Hacker News new | past | comments | ask | show | jobs | submit login
Keeping your data from Apple is harder than expected (aalto.fi)
274 points by late 10 months ago | hide | past | favorite | 230 comments



Apple should provide an option to opt-out of Siri "learn from app" for ALL applications.

At present, this must be done individually for every app, https://www.imore.com/how-stop-siri-learning-how-you-use-app.... When you later install new apps after setting up the device, you have to remember to go into Settings and opt-out again, for every app, forever.

How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?


It would be much better if I could just uninstall Siri. I don't want a voice assistant, and never have.


“Siri” (whatever it has morphed into) is a pervasive DWIM engine in iOS these days. When you do a search for an app Siri decides what to display (e.g. when I go to a certain location with a “smart” lock and pull down search, the app for that lock is always offered first, but never in other locations).

These days the voice part is just a UI mode. I use it on my watch and occasionally on my phone when I am wearing earbuds and my phone is in my pocket, but have it disabled on my Mac.


> DWIM

Thanks, learnt something new! (It stands for Do What I Mean).

Interesting pages:

1: https://en.wikipedia.org/wiki/DWIM 2: https://en.wikipedia.org/wiki/Principle_of_least_astonishmen...


> DWIM

Siri is worse than Cortana in this respect…


"I don't want a voice assistant, and never have."

"It's not the customer's job to know what they want" -- Steve Jobs


I'd be happy to have a voice assistant that was actually smart. Every few months I ask Siri if it's powered by a language model yet. So far it hasn't even been able to understand the question.


Absolutely. One extremely annoying anti-feature is that to use CarPlay you must have Siri enabled.


> It would be much better if I could just uninstall Siri. I don't want a voice assistant, and never have.

I just don't turn it on and so never use it.


Per the article, you are still using "Siri" (non-voice features), even if you never enabled Siri-for-voice: https://news.ycombinator.com/item?id=39928357


Car Play will not enable with Siri turned off (at least in my 2019 Subaru).


Same here. I do think it makes some sense in that case.


I'm also in the situation where I use Siri for nothing, but I want to use CarPlay. I don't use the voice control for anything, in the car or otherwise. How does it make sense to force me to have Siri enabled?


There's a bunch of parts of CarPlay which assume you can use Siri. Interacting with notifications, sending / responding-to messages, searching for things in maps, etc. Apple could disable everything that would kick itself out to a Siri-interaction for input, but that'd probably feel confusingly-broken.


> Car Play will not enable with Siri turned off (at least in my 2019 Subaru).

I drive a 2003 Golf: there is no Car Play.


> Apple should provide an option to opt-out of Siri "learn from app" for ALL applications.

You can.

Use the free Apple Configurator tool to generate a profile that has:

    - "Allow Siri" unchecked
    - "Allow Siri Suggestions" unchecked
Apple Configuratior is great. You can disable all sorts of things, e.g. iCloud access.

If your iPhone is on $org MDM, you can do the same on MDM.


The Apple Configurator is only allowed for a Managed Apple ID.


I was able to use Apple Configurator to put a phone into single app mode with a normal, non-developer ID.

Maybe there is a subset of things you can do?


The app won't even let me get past the login screen


> single-app mode

Isn’t that what “guided access” is for?


No. Guided access doesn’t work well for creating a control panel on a wall. I wanted it to boot into the app with no password.

Guided access is finicky and the failure modes are extremely bad for preventing random people from accessing things they shouldn’t.


> The Apple Configurator is only allowed for a Managed Apple ID.

Huh ? Its available freely via the App Store.

No restrictions whatsoever on who may download and use it.


I downloaded it and it won't let me do anything. When I try to login it says I need a managed Apple ID.


I've been using it for many years now, multiple installations on new macs and I've never seen such a thing.

I can only think it must be something specific to your setup.

Looking at the version I presently have installed, there is an Account menu and it says "sign in...", so I'm clearly not signed in.

Managed Apple ID seems to be some sort of MDM-style thing[1] , I've certainly never done that and no idea how it works ! I have always just used Apple Configurator in plain-vanilla mode.

[1] https://support.apple.com/guide/deployment/managed-apple-ids...


Ah, I understand my confusion now. I was trying to use the iOS version of the app. I'm using the macOS version now with my iPhone connected and it's working. Thanks for the advice! :D


>How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?

Is there more on what Siri "learn from app" actually does? Does it scrape entire screen contents? Or just metadata? Or only what the app developer decides to send?


My understanding is that the "learn from app" setting relates to it watching out for NSUserActivity, which is something the app developer has to explicitly send out. The app developer is motivated to do so because NSUserActivity powers a lot of system-integration features.

https://developer.apple.com/documentation/foundation/nsusera...


Apple can change this silently in the future, as long as it remains compatible with their T&C.


Man I am really starting to hate these big tech companies. Everything they do is designed to be as invasive as possible.


The best solution is to set this as opt-in instead.


And not one with dark patterns where you are asked to opt-in multiple times at inconvenient moments.


Opt-in patterns are only for 3rd party apps, not for Apple themselves. One rules for me, others for thee.


I haven't setup an iPhone in a while, but last time I setup a Mac, it asked me to configure Siri or Skip/Later, etc. That's opt in to me.


From the article:

“The user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that”.


A concern with Siri is it sends your voice data to a server to parse. When Siri is disabled, what data is collected via third party apps? I would imagine any time you use voice as a command in an app the iPhone send the data to a server to parse, even in third party apps. Is that the concern, or is it other data?


"Siri" is not just the voice assistant, Apple also uses that designation for other "intelligent" features, like "Siri Suggestions" [0]. The related personal information is shared across devices via Apple servers. Apple states that any analytics shared with Apple are anonymized [1], but users may still prefer to not share analytics in the first place. However, that can't be opted out globally, it can only be disabled per app [0]. Except maybe by turning off Siri in iCloud [2]? It's not clear. That's the criticism, it's difficult for users to understand what settings are enabling or disabling what exactly. It's quite complicated overall, and difficult to tell what you are and aren't sharing.

[0] https://support.apple.com/guide/iphone/about-siri-suggestion...

[1] https://www.apple.com/legal/privacy/data/en/siri-suggestions...

[2] https://support.apple.com/guide/iphone/tell-siri-about-yours...


[flagged]


Excellent. Then Apple can provide one-click, one-time opt out for all apps, instead of consuming CPU cycles, battery life and hundreds of avoidable and unwanted user actions over the lifetime of a phone.

> It never gets sent to Apple and no other application can read it.

Malware can read it. See the list of Apple iOS Security Updates.

If Apple doesn't receive the data and the user doesn't want the data, let's avoid collecting it.


Then malware can just turn it back on and then read it? You really don't want the malware to begin with I'm thinking.


Perhaps we can go beyond "disable" and have the ability to DELETE all application code related to Siri?

Similar to Microsoft having to separate/unbundle their web browser from their operating system.


that's like saying cars shouldn't have seatbelts, they should be designed to not be in accidents in the first place


It's really not at all. Just stay away from using analogies in public until you have more practice with them.


Users want to be able to search for apps, contacts, mail etc which is why it’s a standard feature of every operating system.

The idea that there is this demand to fully disable it is bizarre to me.

And if you have malware that can access the entire file system then reading a Siri search index is the least of your troubles.


> The idea that there is this demand to fully disable it is bizarre to me.

Apple provides a setting to disable Siri. It does not function as users expect. Either remove the setting and state that users are forced to use Siri, or improve the usability.

> Users want to be able to search for apps, contacts, mail etc which is why it’s a standard feature of every operating system.

Typically an optional feature with one setting to disable it, e.g. people have long disabled Windows Indexing to improve performance and battery life. Or to use a 3rd-party search tool. Why was Siri ("AI") conflated with Spotlight (search) on iOS?

> If you have malware that can access the entire file system then reading a Siri search index is the least of your troubles.

With malware that can access the entire file system, we don't want to provide a gift-wrapped search and user behavior index that has been quietly collected by Apple. Let malware do its own CPU-intensive rummaging through each app, increasing the odds of detection.


I never use this on Android really. If I look for a mail I search within outlook. And in fact emails in outlook don't show up in the global search, I just looked.

Same with contacts in the phone app. If I look for an app I just find the icon in the list because I don't have so many.

A global search is a cool feature for people who don't know where to look but it's not something that everyone would want.


I'm the opposite, universal search for everything. Want to open an app? Pull down and search. Want to find a message someone sent me? Pull down and search. Want to search the web? Pull down and search.

> A global search is a cool feature for people who don't know where to look

Not sure these people exist in enough numbers to justify a mention, or that the feature is primarily used by or useful to these supposed users.


People who know that "never leaves your device" is a not a weak guarantee


What is the purpose of collecting it?


For example when you set a timer each day at 8 pm, this data is used to suggest you a timer shortly before 8 pm. It's a convenience feature.


> that personalised information never leaves your device

Doubt. Show me the source code and prove to me that the binaries currently executing were derived from it. Then I might believe such a claim.


You can just disable Siri if you're that concerned?

Edit: Turns out — you can't! See the reply below.


From the article:

  The user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.


You're right, I somehow missed that paragraph — I swear I read the article before commenting.


Not condoning or anything, but perhaps the thinking is that, if the user can re-enabling siri at a later date, they don't want siri to start with no memory?


Why would you think that?

If I enable some personal assistant at some point in time, I absolutely do expect it to start with no memory.


If/when a user actively consents to "learn from app", it's no different than setting up a new device, e.g. mail downloaded from IMAP server, data transferred from old device, or from cloud services.

Now imagining a EULA for Helpful Pre-Stalking..


The problem is that 'Siri' is a pretty ill-defined term that Apple sprinkles onto a bunch of unrelated features if they have anything that sort of looks like 'learning' if you squint hard enough.


It’s so strange they do that, given that Siri doesn’t have good rep!


> You can just disable Siri if you're that concerned?

Apple fights you from disabling Siri as much as they can. I've tried to disable Siri multiple times, but it turns off other unrelated features/services, so it's basically impossible.

For example, if you're using CarPlay, it's required that Siri is enabled, even if you don't use the voice controls.


I remain shocked anyone trusts Meta, Google, or Apple marketing on privacy.

These companies are all fundamentally similar in that their proprietary software collects an insane amount of data that will end up in the hands of your enemies either by sale, court order, or security compromise.

It is relatively easy to opt out of all of these companies and take some actual control over your privacy.


They are fundamentally different in that two of them derive revenue solely* from exploiting your data, and one of them doesn't.

* by-and-large


They became as successful as they are by collecting massive amounts of data to learn to effectively psychologically manipulate people into buying their products, convincing them they are the most secure, fastest, most private option that will make people like them more for using.

Apple is above all else a data driven marketing and advertising firm just like Google and Meta. They are profitable because they are effective at using data to change user purchasing behavior.


Wild to assert that Steve “I never rely on marketing research” Jobs was successfully only because he did better market research than his competitors.


The other one derives revenue from keeping users captive, so they can't turn off data collection even if they wanted to.


it seems Apple's hardware revenue have started to plateau, and their services revenue is in jeopardy with the new EU changes to the App Store

it wouldn't surprise me if Apple started ramping up their data revenue in the near future to compensate


> and their services revenue is in jeopardy with the new EU changes to the App Store

the services revenue is at an all time high and keeps climbing:

https://www.statista.com/chart/amp/14629/apple-services-reve...

re. app store, the EU market represents just 7% of their worldwide app store revenues, most probably due to the fact the EU market is 65% android:

https://techcrunch.com/2024/02/01/apple-says-eu-represents-7...

https://www.statista.com/statistics/639928/market-share-mobi....


I was considering less how their revenue is now and more how it will be when the EU regulations hit and they lose the guaranteed 30/15% cut on all iOS apps

I know the US govt is hitting them with a similar anti-trust lawsuit, so it might happen over there too

If Apple lose their walled garden, and the 30/15% cut with it, both in EU and US, I think that could be a massive problem for them

Whether or not that will actually happen, or if Apple will find a way to compensate for the lost revenue, I don't know. I wouldn't be surprised if it was causing big discussions inside the company though, and I wouldn't be surprised if people become more bearish on Apple until they show they've found a solution


> Apple lose their walled garden, and the 30/15% cut with it

This could be fantasy talking. How does the walled garden around Steam affect their 30% cut? Oh, there is no wall, and it's... 30%.

So wait, if non-walled-garden stores cost 30% in an open market -- are we sure this is going to work out getting to use the world's most valuable app store shelf space for free?

It doesn't work that way at Walmart...


> This could be fantasy talking. How does the walled garden around Steam affect their 30% cut? Oh, there is no wall, and it's... 30%.

Steam isn't both the OS manufacturer and the sole vendor of games on PC, unlike Apple and iOS

I can release a game for PC or macOS and never pay Steam or Apple a dime, can't say the same for iOS


A better comparison is the (derelict) Mac App Store. Apple still continues to charge their 30%, and their most professional developers and customers continue to avoid their store. Adobe doesn't sell full-fat Photoshop through Apple's storefront, Avid doesn't bother with it for Pro Tools, Ableton, Bitwig, Sony, U-HE, Sonar, Spectrasonics, and even Panic don't fully commit to Apple's offerings. Nevermind the fact that ubiquitous components of modern professional software development (git, bash, grep, make, the lot) isn't even allowed to be distributed under their own terms on the App Store. If nothing changes, Apple will become Lord of the Flies.

If Apple wants to be Steam, let them play Steam's game and see how far their philosophy takes them.


if only they put macOS on the iPhone, this would all be avoided


Which one is the third one? All three operate advertising networks with significant revenue and run massive data collection services (e.g. find device networks, ad networks, personal health data collection, etc.)


Apple’s PR team is remarkable. They get away with nearly everything


I know it's crazy but I trust Apple a lot more than I would Google or Meta when it comes to my data.


Snowden revealed the PRISM program which shows that the US government works with Apple, Google, Facebook, Microsoft etc to surveil the public.


I don’t expect to be able to have privacy in the face of a state actor.

I just want the company to keep my data private from other commercial players. Like don’t sell all my data to anyone who asks or use it to create an invasive model to then advertise/manipulate me.

I think it is reasonable to say that Apple is better on that front than Meta or Google.


No, the PRISM program shows they surveil specific foreigners living outside the US with a court order.


Most of the world are foreigners living outside the US.


Yeah, I don't fully trust Apple, just more than Google and Meta. I would expect the government can get information from just about any company if they really want it.


There's no suggestion that I can see that Apple collects this for marketing. It's collected on-device for suggestions. The exceptions are adverts in the App Store and News


What is the easiest way to get comparable smartphone experience with some actual control over your privacy?


There is no comparable option.

I have not carried a phone in 3+ years. In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.

Major mental health wins from being offline when you are away from your desk too.


>In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.

Right? This is completely anecdotal, but I've occasionally seen people lament, "You have to bank, as well as manage health and travel stuff on your phone". My follow up is always, "What can I do with those apps on my phone that I can't do via a laptop or desktop?" I am typically met with silence.

Seriously - beyond SMS 2FA, there's nothing I can do on my phone that I can't do on my desktop, and I sure as hell don't need to have constant access to all of that when I'm out and about.


I would say to get an android phone and flash Graphene OS (Pixel phones) on it.


Practically any Android phone from a reputable vendor. The default apps might share more data than you might like, but it does give you actual control to turn that off. You don't have to send your location to anybody any time an app requests it like iPhones send your location to Apple. You don't have to tell anyone you installed an app like iPhones tell Apple.


Your choices are very limited, but you can get an android phone supported by LineageOS or other alternative roms.


I have tried, a long time ago, LineageOS on Samsung Galaxy S3 and S4. The both of the ports were so buggy, that by those experiences I could not trust the maintainers to be capable of securing the system. It may have been a false assumption, but I had to think stability/bugs and security must correlate at some levels.


Actually if you link popular software with a hardened memory allocator, apps will just crash a lot instead of allowing buffer overflows that are shockingly common.

YOLO mallocs most operating systems ship allow an application to -feel- faster and more stable at the expense of security.

If you want software to be stable in a strict malloc environment, write it in rust :)

To be fair though, LineageOS security is actually terrible. Do not use it. If you must have an Android device CalyxOS is the least bad option today.


For privacy-conscious people, the authors certainly picked an outlet with plenty of cookies and trackers - this is what the popup shows me when I pick "customise":

    17 necessary cookies
    7 functional 
    34 statistics
    49 marketing
    10 unclassified
This kind of thing makes the article seem... ridiculous, really. Their site is much worse at privacy than Apple.


The authors appear to be associated the university which hosts the site. I doubt they are responsible for the engineering decisions behind the site, or that they "picked the outlet" per se. Authors tend not to have carte blanche control over the platforms on which they publish.

I don't know why you would judge the content of the article based on that, rather than its own merits, particularly given that the subject of the article isn't the security of web pages or cookies. If anything, what the article does discuss has far more egregious security implications than website cookies.


The article also has a number of incorrect assumptions regarding how Siri works and what kind of data Apple collects. They do not mention Apple's differential privacy approach, for instance, nor do they seem aware of many iOS improvements in that regard over the past few years. So I don't really consider it a thoroughly researched piece...


This is the criticism you should have posted originally, instead of considering the article ridiculous because it was hosted on a site that used cookies.


All sites use cookies. Not all of them use an entire bakery's worth.


And yet that isn't at all relevant to the content of the article, and pointing it out isn't a valid criticism of the article.


At least they have a "Reject all" button, easy to access (it should be the norm). Not some dodgy dark pattern that takes a good minute to find.


I think that's just GDPR?

> The requirement to offer a 'Reject All' button next to an 'Accept All' button follows indirectly from the consent requirements in the GDPR; consent must be as easy to revoke as it is to give.

https://www.dataguidance.com/opinion/eu-cookie-banners-and-u...


I feel like you might want to consider the scale of data collection involved here purely from the perspective of Apple being one of the largest companies in the world, and this being a medium-sized university in Finland.


Heh, don't like some aspect of society, kiddo? Well you have no right to criticize it - you're IN a society!


Not their fault to be fair. Blame management of Aalto University.


Who is "management?" The author of the article is listed as the university's communications manager so they wouldn't be totally without a voice in these decisions.


It can get quite high in the chain. This is a financial decision - extract value (money) with the cost of other values (principles) and users' privacy.


If you're using cookie-count to determine the degree of invasiveness, you're missing the fact that Apple has exclusive root access to your phone.


Come on, no one is running all their private data through the website. But I do agree that the web should not be browsed without ublock as is at the moment - there's something fundamentally wrong with the current approach


Sorry, but that's a fallacy:

https://en.wikipedia.org/wiki/Tu_quoque


That article explains what it is, but doesn't explain why it is wrong.

If you're arguing for more privacy but you're participating in removing privacy, why isn't that hypocritical and makes the argument for privacy weaker from that person?

I agree that it's off-topic to the discussion as a whole, for this particular submission, as it doesn't argue against the content of the article but rather talks about how the content is hosted.


It does not make the argument weaker, that's the point. To think otherwise is a fallacy.

If someone writes that it is healthier to stop smoking, but then someone finds out that the author is a heavy smoker, does that make smoking somehow ok?


The point is that there are so many commentators who assert that Apple is great on privacy issues, so that many people (including me) automatically believed that buying (expensive) Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS. Attacking the article/website for have cookies, is a distraction from the actual point.

And anyway if you want to see tracking cookies with a browse you only have to use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux). Easy. It is much more difficult to see if you are being tracked and what data is being tracked and how it is being used on your mac or iphone.


I am as concerned about security as I am about privacy, and Apple has the best track record for long-lived devices that are still receiving security updates.

As for privacy I don't know any major vendor that is privacy-focused. Not only is it a hard technical problem to solve, it's also leaving money on the table. I don't see things changing any time soon.


> Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS.

Where does it do that? It explicitly doesn’t compare Apple’s products with other products:

“Lindqvist can’t comment directly on how Google's Android works in similar respects, as no one has yet done a similar mapping of its apps.”

Also, IMO the post is flame-bait in saying “Keeping your data from Apple is harder than expected”. AFAICT, the paper (https://acris.aalto.fi/ws/portalfiles/portal/141787684/Priva...) is not about Apple breaking privacy at all; it solely is about the difficulty of the UI for various privacy settings and of user understanding of what settings do.

They don’t claim, for example, that Apple makes these settings so convoluted to confuse or wear down users so that they close down less stuff (they may or may not, but the paper doesn’t discuss it)


This article is highly misleading, making it sound like Siri is collecting data from apps and sending it to Apple. This is not the case, Siri Suggestions are fully on-device, though they can sync accross devices with mandatory E2EE. Apple never gets access to any of this data.


Apple can remotely execute code on any internet connected device running an proprietary Apple operating system.

It is only a matter of time before courts realize this.

The CCP controls the Apple software signing HSMs in China for a reason.


But if this is your threat model - that you have no trust of the operating system or the vendor - then all of this is pointless because at any time they can just backdoor themselves. Apple could just never ask or collect this, but still they're one update away from starting to collect it.

Of course that's always a threat with any computer, but you must place some amount of trust somewhere.


If Apple did not collect the data today, then a court order in the future will not allow them to collect data that was not stored today.

Personally I only use reproducibly built FOSS software and I isolate most of my hardware and workloads from each other with virtual machines via QubesOS.

Proprietary software is not at all required to be well integrated into modern society.


> from starting to collect it.

So even then they would have no data before that point!


  you must place some amount of trust somewhere.
Using something and trusting it are different things.


[flagged]


Apple operating systems automatically apply patches to devices for critical security updates so long as those patches are signed by a cryptographic private key held by Apple. That is in fact an RCE system that already exists.

There also exist humans that have access to those private keys, and those humans can be controlled by money, court orders, or violence.

In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.

How long before US politicians start demanding the same?

Or maybe they just make a security mistake. Maybe a state actor performs a side channel attack on the known vulnerable Apple Silicon that powers their HSMs.

SPOFs always tend to fail.


> In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.

I've never heard about China having special iOS releases signed by different keys. Fairly sure all devices across the world get the same exact OS builds, but would be curious to read more about this if you have any sources?


You cannot really use that as argument. Everyone does that so it does not make Apple ”worse”.

Same applies almost every Linux distribution since their builds are not reproducible.

It is just a matter of who you want to trust. Eventually you need to trust someone.


Not everyone does this

My core area of research is supply chain attacks, and I run a company where we regularly train high risk organizations how to remove trust from any single human or system in critical areas of their stack like key management, CI/CD, etc. Many of our clients are fintech companies where trusting a single person, even a system administrator, would seriously endanger them.

Meanwhile Apple sysadmins still manage most of their infra with centrally controlled Puppet nodes last I heard.

Speaking of Linux distros, I created a 100% reproducible and full-source-bootstrapped Linux distro where every package is signed and reproduced by multiple people to avoid having to trust any single human, including me.

https://codeberg.org/stagex/stagex

Guix comes close to this mark too, so we are hardly the only viable option in town.

There are always alternatives to centralizing trust and you do not need to have an Apple-sized budget to afford them.


  Eventually you need to trust someone.
There are plenty of things I use but don't trust.


So you zero evidence that (a) Apple has deliberately put backdoors or that (b) CCP has access to iOS source code.


Siri suggestions might more accurately be termed "Springboard suggestions". From what I recall, it essentially works as a fuzzy matcher for suggesting applications to launch in similar contexts (time window, previous app used, etc.). It's like a smart history feature, and no, I don't think it ever leaves the device at all or even syncs via iCloud, since I have completely different suggestions across my iPhone and two iPads.


This is a weird flowchart, calling things out weirdly, like “Touch ID or FacelD are stored locally and cannot be accessed by the operating system or applications.” as if that's a negative?

Since they call it out in the article as well, I really want to understand the "fragility of the privacy protections" on TouchID.


That's a great callout. TouchID data never leaves the Secure Enclave, so wondering about privacy implications of that is just ridiculous.


I go through this annoying oscillating struggle every time I read news like this:

1. Realise the Apple hard- and software I'm using sucks privacy wise

2. Compare open source alternatives, maybe switch (I have an iPhone and a Fairphone 4 with /e/OS, also a MacBook and a homebrew Linux PC) with a file- and photo export through my NAS.

3. Use the FOSS ecosystem for a bit, be annoyed at some jank, slowly realise that while unquestionably better privacy wise, it's not necessarily better security wise.

4. Miss real life document management (I scan files, apply OCR). MacOS/Spotlight makes it possible to treat my collection as a database rather than a file cabinet that way, Continuity makes it easy to scan.

5. Switch back, rinse and repeat.

I'm driving myself insane. It's always either feeling great about my privacy and sacrifice convenience (I mean, FOSS can probably host that same workflow, it's just that it's a lot more work up front and I'm the one responsible if it breaks) or feeling great about how my stuff works but feeling creeped out about being spied on.


> Content blocker prevented frame displaying https://www.aalto.fi/en/news/keeping-your-data-from-apple-is... from loading a resource from https://www.aalto.fi/modules/contrib/google_tag/js/gtm.js?[...]

Sigh. People who live in glass houses, etc.


I’m confused by the diagram. A and B appear to be early in the process but looking more carefully they’re actually pointing to steps 11 and 12. Seems a little misleading at first glance.


Always wanted the option to disable network access for an app. The lack of this made me suspect that Apple had too much to lose (in harvesting data) to allow this.


Android has this in the app manifest, but of course Google doesn't expose this to users

Are they're any ROMs that do?


GrapheneOS does

Every app you install with Play Store pops up and asks if you want to grant it networking. It's cool


I used to be able to on ArrowOS, LineageOS and I think on MIUI. Its been a few years since I gave up on custom roms though, so it may no longer be the case.


On Android it is typically done with a firewall app, like AFWall+


Little Snitch is the best I found although not perfect. (Apps can trivially bypass filtering)


iOS has a "Local Network" Setting for some apps, e.g. VLC, PhotoSync.


That's for apps that request the additional ability to poke about in the local network to look for e.g streaming devices or other devices to control


It's only harder than expected if youre one of those who believed them when they say that they value privacy.

Otherwise it's not surprising at all.


"Lindqvist can’t comment directly on how Google's Android works in similar respects"

Of course he can't, because its easier to jump on the Apple bashing bandwagon.

I suspect if you did a side-by-side comparison, we all know where Android would fall on the privacy spectrum.

Give me Apple over Google any day of the week.

I expected better from Lindqvist than take part in a biased article like that.


Or how about we stop excusing megacorps altogether and stomp them both down? This isn't a football team type of competition, its 2 megacorporations that don't give a shit about you and they both deserve to be strangled into submission so that their whole business model doesn't hinge on mass surveillance.


It has already been done[1] and the conclusion is that Apple is not much/no better than Google. When it comes to user data I do believe that Apple is better due to Google’s revenue being from advertisements. Yet Apple has begun exploring this space and at that point I consider them as bad as each other.

[1] https://www.scss.tcd.ie/doug.leith/apple_google.pdf


Someone can be the best at something and still need improvement. Just look at Apple every year working to improve security.

Rather than just assume everything is fine, it's important to call out deficiencies. Especially when someone is seen as the best at something.

Being the best doesn't mean you are good. It just means everyone else is worse.


An article on Android security would both be much longer and have much less media attention.


I don't think Apple's UX for enabling privacy is half as confusing as that "diagram" in the article.


Try and have little snitch running without the default suggestion to whitelist Apple services. It's mind-blowing.



If I remember correctly, segregating Apple devices from other devices via subnetting or otherwise causes them to incessantly ping Apple servers and cause issues on network/device.


Is the whole point of all this data collection nonsense really just to serve me irrelevant ads I never click? What are they doing with all this worthless information?

I downloaded a shitty freemium mobile game once and now 80% of my Instagram ads have been ads for shitty mobile games for more than a year. Is this really the best the 500k+ a year ad magicians at Meta came up with? Is this what gives Meta its trillion market cap? Just like Amazon serving me ads for washing machines, right after I bought one. And Google Maps promoting shitty restaurants and services I don't want to go to. Is this the cake apple wants a share of?

I can't wrap my head around data collection.


> Amazon serving me ads for washing machines, right after I bought one

Counterintuitive, but there’s a chance that the one you bought didn’t work out - and that’s high enough to make you much more likely than the general population to buy a washing machine.

Consider: in the past 20 years there have been about two weeks (total) where an ad for a washing machine could be relevant. That’s about 0.2% of the time. If the RMA rate for new appliances is higher than .2%, that’s a useful bit of targeting information.


I don't buy this; because it always happens when I've bought something from them, not from elsewhere.

Amazon knows if the one I bought worked out or not because I RMAd it or didn't; yet, every time I buy something, I'm inundated with suggestions for the same thing until I've searched or bought a sufficient number of other things, to replace them, and the cycle begins again.

Don't get me wrong, they have some fairly decent suggestions based on the things I browse and purchase, or browse and didn't purchase, but showing me dozens of things like the thing I just bought is hilarious.


People often research replacements before they return an item.

To imagine that Amazon hasn't data scienced this out, to completion, is absurd.


Isn't it more the case that services like Google etc collect data about you and put you under certain categories/tags. Then the company buying an ad selects the categories and tags they wish their ad to be shown to?

In other words, the company paying for the ad wants you to see the ad. For some reason they think you might buy the product. Why would Google tell them "no" if they're offering money for that?


I feel the same. I think they realise it, but for the lack of better ideas, this is what shareholders want. It's like "we have to collect data, because everyone does it, and use it for anything"


To you they are irrelevant ads you never click.

To millions of small business they are the only viable way to reach their customers.

As tech focussed people we often ignore this or play it down. Facebook (as it’s the most used example) being blocked in a country or region (EU for example) would be devastating thousands/tens of thousands of businesses.

The usual reply is “those businesses shouldn’t be so reliant Facebook etc” which misses the point that these business only have a viable route to market thanks to these platforms.

Some of the most useful things I have bought have been thanks to “shitty Facebook and Instagram ads” including home gym equipment I use daily, DIY and wood working products, kitchen utensils, etc


> Facebook (as it’s the most used example) being blocked in a country or region (EU for example) would be devastating thousands/tens of thousands of businesses.

You've stated this as a fact but small businesses thrived before Facebook, so I think it's fair to assume they'll thrive after Facebook is long gone, absent other evidence.

The only type of business I genuinely see suffering are those who advertise crap dropshipped from Alibaba that nobody is looking for organically, sold at 2000% markups, and that would be a good riddance.


> You've stated this as a fact but small businesses thrived before Facebook, so I think it's fair to assume they'll thrive after Facebook is long gone, absent other evidence.

The unit economics have totally changed though as there are many more businesses that exist now that simply could not have done in the old model.

The previous company I started was a direct to consumer UK heating product. In the old world we would have had to go through big shed retailers and lost 50-60% margin with 90 to 180 day payment terms and would have had to stock all of their stores from day one. The expense would have stopped that business from ever being started.

With digital platform advertising we could specifically reach our target demographic, loose only 20% margin to customer acquisition and postage costs (so afford to start with smaller manufacturing runs), get paid the day we sold the unit so cash flow positive, hold much less stock and order from our suppliers in response to demand and run our own just in time factory.

The business was much smaller that it would have had to be in the previous world, much less risky and, frankly, only viable thanks to very targeted advertising that allowed us to tell our potential customers about our product when they most needed it.

In this kind of discussion people seem to assume the product spectrum is binary. It's either useful and so would thrive regardless of advertising or useless tat that only exists thanks to digital platform marketing.

That just isn't the case, sure - those ends of the spectrum exist but there is a vast array of businesses in the middle that could not have existing in the old world and aren't useless drop shipped tat.


It's going to sound harsh, but if a business is solely reliant on a single partner to not get fucked over, then that business has a far greater issue and it's failure will be entirely on them.

Putting your eggs in one basket is never a good idea.

That aside, in practice the main people who benefit from GAFAM ads are Alibaba/AliExpress dropship sellers in my experience. Just take a generic piece of product, slap your own label on it and that's a new listing. Had to buy a PC keyboard recently and the search results are just littered with that crap. I don't think you'll find many people shed tears for that crap going bankrupt, it just clogs out actual legit small businesses.


> but if a business is solely reliant on a single partner to not get fucked over, then that business has a far greater issue and it's failure will be entirely on them.

You're totally right but that's the reality for many small businesses. One big route to market props up the whole business.

> are Alibaba/AliExpress dropship sellers in my experience

Possibly making an unfair assumption but I suspect your experience is quite limited then. I know many very legit web first businesses with great products, developed in house or a proper license importers of great products who rely extensively on the GAFAM ad complex.


> To millions of small business...

In this day and age this should be read as "To millions of dropship vendors". And no, I don't want to see their scammy ads either.

I find local small businesses through Reddit or google maps. Never have I encountered an ad for one in the wild.


>I can't wrap my head around data collection.

After Microsoft bought Skype, they changed it from p2p to centralized, so all calls were routed through NSA PRISM. This also had the result of making calls laggier and worse quality.

I think there might be a bit of that sort of thing going on in other places too.


I just have to ask--what evidence do you have of that, and do you understand how SIP works?


Looked into the Snowden files a while back. 80% sure that part wasn't a dream ;)

Edit: Extraordinary claims require ... 30 seconds of Googling, apparently:

https://en.m.wikipedia.org/wiki/Skype_protocol#Peer-to-peer_...


You are getting Instagram ads for shitty freemium mobile games because everyone else does. This isn’t shitty targeting, it’s just bottom of the barrel spray and pray advertising. There’s a reason that Apple is addicted to the revenue from casino games: there’s a lot of it out there.


Yep, I would wager that you have probably opted out from as much profiling as possible. Which means you are served the stuff which targets "everyone", i.e. the people for which they have no profile or can't use it for targeting. And currently that category (on mobile) is casino-games.

It's like if you open YouTube in incognito. It will show you whatever clickbait is most likely to catch an "average" YouTube-user from your country. It's wildly different from what you are seeing signed-in.



Remember that this too ships a huge number of privileged binary blobs and kernel modules from companies like Qualcomm and Google in the vendor partition.

Whoever compiles these binary blobs, and the OS images themselves, and anyone capable of coercing them, has god access to your device.

I suggest getting to know someone before giving them that much power over your life.


Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.


It is wild but not entirely for the reasons someone might think.

I think everyone knows that a good part of the Apple app ecosystem relies on syncing data. I don't think anyone is surprised that a daemon is syncing your photos between your devices/cloud. Add podcasts, ePubs, etc. and you're going to have a busy network on your device. It's a reason in fact I use the cloud, sign in with my Apple ID. I can lose my machine but not my documents.

Maybe the thing that is more along the lines of what you're suggesting though is the network traffic that is seemingly less useful to the user (but useful to Apple). Various frameworks have appeared on the OS that allow apps to share analytics (pretty sure though these are the analytics that you are asked if you want to opt out of on an install/setup).

But because it has become so easy to do (in part because there is a framework to handle it, but also just the ubiquity of the presence of a network) lots of, I think, dumb data is collected to no doubt satisfy management/design as to whether some feature of an app is being used or is not being discovered.

The ubiquity as I say has made it too darn tempting for all parties (Apple and 3rd) to become lazy about how their apps are being used and to become too data hungry themselves.

I had someone recently ask me how I get feedback from my blog posts since there is no comment section, no analytics .... they wondered why I bother blogging at all.


You should look at developer tools on a website. It makes all these web requests! It's pretty wild!


> Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.

You can also see this just by running an iOS simulator with Xcode on a Mac that has Little Snitch installed. The amount of phoning home by iOS (and macOS, for that matter) is shocking.


What is even more shocking is running an Android simulator in the same context. Literally dozens of Little Snitch prompts before the OS even boots to the lock screen. Not defending Apple here, but when I was developing a mobile app in both Xcode and Android Studio I noticed a marked difference in the amounts of phoning home.


Little Snitch could use a 1-click on/off ruleset for blocking all Apple network connections (17.x.x.x) except for the published whitelist of Apple notification servers. That would block most of the real-time phoning home. The block could be disabled manually for security updates. If notifications aren't needed, block all of 17.


I saw this idea implemented in the book "Extreme privacy: macOS devices". The author also provides importable profiles that you can switch between, e.g. to enable/disable security updates. I haven't tried them yet, but I am now more motivated to do so.


Does that include things like communicating with Apple APNS? If so then I'm not surprised at all.


You can actually see the domains being contacted in the app privacy report. I’m not sure if it includes the OS level connections, but it includes for all apps, including Apple apps.


okay, so where are the steps?


Don't purchase the surveillance device.


And get locked out of 80% of modern life :(


If what you're 'locked out of' is considered 'modern life' that'd make me a Luddite. You can have your 'modern life' and do with it what you want, I'll keep to my ways (where Apple et al fear to tread).


That is the government's aim yes. They want you to carry a spy device so they will encourage any carrot or stick. Carrots being "look at this shiny thing" or have some dopamine". Sticks being no parking, no banking, no menus, and more.


That is just not true.

I have not carried a phone or an Google/Apple controlled device in 3+ years and exclusively use FOSS on a personal basis.

I live in Silicon Valley, run a b2b tech company, have a huge group of local friends, and have never been excluded from anything I wanted in my life for not having a phone.

Paper menus are available if you ask, sms can be converted to VoIP, you do not need Genie Plus to navigate Disney, there is always a way to pay with cash (or cash purchases gift card), paper tickets still work fine everywhere, your bank actually cannot force you to use an app, and internet comments and notifications can wait until you are back home at your desk.

Sure, it is a bit like having a dietary restriction, but it is not the life fulfillment blocker everyone makes you think it is.


Do you have to select car parks based on ones that don't require an app? More and more near me require an app to pay for parking.


Typically you can use a webapp or find a paystation where you can use cash or a prepaid credit card.

If there are really no humans at all I would just park further or sometimes just park anyway and risk 1/3 chance I get a $20 ticket once in a while I can then pay online without an app. Sometimes paying occasional tickets instead of using the app can actually save you money.


> risk 1/3 chance I get a $20 ticket

They don't clamp where you are?

Here in Europe you will usually get clamped and have to wait for them to come out to release it and pay a 100 euro fine.


Not for private lots of the type that require apps.

City parking they clamp, but those have appless payment always.


Hmm here in Spain it's more difficult. Nobody uses SMS here (nor iMessage), it's all WhatsApp and Telegram. And most banks do force an app here (for 2FA payments for example). Tickets can go on paper yeah, though some restaurants I visit don't do paper menus (especially the asian ones).

Also some stuff for work is mobile-only. We have a stupid 2FA system that only works with a mobile app (the company gives us a phone but it does mean being tracked), and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).

Cash is still common here yeah though I don't like dealing with it. I wish there was a mobile payment method that didn't rely on Apple or Google.


> Whatsapp/iMessage

Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.

> Tickets can go on paper yeah, though some restaurants I visit don't do paper menus (especially the asian ones).

Many have said this to me initially, until I insist I do not own a cell phone. Then they always find a way to produce a tablet for me, or hastily print a screenshot from a phone, or find an old paper menu and cross out some old prices. When I go back to those restaurants later they sometimes have paper menus more readily available, because they were embarrassed the first time for being unable to accommodate a paying customer.

After all, even people who do have phones, end up with dead batteries. People with dead phone batteries need to eat too

> Also some stuff for work is mobile-only. We have a stupid 2FA system that only works with a mobile app (the company gives us a phone but it does mean being tracked), and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).

Almost nothing is truly mobile only. You can run Android applications on QubesOS in a pinch, but more generally I find most 2FA apps actually use TOTP or FIDO under the hood, and can be replaced with open alternatives with a bit of research.

> and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).

I have never seen one of these that does not have a webapp alternative. If they really don't have one, run their app in a VM and sniff the request traffic. Then you can make a simple shell script or webapp to book those desks for you. Open source it to annoy the company into producing their own. Done this sort of thing many times.

> Cash is still common here yeah though I don't like dealing with it. I wish there was a mobile payment method that didn't rely on Apple or Google.

In most countries instead of trying to flag down wait staff to take your card, then wait for them to come back, you can just drop cash on the table and leave at any time. I have not been to Spain specifically though.

Thing is, everything you buy with Google Apple Visa or Mastercard is logged. Everything you buy at the pharmacy is cross referenced from the cash register software and your credit card purchase then sold to insurance companies, etc etc.

Every time you use cash, you are making a small vote against those types of organizations having any more power over the public. Cash can be an annoyance, but it helps take power away from entities who will absolutely use your data to harm people for profit.


>Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.

I do this. It's great for protecting your location data and select meta-data, but the contents of your conversation are just as vulnerable as ever because the other party might still be using native apps.


> Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.

Correct, and I do exactly this. But WhatsApp requires a mobile device. It can work without the device turned on, but after a few weeks it will stop working. So you still need to have a phone though you don't need to bring it with you.

iMessage and SMS is totally not a thing at all here. But Telegram is (which doesn't require the mobile app luckily, in fact I really like Telegram despite the lack of end 2 end encryption in regular chats). They allow alternative clients, bots, and their paid plans are cheap enough and offer some features that are genuinely cool and useful. I use it most of the time with local people here instead of whatsapp, I only use that with the few people that don't have telegram.

I'm just mentioning this because in the US telegram appears to have a bad rep somehow. But to me it's one of the services that's the least trying to enshittify. Even Signal I don't use because it's just not terribly useful the way they implemented it.

> Almost nothing is truly mobile only. You can run Android applications on QubesOS in a pinch, but more generally I find most 2FA apps actually use TOTP or FIDO under the hood, and can be replaced with open alternatives with a bit of research.

That won't work. My work requires MDM management of the mobile device for accessing work stuff. And the 2FA app is unfortunately not TOTP or FIDO.

And I agree with you on the cash part yes.


> I live in Silicon Valley, run a b2b tech company ... I have not carried a phone or an Google/Apple controlled device in 3+ years and exclusively use FOSS on a personal basis.

Y'know, a regular salt-of-the-earth type guy


My point was if someone about as technically connected as one can be is capable of thriving without a phone, basically anyone can.


It's interesting you think your technical savvy is correlated with necessity.


I do not think it is, but most who argue they -need- smartphones to survive seem to think so.


I think the inside of your bubble must be polished to a mirror finish.


I grew up on the road often getting food from food stamps and food pantries, been working since 10, had to fend for myself since 17, spent years surfing couches and sleeping in cars, and learned engineering skills while working retail, pc repair, coding gigs, street entertainment, day labor, trucking, and telemarketing.

I am accustomed to life without a smartphone because I could not afford one until my mid 20s and only had a laptop because of a $200 Black Friday sale I waited in line 3 days for.

Keep making assumptions about others though.



What I never understand is how engineers working at Apple think about the product they make. Can they love a device that shares data with their employer and advertisers?


The saddest part is that Apple devices could be even better with more transparency. Apple wants to scrape all data from all apps by default? Fine, put a master on/off switch on the feature. Then expose the collected data to the user for export, so they can evaluate (or create!) utility. Let authorized apps access the data, but only in a non-networked sandbox, like 3rd-party keyboards. Don't silently scrape data into an undocumented target for attackers.


I reckon about 1 in every 50 people I've ever worked for actually gives a shit past getting paid. That's probably where the problem lies.


If you care, either you change mind as you might lose your cushy job, or end up losing your cushy job.

If you don't care then it's all good.


Engineers go to Apple because they want the challenge of building complex features while minimizing the data that Apple and advertisers get. The article itself notes how many features keep data on the device only, or only sync data between devices via end-to-end encryption (in which case Apple does handle the data but cannot read it).


> It’s not possible to be sure based on public documents, but Lindqvist says it’s possible to conclude that the data will be used to train the artificial intelligence system behind Siri and to provide personalised user experiences, among other things.

What made you think it is shared with advertisers?


It's not shared with anybody, not even Apple. The article conveniently conflates "Apple" with "the operating system that Apple provides" for a clickbaity article.

Everything is local only, except:

- when opted in to send diagnostics and performance analytics (to Apple for first party apps and OS, to app developers for third party apps):

> None of the collected information identifies you personally. Personal data is not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.

> If you agree to send Analytics information to Apple from multiple devices that use the same iCloud account, we may correlate some usage data about Apple apps across those devices by syncing using end-to-end encryption. We do this in a manner that does not identify you to Apple.

- when searching for or suggesting information that's on the web, but none of it is ever linked to the user in any way:

> When you use Siri Suggestions, Look Up and Visual Look Up, when you type in Search, Safari search and #images search in Messages, or when you invoke Spotlight, limited information will be sent to Apple to provide up-to-date suggestions. Any information sent to Apple does not identify you, and is associated with a 15-minute random, rotating, device-generated identifier. This information may include location, topics of interest (for example, cooking or football), your search queries, including visual search queries, contextual information related to your search queries, suggestions you have selected, apps you use, and related device usage data. This information does not include search results that show files or content on your device. If you subscribe to music or video subscription services, the names of these services and the type of subscription may be sent to Apple. Your account name, number and password will not be sent to Apple.

> This information is used to process your request and provide more relevant suggestions and search results, and is not linked to your Apple ID, email address or other data Apple may have from your use of other Apple services.

> Aggregated information may be used to improve other Apple products and services. Common search queries may be shared with a web search engine to improve search results.

(emphasis mine)

One could argue that there's enough bits of data to deanonymise after the fact, but differential privacy should prevent that to a large extent.

There are also toggles to disable all of that, with possible improvements to usability:

- Some onboarding opt-in/out questions could definitely be improved (e.g the "Ask Siri" onboarding question should either cover all of Siri-the-voice-assistant, Siri-but-actually-Spotlight and Siri-the-suggestion-assistant-that-hints-at-actions-based-on-content-and-behaviour, or be split in three).

- Some grand-master "disallow the OS to see ANYTHING" switch seems to be requested by the most ardent "privacy minded" crowd. I'd argue that at this stage it's more about "privacy paranoid" and/or "security minded" (which I can very much be sympathetic to), because it's not a matter of privacy here since none of the above is privacy challenging: Apple itself does not see anyone's data, and the few search queries it can is entirely unlinked to anyone's id. But then again if you don't trust the locally-processing OS made by Apple (which is going to have access to data anyway because it handles the filesystem and app processes) then I have a surprise: the CPU made by Apple is seeing your data as well.


No engineers at FAANG companies get to think, they do what the board members and execs tell them to.


That's called "Nuremberg defense". It didn't work great in the past.


Not a defense here, just an explanation.

Also c'mon let's not compare two radically different things now.


"they don't get to think" is not an explanation and can't even be true. This is not an LLM it's a real human.

They do get to think. Ergo it's only an excuse/defense.


> Can they love a device that shares data with their employer and advertisers

Other than basic information at set-up time, I don't see any indication that the collected info leaves the device


They probably think they are doing the user a service. Apple employees tend to be pretty evangelised.


[flagged]


Information doesn't have to be explicitly linked to a person in order to identify them. Search browser fingerprinting as an example. The best policy is really to not collect this information.


> The best policy is really to not collect this information.

Quoting from the flowchart:

"Touch ID or FacelD are stored locally and cannot be accessed by the operating system or applications."

Called out as if it's a bad thing??? It's a really weird flow chart.

Meanwhile, Apple did more work on differential privacy than anyone, famously sandbagging their Maps directions / routing by refusing to collect your route A to B, instead segmenting the trips and disassociating them.*

Across the board, they create incredible hurdles for themselves at great expense.

One wonders why, when Apple have to compete head to head with firms that do not sandbag themselves.

Perhaps it's because Apple has to get most of its revenue from device sales and user subscriptions, while the others get almost all of their revenue from turning user data into ads, so they actually are fundamentally different in mindsets?

* https://www.idownloadblog.com/2019/03/13/apple-maps-navigati...


> Across the board, they create incredible hurdles for themselves at great expense.

If they're so privacy-conscious, then why do they violate GDPR by making analytics opt-out rather than opt-in?


They make zero mention of differential privacy, and are clearly not in touch with what Apple is actually doing technically.


Google does all this anonymization across services as well and it doesn't at all get them off the hook in any way. It's so easy to just cross correlate data later.


You seem to be forgetting IP address, uniquely identifiable metadata such as software version combinations, timing attacks, etc.


You have to make it sound bad or no one would read it and earn you ad revenue (edit: donations?)


Aalto is a public university, and there's no ads on that page.

So it's rather: You have to make it sound bad or no one would read your press release.


Then I wonder why they're setting 49 marketing cookies on that page, from

- Meta Platforms, Inc. (3)

- Adform (3)

- Google (1)

- Issuu (1)

- Microsoft (16)

- Quantcast (1)

- Unibuddy (2)

- YouTube (22)


Good point


I doubt Aalto University is hurting for money that badly.


The word privacy means so many different things to different people it is hard to discuss about it without first defining it.

The word "privacy" in modern sense has been twisted to mean anonymous. So any data collection in absolute terms is an invasion of Privacy. Hence the confusion.

The word "privacy" in Apple sense was that only they can collect information about you. But not any other third party without permissions. And those permission are guided by both user interest and obviously their business interest.

The word "privacy" where data collected about you are randomised and profiled you to certain category of interest will be an invasion of privacy depending on which company is doing it. For Google with their replacement of Cookies it is absolutely wrong. For Apple they are protecting their customer.


Is it PII? Yes, because it's linked to your personal Apple account, that identifies you as an individual to the data controller (Apple, as they are the ones deciding which data to collect and how it will be used).

Is it pseudonymized? No

Is it fully anonymized? No

Is the user given transparent information about which data is collected, how it is used, for which purposes? No

Is the user given the choice to object to the usage of that data? No

You can't have privacy with this pattern of responses.


If, as another poster claimed, the data never leaves your device, you absolutely can have privacy. Some people might prefer a stricter form, but it’s not nothing.


I need to disagree with that reasoning.

A device you own is collecting and using data that pertain to your personal sphere, in ways defined by a vendor, and that you do not understand or control.

From that premise, you cannot hop to the conclusion that the data does not leave the device, because the entity deciding how the data is used is not telling you how the data is used.


> The word "privacy" in Apple sense was that only they can collect information about you

That doesn't sound like anyone's definition of privacy outside of Apple. Are you positive you think this defintion isn't twisted ?


It is definitely twisted. When Apple collect information about you, most response were ( before the current headline ) "Oh I trust Apple so it is totally fine. Because they dont do Ads"


> ‘Privacy. That's Apple,’ the slogan proclaims. New research from Aalto University begs to differ.

> The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps...

> The fragility of the privacy protections surprised even the researchers.

Reaction: Either their "surprise" was purely theatrical (or journalistic gloss), or else Aalto U. needs to replace them with competent researchers. Just like a policeman who doesn't believe that anyone could really be a criminal, or a doctor who finds it unimaginable that autoimmune diseases could actually occur, or ...


From the news article I understood that this was an experimental setting, where participants were asked to perform actions in order to prevent data sharing with apple. From the news article I also interpreted that it is indeed "possible" (in the technical sense), but zero of the participants managed to get it right.

Being a software engineer / computer researcher / highly technical person (which puts them / us in a technical competent bubble), it might have been an actual surprise that zero participants managed to perform the task successfully. Add to that that they might have sourced participants from the student community in a technical university, and I don't see why their surprise is "theatrical"

Edit: As expected, quoting the original article: "The participants were recruited using the following methods: (1) posts on the university’s official LinkedIn page and (...)

Participants represented a wide variety of educational and professional backgrounds, including Computer Science and IT, Architecture, Business Administration, Art and Design, Industrial Engineering, Economics, Research and Development, and unemployed participants (...)"


Probably more like they were expecting better privacy practices than what Apple provided. One can be very competent but still surprised at just how bad things can be.

Otherwise we would be discrediting a lot of climate researchers when they are surprised that things are progressing faster than expected.


I'm thinking there's considerable difference between:

- Predict that a gigacorp, which has been lucratively monetizing user information at gigascale for many years, would prove to be darn good at protecting its sources of user information. In a world where dark patterns, incomprehensible T&C's, "just say yes" user behavior, corporate misdeeds, etc. have been well-known things for many, many years.

and

- Predict the future of the planet's climate years ahead, when state-of-the-art weather forecasting can't yet manage 2 weeks.

(Admitting that I can see a good climate researcher using "surprised" very frequently - both for public consumption, and to summarize "our very-advanced-but-usually-wrong model was wrong yet again".)


That's overly harsh, and a disingenuous analogy to draw.


(Guessing that you are not referring to my 'Either their "surprise" was purely theatrical (or journalistic gloss)' phrase.)

Do you view "university researcher" as pretty-prestigious & cool social status tier - which is provided "because they deserve it", for people who spend years grinding their way up an academic XP ladder?

Or do you see "university researcher" as expense which the public pays, because it expects considerable public benefit from the supposedly-highly-skilled work which the researcher does?

Complex dark patterns, default-to-share, users who just keep clinking Yes, and relentless monetization of user information have been routine & well-known things for quite a few years now.


I hope I wouldn't come into this with either of those preconceived notions, as it sounds like a false dichotomy. University researchers are a mixed bag; I was one myself for a brief stint in a former life. Generally speaking the vast majority of them have at least a genuine desire to advance human knowledge.

> Complex dark patterns etc.. have been routine & well-known things for quite a few years now.

That doesn't put some kind of ban on experts being surprised.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: