Apple should provide an option to opt-out of Siri "learn from app" for ALL applications.
At present, this must be done individually for every app, https://www.imore.com/how-stop-siri-learning-how-you-use-app.... When you later install new apps after setting up the device, you have to remember to go into Settings and opt-out again, for every app, forever.
How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?
“Siri” (whatever it has morphed into) is a pervasive DWIM engine in iOS these days. When you do a search for an app Siri decides what to display (e.g. when I go to a certain location with a “smart” lock and pull down search, the app for that lock is always offered first, but never in other locations).
These days the voice part is just a UI mode. I use it on my watch and occasionally on my phone when I am wearing earbuds and my phone is in my pocket, but have it disabled on my Mac.
I'd be happy to have a voice assistant that was actually smart. Every few months I ask Siri if it's powered by a language model yet. So far it hasn't even been able to understand the question.
I'm also in the situation where I use Siri for nothing, but I want to use CarPlay. I don't use the voice control for anything, in the car or otherwise. How does it make sense to force me to have Siri enabled?
There's a bunch of parts of CarPlay which assume you can use Siri. Interacting with notifications, sending / responding-to messages, searching for things in maps, etc. Apple could disable everything that would kick itself out to a Siri-interaction for input, but that'd probably feel confusingly-broken.
I've been using it for many years now, multiple installations on new macs and I've never seen such a thing.
I can only think it must be something specific to your setup.
Looking at the version I presently have installed, there is an Account menu and it says "sign in...", so I'm clearly not signed in.
Managed Apple ID seems to be some sort of MDM-style thing[1] , I've certainly never done that and no idea how it works ! I have always just used Apple Configurator in plain-vanilla mode.
Ah, I understand my confusion now. I was trying to use the iOS version of the app. I'm using the macOS version now with my iPhone connected and it's working. Thanks for the advice! :D
>How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?
Is there more on what Siri "learn from app" actually does? Does it scrape entire screen contents? Or just metadata? Or only what the app developer decides to send?
My understanding is that the "learn from app" setting relates to it watching out for NSUserActivity, which is something the app developer has to explicitly send out. The app developer is motivated to do so because NSUserActivity powers a lot of system-integration features.
“The user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that”.
A concern with Siri is it sends your voice data to a server to parse. When Siri is disabled, what data is collected via third party apps? I would imagine any time you use voice as a command in an app the iPhone send the data to a server to parse, even in third party apps. Is that the concern, or is it other data?
"Siri" is not just the voice assistant, Apple also uses that designation for other "intelligent" features, like "Siri Suggestions" [0]. The related personal information is shared across devices via Apple servers. Apple states that any analytics shared with Apple are anonymized [1], but users may still prefer to not share analytics in the first place. However, that can't be opted out globally, it can only be disabled per app [0]. Except maybe by turning off Siri in iCloud [2]? It's not clear. That's the criticism, it's difficult for users to understand what settings are enabling or disabling what exactly. It's quite complicated overall, and difficult to tell what you are and aren't sharing.
Excellent. Then Apple can provide one-click, one-time opt out for all apps, instead of consuming CPU cycles, battery life and hundreds of avoidable and unwanted user actions over the lifetime of a phone.
> It never gets sent to Apple and no other application can read it.
Malware can read it. See the list of Apple iOS Security Updates.
If Apple doesn't receive the data and the user doesn't want the data, let's avoid collecting it.
> The idea that there is this demand to fully disable it is bizarre to me.
Apple provides a setting to disable Siri. It does not function as users expect. Either remove the setting and state that users are forced to use Siri, or improve the usability.
> Users want to be able to search for apps, contacts, mail etc which is why it’s a standard feature of every operating system.
Typically an optional feature with one setting to disable it, e.g. people have long disabled Windows Indexing to improve performance and battery life. Or to use a 3rd-party search tool. Why was Siri ("AI") conflated with Spotlight (search) on iOS?
> If you have malware that can access the entire file system then reading a Siri search index is the least of your troubles.
With malware that can access the entire file system, we don't want to provide a gift-wrapped search and user behavior index that has been quietly collected by Apple. Let malware do its own CPU-intensive rummaging through each app, increasing the odds of detection.
I never use this on Android really. If I look for a mail I search within outlook. And in fact emails in outlook don't show up in the global search, I just looked.
Same with contacts in the phone app. If I look for an app I just find the icon in the list because I don't have so many.
A global search is a cool feature for people who don't know where to look but it's not something that everyone would want.
I'm the opposite, universal search for everything. Want to open an app? Pull down and search. Want to find a message someone sent me? Pull down and search. Want to search the web? Pull down and search.
> A global search is a cool feature for people who don't know where to look
Not sure these people exist in enough numbers to justify a mention, or that the feature is primarily used by or useful to these supposed users.
The user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.
Not condoning or anything, but perhaps the thinking is that, if the user can re-enabling siri at a later date, they don't want siri to start with no memory?
If/when a user actively consents to "learn from app", it's no different than setting up a new device, e.g. mail downloaded from IMAP server, data transferred from old device, or from cloud services.
The problem is that 'Siri' is a pretty ill-defined term that Apple sprinkles onto a bunch of unrelated features if they have anything that sort of looks like 'learning' if you squint hard enough.
> You can just disable Siri if you're that concerned?
Apple fights you from disabling Siri as much as they can. I've tried to disable Siri multiple times, but it turns off other unrelated features/services, so it's basically impossible.
For example, if you're using CarPlay, it's required that Siri is enabled, even if you don't use the voice controls.
I remain shocked anyone trusts Meta, Google, or Apple marketing on privacy.
These companies are all fundamentally similar in that their proprietary software
collects an insane amount of data that will
end up in the hands of your enemies either by sale, court order, or security compromise.
It is relatively easy to opt out of all of these companies and take some actual control over your privacy.
They became as successful as they are by collecting massive amounts of data to learn to effectively psychologically manipulate people into buying their products, convincing them they are the most secure, fastest, most private option that will make people like them more for using.
Apple is above all else a data driven marketing and advertising firm just like Google and Meta. They are profitable because they are effective at using data to change user purchasing behavior.
I was considering less how their revenue is now and more how it will be when the EU regulations hit and they lose the guaranteed 30/15% cut on all iOS apps
I know the US govt is hitting them with a similar anti-trust lawsuit, so it might happen over there too
If Apple lose their walled garden, and the 30/15% cut with it, both in EU and US, I think that could be a massive problem for them
Whether or not that will actually happen, or if Apple will find a way to compensate for the lost revenue, I don't know. I wouldn't be surprised if it was causing big discussions inside the company though, and I wouldn't be surprised if people become more bearish on Apple until they show they've found a solution
> Apple lose their walled garden, and the 30/15% cut with it
This could be fantasy talking. How does the walled garden around Steam affect their 30% cut? Oh, there is no wall, and it's... 30%.
So wait, if non-walled-garden stores cost 30% in an open market -- are we sure this is going to work out getting to use the world's most valuable app store shelf space for free?
A better comparison is the (derelict) Mac App Store. Apple still continues to charge their 30%, and their most professional developers and customers continue to avoid their store. Adobe doesn't sell full-fat Photoshop through Apple's storefront, Avid doesn't bother with it for Pro Tools, Ableton, Bitwig, Sony, U-HE, Sonar, Spectrasonics, and even Panic don't fully commit to Apple's offerings. Nevermind the fact that ubiquitous components of modern professional software development (git, bash, grep, make, the lot) isn't even allowed to be distributed under their own terms on the App Store. If nothing changes, Apple will become Lord of the Flies.
If Apple wants to be Steam, let them play Steam's game and see how far their philosophy takes them.
Which one is the third one? All three operate advertising networks with significant revenue and run massive data collection services (e.g. find device networks, ad networks, personal health data collection, etc.)
I don’t expect to be able to have privacy in the face of a state actor.
I just want the company to keep my data private from other commercial players. Like don’t sell all my data to anyone who asks or use it to create an invasive model to then advertise/manipulate me.
I think it is reasonable to say that Apple is better on that front than Meta or Google.
Yeah, I don't fully trust Apple, just more than Google and Meta. I would expect the government can get information from just about any company if they really want it.
There's no suggestion that I can see that Apple collects this for marketing. It's collected on-device for suggestions. The exceptions are adverts in the App Store and News
I have not carried a phone in 3+ years. In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.
Major mental health wins from being offline when you are away from your desk too.
>In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.
Right? This is completely anecdotal, but I've occasionally seen people lament, "You have to bank, as well as manage health and travel stuff on your phone". My follow up is always, "What can I do with those apps on my phone that I can't do via a laptop or desktop?" I am typically met with silence.
Seriously - beyond SMS 2FA, there's nothing I can do on my phone that I can't do on my desktop, and I sure as hell don't need to have constant access to all of that when I'm out and about.
Practically any Android phone from a reputable vendor. The default apps might share more data than you might like, but it does give you actual control to turn that off. You don't have to send your location to anybody any time an app requests it like iPhones send your location to Apple. You don't have to tell anyone you installed an app like iPhones tell Apple.
I have tried, a long time ago, LineageOS on Samsung Galaxy S3 and S4. The both of the ports were so buggy, that by those experiences I could not trust the maintainers to be capable of securing the system. It may have been a false assumption, but I had to think stability/bugs and security must correlate at some levels.
Actually if you link popular software with a hardened memory allocator, apps will just crash a lot instead of allowing buffer overflows that are shockingly common.
YOLO mallocs most operating systems ship allow an application to -feel- faster and more stable at the expense of security.
If you want software to be stable in a strict malloc environment, write it in rust :)
To be fair though, LineageOS security is actually terrible. Do not use it. If you must have an Android device CalyxOS is the least bad option today.
For privacy-conscious people, the authors certainly picked an outlet with plenty of cookies and trackers - this is what the popup shows me when I pick "customise":
The authors appear to be associated the university which hosts the site. I doubt they are responsible for the engineering decisions behind the site, or that they "picked the outlet" per se. Authors tend not to have carte blanche control over the platforms on which they publish.
I don't know why you would judge the content of the article based on that, rather than its own merits, particularly given that the subject of the article isn't the security of web pages or cookies. If anything, what the article does discuss has far more egregious security implications than website cookies.
The article also has a number of incorrect assumptions regarding how Siri works and what kind of data Apple collects. They do not mention Apple's differential privacy approach, for instance, nor do they seem aware of many iOS improvements in that regard over the past few years. So I don't really consider it a thoroughly researched piece...
This is the criticism you should have posted originally, instead of considering the article ridiculous because it was hosted on a site that used cookies.
> The requirement to offer a 'Reject All' button next to an 'Accept All' button follows indirectly from the consent requirements in the GDPR; consent must be as easy to revoke as it is to give.
I feel like you might want to consider the scale of data collection involved here purely from the perspective of Apple being one of the largest companies in the world, and this being a medium-sized university in Finland.
Who is "management?" The author of the article is listed as the university's communications manager so they wouldn't be totally without a voice in these decisions.
It can get quite high in the chain. This is a financial decision - extract value (money) with the cost of other values (principles) and users' privacy.
Come on, no one is running all their private data through the website. But I do agree that the web should not be browsed without ublock as is at the moment - there's something fundamentally wrong with the current approach
That article explains what it is, but doesn't explain why it is wrong.
If you're arguing for more privacy but you're participating in removing privacy, why isn't that hypocritical and makes the argument for privacy weaker from that person?
I agree that it's off-topic to the discussion as a whole, for this particular submission, as it doesn't argue against the content of the article but rather talks about how the content is hosted.
It does not make the argument weaker, that's the point. To think otherwise is a fallacy.
If someone writes that it is healthier to stop smoking, but then someone finds out that the author is a heavy smoker, does that make smoking somehow ok?
The point is that there are so many commentators who assert that Apple is great on privacy issues, so that many people (including me) automatically believed that buying (expensive) Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS. Attacking the article/website for have cookies, is a distraction from the actual point.
And anyway if you want to see tracking cookies with a browse you only have to use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux). Easy. It is much more difficult to see if you are being tracked and what data is being tracked and how it is being used on your mac or iphone.
I am as concerned about security as I am about privacy, and Apple has the best track record for long-lived devices that are still receiving security updates.
As for privacy I don't know any major vendor that is privacy-focused. Not only is it a hard technical problem to solve, it's also leaving money on the table. I don't see things changing any time soon.
> Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS.
Where does it do that? It explicitly doesn’t compare Apple’s products with other products:
“Lindqvist can’t comment directly on how Google's Android works in similar respects, as no one has yet done a similar mapping of its apps.”
Also, IMO the post is flame-bait in saying “Keeping your data from Apple is harder than expected”. AFAICT, the paper (https://acris.aalto.fi/ws/portalfiles/portal/141787684/Priva...) is not about Apple breaking privacy at all; it solely is about the difficulty of the UI for various privacy settings and of user understanding of what settings do.
They don’t claim, for example, that Apple makes these settings so convoluted to confuse or wear down users so that they close down less stuff (they may or may not, but the paper doesn’t discuss it)
This article is highly misleading, making it sound like Siri is collecting data from apps and sending it to Apple. This is not the case, Siri Suggestions are fully on-device, though they can sync accross devices with mandatory E2EE. Apple never gets access to any of this data.
But if this is your threat model - that you have no trust of the operating system or the vendor - then all of this is pointless because at any time they can just backdoor themselves. Apple could just never ask or collect this, but still they're one update away from starting to collect it.
Of course that's always a threat with any computer, but you must place some amount of trust somewhere.
If Apple did not collect the data today, then a court order in the future will not allow them to collect data that was not stored today.
Personally I only use reproducibly built FOSS software and I isolate most of my hardware and workloads from each other with virtual machines via QubesOS.
Proprietary software is not at all required to be well integrated into modern society.
Apple operating systems automatically apply patches to devices for critical security updates so long as those patches are signed by a cryptographic private key held by Apple. That is in fact an RCE system that already exists.
There also exist humans that have access to those private keys, and those humans can be controlled by money, court orders, or violence.
In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.
How long before US politicians start demanding the same?
Or maybe they just make a security mistake. Maybe a state actor performs a side channel attack on the known vulnerable Apple Silicon that powers their HSMs.
> In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.
I've never heard about China having special iOS releases signed by different keys. Fairly sure all devices across the world get the same exact OS builds, but would be curious to read more about this if you have any sources?
My core area of research is supply chain attacks, and I run a company where we regularly train high risk organizations how to remove trust from any single human or system in critical areas of their stack like key management, CI/CD, etc. Many of our clients are fintech companies where trusting a single person, even a system administrator, would seriously endanger them.
Meanwhile Apple sysadmins still manage most of their infra with centrally controlled Puppet nodes last I heard.
Speaking of Linux distros, I created a 100% reproducible and full-source-bootstrapped Linux distro where every package is signed and reproduced by multiple people to avoid having to trust any single human, including me.
Siri suggestions might more accurately be termed "Springboard suggestions". From what I recall, it essentially works as a fuzzy matcher for suggesting applications to launch in similar contexts (time window, previous app used, etc.). It's like a smart history feature, and no, I don't think it ever leaves the device at all or even syncs via iCloud, since I have completely different suggestions across my iPhone and two iPads.
This is a weird flowchart, calling things out weirdly, like “Touch ID or FacelD are stored locally and cannot be accessed by the operating system
or applications.” as if that's a negative?
Since they call it out in the article as well, I really want to understand the "fragility of the privacy protections" on TouchID.
I go through this annoying oscillating struggle every time I read news like this:
1. Realise the Apple hard- and software I'm using sucks privacy wise
2. Compare open source alternatives, maybe switch (I have an iPhone and a Fairphone 4 with /e/OS, also a MacBook and a homebrew Linux PC) with a file- and photo export through my NAS.
3. Use the FOSS ecosystem for a bit, be annoyed at some jank, slowly realise that while unquestionably better privacy wise, it's not necessarily better security wise.
4. Miss real life document management (I scan files, apply OCR). MacOS/Spotlight makes it possible to treat my collection as a database rather than a file cabinet that way, Continuity makes it easy to scan.
5. Switch back, rinse and repeat.
I'm driving myself insane. It's always either feeling great about my privacy and sacrifice convenience (I mean, FOSS can probably host that same workflow, it's just that it's a lot more work up front and I'm the one responsible if it breaks) or feeling great about how my stuff works but feeling creeped out about being spied on.
I’m confused by the diagram. A and B appear to be early in the process but looking more carefully they’re actually pointing to steps 11 and 12. Seems a little misleading at first glance.
Always wanted the option to disable network access for an app.
The lack of this made me suspect that Apple had too much to lose (in harvesting data) to allow this.
I used to be able to on ArrowOS, LineageOS and I think on MIUI. Its been a few years since I gave up on custom roms though, so it may no longer be the case.
Or how about we stop excusing megacorps altogether and stomp them both down? This isn't a football team type of competition, its 2 megacorporations that don't give a shit about you and they both deserve to be strangled into submission so that their whole business model doesn't hinge on mass surveillance.
It has already been done[1] and the conclusion is that Apple is not much/no better than Google. When it comes to user data I do believe that Apple is better due to Google’s revenue being from advertisements. Yet Apple has begun exploring this space and at that point I consider them as bad as each other.
If I remember correctly, segregating Apple devices from other devices via subnetting or otherwise causes them to incessantly ping Apple servers and cause issues on network/device.
Is the whole point of all this data collection nonsense really just to serve me irrelevant ads I never click? What are they doing with all this worthless information?
I downloaded a shitty freemium mobile game once and now 80% of my Instagram ads have been ads for shitty mobile games for more than a year. Is this really the best the 500k+ a year ad magicians at Meta came up with? Is this what gives Meta its trillion market cap? Just like Amazon serving me ads for washing machines, right after I bought one. And Google Maps promoting shitty restaurants and services I don't want to go to. Is this the cake apple wants a share of?
> Amazon serving me ads for washing machines, right after I bought one
Counterintuitive, but there’s a chance that the one you bought didn’t work out - and that’s high enough to make you much more likely than the general population to buy a washing machine.
Consider: in the past 20 years there have been about two weeks (total) where an ad for a washing machine could be relevant. That’s about 0.2% of the time. If the RMA rate for new appliances is higher than .2%, that’s a useful bit of targeting information.
I don't buy this; because it always happens when I've bought something from them, not from elsewhere.
Amazon knows if the one I bought worked out or not because I RMAd it or didn't; yet, every time I buy something, I'm inundated with suggestions for the same thing until I've searched or bought a sufficient number of other things, to replace them, and the cycle begins again.
Don't get me wrong, they have some fairly decent suggestions based on the things I browse and purchase, or browse and didn't purchase, but showing me dozens of things like the thing I just bought is hilarious.
Isn't it more the case that services like Google etc collect data about you and put you under certain categories/tags. Then the company buying an ad selects the categories and tags they wish their ad to be shown to?
In other words, the company paying for the ad wants you to see the ad. For some reason they think you might buy the product. Why would Google tell them "no" if they're offering money for that?
I feel the same. I think they realise it, but for the lack of better ideas, this is what shareholders want. It's like "we have to collect data, because everyone does it, and use it for anything"
To millions of small business they are the only viable way to reach their customers.
As tech focussed people we often ignore this or play it down. Facebook (as it’s the most used example) being blocked in a country or region (EU for example) would be devastating thousands/tens of thousands of businesses.
The usual reply is “those businesses shouldn’t be so reliant Facebook etc” which misses the point that these business only have a viable route to market thanks to these platforms.
Some of the most useful things I have bought have been thanks to “shitty Facebook and Instagram ads” including home gym equipment I use daily, DIY and wood working products, kitchen utensils, etc
> Facebook (as it’s the most used example) being blocked in a country or region (EU for example) would be devastating thousands/tens of thousands of businesses.
You've stated this as a fact but small businesses thrived before Facebook, so I think it's fair to assume they'll thrive after Facebook is long gone, absent other evidence.
The only type of business I genuinely see suffering are those who advertise crap dropshipped from Alibaba that nobody is looking for organically, sold at 2000% markups, and that would be a good riddance.
> You've stated this as a fact but small businesses thrived before Facebook, so I think it's fair to assume they'll thrive after Facebook is long gone, absent other evidence.
The unit economics have totally changed though as there are many more businesses that exist now that simply could not have done in the old model.
The previous company I started was a direct to consumer UK heating product. In the old world we would have had to go through big shed retailers and lost 50-60% margin with 90 to 180 day payment terms and would have had to stock all of their stores from day one. The expense would have stopped that business from ever being started.
With digital platform advertising we could specifically reach our target demographic, loose only 20% margin to customer acquisition and postage costs (so afford to start with smaller manufacturing runs), get paid the day we sold the unit so cash flow positive, hold much less stock and order from our suppliers in response to demand and run our own just in time factory.
The business was much smaller that it would have had to be in the previous world, much less risky and, frankly, only viable thanks to very targeted advertising that allowed us to tell our potential customers about our product when they most needed it.
In this kind of discussion people seem to assume the product spectrum is binary. It's either useful and so would thrive regardless of advertising or useless tat that only exists thanks to digital platform marketing.
That just isn't the case, sure - those ends of the spectrum exist but there is a vast array of businesses in the middle that could not have existing in the old world and aren't useless drop shipped tat.
It's going to sound harsh, but if a business is solely reliant on a single partner to not get fucked over, then that business has a far greater issue and it's failure will be entirely on them.
Putting your eggs in one basket is never a good idea.
That aside, in practice the main people who benefit from GAFAM ads are Alibaba/AliExpress dropship sellers in my experience. Just take a generic piece of product, slap your own label on it and that's a new listing. Had to buy a PC keyboard recently and the search results are just littered with that crap. I don't think you'll find many people shed tears for that crap going bankrupt, it just clogs out actual legit small businesses.
> but if a business is solely reliant on a single partner to not get fucked over, then that business has a far greater issue and it's failure will be entirely on them.
You're totally right but that's the reality for many small businesses. One big route to market props up the whole business.
> are Alibaba/AliExpress dropship sellers in my experience
Possibly making an unfair assumption but I suspect your experience is quite limited then. I know many very legit web first businesses with great products, developed in house or a proper license importers of great products who rely extensively on the GAFAM ad complex.
After Microsoft bought Skype, they changed it from p2p to centralized, so all calls were routed through NSA PRISM. This also had the result of making calls laggier and worse quality.
I think there might be a bit of that sort of thing going on in other places too.
You are getting Instagram ads for shitty freemium mobile games because everyone else does. This isn’t shitty targeting, it’s just bottom of the barrel spray and pray advertising. There’s a reason that Apple is addicted to the revenue from casino games: there’s a lot of it out there.
Yep, I would wager that you have probably opted out from as much profiling as possible. Which means you are served the stuff which targets "everyone", i.e. the people for which they have no profile or can't use it for targeting. And currently that category (on mobile) is casino-games.
It's like if you open YouTube in incognito. It will show you whatever clickbait is most likely to catch an "average" YouTube-user from your country. It's wildly different from what you are seeing signed-in.
Remember that this too ships a huge number of privileged binary blobs and kernel modules from companies like Qualcomm and Google in the vendor partition.
Whoever compiles these binary blobs, and the OS images themselves, and anyone capable of coercing them, has god access to your device.
I suggest getting to know someone before giving them that much power over your life.
Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.
It is wild but not entirely for the reasons someone might think.
I think everyone knows that a good part of the Apple app ecosystem relies on syncing data. I don't think anyone is surprised that a daemon is syncing your photos between your devices/cloud. Add podcasts, ePubs, etc. and you're going to have a busy network on your device. It's a reason in fact I use the cloud, sign in with my Apple ID. I can lose my machine but not my documents.
Maybe the thing that is more along the lines of what you're suggesting though is the network traffic that is seemingly less useful to the user (but useful to Apple). Various frameworks have appeared on the OS that allow apps to share analytics (pretty sure though these are the analytics that you are asked if you want to opt out of on an install/setup).
But because it has become so easy to do (in part because there is a framework to handle it, but also just the ubiquity of the presence of a network) lots of, I think, dumb data is collected to no doubt satisfy management/design as to whether some feature of an app is being used or is not being discovered.
The ubiquity as I say has made it too darn tempting for all parties (Apple and 3rd) to become lazy about how their apps are being used and to become too data hungry themselves.
I had someone recently ask me how I get feedback from my blog posts since there is no comment section, no analytics .... they wondered why I bother blogging at all.
> Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.
You can also see this just by running an iOS simulator with Xcode on a Mac that has Little Snitch installed. The amount of phoning home by iOS (and macOS, for that matter) is shocking.
What is even more shocking is running an Android simulator in the same context. Literally dozens of Little Snitch prompts before the OS even boots to the lock screen. Not defending Apple here, but when I was developing a mobile app in both Xcode and Android Studio I noticed a marked difference in the amounts of phoning home.
Little Snitch could use a 1-click on/off ruleset for blocking all Apple network connections (17.x.x.x) except for the published whitelist of Apple notification servers. That would block most of the real-time phoning home. The block could be disabled manually for security updates. If notifications aren't needed, block all of 17.
I saw this idea implemented in the book "Extreme privacy: macOS devices". The author also provides importable profiles that you can switch between, e.g. to enable/disable security updates. I haven't tried them yet, but I am now more motivated to do so.
You can actually see the domains being contacted in the app privacy report. I’m not sure if it includes the OS level connections, but it includes for all apps, including Apple apps.
If what you're 'locked out of' is considered 'modern life' that'd make me a Luddite. You can have your 'modern life' and do with it what you want, I'll keep to my ways (where Apple et al fear to tread).
That is the government's aim yes. They want you to carry a spy device so they will encourage any carrot or stick. Carrots being "look at this shiny thing" or have some dopamine". Sticks being no parking, no banking, no menus, and more.
I have not carried a phone or an Google/Apple controlled device in 3+ years and exclusively use FOSS on a personal basis.
I live in Silicon Valley, run a b2b tech company, have a huge group of local friends, and have never been excluded from anything I wanted in my life for not having a phone.
Paper menus are available if you ask, sms can be converted to VoIP, you do not need Genie Plus to navigate Disney, there is always a way to pay with cash (or cash purchases gift card), paper tickets still work fine everywhere, your bank actually cannot force you to use an app, and internet comments and notifications can wait until you are back home at your desk.
Sure, it is a bit like having a dietary restriction, but it is not the life fulfillment blocker everyone makes you think it is.
Typically you can use a webapp or find a paystation where you can use cash or a prepaid credit card.
If there are really no humans at all I would just park further or sometimes just park anyway and risk 1/3 chance I get a $20 ticket once in a while I can then pay online without an app. Sometimes paying occasional tickets instead of using the app can actually save you money.
Hmm here in Spain it's more difficult. Nobody uses SMS here (nor iMessage), it's all WhatsApp and Telegram. And most banks do force an app here (for 2FA payments for example). Tickets can go on paper yeah, though some restaurants I visit don't do paper menus (especially the asian ones).
Also some stuff for work is mobile-only. We have a stupid 2FA system that only works with a mobile app (the company gives us a phone but it does mean being tracked), and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).
Cash is still common here yeah though I don't like dealing with it. I wish there was a mobile payment method that didn't rely on Apple or Google.
Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.
> Tickets can go on paper yeah, though some restaurants I visit don't do paper menus (especially the asian ones).
Many have said this to me initially, until I insist I do not own a cell phone. Then they always find a way to produce a tablet for me, or hastily print a screenshot from a phone, or find an old paper menu and cross out some old prices. When I go back to those restaurants later they sometimes have paper menus more readily available, because they were embarrassed the first time for being unable to accommodate a paying customer.
After all, even people who do have phones, end up with dead batteries. People with dead phone batteries need to eat too
> Also some stuff for work is mobile-only. We have a stupid 2FA system that only works with a mobile app (the company gives us a phone but it does mean being tracked), and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).
Almost nothing is truly mobile only. You can run Android applications on QubesOS in a pinch, but more generally I find most 2FA apps actually use TOTP or FIDO under the hood, and can be replaced with open alternatives with a bit of research.
> and the same with the desk booking (I absolutely hate the office since we implemented flexdesks).
I have never seen one of these that does not have a webapp alternative. If they really don't have one, run their app in a VM and sniff the request traffic. Then you can make a simple shell script or webapp to book those desks for you. Open source it to annoy the company into producing their own. Done this sort of thing many times.
> Cash is still common here yeah though I don't like dealing with it. I wish there was a mobile payment method that didn't rely on Apple or Google.
In most countries instead of trying to flag down wait staff to take your card, then wait for them to come back, you can just drop cash on the table and leave at any time. I have not been to Spain specifically though.
Thing is, everything you buy with Google Apple Visa or Mastercard is logged. Everything you buy at the pharmacy is cross referenced from the cash register software and your credit card purchase then sold to insurance companies, etc etc.
Every time you use cash, you are making a small vote against those types of organizations having any more power over the public. Cash can be an annoyance, but it helps take power away from entities who will absolutely use your data to harm people for profit.
>Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.
I do this. It's great for protecting your location data and select meta-data, but the contents of your conversation are just as vulnerable as ever because the other party might still be using native apps.
> Both can be bridged to Matrix, which can be accessed with any OS you like with FOSS software.
Correct, and I do exactly this. But WhatsApp requires a mobile device. It can work without the device turned on, but after a few weeks it will stop working. So you still need to have a phone though you don't need to bring it with you.
iMessage and SMS is totally not a thing at all here. But Telegram is (which doesn't require the mobile app luckily, in fact I really like Telegram despite the lack of end 2 end encryption in regular chats). They allow alternative clients, bots, and their paid plans are cheap enough and offer some features that are genuinely cool and useful. I use it most of the time with local people here instead of whatsapp, I only use that with the few people that don't have telegram.
I'm just mentioning this because in the US telegram appears to have a bad rep somehow. But to me it's one of the services that's the least trying to enshittify. Even Signal I don't use because it's just not terribly useful the way they implemented it.
> Almost nothing is truly mobile only. You can run Android applications on QubesOS in a pinch, but more generally I find most 2FA apps actually use TOTP or FIDO under the hood, and can be replaced with open alternatives with a bit of research.
That won't work. My work requires MDM management of the mobile device for accessing work stuff. And the 2FA app is unfortunately not TOTP or FIDO.
> I live in Silicon Valley, run a b2b tech company ... I have not carried a phone or an Google/Apple controlled device in 3+ years and exclusively use FOSS on a personal basis.
I grew up on the road often getting food from food stamps and food pantries, been working since 10, had to fend for myself since 17, spent years surfing couches and sleeping in cars, and learned engineering skills while working retail, pc repair, coding gigs, street entertainment, day labor, trucking, and telemarketing.
I am accustomed to life without a smartphone because I could not afford one until my mid 20s and only had a laptop because of a $200 Black Friday sale I waited in line 3 days for.
What I never understand is how engineers working at Apple think about the product they make. Can they love a device that shares data with their employer and advertisers?
The saddest part is that Apple devices could be even better with more transparency. Apple wants to scrape all data from all apps by default? Fine, put a master on/off switch on the feature. Then expose the collected data to the user for export, so they can evaluate (or create!) utility. Let authorized apps access the data, but only in a non-networked sandbox, like 3rd-party keyboards. Don't silently scrape data into an undocumented target for attackers.
Engineers go to Apple because they want the challenge of building complex features while minimizing the data that Apple and advertisers get. The article itself notes how many features keep data on the device only, or only sync data between devices via end-to-end encryption (in which case Apple does handle the data but cannot read it).
> It’s not possible to be sure based on public documents, but Lindqvist says it’s possible to conclude that the data will be used to train the artificial intelligence system behind Siri and to provide personalised user experiences, among other things.
What made you think it is shared with advertisers?
It's not shared with anybody, not even Apple. The article conveniently conflates "Apple" with "the operating system that Apple provides" for a clickbaity article.
Everything is local only, except:
- when opted in to send diagnostics and performance analytics (to Apple for first party apps and OS, to app developers for third party apps):
> None of the collected information identifies you personally. Personal data is not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.
> If you agree to send Analytics information to Apple from multiple devices that use the same iCloud account, we may correlate some usage data about Apple apps across those devices by syncing using end-to-end encryption. We do this in a manner that does not identify you to Apple.
- when searching for or suggesting information that's on the web, but none of it is ever linked to the user in any way:
> When you use Siri Suggestions, Look Up and Visual Look Up, when you type in Search, Safari search and #images search in Messages, or when you invoke Spotlight, limited information will be sent to Apple to provide up-to-date suggestions. Any information sent to Apple does not identify you, and is associated with a 15-minute random, rotating, device-generated identifier. This information may include location, topics of interest (for example, cooking or football), your search queries, including visual search queries, contextual information related to your search queries, suggestions you have selected, apps you use, and related device usage data. This information does not include search results that show files or content on your device. If you subscribe to music or video subscription services, the names of these services and the type of subscription may be sent to Apple. Your account name, number and password will not be sent to Apple.
> This information is used to process your request and provide more relevant suggestions and search results, and is not linked to your Apple ID, email address or other data Apple may have from your use of other Apple services.
> Aggregated information may be used to improve other Apple products and services. Common search queries may be shared with a web search engine to improve search results.
(emphasis mine)
One could argue that there's enough bits of data to deanonymise after the fact, but differential privacy should prevent that to a large extent.
There are also toggles to disable all of that, with possible improvements to usability:
- Some onboarding opt-in/out questions could definitely be improved (e.g the "Ask Siri" onboarding question should either cover all of Siri-the-voice-assistant, Siri-but-actually-Spotlight and Siri-the-suggestion-assistant-that-hints-at-actions-based-on-content-and-behaviour, or be split in three).
- Some grand-master "disallow the OS to see ANYTHING" switch seems to be requested by the most ardent "privacy minded" crowd. I'd argue that at this stage it's more about "privacy paranoid" and/or "security minded" (which I can very much be sympathetic to), because it's not a matter of privacy here since none of the above is privacy challenging: Apple itself does not see anyone's data, and the few search queries it can is entirely unlinked to anyone's id. But then again if you don't trust the locally-processing OS made by Apple (which is going to have access to data anyway because it handles the filesystem and app processes) then I have a surprise: the CPU made by Apple is seeing your data as well.
Information doesn't have to be explicitly linked to a person in order to identify them. Search browser fingerprinting as an example. The best policy is really to not collect this information.
> The best policy is really to not collect this information.
Quoting from the flowchart:
"Touch ID or FacelD are stored locally and cannot be accessed by the operating system
or applications."
Called out as if it's a bad thing??? It's a really weird flow chart.
Meanwhile, Apple did more work on differential privacy than anyone, famously sandbagging their Maps directions / routing by refusing to collect your route A to B, instead segmenting the trips and disassociating them.*
Across the board, they create incredible hurdles for themselves at great expense.
One wonders why, when Apple have to compete head to head with firms that do not sandbag themselves.
Perhaps it's because Apple has to get most of its revenue from device sales and user subscriptions, while the others get almost all of their revenue from turning user data into ads, so they actually are fundamentally different in mindsets?
Google does all this anonymization across services as well and it doesn't at all get them off the hook in any way. It's so easy to just cross correlate data later.
The word privacy means so many different things to different people it is hard to discuss about it without first defining it.
The word "privacy" in modern sense has been twisted to mean anonymous. So any data collection in absolute terms is an invasion of Privacy. Hence the confusion.
The word "privacy" in Apple sense was that only they can collect information about you. But not any other third party without permissions. And those permission are guided by both user interest and obviously their business interest.
The word "privacy" where data collected about you are randomised and profiled you to certain category of interest will be an invasion of privacy depending on which company is doing it. For Google with their replacement of Cookies it is absolutely wrong. For Apple they are protecting their customer.
Is it PII? Yes, because it's linked to your personal Apple account, that identifies you as an individual to the data controller (Apple, as they are the ones deciding which data to collect and how it will be used).
Is it pseudonymized? No
Is it fully anonymized? No
Is the user given transparent information about which data is collected, how it is used, for which purposes? No
Is the user given the choice to object to the usage of that data? No
You can't have privacy with this pattern of responses.
If, as another poster claimed, the data never leaves your device, you absolutely can have privacy. Some people might prefer a stricter form, but it’s not nothing.
A device you own is collecting and using data that pertain to your personal sphere, in ways defined by a vendor, and that you do not understand or control.
From that premise, you cannot hop to the conclusion that the data does not leave the device, because the entity deciding how the data is used is not telling you how the data is used.
It is definitely twisted. When Apple collect information about you, most response were ( before the current headline ) "Oh I trust Apple so it is totally fine. Because they dont do Ads"
> ‘Privacy. That's Apple,’ the slogan proclaims. New research from Aalto University begs to differ.
> The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps...
> The fragility of the privacy protections surprised even the researchers.
Reaction: Either their "surprise" was purely theatrical (or journalistic gloss), or else Aalto U. needs to replace them with competent researchers. Just like a policeman who doesn't believe that anyone could really be a criminal, or a doctor who finds it unimaginable that autoimmune diseases could actually occur, or ...
From the news article I understood that this was an experimental setting, where participants were asked to perform actions in order to prevent data sharing with apple. From the news article I also interpreted that it is indeed "possible" (in the technical sense), but zero of the participants managed to get it right.
Being a software engineer / computer researcher / highly technical person (which puts them / us in a technical competent bubble), it might have been an actual surprise that zero participants managed to perform the task successfully. Add to that that they might have sourced participants from the student community in a technical university, and I don't see why their surprise is "theatrical"
Edit: As expected, quoting the original article: "The participants were recruited using the following methods: (1) posts on the university’s official LinkedIn page and (...)
Participants represented a wide variety of educational and professional backgrounds, including Computer Science
and IT, Architecture, Business Administration, Art and Design, Industrial Engineering, Economics, Research and Development, and unemployed participants (...)"
Probably more like they were expecting better privacy practices than what Apple provided. One can be very competent but still surprised at just how bad things can be.
Otherwise we would be discrediting a lot of climate researchers when they are surprised that things are progressing faster than expected.
- Predict that a gigacorp, which has been lucratively monetizing user information at gigascale for many years, would prove to be darn good at protecting its sources of user information. In a world where dark patterns, incomprehensible T&C's, "just say yes" user behavior, corporate misdeeds, etc. have been well-known things for many, many years.
and
- Predict the future of the planet's climate years ahead, when state-of-the-art weather forecasting can't yet manage 2 weeks.
(Admitting that I can see a good climate researcher using "surprised" very frequently - both for public consumption, and to summarize "our very-advanced-but-usually-wrong model was wrong yet again".)
(Guessing that you are not referring to my 'Either their "surprise" was purely theatrical (or journalistic gloss)' phrase.)
Do you view "university researcher" as pretty-prestigious & cool social status tier - which is provided "because they deserve it", for people who spend years grinding their way up an academic XP ladder?
Or do you see "university researcher" as expense which the public pays, because it expects considerable public benefit from the supposedly-highly-skilled work which the researcher does?
Complex dark patterns, default-to-share, users who just keep clinking Yes, and relentless monetization of user information have been routine & well-known things for quite a few years now.
I hope I wouldn't come into this with either of those preconceived notions, as it sounds like a false dichotomy. University researchers are a mixed bag; I was one myself for a brief stint in a former life. Generally speaking the vast majority of them have at least a genuine desire to advance human knowledge.
> Complex dark patterns etc.. have been routine & well-known things for quite a few years now.
That doesn't put some kind of ban on experts being surprised.
At present, this must be done individually for every app, https://www.imore.com/how-stop-siri-learning-how-you-use-app.... When you later install new apps after setting up the device, you have to remember to go into Settings and opt-out again, for every app, forever.
How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?