Silkenweb Example: Hackernews Clone

iPhone = Privacy?

48 points by z0mbie42 2 years ago | 105 comments

hardnose 2 years ago
Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.
Much of this criticism seems misplaced or invalid. Apple tracks your IMEI? Well, sure, unless you choose otherwise, and they've given you a convenient place to turn off. Apple chipsets track your location down to the meter? Well, yes, that's a feature most people enjoy - and they've given you a convenient place to turn off, if you don't. Apple is using third party app Siri interactions to train Siri? How is this even a privacy issue... has any real world privacy problem ever occurred because of this? If you don't want Apple to hear your voice or process your Siri requests... don't use Siri? They've given you a convenient place to turn it off.
The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.
- judge2020 2 years ago
  > The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.
  The likely reasoning behind this, although unspoken, was to (at some point in the future) enable E2EE for iCloud Photos. Currently, Apple doesn't do nearly any CSAM scanning on iCloud Photos[0], so the FBI et al. are pushing for them to change that - instead of licensing PhotoDNA, they tried to create something that would keep image data out of their hands while not further enabling CSAM distributors.
  0: "According to NMEC, Apple submitted 205 reports in 2019 (a third my my reporting volume). Apple increased a little, to 265 in 2020, but then dropped in 2021 to only 160 reports. That's nearly a 22% decrease over two years!" https://www.hackerfactor.com/blog/index.php?/archives/955-NC...
  - nathancahill 2 years ago
    Yeah, I'm a huge privacy advocate but the part people are missing with this fiasco is that client-side scanning before _anything_ is uploaded is objectively less invasive than every single photo being scanned on iCloud (the direction legislation is heading). Again, this is an _opt-in_ behavior when you enable iCloud Photos, for photos that you're trying to upload (currently not E2EE) anyway. The feature comes with the potential upside of allowing Apple to enable E2EE for all photos, while credibly proving to the government there's no CSAM.
    - hardnose 2 years ago
      >client-side scanning before _anything_ is uploaded is objectively less invasive than every single photo being scanned on iCloud
      That's like saying cyanide tastes better than strychnine. It might be true, but I'd rather just not have either one.
- falcolas 2 years ago
  > has any real world privacy problem ever occurred because of this
  Yes. People who don't quite understand how Siri works will divulge a lot of personal information. There's many stories from workers at these third parties about how much intimate detail they've heard when listening to these clips.
  Now, that said, Google and Amazon do this too. It's truly a strike against all providers.
  - spideymans 2 years ago
    When you setup a new Apple device, Apple asks users whether they want to share Siri recordings with Apple.
  - hardnose 2 years ago
    >There's many stories from workers at these third parties about how much intimate detail they've heard when listening to these clips.
    Assuming those internet stories are even true - can anyone show me actual harm occurring to anyone based on Apple's use of Siri training? I've heard some Alexa stories, but frankly, Apple seems to do a really good job of protecting that information, at least so far, at least as far as the public knows.
    - falcolas 2 years ago
      A lack of reported harm does not imply a lack of the ability to harm.
      "Siri, order medicine X and deliver to address Y" is a simple example of how a simple command - whether valid or not - can expose someone's medical history, and while an ethical reviewer (probably 99%+ of reviewers) would do nothing with it, an unethical reviewer could.
- kornhole 2 years ago
  Because the code of IOS is closed source, we have to trust these settings actually stop transmitting data back to Apple. Given how valuable such data is to central collectors, this trust is a big leap for some of us. Comparing Apple to Google is a false dichotomy since many alternatives now exist.
- oreilles 2 years ago
  > The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.
  There's also a convenient place to turn it off: CSAM scanning doesn't happen if you don't use iCloud photos/files syncing.
  - philjohn 2 years ago
    Yet.
- philjohn 2 years ago
  Seems to - because it's a great marketing.
- shadowgovt 2 years ago
  This is all reasoning we heard in the past to defend Google.
  With Google, it was all true and still is...
- amelius 2 years ago
  > Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.
  My TV also doesn't have data as its main business model, however ... it still collects data on me.
  - olivierestsage 2 years ago
    The cost of TVs is now heavily subsidized by the data-mining, though, whereas I don't see much evidence that's the case for Apple products, whatever their other problems (if such evidence does exist, I'd be interested to see it).
    - fsflover 2 years ago
      > whereas I don't see much evidence that's the case for Apple products
      https://www.barrons.com/articles/apples-advertising-business...
- restore_creole_ 2 years ago
  > Apple ad exec wants to more than double ad revenue with new ads across iOS
  https://arstechnica.com/gadgets/2022/08/report-apple-is-expl...
- rickdeckard 2 years ago
  > Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.
  It's puzzling to me how this keeps getting repeated without any strong foundation. This story that others sell your data while Apple holds it secure is a narrative established by Apple that keeps coming up like a mantra.
  The implication is that Google is gathering personal data to then then sell it to third parties.
  But this is not their business model. They profile their customers via their behaviors and personal data, match them to a persona and then sell services to third parties to advertise to users fitting that persona.
  I don't see how Apple is doing any less of customer profiling and persona generating than Google. They are both in the business of profiling their users and then monetizing them by offering services to internal/external customers who look for a certain audience.
  The core of this is exactly the same between Apple and Google. Neither of them is selling the user-data directly, they both process it in order to package their users into a service they can sell to others.
  The main thing that Apple does differently is, that they took stronger measures to ensure that the data THEY collect from their users can only be collected by THEM.
  So Apple took action to protect their unique market position of selling ANY kind of goods to users of Apple products, and they claim that they are more honorable to hold and process all your data for financial gain just because (so far) they failed to compete in the advertising industry.
  - hardnose 2 years ago
    >The implication is that Google is gathering personal data to then then sell it to third parties.
    No, the implication is that Google collects as much of your personal data as possible, stores it forever, and monetizes it. You can tell because that's what I actually said. What you're responding to is a red herring - you brought up third parties, not me.
    If I use the Apple Mail app with default settings from my iCloud account to e-mail ten lawn care services, I won't start seeing web ads for lawn care. If I use Gmail with default settings, I will.
    > The main thing that Apple does differently is, that they took stronger measures to ensure that the data THEY collect from their users can only be collected by THEM.
    No, the main thing that Apple does differently is make their money by selling hardware, software, and services directly to end users. This is in stark contrast to Google, whose typical business model offers free services that make the end users into the saleable product.
    - rickdeckard 2 years ago
      > If I use the Apple Mail app with default settings from my iCloud account to e-mail ten lawn care services, I won't start seeing web ads for lawn care. If I use Gmail with default settings, I will.
      That's because Apple doesn't operate ad-services on scale at this point, particularly not on the web. The fact that they are scanning each and every email was made clear when they announced their CSAM scanner you also mentioned. I strongly doubt that Apple operates a crime-fighting division and that is the only purpose of scanning content. It's much more likely that they already analyze messages and content with other ML-models to refine the persona they created of a user.
      So yes,they don't show you personalized ads on webpages, but without them operating in ads that's not an indicator of privacy. After failing to compete on Ads since 2010, their effort just started to ramp up in the last year.
      > No, the main thing that Apple does differently is make their money by selling hardware, software, and services directly to end users.
      Agreed, but Hardware is a segment that is close to saturation, and the majority of SW R&D resources are spent on the OS which is provided free of charge when purchasing the Hardware. Their growth-strategy is quite obviously based on services, with the strongest-growing of them being platforms of consumption (Appstore, Music, TV,...) and platforms of data-aggregation (Cloud, Pay, Card, CarPlay, Homekit,...).
      Those consumption platforms serve content of third parties competing with each other for the user, and as the platform provider Apple offers those sellers paid services to reach the user.
      I am fine to disagree, but in the growing world of services which are about to reach 25% of Apple's revenue soon, the Apple user who created the hardware revenue is the product being sold by Apple. To App-Developers, Music publishers, Movie Studios, Mobile carriers,...
matai_kolila 2 years ago
> Thus, anyone who has access to your iCloud account, whether it be a hacker, an Apple employee, or a government agency, has also access to that data.
Lost a lot of credibility here by including Apple employees, as that’s not a thing.
Honestly this just reads as a bunch if FUD for what appears to be no reason. There’s no new info, no new perspective, no attempt at fair explanation of why those things might actually be desirable for the customer…
Just a bunch of bad faith interpretations of how an iPhone works to try and scare or confuse the reader, and no discernible reason for why.
- philjohn 2 years ago
  The CSAM scanning would have required Apple employees to view flagged photos to confirm if they are CSAM - so yes, Apple employees will have some level of access to iCloud data, otherwise, legal requests for data would be impossible.
  This wouldn't be an issue if iCloud was E2EE, but they probably save a chunk of money by only storing one copy of the "meme du jour" on their servers.
- esotericimpl 2 years ago
  Honestly would an apple employee be able to access my icloud account? I understand that the icloud data is encrypted in the cloud and the decryption key is part of signing onto icloud via 2 factor to authorize the device.
  Would an apple employee be able to view icloud without the 2nd factor to pull down the decryption key?
  - michaelt 2 years ago
    icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.
    In a well-run organisation this power would only be available to a small number of employees, would require a good reason and multiple people's authorisation, and would produce audit records. Is Apple such an organisation? Nobody knows.
    - matai_kolila 2 years ago
      > icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.
      This is more FUD; it doesn't need to be e2e encrypted to prevent an Apple employee (who isn't breaking a litany of laws and/or company policies) from viewing iCloud data.
      I'm... just tired of baseless accusations like this, so casually thrown around. I've worked in this industry for 15 years, and when something like this is specifically possible, we say so because we have specific knowledge about how it would actually happen, not general "Yeah sure probably."
      We have to do better, because if we don't, we sound like chicken littles and people just ignore us.
  - 2 years ago
bb123 2 years ago
For me it's a question of incentives. Apple makes the vast majority of its income selling hardware to people. That makes me the customer. Google makes the vast majority of its income selling user data to advertisers. That makes me the product and advertisers the customer. Which company has more of an incentive to compromise my privacy by accessing my data in a dishonest way?
- saiya-jin 2 years ago
  Thats a bit naive approach. Both (and other) companies exist primarily to earn money to owners. If Apple will find it can extract even more money from consumers on top of hardware, ie overpriced forced walled gardens called app shops, it will. As long as it doesn't affects its main money pipeline which are devices. Like it or not, most folks don't care about nor understand privacy, so Apple has a lot of leeway there.
  The idea of taking Apple seriously on privacy is a bit of bad joke when they block Firefox having ublock origin or implement at least the same for its Safari, and give users full option to install plugins for this browser (even if only from Apple-curated plugin store). It would be trivial for army of Apple devs to create similar blocking, yet they just curate what ads you see based on what they think is maximum acceptable amount & type for users, so no real privacy choice there.
  I've heard even comments here on HN about how its actually a good thing to not have this freedom as 'power user'. Can't say I know how to respond to such schizophrenia so I'll pass on that, everybody can make up their own opinion.
  Apple - fix this, and I will start taking your PR about security seriously. Till then, I simply can't since its obvious you talk more than actually do where it matters most, the wild unruly Internet of these days.
  - spideymans 2 years ago
    On the contrary, I’d say access to user data is a liability for Apple.
    Apple saw how damaging the iCloud privacy scandal and Cambridge Analytica were. They responded by fully hitching Apple’s brand to the privacy train.
    If Apple were to be caught intentionally violating user privacy now, the damage to the brand would be immense.
    Apple makes their money primarily by selling cool stuff to people. If they tarnish their brand by violating people’s privacy like Google or Meta, end users have far less incentive to buy Apple’s products.
    - saiya-jin 2 years ago
      I work in IT whole life, ie Swiss private banks for more than decade and almost a decade elsewhere. None of the colleagues and friends properly cares about this. You are experiencing HN (or maybe SV) echo chamber effect in 200%.
      People I know in category above, and rest as well buy Apple since its premium product, there is a lot of ads on it everywhere, its a lot in media ie Hollywood product placement, they like the design, they like photos it makes, and the price you have to pay makes you stand out as non-cheapskate in same vein cool fresh haircut or expensive clothing/jewelry does. Privacy isn't in top 10, ever.
      Scandals? What scandals? In current world they come and go, people have little attention span with covid, wars, environmental crises and so on. That goes for Android too, people en masse simply don't care about phone privacy. Makes me a bit sad but it is what it is.
- fsflover 2 years ago
  Apple has indeed less incentives than Google [0]. But a third alternative also exists (see my other comment).
  [0] https://www.barrons.com/articles/apples-advertising-business...
- philjohn 2 years ago
  Apple want to vastly increase the amount of money they make from ads - that blurs the line somewhat, no?
  - shockeychap 2 years ago
    What is the source for this claim? I haven't heard anything to this effect and nothing I've seem from Apple signals anything along these lines.
    - philjohn 2 years ago
      https://techcrunch.com/2022/08/15/report-apple-tested-ads-in...
      There are MANY stories about their push into ads to augment their other newer services money streams. That's just one.
Algent 2 years ago
> When you put your phone in airplane mode, you are simply telling your phone's OS to stop using the mobile network. The baseband system is still on and can be pinged by the mobile network.
I just started reading and there is already a sentence I don't believe very much, even less as a generalization. Does anyone here have a basis that could explain this bold statement ?
- CharlesW 2 years ago
  > Does anyone here have a basis that could explain this bold statement ?
  It's just wrong. On iPhones, Airplane Mode turns off all radios except Bluetooth.
  - grenoire 2 years ago
    WiFi still remains on, no?
    - FreezerburnV 2 years ago
      By default the WiFi system is turned off, but you can turn it back on individually. If you want to connect to an in-flight system for watching shows, as an example.
- arubania2 2 years ago
  I think they probably mean that this switch is software-based, so turning it on does not physically disconnect the underlying hardware.
  I doubt there is any proof that some kind of system activity is still taking place while in airplane mode, but that might be irrelevant.
  For some people, depending on their threat model and personal preference, what's important is that it's impossible to prove beyond any doubt that this is _not_ the case.
  - Algent 2 years ago
    Ok I see, I understood the first sentence like you then but wasn't sure what was the point of a blanket statement there. I do feel like this this is something measurable with tool it could be easy to prove but I guess this isn't the point of this paper.
- fsflover 2 years ago
  Technically, you are only asking your software to turn the modem off. It can disobey if it wants, you can't be sure.
  - jeffbee 2 years ago
    The reason airplane mode exists is a radio 30000 feet above the ground violates assumptions baked into the terrestrial cellular architecture. If iPhones were regularly flying around with their radios enabled we would have heard about it by now.
    - fsflover 2 years ago
      It doesn't have to do this "regularly", only when someone (not you) wants it.
jeffbee 2 years ago
The place where Apple is the most dishonest is in their scaremongering popup dialogs that constantly prompt me to re-authorize Google Maps, which I use daily, to access my location. They exempt themselves from this authorization by laundering Apple Maps location access through "System Services". iOS will never, ever pop up a dialog asking if you were aware that "System Services" has accessed your location on behalf of Apple 10000 times in the last month for the purposes of improving maps and providing traffic data to other Apple Maps users. Even if you, like me, never intentionally use Apple Maps, Apple silently accesses your location for these purposes. And even if you, like me, have been an intentional and fully-informed user of Google Maps for 15 years, Apple will still regularly urge you to revoke location data access from Google Maps.
To me, this seems really dishonest.
- HunterWare 2 years ago
  Huh, I use Google Maps daily too and have never had a popup since the first time I used it and picked "While using". I could have picked "Always", which worked too, but choose not to for reasons outlined in other posts here.
  You can also easily turn off "Maps" tracking or limit it the same way if you choose.
  I got to admit that I don't see the meat in this burger, so to speak.
  - jeffbee 2 years ago
    If you go into privacy settings and try to disable the “system services” it will prompt you, twice, with a big scary warning about how nothing on your iPhone will ever work again.
    - smaccona 2 years ago
      I can go into Settings -> Maps -> Location -> Never, and then when I use Apple Maps it says "Location Services is off" and can't figure out where I am. Is that different than what you are talking about?
russianGuy83829 2 years ago
> Another innovation announced yesterday for the iPhone 14 event was Satellite communication. Apple is now able to locate an iPhone anywhere in the world (where it would require connectivity to the mobile network, Wifi, or another device before.
Thats just plain wrong. Poorly researched article.
v0idzer0 2 years ago
iPhone = Not perfect but better than all comparable alternatives
Perhaps the biggest advantage of the iPhone, aside from Apple making most of their money selling real products not your data, is that every concern he had was accompanied by a setting to disable it
- amelius 2 years ago
  These settings tend to magically change in your disadvantage after you update some software or click yes somewhere when you weren't paying attention.
- spideymans 2 years ago
  > Perhaps the biggest advantage of the iPhone, aside from Apple making most of their money selling real products not your data
  This is the reason why I have a certain degree of confidence in Apple’s privacy aspirations. Apple makes their money primarily by selling cool stuff to end users. Their business model heavily disincentives mass tracking.
  Google and Meta couldn’t ever be as privacy-friendly as Apple, due to their business models.
- pwinnski 2 years ago
  Every concern he had that wasn't based on fabrication, yes.
  Airplane mode leaves the cellular radio on? Not according to signal tests!
kraf 2 years ago
I feel that GrapheneOS is a good compromise. It's significantly more private than an iPhone and after 2 years of using it I really don't feel like I'm missing out on anything.
- kornhole 2 years ago
  Couple that with a Nextcloud instance, and you are golden. This private cloud is where you can synchronize your contacts, calendar, photos, files, bookmarks, passwords, location, news, podcasts, music, tasks, notes and host chats and video calls.
  To mitigate telco surveillance, switch your number to VOIP and use burner SIM's or pretty good phone privacy.
zimpenfish 2 years ago
I like how "First, it generates a lot of false positives" is linked to an article about Google, not Apple, scanning cloud photos, not on-device, and it was only a false positive in the intent of the photos - the actual photos (of a child's penis) are exactly what should be flagged, no?
(Human review with explanation and consultation with the doctor / police should have led to "ok, false positive this time".)
fsflover 2 years ago
> With all that information, I think it's reasonable to say that iPhones are far from private. But, as the alternatives are even worse
Android smartphones are indeed worse, but it's not the only alternative. Consider GNU/Linux phones if you care about privacy and want to support it: https://puri.sm/products/librem-5 and https://pine64.org/pinephone.
There are also things like /e/OS (Edit: and GrapheneOS), but they are installed on Android phones and must obey their planned obsolescence due to the proprietary drivers (tied to an old Linux kernel).
- LinuxBender 2 years ago
  Also GrapheneOS [1] but hardware options are limited. LineageOS [2] and its fork /e/ [3] appear to have some more hardware support.
  How many years will a phone running these be usable on average?
  [1] - https://grapheneos.org/faq#device-support
  [2] - https://wiki.lineageos.org/devices/
  [3] - https://e.foundation/
- sbuk 2 years ago
  Didn’t you just challenge someone for ‘shifting goalposts’ and being off topic? What has GrapheneOS got to do with Apple?
  - fsflover 2 years ago
    I said that GrapheneOS is a relatively good alternative to Apple, although with a downside. Where is shifting goals? It's important to discuss solutions to the problem, not to say "you are also spied by other people and companies".
- scarface74 2 years ago
  And that phone also sends your IMEI and your location to the carrier. It has to enable to work.
  - fsflover 2 years ago
    It does only if the hardware kill switch is on. You control it. Also, it doesn't send anything else to anyone.
    - scarface74 2 years ago
      If the cellphone carrier has your IMEI and location so do third parties that they sell it to and law enforcement.
      https://9to5mac.com/2022/07/22/carrier-location-data/
pathartl 2 years ago
Are there articles that actually audit the data sent from your phone? My biggest gripe is we're supposed to take all marketing at face value.
- fsflover 2 years ago
  https://news.ycombinator.com/item?id=26639261
imgabe 2 years ago
> iOS sends a lot of data about your phone to Apple, such as your phone number, your unique device identifier, your location and your IMEI number
Oh no! The manufacturer of my phone knows the unique identifier they created and assigned to my phone? Whatever shall I do?
- Accacin 2 years ago
  Seriously? Obviously the problem isn't that they know the IMEI, it's that they now have an IMEI linked to a specific person along with your UDI, location, and phone number.
  - imgabe 2 years ago
    Turn off location, buy a secondhand iPhone with a gift card, create an apple account with a throwaway email, move to a cabin in the woods to work on your manifesto. Easy peasy.
- kornhole 2 years ago
  If one did not need to register the device to one's real ID when activating it, this would not be such a big issue. I ditched my Iphone long ago for this reason, and to my knowledge it is still not possible to make an Iphone anonymous unlike other Android or Linux based devices.
- fsflover 2 years ago
  They may know IMEI, since they made the phone. But why do they have to know your phone number and location? How can I avoid that?
  - Algent 2 years ago
    They 100% need the phone number for some of the base features like imessage. The location however without the "find my phone" it shouldn't have a reason, I guess it's to allow them to put on the map any apple tags you have in range. I think these tags are opt out but I'm still stuck on how Apple casually sell the biggest semi-passive stalking tool ever made.
    - Bud 2 years ago
      You need to read for five minutes about AirTags and how they work, and how Apple addressed any stalking issues already, before casually tossing around accusations like this with vagaries like "I think these tags are opt out" attached to them.
  - CharlesW 2 years ago
    > But why do they have to know your phone number and location? How can I avoid that?
    By not using a phone, because your carrier knows this information too and also sells this data (Apple does not).
    - fsflover 2 years ago
      The topic is about Apple knowing your data, please do not shift goals.
- qclibre22 2 years ago
  Leave it at home or turn it off.
giantg2 2 years ago
No phone == privacy
- beders 2 years ago
  There's no privacy. There's just a price tag to your private data.
  - fsflover 2 years ago
    Same as with security.
  - hardnose 2 years ago
    privacy (prī′və-sē) [noun] - The quality or condition of being permitted to terminate pregnancies.
    (This definition brought to you by Marshall's Englishish Dictionary)
pookha 2 years ago
Privacy wise, I'd argue that GrapheneOS and the like are not at all worse than an IPhone. You have a significant level of control with one of these rooted phones that have stock android.