud end-to-end encrypted data.
The iCloud recovery key is a 28-character string, not your iPhone PIN: https://support.apple.com/en-us/HT208072. There is no situation that I can think of where a device PIN is of any use off-device.
Recovery keys were part of iCloud Keychain end-to-end encryption when used without "two-factor authentication", which is now a deprecated setup and can't be used with new iCloud accounts anymore:
Thank you for the links. In my case, I have two-factor _and_ a recovery key set up. The Account Recovery icon on Apple ID says "Your device passcodes can be used to recover end-to-end encrypted data. If you forget your passcodes, you'll need a recovery contact or recovery key."
Are you sure it's either/or? Have you gone through the process, and are you sure the PIN is required off-device, rather than ? If that's the case, I do agree that it's not good.
Also I don't quite understand the threat model where a stronger authentication to iCloud allows for weaker data encryption. Considering Apple is usually pretty spot on with these things, this would definitely stick out.
> Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure...
according to the article, I don't think this will be possible because you won't even be able to turn on Advanced Data Protection in this scenario.
"You must also update all your Apple devices to a software version that supports this feature."
Just to get the feature enabled you're going to have to go and "touch" all of the devices you're signed into and either update their OS (and also update their passcode if you're smart) or sign out of them.
I admit I still use a 6-digit passcode, but if you're actually serious about protecting your data you should be using an alphanumeric password anyway. Even ignoring the server-side stuff, that single password unlocks most of the data on your phone.
It's much easier to securely limit invalid PIN attempts on a device locally than in the cloud, though. This is the bread and butter of embedded security cores like the secure enclave or Google's Titan M.
Users shouldn't be forced to use high-entropy local passwords just because a service provider insists on reusing them for a completely different purpose.
> As it is, my iPhone unlock PIN is everything that's needed to decrypt the data server-side
That's not quite true. They use a HSM on their datacenters, which only allows a limited amount of guesses. They only allow a limited amount of guesses, before your data is wiped forever[1].
Technically, the keys are in the processor's state. You are just trusting that it won't divulge the keys without a correct PIN. You are also trusting the processor is properly secured. And you are trusting that no one would go through the effort to extract the keys physically with scanning probe microscopy or something.
Sure, but I won't, and neither will many other people, realistically.
There is no technical need at all for the same password to gate both local device unlock and remote end-to-end encryption key escrow.
It's a pure security vs. availability (and realistically genius bar support load) tradeoff, and I even think they nailed it for the vast majority of users! I just wish they'd let advanced users participate in that tradeoff more actively.
This. It seems like for the average person, if you go from not using cloud backups to using cloud backups with their pin, then this is a huge step backwards for security.
On the other hand, for the average person already using unencrypted iCloud backups, it is a considerable step forwards, and arguably managing their own high-entropy recovery key could be a significant burden.
I just really wish they'd made PIN-based HSM escrow the default, but optional (with the "off" switch behind several scary-sounding warnings).
For everyone else who was hoping to enable E2EE for backups right away:
> Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.
Unfortunately, it seems that this requires all connected devices to be on the latest OS versions (iOS 16.2, macOS 13.1, etc.), which means you can’t use it as long as you have older devices connected to your Apple ID.
It also doesn’t work for Shared Albums, and for other “Shared” features it requires all participants to have ADP enabled.
It's not particularly surprising that all your devices need to be updated, how else would it work? The whole point of E2E is that the ends are your devices.
Right, but it may be unexpected that a single device can prevent using a new feature on your other devices. This is just a heads up. And conceivably Apple could provide updates for older OS versions, as they sometimes do for security fixes.
This has been the case for other iCloud features and they've historically done a good job communicating this to the user at the time they upgrade the service and when they attempt to access it from an old device. I would expect that to follow the same process here either refusing to enable it until your devices are updated or having the old device kicked out until it's updated.
1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.
2) details of what they backup securely, besides photos (which is top priority for me): iCloud Drive: Includes Pages, Keynote, and Numbers documents, PDFs, Safari downloads, or any other files manually or automatically saved to iCloud Drive.
3)BUT, perhaps the BIGGEST news here is that Apple is making a backup statement to what they've been saying for years and what they've recently gotten negative attention on: They don't want your data. They're not Goodle/FB/Amazon. They're giving you 2TB+ of space and you can encrypt it to the point that you'll lose your data and they don't care -- they don't want to mine your data, they don't want to know what you store on there, the don't care to scan your pictures with AI 20 different ways, they don't want to monetize it, etc, etc., just pay them money for their service and transactionally they give you only thing that you want in return -- reliable, secure, private service.
seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.