Hacker News new | past | comments | ask | show | jobs | submit login
Apple introduces end-to-end encryption for backups (support.apple.com)
1587 points by frizlab on Dec 7, 2022 | hide | past | favorite | 1043 comments



this announcement is huge in multiple ways:

1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

2) details of what they backup securely, besides photos (which is top priority for me): iCloud Drive: Includes Pages, Keynote, and Numbers documents, PDFs, Safari downloads, or any other files manually or automatically saved to iCloud Drive.

3)BUT, perhaps the BIGGEST news here is that Apple is making a backup statement to what they've been saying for years and what they've recently gotten negative attention on: They don't want your data. They're not Goodle/FB/Amazon. They're giving you 2TB+ of space and you can encrypt it to the point that you'll lose your data and they don't care -- they don't want to mine your data, they don't want to know what you store on there, the don't care to scan your pictures with AI 20 different ways, they don't want to monetize it, etc, etc., just pay them money for their service and transactionally they give you only thing that you want in return -- reliable, secure, private service.

seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.


It's good to be passionate, but blind devotion is dangerous, especially since we already know by now Apple is positioning itself to become a major player in the advertising space and - with a dwindling economy and an increased pressure to sustained growth from shareholders - that's going to continuously encroach on our privacy guarantees for monetization purposes.

I'm advocating for an open and interoperable ecosystem of operating systems, services and applications, which is the only way to ensure sustainable customer freedom. Unfortunately that ecosystem doesn't exist yet so we're stuck with the duopoly of evil-doers (and while Google openly admits it is their business model to monetize you and your data, Apple has been caught with their hands in the cookie jar a bunch of times already and they're just developing a sweet tooth, so...).

Full disclosure: I've been using only iPhones for 12 years and am still using one today.


> we already know by now Apple is positioning itself to become a major player in the advertising space

We don’t know that. We know that they put ads in the App Store, that’s it. I wish they did not, because it made the store even more of an unusable mess, but it really is not even in the same league as Google and Facebooks, systematic surveillance.

> increased pressure to sustained growth from shareholders

This sounds truthy, but is there any evidence of this? Apple is famously the company that tells rent seekers after more ROI above all to fuck off (both Jobs and Cook).

> I'm advocating for an open and interoperable ecosystem of operating systems, services and applications, which is the only way to ensure sustainable customer freedom.

Now that’s a real point, which deserves more than being buried after a paragraph of half-truths (and I almost entirely agree, FWIW).

> It's good to be passionate, but blind devotion is dangerous,

After starting a post like this, it is disappointing that you fell in the trap you warned the OP about. Being contrarian and using mis-informed tropes is not a good way of having a rational discussion. It is not being cool or clever at all.


> We don’t know that. We know that they put ads in the App Store, that’s it. I wish they did not, because it made the store even more of an unusable mess, but it really is not even in the same league as Google and Facebooks, systematic surveillance.

They also put ads in Maps, Stocks, and News, and they "started asking people last year if they wanted to enable personalized ads on these apps."[0]

> This sounds truthy, but is there any evidence of this? Apple is famously the company that tells rent seekers after more ROI above all to fuck off (both Jobs and Cook).

"Inside the ads group, Teresi has talked up expanding the business significantly. It’s generating about $4 billion in revenue annually, and he wants to increase that to the double digits. That means Apple needs to crank up its efforts. "[0]

Plus the advertise iCloud in the Settings app with a red badge, which is just annoying.

[0] https://www.forbes.com/sites/kateoflahertyuk/2022/08/15/appl...


> "Inside the ads group, Teresi has talked up expanding the business significantly. It’s generating about $4 billion in revenue annually, and he wants to increase that to the double digits. That means Apple needs to crank up its efforts. "[0]

This doesn't mean they need to do it with targeting/data mining. I swear all the data mining does is show me ads for stuff I just purchased 3 days ago, and that's with google-level surveillance.


I don't like the idea that we discuss this as a law of nature.

I am an iPhone user since three years ago but if at some point I get a better deal elsewhere, I'm off.

And with Apple I pay extra for premium, and there is only so many ads[1] one can shove in before the premium feel is gone.

As for the targeted ads, I share your feeling that the targeting is badly over hyped, except you are lucky compared to me:

Ads for products I bought 3 days ago would be wildly relevant compared to most of the ads I can remember from Google. It was almost always scammy-looking dating sites. For a decade. Don't know what I did wrong but it seems there was a fluke with my account. Or they just god more money from scammy-looking dating sites than from anyone else.

Oh, and when it wasn't ads for scammy-looking dating sites it was pay-to-win games, and based on the ads you could be forgiven for thinking they were made by the same folks.

[1]: I'm no hardliner here: contrary to many on HN I actually see value in some ads and think I have sometimes made better purchases/been reminded to do things I wanted to do anyway.


> It was almost always scammy-looking dating sites. For a decade.

Every time people tell me that AI is great, I remind them that the most frequent ads I see are: 'Goth Muslim hookups' and 'automatic chicken coop door'.


It unfortunately seems to work if you don't go out of your way to block all trackers everywhere and never sign up for anything. I don't personally get any ads I would ever give a crap about, but my wife has been complaining like crazy and constantly blowing up our family plan with data overages since I started ad-blocking at the DNS level because she's constantly being served ads for stuff she actually wants and tries to click on it only to get blocked by my DNS server when it tries to go through a known tracker redirect to grab conversion stats for their campaign or whatever, and then she switches from WiFi to data in order to use the ISP's DNS instead.


They either have to do way more ads, or way more targeted ads. Would you prefer an endless stream of low-relevance ads, or a few high-relevance ones that required massive amounts of data mining to produce?


Definitely the former. Also the actual difference between "endless" and "few" is like 3 (by price)?

If all this additional surveillance, sorry "targeting", is that worthless why should we even consider allowing it?


Curious. I use maps all the time. What ads are in there? Or is this a US only feature?

(I don’t use stocks and news isn’t available outside the US, or atleast Singapore/Taiwan.)


No ads yet, but they say they're planning it. If we all complain loud enough maybe they'll change their mind, like they did here with encryption.

https://www.macrumors.com/2022/08/15/apple-could-bring-ads-t...


Become the screeching minority you always knew you could be (;


For a maps app I'd imagine it'll be more a case of businesses will be able to 'boost' themselves to people in the area. Slapping big banner ads across a maps app isnt going to generate much ROI given most people will be using it in carplay mode.


I'm not sure that there are any ads right now, I guess Apple will plan to expand their business by adding more ads in the near future.


Best to just be cautiously optimistic I suppose. It’s not like there’s much choice.


for real though, people are such apple fans, even if they charge $500 a month there are people who'd still pay


>> Apple is positioning itself to become a major player in the advertising space

> We don’t know that

"Apple’s VP of advertising platforms Todd Teresi has been asked to bolster annual revenue into 'double digits' from about $4 billion today" (Aug 2022)

https://www.forbes.com/sites/kateoflahertyuk/2022/08/15/appl...


> Apple’s VP of advertising platforms Todd Teresi has been asked to bolster annual revenue into 'double digits' from about $4 billion today" (Aug 2022)

Double digits isn’t a major player. Google and FB are already making nearly 200B ad revenue each. If every Apple app and device showed ads constantly it still wouldn’t come close to the views that fb and web pages get to display ads used by Google and Facebook.


Right but it pretty obviously signals intent. Double digits leads to triple digits.


> Double digits leads to triple digits.

Just to put everything onto the same scale, 4 to "double digits" requires a 2.5X increase. "Double digits to triple digits" would require a further 10X increase.


Basically take everything lost by Meta/Facebook directly attributed to ATT and you'll get a very clear picture on what they can very easily get back with their own ecosystem.


Or we decided we didn't want to be so rigorously surveilled and the market shrank.


We, as the consumers, don't get to decide.

If Apple is indeed going full adtech and data harvesting, there is nowhere for consumer left to go, no competitor.

And regulators aren't stepping in either - multuple companies were caught illegally selling private customer data and there were no consequences.


There are a lot of consequences for Facebook/meta for example. They have and will pay millions for transgressions.

But I would agree it is not sufficiently deterrent for a company this size.


Millions of fines against a billions in profit? This will do nothing to deter them. It’s an insignificant cost of doing business for them.


> If every Apple app and device showed ads constantly it still wouldn’t come close to the views that fb and web pages get to display ads used by Google and Facebook.

I can’t begin to imagine how irritated Tim Cooke is by the revenue Google and Facebook make from adverts on iOS and he clearly wants in on it.

Given that both those ad companies make revenue off iOS, it’s not unreasonable to aim for a similar level on the platform.


> I can’t begin to imagine how irritated Tim Cooke is by the revenue Google and Facebook make from adverts on iOS and he clearly wants in on it.

Wow, thanks for using your psychic powers to tell us what Tim Cook thinks and feels and share that exclusively here on HN!

...Unless you have an actual source for this claim?


That's only the immediate goal. It would be bad for them to eat up the percentage of the market lost by their competition right away; that would get some unwanted attention regarding monopolistic behavior.

They clearly want a slice of that market, and they have the patience needed to wade in.


> Apple is famously the company that tells rent seekers after more ROI above all to fuck off (both Jobs and Cook).

The App Store, and their demand of 30% of all revenue that passes through an iPhone is the most infamous example of digital platforms rent seeking.


Tim Cook told ROI-focused investors to "get out of the stock."

Unfortunately now you've unlocked the "haven't you heard of platform fees (Google Play) or walled gardens (Nintendo eShop) before?" tangent.

There is no new information here - some people are perfectly happy with Apple's walled garden business model as it is and/or don't think Apple should be forced to change, while some think that Apple should be forced to change it so that customers can have more freedom or developers can collect more money.


You mean “infamous” as in what every other platform does - including Google and the console makers? The console makers even force game developers to pay a royalty on every physical game sold.


> 30% of all revenue that passes through an iPhone

A bit of hyperbole there. 30% of revenue from sales of digital goods after the first $1m (15% before).

I’ve probably spent $20k on Amazon using my iPhone this year alone. You don’t think Apple takes 30% of that, do you?

Besides, it’s so funny when people use “rent seeking” as a pejorative. Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?

A bunch of years ago I made several hundred thousand dollars from the App Store. You know how much I would have made without the app store? Zero. Do you think I begrudge the 30% I paid, any more than I begrudge the rent I pay for this house?

I understand people who dislike the Apple walled garden and want no part of it. I do not understand people who want all of the benefits but expect Apple to provide it for free.


> 30% of revenue from sales of digital goods after the first $1m (15% before).

Not quite - if you go over $1m in revenue you pay 30% on all revenue in the following year.

I honestly believe that if the App Store were to start now, they would feel entitled for a cut of all physical goods transactions that happen.

I don't believe Apple produces 30% of value when someone (hypothetically) signs up for Netflix on an iPhone. Apple's App Store actively hinders value creation when they prevent Netflix from using their existing saved credit cards to re-subscribe a user on an iOS device.

> Do you think I begrudge the 30% I paid, any more than I begrudge the rent I pay for this house?

It sounds like you saw value in something, and you paid for it. A competitive product would be able to stand on it's own and developers (and users) could make a decision on what product they wish to use - I'm sure that a lot of developers would continue to use Apple's payment infrastructure because they find it easier!


> I honestly believe that if the App Store were to start now, they would feel entitled for a cut of all physical goods transactions that happen.

There must be a name for this fallacy, where one bases their opinions on speculations about how things would be different today if their already-held opinions had been true long ago. Some kind of retroactive confirmation bias?

> It sounds like you saw value in something, and you paid for it. A competitive product would be able to stand on it's own and developers (and users) could make a decision on what product they wish to use - I'm sure that a lot of developers would continue to use Apple's payment infrastructure because they find it easier!

You're not paying for the payment infrastructure. You're paying for the discoverability and distribution. I cheerfully paid 30% to reach a few hundred thousand users when I could have reached, maybe, tens of users on my own. I find it hilarious when people explain how I was ripped off with exorbitant fees.


> I don't believe Apple produces 30% of value when someone (hypothetically) signs up for Netflix on an iPhone

And neither did Netflix and they haven’t allowed in app purchases for years and are still doing quite well.


>Besides, it’s so funny when people use “rent seeking” as a pejorative

"People" including anybody from Marx to the left, all the way to Friendman and Hayek to the right, including Adam Smith...

Sorry, rent-seeking is milking assets without producing value (or with only minimal investment/maintainance costs). It's the opposite of a functional market.

>Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?

No, you're supposed to not want an economy where people don't mouch off of standing assets, but actually contribute to making value (and products and progress and stuff).

Rent-seeking 101: "Rent-seeking activities have negative effects on the rest of society. They result in reduced economic efficiency through misallocation of resources, reduced wealth creation, lost government revenue, heightened income inequality, and potential national decline."


Calling the Apple ecosystem a “standing asset” is an outstanding example of either disingenuity or ignorance. You’re free to help us decide which.


The Apple ecosystem is not the App Store. They make money off the sales of physical products and their own services like iCloud.

Making money off of the App Store is pure rent seeking. It's maintainance and (very infrequent) improvement costs (negliblible compared to its profit) don't make it any less so. Heck, actual rented properties like houses also incur some maintainances costs on the owner.


> Besides, it’s so funny when people use “rent seeking” as a pejorative. Like, yes, the reason my landlord bought this house for a lot of capital up front was that they believed it would be profitable rent it for much smaller amounts for a long time. What, am I supposed to feel entitled to use the house for free?

They mean "rent" the econ jargon, not "rent" the thing you pay to your landlord.

See: rent-seeking

https://en.wikipedia.org/wiki/Rent-seeking

It's a bad thing basically by definition.


Android has the same cut for their in-app purchases


No, Google gets a cut for purchases through the Google Play Store.

Google does not take a cut if you use an alternative app store (which isn't possible on iOS)


I assume the 30% platform fee is the reason why nobody uses Google Play and everyone uses other app/game stores instead.


Everyone uses Google Play because it's convenient. But as a notable example, Fortnite refused to use Google Play for a while precisely because of that 30% fee, and it worked out pretty well for them. Eventually they gave in and put Fortnite on Google Play. Although Google kicked them off later (they pushed an update which allowed users to bypass Google's 30% cut using their own payment system) so it's back to direct download from the website.


It worked out pretty well but they gave in. So why do you think it worked out pretty well if they came crawling back?


Which no one does and when even Epic tried it it was an abysmal failure.


Android allows you to update apps from outside the play store.


And this is why Google and Apple form a duopoly in the mobile app distribution and mobile app payments markets.


> Apple is famously the company that tells rent seekers after more ROI above all to f off (both Jobs and Cook).

One of my favorite CEO moments comes from Tim Cook on an earnings call: “If you want me to do things only for ROI reasons, you should get out of this stock,” And then more recently “If you're a short-term trader, do not invest in the Apple stock,”

I understand both, but it’s so odd to hear a CEO tell people “no, we don’t want your money” and I will grant that Apple is luckily not in the position of needing it.


Keep in mind when a stock is trading the original company doesn't get any of that money unless they have shares.

What Cook is saying is that Apple is in the enviable position of being to make long term plans. Not every decision can immediately be boiled down to an ROI calculation, but that's what short term thinkers want.

For example, how much has Apple invested to develop this E2E system (the tech, support, etc...), and what is the ROI? IMO, over the long term it should have a positive ROI, even if I can't draw a direct link from quarter to quarter right now.


Doesn't matter what they claim, look at the numbers and what they're actually doing. Apple has a good product with the iphone but they aren't running a charity, it's a hugely profitable business that puts money over everything, even human lives (see how they aid the CCP's totalitarian regime as an example).

For users to trust them as a guarantor of privacy and rights is naive at best if not outright idiotic. Since they comply with Beijing why would one assume they won't feed your data to Fort Meade and Brussels - who as a sidenote are planning to outlaw end-to-end encryption for major apps: https://www.patrick-breyer.de/en/posts/messaging-and-chat-co...


Everyone in adtech knows it. Apple (and Amazon) are both rapidly growing their advertising businesses.

And 30% take rate of everything from your app including later subscriptions and services is extremely rent-seeking.


Then don’t accept subscriptions via in app purchases? Many apps don’t including Netflix and Spotify.


Workarounds existing doesn't negate the rent-seeking.

Also the "necessary costs" argument for the App Store fees falls apart when the unmonetized apps are all free.


So the fact that you don’t have to use Apple’s in app subscriptions for users to be able to subscribe is irrelevant to the argument that apps have to use in app purchases for subscriptions?


You're missing the point. The lack of alternative app stores or the ability to accept payments and control subscriptions via other gateways is the problem. You either use Apple app store/payments and accept the fee or you don't have any transaction ability in the app.


Let's simplify this.

I want to make an iOS app. I've already paid Apple the $100 bucks per year or whatever it is, so I've "done my part".

Then, I want to have in-app subscriptions and payments, and I found a great service, XYZ, that does this.

So, on my own time, with my own device I bought (which by the way, in another money-grubbing move, HAS to be another Apple device, even though there are 0 solid technical reasons to force this), I write the app, I put in the integration for XYZ.

Can I publish this to large amounts of iOS devices?


Can you do in app payments via any of the consoles, Roku, etc without the platform owner getting a cut?


No, and that's not any better.

Plus, are we actually comparing general use mobile computing devices to niche and mostly fixed computing devices?


So a “cell phone” is a “general purpose computing device” but a console isn’t?


They're both Turing machines, if that's what you're getting at.

In practice, no, a console is not a general purpose computing machine.

On iOS, by design, you can install almost any kind of application even without jailbreaking it. Which people do, you can have Excel and Maps and IDEs and whatever.

Consoles, by design, do not allow that. It's almost strictly meant for games and media.

And again. I don't care. Both types of walled gardens should be abolished.


There is nothing about consoles that make them incapable of installing any type of software. They support keyboards and mice.


I don’t think Apple is seriously considering a major play in ads and if they are I think this signals pretty hard that they won’t be doing it off the back of consumer data.

It just doesn’t make sense to their business strategy. Apple is premium, ads are the antithesis of premium. Just doesn’t make business sense.


> After starting a post like this, it is disappointing that you fell in the trap you warned the OP about. Being contrarian and using mis-informed tropes is not a good way of having a rational discussion. It is not being cool or clever at all.

Once a brand starts to build large-scale mindshare, there is of course the inevitable brand-wars fanboy faction, but there also pretty reliably seems to emerge an anti-brand faction - this pattern is consistent across NVIDIA, Apple, and many other leading-but-controversial companies. The mere mention of these companies in a positive context gets another faction reliably winding up about how awful they are and how everything they do is actually fake and a lie and intended to rip off customers unlike my favorite brand, etc.

It's essentially another form of parasocial relationship - but it's a negative parasocial relationship instead of a positive one. People gain identity from opposing the brand-signifier rather than supporting it.

The existence of fanboy factions is oft-observed at this point, but I rarely see anyone acknowledging the opposite side - the people who just are reflexively contrarian and negative about anything surrounding a brand, regardless of any counterbalancing concerns or factors. The hateboy, if you will.

And blind hate is just as destructive to nuanced conversation as blind devotion. It's also destructive to actual progress - positive steps need to be acknowledged and encouraged even if you think it's still the overall worse option, and negative steps from a brand you favor need to be acknowledged even if you think they're still the overall better option.

To do otherwise is to oppose actual progress over what amounts to parasocial tribalism - in both directions. The hateboys are just as toxic as the fanboys to reasoned discourse.



I can see your point, but wouldn't classify myself as an Apple "hateboy": I've been using iPhones since the 3GS (we have 4 iPhones in the family, 2 iPads and a MacBook).

I've just been extremely disappointed by their hypocrisy around privacy (which is a subject I'm very passionate about). They've betrayed my trust when they announced the on-device scanning functionality a few years ago; yes, I know they eventually dropped it after massive pushback from everyone that understands its privacy implications but before doing that they treated us "screeching minority" like dirt, I've never seen such condescending behavior from a legitimate company, especially one that I previously respected.

Their massive push in the ad space, combined with other scummy behavior (phone-home on macOS, backdoor access that sidesteps firewalls from 1st party apps, etc.) just paints a bleak future where all the big players (Google, Microsoft and now Apple) treat us like sheep; it's just so frustrating and sad...


> We don’t know that

The only way for a 2T business to grow is by expanding the Services business significantly, in some market that is already known to be close to half a trillion dollars in revenue.

You really think Apple is trying to make small change with ads in Apple Maps?!


>We don’t know that.

But apparently we know that they will never put ads or sell our data pinky swear!

Despite the fact that they have already done so.


> Apple is positioning itself to become a major player in the advertising space

Advertising does not require that you spy on each individual person.

Google, for instance, used to show you ads based only on your search keywords.


> Google, for instance, used to show you ads based only on your search keywords.

This is still true. You basically never see personalized ads on search, since getting a contextual ad for cruises when searching for programming answers probably isn't going to end up with many clicks. Instead, it's only really 'Google Ads' (AdSense on other websites) and YouTube where personalized ads result in higher CPMs.

(Although Google does indeed use your search history for ad targeting.)


> (Although Google does indeed use your search history for ad targeting.)

Yes, and it's not the advertising part that is evil. It's the part where they spy on every aspect of your life because doing so makes ad sales more profitable.


Point of order: their inline-ad-placement on search results is evil. It exists to trick the unwary, including vulnerable people like the elderly, sometimes into landing on scams, thinking they're legitimate because Google presented them as top-level search results.


> Point of order: their inline-ad-placement on search results is evil.

I don't think that is necessarily evil, but it certainly is embarrassing for Google since Google used to make fun of competing search engines for that exact behavior back when Google was still the underdog.

Spying on everyone's credit/debit card transaction data, on the other hand, is definitely evil.

> as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases

https://adwords.googleblog.com/2017/05/powering-ads-and-anal...


Adsense does do personalized ads. Search for “gym” and it will show location based ads.


Location-based isn't personalized.

Personalized is "we're showing you ads for local gyms because we noticed that you've been watching a lot of Youtube videos about workout routines". Or whatever.


I would argue those are two levels of personalization, actually. What makes you think where you are isn't a part of catering to you specifically?


If I see ads posted in the wall on a subway in Manhattan, that they are talking about restaurants nearby and not in San Francisco does not cross the threshold of 'personalized advertisement'.

If a digital panel switched to show me restaurants in San Francisco because they detected that I travel there a lot, that is absolutely personalized.

Similarly, if a maps service shows me restaurants near my destination that have paid for placement, thats not personalized. If they show me fast food restaurants on my route because I got directions to one previously, that is personalized.

It is a moot point because Apple isn't anti-advertising _nor_ anti-personalization. They are pro-privacy. Like Google, they will just move ad determination onto the device.


I'd argue that the difference is memory. When a service provider starts making decisions based on an individual user's history, rather than only using factors which they can infer on the spot, that's the point at which I'd call the behavior "personalization".


> blind devotion is dangerous

We aren’t talking about blind devotion, though, are we?

We have a tangible actual important thing. Apple can’t plumb our backup data for their own profit.

You want to be careful not to ignore information just because it doesn’t comport with your preconceived assumptions. At least consider weighing them against your assumptions? I’m never going to be against a cookie-based metaphor, but that doesn’t make it apt.


> It's good to be passionate, but blind devotion is dangerous

Agree with you there -- the data might be encrypted on Apple's servers but that doesn't mean Apple can't scan your data on your device and report the findings back to the mother ship. They've made it increasingly difficult to know or control what system processes do.


Exactly. With the actual observation of Apple pursuing ads after supposedly shutting out Meta, I'm holding my confetti on this for a while.


"Unfortunately that ecosystem doesn't exist yet so we're stuck with the duopoly of evil-doers..."

That is no longer the case. There are projects starting to come out which are open source and building on top of AOSP like GrapheneOS, CalyxOS and a few others but those two are solid options at the moment.

I am not sure why GrapheneOS doesn't get mentioned here on HN but it's seriously a wonderful project that includes privacy features not available even on iOS. They are this far ahead of the game when it comes to privacy and security. Highly recommend checking them out.

https://grapheneos.org


> I am not sure why GrapheneOS doesn't get mentioned here on HN

Probably because with GrapheneOS you have to rely on Android phone vendors which lock down the devices more every year. In my opinion, this is not a sustanable solution in the long term. GNU/Linux phones could be more sustainable.


>Apple is positioning itself to become a major player in the advertising space and - with a dwindling economy and an increased pressure to sustained growth from shareholders - that's going to continuously encroach on our privacy guarantees for monetization purposes.

Or they could sell us a rugged iPhone with a removable battery and SD card slot to extend storage but keep the proprietary OS to keep the music/movie ppl happy plus keep out malware not sent via FISA warrant, but if they did that Tim Cook might jump off the top of the donut apparently, so they keep going the way you describe.


> Or they could sell us a rugged iPhone with a removable battery and SD card slot to extend storage but keep the proprietary OS to keep the music/movie ppl happy plus keep out malware not sent via FISA warrant, but if they did that Tim Cook might jump off the top of the donut apparently, so they keep going the way you describe.

I'm sure 3.5 humans who want that will appreciate that product.


I was being a bit sarcastic but I think longer, removable battery rather than thin + using a charging case could have an appeal.

(Same for an sd slot.)

Especially paired with a form factor like the 6s for those who don’t want a phablet.


> we already know by now Apple is positioning itself to become a major player in the advertising space

There's a fundimentally different approach to advertising by Apple than say, Google or Facebook. For one thing Apple isn't doing web ads. They've not got an adsense style platform and likely never will.

The ad network they're building is for inside their own apps, and likely eventually for app developers to integrate into their own apps - apps only.

In addition those ads are for items within their existing ecosystem, ie more apps.

In terms of data collection this means they dont need the insane levels of information that Google and Facebook collect. All they need is a rough idea of your interests, which can be gained from the apps you use, and your activity in their own apps. Everyone using an Apple device must know they store your location, so that ones an obvious no brainer.

They dont however need to know your browsing habbits. Would it help target better? Absolutely, but the whole aim of their ad network is to keep you inside apps, not browsing the web. If you're using Chrome, Safari, etc they cant advertise to you as again, its not a web-based ad network.

As data collection goes, the way they're doing it is about as least intrusive as you can get. Theres no following you around the internet going on, which has always been the biggest issue with Google and Facebook.

I'm not saying Apple is a 'saint' in all of this, but its not even close to the level of tracking other companies use.


> The ad network they're building is for inside their own apps, and likely eventually for app developers to integrate into their own apps - apps only.

The money generated there will affect behavior elsewhere. These walled garden profit centers always do - having disproportionate number of resources for the task and with it the ability to ignore the needs of the greater business.


Can you give examples of some of the times Apple has been caught with their hand in the cookie jar? Otherwise it seems like a bit of a false equivalence.


Speaking of blind devotion to memes, is there any objective data, anywhere, of any kind, that indicates a "dwindling economy"?


I can't generalize, but could point out to the contraction of venture capital investments, for example. Does that mean "dwindling economy"? Maybe not, but it does constitute some type of signal.


outside of appstore ads and ios ads for their services, where is apple doing advertising?


Throughout their News app for one.


Yeah, this has been so depressing to see. I disliked that there were ads when I signed up, but it was part of a bundle with other things (arcade, music, tv, fitness, etc.), so I gave it a try. But they've been increasing in frequency and they've been added to places they didn't exist before (like when you swipe to see the next article). It's still nowhere near as bad as reading a web page without an ad blocker, but it's definitely past my threshold of pain, and so I'm just using it less. I want the other things in the bundle, so they'll count me as a subscriber, but I'm using it less each day.

What's particularly odd is that some articles have no ads at all. Some have the same ad repeated literally 3-5 times in a short 1,000 word article. And the ads are all trash. They seem like those awful chum-boxes you see on web sites. Who in their right mind thought this would be appealing to the typical Apple user? I mean, regardless, I have never intentionally clicked on any ad on the web in 30 years, and I'm not going to start now.

It's sad because it's exposed me to regional newspapers from around the world. I live in California and see articles from newspapers in Idaho, Utah, Connecticut, upstate New York, Dallas, Miami, Chicago, etc. and even from other (mostly English-speaking) countries like Canada, England, Ireland, Isreal, and Australia. They even include some (English-language) stuff from China. I don't normally see news sources that diverse on the web because it takes more effort. But the ads just make it not worth it to continue using.


News+ silently dropped one of my preferred news sources last week. No updated articles for a week now and it's no longer listed on the news sources page on the web site. Oh well, I'm still in a free 6 month trial but no longer intend to become a paid subscriber next year.


Which news source?


Even with the amount of leverage they have to control third parties, media companies are too big for them to control. I’d be willing to bet they had little choice but to let the various publications run ads as they please. Those companies don’t need to be available on Apple News+ to survive. But Apple News+ has no chance without them.


And "news" in Stocks


Are these ads? If I see a large derivative, I can usually glance down at the relevant news to see why. More often than not, it says "No Recent Stories", which shouldn't be the case for an ad.

The news articles in the main view are just top business stories from Apple News. I don't see anything ad like at all, actually.


Apple News is an unusual miss by Apple imo. It’s just not “Apple”, like everything else they do is.


Lol, the News app is available in like two countries.


In the settings app they advertise iCloud if you aren't using it


> ios ads for their services.

I hate ads, but for most people paying some bucks a month to make sure their 2nd brain of photos/notes/passwords/texts/etc is totally (and now privately) backed up is a worthwhile insurance policy.

I think the argument that advertising iCloud plan upgrades in settings, where you’ll be pointed to if you run out of backup storage, is very benign as far as ads go. Although I do think that they should have a method to dismiss it(I don’t see this so I’m projecting that they don’t).


It is much, much less obnoxious than the constant nagging to use Edge and OneDrive we see in Windows.

Windows even sent a notification questioning my choice to disable location tracking.


I don't have ads on my phone or my desktop. Why should I settle for a shittier experience A? The fact that there is an even shittier experience B is no argument.


The only 'ads' I've seen from Apple have been the aforementioned iCloud invitation in Settings, there is also a prompt to sign up for iCloud when first setting up the system. That's an element of user choice - 'use our service, or don't, we won't ask twice'.

Unlike MS - you have to link everything with an ID when first setting up W11, no choice unless you go to extreme workarounds. Constant nagging and manipulation thereafter.

With that said, what platform are you using that has no ads at all? Presumably Linux on the desktop, which I can almost use. But unfortunately I can't use it on mobile, I have too many use cases in the personal and business world that require a 'normie' grade phone.


Not even Linux is safe. Ubuntu has displayed advertisements several times.

https://www.theregister.com/2022/10/13/canonical_ubuntu_ad


I simply use an Android build with Microg, and block ads and trackers at a system level (indeed run a firewall in whitelist mode).


Yes, Apple is slightly less bad than Windows. On the other hand, Linux doesn't have any ads (other than the silly ones Ubuntu is trying to push on the command line these days).




Calling a onetime pop-up of a service offering an ad is stretching the description somewhat. Also, it's losing sight of the main argument - ads driven by gathering personal data is what causes concern.


Still worse than Linux. And that's one of the arguments against ads, the other one is that ads take up your attention.


So by this definition Firefox is advertising Pocket?


Clearly. That was the main problem voiced when they started doing this, wasn't it?


Yes


If you consider that an ad, then we are not talking about the same topic. Like sure, pedantically it is an ad, but is not the kind people mind or hurts their privacy at all, nor does it have shady incentives (it is not a third-party service).


Explore Nextcloud. That is their vision and what they have implemented. I have been running on it for years since I left Goopple.


Nextcloud is more a backup-adjacent system. You can use it for backups, but you're on the hook for maintaining that system and keeping it secure. Maybe you have time and will to do so but most don't. It's a lot simpler than it used to be on Ubuntu (nowadays just `snap install nextcloud` and you're good to go) but that doesn't make it carefree.

I ran my own Nextcloud instance for ~3 years, recently moved to Syncthing for simplicity. But that use case is more about making certain pieces of data available to all my devices, not for backups.


File backup is just one of its many capabilities. I use these apps in Nextcloud currently which sync to all my devices: News/RSS reader Cospend like Ihatemoney Contacts Calendar Music Mail Photos Talk for voice and video Bookmarks Deck/kanban board Tasks Notes Maps Polls Forms Money Health Passwords Collectives/Wiki


I did the same with my instance. More power to you if the tools are good enough for you, but I found them too clunky to use compared to dedicated products in the space.

Still, I did appreciate the breadth of apps that one could install.


Nextcloud ecosystem is best of class rather than best of breed. Not every app is the best, but many are under active development and improving rapidly. I might have too many eggs in one basket, the the maintenance is very easy this way.


>we already know by now Apple is positioning itself to become a major player in the advertising space

Do we though?


> Apple’s VP of advertising platforms Todd Teresi has been asked to bolster annual revenue into 'double digits' from about $4 billion today.

[1] https://www.forbes.com/sites/kateoflahertyuk/2022/08/15/appl...


Subjective and rhetorical, but yes lots of people think there's too much money on the table to just eschew ads in their products. Let's be honest, Apple has a captive market, and their largest real issue is that they make too much money and can't find anything to spend it on.


I’ll give you “lots of people think…” but not “we already know…”

And “ads in their products” but not “a major player in the advertising space”


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Their software is not open source. Before this announcement you had to trust Apple not to look into the files you store in the cloud, now you have to trust that they're actually going to encrypt your files and not save the decryption key. Ultimately you still have to trust Apple. A combination of any open source OS, any cloud provider and Cryptomator or Veracrypt wouldn't require as much trust in one company.


You're trusting somebody no matter how you do it unless you own all the hardware that supports your ecosystem.

The Free Software world has had ample opportunity to produce something as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.

I've watched the whole FOSS world happen in my career, and there are places where I cannot IMAGINE choosing a closed source solution, given my druthers. But it's also become super clear to me that the FOSS world isn't interested in producing polished user experiences. Sure, you or I could cobble together a FOSS-only phone-and-syncing stack, I guess, but I don't care to. Most people aren't us; doing so is beyond them.

Suggesting a normal person use something OTHER than iOS at this point is questionable at best.


A bazaar cannot produce things that are coherent and smooth: it takes a vision of a single person to control a large amount of aspects, implemented by other people the way the leader prescribed. That requires the cathedral approach.

Sometimes it works with a right BDFL, for some time (like Python). It also works with solo projects, and with projects with large commercial support (like Blender), especially those which don't normally accept your pull requests, except as a proof of concept (SQLite).

But the normal open-source model produces things like Linux, git, ffmpeg, VLC, etc, which are wonderful and have immense power, but are hardly sleek or excessively coherent. And each of them is much, much smaller than macOS or iOS.


Something I've come to understand is that just as we have "time vs. space" tradeoffs in, well, primarily computing (but can be applied to virtually everything), we can also reduce essentially all preferential decisions down to "freedom vs. convenience".

The kind of person that uses Apple products/services cares about convenience. The person that uses the third party Android ROMs, in particular, cares more about the freedom.


FOSS people who see themselves as digital freedom fighters LOVE to trot this out, but I don't think it's true in any meaningful sense.

It's more accurate to frame it as preferring low hassle to high hassle. Or to preferring well-designed tools to haphazard efforts. Or, from the other side, preferring some degree of DIY to turnkey products. (In particular, I think this is a HUGE piece of it; lots of hackers want to build their own toolchain, and then they get to feel noble because they're doing it for "freedom.")

I'm pretty "all in" on the Apple ecosystem. Each step of the way, I thought pretty deeply about my choices, and still ended up with an Apple option. But to characterize this as me caring more about convenience than "freedom" implies that I have somehow given up or endangered MY freedom, which isn't the case.

I'm able to do anything I want to do in this ecosystem. Macs are general purpose machines; I can build from source, and I can run code from any repository I want.

iOS is closed by design, and the result has been a very stable and predictable platform that I do not believe is possible WITHOUT that closed nature. I can't hack code on my phone, but I also don't WANT to. There are lots of appliance devices in my life I don't want to hack, and that I just want to USE.


You're right, you have the freedom to choose a device with less freedom. And that's fine. I'm not trying to be condescending to people who prefer convenience. It's a reasonable preference to have. I don't see how this disproves my point though.

I will admit, Macs are much better in the software realm, but the hardware has almost no internal upgradeability. There's some, but it's less. That's my point. And yes, many non-Apple computers also have that same problem. My gripe isn't with Apple. It's with companies who don't give maximal freedom with their devices, as I prefer more open systems, personally.


"but the hardware has almost no internal upgrade-ability"

Sure. But this is also true of most modern, lightweight, thin laptops. And I'm pretty sure it's true of any phone worth using.

My experience is that a certain sort of FOSS person prefers theoretical freedom to actual usability.


I am one of those FOSS people. I was all in on Apple up until about 6 months ago (iPhone 13, 13" M1 MBP, AirPods, an iCloud+ sub and some peripherals). My wife still is.

The main reasons I left are repairability and upgradability; forms of freedom that you simply cannot deny Apple isn't great at, from design all the way up to policy. Privacy was also a reason. It is true that you have to place trust somewhere up the chain when it comes to the way specific software handles your data, but things like where it is stored and how it is encrypted are in your own hands when you DIY.

These things are not theoretical; if I want to use a different Wi-Fi adapter, a new SSD, RAM, a replacement screen, speakers or barrel jack then I can. There are parts available for very reasonable prices as well as the manufacturers' repair manual. It doesn't require solvents or esoteric tools.

Now I use a business notebook with Linux that is worse than the M1 in some respects, but in hindsight I'm willing to give up the battery life and cool runnings for the ability to repair and upgrade (and ports! Ethernet, yay!). Same goes for the phone (I went for a FairPhone).

It isn't as polished, very true. There's some rough edges and it takes a little more work, and yes, sometimes a bit of frustration. But the upside is tangible, it's not some form of feigned nobility.


Wild. I can't imagine that transition. I can't imagine that thought process. It seems goofy to me. It's not just that you abandoned the high-polish, high-usability world of Apple; it's that you also had to bail from high-quality, high-polish hardware from any vendor. I've seen the kinds of laptops you're talking about; they're kind of awful, miles away from the best that Apple or even Dell or Lenovo are bringing to market. But you do you.

Honestly, I suspect you just like having to tinker with your stack to get work done. (I mean, I've been there - I use OrgMode.)

Sure, being able to swap out parts is theoretically nice, but you'll do that maybe once in the useful life of a computer -- but I haven't needed or wanted to do either in easily a decade. How often does this really come up? On the other hand, you'll confront that lack of whole-package QA and general polish every time you turn your computer on.

And I'm really curious about anyone's privacy needs if they abandon APPLE for roll-your-own. Yes, it's all in your hands now, but most people don't have the time or inclination to be sure they're doing all the right things, security-wise and privacy-wise, to stay safe. There's a good chance your DIY approach is less secure than iCloud unless you literally do this sort of thing for a living. I mean, this is why I don't run my own mail server anymore (hello, Fastmail!).

So yeah, I think lots of people say "freedom" when they mean "I just want to tinker with my toolchain a lot and occasionally feel superior about it."


>it's that you also had to bail from high-quality, high-polish hardware from any vendor. I've seen the kinds of laptops you're talking about; they're kind of awful, miles away from the best that Apple or even Dell or Lenovo are bringing to market. But you do you.

I use an HP 830 G5, a high end 13" thin notebook from 2018. It cost me 350 bucks. I sold my M1 for 70% of what I paid, and I can replace this thing for something similar, so it makes financial sense in my case. It's just a platform, I don't really care about the thing itself. It hooks into a thunderbolt dock for a lot of it's life anyway.

>Honestly, I suspect you just like having to tinker with your stack to get work done. (I mean, I've been there - I use OrgMode.)

I run Fedora 37 (35 and 36 upgraded without issue). I'm in the process of building a new house, which requires insane amounts of paperwork and communication as well as document storage and exchange. I need this to be rock solid, running E2EE on a NextCloud VPS in combination with this workstation setup does that for me. It's a little work up front, but it's been smooth sailing ever since setup was done. It just gets out of my way; I don't care about this WM versus that, this display manager, the whole systemd discussion. Everything except the fingerprint scanner just works, no tinkering required.

>Sure, being able to swap out parts is theoretically nice, but you'll do that maybe once in the useful life of a computer -- but I haven't needed or wanted to do either in easily a decade. How often does this really come up?

You can't predict breaking your computer. I managed a pretty large fleet of Macs for a living for about 2 years; build quality is great but they're not infallible. When they do break, you're at the mercy of Apple, and I simply do not have the time to wait for their repairs. With this setup, not only can I upgrade whatever, whenever, but anything that will run Fedora and has a modest amount of local storage can replace it for at least the time being.

Compare that to the situation I was in: Any repairs that I couldn't have DIY'd probably would have cost me at least the total cost of this computer (maybe even twice over) and would have put me out of business for a few days.

>And I'm really curious about anyone's privacy needs if they abandon APPLE for roll-your-own. Yes, it's all in your hands now, but most people don't have the time or inclination to be sure they're doing all the right things, security-wise and privacy-wise, to stay safe.

Sure, but I do. I simply hate surveillance capitalism with a burning passion; I honestly think there is a logical set of steps from that to political division and a worse world to live in. So I don't want any part in it. I must admit that that sounds like philosophical grandstanding, but I promise you it's a sincere belief. It's not so much about privacy from state entities; that's a lost battle in my threat model.

If you're locked into an ecosystem that you cannot easily get out of (and there's a BUNCH of dark patterns Apple applies to try and poke you to stay as well as the obvious loss of software licenses) you're a boiling frog. I see Apple going in a worse direction incentive-wise. Nowadays, I just don't care about where they're going anymore, it's not my problem.


> Linux

Well, that one's not so bad, but is also mostly a commercially-supported endeavor and has been for a long time.

Now, the Linux desktop is a shitshow, sure. It'll remain that way until they can settle on One Windowing & UI Toolkit to Rule Them All, which looks to be happening never and is definitely in part a consequence of so many very basic parts of the GUI being swappable and having tons of competing options. Though the kernel's attitude toward providing stable driver ABIs (or rather, not doing so) isn't helping.


Is it a shit show, though? Things were more rocky two decades ago, but my computing experience with Linux today is unmatched by any other kernel or operating system. Comparatively it feels like the UX of OS X and Windows are the total shitshows.


> as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.

Some of us prefer Android to iOS :) Having used iOS as well, the one thing I miss in Android is Continuity. Other than that, I find Android gives me a better experience. I'm certainly an outlier in many ways though compared to the average user.


My favorite part of android is how security patches go through a multi-tiered trickle-down system of testing to make sure they work with the dozens of custom flavors each manufacturer has so that by the time you get patched it's been in the wild for weeks or months. Oooh, ooh, no that's not my favorite thing, my favorite thing is how each cellular company gets to put their own bloatware on top of the bloatware that each phone manufacturer gets to add to it. Oh wait, maybe it's patch support ending for new phones 3 years after they were released. There is so much to love about how Android turned out it's hard to pick just one thing.


> My favorite part of android is how security patches go through a multi-tiered trickle-down system of testing to make sure they work with the dozens of custom flavors each manufacturer has so that by the time you get patched it's been in the wild for weeks or months.

This is not the reason for security patches taking too long to be released to certain phones; Google has a monthly cadence of releasing security patches and zero-days have rarely (I can't remember a case of that happening but maybe it has happened) missed do you have a source for it?

> Oooh, ooh, no that's not my favorite thing, my favorite thing is how each cellular company gets to put their own bloatware on top of the bloatware that each phone manufacturer gets to add to it.

There are unlocked phones available and honestly this problem is mostly a US problem. Rest of the world isn't in the iron fists of their carriers.

> Oh wait, maybe it's patch support ending for new phones 3 years after they were released.

You can vote with your wallet and choose vendors where this is not the case; Google, Samsung and Recently OnePlus offer 5 years of security updates.


>There are unlocked phones available and honestly this problem is mostly a US problem. Rest of the world isn't in the iron fists of their carriers.

In the rest of the world phones are unlocked in terms of being able to use different SIM cards, but mostly the bloatware is still there and can only be disabled (not removed)


> This is not the reason for security patches taking too long to be released to certain phones; Google has a monthly cadence of releasing security patches and zero-days have rarely (I can't remember a case of that happening but maybe it has happened) missed do you have a source for it?

Yet and still Microsoft solved this problem years ago. Why can’t Google? Hell my 2006 Mac Mini got years of Windows 7 updates after installing Windows on it.


This is interesting, they’ll try to tell you it’s because the cellular modem requires extra testing by the carriers and manufacturers, but windows can support upgrades that don’t affect an add-in card cell modem… so what gives?


> they’ll try to tell you it’s because the cellular modem requires extra testing by the carriers and manufacturers

That's crazy, though. It's not like there isn't a module for that cellular modem, and they don't touch that code for every release.

That's like blocking a Firefox update because the Windows driver for the mouse could be impacted.


Yet Apple is able to send updates worldwide without interference from the carriers and without their “testing”


I'm sure they do the same testing but because they control all the hardware and there are so few models to test on, it makes things much easier. I don't think there's anything in particular about Apple's process that would scale better to the number of devices supported by Android.


You think Apple tests their phones with all 120 carriers with every point release?


I don't, and that's not what I said. My point was that Apple doesn't have to think about testing vendor-specific bloatware every release across a wide range of very different devices.


If they don't; its going to be hell when people can't call 112/911


Yes because I’m sure an update to Safari and messages will cause the dialer not to work without proper testing…


Tbf the pixel phone does have issues making emergency calls, every time they claim to have fixed it we hear another report of an updated phone not being able to connect.


I like having a back button.


Agreed, I tried using an iPhone as my primary device for 3 years and it was so bad compared to a Pixel.


>The Free Software world has had ample opportunity to produce something as carefully assembled, as smooth, and as capable as iOS, and what we got instead was Android.

You mean the same OS that allows you to build your own open mobile OS as opposed to a closed source locked down OS that permits only 1 app store and 1 payment system?

>Suggesting a normal person use something OTHER than iOS at this point is questionable at best.

It's only questionable if you prefer the prison that is iOS.


Richard? Is that you?

I lol'd at "prison that is iOS."


Acceptable security afforded today - through usability - is better than superior security, that could've theoretically been gained, but wasn't, because it was too difficult to set things up.

In particular, reviewing open source code has been repeatedly proven to be way harder of a task, than the proponents of this strategy are painting it to be. If you want an auditable codebase, you pretty much have to throw Linux, Chromium/Firefox, Gnome/KDE all out the window - there's just way too much code.

Auditable code is naturally always preferable to non-auditable, but you need to choose your trade-offs - or at least stop pretending you can read a hundred million lines in your life time.

On top of that - do you know a single non-tech person who knows how to set up a VPS, or knows what Veracrypt is? OTOH I can just show my wife: click here to enable backups.

Let me reframe the problem: What is your threat model? How much effort are you willing to commit to mitigate the dangers?


This is a succinct explanation of the problem. Do we give the vast majority of users extremely easy, frictionless access to very high levels of security and privacy? Or do we give the vast majority of users a fundamentally insecure solution that with lots of learning and configuring and time can be have very very very high levels of security and privacy?

The crazy thing is that apple hardware beats most other hardware, too, at a high price. Better phones, better tablets, better laptops. More secure, more private OS than the popular consumer alternatives (Windows, Android). Arguably much better OS all around, too (at least IMO -- iOS beats even stock Pixel Android at use-ability, MacOS v Windows is like the Harlem Globetrotters playing the Washington Generals.)


> stop pretending you can read a hundred million lines in your life time.

For me, and I assume most others, it's not that we expect to read all the code ourselves. It's that there's a large developer community and security researchers who have access to the code who will collectively read it all. Of course this isn't a guarantee that there are no security flaws, and you still have the pipeline problem of ensuring the binaries you get actually come from the code you think they do. But all else being equal, I think open source provides a significant level of threat mitigation.

Even if you fully trust Apple not to intentionally back door anything, there's far fewer eyeballs on their code. Given that access to source code also has the potential to reveal security holes that may have gone unexploited, there of course a tradeoff here too.


> It's that there's a large developer community and security researchers who have access to the code who will collectively read it all. Of course this isn't a guarantee that there are no security flaws.

Yeah, about that, I'm as much of an Open Source buff as anyone, but:

> Analysis of the source code history of Bash shows the Shellshock bug was introduced on 5 August <<1989>>, and released in Bash version 1.03 on 1 September 1989.

[...]

> The presence of the bug was announced to the public on <<2014-09-24>>, when Bash updates with the fix were ready for distribution, though it took some time for computers to be updated to close the potential security issue.

Especially older Open Source software tends to have maintainers that haven't adopted modern software development practices so we're back to square one, since most of this older software is foundational technology, like Bash.


I'm not sure I understand the concern. I don't think it's at all unlikely that there are such long standing bugs in closed source software that's been around the same amount of time. We might just never hear about it or those bugs might never be found. Of course, I have no proof that's the case, but I'm not convinced that finding longstanding bugs in open source software is evidence of inferior quality (this is what you seem to be implying, but I may be mistaken).


> but I'm not convinced that finding longstanding bugs in open source software is evidence of inferior quality (this is what you seem to be implying, but I may be mistaken).

I'm not implying inferior quality, I'm implying no correlation.

There was a very strong assumption from back in 1999, that "lots of eyes make all bugs shallow", with a focus especially on security.

In reality, there's no correlation.

You need those eyes to actually be looking at stuff proactively, you want automated scans, you want modern software development practices and CI/CD pipelines, you want those eyes to actually be qualified to look at what they're looking correctly, etc.

Just putting stuff out there and assuming "people will look at its insides" is a bad assumption.

Open Source in my experience is not inherently superior from a security perspective to proprietary software.


I think this is less of an issue than you might think - if they're going to decrypt for law enforcement then it will become painfully obvious there's a backdoor literally the first time evidence is brought to a court that shouldn't have been available without a decryption.


But that could be a very long time if they just apply some form of parallel construction to most cases. They aren't going to burn such information on the first low level criminal/CP target they find. Instead they will wait 5 years and then sweep up a bunch of people involved in some criminal "ring".

And the problem with all these services that provide some kind of E2EE encryption and still have a way to push application updates (or run something in your browser), is that they just slip a version on your machine that sends the password to the feds/whoever when you type it in.


> is that they just slip a version on your machine that sends the password to the feds/whoever when you type it in.

Apple has very publicly refused to do this for law enforcement and there's no evidence they have or ever will


Thing is, if law enforcement is patient they can get the data off the actual devices themselves, if they're still alive. Yes, a fully patched iPhone tends to be a fortress of might to anyone other than a nation state willing to burn a few very expensive 0 days, but with almost any phone if you wait a year or two something will inevitably come out that will allow the ol' Cellebrite crowbar a cranny to slip into.


Not to mention employe whistleblowing.


> Their software is not open source.

Notably, the only other serious competitor in the space is also not open source. Sure, you can probably carefully construct a phone from only FOSS, with some compromises of course. But this is unfeasible for regular users, who have for all practical purposes only two choices. And those same users are unlikely to go for alternative replacements for built-in functionality just to reduce their exposure. Convenience wins every time.


my comment was not against someone 100% paranoid using grapheOS and doing their own backups somewhere and trying to figure out how to get a good google maps alternative in open source.

my comment was that against main stream companies apple leads the way, and it's overall great for a consumer.

do you personally expect every piece of open source software? do you run your own email servers, music servers, photo backups, etc.? If not, you somehow trust those companies -- why?


Arguably, the chance of fckup might increase, as now you get the problem of integration which will quickly increase the surface area to n*m.


> 1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

This is an excellent point as to why you shouldn't even bother trying to develop software for apple machines. If it's anywhere near successful apple will just destroy you, after having taken a 30% cut from your revenue for years.


Similar model that Amazon uses.

You pretty much have to be on their store to sell something, which means you give them access to your sales and customers. Which is a concept that is absolutely wild in any normal healthy competitive landscape.

Then they'll monitor and if you manage to actually be successful, 3 months later there's an Amazon Basics version of your product.

It's so incredible to me how these practices get no push-back. There used to be a time where in the case of Windows, people were wondering if its fair that they ship it with a calculator program. Now you can just use your massive platform and extend in every possible direction, seize secondary markets, nobody seems to care.


I think this is the part that is not legal, and which they say the don't do, etc

* Amazon uses third-party seller data to copy the site's most popular products, an antitrust report by the House Judiciary Committee alleged on Wednesday.

* Former Amazon sellers told an antitrust subcommittee the company released new products almost identical to their own and "killed" their sales.

* Amazon has denied accusations of this behavior in the past. "We have a policy against using seller-specific data to aid our private-label business," Amazon CEO Jeff Bezos said in July.

https://www.businessinsider.com/amazon-uses-seller-data-copy...



> There used to be a time where in the case of Windows, people were wondering if its fair that they ship it with a calculator program. Now you can just use your massive platform and extend in every possible direction, seize secondary markets, nobody seems to care.

Windows was artificially crippled by the DoJ ruling and not including a PDF reader by default. I, for one, like it when more is built into the OS by default.


> Then they'll monitor and if you manage to actually be successful, 3 months later there's an Amazon Basics version of your product.

How is this different than Walmart doing the same thing with their house brand? Or a sporting goods store, or any other store for that matter?


You’re comparing security improvements to sherlocking? That’s pure hyperbole.


Well on the optimistic side, they might buy your product or company, which they have done numerous times in the past like with Beats, Shazam, Siri, etc..


Apple will destroy you regardless, they're a megacorp. If the software is good but only on windows they'll just make their own.


ok, i may buy your argument from a perspective of a brand new cloud storage provider that's try to come up online and break into the market, but you're telling me that Dropbox, OneDrive, Box., etc., are all indie developers living in their parent's basements? These companies made a conscious choice not to offer encryption and now got the rug pulled out from under them. steve jobs famously said that this "Storage" is just a feature, not a product, and now they've proved it.

additionally, as far as i can see, those apps all free to download and you can buy their plans outside of the apple ecosystem and thus they get a free ride in the App Store without giving away any cut to apple.


While I am the very first one to fight for allowing side loading on apple devices, didn’t Netherland’s dating services decided in the end to go with Apple’s payment processing even with that cut?


The only software worth developing for Apple machines is FOSS software, and one should not plan to make a living exclusively off it.


[flagged]


Sherlocking is a very old issue. It has nothing to do with what Apple is trying to become now.


I get this sentiment, but where do we draw the line? Shouldn’t OS makers (Apple, Microsoft) add additional apps just because third party developers have done it already?


I would state it as this

"If you buy a phone or general purpose computing device, you have the legal right to choose your app store and applications installed on it seperate from manufacture demands".

The particular problem with Apple is not only duplicate your app, they can underprice it by 30% because they don't self pay their own store tax, and they can kick you out of the only app store for whatever reason they choose to make up that day.


I remember back in the early days of the iPhone, new feature releases would coincide with lots of apps being removed from the app store with the reason "this app duplicates core functionality of iOS."


> If you buy a phone or general purpose computing device

Point of clarity, the devices we are discussing are neither telephones, nor are they general purpose.

They are smartphones, a sort of miniature computer with a bunch of general-purpose sensors, and actuators viz. a screen and a speaker and some haptic feedback. They don't really do much computing per se; we outsourced most of that to The Cloud some 15-odd years ago. These things are just highly capable I/O devices, or clever terminals if you prefer.

And while Android has the PlayStore or whatever they call it this week, one can usually choose to load rogue APKs and one can usually succeed; and things like the Pinephone or Fairphone have been attempted that leave more power (and responsibility) in the hands of the user, but in practice it seems that they simply don't _work_ that well.

I agree with you wholeheartedly; I just think the "if" part is a bit out of sync with reality.


I like this view, though many people aren't just purchasing the phone from Apple, they are purchasing the OS and integration into the Apple ecosystem. Definitely think the user should have the option to pick the app store though


Apple doesn't seem to be in the business of selling software very much. Instead it's mostly used to increase the value of the hardware. The stuff I've seen them incorporate that at one time were apps weren't 30% cheaper when bought from Apple, they were free (i.e., they came with the device).

If they think some third party feature should be part of the core experience, they're going to incorporate it. This is true when building on anyone's platform (e.g., Microsoft, Facebook). Non-core experiences, like domain specific software, are less likely to suffer this fate. It's similar to when MS decided to ship a browser. God help you when the platform you're on decides they want to subsume your features.


> Apple doesn't seem to be in the business of selling software

As sheer hardware revenue growth slowed, they moved their focus to services [0]. That’s also what we’re seeing on their push into more ads for instance, and this new feature goes the same direction: to benefit these encrypted backups you’ll need to sign up for storage. For most people wanting to cover more than one device, they’ll probably end up with the 2Tb plan which is at 10 bucks a month, the bare minimum 50GB being at 1$ a month.

[0] https://www.insiderintelligence.com/content/how-services-bec...


> Apple doesn't seem to be in the business of selling software very much.

This is veritably false, they made $80 billion selling software this year. You might not see the App Store as software revenue, but Apple certainly does.


The context of the text you quoted seems to pretty clearly be about Apple selling their own software, e.g., as a publisher, not as a distributor. This whole branch of the discussion thread is, after all, about whether Apple adding end-to-end encryption for iCloud backups is "sherlocking" other cloud backup providers (spoiler: no).


There's a premium price on Apple products. That premium is arguably paying for the software.


And neither does Spotify or Netflix. They haven’t had in app subscriptions for years.

Amazon seems to be doing well despite Apple Books.


That's exactly the antitrust issue Microsoft ran into isn't it?


Absolutely not.

People who didn't live through that era really don't appreciate a key aspect of it, which was that MSFT OWNED the desktop -- like, 90+% of the market. There were no other real options. For a good chunk of that period, Apple was seriously on the ropes and might not have survived. (Michael Dell famously said it should be sold off and the money returned to the investors.)

Microsoft had deals in place with PC makers so that it was impossible, nearly, to buy a computer without buying a Windows license. BillG specifically told Netscape he planned to "cut off their oxygen supply" by shipping a browser with Windows, and he did this because he was smart enough to see that browser-based software could endanger their control of computing. That was literally illegal.

No one has anything like the control they had back then. The desktop market is still mostly Windows, but Apple got healthy and took a decent chunk back. Now there's also ChromeOS and Linux out there, too -- plus, we have mobile, which is an even BIGGER chunk of the platform market, and it's split between iOS and Android.

So that's at least 6 different software platforms a hypothetical user could pick in 2022, and they're spread over dozens of hardware manufacturers. That's been the norm for so long now that it's easy to forget how little choice we had in 1998.

*ANYWAY* the bigger point is that adding features to your system isn't a problem if you're not acting as a monopolist. Microsoft WAS in the 90s. Nobody has that ability now.


Apple just undercut this by creating an ecosystem which funnels something like 80% of mobile profits in their pockets.

Then they just point at marketshare and say: "we only have 30% worldwide". Yeah, but your stuff is aspirational and the vast majority of Android users have lower disposable income so spend less and many switch to iOS when they have enough money.

It's very sneaky and it's breaking everything down.

Laws just haven't caught up to it.


LOL.

Are you suggesting that a successful business with a small fraction of the overall market be treated like a proven monopolist? That's risible.


Did you really read my comment?

https://www.counterpointresearch.com/global-handset-market-o...

> Apple Captures 75% of Global Handset Market Operating Profit in Q2 2021

At this point everyone competing, including Samsung, are getting close to also-rans.

I felt otherwise a few years back, but Apple's marketshare is actually going up almost universally, as countries develop:

https://www.statista.com/statistics/272698/global-market-sha...

Android is stagnating, if anything despite the free and Open Source operating system and the million models of phones.


Profit is not market share.

They do not control the market, and thus are not subject to -- and should NOT be subject to -- the kinds of restrictions justifiably imposed on actual monopolists.

>Android is stagnating, if anything despite the free and Open Source operating system

I might argue that Android is stagnating BECAUSE it's free/open source, and as such lacks effective leadership.


> Profit is not market share.

No, it's even better.

If a company could have 1 single user and that user could pay them $500bn in perpetuity for a product costing $1, they'd only want that customer.

They want more customers because they can't have that ideal case. First of all nobody would pay that much for such a cheap thing, secondly, nobody lives for ever. So companies expand to make more money (= profit) and to future proof themselves.

Again, as I said, very sneaky from Apple, and I'm arguing it's breaking down existing economic models.

It's basically another run-around at "winning capitalism". Monopolies were one way. This is another one.


I think you misunderstand why monopolies are regulated.

There is AMPLE computing choice today. There is even healthy choice available in mobile alone.

Monopoly regulation is about preventing those with market-controlling power from exploiting that position in unfair ways to the detriment of consumer choice. Microsoft did this when they tried to destroy Netscape by bundling a browser with Windows. There really WASN'T another viable desktop system at the time, and mobile didn't really exist; they owned the market.

Apple is free to improve their offerings in any way they see fit. They are even free to incorporate features into their systems that began life as products from other vendors; this is the normal way of things. If you don't like how Apple is behaving, you are free to shift your desktop to Linux or Windows or ChromeOS, or to migrate to mobile devices running ChromeOS or Android. That's a functioning market.

There's nothing sneaky about openly continuing to improve one's offerings.

HN is really, really bad about ascribing dark motives to every tech company not on the Approved List (which, of course, is constantly changing). Apple is pretty smart. Adding encryption to their backup scheme is one of those scenarios where yes, it's good business, but it's also the right move for customers.


> There is AMPLE computing choice today. There is even healthy choice available in mobile alone.

No, there isn't.

If I want to be a functional human being, not some dork, it's either:

1. iOS (not jailbroken).

2. Android (not rooted).

Everything else is a FOSS hippie pipe dream, to be blunt.

And in economics there aren't just monopolies. There are also oligopolies and cartels.

We will need new laws for software ecosystems, if anyone will be bold enough to write them (they won't, see lobbying).


There are still a lot of companies out there with significant control over their respective markets. Apple, for example, still has a huge control over the mobile device market and is not afraid to use it to their advantage. Companies like Amazon and Google also have significant control over their respective markets, particularly in the technology space.

Seems like we can never relax, always some company waiting for the chance to take over a space. Gotta stay vigilant.


Microsoft had something around 95% of the desktop market share in the 90s. Apple is not anywhere close that. I would agree it's similar in behavior but not intent. Microsoft was terrified of the Internet and applications that could "run anywhere" so they tried to control how people accessed the Internet. Apple is arguably adding these features because it's what their user's want.


> Microsoft was terrified of the Internet and applications that could "run anywhere" so they tried to control how people accessed the Internet

I see reflections of this throughout the history of the iPhone. Apple has always controlled how people access both the internet and even what applications they can install. Every "browser" on iOS is just Safari with a skin for example, because Apple will not allow any other browser engine.


Apple will not allow other browser engines because they are a subset of "programs that run arbitrary code".

Allowing anyone to put their browser engine on iOS through the App Store would open the door to a wide variety of security problems. It would also effectively bypass the App Store, as Google (just as a totally random example) could release their own iOS "browser" that's actually their own platform for apps that they sell. Not to mention inserting their own ads into anything people browsed on it. And tracking literally every single tap and text entry that people do in that browser, including bank passwords, credit card info, etc.

On a platform like the Mac, that doesn't matter very much, because it's small enough that basically no one would bother.

On iOS? If you could get 0.0001¢ per website visit from even 1% of iOS users, that would be a money-printing machine.


> Apple is arguably adding these features because it's what their user's want.

Apple would certainly argue that, yes. Foremost though, they're adding it because it's what Apple wants, and conveniently converges with the desire of the user.


Why do people act like what happened in the MS anti trust case is lost to the annals of history? Absolutely nothing came of the bundling IE with Windows in the US. There was never a time that IE was not bundled with Windows because of the lawsuit and there was no browser choice mandate in the US.


Spotify is pretty successful and yet, Apple went in direct competition with them, using APIs that only Apple gets to use in their Music app (like integration with Siri).


You can change the default music app for siri since ios 14

https://www.macrumors.com/how-to/set-preferred-music-streami...


In the car today I asked Siri to play me a particular song (I have had Spotify defaulted for a while), it helpfully signed me up for a 7 day preview of Apple Music Voice and started playing it there! Where's the FTC? Is Apple too big to fail?


“Play X song on Spotify” also works.


And yet I still can't change the default music app that opens on macOS when I hit the media keys!


You can easily map your own macros....


Or use Linux, the highly advanced MPRIS protocol is capable of tracking multiple media applications and presenting their playback controls. It's like space-age tech!


macOS does the same... The only difference is when you don't have a player open at all.


In recent versions, the "default" is just whatever last played media—if you were watching a YouTube video yesterday, and the tab is still open, pressing the play/pause key will start it playing again. There's even a little menu bar widget (it's called the Now Playing menu, and you can find it under Control Center in the system settings) that shows all the instances of actively- or recently-playing media the system knows about. Whatever is on top (IIRC) is what will automatically be controlled by the media keys.


iTunes Store predates Spotify by 3 years and the idea of a subscription model was hardly unique to them.

Also Spotify has access to all of the APIs it needs. It just refuses to use them.



Correction: I meant integration between Shazam (which can be invoked by Siri) and the Apple Music app.


> They're giving you 2TB+ of space

I think you and I have vastly different ideas about what "giving" means.

I get 5GB of iCloud storage, unless I pay them £6.99/month for 2TB. No idea what the rate is over 2TB.

Have I missed a trick to getting this 2TB+?

(I have 7 Apple devices in my possession and have owned a further 2 that I've passed on to my kids; given the premium I paid for those I almost expect that I should get 5GB PER DEVICE, but of course that's fairly unreasonable in reality)


You can't even get over 2TB unless you subscribe to Apple One and even then you only get another 2TB. Pretty useless as a large scale backup service if the maximum you can ever pay them for is 4TB.


Per user. I know you would probably like to backup your linux isos to icloud but besides that the 4tb per account/user is pretty much all one would need. This is for personal use, not business ;)


Been seeing a lot more of these snarky sort of comments on HN as of late, and its not encouraging. Can we keep it civil without making light jabs at others preferences or tech needs?


Oh come on, that's over-sensitive. The person made a lightweight remark, complete with wink at its conclusion. It was on topic and conveyed information.

Your reaction is derailment because you grabbed the wheel and steered the topic down a road about you and your expectations of discussion standards.

Part of respectable human interaction includes humorous, short and sharp casual responses on occasion. In this case, the post was replying to someone who called Apple's storage limit "pretty useless"... so we're well and truly in the fun zone of casual conversation. Not sure what you're seeking, the equivalent of a formal meeting with diplomats and official representatives?


Except the previous comment had no level of snark involved. You clipping out the "pretty useless" from the context is also misleading. You turn to hyperbole and end of your reply insinuating that I'm expecting some sort of formal discourse. I'm commenting on the "linux distros" portion and the which makes it sound more like a cheap karma harvesting reddit post.

Just imagine if more people made these sorts of quips out of the blue and how crap it would make the forum over time?


> "linux distros"

I wasn't aware linux distros would push the limits of 4TB cloud storage, so for me it was micro-informative. I also wasn't insinuating, I was asking you directly how much formality you want in online tech discussions.

All good. I don't want to drown in cheap karma-harvesting reddit posts either, but I don't see that happening here.

When "snark" is measured like spice in cooking, it adds flavour. I'm not suggesting popping the lid and dumping a jar of snark in the broth!


"linux isos" in the context of storing lots of data is a reference to pirated movies/tv shows/etc.


What? Nobody mentioned "isos".


Except the previous comment had no level of snark involved. You clipping out the "pretty useless" from the context is also misleading.

You then add on hyperbole to end of your reply that I'm expecting some sort of formal discourse. I'm commenting on the "linux distros", which seems irrelevant. Putting a ;)


Are you sure this is correct? Apple One seems to suggest I’ll stay on the same 2TB plan I’m currently on.


Yes, it's 2TB per user AFAIK.


Unless something has recently changed, Apple One gives you either 200GB or 2TB to share in a family group. It’s not per user. Each user can purchase an iCloud+ plan on top of the shared iCloud storage included in Apple One.


Of course you are correct, Apple is not giving that storage away.

They do make a family plan for Apple Plus ($30/month) fairly compelling: 2TB per family member, Apple TV both has some good original content as well as serving as a quick index into most other stream services, the Arcade Games are fun enough, Fitness+ is something I use about 90 minutes a week, and Apple Music. That is a lot of “stuff.”

Then there are some things that Apple gives away for free. Their podcast app is free and lets you subscribe to a lot of interesting stuff that I might otherwise subscribe to Spotify for. Handoff saves me about 5 minutes a day. Anyway, I don’t much like the walled garden aspect of Apple, but for value and convenience they must be difficult to compete against.


The storage is not pr family member. It's 2 TB shared between members.


sorry, yes, i meant it that you can can now purchase 2TB of stand alone E2E storage from apple for 9$/mo, or get it as part of iCloud+. "giving" was a poor word and should have been "available".


> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river

Ok, come on. What apple’s done here is great, and I personally use an iPhone, but you couldn’t think of a good reason to use anything else? An open-source OS?


The GNU/linux distros (in contrast to android) available for mobile phones are so far from usable, it is not funny. Android is a viable choice, but only if it doesn’t come with all the shit from the vendo/Google, which gives you effectively.. a pixel phone with GrapheneOS? Not too much of a choice, especially if you would like to filter based on hardware as well (where apple is just laughably ahead, iphones are ~2 generations ahead in raw performance)


I don't bring this up to start an argument, only because someone reading might look at this comment and assume they can't use a DeGoogled ROM for their phone unless it's a mainline Google flagship -- but LineageOS maintains a list of fairly lengthy list of supported devices, so if you want to use something other than your phone's stock ROM, you should definitely check to see if it's supported, it very well might be.

I also encourage people to check if their devices are supported by LineageOS when they run past their support period, it can be a good way to keep getting security updates past official support windows.

https://wiki.lineageos.org/devices/


Good point, though pay very close attention for which device you have, some vendors (e.g. Sony) will wipe their camera’s fancy firmware or pull similar shenanigans. That way the tradeoff may very well not be worth it.


Yep, thanks for bringing that up. I should have mentioned that.

The forums should list some caveats for the device if they exist, but don't assume just because it shows up on the list that everything will work perfectly out of the box -- double check to see if there are any downsides.

Also, I should bring up that LineageOS comes in two variants: one without Google services and one with Google services. If you want to actually de-Google your phone, check to see that you are not going to run into problems with the apps you use.

Occasionally I see people who don't realize how deep Google services can go on Android, which in some ways gets back to your argument about how "open" Android really is. So it's just good to make sure that your stuff will all work afterwards if you're planning to go down that route.


Any phone that doesn't trust the user to install software shouldn't be called "consumer centric".


You cannot match the features or usability of iOS with anything open-source. Full stop. It's not even a comparison.

Sure, if you're so laser-focused on privacy that you want some obscure phone which will do nothing aside from text, call, and send Signal messages, go buy the weirdest one you can find. otherwise you won't be finding anything remotely enjoyable if it's not iOS or a major android flagship. And out of those options, only one respects the user's privacy and security.


Apple has a lot of things going for it, but let's not pretend they're perfect and anyone who doesn't use their products is unreasonable.

iOS still doesn't allow you to sideload without shenanigans (requiring your to not only have a Mac, but also have it resign any custom apps every week is beyond unreasonable). Some people don't care about that, but I do and not being able to do so is 100% a dealbreaker for me.

Not using Apple because you disagree with their decisions does not make one intentionally "going out of their way to swim up river." It just makes one a normal person who doesn't want to use, what it to them, an inferior product.

> the don't care to scan your pictures with AI 20 different ways

This is especially ironic as another post on the HN front-page today is about Apple giving up on their plan to scan iCloud photos for CSAN after months of pushback.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

This is a little hyperbolic. E2EE backups are fantastic; Apple seriously deserves a ton of praise for this. And iPhones have been getting a ton of security/privacy features that I really love, I am not going to dismiss their contributions to privacy. And while I wish some of their services like the Apple VPN/masked emails were better done, they are still fantastic features that I encourage iPhone users to enable, and that I am thrilled to see rolled out to a mass audience.

Alongside that praise, I am though going to point out that the adblocking on the iPhone is sub-par[0] because mobile Safari lacks Firefox's extension APIs, and I'll point out that their app store model blocks some privacy apps like Newpipe, which forces people into using more invasive alternatives that require stricter privacy controls. I'll point out that it is harder in some ways to get away from the default tracking that happens in Apple's apps than it is to root an Android phone and disable/swap Google services.

Threat model and personal expertise matters here; I like a lot of what iPhone do, but I also dislike a lot of what they do. Personally, I feel more confident in my ability to secure a rooted Android device than I do to secure an iPhone against the majority of privacy attacks I'm worried about. That doesn't mean that iPhones aren't the correct choice for a lot of people. I feel much less confident in a family member's ability to secure an Android phone if I can't give them advice or help them through the process.

And all of this is ignoring that privacy is one aspect of consumer freedom and rights. I think we can praise Apple for what is objectively a great move for privacy without being this over-the-top.

----

[0] Before someone complains, I'm not saying that iPhones don't have adblocking. They do have adblocking and I encourage you to use it, it's great. But that adblocking is objectively not as powerful or comprehensive as it would be to use a tool like Ublock Origin.


“I don’t like tracking. But I’m okay with a third party ad blocker intercepting all of my traffic”


I think this might be the single strangest objection to using an adblocker I have ever heard. Are you implying that installing uBlock Origin in a browser raises your risk of being tracked online?

I don't think I've ever seen someone make the argument that Gorhill should be trusted less than the advertising industry, that's a new one for me.


Well seeing there is a proven alternative method with iOS that allows ad blocking without the extension being able to intercept your browsing history, you don’t have to make that choice.


I already explained this in my parent comment, but the Safari APIs for adblocking are factually, objectively less effective at blocking trackers than uBlock Origin is. It's not a matter of opinion, there are things that uBlock Origin can do that Safari adblockers can't do.

People get really offended when I bring this up. I'm not saying that Safari adblocking is useless (you should use an adblocker with Safari, and there are devs doing excellent work to get around Apple's limitations, I have a lot of respect for them), but you are making a tradeoff for that sandboxing/permissions in the form of a less effective adblocker. This isn't just me saying this, if you talk to people writing iOS adblockers, they will tell you the same thing.

If you are so scared of Gorhill that you need to make sure he isn't tracking you, then sure, make that tradeoff. Or more realistically, if there are other privacy features on iOS that you care about more than adblocking, then make that tradeoff. But it's not just silly to pretend that the browsers are equivalent, they aren't.

And it's even sillier to pretend that an Open Source standard in adblocking should be rated higher on someone's threat model than the actual websites that are tracking you when you use a browser.

Once again, it's OK for people to like iOS or to point out that it has some excellent privacy features that make it a good choice for privacy-conscious consumers. And I'll give Apple praise that on iOS, the default browser supports an adblocker at all -- it doesn't require you to install a separate browser to get access to one. But we don't need to get hyperbolic and start arguing that Apple is somehow leading the pack on literally every single privacy issue; they aren't. It's OK to say, "in this specific issue, it isn't possible on iOS to get the same anti-tracking behavior that we could get on Android or on a desktop PC/Mac."


What exactly can’t you block with iOS ad blocker that you can block with just 1Blocker’s “give json to safari” blocker

Did you personally vet the open source code? Did you compile it from scratch and install it on your phone or are you trusting it’s the same code?


> What exactly can’t you block with iOS ad blocker that you can block with just 1Blocker’s “give json to safari” blocker

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

This is specifically looking at (pre-manifest-V3) Chrome, so there are some other differences with Safari, but CNAME uncloaking is the most obvious example.

See also some of the previous comments I've made about this in the past (https://news.ycombinator.com/item?id=23622206). A few of these details might have changed (I vaguely think I remember Apple raising the rule limit), but I think the fundamentals are all still true.

> Did you personally vet the open source code? Did you compile it from scratch and install it on your phone or are you trusting it’s the same code?

I have read through parts of uBlock Origin's code, yes, but ultimately I'm trusting the broader Open Source community to say it doesn't have holes in it. And yes, I'm trusting Mozilla's vetting process for its "trusted extension" category. I think that's a reasonable thing for most people to do.

Of course, I could compile the extension myself, but I think to a certain degree that would be security theater.

----

Again, just really surprising to see an argument that boils down to "this Open Source application might potentially spy on me, and that's a greater danger than the websites that I know are actively spying on me right now." If Safari adblocking is good enough for you and your threat models, great. You don't need to justify that by pretending that uBlock Origin is insecure.

I will note, by the by, that Safari's limitations mean that (at least on desktop) the top-rated adblockers like AdGuard have shifted to running as external applications separate from the browser (https://adguard.com/en/welcome.html). This is not a dig at AdGuard, I think the AdGuard devs (as of last time I checked) are doing really great work. But if you're worried about sandboxing, running a desktop app is a lot more invasive than running a browser extension. I don't know if there are ways to do the same circumvention on iOS, so it's possible that AdGuard devs are staying in the browser sandbox there; I'd need to double-check.

Of course, you can use apps like AdGuard as pure extensions in their more limited form (I don't recommend a specific iOS app, but unless something has changed since the last time I checked, AdGuard is a solid choice) -- but you will get a more limited adblocker as a result. The performance might be good enough for you, and that's fine. But it's still correct to say that it will be more limited.

----

I will also add to this just to preempt anyone arguing otherwise that I am not saying that browser extensions shouldn't have better sandboxing. They should, extension sandboxing is awful and it needs to improve. What I am saying is that the specific sandboxing model that Safari uses (and that Chrome is moving towards) for adblocking limits their effectiveness.


I trust gorhill and by extension uBlock INFINITELY more than I trust Apple.


They mine your data as long as it can be converted into a marketable product for them. The most recent example was this: https://9to5mac.com/2022/11/21/ios-privacy-concerns-deepen/

Maybe images/photos isn't something they want to expand at this moment in time but let's not get ahead of ourselves.


They might mine your data BEFORE it leaves your device. Thanks to the new A chips, Apple can definitely do that.


This. Technically the iphone can process images locally. Photos app shows what is in the picture (faces, pets, food) and can do ocr on text in screenshots and photos. This is a very real possibility to outsource the processing to your device.


The camera itself does software processing and you can't encrypt the light. It detects faces even before you click the shutter for capture. There is no way to keep the device itself from ever knowing what it was looking at. Something that sensitive is something you don't photograph.


we agree I believe. I am saying that technically the device gets thst information on-device, and could send it. Idk if that is the case, but it is possible.

Edit:The ocr and face recognition on the iphone is definitely more advanced than usual, thanks to the custom hardware on device.


I mean, if you can’t trust the very OS that handles your encrypted data, then you are lost either way, so that argument doesn’t make sense. It is similar security LARPing then hardware kill switches.


* They have tons of your data anyway, lots of which is more valuable for advertising than backup of your photos.

* They are more and more into advertising business https://news.ycombinator.com/item?id=32520894

* Their executives admit that they want you and your family locked into their ecosystem (leaked emails).

Sorry, but advocating for them seems like very bad idea. Google was cool, pro-customer company once too. Until they had position to not be anymore. Open standards, without any vendor lock are only reasonable way.


>>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Well for your use case maybe, but I do not find the value of trading privacy for freedom to be a good one, specifically since I can secure my data other ways including not storing it at all on my phone.

My phone is a tool, and I prefer to own and control completely that tool


What phone do you own and control completely? I was under the impression that every phone capable of being a phone contains BLOBs that you have no control over.


Not to mention a veritable panoply of chips that you could probably spend a lifetime on trying to prove correct and not malware'd, assuming you could even get the schematics, etc.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

This comment is made every time Apple makes one step forward but it's apparently easy to forget that Apple also took ten steps back.

I'm using LineageOS + MicroG happily and there are other alternatives that don't buy into any of these big corporate monoliths.

I'm not swimming up river but you are carrying water for a multi-trillion dollar behemoth.

Apple is hella late to the game encrypting data and you better bet there's a backdoor to getting that data if an FBI request comes in.


How did they take ten steps back?


Can I use AppleTV+ without them tracking what programs I'm watching? Can I get them to stop showing me an ad in front of each program? Can I use Apple Music without them tracking the music I listen to? Can I use the App store without them tracking what apps I browse and download? Can I remove the ads from the App Store? Can I remove the ads for Apple Music from my iPhone?

> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

Except they only control 50% of the smartphone market and 15% of the PC market. So there is still a large market they're not covering


> Can I use AppleTV+ without them tracking what programs I'm watching?

Can I buy something from my local supermarket without them knowing what I bought? Can I create an EC2 instance on AWS without Amazon knowing who created the instance?

I don't like a super powered monopolistic company as much as the next guy and I totally agree that ads situation in App Store is not a straight business but come on.

Some people want to use their computer completely privately and that's totally fine, but when you are using a cloud service, they probably will know how you use it. What they do with that data and how they handle it on the other hand is of importance. The problem with the whole tracking fiasco starts when the provider sells your data or "access", collected using dark patterns for example to others.


  Can I buy something from my local supermarket without them knowing what I bought?
That is stupid, yes you can easily if you don't use their fidelity card and eventually that you use cash!


I interpreted GP's comment to be more about how it's inevitable that businesses track consumer patterns, because after all it's directly their data. Who bought it is usually irrelevant.

That still leaves the purchase data freely available, and if you purchase the same kinds of items regularly you can probably build a profile. The purchase data itself is still valuable and still tracked.


I don’t know about you but when I go to our local supermarket and use cash to buy a beer, the person behind the register kinda sees me and recognizes what I picked. They even happen to know my name as they live in the neighborhood. Do you cover your face when you shop? Because this is the scenario I was talking about.


A bit of a tangent here, but how did you make the quoted text appear differently?

Tell me your secrets! :P


Ah ah, took me a few years before discovering this fine trick.

  You just have to let two empty spaces in front of a sentence. Not less, not more, just 2.


Apple doesn’t control ads shown on TV outside of Apple TV+.

How will they do recommendations if they don’t keep track of what you listen to? How will they do recently played lists?

How will they know if they should send notifications to your phone for your apps if they don’t have a record of what apps you have installed? All notifications are bundled together and sent from their servers to save battery life.


So two words I can't find in this thread are "lawful intercept". If a judge comes down on Apple and says they are required to produce your private content, is Apple going to throw up its hands and say, "Nope, it's e2e encrypted." No, they will not. They will either run something on your device to scan it, or they will exfiltrate your encryption key, because at the end of the day they own your device. Maybe this makes it harder for man-in-the-middle attacks or whatever, but if someone with the right amount of power cares, your data isn't secure.


Fun fact, they can’t exfiltrate the key because it’s burned into the secure element coprocessor and unreadable by software.


so that means if your iphone breaks or gets stolen the data is lost? I guess they would have to enable exporting the encryption key to users to make the backup useful in these cases.


Would you please like to give us some URLs that explain this for people not deeply into Apple hardware - thank you very much!


How do we know this, exactly? Is it open hardware? Have anyone audited it?


Give me open source dev tools for the iPhone and I'll jump.

While it is a closed garden, I'll begrudgingly accept it can be marginally better in some fields than other options, but Apple tries very hard to be a proprietary island in a world that has switched to free software.


That really isn’t true when it comes to phones, though.


The world of phones is based on free software. Android is based on the Linux kernel and AOSP - iOS is based on XNU, which is a combination of GNU implementations and BSD patches.


The fundamental iCloud product itself however is subpar and until that is dealt with, it won't be that huge.

Few examples: Still can't keep photos on iCloud and delete thumbs on the phone. A real issue my old iPhone had insufficient space and I had to move to OneDrive. Support for other operating systems is lacklustre. One of the core benefits of cloud is accessing your files anywhere when you need them, not possible unless you're lucky enough to find yourself on a Mac at that moment.


This is the biggest gotcha that causes people to lose data every day. They try to free up space on their phone only to unwittingly permanently delete photos.

The other really annoying thing is you pay $3/m for 200gb or $10/m for 2tb… there’s no middle ground, I’d like to pay $4 for 500gb or $6 for a tb.


> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

What if it's for somebody that wants to play Fortnite on their phone?


I don't want to be offensive but this comment really feels like an intelligently-made shitpost. Or maybe I hope it is, and I hope OP doesn't have as much devotion to any company as they are displaying through this comment.


Apple offers hi res audio, but most cant and wont take advantage of it. Why? because most users of apple music use AirPods, and apple claims lossless wireless audio is not possible (despite the existence of LDAC). Therefore, you are streaming hi res audio to your phone only to downscale it when listening via your headset. Only people who really benefit are carriers, who can rate limit your data.

https://support.apple.com/en-us/HT212183#:~:text=Can%20I%20l....


"most can't and won't take advantage" of it is a broad statement. i would think there are a lot more DAC/lighting adapters and analog headphones in the world than there are of AirPods, anyone that wants to listen to CD (16/44) quality can probably do so for free or a few $ already. my home "hi-fi" now consists of an old iPhone 8+ hooked up to a DAC piped into my receiver utilizing 24/96 setting from iTunes, no longer need for Tidal or Qobuz.


This is true for wired headphones, definitely. My statement was broad, but was aimed at wireless headphones, apologies for the confusion


With high enough “resolution” does it really matter? (Don’t trying to start a fight, genuinely curious as I’m not too well versed in audio)

We don’t cry over bitmaps vs vector graphics in most contexts, especially that the hardware is trivially limited. It’s probably a bit more nuanced with speakers, but I imagine that they also have very real limits on distinguishable outputs for a given input, even if it is not as trivial to see as in the case of a w*h pixel grid of depth n.


Short answer, no.

It might be possible that with very ($1000+) high end headphones about 5% of people could tell a difference, but even that is questionable. I have done many blind A/B tests with my $500+ headphone setup and no one has ever been able to accurately tell the difference repeatedly. There is absolutely no way that someone would be able to discern the sound difference between 320 and lossless on an AirPod-quality speaker.

I’m not sure about large speakers however. I assume that it’s equally difficult to tell any difference, and I couldn’t when I tested my setup. However, I have listened to some incredible $4000+ speakers before, and at that level I wouldn’t be surprised if differences emerged.

There’s so much snake oil in audio and placebo can effect sonic perception so heavily that it’s nearly impossible to find anything objective. There’s also a lot in the chain - the DAC, the AMP, room acoustics… that will effect the sound, sometimes substantially - let alone the speakers and the actual source.

While microphones obviously exist, you can’t measure sound the same way that you can measure the nits and white point of a monitor - it’s far more intangible.


There is a significant difference in quality between my Slim Buds with LDAC support and my One Plus Buds without it.


It does to some - I recently rediscovered my love of CD's and was surprised to find they sounded much better than I remembered - I am currently in the process of upgrading my music to CD quality and higher, and was equally surprised to find that Apple doesnt support a hi-res codec for their wireless headphones, even though they offer hi-res music. For me, it makes their $549 (!!!) AirPod Max product extremely confusing, laughable even.

So yes, I think mp3/aac to CD, the change is very noticable. CD to HD (24bit), not so much


Using lossless audio with AirPods is still preferable. Rather than re-encoding a lossy stream with another lossy codec, you only encode it once. Is it minor? Yeah. Can I actually hear it on AirPods? No. But it's not entirely moot.


This is true. It's better than nothing, but the price they are asking for ($549) for a top tier headset that CANT do hi-res audio is offensive if you know what you are looking for.


> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

Cross platform support is always a problem though. And frankly I don't buy the "like they did to the hi-res music industry"-- Spotify is still king here.


> 1) they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

This is not something to celebrate IMO, Apple keeps doing this and then pushing out the 3rd party options either by pure positioning and bankruptcy or by app store policy.

The result is no choice, no competition, and over time a worse product due to absence of market forces ... beyond the high resistance threshold of getting bad enough for a user to flip the table and exit the entire iOS ecosystem they've invested in - this is the danger of 100% vertical integration.


As far as I can tell from Google Searches, Google already offers end-to-end encrypted backups for Android, from 2018.

https://security.googleblog.com/2018/10/google-and-android-h...

Google Workspace also apparently supports client-side encryption/decryption.

https://support.google.com/docs/answer/10519333?hl=en


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Count me in amongst the salmon then.


That was a bombastic final sentence. I'm going to assume you're ignoring third party Android ROMs like Graphene, Calyx, Divest, etc.? And all of the excellent open source projects that substitute Google's stuff?


i'm speaking from the perspective of the mass consumer and thus am comparing them to other mass consumer product companies.

what you're describing is not the norm and those options should always be available, but the effort to value is simply not there to large portions of the mobile users.


Okay, that's fair.


> the don't care to scan your pictures with AI 20 different ways

They actually systematically scan photos and declare people to the police if IA determines it looks wrong.

With Apple, you’re at risk of losing your business just like with any other company who wants your data. Apple didn’t solve the “An offline account is better than a Cloud account” problem.


> They actually systematically scan photos and declare people to the police if IA determines it looks wrong.

Apple was developing this technology, but they dropped their plans.

[0] https://www.theverge.com/2022/12/7/23498588/apple-csam-iclou...


temporarily, due to public outcry from many groups


>They actually systematically scan photos and declare people to the police if IA determines it looks wrong.

Obviously the commenter is talking about the new E2EE plan. No way to scan it then, under they do it on device, which they also walked away from.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

That's an awfully bold statement! I'm quite happy in the Microsoft ecosystem for OneDrive, etc, and I'm not reading this and jumping to Apple. I'm not sure if most people care about these claims, and the people who are very security aware probably don't believe them.


...You believe them? After PRISM and all the things revealed in the last decade and half?

They DO want people's data, and they DO hoard it. If they didn't, they would share the source code with the community.


That’s a non sequitur. Also, there is no reliable way to check whether a given source code is the actually deployed version, neither on servers, nor local devices.


>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river

Fanboyism is expected, but this kind of statement is always bizzare to me. I run an aosp build with no Google software. How can a closed, proprietary system which pinky swears they will not do nasty stuff with your phone possibly be better than that?


> they just ate every other 3rd party "secure" backup services lunch just like they did to the Hi-Res music industry.

... so, they... didn't? Plenty of those services, including Tidal, probably the most prominent one, still exist.

> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

This is the top comment in this thread right now, and I'm guessing it's because the readers of Hacker News value satire. If Apple's ecosystem is so bewilderingly excellent that nobody in their right mind would choose anything else, why did Apple start offering a bunch of their services, like Apple Music and Apple TV, on other hardware ecosystems?


> They're giving you 2TB+ of space

No they don’t. They sell it to you


I genuinely do not understand why you say other backup solutions aren't secure. Do you have anything to back that up?

re: point 3 - they really TRIED to scan all your data with your CSAM tool but got too much pushback. They are only doing this now because they are dropping CSAM and trying to garner public favor.


> They're not Google

No, google has had encrypted android backups for years.


so did apple, you could encrypt through iTunes for decade, and if you're that paranoid about encrypted backups i would trust an off-line encrypted backup more than i would an encrypted backup in google's cloud.


> they just ate every other 3rd party "secure" backup services lunch...

Really? Isn't this the same Apple that told the FBI that they could get access to a suspect's data from their iCloud account. And the same Apple that was part of the US government's PRISM program to sell user data to the NSA? What makes you think people happy with competing services will jump to them blindly?

> They're not Goodle/FB/Amazon.

They are exactly like them. All of them claimed they care about user privacy, before massively collecting the private data of their users and then exploiting it.

> ... reliable, secure, private service ...

Reliable, sure. "Secure" is debatable when the keys are stored on the iDevices that only Apple can access any time. "Private" is laughable when every Apple product now comes with a disclaimer / popup permission informing that they will use your data to enhance personalised ads served to you by their ad platform.


Maybe. But has this been audited? Are there backdoors, perhaps in the hardware?

I thought just a couple of months ago they wanted to scan everyone's phones for illegal content.


So that they are legally saved from “storing child porn on their servers”. They explicitly wanted that feature so that they can freely upload user content, fully encrypted, without worrying about that - it was just grossly miscommunicated.


>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river

sideloading is a deal breaker for me, so I'd rather stay out of the walled garden on my Android


This sounds a bit exaggerated. Until they don’t offer a Dropbox-like folder sync on desktop (Linux and Windows), I’ll keep my Tresorit subscription


> just pay them money for their service and transactionally they give you only thing that you want in return -- reliable, secure, private service.

In every country they operate in? Especially those run by dictators, autocrats and wannabe dictators/autocrats?

If not would their next Ad or Speech on humanity, morals, rights, privacy and other virtue signalling include a disclaimer that those are not available in such countries?

I'm baffled that the information security requirement has reduced from zero-trust to trust the shiny hardware maker because 'they say so'.

> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

I'd happily swim (or) drown trying instead of blindly trusting privacy claims of a Child labor exploiting, Union Busting, Virtue Signalling insanely hypocritical ultra-mega corporation.


> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Did Apple ever implement the ability to run software without first phoning home and asking for permission? The last time I checked they had not followed through on their promise to do so.

https://www.howtogeek.com/701176/does-apple-track-every-mac-...

https://mjtsai.com/blog/2022/06/16/apple-reneged-on-ocsp-pri...


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

This kind of thinking is a lot more dangerous than OEMs not giving us better privacy and data protection.


> anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

in financial circles, an immediate thought would also be "is such a person short AAPL?".


> they don't want to mine your data, they don't want to know what you store on there, the don't care to scan your pictures with AI 20 different ways, they don't want to monetize it, etc, etc...

What's stopping them from doing this scanning at acquisition or access by the user? We already see Google running models on your phone for things like Magic Eraser.

All Apple has really announced here is that if you're using Apple Apps and Services then they're the only ones who can mine your data. This pivots nightly into their Ad Services.


> They don't want your data. They're not Goodle/FB/Amazon. They're giving you 2TB+ of space and you can encrypt it to the point that you'll lose your data and they don't care -- they don't want to mine your data

Their devices are still sending a bunch of telemetry. They're still in the ads business

Not saying that this recent move is bad, it's good to see. But at the same time, I'd rather manage and encrypt my own files on my own dfs than get trapped in the walled garden


He's very excited to get something android has had for a decade now


>"seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river."

Not sure how common is my attitude but I do not give a flying fuck about what Apple does. I keep my own backups (been doing it since the 80s). Today's Apple to me looks like a money company that makes some hardware by accident.

and in general, the less I attached / depend on a single company for anything significant, the better I feel.


Apple wants your data as much as other companies, except they don't want this _specific_ data.

Otherwise apple likes to track your moves in the areas they do advertising on as much as everyone else.


> They don't want your data. They're not Google/FB/Amazon. (…)

Note that they still want some data, especially given the recent increase in advertising activity.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

If there's anything I learned about any offers made from big tech, I would never trust any of them until proven for long-term usage for half a decade at bare minimum.

3-2-1 strategy is still a proven method for decades and will still be over any cloud services out there, including iCloud's.


> don't care to scan your pictures with AI 20 different ways

wouldn't be photos scanned on the iphone? - not sure if it's all local or goes to the mothership


Very few people I know who choose Spotify vs Apple Music or iCloud vs Google Photos know anything about hi-res music or E2E encryption

Outside tech people I know at least


Hi-res music isn't important, but E2EE is.

It's fine that very few people care Apple is very good at attracting customers without it anyway, so it's not the classical situation where we, tech people should feel sorry that non-tech people "just don't get it" and don't use Apple services.

And lastly, if indeed no customers care, then that speaks for even bigger respect toward the individuals working at Apple who pushed for this and made it happen. (But I think Apple believes this will be a good business decision, not altruism.)


Yeah, and this also shows that the future is not necessarily all decentralized/run by crypto punks in basements. There is an elegant way we can move to a safer, more reliable Internet all while using the current stack that might be hyper-centralized, but has proven to be the most cost-effective and reliable way to do things.


You’re calling out FB here but they’re one of the few to have rolled out similar backup encryption for WhatsApp messages and that was quite a while ago at this point.

I think FB really wants data about your behavior but based on what they’re been doing with chat security I don’t get a sense they want to or need be able to read through peoples chat history to get that.


You must know it's impossible: their servers, their data. Your server, your data. Their fiber cable, their data, your RJ45, your data.

Whatever they say and do, they'll eventually revert to that simple logic when it matters.

If you want to unload photos out of your devices with assurance no one's gonna look, buy a NAS and dont connect it to the internet.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Probably. Android is getting locked down with remote attestation anyways. There's no point to it anymore, might as well choose the better tended walled garden.


So up until now the government have had access to all your data because of the backups. This renders the e2e encryption on their different messaging platforms useless. Kind of a joke:"your convo can't be read because it is e2e encrypted, bit when we backup, we can read it".


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

I genuinely refuse to believe a real human wrote that sentence, there's just no way, right?


What about something like proton mail? They also have encrypted drive I believe but I'm not sure.


> They don't want your data.

What's the truth though? Are they able to coordinate with law enforcement if needed or not? I find it hard to believe there's no government agency paying attention to iMessage of criminals. Am I mistaken?


iMessage is SMS no? That's already unencrypted.


iMessage is not SMS.


Yeah but it’s still basically the great philosophical question of the douche or the turd sandwich.

With everything that has happened with Apple since Job’s death, my trust has been eroded so much that yeah I still use Apple but they are the turd sandwich at the end of the day. I trust Google a percent or two less.

I like that they are doing with this E2E encryption. It protects against hackers better. It doesn’t protect against Apple though… they will still continue to sell the analytics on you. Which is fine if you don’t care.


And yet, Apple won't let you install your own software onto the iPhone. The koolaid is strong with this one.


I like their products but man, its embarrassing how some people get on their knees for apple.


Just remember: Apple are delivering the software to do end-to-end cryptography.


>BUT, perhaps the BIGGEST news here is that Apple is making a backup statement to what they've been saying for years and what they've recently gotten negative attention on: They don't want your data.

If they don't want their user's data then why are they running an ad business?


I want a 'Dead-Man's Switch' option on top of this. Period.


They still need a credit card or other KYC payment. Can't use paid iCloud.


> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

This does not in any way make me want to switch back from GrapheneOS.


> They're giving you 2TB+ of space

Where are you seeing this?


Seriously. Your data is probably going to be mined on-device. Would make way more sense to further screw you by using your resources to mine you while you sleep.


You're beyond help, bro.


Jesus, the Apple fanboys truly are a different breed. E2E encrypted backups are nice, great even, but the rest of your post and especially the last paragraph are cringe worthy.


[flagged]


If around 80 million subscribers is nobody, then you are correct.


That's "quite literally" not true as I use Apple Music. So there you go.


Except for the 88 million who do?


[flagged]


Ouch - attacking others like this will get you banned on HN. Please don't do it again!

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.


you know your first two sentences aren't really honest. there's the secondary market, considering that apple keeps updating their devices past typical android equivalent you're getting same $/years of use value. there are SE models that are in line to cheaper android alternatives.

if you're poor you're probably not data hording TBs of data, because you've got other problems, so yes, this is all speaking from the point of the privilege, and you being here is also from the point of privilege.

and to answer your 3rd question -- i'll bite and say that this maybe true. but is it really apple's problem or the problem overall? where we're all mined for data and now when someone does offer security you scream that it's unfair. shouldn't you take the equivalent effort and write your legislator and ask them what they're doing about bringing the bar to the level that apple is bringing it to, for all of the poor people out there?


The solution to being poor: a $400 iPhone instead of a $600 one!


Obviously a device doesn't become useless once it stops receiving OS patches. For one, it'll keep receiving security patches for other components (eg the browser, which is in many ways more important than the OS) for many years past end of life.


>>>seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.

Lol I would never advocate for any company I engage with to use apple products. Why? Because they suck.iphoto and iCloud are pieces of trash. Most basic thing like, delete local but keep cloud copy seems to be missing. Can't keep a iPhone synced and do this with iCloud. Lulz worthy sitcho.

Also can't even copy files off device easily. Can't put custom apps on devices easily. The company actively kicks back against things like, freedom of information, following standards, reducing e-waste.

You know some of us make decisions around the companies we support on greater levels than just feature a or b is present in device. Apple are a predatory company that in no way promote a software or hardware ecosystem that is ethical imho and they don't promote one I want to participate in.

I wouldn't touch their shit with a barge pole and ontop of this due to being IT everytime I'm forced to I'm mostly confused by wtf folks think is so great. I legit find the kids toy ux difficult to work with, borderline impossible.

I also like blowing clients away with simple tasks like....copying photos to a usb...browsing files on my phone on a pc. You know the basic stuff like they used to do when they were younger but apple cucked it along the way for zero reason lol.


> Also can't even copy files off device easily.

See https://news.ycombinator.com/item?id=33898890.

> Can't put custom apps on devices easily.

You will, from May, thanks to the EU Digital Markets act.

> [...] simple tasks like....copying photos to a usb...browsing files on my phone on a pc.

You can do this with ifuse: https://github.com/libimobiledevice/ifuse


> You will, from May, thanks to the EU Digital Markets act.

Is this fact? Last I read about this the law was passed, but it's still unclear if apple will actually allow this.

I absolutely would love if I could use the latest version of iOS and install apps that are not in the app store. I'm currently using trollstore to do this but that means using older versions of iOS that are vulnerable to exploits.


The law has passed - but it also has exemptions for security.... So we can expect a lot of negotiating between the EU & Apple/Google on what they actually have to do.


So far Apple doesn't seem to be interested in breaking the law.


I guess it depends on what the punishment is. If it's only a fine, Apple might happily pay it to retain full control of the app repository.


May isn't today.

Downloading some random GitHub app to access a phones storage sure as shit won't be happening on any managed corporate devices I deploy. Or unmanaged devices tbh. That's the kinda shit I leave for quarantined VMs.

Data is still not easily accessible once it's on a iPhone.


Okay... then use iTunes on Windows or Mac? (Not sure how those work, never used them, but I assume they provide the same functionality as imobiledevice)


Nah I thought that was the case too. Turns out it is not. Had a clients employee as me for help w/ her iphone about 2 weeks back. 32gb phone, no storage space left on device so it legit just stopped working, wouldnt recieve texts or anything cus it was full. So clients like, help me get photos off phone onto a USB or set photos to store in icloud only and ill delete the phone copies (well this is what I thought was an option because I can do it w/ just about every other backup software I use). Turns out big fat nup to either options. Only way she could delete phone photos but keep cloud ones was to disable sync entirely (lol wtf is the point of linked cloud if sync is so shithouse?). Plug phone into itunes, all you get re. access to device is no ability to view pics as files too extract, you cant even control apps on the device (good luck finding out what apple referred to as other apple software that used up >30% of phones internal space it just gets all lumped in under one grey color of storage being used.

Got forced to use a iphone 11 or someshit a few years back as a company issued device. Man it was alright at making phone calls, complete POS for doing any actual work on. Basically found it to be an overpriced paperweight that could take ok photos but was impossible to retrieve photos from. No i dont want a icloud account or any of that bs i just want to plug in to pc and pull files like I've been doing for 25+ years on every other platform ive ever used.


If Photos iCloud sync is turned off[1], you can use Image Capture to download and delete photos from the phone to a Mac[2].

[1] I assume because then it's guaranteed the photos are stored on the phone, not just links to the iCloud versions.

[2] https://support.apple.com/en-gb/guide/image-capture/imgcp100...



"Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage..."

Photo checksums can't be e2e encrypted huh? They reported today they abandoned their plans to do CSAM scanning on people's devices[1] and connecting the dots it seems like they wont need to since they can just do it in the cloud.

[1] https://www.wired.com/story/apple-photo-scanning-csam-commun...


The abandoned plan was perceptual hashing, which should return the same hash for very similar photos, while the new one is a checksum, which should return the same hash only for identical photos. I don’t think that invalidates the point, but it does seem relevant. It certainly makes it much less useful for CSAM scanning or enforcing local dictator whims, since it’s now trivial to defeat if you actually try to.


The big difference is with photos end-to-end encrypted, Apple can't (by choice nor force) have human "content reviewers" look at photos to inspect them for unlawful content, as was the intention under Apple's 2021 plan [1] after a threshold of 30 hash matches was met.

Although it was starting on CSAM material, it wasn't clear which other illegal activities Apple would assist governments in tracking. In countries in which [being gay is illegal](https://www.humandignitytrust.org/lgbt-the-law/map-of-crimin...), having Apple employees aid law enforcement by pointing out photographic evidence of unlawful behaviour (for example, a man hugging his husband) would have been a recipe for grotesque human rights abuses.

With photos encrypted, Apple can't be pressured to hire human reviewers to inspect them, and thus cannot be pressured by governments that enforce absurd laws to pass on information on who might be engaging in "unlawful" activities.

[1] https://www.eff.org/deeplinks/2021/08/apples-plan-think-diff...


>The abandoned plan was perceptual hashing, which should return the same hash for very similar photos . . .

Is there any proof they actually abandoned this? NeuralHash seems alive and well in iOS 16[1]. Supposedly the rest of the machinery around comparing these hashes to a blind database, encrypting those matches, and sending them to Apple et al. to be reviewed has all been axed. However that's not exactly trivial to verify since Photos is closed source.

[1]: https://support.apple.com/guide/iphone/find-and-delete-dupli...


Anything over a network can be decrypted and inspected with a MITM proxy (manually adding its root certificate to the trust store), as long as only TLS (no application-level encryption) is being used.


As far as I remember, iOS native apps and services now either consistently use CA pinning or largely don't respect user-added CAs.


There are a multitude of ways to inspect the decrypted traffic of your own device, whether it's a jailbroken iPhone provided by Apple to the security community or a non-kosher jailbroken device. People inspect this traffic all the time.


No. Install Charles Proxy (iOS app) and see what you can get of the MITM proxy it ships with. Many apps don’t ship with pinning.


But most importantly the whole OS and all of the integrated apps do use pinning.


> . . . as long as only TLS (no application-level encryption) is being used.

Therein lies the rub: the payload itself is protected by an encryption scheme where the keys are intentionally being withheld by either party. In the case of Apple's proposed CSAM detection Apple would be withholding the secret in the form of the unblinded database's derivation key. In the case of Advanced Data Protection the user's key lives in the SEP, unknown to Apple.

By design the interior of the "safety vouchers" cannot be inspected, supposedly not even by Apple, unless you are in possession of (a) dozens of matching vouchers and (b) the unblinded database. So on the wire you're just going to see opaque encrypted containers representing a photo destined for iCloud.


Apple does not need scan your photos on a server, because they now can do it on a device.


The original implementation also involved sending a "safety voucher" with each photo uploaded to iCloud, which contained a thumbnail of the photo as well as some other metadata.

The vouchers were encrypted, and could only be decrypted if there were, I believe, 30 independent matches against their CSAM hash table in the cloud. At that point the vouchers could be decrypted and reviewed by a human as a check against false-positives.

It sounds like with a raw byte hash they might be able to match a photo against a list of CSAM hashes, but they wouldn't be able to do the human review of the photo's contents because of E2E.


That would be interesting. Then all someone has to do is generate images that collide with the ones in the CSAM hash database and airdrop them to someone, then they’re suddenly the target of a federal investigation. I remember someone posting about a year ago a bunch of strange looking images that produced those collisions. If it’s all E2E then all Apple sees is a matching hash and can’t do any further review other than refer to law enforcement.


> Then all someone has to do is generate images that collide

If the hashes are cryptographic, then this is impossible (given today's technology).

> with the ones in the CSAM hash database

The CSAM hash database isn't public AFAIK.

> I remember someone posting about a year ago a bunch of strange looking images that produced those collisions.

You're probably thinking about their proposed 'perceptive hash', which has since been scrapped.


Someone mentioned here but I didn't confirm that Apple is stopping the CSAM scanning. It makes sense because there's nothing they could reasonably do even if they found matching hashes. It seems unlikely they'd report these findings to the police if there's no manual ability to review the contents first.



Under the original plan, someone would indeed manually review the contents if the threshold for number of CSAM images were released.


I'm assuming these are normal checksums (bitwise hashes), whereas before they were doing a hand-wavy AI-based thing that they called "checksums" but weren't really. The latter captured rough visual qualities of the images in question, which is why it had a false-positives problem. A real checksum shouldn't have that problem; in theory you'd only be able to detect an exact match of a file you already have and are looking for. So it is meaningfully different.

Edit: confirmed that these are regular, real checksums https://support.apple.com/en-us/HT202303

> The raw byte checksums of the file content and the file name


> The raw byte checksums of the file content and the file name

I wonder if this is literal; otherwise they wouldn't achieve any de-dupe if you just rename the file.


I assumed separate checksums are made from the file name and the contents. Though even if not, it would seem useful for eg. syncing between devices ("does file X already exist so we don't need to download it?")


Uhm... that's a significant leak. Most files you have are not unique, including personal photos (if you shard them). So all Apple needs to do to uncover a significant part of what you have on iCloud is get all the hashes of your files and find the same hashes in others accounts that don't have e2e enabled and other sources to recover the content. And even without content, it is a great way to find connections between people (but they already have non-e2e encrypted contact data to do that...).

Personally, I don't think Apple intends to screw you, and they have a good reason, but isn't not trusting your provider the entire point of e2e encryption?

It is one of the first question I asked myself: "with e2e encryption, it means no de-duplication, it will be expensive for Apple". Turns out they still have de-duplication, and therefore weaker privacy.

Anyways, "As we continue to strengthen security protections for all users, Apple is committed to ensuring more data, including this kind of metadata, is end-to-end encrypted when Advanced Data Protection is enabled". It would be interesting to see if they really are committed. For now, I don't blame them, it is already better than most offerings, and it just came out. However, it will be an interesting point to watch for in the future: it is a privacy feature that actually costs Apple money to run, will they do it?

Note: I assume a standard hash like SHA, working at byte level. Not the CSAM scanning thing that can match similar pictures even if the files are not exactly the same.


Can you elaborate on this comment in terms of how no de-duplication is in any way expensive to Apple? People have to pay for their cloud storage generally (past 5GB) and Apple presumably has their price structure setup in a way where it is either profitable or at least only negligibly costs them as a loss leader for its expensive products.

If someone has all kinds of duplicates, so what? Eventually, they have to pay and up their subscription price for the additional cloud storage. The only way de-duplicating could possibly save money is if two or more people with the same file are both pointed to that same file in a location that is not within their account.

I don't buy this de-duplication argument.


"checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage"

This is likely describing content-addressable storage. It is the underpinning of many iCloud services that store user files / blobs. It is also a commonly used pattern in backend services generally.

https://en.wikipedia.org/wiki/Content-addressable_storage


The problem is that a stream cipher is going to have some per-object uniqueness (a salt, IV, etc.), so by design even if you feed it related input blocks you will get different output blocks. This is, of course, antithetical to deduplication: so you need to check/store the hash of the input before it goes through the cipher.

The presentation about ZFS' native encryption[1] covers many of these sorts of trade-offs necessary to do full-disk encryption at scale.

[1]: https://www.youtube.com/watch?v=frnLiXclAMo


I always thought the client-side hashing plan was something of a giveaway to authoritarian governments which would have demanded Apple check their own list of verboten files against what the users had uploaded to iCloud. E.g. tank man photos.

So I read this as Apple quietly saying "we're not bending to China on privacy". Which is the first step toward probably being banned from providing Apple services in China.


People sharing images that an authoritarian government considers banned might still be exposed by such a scheme, given they are likely to be exactly the same data. There are, after all, no new photos of tank man being photographed, any that are shared would be identical to someone elses, unless every recipient opened them up and modified them, and even then I'm not sure that actually modifies the data if done on an iOS device, as modifications done to images can be undone suggesting to me they are only a layer on top of the unchanged image, which would still return the same hash.

Unfortunately, I think the privacy problems surrounding iCloud Photos remain to an extent.


Given that modifying just a single bit in an image results in a wildly different hash digest, I think the risk is a little overblown. There are probably easier ways for authoritarian governments to figure out who's sending illegal content, like just taking somebody's device and looking at their messages.


It's a little hard to take any percentage of 1.4B peoples phones, get them to comply unlocking their devices, and then inspecting those.

It's a lot easier to tell vendor X that "in country Y list Z is the one that should be used when looking for CSAM", and then add some known Tank Man derivative hashes to that list and find out directly who to arrest.


According to the Wired article linked by parent, there is no longer any hashing or client-side scanning scheme at all, except one that can be enabled locally by parents and doesn't report anything to Apple.


But in the documentation[1] under the heading "Encryption of certain metadata and usage information" they state:

> Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage

This checksum is described as:

> The raw byte checksum of the photo or video

This hash can technically be shared by Apple, since they own the key used to encrypt it. And depending on when the hash is computed (post-encryption it's no problem, pre-encryption we have a problem), this could technically be used to find people sharing known undesired images e.g. Tank Man or CSAM.

[1]: https://support.apple.com/en-us/HT202303#advanced


Apple already has different terms of service for Chinese users. They simply won’t have this feature, or is it turned off silently on authority requests.

There is no way for a user to verify if Apple has actually end-to-end encrypted their backups or not.


You should Google how many times Apple has bent to China as recent as last month. Apple's human rights record is spotty at best.


> For example, dates and times when a file or object was modified are used to sort your information

Who are they sorting it for that this can't happen after decryption?


Maybe tiering and capacity planning for IOPS? Eg store recently modified files on SSDs and the rest on HDDs


I always thought that program was technically limited from the start. It seems like it would be very easy to rotate a small value of the file, even a single pixel, and return a different checksum.



Thanks, TIL!


I also have to call out how closed-source the iOS ecosystem is. They can say what they want, but who knows what it does behind the scenes.


"People rioted when we scanned for CSAM in a privacy-preserving manner but don't give a shit when we do the same thing when it's not privacy preserving so I guess just do that."


This looks like a win for the people who rioted ... what part of the new E2EE without file scanning is not privacy-preserving?


How is this a win? Either is bad, who wants them to keep a database of their image hashes? In some ways this is arguably even worse. If they keep this data online leaks and/or third party access are almost guaranteed. At the very least by authorities with a perma warrant looking for "CP" or "terrorist" material.


> At the very least by authorities with a perma warrant looking for "CP" or "terrorist" material.

I mean, unlike perceptive hashing, cryptographic hashes do not lie.


And that's exactly the problem and why I put CP in quotation marks. With everything we know about these completely unaccountable agencies, what guarantees you it will be limited to a actual crimes against children? For the children is the oldest trick in the book. Already if we talk terrorism, it's explicitly political. One woman's freedom fighter is another man's terrorist.


Maybe I'm confused. From the Wired article and other sources, it sounds like they have abandoned the idea doing any form of hash comparison or client-side scanning. Am I reading that wrong?


https://www.theregister.com/2022/12/08/apple_encryption_iclo...

If that article is correct it doesn't sound like they've abandoned the idea at all, only modified. It's still the same thing essentially, they check your file hashes for "known illegal images or other law enforcement inquiries".


One must understand that E2EE is used when you don't trust your service provider to handle your data. In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?

They can remotely wipe apps. They can force-install apps and force updates. It is not too far-fetched to think that they can just remotely copy anything stored on your device to their servers. So, with an adversary that capable, I'm not sure encrypted backups provide a meaningful improvement to security and privacy.


> In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?

The adversary in this threat model isn't the service provider. The adversary is someone attacking the service provider, like a hacker or a government with a warrant, and getting access to Apple's storage of your data.

Now of course it's not impossible for such an adversary to also defeat other systems at Apple and get your data another way, for example by controlling Apple's ability to send over-the-air updates to Apple devices. But I think that is a sufficiently distinct threat that it's not worth dismissing solutions to the first threat. That would be like dismissing the importance of a web server storing passwords salted and hashed, since attackers could just use a totally different attack to bypass the web server's database access control. Another way to illustrate this might be to point out that attackers can physically coerce you to hand over data regardless of any security measures any service provider could possibly make, but that doesn't mean we should dismiss all such security measures.


> a government with a warrant

remember Lavabit [0]? will Apple choose to shut down rather than to comply [1]? if the government comes with a warrant, it will be with a gag order, and they will be compelled to silently update your phone to extract whatever the govt needs over the course of a few months.

[0] https://en.wikipedia.org/wiki/Lavabit

[1] https://en.wikipedia.org/wiki/Pen_register#Pen_Register_Act


It seems like they are willing to fight such requests: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...


the details of exactly what they were disputing matters:

https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...

in this case it could have set a dangerous (and expensive) precedent for them.

that does not mean they will fight any and all requests.


What is your actual point here? It feels like we’re just playing a game if hypotheticals that are no longer based in reality.

Sure Apple could update your device to send all your photos unencrypted to them. They could also remotely turn on the mic and spy on all of us. They could also add key word detection to iMessage and flag law enforcement if you text out the wrong words.

I think everyone here understands what Apple could do. Which is why it’s a good thing that signs point to Apple not wanting their customer data. And why Apple refusing government orders that they feel violate their customers is unequivocally a good thing (even if they’re doing it for selfish reasons)


> What is your actual point here?

that e2e encryption by a third party does not give you privacy from the US government if that third party can remotely control or update your device and is subject to US laws. it is a direct reply to the assertion made in the GP: "The adversary is someone attacking the service provider, like a hacker or a government with a warrant, and getting access to Apple's storage of your data."


> will Apple choose to shut down rather than to comply

Apple will probably comply, just like I would probably comply rather than go to jail or suffer injury to myself or my loved ones. But I think it's fair to treat that as a distinct threat.


I disagree - the service provider should be considered an adversary and their service - and your tooling - should make it possible to obfuscate every single bit of data and metadata that you store there.

If only such a service existed.

If only


rsync.net is great and I've always appreciated the exposed ZFS capability, even if at this point 3x the cost per gb for a small scale users vs B2 is a lot more painful. Having encryption, including for transfers, also be part of the filesystem (which is open source) is great. Pity but for a small turn of history ZFS didn't become the native FS for Apple. And I think backups in particular is one of the focused completely unambiguous areas where Apple really has behaved in textbook anticompetitive fashion, and they should be required to allow people to point their iOS devices at any 3rd party service (including their own!) they wish that implements the right API (which Apple should have to document and follow themselves).

Still with all that said:

>I disagree - the service provider should be considered an adversary and their service - and your tooling - should make it possible to obfuscate every single bit of data and metadata that you store there.

If you're using Apple devices at this point then I think they do unavoidably form some part of your core trust foundation. With current hardware Apple is everywhere in the stack right down to the CPU level, heck arguably below that since they have a special license with ARM and can implement their own custom extensions. If you really think they're an adversary to the point of doing custom backdoors explicitly going after you, then the hardware just can't be trusted.

It's not unreasonable though to look at both Apple's incentives and the state of American law at least and see distinctions between Apple being compelled (or hacked) to provide something they have passive access to on their side anyway vs being compelled to engage in non-consensual active work and feature development (or having that slipped in and make it into general deployment) on things that necessarily must go out to end user devices. The former is both bog standard warrant/subpoena territory and not inherently detectable outside of Apple and the government, since it doesn't directly involve the user as a party at all. The latter is very arguably illegal and provokes far more public response, and involves deploying in ways that make it far harder to keep concealed (and open up other avenues of challenge).


I don't get it. If you don't trust Apple, then you don't take photos with an iPhone. There is no possible service they could offer that assures you every bit of data and metadata is obfuscated end to end in any sense of before Apple software has a chance to see it. At bare minimum, the camera app has to put together a file before there is anything to encrypt. A malicious Apple could just keep a second copy of that file, and even if you used a different backup service, they'd still have it.


I've used such a service for at least a decade. End-to-end encrypted. All open source. ;)


... username checks out - our target demographic :)


Off topic. Could you please update your website as promised (about three months ago) [1] on the pricing comparison and clarity for rsync.net?

[1]: https://news.ycombinator.com/item?id=32768182


Working on it. It's complicated ...

However, as with all things here, you can just email and discuss with a real person and we'll set you up the way you need to be set up wrt billing and pricing, etc.


I think that's a separate issue. I'm not saying that Apple or any other service provider should not be considered a potential adversary. I'm saying it's still a good thing for service providers to implement solutions to threats.


We used to call this "NSL-proof". If your provider is architected to be NSL-proof, then the warrant has to get served to you.

This is now possible to achieve in AWS, for example.


I think the right way to advocate for this really is to focus on the warrant aspect. It’s not about preventing law enforcement but keeping it above board where there’s at least the possibility of oversight and targets can exercise their rights to things like legal representation.


Can you please elaborate? I haven't seen any info from AWS to that end, and with KMS they control the keys.


I’m assuming they’re referring to this new feature:

https://aws.amazon.com/about-aws/whats-new/2022/11/aws-kms-e...


I think it mostly matters in the context of US case law, specifically the third party doctrine.

> The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have "no reasonable expectation of privacy" in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.

https://en.wikipedia.org/wiki/Third-party_doctrine


There are multiple meanings of trust in this scenario: belief in honesty, and confidence of ability. Eg I can trust you to tell me the truth but not trust you to protect me from a missile.

I trust Apple’s honesty. I don’t trust many attack vectors. Someone could gain access to their data center. E2EE protects that. A gov could legally compel them to provide data. I trust when they say they’ve engineered it in such a way that they can’t currently do it, and that they would publicly cause a scene and legal battle if attempted-as they have before. Accidental data leaks also happen. In all these scenarios I trust Apples intentions but know that nothing is perfect. E2EE adds a lot for me.


Also, companies like Apple are huge, with thousands of staff.

These protections aren't there to protect you from "Apple", but Apple staff.

So for example if someone at Apple has been compromised by a foreign state, they can't copy sensitive customer data just willy nilly. They'd have to jump through a lot of hoops that would be prohibitively difficult.

Google had issues like this in the past where some employees were sending data to the Chinese government. E.g.: information about dissidents, political opponents in Taiwan, etc...

This is one of the reasons Google encrypts even internal server-to-server traffic, because the threat is on the inside of the firewall!


>Google had issues like this in the past where some employees were sending data to the Chinese government.

Was that reported anywhere?


It was all over the news, example from 2013 (when the NSA spying was a hot topic): https://arstechnica.com/information-technology/2013/11/googl...


In theory it adds a speed bump. Apple as the cloud service provider can respond to the legal order by saying they don't have the key. And then the police can ask for a booby trapped update for just your phone which may or may not happen. Or they can lobby the legislature for an encryption backdoor for all devices which will force them to show their hand in terms of "lawful intercept" capability.

If you want maximum security use an air gapped computer. But that won't let you send messages on the go.


> If you want maximum security use an air gapped computer. But that won't let you send messages on the go.

You can, with some inconvenience, use optical diodes to transmit data from a trusted input device to an untrusted network device for transport over tor, and then push the received messages over a second diode to a display device that decrypts the messages, so that even if you receive an exploit/malware, there is no physical connection that allows unencrypted data to be exfiltrated.

https://github.com/maqp/tfc


Thanks, that was actually super interesting, never heard of a data diode before.

BRB, just setting up six new PCs so I can chat with my friend, lol.


This was incredibly interesting. Thanks for sharing!


If you want maximum security then just obviously don't use Apple services, or any other provider that has a capability to fetch your data under any circumstances.


> then just obviously don't use Apple services

How is this possible on iPhone/iPads, where using Apple services like the App Store is required to install software?


Starting in May next year, the Digital Markets Act [1] requires Apple to "allow the installation of third-party software applications [...] by means other than the relevant core platform services of that gatekeeper."

[1] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%...


Very excited for this, but also disappointed that it took the entire European Union to bring Apple to heel.


I'm still on the fence about whether this will end up being a net good or not but people don't seem to consider the potential knock on effects of this. Apple puts some nice pro-consumer, along with some less nice anti-developer, requirements on Apps in the AppStore. Easy subscription management, privacy disclosure, parental controls etc. If the developers of an app decide to only make it available outside the AppStore you as a consumer may be forced to choose between using that app and getting those benefits.


> If the developers of an app decide to only make it available outside the AppStore you as a consumer may be forced to choose between using that app and getting those benefits.

And Apple already chooses the reverse for you by not allowing apps you may want and by charging at 30% tax for doing so. There is a vast disparity between the behaviors!


Obviously, it is not possible on Apple devices. Probably something like Pinephone [0] might help.

[0]: https://en.wikipedia.org/wiki/PinePhone


How does the PinePhone help me download apps on my iPhone?


It won't help to download apps on an iPhone, which, I must say, isn't even yours: you don't get to decide which apps you can install on your phone. Apple gets to decide. Factually speaking you're merely renting the iPhonefrom Apple, which, being the device owner, decides the terms under which you can use it.


In practice this distinction is meaningless. In fact I trust Apple more than my own government. To take your argument to an absurd logical conclusion, I don’t own ANYTHING because my government can take it.


It is known that Apple would do quite a lot of what governments will ask of it. It removes app from national AppStores on a simple request from countries like China or Russia. (Well, now Apple might ignore Russian takedown requests, but prior to the war with Ukraine they were very receptive to their demands)


This is why side-loading and the option for alternative app stores is so crucial. If Apple bans Signal or other E2EE messenger apps from your national app store, you can't get them. Full stop.

If people in China and other privacy-hostile countries can side-load from alternative app stores (like F-droid for Android), the government/Apple doesn't control user access to particular undesireable apps.

There's obviously reverse concerns to this side of the coin but the overall concept has arguably always existed eith jailbreaking (Cydia store, AltStore(?)) and I haven't heard any stories about people becoming massively compromised in the way all the naysayers and Apple would have us believe.


In rule of law countries there is a legal framework for the government taking things which involves processes that are generally voted on.

We cannot say the same for Apple.


Laws voted on by elected officials like Ted Cruz, MTG, Boebert. I trust Tim Cook over any of those.


Never heard of Civil Forfeiture, eh?


Ya, and amazingly enough it's a written law.


Don't buy an iPhone.


Or just wait long enough for the EU's digital markets act to take effect. But my point stands.


I can’t wait for the mandated pop ups “did you know you could install a third party App Store” every time you go to the Apple App Store.


What makes you think there will be such "mandated popups"?


EU browser ballot. Cookie consent nags.


Have you heard of the GDPR and seen how it’s made the web browsing experience worse?


Yes, I have heard of the GDPR and in my opinion it has improved/consolidated my digital privacy rights and not affected the "web browsing experience" in any negative way. I believe you are referring to the ePrivacy Directive (aka cookie law). As you may know, it's only mandatory to inform the user when the website is collecting information from the user beyond what is necessary for technical purposes - and in that case I do want the option to refuse that.


Maybe buy a product that better suits you. If you buy a barbie doll, don't expect to be able to transform it into an 18 wheeler big rig.


They don't have to lobby anyone for this. Apple has operations in aus. We have laws here gov can force you to put a backdoor in software or hardware and you are not allowed to tell even your employer you have been requested to do so.

Tbh in theory apple aren't allowed to tell you they have done it or otherwise. So their phones have probably been backdoored for a few years now at request of aus gov.


Who pays for the work required to add the backdoor? Does the company have to do it for free?


I would not be surprised if there is a backdoor already. Either explicitly ordered or secretly inserted like Dual_EC_DRBG. They’re not burning a zero day vulnerability or certificate authority just to convict one defendant. They’re saving them for something like Stuxnet.


Nothing is secure. Once we remember that, we'll stop nitpicking improvements.

Use your own server? Great, it's secure software-wise, but if someone broke into your house, it's all of the sudden the worst liability ever. The next thing you know, your entire identity, your photos, everything is stolen. You have excellent technical security, perhaps the weakest physical security.

So new plan, you use a self-hosted NextCloud instance on a VPS somewhere. That's actually not much smarter than using iCloud - VPSs handle data warrants all the time. They also move your data around as they upgrade hardware, relocate servers, and so forth.

So new plan, you use iCloud E2E encryption. You have to trust that Apple does as they say, and trust that their algorithms are correctly functioning. Maybe you don't want to do that, so new plan:

You use a phone running GrapheneOS, with data stored on a VPS, with your own E2E setup. Great - except you need to trust your software, and all the dependencies it relies on. Are you sure GrapheneOS isn't a CIA plant like ArcaneOS was? Are you sure your VPN isn't a plant, like Crypto AG? And even if the VPN is legitimate, how do you know the NSA doesn't have wiretaps on data going in and out, allowing for greatly reducing the pool of suspects? Are you sure that even if the GrapheneOS developers are legitimate, the CIA hasn't stolen the signing key long ago? Apple's signing key might be buried in an HSM in Apple Park requiring a raid, but with the GrapheneOS developer being publicly known, perhaps a stealth hotel visit would do the trick.

So new plan, you build GrapheneOS yourself, from source code. Except, can you really read it all? Are you sure it is safe? After all, Linux was nearly backdoored with only two inconspicuous lines hidden deep in the kernel (the 2003 incident). So... if you read it all, and verify that it is perfect, can you trust your compiler? Your compiler could have a backdoor (remember the "login" demo?), so you've got to check that too.

At this point, you realize that maybe your code, and compiler, is clean - but it's all written in C, so maybe there are memory overflows that haven't been detected yet, so the CIA could get in that way (kind of like with Pegasus). In which case, you might as well carefully rewrite everything in Rust and Go, just to be sure. But at that point, you realize that your GrapheneOS phone relies on Google's proprietary bootloader, which is always signed by Google and not changeable. Can you trust it?

You can't, and then you realize that the chip could have countless backdoors that no software can fix (say, with Intel ME, or even just a secret register bit), so new plan. You immediately design and build your own CPU, your own GPU, and your own silicon for your own device. Now it's your own chip, with your own software. Surely that's safe.

But then you realize there's no way to verify, even after delidding the chip, to verify that the fabrication plant didn't tweak your design. In which case, you might need your own fabrication plant... but then you realize that there's the risk of insider attacks... and how do you even know those chip-making machines are fully safe? How do you know the CIA didn't come knocking and make a few minor changes to your design, and then gag the factory with a National Security Letter from giving you any whiffs about it?

But even if you managed to get that far, great, you've got a secure device - how do you know that you can securely talk to literally anyone else? Fake HTTPS Certificates from Shady Vendors are a thing (TrustCor?). You've got the most secure device that is terrified to talk to anybody or anything. You might as well start your own Certificate Authority now and have everyone trust you. Except... aren't those people... in the same boat now... as yourself... And also, how do you know the NSA hasn't broken RSA and the entire encryption ecosystem with that supercomputer and mathematicians of theirs? How do you know that we aren't using a whole new DUAL_EC_RBG and that Curve25519 isn't rigged?

The rabbit hole will never end. This doesn't mean that we should just give up - but it does mean we shouldn't be so ready to nitpick the flaws in every step forward, as there will be no perfect solution.

Oh, did I mention your cell service provider always knows where you are, and your identity, at all times, regardless of how secure your device is?

Edit @INeedMoreRAM:

For NextCloud, from a technical perspective it's fantastic, but your data is basically always going to be vulnerable to either a technical breach of Linode, an insider threat within Linode, or a warrant served (either a real warrant, or a fraudulent warrant, which can happen).

You could E2E encrypt it with NextCloud (https://nextcloud.com/endtoend/) which would solve the Linode side of the problem, but there are limitations you need to look into. Also, if a warrant was served (most likely going to be authentic if police physically show up, at least more likely than one they served your data over), you could always have your home raided, recovery keys found, and data accessed that way. Of course, you could destroy the keys and only rely on your memory - but, what a thing to do to your family if you die unexpectedly. Ultimately, there's no perfect silver bullet.

Personally... It's old school, I use encrypted Blu-rays. They take forever to burn, but they come in sizes up to 100GB (and 128GB in rare Japanese versions), they are physically stored in my home offline, and I replace them every 5 years. This is coupled with a NAS. It's not warrant-proof but I'm not doing anything illegal - but it is fake-warrant-resistant and threats-within-tech resistant, and I live in an area where I feel relatively safe (even though this is, certainly, not break-in-proof). Could also use encrypted tape.


I run Nextcloud on a RPI at home with fail2ban, brute force protection, MFA, and E2EE which is backed up remotely using encrypted Borg backup. The 4TB SSD drive safely serves my friends and family too. My laptop and Graphene phone's files, apps and settings are backed up automatically to it daily. I have too many apps installed on Nextcloud to list, but it is basically an all in one solution to your cloud needs.

Both Nextcloud and GrapheneOS are FOSS which addresses your concern about it being a government trap.

My partner is able to access my Bitwarden account if I were ever to be indisposed.

Sure nothing is perfect, but tell me how this is not a better solution than trusting the closed source ecosystem of the biggest corporation in the world.


“Both Nextcloud and GrapheneOS are FOSS which addresses your concern about it being a government trap.”

I was merely referring to the fact that unless you build the code yourself, there is no certainty that you have that a government has not shipped a custom hacked build to your device and stolen a FOSS signing key. Unlikely? Yes. Possible? Yes. Also, backdoors, as seen in the 2003 Linux incident, can be as hidden as a deliberately missing equals sign in 1 line of code - so, a sneaky government commit with the smallest backdoor could be undetected even if FOSS. I still think it’s better than proprietary - don’t get me wrong - but it’s not invincible which was my main point about how security does not end.


Right, but nobody can write all the code they need for every service. I agree nothing is invincible. We put varying degrees of trust in people and processes of communities who maintain the SW. FOSS requires much less trust than proprietary SW developed by megatech.


You forget one of the simplest loopholes: "gun to the head for the password".


> Use your own server? Great, it's secure software-wise, but if someone broke into your house, it's all of the sudden the worst liability ever.

this doesn't invalidate the rest of your point, but if your data isn't encrypted at rest on your own hardware, that one very particle point? that's your own fault.


you will need some kind of remote mounting mechanism. Imagine you are abroad and your power at home is off for a short period of time. How to boot remotely and mounting the encrypted filesystem? Not an easy task. You will need some kind of dropbear ssh that you dial into and input your encryption key. Many moving parts. Don't get me started if you have to update the packages due to security fixes.


I've been running my own Nextcloud instance on a Linode with 2FA and your response made me question how secure it is.

Even though I get an A+ on the Nextcloud Security Scan (https://scan.nextcloud.com/), have 2FA, and custom IP blocking set up in my .htaccess file, it's disheartening to know that I'm not as secure as I thought I was.

I removed all my photos/files from iCloud for privacy reasons, and now I feel helpless contemplating how Linode may just hand my data over if served a warrant.

Any other Nextcloud hardening tips besides Fail2ban and reverse proxying you'd recommend? May I ask what your workflow looks like for preserving files throughout time?


Nextcloud has three recommended add-ons that you can install in a few clicks: -Brute force protection -End to end encryption -Multi-factor Authentication

E2EE will consume more space.


> And what good is that encryption, if Apple obviously can do almost anything with your device?

Because apple isn’t in control of apple for data at rest, and that’s the specific risk.

You have to trust control of the device sure, but you cannot trust cloud data - almost at all - between subpoenas from over eager LEOs and break ins from criminal and state hackers


> Because apple isn’t in control of apple for data at rest

That's not really true if Apple also holds copies of your iCloud decryption keys. If they want to access your data, they already have all the necessary components.


> That's not really true if Apple also holds copies of your iCloud decryption keys.

That is literally the thing that this announcement changes.

I see that Hacker News has plummeted below Reddit in the "bothering to check the link" stakes.


Now we're going in full circle, so I'll just point you to the parent thread:

> One must understand that E2EE is used when you don't trust your service provider to handle your data. In other words, the adversary in your threat model is the service provider - and in this case, Apple. And what good is that encryption, if Apple obviously can do almost anything with your device?


Ironic, since if you follow the thread you'll learn that since Apple still has complete control of your device, it essentially still has access to the keys.


Yea, thats the point.

Let me re-phrase, by giving Apple control over the keys, you give control over the data to whoever controls apple - which is non-zero (Eg. LEO), and whoever may gain control (security vuln).


I don't want Apple to give over the keys. I just want my key to be the only in existence.


Yea… that’s what they’re changing. That is the point. They’re not going to be in control over the keys - which is a good thing to you, it seems.


Apple isn't a monolithic entity. For example, a rogue engineer might be able to access your iCloud data, but it's orders of magnitude more complicated to push a specifically manufactured app to your device.

There's a similar variance of complexities for hacking and law enforcement overreach scenarios.

E2EE isn't a solution for all attack vectors, but it's a significant mitigation in itself.


> They can remotely wipe apps.

Technically no. I still have Fortnite on my iPhone, it just can't be opened. Apple can't wipe apps from your phone, but if they're App Store installed (as opposed to Ent MDM/Sideloaded), they can render them inoperable by revoking the certificate attached to the bundle.


It's all a closed source jumble though. Even if they can't do it right now, they have the power to install an update that allows them to add that power, if they had to.


What's the functional difference between "remotely deleting" and "remotely rendering inoperable"?

Remotely deleting probably just exposes them to all kinds of legal issues, since it would wipe user data too (which you can otherwise possibly still extract, e.g. through the "Files" app).


What’s missing is context - Fortnight’s account is in breach of the agreement and can’t deliver updates to address issues with the latest version of iOS.

This is identical to any developer that doesn’t deliver updates or suspends their developer account.

Those which have downloaded Fortnight at least once can still download and use the game on earlier versions of iOS and even with iOS 16 by following certain mitigations.

Contrary to some online posts Apple haven’t done anything unique to the fortnight account.


One must also understand that you're wrong. My threat model isn't Apple. My threat model is

a) Overreaching law enforcement, which want to take a look at what I'm up to. b) Data breach at Apple exposes all my data c) Errors where my pictures gets in another users photo album, as seen on Google Photos once.

E2EE defends against all 3


It is becoming increasingly difficult to not just recommend an iPhone to the average person with privacy/security concerns. Sure, you can tell them to go the GrapheneOS route, but I don't think you can trust the average user not to just go and install Google Maps/Google Photos/etc as soon as the alternative FOSS option inconveniences them. I've certainly struggled with this. Then they're arguably worse off than if they'd just stuck with the Apple equivalents.


Apple produces a very nice set of golden handcuffs. Polished shiny look, comfortable fur lining. Customers are really going to going to scream bloody murder when Apple latches them down tight.

The problem here is we are wholly dependant on Apples goodwill. It is not required in anyway (hence Googles behavior). At any moment Apple can revoke said goodwill and exploit us to our hearts content and we will have no fallback what so ever because we decided to let the market codify our freedoms rather than preventing companies from being ruthless.


How is the possibility that Apple may flip down the line relevant? By that logic, no one should ever use any product ever.

I've enjoyed 15 years of a wonderful and privacy-first device ecosystem. They're evidently making it even better. And you want me to be upset?


It's because the "lanes" that non-tech juggernauts break out of are typically pretty restricted, much in advance (aside from "Emergency Use Authorization" etc). Maybe it was "paranoia" (thinking of conditional incentives ahead of time), or people had to suffer enough before these to come into existence.

What's the equivalent of the FDA but for consumer privacy?


> What's the equivalent of the FDA but for consumer privacy?

Corporate altruism, apparently


That has nothing to do with Apple. Just because the American government doesn't understand the importance of technology doesn't mean Apple is in the wrong.


its only a privacy-first device if you ignore how their treat their customers in china


Let's assume they do eventually flip their brand on its head and turn on the users.

While waiting for them to latch you down tight, you could have already been enjoying the most consumer-centric and privacy-conscious mainstream mobile OS since 2007.


>Let's assume they do eventually flip their brand on its head and turn on the users.

Chinese customers don't need to wait. Apple flipped sometime in 2017 and gave up all user emails, photos, messages, etc. to the CCP to stay in the market.

People complain about TikTok spying for China, but Apple is one of the biggest CCP spies around. That runs counter to the brand headspace they keep investing in though.


Seriously, with what we know about PRISM [1], why do comments on here only fear China's surveillance and not that of the United States?

Apple was revealed to be a participant in 2013; there is no reason to believe they are not a part of it now.

1. https://en.wikipedia.org/wiki/PRISM


I'll never understand people who expect Apple to try and fight the CCP and inevitably get themselves barred from the Chinese market. It's not principled, it's just dumb and will completely screw over all of their current customers in the country who will now have useless devices. Apple is not a nation-state and has no judiciary or military power, and if they're to have any hope of making positive change in the country they need to play ball to some extent and become a large player who can actually exert some influence.


>I'll never understand people who expect Apple to try and fight the CCP and inevitably get themselves barred from the Chinese market.

People have this expectation because other companies have done this.

For example, Google employees revolted when dragonfly was leaked, and got the CCP search-spying project killed. It's weird to think that Google cared more about user privacy than profits than Apple does, but that's how weird the branding works here.


"I am in a benevolent dictatorship, nothing ever could go wrong"

Just because Apple is playing nice at the moment, there is no reason not to force them, and all the other players to have a legal requirement of playing nice. I mean, the hog that is fattened for slaughter thinks its life is great, right up until its not.


I've been using an increasing number of Apple products since 2006 or so, after having used Linux for a decade and Windows from 3.1 through 2000.

If it's a benevolent dictatorship, it's undeniably been a good one to me over nearly half my life. If they ever do turn, I can always just leave. But what is and/or was my alternative? The less-benevolent dictatorships of Google or Microsoft? Spending inordinate amounts of time and effort making a hodgepodge of various Linux devices work together (often unsuccessfully)? I'll pass.


"I'm not worried if the benevolent dictator turns on me because on that day I'll just stop using an iPhone."


Except Apple does not have a police force that will detain you if you try to leave after they institute less-desirable products, and I'm sure they'd lose a lot of money and value if they literally disables data exports.


I used to think Apple could be forced to play nice, and again and again that doesn’t seem to happen. The hammer never fell on their 30%, nor on Safari binding, nor on third party stores. And the funny thing is Google sees that and just goes the same direction, so if tomorrow Apple goes south it’s not like Google would rise as a bastion of vertue.

The question could be less if Apple should be trusted, and more if phone makers in general should be allowed to be dictators.


Why should phone makers not have ultimate control over their devices?

Say I make the Avocado Phone:

- my entire shtick is that "you can only run apps we make, and we vet the source code of every one of the few thousand third-party apps we allow on our device. We will pay you $10,000 if you get compromised using our phone"

- Of course, to achieve this, the phone can't be susceptible to "informed" evil maid attacks (as in, say the hotel's cameras capture you entering your passcode and Avocado ID Password) that replace your OS with an identical one preloaded with Malware. This means that, even as a user, you literally can't load any other software onto the bootloader or OS that would touch the operating system.

- it also takes every opportunity to prevent third-party apps from gaining access they don't need, which includes disabling JIT compilation (ruling out third-party browser engines, unless they want to use a slow javascript interpreter).

At what point does my phone turn from a product that services the security-conscious crowd with a completely bulletproof device, into something that people want to be able to preload software onto, because they didn't realize that security comes at a price? Is it when I sell enough? Is selling 10 million a year enough to where my market presence becomes a problem? 100 million a year? Why would people buy it if the government forces it to be 'open' at the cost of invalidating its entire use-case of being a secure device?


> Why should phone makers not have ultimate control over their devices?

First part is, fundamentally these devices are sold. You could eschew the very notion of property and make it a pure rental, but it’s not the point we are now.

The second part is, as you point out, your idea is completely valid until your service becomes life critical, a huge portion of the country’s population relies on it day to day, you killed any competitor that had a significantly different value proposition and it would have catastrophic consequences if you were to screw it up badly. Basically you became part of the infra. Is it 100 million units ? It’s up to your regulators to decide.


It's an issue not so much because the iPhone is a phone, but because it's a PC, and a much more personal one than any desktop or even laptop.


I think a lot of the privacy-conscious Apple users would wholeheartedly support laws that guarantee better privacy than is currently required. That said, we have to act in the world we live in not the world we want it to be.

In any case, I don’t see how using Apple products is at odds with supporting better privacy laws. If anything, they are perfectly aligned since it demonstrates a $2 trillion alternative to surveillance capitalism.


>>most consumer-centric

the fact you believe this is true today is most telling, I do not find them to be "consumer-centric" they have very draconian policies and if your use of the device fits in their narrow band of use cases then it is find, if it does not you are SOL


Given they accommodate over 50% of United States residents[0], I'm not sure the band is as narrow as you say it is. Of course, for those it doesn't accommodate, there is a different product that hopefully better fits their use cases.

0: https://9to5mac.com/2022/09/02/iphone-us-market-share/


Market share is irrelevant if there’s a high enough barrier to entry and cost of switching for the user. For instance Comcast probably has a very good market share and competitors too on paper.


Is the cost of switching that high? People at the phone store do 'data transfers' already (seemingly just texts, pictures/videos, and contacts), and, hilariously, the transfer to Android is a lot better than the 'move to iOS' app that has terrible reviews[0]. I bet most of the time being spent on switching will be on reinstalling all your apps and logging back into them.

0: https://play.google.com/store/apps/details?id=com.apple.move...


It is, depending on how long you've been using the platform.

For instance if you've been on iOS for a few years and bought a healthy amount of music, those are virtually gone after moving to android. You can mitigate that by either

- forever keep paying Apple through an Apple Music subscription

- somewhat extract the tracks and DRM free them (tracks were DRM free when bought from the Mac, but not when bought on iOS last time I tinkered with it). Of course Apple will make as hard as they can to block this route.

Same for movies and books, and for games/apps as well if they don't have a multi OS pricing scheme.

Switching cost is not just time spent to get used to, more often than not it"s a non significant amount of money lost in the process.

Same deal the other way round of course: Google is more diligent on exposing their content on iOS, but there will stil be paid games and apps to be lost in the process.


Is there some protocol for the programs you bought on iOS, to get them again for free on Android ? (When they even exist.)


>most consumer-centric

This has to be satire.


If I don’t like what Apple does with iMessage, I can move to WhatsApp. If I don’t like what Apple does with photos, I can move to Google Photos. If I don’t like what Apple does with iCloud, I can move to Dropbox. If I don’t like what Apple does with iOS, I can move to Android.

What am I missing? How am I handcuffed to Apple?


> If I don’t like what Apple does with photos, I can move to Google Photos

I can’t. I don’t use Apple Photos, and I can’t set Google Photos as the default photo handler, nor default source or destination, nor tell any iOS device to never save photos in Apple’s silo.

> If I don’t like what Apple does with iCloud, I can move to Dropbox.

I can’t either. I wanted to backup my phone elsewhere and there is no option outside of iCloud.

How have you hacked your system and how long will you be able to?


To use Google Photos on iPhone: install the Google Photos app and grant it access to your phone's photos. Then you can go into the Google Photos app to see and manage all your photos.

To keep Apple from saving your photos: turn off iCloud Photos, or log out of iCloud.

To back up your iPhone without iCloud: make a local backup on your Mac or PC. You can even encrypt the backup with a password you choose. You can sync these backup files in any way you would like, including via Dropbox.

You can also sell your iPhone and get a different phone if you don't want anything to do with Apple.


You're skirting around the issues, as Apple just won't allow you to get out of their system in the key parts. Any of the alternative you describe are just clunky workarounds with utterly broken parts (local backups through a Mac have severe issues compared to cloud backups)

> You can also sell your iPhone and get a different phone if you don't want anything to do with Apple.

If you come to that conclusion, it's basically the answer to your "How am I handcuffed to Apple?" question. If you need to give up the system to properly manage your backups, it's pretty much a situation where you're handcuffed or not, with no clear negotiable middle ground option.


And if you don't like Safari? Gotta sell the whole phone, sorry bud.


I use Firefox just fine on iOS. Sure, it's just user chrome and Firefox Sync, but those are the things I care a lot more about than the rendering engine.

I'd love to support Gecko on mobile too, as I've moved the vast majority of my desktop usage to it, but Webkit is still fighting the Blink/Chromium hegemony, too, and that's still fighting the good fight.


> and that's still fighting the good fight

Not if they treat user freedom as their enemy.


I appreciate that you feel that way. I think most users don't care about the details of rendering engines and think user chrome choice (not Google's Chrome specifically; it's stupid Chrome confused pre-existing browser language) is enough. I mostly agree, as I already stated, and I'm okay with the compromise on rendering engine for security and I'm okay with the compromise on rendering engine to keep at least one non-Blink renderer high enough on caniuse usage statistics that I can fight back some in corporate projects that "Chrome is the only browser we need to support" because we have enough iOS using users and many of them are executives. That's a more important fight to me than "user rendering engine freedom". I don't personally need IE6 2.0 "Chrome is the only supported browser for the next few decades" (whether or not you think Google would declare victory in the same way that Microsoft did and stop innovating on Chrome entirely that very minute that happens), and I don't think the web as a whole needs that either. So I'm with Apple right now on their compromise choices.

I don't expect you to agree with me. I just want you to know it is a perspective of its own merits. The web has seen what happens when one rendering engine gets enough market share to dominate and that had a decade or more of repercussions, especially in enterprise application development. We're so dangerously close to that happening again. You may think you are fighting the most for freedom of the two of us, but from my perspective you are fighting a proxy battle in the Cold War and I'm much more worried about the Cold War and the freedoms it may lose us in the long run.


In the future Chrome might achieve a monopoly, therefore we should give Apple a monopoly on Safari today? If we're doing Cold War metaphors, this sounds like "we had to destroy the village in order to save it".

I'm much more worried about the Cold War and the freedoms it may lose us in the long run.

I will have to disagree that freedom is advanced by an OS that forbids you from using software that hasn't been approved by a megacorporation.


Apple's usage of Safari on iOS is much more akin to a monopsony than a monopoly (though we are busting at the edges of the anti-trust analogy). Apple is only the only (allowed) "buyer" of rendering engines on iOS, and so is only buying Apple. So it is a bit of apples and oranges when comparing to potential monopoly where Google is the last supplier remaining for rendering engines.

We're probably all going to keep disagreeing because it is apples and oranges no matter what analogy we try to use. I do think "potential monopoly" is worse than "practical monopsony" (especially when it is a proxy monopsony and people are still free to not buy Apple and thus not buy Apple's rendering engine choice), but you are welcome to continue to disagree. Again, I appreciate why a lot of y'all see the "practical monopsony" as the larger and more immediate threat.


Whatever you label it, it's an arbitrary limitation of technical capabilities that is done for the user without asking them. You can backpedal as far as you'd like, but you can't apologize away the fact that the user should have more power over their iPhone than Apple does. That shouldn't be contentious on a site called 'Hacker News'.


I'm not backpedaling, I stand by my opinion that "this isn't a technical user choice that matters to many users (including me)". That's the first thing that I said on the subject, and that's what I've been sticking to. I don't know why my opinion is upsetting you so much, but consider toning things down a bit before they get personal or hurtful?

What may sound like "backpedaling" is that I am admitting sympathy for your concern, despite disagreeing with it. I think you've made good points. I don't find anything "contentious" about it. I still disagree with you, and I'm not apologizing for disagreeing with you. I can understand your points just fine, and also still disagree with them. I would like you to consider my point of view, and maybe engage with me on this issue that it is much more complex than a simple "good versus evil". I hope this not to change your mind, but in the hopes of a better overall discussion than just "Apple is evil and doing evil things because Freedoms". The reality is not that simple. I don't blame you for thinking it is, and you are free to continue to do so, just don't yell at me for saying "well I think it's kind of complicated", please.


I'm not yelling at anyone. You're making weasel-y statements, and I'm calling you on them outright. If Apple wants to lead the way in browser development, then they should do so on their own merits. They're welcome to pre-install it on my iPhone, and they can even make it impossible to delete like on Mac. Just don't use it as an excuse to prevent alternative browser engines, it's not a solid argument. The concerns over Javascript engines and JIT compilation was sketchy at best, but I won't stand around and listen to people defend an opportunistic greed magnet for trapping their users.


Yes, exactly, I can switch phones. Doesn’t seem like handcuffs to me.


There can be no free or fair market here. The barrier to entry for new companies to enter the phone market is just unbelievably high with all the patents.

Modern human communication, phones, are too important to be held hostage by just two companies, neither of which are acting in consumers best interests.

IMO this is the time that governments should be acting on behalf of the people, and not the corporations with the deepest pockets.


You seem to miss that you're switching the golden handcuffs for rusty uncomfortable handcuffs with the spikes facing inward.

"It's a free market because I have the choice between two brutal masters!"


I guess we're all wearing the handcuffs of not getting exactly what we want.


Why would someone not like Safari?

There is a Chrome app on iOS. I don't think many people pick their browser based on rendering engine, but rather on actual browser UI and features (like sync).


Guess it's a shame I'm one of those people then, all infatuated with silly things like 'options' and 'choice'.


What will you do when Apple would delete Whatsapp from AppStore?


> If I don’t like what Apple does with iOS, I can move to Android.


Is it really that hard to switch from Apple to/from Google or to/from Windows/Linux?

I mean, I really emjoy my current Apple ecosystem, and I do have all the devices, and I like how everything works currently. But, a switch is mainly a matter of movies my files and exporting/importing photos, contacts, and email. It might take a few years to cycle out ALL the devices, but I don't feel like there is a ton of friction in switching my data over.

It is more that everything is working so well together that I don't want to switch right now.

I do stay away from Apple home automation though, for this very reason. I want something open and local that I control since that WOULD be a huge pain to try and swap away from.


>Because in theory Apple could go completely against their own philosophy and our decades of prior experience with them, you should instead give all your information to Google so that they can sell it

Hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm


Apple's own philosophy? The one they pay to put in advertisements, or the one Edward Snowden leaked to us?


I’m a FOSS person and run Linux as a daily driver. But I recommend every single person who asks to just buy an iPhone or a Mac (if they can afford it). The user experience alone is so superior to the other options. Security and privacy too, these days.


Their software is NOT open source (well, some parts are, but AFAIK it's a minority).

Thus the privacy claims are just advertisement, there is no way to verify them.

Apple devices might as well be fully backdoored.


Apart from some very niche options, so is everything else.

This is about trust. If you don't trust the manufacturer of your hardware (or developers of software), that puts you down a very specific path of what you can happily purchase.


The marketing is strong with Apple.


If by marketing you mean product development and putting their money where their mouth is, yeah, it's pretty strong.

There isn't another mainstream product that offers that.


People seem to forget fast (this is only 2 weeks ago) https://gizmodo.com/apple-iphone-privacy-dsid-analytics-pers...


This was tied to an action in the App Store. Not sure how you purchase apps without tying it to your Apple ID. It is also laid out in the ToS "We use information about your browsing, purchases, searches, and downloads. These records are stored with IP address, a random unique identifier (where that arises), and Apple ID"

No one (or even the author) has been able to replicate it or find the Apple ID in any other logs calls.


Also the products, though.


> Sure, you can tell them to go the GrapheneOS route, but I don't think you can trust the average user not to just go and install Google Maps/Google Photos/etc as soon as the alternative FOSS option inconveniences them

Isn't it fine to install Google Maps, etc, in a separate profile, inside GrapheneOS?


We changed the URL from https://www.apple.com/newsroom/2022/12/apple-advances-user-s... to the link that several users pointed out has the meatier details.

A small number of comments here are not about E2EE backups but rather the security key announcement. If there's a more detailed URL for that part of the story, we can factor it into its own thread.


Thanks Dang.


> Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage — all without having access to the files and photos themselves.

> • iCloud Drive The raw byte checksums of the file content and the file name

> • Photos The raw byte checksum of the photo or video

https://support.apple.com/en-us/HT202303


That means that you’re not safe to store known files your local dictator doesn’t like, isn’t it? Wouldn’t a sort of per-user salt allow the same functionality and give more confidentially?


Can someone say more on this point?

If there is a "Revolution Plan (WIP)" document shared amongst a few agitators, and someone in power gets their hand on it (and its "checksum" or whatever), then can they figure out _who else_ has it?


More or less, yes. Apple could search for a list of iCloud users with that hash in their account and single them out without breaking the encryption (not that they can't do that too).


It wouldn't allow them to deduplicate across users, which they are likely doing.

When you send your group iMessage of 30 people the same photo, apple is not storing 30 copies of it, but, one.


Is that actually true?

My understanding of how E2E encrypted iMessage works is that in group chats it does indeed send 30 copies of your messages, individual encrypted for each recipient in the group.

https://support.apple.com/en-gb/guide/security/sec70e68c949/...

> For group conversations, this process is repeated for each recipient and their devices.


Perhaps they're doing multi-recipient encryption, ie. the data is wrapped with one key, and that private key is then encrypted with the public key of each recipient, so everyone ends up using the same private key to decrypt the file data itself. This means the actual file data isn't sent 20+ times (although the data is indeed stored in everyone's Messages backups separately; if Apple is doing de-dupe based on file data+filename, they're probably benefiting from deduping group message images).


> APNs can only relay messages up to 4 or 16KB in size, depending on the iOS or iPadOS version. If the message text is too long or if an attachment such as a photo is included, the attachment is encrypted using AES in CTR mode with a randomly generated 256-bit key and uploaded to iCloud.

Only the attachment encryption key and URL need to be encrypted to each recipient.


That would be a terrible idea.

If everyone is using the same file on iCloud, then by definition the file must be encrypted with the same E2E encryption key.

That seems ripe for buggy disaster, and is a big loss of privacy. With enough phones, you could decrypt a large percentage of other peoples data.


A more thorough (or less PR-ish) explanation of the Advanced Data Protection and how it works can be found here: https://support.apple.com/en-ca/guide/security/sec973254c5f/...



This is a great step, but I really hope Apple also change their position on no longer allowing users to provide a high-entropy passphrase to unlock all of this end-to-end encrypted data.

As it is, my iPhone unlock PIN is everything that's needed to decrypt the data server-side [1], and I'm not changing to an alphanumeric password on my phone only because of that.

[1] https://support.apple.com/en-us/HT204915 ("You might also be asked to enter the passcode of one of your devices to access any end-to-end encrypted content stored in iCloud.")


You are not limited by 6-digit passcodes only, you can also

“…Or tap Passcode Options to switch to a four-digit numeric code, a custom numeric code or a custom alphanumeric code.” which is on their support web site[1]

[1]: https://support.apple.com/en-gb/HT204060


Yes, but then I need to enter a custom alphanumeric password every time I unlock my phone or tablet.

I want to be asked for it if and only if I grant a new device access to my end-to-end encrypted iCloud data.

I don't think this is an absurd demand. WhatsApp supports this security model, for example. Evem Apple used to, before they forced every iCloud keychain user to switch to their HSM-based model!


Do you not use FaceID or TouchID or unlock with the Watch?

I switched my pin to alphanumeric because I’m not putting it in every time I pickup my phone. I can live with the inconvenience of putting the passcode in every couple of days or so.


I just want to second this. I use a long alphanumeric password to unlock my iPhone plus FaceID.

I enter the password at most a few times a week after reboots and if someone plays with the phone and gets FaceID to fail too many times. It’s not annoying at all to unlock with the keyboard rarely.


I put in my 12 character numeric passphrase multiple times a day because FaceID sucks with masks and covid is still a thing.

I wish TouchID were an option on latest pro iphones.


Lately I've found FaceID can't handle my 'first thing in the morning and haven't had my coffee' face. I'm not sure if it's me or if Apple updated the algorithm.


If you haven’t already, I would nuke and pave the facial recognition. Haven’t faced anything like that since TouchID but that would be a red flag to me that the recognition data set is betraying me.


I see what you're asking for, but I don't think Apple would ever do it. A passphrase that is only used once every few years is a recipe for endless support calls.


Then hide it behind an option deep in the settings, and label it "only for advanced users, and if you lose it, all your data will forever be gone".

Apple even had this exact setting in the past! And they still have a similar thing for Mac disk encryption (the default is iCloud escrow, but a local-only recovery passphrase is also an option).


Android offered it for a long time for decrypting on boot. I'm sure Apple could communicate it well enough.


I’m aussiming you don’t use Touch ID or Face ID?

I’ve been using an alphanumeric passcode for about 7 years now. I’ve gotten used to it. It’s not too long to be annoying but better than a numerical pin.

Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.


> Even if you used 4 numbers for an alphanumeric password, it’s still much more secure than a 6 digit pin.

Unfortunately, that's not the case:

If you trust the secure enclave (for the device unlock scenario) or Apple's HSMs (for the key escrow scenario), a 6-digit PIN is just as secure as a 4-character alphanumeric password. In both cases, you get 10 invalid attempts before your data is wiped, and the odds are negligibly small in either case (10/10*6 vs. 10/62*4).

If you don't, i.e. you are concerned your adversary can somehow perform a brute-force attack, you need way more than four alphanumeric characters.


It's not exactly what you want, but one mitigating factor is if you're using FaceID, TouchID, or Apple Watch -- Those things will dramatically reduce the frequency that you're prompted for your password.


This comment is baffling. You say you want Apple to allow the option of a high-entropy passphrase, which they do, but you refuse to use it?


I want to use a low-entropy PIN on my phone, because I enter it dozens of times per day, shoulder-surfing is a concern as big as hacking in many scenarios, and because I trust Apple's hardware to be capable of efficiently limiting local PIN attempts and wiping high-entropy keys if required.

At the same time, I log in to new iOS devices with my Apple ID about once per year. I would love to be able to use a high-entropy key in that scenario. (As a point of reference, WhatsApp allows exactly that for encrypted backups!)

If that's still baffling to you, I'm glad I could introduce you to a very different viewpoint :)


Use FaceID or TouchID, that’s kind of their purpose!


There's still too many situations in which I do end up having to enter my passcode.

Mask unlock isn't perfect, wet hands can throw off Touch ID, and once per day I believe they will just reset and as for the passcode anyway. It's also required for software updates and reboots.

I'm not asking for this to become the default, or even an option given in any setup wizard. Just allow me to set up my own end-to-end encryption recovery passphrase and let me remove all of my device passcodes, i.e. allow me to opt out of HSM-mediated key escrow.


Is your Apple ID password not a sort of "secondary passphrase" as you're wondering? You enter the Apple ID password to download the encrypted data and the low-entropy passcode to decrypt it.

Just make your apple ID password high-entropy.


Not really. The Apple ID password is a regular server-verified password and does not contribute to end-to-end encryption in the cryptographic sense. In other words, it gates access to the end-to-end encrypted data, but not the keys used to encrypt them.

If you trust Apple to never get hacked or hand over your data to any third party, that's perfectly fine, but that is not the scenario that end-to-end encryption is designed to address.


You can use a high entropy passcode for iCloud. You just can’t stay signed in when you’re not using it. I don’t understand the issue here


They want to use it to get signed in but not to stay signed in. It makes sense to me.


How can I select a high-entropy iCloud passcode without also making my phone unlock code high-entropy?



> To change your iCloud passcode: https://support.apple.com/en-us/HT201355

That's only the Apple ID/iCloud/account password, which plays only a minor role in end-to-end encryption.

The phone passcode is the (secret which gates, on Apple's HSMs,) your iCloud encryption key!

https://support.apple.com/guide/security/escrow-security-for...

Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure, as that's what stands between an advanced attacker (that can compromise your 2FA), or somebody able to compromise/apply sufficient pressure to Apple, getting into your iCloud end-to-end encrypted data.


The iCloud recovery key is a 28-character string, not your iPhone PIN: https://support.apple.com/en-us/HT208072. There is no situation that I can think of where a device PIN is of any use off-device.


Recovery keys were part of iCloud Keychain end-to-end encryption when used without "two-factor authentication", which is now a deprecated setup and can't be used with new iCloud accounts anymore:

https://support.apple.com/guide/security/secure-icloud-keych... (describes how both approaches work)

https://support.apple.com/en-us/HT204915 (documents that two-factor authentication is now effectively mandatory, which makes using recovery keys impossible)

The device PIN is now exclusively used (off-device!) for iCloud end-to-end encryption key recovery: https://support.apple.com/guide/security/escrow-security-for...


Thank you for the links. In my case, I have two-factor _and_ a recovery key set up. The Account Recovery icon on Apple ID says "Your device passcodes can be used to recover end-to-end encrypted data. If you forget your passcodes, you'll need a recovery contact or recovery key."

Are you sure it's either/or? Have you gone through the process, and are you sure the PIN is required off-device, rather than ? If that's the case, I do agree that it's not good.

Also I don't quite understand the threat model where a stronger authentication to iCloud allows for weaker data encryption. Considering Apple is usually pretty spot on with these things, this would definitely stick out.


> Got "1234" as a passcode on a long-forgotten family iPad or test iPhone? Better go change it to something secure...

according to the article, I don't think this will be possible because you won't even be able to turn on Advanced Data Protection in this scenario.

"You must also update all your Apple devices to a software version that supports this feature."

Just to get the feature enabled you're going to have to go and "touch" all of the devices you're signed into and either update their OS (and also update their passcode if you're smart) or sign out of them.


Aren't they offering to start securing the account with a physical security key like Yubikey as part of the 2FA?


I admit I still use a 6-digit passcode, but if you're actually serious about protecting your data you should be using an alphanumeric password anyway. Even ignoring the server-side stuff, that single password unlocks most of the data on your phone.


It's much easier to securely limit invalid PIN attempts on a device locally than in the cloud, though. This is the bread and butter of embedded security cores like the secure enclave or Google's Titan M.

Users shouldn't be forced to use high-entropy local passwords just because a service provider insists on reusing them for a completely different purpose.


> As it is, my iPhone unlock PIN is everything that's needed to decrypt the data server-side

That's not quite true. They use a HSM on their datacenters, which only allows a limited amount of guesses. They only allow a limited amount of guesses, before your data is wiped forever[1].

[1] https://blog.cryptographyengineering.com/2021/03/25/whats-in...


Technically, the keys are in the processor's state. You are just trusting that it won't divulge the keys without a correct PIN. You are also trusting the processor is properly secured. And you are trusting that no one would go through the effort to extract the keys physically with scanning probe microscopy or something.


You can set a more complicated password to unlock your iPhone. I know this because I do it.


Sure, but I won't, and neither will many other people, realistically.

There is no technical need at all for the same password to gate both local device unlock and remote end-to-end encryption key escrow.

It's a pure security vs. availability (and realistically genius bar support load) tradeoff, and I even think they nailed it for the vast majority of users! I just wish they'd let advanced users participate in that tradeoff more actively.


This. It seems like for the average person, if you go from not using cloud backups to using cloud backups with their pin, then this is a huge step backwards for security.


On the other hand, for the average person already using unencrypted iCloud backups, it is a considerable step forwards, and arguably managing their own high-entropy recovery key could be a significant burden.

I just really wish they'd made PIN-based HSM escrow the default, but optional (with the "off" switch behind several scary-sounding warnings).


> for the average person already using unencrypted iCloud backups, it is a considerable step forwards

Maybe I'm missing something, but how is having a 6-digit password functionally any different than having no password at all?


For everyone else who was hoping to enable E2EE for backups right away:

> Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.


Unfortunately, it seems that this requires all connected devices to be on the latest OS versions (iOS 16.2, macOS 13.1, etc.), which means you can’t use it as long as you have older devices connected to your Apple ID.

It also doesn’t work for Shared Albums, and for other “Shared” features it requires all participants to have ADP enabled.


It's not particularly surprising that all your devices need to be updated, how else would it work? The whole point of E2E is that the ends are your devices.


Right, but it may be unexpected that a single device can prevent using a new feature on your other devices. This is just a heads up. And conceivably Apple could provide updates for older OS versions, as they sometimes do for security fixes.


This has been the case for other iCloud features and they've historically done a good job communicating this to the user at the time they upgrade the service and when they attempt to access it from an old device. I would expect that to follow the same process here either refusing to enable it until your devices are updated or having the old device kicked out until it's updated.


Yes, they are refusing to enable it if you have older devices signed in to your Apple ID.