Hacker News new | past | comments | ask | show | jobs | submit login
iOS 8 Privacy Updates (lmjabreu.com)
228 points by kyledreger on July 7, 2014 | hide | past | web | favorite | 77 comments

I wonder how Google will react to this? I already feel betrayed by how apps seem to meaninglessly and without reason request arbitrary information.

Microsoft also seems to be making a trend about "We care about your data privacy."

Good point about Microsoft - if they bandwagon and properly implement some of the good-privacy approaches Apple takes, it will put big pressure on Google to do the same.

Ultimately, that will help all users, and in the long run, even app developers as trust increases.

Although IE sucks, Microsoft is the only one to enable "Send Do Not Track" by default. Chrome and Firefox have this feature disabled.

Microsoft also disregarded the standard: http://www.w3.org/TR/tracking-dnt/#h2_determining

Key to that notion of expression is that the signal sent MUST reflect the user's preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user's control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed.

By automatically setting DNT when a user hits express, they have not specifically indicated they do not wish to be tracked, therefore making the setting on IE meaningless, so companies will not honor the header. IE10 does not even expicitly tell you they're turning on the setting, they just do it for you when you hit "Recommended privacy settings" which is highlighted by a large green checkmark icon.

Just look at the disparity: http://www.futureofprivacy.org/2013/12/18/tracking-do-not-tr... Compared to users on browsers that do not push DNT like IE does, only about 7% of users enable the feature, tops. Then 10x as much users have it enabled on IE10, the browser typically used by the not-so tech savvy.

Unfortunately when the browser with one of the highest market shares does this, nobody tends to take do not track very seriously, especially tracking and advertising companies who will lose their competitive edge if they choose to not track half of their userbase. It doesn't matter what Microsoft's intentions were, but the end result is they made a mockery of the standard.

EDIT: fyi, several analytical and tracking software suites such as piwik automatically disregard the DNT setting on only IE10+, while respecting the ones on other browsers. This ironically makes IE the less privacy conscious browser.

>several analytical and tracking software suites such as piwik automatically disregard the DNT setting on only IE10+, while respecting the ones on other browsers. This ironically makes IE the less privacy conscious browser.

Similarly, by ignoring DNT Google and Co. just ensure that more people block their trackers and ads entirely.

And the advertising industry used the default DNT status to justify ignoring DNT since it was no longer opted into by users.

Then again, even before that DNT as an idea was dead – very few advertisers even signaled they were interested in user privacy.

Not making a statement on the validity or realisticalness of the DNT header, but the irony of advertising companies arguing that opt-out models are bad because they "dont reflect consumer choice" is rather amusing.

Hasn't Safari had this on by default for 2 years or so?

It has Do Not Track enabled by default. Safari also blocks third party cookies by default on Mac and iOS.

Are you sure? My Mac has "Ask websites not to track me" set to off and my iOS devices have "Do Not Track" set to off, too. I don't believe I changed them.

I'm probably wrong — I must have enabled mine. I know the third party cookies thing is on by default, so maybe I confused it with Do Not Track.

IIRC during the normal setup flow of either iOS or OSX (not sure which) I remember being asked if I wanted to enable DNT, but I don't think it was enabled by default.

Chrome I expected, but why does Firefox have it disabled by default?

"As we have been arguing for a long time, the point of the feature is to reflect the individual’s preference, so the user must make a choice before we send any stance on tracking."


I'm cynical, but guess who pays the bills? http://www.forbes.com/sites/timworstall/2013/01/22/so-why-is...

I do hope this privacy conscious software becomes a trend and a race to the top. The amount of data collection is scary and the worse thing is the encouragement of sharing this information. I would like it even more if the data is encrypted to the point where not even the company has access to it... but with the cloud trends that doesn't seem like that's going to happen.

With the recent android updates to reduce importance of application permissions already has me urked, and I'm not a big fan of google now nagging me to enable search history. I'm considering to install a more privacy conscious ROM or put firefox OS soon on my phone.

Also I understand that it will be possible to set DuckDuckGo as the search engine in Safari.

DuckDuckGo is set as default if you choose "Private Browsing" option.

Private windows continue to respect the user's search engine preference.

This article is so very thorough and great.

I'd love to have some anchor links within the piece though, so when I'm referring my team to some of the changes, I can direct them right to the relevant information.

It looks like he's adding anchor links as he updates the article. Currently, the major sections are linked: http://lmjabreu.com/post/ios-8-privacy-updates/#safari

Pick a phrase in the spot you want and CTRL - F. Almost the same thing.

Sure, that's possible. When you're passing around the links to other people, it gets old to have a bunch of "[link] and search for 'Keychain|HealthKit|HomeKit'"

I really like the changes they are making here.

One that stands out that I think will cause plenty of issues is the "Block Cookies not from Current Website". This should basically block all tracking, like, +1 etc... buttons, right?

I think it will even impact the SSO that Google has across its properties.

I’m running Yosemite and the default is “block cookies not from current or previously visited websites”. Not sure if it’s the same on iOS 8, but that would seem to allow the buttons to use cookies as long as the user has been to that website (e.g. Facebook, for a “like” button) before.

With comprehensive shared web history via iCloud this could sort of work, but I never (for example) visit the Facebook mobile site from my phone, despite using their apps daily.

ohhh ok, but it would block pure advertising cookies because its less likely that a user would directly visit the domain that they originate from.

that is still good, however I would prefer if it did allow you to block all cookies that aren't from the current website.

Is there a difference between "not from current website" and "3rd party"?

"not from current or previously visited websites" allows for HTTP redirects to count as "previously visited websites" (atleast in Firefox). Thus Redirect tracking still allows to set cookies for advertising networks that could be read out in iFrames or image / "tracking beacon" requests. As far as i understood: "3rd party" would exclude this.

Multidomain distribution to bypass connections restrictions, that kind of stuff? Or domains with different servers for different use cases?

I think Secure Enclave and other hardware crypto technologies are massively important, especially if cryptocurrencies are to be widely used.

Trezor (http://www.bitcointrezor.com/) and other dedicated wallets are a decent stopgap, but I'd really like to let my phone do everything, if it can be done securely, which I think it can with the right hardware (of course auditing hardware is a lot more difficult)

Hal Finney has done some good work here, applying TPMs to Bitcoin: https://bitcointalk.org/index.php?topic=154290.0

It's fascinating how so many apps can be rendered useless by the simple mistake of tapping "Deny" instead of "Allow."

You can, of course, navigate to settings and toggle the switch for anything you accidentally denied, but I wonder how many users know that. Also, unless a developer explicitly adds some message reminding the user that they have already denied access to some resource, the user may very well forget that they ever denied anything and think that the app just doesn't work.

All that said, I think Apple is making the right choice by favoring privacy and security even if it's at the expense of a completely frictionless user experience.

At least in iOS 8 the developer can add actions to send the user to the correct part of the settings app.

And let's hope the review process is very tight about this. If I deny you some permission, you shouldn't be able to pester me every time I run the app to turn it back on. Some apps (cough Facebook cough) are already REALLY bad about this.

It probably depends on the app what makes sense. If the app is useless without the permission then not giving the user a way to get working is a bug. So if a camera app asks to use the camera each time that is proper behaviour but if it asks for access to contacts every time it is started it should probably be rejected.

It might be that the fuzzy edges of Apples approval system can be beneficial if some good judgement is used.

I denied location access and Facebook never asks me anything more than once.

The Facebook “Messenger” app pops up a full-screen modal pestering you to enable notifications EVERY TIME you start it, if you choose to keep them disabled. I prefer to batch electronic communications and check them a few times a day at most, and find the constant nagging to change my communications style pretty infuriating. I ended up deleting the app.

ok, but given that Messenger is about, err.... real time messaging it is probably very important to have push notifications enabled.

The article says that Apple is making it possible to put a link in your app to get users straight to that screen so you don't have to try to talk them through it.

I agree with you that I doubt many people have any idea that stuff is there.

I've found ios applications to be fairly resilient to this, probably because the platform has a fairly long history of it. Of course if you don't allow GPS to a mapping application it's useless, but for the most part when the API is for "optional" features ios developers seem to handle the "denied access" case rather well.

A welcome change. But, for this to work, the violators (even past) can't be allowed to bypass the rules.

For example, how many of the top apps that explicitly allow kids, violate some or all of the COPPA standards?

Clash of Clans is just one example, ages 9+, but allows custom usernames and p2p chat with very little filters. Those social features are key to long term engagement, even of 9 year olds.

I'm trying to get my head around the keychain changes, and whether they fix one particular annoyance that I have with iOS.

Currently I have the Gmail app installed on our family iPad. My Google account details are therefore stored in the keychain.

If I use the Google Maps app, it PERSISTENTLY asks the user to sign in (using my account already in the keychain). My wife doesn't want her location searches saved to my account, nor those of my kids.

I don't want to login to the Google Maps app, but Google seems to want to force me to, even though this is a shared device. There doesn't appear to be an option to say "no, thanks, stop f%*king asking".

So instead I use Google Maps in Safari and cringe if I really need to use Apple Maps - slooooooooow.

Can anyone shed any light on whether I'll be able to block the sharing of my Google account details between Google apps?

No, this actually goes the other direction. If you have stored your Google login credentials in Safari, then the Google Maps app could login automatically without prompting you. Currently only apps from the same developer can share keychain items.

Apple would rather you buy two iPads than share one, and their OS is designed around that.

I had somehow missed the news from WWDC that accessing the camera now requires explicit permission from the user.

I'm really surprised camera privacy took this long to arrive, and I wonder what the reasoning was for not implementing it at the same time as microphone permissions arrived in iOS 7.

>I'm really surprised camera privacy took this long to arrive, and I wonder what the reasoning was for not implementing it at the same time as microphone permissions arrived in iOS 7.

I don't think apps could take photos without you explicitly triggering the process, so no permission was needed anyway IIRC.

Using the lower level AVFoundation classes to start a capture session, any app could absolutely get live camera access to either front or back camera without the user knowing anything. I know because my app shows a live preview to the user right when the app starts up, no permission required, direct access to pixels, and if I chose not to display the UIView that shows the live camera data, that would not change my app's access to the data (under iOS 7 and earlier, I mean).

It's possible Apple screened for non-camera apps using those APIs to keep spying apps out but (Edit: bad example, this was an Android app. I had said: "there was that flashlight app that was storing/reporting user GPS locations without permission so obviously things were slipping through the old system.")

On the iOS 8 preview page for the Photos App the iCloud Photo Library integration is featured very prominently.

I wondered what this means for privacy. It isn't mentioned in the original post, probably because it's an extra app therefore out of scope of the article. I'd be interested anyway in any information on this, primarily: Will Photos be practically usable without iCloud? Syncing my devices with iPhoto is pretty seamless, will it still work?

[1] https://www.apple.com/ios/ios8/photos/

You can disable iCloud Photo library, atleast in current betas. Regarding iPhoto, it is being discontinued in favor of a new Photos app in Yosemite. Existing app should work with maintenance updates to it.

Random question: If the specially blessed form names for user signup is 'username' and 'new-password', what's the name of the field that's "password again" (for typos)?

According to the "Your App, Your Website, and Safari" WWDC session from this year [1] (Slide titled "Signing up with confirmation" towards the end of the document), you simply use the `current-password` or `new-password` autocomplete attribute again for confirmation of either field.

[1] (Session PDF Link): http://devstreaming.apple.com/videos/wwdc/2014/506xxeo80e5ky...

I was confused by your wording and checked the slides myself.

For some reason I was convinced that these were name attribute values, not an `autocomplete` attribute.

I don't think autocomplete is supposed to work for fields that check typos?

Autocomplete doesn't make typos so why shouldn't it work?

Because it defeats the purpose of the field that's checking for typos.

And that purpose is obsolete when a computer is inputting the password.

It's necessary when you're letting safari generate a password for you. Safari needs to type in the same password twice.

The biggest win for me is contact access control, it drives me absolutely nuts when a messaging app or whatever insists on having full access of my very private and valuable contact info.

What's more worrying is my contact information on friends devices. I have zero control over that.

Some of them are even on Android! ;)

I wish networking was sandboxed in iOS 8, at least for particular kinds of apps (e.g. diary apps). Apple could use the chance to promote iAds and CloudKit at the same time by whitelisting them. :)

Screenshots, created with Sketch... Doesn't look good on devices that don't have "Helvetica Neue" installed.

What is this "installed" you speak of?

Nice detail on SVG graphics.

Unrelated to content, it's interesting that I could reduce the scaling to not 90, not 75, not even 67, but a whole 50%, in order to have the font sizes be of comfortable normal size rather than extremely large. It's a pattern I'm noticing more and more, and it makes me worry.

That’s just the nature of different displays.

By default the font is about as big as what you get in your typical novel assuming typical reading distances (on a pretty standard 1440×900 logical resolution 15.4″ display, and that’s certainly not a display with an atypically high logical resolution). For me that’s just perfect and I actually think it’s just perfect for most people. In general the font size tends to be way too small on most websites.

It's optimized for mobile. I"m reading it on an iPhone and it's perfect.

Odd, it looks like you're getting down-voted. I mean, I'm no more of a fan of "page layout complaint that has nothing to do with the article" comments than anyone else, but I don't know that it's down-vote-worthy.

Anyway, at the apparent risk of being on the receiving end of some down votes myself, I'm more curious why giant fonts are a trend. I'm old, I wear progressive lens (what used to be known as "bifocals"), and I still hit the Cmd⌘-+- combo a few times to crank it down to a readable size. Is it some attempt to capture the aging baby boomer market? (I ask with tongue somewhat in cheek...)

Fonts render better at larger sizes (i.e. with less subpixel antialiasing issues).

Also, until recently most browsers didn't support subpixel typographic adjustments (for instance, "letter-spacing: 0.4px"), and you could only adjust this stuff reliably if your font-size was higher than 20px.

That said, 16px is the default base font size on most user agents, and it seems adequate for reading on many devices. However, I tested 16px in Luis's site and it was not quite satisfactory. 19px seems to be the sweet spot in this case.

Ultimately, no font-size is perfect for everyone. Be thankful that your browser zoom works ;) Even on a desktop, sometimes at night, with f.lux on, I have to zoom HN to read it comfortably (thankfully Safari has tap to zoom in an area).

I'm more curious why giant fonts are a trend

If you imagine that page on a phone screen, you'd find that the font size is probably a lot more normal than it is large. If you're expecting > 50% of traffic on mobile then that's the use-case you optimise for.

Why not use media queries to apply screen-appropriate CSS?

Is there a reason the author's name is in the title. Seems to violate the HN's guidelines.

Is the author so important that we should know of him/her?

Having said that, the article is awesome and if the author keeps writing pieces like this I'll be reading more!

It seems the title is fixed now? It's a good document, anyway.

I assume that HN just picked up the title from the page pointed to by the submitted URL. The page title contains the author name.

Looks like they just copied another feature as usual from some competitive OS and made it sound like something new.

I swear there is no weaker criticism on tech forums than people complaining about how technology X is lame because it has some nifty feature that competing technology Y has been doing for a long time, which is always followed by a complaint that whoever made technology X is guilty giving the false impression that they are 100% responsible for inventing whatever that feature was, by virtue of the fact that they don't include a long list of thank yous to said competitors in their marketing materials.

In previous decades, this argument was every bit as silly when someone used it to claim that Windows sucked because the Mac came first, or that the Mac sucked because the Xerox Alto came first, or that the Xerox Alto sucked because the Analytical Engine came first, or that the Analytical Engine sucked because the abacus came first, or that the abacus sucked because fingers came first, or that fingers sucked because...well, I don't know. Maybe there were a bunch of flagella graybeards on the forums who would get super pissed anytime someone made a positive comment about fingers without acknowledging the evolutionary contributions of their species.

can you name that OS?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact