The difference that Tim Cook wants you to believe in is that Apple doesn't directly make money from your data, they just use it to improve their product; alternatively, Google makes money from your data by providing advertises with guided access to your eyeball.
But the danger isn't in the fact that Google lulls you into complacency with free services. The danger isn't in the fact that Google sells guided access to your attention. The danger is just in the collection of data, and the fact that one day the government or somebody could find a way.
There's only one way to be safe. And that's to collect only minimal amounts of data for minimal apps. That means gimped Siri. No Apple competitor to Google Photos. And I don't think Apple will do that. I think they'll continue to amass all the data they use to improve customer experience. The fact that Apple makes money differently off the data doesn't change the fact that it's collection that's inherently dangerous.
No. The only way to be really safe is to go live in a cave, not to have any friends and never go anywhere near any tech ever again. I'm sure you can tell that I don't consider that to be much of an option.
It's unhelpful to label 'data collection' as the source of the problem as 'collection' happens everywhere in our interactions with the world. There are valid arguments and discussions to be had about who really owns that data. It may well be about me, but that doesn't necessarily mean that it's mine. I'd say the majority of people are only just beginning to understand that a discussion needs to take place even though technical folks have known this for a long time.
One solution to the 'ownership' problem is to make it possible for everyone to run their own infrastructure. i.e. have their own 'backend' that apps/services can be installed into, which their end-devices can then connect to. This is already possible for the technically savvy but a lot of work is needed before I feel we can trust such systems (I'm working on approaches to this [1,2], based on unikernels).
In the meantime, I applaud business models that are not built around profiling (which is the crux of the issue cf. advertising). They're the only ones where the incentives have any hope of aligning.
+ "Run your own infrastructure" is currently a pipe dream for what is 99.9% of people.
+ Companies selling data when they go bankrupt or M&As changing the nature of what they do with the collection happens regularly.
+ Discussing ownership is fairly simple as well, "Does the company already have your data?"
+ Any business not based around profiling has a additional options to make more money by selling their (your) data.
Why isnt excess data collection a problem? Is it because its very very hard to solve and if we pass laws bad actors will continue to flaunt them? Is it because we are past the point of no return?
Or not even a dream, because those 99.9% prefer not to run their own infrastructure even if it's easy and cheap.
However, "local apps" (ones which don't require infrastructure) could be appealing if they could achieve parity with the enormous-backend apps.
I tried DKIM, but the e-mails were still sent to Gmail's spam folders. Eventually I gave up on self-hosted e-mail.
If you look at the computer history, we already had several cycles from single computer to timesharing to mainframes/supercomputers to PC to thin-clients/mobile to (?). There has always been a time when single powerful computers were in the majority and then there has been times when thin-clients with big server structures were the majority. The Internet supports also the model of more decentral computers and everyone could host their data on their own devices. It's currently just not the right time and there is no business model behind it, so no one push for that solution at the moment.
I think the biggest difficulty with balancing privacy concerns against other factors -- or even encouraging debate about and awareness of the issues among non-technical friends and family -- is that an item of data is itself neutral. It is how that data is used or combined with other data that may or may not be in any given party's interests.
Sometimes the exact same technology or data could be used for very good purposes, useful and generally harmless purposes, or hostile purposes, depending on the context. For example, consider automated number plate tracking of motor vehicles. If your child has been kidnapped and a witness caught the plate of the kidnapper's vehicle, you're going to appreciate the police being able to find and intercept that vehicle as quickly as possible. If you're an urban planner responsible for keeping transport infrastructure as efficient as possible in the face of a rising population, an aggregated data set showing how real travellers want to move around your city could be very useful, helping you make decisions that improve the system for everyone. If you're that same urban planner but on the side you're working with a load of jewel thieves and abusing your access to historical movement records to figure out when specific wealthy residents are usually away from their homes so the thieves can break in and then abusing your access to real time tracking to confirm that the residents really are out or warn if they come home early, that's not such a happy ending for the data subject. Analogous issues arise with many kinds of personal data, including more sensitive areas like financial or health data.
In the modern world, with vast databases and powerful data analysis tools and effectively instant communications and effectively unlimited storage, sometimes seemingly innocuous data can also give away a lot more about you than you might want or need. Things like what you bought at a store, or who you were tagged with in photos on social media, or a recording of you walking across a street on CCTV, can be used to determine many apparently unrelated things about you with relatively high (but, significantly, not complete) reliability, again sometimes quite sensitive ones that you might very much prefer to keep to yourself. Consider the store loyalty programme that determines a girl is pregnant from her purchasing patterns long before her partner or parents know. What about the person outed as gay because they were tagged with a whole group of openly gay people on holiday? Oh, by the way, unlike their friends in the photos, the first person lives in a country where homosexuality is still frowned upon and being open about it has real consequences. Also, gait analysis said you looked nervous as you walked into the airport, but it couldn't tell whether you just read a news story about a plane going down or you have inside knowledge of a terrorist threat, so unfortunately you won't be flying today. Just wait until automated text analysis software reaches the point that it can effectively de-anonymise posts like this one, and suddenly a lot of people who thought posting under a pseudonym was going to hide their criticism/whistle-blowing/advocacy of some controversial subject realise they weren't as safe as they thought and those comments are now permanently recorded on some public web site.
We therefore need to move beyond black and white assessments like "data collection is dangerous" or "social media sharing is fun". What matters is not just what data is collected, but also who has access to that data, what they are allowed to use it for (including for how long it's stored, what else it can be combined with, and the like), and crucially, how these things can effectively be controlled or regulated to ensure that everyone is playing by the rules when data is data and once someone has it for one purpose it can readily be used for another.
I think at the core however the issue is not how the data is used but one of ownership and privacy. It is "my" business where I drive. It is "my" business whom I call. It is data about me and my behavior. So to have that information about me used, even if it could be assessed publicly, without any need for consent from me becomes the issue.
License plate readers are tantamount to placing a tail on me. The same with tracking my movements via several CCTV cameras, etc.
Retention just makes the situation worse. Yes, you could approach it with laws of appropriate use of this data but the problem is what about when the laws change. And the data is still there. Similar to how people gave data to Radio Shack years ago to find it now being sold to 3rd parties. Privacy policies are constantly shifting for the companies' best interests. Who can keep track?
The problem is that once the data is collected it is out of your hands. And why the regulations need be at the collection level with strict opt-in requirements as well as the usage and retention level.
True enough. However, it is also the business of the people who are responsible for building and maintaining the roads to know how those roads are being used.
It is "my" business whom I call.
True again. However, it is also the business of the phone company who must provide the service you ordered and to which you will owe money based on the calls you make and, in some cases, who you are calling.
I do understand your concern about data being out there at all. However, the reality is that we interact with the world and the people around us all the time. Sometimes that will result in data that refers to us but also affects other people for legitimate and often unavoidable reasons. So I don't think an extremist position that no-one should ever be able to collect data about you without your explicit consent is ever going to work. As others have noted, that would mean you couldn't interact with almost anyone or anything in the modern world, and unless you're planning to live 100% off-grid as a hermit that's just not a viable possibility. Instead, we should consider issues like the retention and repurposing of data.
Licence plate readers that are automatically tracking cars through a congested area that has variable speed limits are potentially in everyone's interests: smoothing out the traffic flow makes everyone's journey faster and safer, and has basically no downside. However, once a vehicle has left that area, it is no longer necessary to keep any specific details about it for that purpose. The data can be discarded, or completely anonymised simply by turning each plate into a unique but otherwise meaningless number before it's recorded if it's useful to store aggregated data for more general traffic planning purposes. Similarly, if plate recognition is being used for enforcement of that speed limit, there is no need to record the details of anyone except those the system has determined to be exceeding the speed limit, where the evidence will be used for a subsequent prosecution. Once any resulting legal processes have run their course, the data can also then be completely discarded if no conviction resulted.
The risk in either case is not the scanning itself, it is the retention of the data and potentially use for other purposes and correlation with other data sets later. Given robust rules about keeping personal data no longer than necessary for its stated purpose, and probably about declaring its stated purpose in a meaningful and usefully specific way, this is not so much having a tail as having a driver in a car behind who happens to be following you for a while on the same road but then forgets they ever saw you within moments of going your separate ways. I doubt even the most privacy-conscious person would consider that an unreasonable risk in other contexts or expect to be able to prevent it.
Apple improves their products for several reasons, but as a for-profit business the main reason they would use some of their limited capital to "improve their product" would be to make money.
The details about how a business exploits user data is not that interesting. Arguments about this kind of minutia are a distraction and a waste of time. The problem is, as you say, the fact that they collect data at all.
> That means gimped Siri
As Dan Geer said regarding the inevitable software-industry complains about liability legislation
"Yes, please! That was exactly the idea."
In his recent (highly recommended) talk, Aral Balkan suggested a very interesting model, because there is another product that is well-known to adversely impact the people "near" the user as a secondary effect: tobacco. Siri, Amazon's Echo, and most of Google's services are like software "second-hand smoke". Like smoking, I don't care what you do in your own home. What we need - at a minimum - is new social conventions/etiquette where you ask permission or step outside before enabling any of these recording devices.
Not on a social networking site? Don't worry, they probably know a significant amount about you anyway, just from friends who have given the social network the entire address book from their phone and a few photos with you in them.
Decided not to use Google because you're not sure about how much data they collect these days? Don't worry, they probably have a significant proportion of all the e-mails you ever send from one of the other parties anyway, and you have no reliable way to determine when this is happening or to avoid participating.
And of course there are the numerous third party widgets that not only make the modern web a slower, sometimes malware-ridden, often ad-ridden mess, they also follow those not technically skilled enough to protect themselves around. Don't worry, they promise they won't tell your health insurer about the medical conditions you were looking up. No, wait, they didn't.
Now we have the kinds of technologies mentioned in the parent post, with smartphones and headsets and home automation systems that have sensors and network connections being placed just about everywhere, and we really are starting to live in a society with permanent surveillance.
In many ways, these kinds of issues are much harder to address than the already difficult questions of how to control first party data collection. Most of them by their nature operate in the background where a lot of people will never even know they are there, and even those who do may or may not be able to do much about it.
Social conventions would not/do not work as much as we would like.
Siri (as well as several other similar products) is based on Nuance technologies (speech recognition, text-to-speech, etc). It was recently in the news that Nuance outsourced their voice technology quality control (US based human workers listen to your voice data and checks the speech recognition quality, some workers mentioned they recognized single persons from reoccurring voice data). So your voice data is being processed by several parties.
The two big mobile OS vendors Apple and Google and also smaller players like Microsoft make it incredible hard to not-use their cloud storage&sync offering. Storage space is synthetically limited to low GB, with an high up price for additional storage. An SD-Card slot (= cheap extra storage, as a card is very cheap) is only available in Android devices (third party vendors hardware manufacturers like Samsung, Sony, etc.) but not from Google itself. All the inbuilt sync functionality only works with their own cloud storage, no third party cloud nor a simple sync over Bluetooth, Wifi or USB-cable. They could do better.
When Google(+) Photos auto-tags my photos, still my data, although I'd admit the IA training requires a big amount of photos.
Looking at https://www.google.com/landing/now/#cards ; it's obvious a lot of those need online information. It's not obvious that the data source for requiring those online informations has to be in the cloud, or combined from multiple people's data.
It is, but that's pretty useless unless Google also knows so that it can send you the relevant updates.
>When it knows where I work and live to ask Google servers the weather or how long it would take to go somewhere, still my data used as the request base.
The weather, possibly (although again, it's not much use unless Google know enough to target the local weather at you). The how long to get there, not so much. One of the key things they use is info on where everyone else is. This is a classic case of pooling everyone's data in order to add value.
It's shortsighted to say that just because (example implementation) my device polls their server for $team, that it is the same as "google knowing" I like $team. The interface does not need to be authenticated, or keep logs. There is just a slippery slope between monitoring for diagnostics and abuse that incremental business value very quickly slides into tying team-specific view counters and a favorite team to my user identifier.
And Google doesn't necessarily know that you like $team. It knows that the email address you used to sign up to the alerts has requested updates on it. Is that really particularly scary?
Even with a locally installed AI, it will need to be trained on real and up to date data, it needs feedback on what was well recognized and on which data it failed, etc.
the training and update cycle can be done on an individual basis, but having a distributed system sharing a huge set of varied data would accelerate the process exponentially.
Ideally training data shouldn't be stored once it is ingested by yhe AI, but we'd need at least interconnected AIs dharing data from different users
Viewed differently, the value of N specifies how uniquely identifiable the user is.
I gateway all my devices through one computer running a stripped down kernel. Through this host I monitor all attempted network connections. I block ads and of course this means I block Apple.
Apple devices are like beacons, attempting to contact a variety of Apple servers from the moment you turn them on and continuing to "phone home" incessantly 24/7 until you turn them off. That is only one example, but to me it is the most egregious.
Apple's competititors are no better. Do users really believe that one of these companies is going to protect them?
When the owner of a Chromecast plugs it in for the first time it tries to connect to Google to patch itself and prevent the owner from jailbreaking.
Perhaps my favourite was this patent application from Apple, with the CEO as a listed inventor.
As for "providing advertisers with guided access to your eyeball" I believe that is what the App Store system does; it lets the app developers do the providing by embedding advertising into applications (cf. operating system, as in the above application).
Do you do this always via a vpn or something or was it just to try it out?
Yes, I do this always.
For me, the ad blocking is most easily done via DNS. djbdns features make it especially easy. I have been using DNS to block ads especially in app ads for several years now. Never expected it to work so well (such heavy reliance on DNS by developers), but it does.
There are of course other ways besides DNS to block unwanted connections including ones to Apple and third party ad servers.
As for Apple's VPN capabilities, I have experimented with xl2tpd but not as a way to block ads.
If you use Google's products(and who doesn't use Google Search ? ) , Google already knows plenty about you. And even if you don't use Google products, Google knows plenty about you, since it's tracking software is installed in large percentage of sites, etc.
And if you add machine learning on top of that , the amount that Google knows about you is great - even if you use Apple's products.
In reality, by using Apple's products, you don't gain privacy , you lose privacy - now two companies know a lot about you, instead of one.
With the car industry about do become part of the ecosystem it makes sense. Get in a Google Taxi and you'll have to watch targeted ads the whole way there. Get in an Apple Taxi and listen to classical music.
Essentially Tim Cook said: "Apple is a good girl (we do the same things that bad girls do but better)"
The fact that Google abuses the data and Apple doesn't is already a major difference. Just because government can use its monopoly on violence and imprisonment to go one step beyond doesn't make what businesses do harmless.
Yes, the collection is already inherently dangerous, and what Apple does is certainly not harmless. And yes, they will use that data to their advantage.
But the unscrupulous abuse of that data, the blatant disregard for privacy, a business model that depends on abuse of that data, and the obvious hunger for social and economic power by Google and co is not a minor difference.
That it happens to be commercially advantageous for him to say that his business model is more virtuous than Google's or Facebook's doesn't bother me. In fact, I think there are fixes that could preserve their business models yet reduce the threat. Great. In the mean time, we need people to understand that unfettered surveillance and data use, taken together, are a drastic threat to human freedom.
EDIT: I'll add: Certainly the other two leading browser makers couldn't compete, and in mobile platforms only Apple, if they sell Cook's pitch effectively, can provide any competition.
Now yes, they say the tiles are based on your local history and not transmitted anywhere; so it's not as bad (I don't care if other people don't see it, I don't want my data mined even locally for the purpose of showing me ads); but it's pretty clear that Mozilla is a business that wants to earn money. And as the saying goes, "if you're not paying for it, you're not the customer -- you're the product."
But you're right about one thing: they're probably the least bad of all the browser manufacturers on all this. Maybe what we need is a crowdfunded browser, where the company listens to their users and has no conflicts of interest.
Then "just" collect enough money for Mozilla so that they don't need other sources of income
So yes, if you're hoping to crowdfund you a browser, then if you can't persuade people to donate millions and millions and millions then you're not going to be successful. A modern browser engine is millions of lines of highly optimised code long (check out Servo), and that corresponds to hundreds of millions of dollars of investment.
At the moment, you're essentially trying to say that being open-source and being actively developed are mutually exclusive, which seems odd (if Mozilla threw away Yahoo, they'd be bankrupt).
Currently Firefox is 12,000,000 LOC, so each line of code costs $25 per year? o_O If so, I am in the wrong business, given my main project is 300,000 lines of my own code.
Now, I totally believe the costs are astronomical to run a web browser team and all the servers required for such a feat. But surely it can't cost nearly this much. Especially with volunteers working on it as a labor of love as with many other major open-source projects, such as Linux.
In my ideal world, access to technology has become so essential that I think it's not unreasonable to consider public funding for things like an operating system and web browser. I do realize this is the worst site possible to suggest such a thing, of course ;) There's countless problems with that idea as well. We'd need a government that didn't spy on its own citizens, and wasn't far more wasteful than the private sector. But a man can dream.
But at this point, I'd be happy with a $1m Kickstarter to develop a fully-featured Webkit-based browser UI that is absolutely by the users, for the users. Taking only their input in mind (no crazy designers that "know better than the users"), no compromises on corporate interests (DRM), and never implementing any form of advertising nor doing any backroom deals with companies that want to mine your data like Google and Yahoo.
Brooks' estimates suggest that cost of development increases with the square of the length of the code.
Likewise, a single developer should expect to achieve around 10 lines of code per day on an established codebase. This is about $45 per line of code at SV rates.
Mozilla has over a thousand employees on its various projects, and this income is necessary to keep them in work.
You wouldn't get $1M out of that Kickstarter. You could literally just change the default search engine and compile Firefox yourself.
I do think it creates a conflict of interest when you're a privacy organization and by far your biggest customer is a company that makes all its money in the advertising business, but like you said, it's easy to turn off.
I'm a lot more creeped out by the newtab tiles. Again, I know you can turn it off, and I know it's not transmitting my search history off of my PC. I don't think that makes it okay, though. I don't want code on my PC that's designed to analyze my behavior to push products on me.
I know I'm in the minority here, but I'd be willing to pay some money for a light, configurable, sensible browser like Firefox 4 but with modern HTML5/CSS3/etc support. It'd have to run on FreeBSD and be open source, of course.
Here's a thought experiment - what it Mozilla spun-out a "Firefox foundation" that only worked on Firefox? How many employees & how much funding would that require? I suspect it could get by without the ads and could infact, be kick-started.
Granted, this would not mesh with Mozilla's manifesto, and the other projects would die without the ad-powered money-printer that Firefox is.
Myself, I'll stick to Konqueror. You don't need a Mozilla-sized organization or Mozilla-scale funding to make a great (IMO better than firefox in many respects) open-source browser.
Yes, in fact it enhances Mozilla's reputation (or should): 1) It doesn't compromise your confidentiality because, as you point out, your data never leaves your computer; and 2) They provide a way (and open code) for the whole industry to greatly improve the confidentiality of their advertising.
> I don't want my data mined even locally for the purpose of showing me ads
That's fine, but it's not a confidentiality issue.
> defaulting to Yahoo to send your searches because they were the highest bidder?
Given that there are confidential search vendors, such as DuckDuckGo, I agree that this is a confidentiality issue.
Let's start with the facts. Apple makes its major money in hardware. Google makes its major money in search. Obviously, iOS has to be able to compete with Android in order for iPhones to sell well. Google offers services like Google Now and Google Photos that can be tailored in a more personal and effective way. How? They collect as much data as they can get away with. Consumers get to have services that should be better suited to them because of this.
If Apple wants to compete, it seems that there are two options:
1. Start mass collection and become a better Google.
2. Reject Google's model, and build iOS around privacy and non-invasiveness.
That's what this is. I do think Apple will either make a search engine focused on privacy or buy one (e.g., DuckDuckGo). Personally, I am happy that Apple and Google are competing in this way.
I think there is a large amount of value in both of options 1 and 2. To me, the idea of Now on Tap and Google Photos is absolutely horrifying. On the other hand, my roommate told me that the Google Photos app was perfect.
I suspect that my views will hold, but it is possible that personalization becomes too important to opt out of. I tried to delete my Facebook for similar reasons recently. I missed out on enough party invites and messages from classmates that I ended up going back.
That isn't a good thing. http://dontbubble.us
Unless Jamie Fox someday starts giving speeches about Django framework, this sounds like a pretty weak excuse to use a google-style (i.e. 'personalised') search engine.
> I think option 1 is more likely for Apple.
Google's business model is basically selling aggregated user data - not in the form of raw data but in the form of targeted ads - for $0 (note, they aren't "free") services.
Apple's business model is about selling hardware and software, and providing a fairly complete ecosystem to use those products in/with.
Given that Apple's iOS+ecosystem accounts for close to 90% of the profits in the smartphone market, I don't understand this claim by people "Apple will have to adopt google's strategy to remain competitive".
If anything people are becoming more sensitive and more aware about the "creepy" factor of having all your personal information in the hands of some corporation that uses it for profit.
Well, the search engine I'm using not being able to find what I'm looking for is also a not a good thing.
I quite like DuckDuckGo, but 10% of the time DuckDuckGo falters on a search and I have to put in a '!g'. Clearly, you can't be the absolute no. 1 search engine accross almost all queries without using some degree of personalisation.
As for a search bubble, Google and DuckDuckGo just take two highly opposing views. In reality, I'd love to be able to turn personalised search on and off at will, but neither DuckDuckGo or Google are going to let me do that any time soon.
I don't get the argument being presented there. In either situation, some information is visible, and other information is buried. Presenting the same top results to everyone is just as bad of a bubble.
Sure it is; the difference is its a search-provider-specific bubble, rather than a user-specific bubble. Both isolate you from information which exists and potentially distort your view of reality.
Its analogous to the difference provided by the information bubbles provided from the (highly-selective, often-biased-in-the-same-way, rather homogenous) mainstream media in the pre-internet era and those provided by the much more heterogenous, audience-specific online media outlets from which people increasingly get news today.
You get stuff that's a little more relevant to your usual interests, which places you in your own bubble, but IMO that's better than everyone in the world being in the same shared bubble.
I don't think you understand the term "search bubble". It's a bubble because you're cut off from the rest of the world, like the boy in the bubble.
The only way everyone getting the same results is a "bubble" is if you consider us living within the atmosphere of Earth as being in a "bubble".
> You get stuff that's a little more relevant to your usual interests
Did you even read the linked page?
Claiming that getting results that are in-line with your pre-disposed ideas (which are expressed through the profile Google/etc have of you) is like claiming that a board of directors full of yes-men is a great recipe for success.
Everyone getting the same narrow set of search results for a term based on global popularity means everyone's cut off from more diverse search results. We've seen research that indicates people click only the top couple results. IMO, that's a big bubble.
> Claiming that getting results that are in-line with your pre-disposed ideas (which are expressed through the profile Google/etc have of you) is like claiming that a board of directors full of yes-men is a great recipe for success.
And giving everyone the same results is like having a single board of directors for everyone.
Personally I prefer DDG simply because the bang codes are so convenient.
From that communication, I read that Tim Cook is against some business models, not machine learning or data collection.
Which sounds exactly like posturing to me. Contrast this with what he says about back doors - if it's there a key under the mat for cops, the bad guys will get it. The same applies to data collection - the motives behind the collection don't matter. If data is collected, sooner or later some of it will fall into the hands of a 3rd party the user didn't expect - possibly bad guys (through legal discovery, a hack, bankruptcy sale, or some NSA ALL-CAPS program).
The right thing for privacy is to not collect the data, but Apple is unwilling to take that business decision (imagine how bad Siri would be if voice data wasn't sent to a backend).
Just a month ago, I was asked by an employee of an Apple Certified Service Provider to decrypt my hard drive in order for Apple to make a "hardware test". There was an issue with my display, but they insisted that Apple's hardware test needed to have access to the data on my hard drive and send information back to Apple via the Internet. What about privacy, now?
So, don't believe anything they tell you. If you want to be secure, you need to take care of it yourself.
Edit: Just to make it clear, the employees were asking me, to hand over my administrator password, which should be added to their database, in order for the technician to successfully run Apple's hardware tests. This is literally the most insane thing that ever happened to me...
They said I would need to drop off the computer with them; they would order a new battery and I could have it back in a week or so. I said I couldn’t do without the computer and I couldn’t let them access the hard drive (not encrypted) as I have proprietary data on it.
They said I could make the full payment and bring it in when the replacement battery arrives, leave it with them and collect it in a few hours. They insisted they could not replace it with me present and the minimum time I would need to leave it was 3 hours. This is easily enough time to clone the hard disk, which I did point out, politely, but they said this was the most they could do for me.
I ended up buying a third-party battery and changing it myself. It took less than 10 minutes. If it doesn’t last long, I’ll just have to buy a new Mac.
So yes, apparently there are no standards in place for data security as far as authorized service centres are concerned.
1) Time Machine it
2) Clean install
3) Drop off computer to be fixed
4) Pick up computer
5) Restore from Time Machine
I've never had a problem.
In the end I just wiped the hard drive. They should've asked for that immediately.
They should have. That said, I'm confident that the significant majority react extremely negatively towards that request, so they have learned to ask for passwords first. Best practice? Definately not.
They needed access to something, and asked you for it to complete their work.
It would have been insane if the guy had just hit a button, and your data was decrypted.
As it stood, you were always in complete control of your data.
Writing down passwords is bad because other people can find them. If they're kept safe, there's no issue.
Handing over your password means that there is practically no barrier for a technician to obtain all your data, all your private keys, etc. It only takes one guy with malicious intend to make your life miserable. Often, people also store their work related keys on their computers. So how about opening your company up for someone else?
The issue is that not all people are careful with that. And the code of conduct of Apple to just trust any technician 100% is completely wrong. Setting up a secure infrastructure means, you should assume that parts of it are already compromised. In that case, assume the technician is trying to obtain as much private data as possible, how can they still keep their customers safe?
Again, it could be a software issue. If I complain that my WiFi isn't working, and you take it in to have a look, and your diagnostics say that WiFi works, then without the password you can't do anything at all. If my problem is that Safari runs really slowly and you can't log in, you're not going to be able to fix that.
If your only fix is then to reinstall the operating system and hope for the best, then you've done a terrible job.
In any case, the tech has physical access to your computer, and in the presence of that you should not assume any security from your disk encryption. FDE is good for one loss of control; after that you should assume compromise.
They can still do some tests. It's not like wiping the hard drive helps solve software issues.
>FDE is good for one loss of control; after that you should assume compromise.
If the threat model is a malicious actor, yes. If the threat model is accidental plaintext password leaking, there is a huge difference between the scenarios. I could construct a similar argument against password hashing on servers...
That's just fear mongering.
Why would you not change your password before taking it in? You should be changing it regularly anyway, and you shouldn't be using that password in more than one place. The idea of it leaking from a technician's database is irrelevant because you would change it as soon as you get the machine back.
If you are that worried or tech savvy, just wipe it before you go in. You seriously expect them to ask every single customer to wipe their drive?
Had I given them my password, I'd not have had the issue. I was able to do the fix, but not everyone would be able to.
I've always found the "Geniuses" to be fairly helpful and they always explain what they were going to do to my gear.
That you should never need to give out passwords is mostly a safeguard for social engineering and phishing scams for accounts stored on a server over the internet. Only a malicious third party would ever ask for these types of account passwords, because those with legitimate needs to access it (you and the service operator) already have it (hopefully just the hash in the case of the latter).
The password you're referring to here is an encryption key for a local hard drive that nobody else has access to. If they do in fact need access to the encrypted OS partitions stored on your hard drive in order to diagnose your problem, then they have no choice but to ask you for your encryption key. That's cryptography working as intended.
If I have a hardware problem with my display, I don't want them to read my hard drive. Apparently they still try to do so, which I think is a severe violation of privacy.
I'd have completely understood if they'd asked me to wipe my hard drive because of some data crawling Apple hardware test with an uplink to HQ. So they do have a choice "Can you make a backup and wipe your hard drive?" But asking me for my encryption password means they fail to understand why people encrypt and they don't care for the integrity of your computing.
I mean, I get what you're saying... they should have verified those things up front before asking for access, but I'm pretty sure they work on the concept of getting you the fastest service they can, balanced with the amount of customers they need to help simultaneously. My guess is that the admin password is a default question because they know they _generally_ will need it, so it's best get it up front rather than waiting hours or days for the customer to get back to them.
Personally, when I had to take my Macbook in, I just zero'd out the sensitive data, changed my admin pw to something temporary, and let them have it. I know this will be a TOTAL surprise, but the multibillion dollar corporation didn't use this as a chance to hack my life. What a novel thought.
Eric Schmidt: "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It." 
Mark Zuckerburg: "They trust me — dumb fucks." 
Tim Cook: "I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” said Cook. “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be." 
Tim Cook: "Our business is based on selling products, not on having information about you. You are not our product." 
Tim Cook: "We take a very different view of this than a lot of other companies have. Our view is, when we design a new service, we try not to collect data" 
> "People are treating Google like their most trusted friend. Should they be?"
> "I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines, including Google, do retain this information for some time. And it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that information could be made available to the authorities."
But as I said below, that never got play back then, so we get the incomplete quote everywhere. It took Edward Snowden to make the tech blogs finally change narrative.
Also I'm not sure how an obviously poor sampling of quotes demonstrates much of anything. Even if you were doing some squishy sentiment analysis your study would still be thrown out for poor coverage.
“They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”
This is a great strategy to win the hearts and minds of privacy advocates like me and take shots at companies like Google at the same time.
If you google a bit, I bet you will find similar speeches from every single big company CEO these past years: "Privacy is our number one priority, blah blah blah".
If you think Apple is different just because Tim Cook has great speech writers, you're being naive.
All these companies are in it to win your private information, and we are all prepared to give them some of our private information if what we get in return is worth it. That's the game, simple.
But that never got play back then, so we get the incomplete quote everywhere. It took Edward Snowden to make the tech blogs finally change narrative.
If Google don't track/store what I search for, what results I click through to, etc, it doesn't matter what the US government asks them for - they are technically unable to hand over data they don't have.
For example Google Analytics: if that product didn't exist the government couldn't just ask Google to install tracking scripts on half the websites in the world without anybody noticing.
You could argue that the government could force Google to create and market Google Analytics. But that just re-enforces the idea that we shouldn't be using Google Analytics - we don't even know if it isn't entirely a program created at the request of the US government (I don't actually believe this, but it's where you end up if you start worrying about the government forcing Google to change their business).
Which.... is true anyway, regardless of the potential for government-enforced data collection.
Schmidt (and Google) are extremely pro-privacy and against sharing information with the government. Google must have like ten lawsuits going on at all times on the entire planet trying to fight intrusive data request from governments. They spend hundreds of millions of dollars every year to prevent governments from gaining access to their data.
At least with Android being open source, they have a reasonable track record of transparency (obviously, that doesn't apply to their search logs, which are still proprietary).
Privacy doesn't mean "don't share my data with the government".
> They spend hundreds of millions of dollars every year to prevent governments from gaining access to their data
Funny how you say "Google are extremely pro-privacy" and then describe the vast amassed personal information of users as "their data", referring to Google.
It's not. Not at all.
If some private data of mine (including, but not limited to pictures of my genitalia) ended up someplace other than on a medium I own, that data is no longer private. I.e. it was a privacy breach.
They are suggesting that the Apple IR camera is good because it improves the user "experience by syncing with itunes to play a song with the right tempo as you dance" as opposed to the Google IR camera which will result in sun-burn cream ads. What the typical person would want is no IR camera at all.
I don't know if we are disagreeing. Or perhaps you disagree with the notion that the ideal situation for privacy is when no personal collection is done?
Privacy is seclusion. Ruffling through someone's dirty laundry, but keeping all the findings to themselves is not "pro-privacy".
You're going to run out of superlatives by the time you reach DuckDuckGo.
There may be other reasons, but the QA aspect is enough that Google would have to hit the OEMs, even if Google wanted to promote open source.
Yet google has spend years propagandizing that they are "open" while Apple is "closed" and that plays right into the latent desire to hate Apple from those who got a PC instead of a Mac when they were a kid.
Apple is different because for nearly 40 years they have been honest and forthright and treating people different. Google says "don't be evil" and then goes out and does evil. Apple doesn't say it, they just don't do it.
The idea that all these companies want private info and thus are all going to be evil is cynical.
And it ignores the fundamental truth: Apple's product is really nice software sold in a hardware box. Google's product is your private info.
The business models couldn't be more different.
"cynical: believing that people are motivated by self-interest"
In a free trade, capitalistic society, companies are by definition cynical, because the ones that are not go bankrupt.
> Apple is different because for nearly 40 years they have been honest and forthright and treating people different. Google says "don't be evil" and then goes out and does evil. Apple doesn't say it, they just don't do it.
I was with you until that last part. I would totally be on board with you if you say Google and Apple are both equally evil because they are looking after their own interest. The fact you think that google is doing evil and Apple is not makes me think you're a bit too far gone on the fanboy side.
Android ships far more units than OS X/iOS and their derivatives do.
 GNU's Not Unix
I think the distinction is pedantic, but I think we can agree that Android is the most widely shipped OS based on a Unix-like kernel.
It is, but no more than that of the OP and you. It's ultimately irrelevant to this discussion.
If you remove all the Androidyness from Android, it's Linux which is quite stripped down....
It's like a project that has no purpose.
"Evil" such as serving you ads?
> Google's product is your private info.
Better ads targeting using your private info - not selling your private info to advertisers/governments. It's evident how much you distrust Google, but don't spread and allude to FUD.
Google and Apple behave similarly, as far as I can tell. TBH, I wouldn't call either company "evil," but they're both equally unfriendly to users, IMO. I'm curious why you think Apple is less "evil"?
> And it ignores the fundamental truth: Apple's product is really nice software sold in a hardware box. Google's product is your private info.
That's not a fundamental truth, and it's a false dichotomy. Apple's products are both software/hardware AND private info.
>Nobody can really tell what they are collecting, what they do with it and how much of it they share with third parties (including governments).
Yes, this could all be lies, but so could literally anything anyone says. Either you choose to live as a recluse in the woods with no technology, or you choose to trust at least some corporations. That might mean trusting your search engine, your cell phone company, your car manufacturer. Heck, you're trusting your ISP right now not to do a MITM attack on you. The natural conclusion is that you should use strong encryption in everything you do. At this point, there is one company spearheading this to get it into the hands of consumers who don't know any better.
Again, I realize Apple isn't blameless, but there's an awful lot about their recent actions to show they are making decisions based on what is best for the consumer. I think that's a good thing, and it's hard to imagine why someone would argue against it.
The companies he Tim Cook described, that offer "free" services and data-mine/aggregate/sell your personal information to fund the business? Yes.
Apple has a vested interest in not collecting, analysing, aggregating and using the vast amounts of private information other companies do: they're seen by many as a premium brand, where you pay a bit more and get a better product/experience. Part of that is not getting "maybe you'd like X" emails from the App Store, or "Hey do you need a new printer for that Mac you just bought on Apple.com" type shit.
> and we are all prepared to give them some of our private information if what we get in return is worth it.
You might be. "We" are not all prepared to hand over private information.
I use a fair variety of google products on a couple of different platforms and have for years. Google has never sent me a suggest-sell email. They don't hide the fact that they're in the advertising and marketing business, but they're not that unsubtle.
Perhaps other people get suggest-sell emails from Google, but it's not something I've seen (or heard people complain about).
Did I say it was Google doing this?
One of my pet hates is people who imply something, then use "but I didn't LITERALLY write the exact words that say that". You can play that game forever - for instance, where in my first reply to you did I explicitly mention that you did say it? I never said you did.
Isn't implication a wonderfully deniable building-block of human communication?
> I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information
> where in my first reply to you did I explicitly mention that you did say it
You were the one who brought Google into the conversation. I said Apple don't send spamvertising emails based on App Store purchases, because that's a very easy concept to understand how apple could use the private data they do have (i.e. my purchase/download history of iOS apps) as a revenue stream.
I think Google should be avoided whenever possible, but I'm not stupid enough to think they're the only company with skeevy data collection policies at the core of their business model.
And just in case you are enough of a naif that you missed that 'subtext', if it can be called that subtle, the article even explicitly highlights that it was a swipe against Google and spends a paragraph explaining why. Cook was the one who brought Google into the conversation, not me. He just didn't say the word 'google'.
And besides, what kind of counter is "these were the literal words" to someone whose argument is "there is more to communication than literal words"?
But hey, "I never said you did".
Do you seriously believe that? They are doing this non stop. Not a month goes by without my iPad requesting my iCloud password so it can back up my entire tablet, even though I've repeatedly declined to provide it.
They are collecting and analysing PII data all the time. They need it because it's an arms' race. They will only stop if compelled to do so by governments or by a privacy scandal.
> "We" are not all prepared to hand over private information.
Unless you tell me you never, ever use a search engine (not just Google, could be Bing or Yahoo or whatever), I am pretty sure you are in denial about that compromise. You are giving away private information all the time, you just don't realize it, or you are okay with the fact that "Getting good search results for this query is worth Google logging my IP".
Apple prompts you to backup your data... so they must be analysing your data? Can I get whatever brand of space cakes you're snacking on?
> They need it because it's an arms' race
Google/etc are dependant on that information - without it they have almost no revenue at all.
Apple sells physical and digital products, and provides services. Almost all of these cost money to use, and the amount of data personal information required from the customer to provide those services is close to zero.
So tell me again why apple "needs" the data which they have repeatedly said they don't collect and don't want to collect?
> Unless you tell me you never, ever use a search engine
I refer you to https://duckduckgo.com/privacy & http://donttrack.us
It sounds like you have Settings -> iCloud -> Backup -> iCloud Backup turned on.
> They are collecting and analysing PII data all the time.
What sort of evidence do you have to support this?
Yes, they say they properly anonymize and location-scrub this personal information before they store, aggregate and analyze it (and I have no reason to doubt that they're doing that, at least for their own use), but they are clearly collecting it. And if you're going to talk about things like vulnerability to government surveillance, just collecting it in the first place is more than enough to open that door.
Settings -> iCloud -> Backup -> switch slider to off.
You don't need to supply any of it.
There's a big skip button.
Edit: This is a prerequisite for meaningful privacy. Plus having a pseudonymous account, funded by Bitcoins, for buying apps and stuff. Otherwise it's all based on trusting Apple, and so there's a single point of failure.
However, using ever-changing Tor exit IPs does trigger account locks, which require password reset. But that's arguably a feature, and not a bug.
But I do see https://giftoff.com/gift-cards/apple-store for buying Apple Store gift cards with Bitcoins.
I'll give it a go.
Edit: It seems legitimate: https://bitcointalk.org/index.php?topic=970780.0
I would suggest that this may be too small of a market to be commercially viable.
I'm sure that I represent a small market. But it's arguably a market that Apple must serve well for Tim Cook's claims about privacy to be credible.
I mean, to be fair, Google does this too -- their emphasis on openness with Android, or "the next billion" with the low-cost, low-margin devices they enable are casting their business model as more moral than Apple's -- but advocating for the moral superiority of spending high-end money, as Cook is here, always strikes me as kind of gross.
(Also, when he implies that Google sells your data, he's just wrong. Google uses the heck out of it, but they don't sell it -- why would they? It's their competitive advantage, they don't want other people having direct access to it.)
Apple may send traffic to google, but it has privacy protections in place, anonymizing the traffic from the browser.
I don't see how the Facebook app being in the store makes Apple immoral or hypocritical, especially compared to google.
Google knows a bunch of stuff about their customers inherently (because their customers have all their email on Google servers, do Google searches, etc.), so Google customers have already decided they trust Google with that information.
If Google were selling it, they'd be passing it along to other organizations that users haven't explicitly trusted. That'd be bad. But they don't do that -- they use their information to show you things based on what they know, with targeted ads; that might bother you from an aesthetic/anti-capitalist perspective, but isn't an extra concern from a privacy perspective.
(Interesting fun fact: You know who does actively sell your information? Your bank, for just about any big bank.)
(2) Use of Google search does not at all imply that a customer wants all of their searches to be associated with their identity, processed, stored indefinitely, used to build a comprehensive dossier to better target advertising on unrelated pages, or handed over to nation-state spooks who come asking. It’s not at all clear that most customers understand what information they’re handing over or what can be done with it when they use services like search.
[Yes, plenty of other ad networks, analytics companies, social media services, etc. do the same thing, and plenty of other types of companies (e.g. the banks you mention) and government agencies also build permanent profiles of people based on whatever scraps of data they can; this is not only a Google problem. It’s creepy when anyone does it, which is why there should be better regulatory oversight ensuring that customers know what data is collected and how it is used, restricting certain types of data aggregation and customer profiling, and placing limits on how long various types of data can be kept.]
But the implication there is that Google's most privacy-invasive product, by a mile, is Google Analytics, which doesn't really help Cook's case in any meaningful way, because that has nothing to do with the Google services that compete with Apple.
The 'reassurances' provided in Google's Terms of Service don't mean jack shit when they have the power to change the terms in the future to whatever they want.
And why would they do that is the question. Again, since they don't serve google cookies on analytics this would be virtually useless. An IP address isn't much to go on. Even a 5% misidentification rate would lead to horribly polluted data about users very quickly.
That google found those keywords in some poor souls email, and I don't have access to the email, doesn't make it any less the case that google is selling that poor souls info to me.
Edit: New policy. I won't respond to responses when my comment is negative. HN is rife with people who are just down voting anything based on ideology, or in a lot of cases, straight up hatred and bigotry. (IT's not question Google zealots hate Apple, and are irrational in this.) I won't be the queer in your game of smear the queer. I don't care how rational the response is.
I'm not saying you downvoted me, just that I'm done putting effort in when it's the comments are literally rendered unreadable and censored by people who don't care about rational discourse. So why participate?
To my knowledge, Google doesn't tell you where the keyword was found, or even if it was an exact keyword match or something they deemed similar enough to show (but I'm by no means an expert in Adwords).
At some point you just have to accept that when you call a plumber, the plumber going to have a pretty good base to assume you need a plumber, and this is releasing some information to them. Without that, communication would be impossible.
No, you know exactly the criteria Google requests from you when you buy the ad. That's most likely a subset of the criteria Google uses to display the ad (which can include things like the past performance of your ads / of similar ads, in different contexts, for different kinds of users and probably all sorts of stuff I'm not thinking of).
They aren't very similar.
This was the idea behind the famous 1984 commercial. Creating a sense of societal urgency and philosophical crisis.
For some definition of "basically" that means "not whatsoever". Selling involves exchanging money for goods or services with another party (to paraphrase Homer Simpson).
It's also a bit rich that Cook is talking about other entities gobbling up your data for themselves, when Apple is the epitome of the 'walled garden'. Apparently being in control of your own information is only what Apple wants if it's concomitant with their control of your information.
Cook isn't being morally upstanding here. He's just reframing his company's position to make the other guy look bad. It's the traditional pattern of hide your weaknesses and expose those of your competition.
Don't get me wrong, better privacy is an important issue and if Apple sees it as a potential competitive advantage that's pretty good (as it'll force others to improve there as well). I'll be very interested in seeing how much they push this as a general strategy.
[sadly I'd argue it's not really all that great of an idea because if push comes to shove most people will readily give up privacy for convenience (imo)]
That is just really, really, REALLY RICH, coming from the company who's behind this kind of shit: http://i.imgur.com/1lGp7ps.jpg
Yep, to turn off ad-tracking, you have to go to... Settings... then 'General'... and then... About. Wait, "About"? Yes, "About", then "Advertising" ... and then do "Limit Ad Tracking". "Limit Ad Tracking", what a wonderfully clear label huh!
Of course that's coming to you form the individual who likes to give lofty speeches about how he and Steve Jobs led in 'advancing humanity through the equality of all its employees' . Because let's please just forget about how Apple had its part in collusion over hiring policies .
The problem is legacy, a bunch of stuff was probably going to break if they just enabled that en-mass.
This is all part of their marketing campaign.
And this isn't much different from Google blasting Apple for selling products assembled in sweatshops (not that google does that)...
Apple is in the fortunate position that most of their profits come from hardware. With Snowden's publications, the security/privacy advantage is practically thrown in their lap. So, why not run with it? We customers only benefit (not only Apple customers, because this will put pressure on others).
As a side node, given Cook's sexual orientation, I am sure that this is an important issue for him personally as well. There are many countries where you can't be gay openly (yet), and digital privacy is a tiny part of the puzzle of protecting people in countries with less liberal laws.
Personally, I'm happy to pay a company with a sound business model that doesn't rely on advertising (and by proxy your private information).
How on earth some of the other commenters arrived at their worldview, I have no idea. Unusually close-minded for HN. A lot of Google employees, perhaps?
Apple makes money from device sales. Apple can make more money by using private information (to improve their cloud services, selling the search default to Google, for iAds and so on) - as long as they don't do something with it that makes people reconsider their next device purchase.
Google makes money from advertising. Google can make more money using private information with their advertising - as long as they don't do something with it that makes people reconsider using Google services.
There's a difference here but it's a difference of degree, not kind. At bottom, Apple and Google are both companies with incentives for collecting and using private information and risks that encourage them not to misuse it. You can try to squeeze a moral distinction out of the details, but it is spin, not substance.
True, but what a degree, and the difference matters :
- 91% of Apple's income is from hardware.
- More that 90% of Google's income is from advertising.
There's also a very big difference between trying to understand your customers better so that you can build a better mousetrap, rather than selling their information to third parties, directly or indirectly.
IMO, the why doesn't affect personal privacy. Pure motives don't count for anything when user data falls into the hands of 3rd parties (through hacks, leaks, or divorce lawyers).
> - 91% of Apple's income is from hardware.
> - More that 90% of Google's income is from advertising.
So, in a nutshell - it's not the collection of data that is bad, but advertising? That's BS. The collection of personal data itself is inherently bad, motives be damned. Apple is no snow-flake as Tim would have you think, they also want to gain a competitive edge from aggregating and mining user data.
The question is how much the usefulness of that combined offering depends on collecting user data. I think the dependency is not as deep as for Google but it is growing fast if you look at the ever more central role of iCloud.
Google does not sell user information by the way. Google sells conclusions they draw from user data. I am concerned about the wealth of data Google holds about me. But I'm not that much less concerned about the data Apple holds about me.
Exactly how does a company that makes money through selling you products have its interests more aligned to yours?
There was a significant backlash from when they changed the style in iOS7. They didn't ask you what you wanted.
There was also a backlash when they introduced Lion and got rid of "Save As" or got rid of the maximise-equivalent in Yosemite (you have to hold down Alt now, how irritating), or when they removed the Web Sharing option in System Preferences and you have to manually restart Apache etc. etc. etc.
They also removed DVD drives on laptops, never gave us a Bluray drive, stopped us being able to upgrade RAM in laptops and Mac Minis, ditched accelerated graphics for the Mac Mini etc. etc. etc.
The list is quite long of the things that they have changed or removed that you can't do anything about (and it is frequently irritating). As you decide to buy them and are happy with them, you may rationalise this as them making products that cater to you, but in truth they do not.
I say this as a developer who writes software for OSX as my day job btw. It's not an anti-Apple rant - it's more truth.
Stop viewing the world in black and white.
So what they're doing is bashing those who actually can do things with their data.
I like to believe there is a company that cares about my privacy but we all know if Apple can make a good business from my data it will(iAd). They simply can't!
And they collect your searches on iOS/OSX for Spotlight which is used to implement the web site suggestions features. Easy to switch off.
And Apple does have software that does the recommendations for iTunes Store, Apple Store and App Store but I am guessing the billions of money to be made by optimising those wouldn't be worth investing the time in.
Of course people who dislike Apple are unlikely to be using Apple software and wouldn't know this.
Edit after the vote brigade:
These are two straight up statements of fact. When you down vote them, you tell me that you're being ideological and you don't care what the facts are.
Alas, Hacker News has always been this way.
In particular, you're implying that as well as including local face recognition features, Apple is somehow transmitting face recognition data to its servers and/or elsewhere. This is simply not true; these features are entirely local.
Admittedly, it seems most people's filing system is basically lob all their bits of paper in one room and shut the door hence the need for these "let me organise it for you!" software features.
What? Apple makes nearly all its money from hardware, and it is selling more and more.
Software is a key part of their product, sure, and they seem to be doing ok there, but software usually runs on a hardware platform, which someone has to make.
And with the acquisition of the guys from FoundationDB pretty sure they will have at least some skill in high end database engineering.
imessages is notorious for not even being able to deliver messages in order many times. It is easily apples worst service, and should be brain dead simple.
App Store is s bare minimum store that's only real change since its inception was just now supporting videos and a higher reliance on curation (because they can't possibly figure out more automated ways). It loads horribly, and barely has any helpfulness in suggesting new apps. Search is a mess that will often not give you an exact string matchas the first result. It's a joke compared to a real online store like Amazon, and it doesn't even have physical products or difficult problems like figuring out shipping.
iCloud has had repeated public embarrassments, and can't seem to guarantee basic uptime and service despite being overpriced, and IsItself the result of several relaunches due to predecessors making such a bad reputation for themselves (.mac, MobileMe).
Siri was a purchase, and despite having is integration does not compete that great against Google now. Same goes with mapping of course.
Apple may get good at services someday, but that day is not now.
2. Not sure why you are comparing App Store with Amazon when Apple has an equivalent: the Apple Online Store. It does have physical products and has to deal with figuring out shipping across multiple regions. It's actually comparable to Amazon since they both use the microtransactions approach to billing.
3. iCloud is free up to 5GB and isn't hugely overpriced compared to Google Drive/Dropbox given that it isn't just a drive. Agreed that it has a checkered past but actually is pretty good given that it has more functionality than what Google or Microsoft provides.
4. Siri was initially a purchase but was completely rebuilt on a pretty impressive Mesos based architecture. It is a world apart from what it was originally and as I've mentioned below the integration of Cue and Spotsetter should make them far more competitive with Google Now.
I am not saying that Apple is the best at services but I think people grossly underestimate the scale at which Apple is operating with some of their services.
Are you serious? The idea that Apple's online store is even vaguely comparable to Amazon in terms of complexity is just laughable. To start with, Amazon sells essentially everything Apple's store does - plus millions of other products too. And unlike Apple, they're tracking a wide variety of promotions and offers over those millions of products. Then we can talk about all the third-party providers that also sell via Amazon. And how many orders of magnitude more difficult Amazon's search problem is. Not to mention Amazon's recommendation engine. Or the order of magnitude more online users and transactions (Apple's user base is in the same ballpark, but how many of them buy online vs in-store or via a retailer or carrier?). And on and on.
Its dead simple because other services seem to have figured this out. Twitter does actual real time systems, and its not 1-to-1. Slack meanwhile seems to have no trouble delivering me messages. iMessage however is the outlier here, maybe because they don't live and die on this system like the others I mentioned. If you're going to make a new system to replace the old one (text messages), make sure it works first.
2. The comparison is because it is a strictly easier problem and they still do strictly worse. If you want to compare Apple Online Store to Amazon Online Store, the report card is equally bad: imagine if every time Amazon added a new major product they took the ENTIRE STORE DOWN FOR HOURS.
3. It seems to me that iCloud is the thing that is more like "just a drive". Google has Photos, Calendars, and email too, so I'm not sure what you're referring to with all this Google comparison. 5GB is kind of nothing when we start talking photos and email, and Google actually does cool stuff with my Photos, and Dropbox still hilariously feels more integrated with the OS than iCloud, not to mention having integration with other services.
The truth of the matter is that they do bare minimum on all their services, which is FINE btw -- just absurd to claim they have any special competence in the area. Nothing about their services stands out, with each one its literally one step above nothing which would be unacceptable. With email they NEED some basic email to give you with your devices. With the App Store they NEED some way for you to get apps. With the online store they NEED some way for you to order products.
Now compare Apple to Apple (ha): look at their absolutely, everyone agrees, stellar physical stores. Thats something to write home about. Look at their amazing supply chain where they can replace or fix a phone in hours -- truly surprising every time I go in. This is something they have clear core competency in.
Pretty sure this is marketing a not technical.
I can confirm these problems. When I had an iPhone and iMessage, they were out of order all the time, and delivered unpredictably.
However, Slack, Twitter, etc. are not solving the same problems. iMessage does end-to-end encryption and has perfect forward secrecy (which, if I understand correctly, implies that they need to re-key fairly often).
In that case, would Amazon ever be up?