• hardypart@feddit.de
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    5
    ·
    edit-2
    1 year ago

    I’m not even an Apple user but somehow I still feel like Apple is one of the very last companies where privacy and the security of your data is more worth than a dime.

    • zettajon@lemmy.ml
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      19
      ·
      edit-2
      1 year ago

      Nope, Apple sells your data just as much as Google does: https://www.insiderintelligence.com/content/apple-ad-revenues-skyrocket-amid-its-privacy-changes https://www.vox.com/recode/2022/12/22/23513061/apple-iphone-app-store-ads-privacy-antitrust#luMMel

      While people noticed their new policies against 3rd party apps, that masked the fact that those policies carved out an exception for first party apps, meaning they collect (anonymous) data on you through Health, Journal, Music, etc. just like every other company. “Trusting them more” is simply a result of you and everyone else getting hit with their privacy ads recently.

      Edit: “just like every other company” meant Google and Microsoft, i.e. the other big equivalent tech companies, my fault for not being specific.

      • steal_your_face@lemmy.ml
        link
        fedilink
        English
        arrow-up
        27
        arrow-down
        1
        ·
        1 year ago

        While I’m all for calling out companies for abusing your privacy, your own links show that they don’t collect as much data as google. They could (and should) be better though.

      • AngrilyEatingMuffins@kbin.social
        link
        fedilink
        arrow-up
        24
        arrow-down
        1
        ·
        1 year ago

        Anonymous data is actually pretty different to the data everyone else collects, which literally has your name and picture

        Apple’s data is useful for trends but it can’t be used to study who I am.

        • generalpotato@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          5
          ·
          1 year ago

          This comment needs to be further up rather than the idiotic takes that don’t understand the difference between anonymized data collection (Apple) vs identifiable data collection (Meta/Google/most other tech).

          • QuadratureSurfer@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            Well, then there’s also the people that don’t realize that there are all sorts of programs out there that will try to take that “anonymized” data and then tie it right back to a persons profile.

            For example, you can anonymize GPS location data, but just because you strip away identifying information doesn’t mean that you’re truly anonymous. It can still be obvious where you live and where you work. And once you figure out where they live (again based on anonymous data) you can tie that information right back into their profile and continue to track them as if nothing has changed. https://www.popularmechanics.com/technology/security/a15927450/identify-individual-users-with-stravas-heatmap/

            • Yendor@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              2
              ·
              1 year ago

              That won’t work on Apples data - they group all the data into cohorts, so the anonymising isn’t reversible.

              • QuadratureSurfer@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Can you explain a bit more about Apple grouping their data into cohorts? I haven’t heard much about this before. For example, how would grouping data into cohorts work with GPS data?

            • generalpotato@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              1 year ago

              Not all anonymization techniques are created equal? I’m pretty sure this is fairly obvious at this point to anybody remotely familiar with how data collection works when it comes to privacy and device metrics.

              So, how is this relevant to this conversation besides adding more FUD and misinformation?

              • QuadratureSurfer@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                3
                ·
                1 year ago

                You sound like you know a lot more than everyone else on this subject so I thank you for your responses as a means to educate others.

                Just a word of advice, be sure to treat others with respect rather than assuming the worst of their intentions or calling them idiots because they don’t know as much as you.

                My response is still relevant to the conversation as we are talking about “anonymized data”. The link in my comment above proves that just because you are told your data has been “anonymized” does not truly mean that it’s impossible to re-attribute it back to an individual.

                So if you trust that Apple has great techniques for data anonymization, that’s awesome, feel free to expand on that and explain why. Just don’t go around telling others that simply having any sort of anonymization technique makes it so you don’t have to worry.

                • generalpotato@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  Thanks for the “advice”. Now, let me expand on my position.

                  The reason why I’m slightly annoyed but everyone’s take here is:

                  1. The demeanor that folks here have in passing on ill informed opinion as fact and then speculating details.
                  2. Not looking at the actual privacy policy of a company and the history of how said company has been involved in data collection, privacy, implementation of features in that realm and their handling of customer data.
                  3. Bringing up random points just to win an argument instead of conceding that they do not what they are talking about.

                  Here’s a few links to put things in perspective as to what and how Apple anonymizes data and how seriously it takes privacy:

                  https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf

                  https://www.apple.com/privacy/labels/

                  https://www.apple.com/privacy/control/

                  Read through those, look at Apple’s implementation of TouchID, FaceID and their stance on E2E encryption and tell me again why Apple isn’t serious about privacy, masking and anonymizing data, implementing differential privacy and informing users of what they collect and how users can opt-out of it.

                  Edit- Further evidence and reading:

                  https://www.techradar.com/news/fbi-says-apples-new-encryption-launch-is-deeply-concerning

                  https://www.digitaltrends.com/mobile/apple-data-collection/

                  https://www.apple.com/privacy/docs/A_Day_in_the_Life_of_Your_Data.pdf

                  • QuadratureSurfer@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    1 year ago

                    I’ve been reading through the links you posted as well as looking through other sources. I agree Apple is definitely taking more care with how they anonymize data compared to companies such as Netflix or Strava.

                    In Netflix’s case they released a bunch of “anonymized data” but in just over 2 weeks some researchers were able to de-anonymize some of the data back to particular users: https://www.cs.utexas.edu/~shmat/netflix-faq.html

                    I’ve already linked Strava’s mistake with their anonymization of data in my above comment.

                    and tell me again why Apple isn’t serious about privacy,

                    I think you must have me confused with someone else, up to this point in our discussion I never said that. I do believe that Apple is serious about privacy, but that doesn’t mean they are immune to mistakes. I’m sure Netflix and Strava thought the same thing.

                    My whole point is that you can’t trust that it’s impossible to de-anonymize data simply because some organization removes all of what they believe to be identifying data.

                    GPS data is a fairly obvious one which is why I brought it up. Just because you remove all identifying info about a GPS trace doesn’t stop someone (or some program) from re-attributing that data based on the start/stop locations of those tracks.

                    I appreciate that Apple is taking steps and using “local differential privacy” to try to mitigate stuff like this as much as possible. However, even they admit in that document that you linked that this only makes it difficult to determine rather than making it impossible:
                    “Local differential privacy guarantees that it is difficult to determine whether a certain user contributed to the computation of an aggregate by adding slightly biased noise to the data that is shared with Apple.” https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf


                    Now for some counter evidence and reading:

                    Here’s a brief article about how Anonymized data isn’t as anonymous as you think: https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data/

                    And if you just want to skip to it, here’s the link to the study about how anonymized data can be reversed: https://www.nature.com/articles/s41467-019-10933-3/

                    informing users of what they collect and how users can opt-out of it.

                    It would be great if users could just opt-out, however Apple is currently being sued for continuing to collect analytics even on users that have opted out (or at least it appears that way, we’ll have to let the lawsuit play out to see how this goes).
                    https://youtu.be/8JxvH80Rrcw
                    https://www.engadget.com/apple-phone-usage-data-not-anonymous-researchers-185334975.html
                    https://gizmodo.com/apple-iphone-privacy-settings-third-lawsuit-1850000531

                    That DigitalTrends article you linked was okay, but it was written in 2018 before Mysks’s tests.

                    As for your TechRadar link to Apple’s use of E2EE, that’s great, I’m glad they are using E2EE, but that’s not really relevant to our discussion about anonymizing data and risks running afoul of the #3 point you made for why you are frustrated with the majority of users in this post.

                    I understand it can be frustrating when people bring up random points like that, I’m assuming your comment for #3 was directed at other users on this post rather than myself. But feel free to call me out if I go too far off on a tangent.

                    I have tried to stick to my main point which is: just because data has been “anonymized” doesn’t mean it’s impossible to de-anonymize that data.

                    It’s been a while since I’ve looked up information on this subject, so thank you for contributing to this discussion.

      • circuitfarmer@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        2
        ·
        1 year ago

        As much as Google? Likely not. Does their carefully curated pro-privacy image actually match their practices? Also likely not.

      • SidneyGrant@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        I feel like wuth the amount of stuff done on device and not in the cloud with iPhones and other Apple products, saying that Apple sells just as much as Google is at the very least disingenuous…

        • IronCorgi@kbin.social
          link
          fedilink
          arrow-up
          3
          arrow-down
          6
          ·
          1 year ago

          Why? They gather data locally on your device rather than on a cloud service. Why do you feel the locality where they gather your data makes the comment disingenuous?

          • kirklennon@kbin.social
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            If your device locally analyzes your behavior and files, then Apple itself is not actually collecting and analyzing your data. The “locality” is a fundamental difference in who is doing what. If your private information never leaves your phone, your privacy is still fully maintained.

      • webghost0101@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        There is a massive leap between collecting data and selling your data.

        I am against both but in the digital age actually knowing who has your data is such a relief. My old email got sold to third party’s a bit to many times and to this day 80% of the incoming messages are blatant generic America targeted phishing.

      • Platform27@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Health is on-device, and is E2EE. To my knowledge, that’s always been the case. They do allow optional data linking services, but those need to be setup by the end-user. Apple should have no knowledge of this data, by default. Notes can be E2EE (with ADP), and with Journal (a new iOS feature) being E2EE. Music is a paid for service, with no ads, and is one of the more privacy respecting options. Data is needed for Music to help serve the user, and suggest artists/songs… it’s literally one of the platforms benefits, over self-hosting.

        • zettajon@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          2
          ·
          1 year ago

          None of the major players literally sell your true name and address. All mask the data, and then do stuff with it like create trends to know which ads to display to “users that search for tiktok on the app store/play store”

          • Platform27@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            3
            ·
            edit-2
            1 year ago

            Apple does not sell user data. By all means, look at their Privacy Policy (it’s easy to read), and show me where this is mentioned. They do collect it, and use it for their own marketing platform, but they don’t sell/trade it. In fact they DO anonymise the data they collect. Take a look: https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf This is just one document, found after a quick search. They also disclose other details on their security, and other privacy (or lack thereof) aspects.

            Now show me where other ad agencies, not just one or two, that goes to the same lengths, while also giving decent documentation. I’m not saying Apple is perfect (far from it).

            • zettajon@lemmy.ml
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              3
              ·
              1 year ago

              They do collect it, and use it for their own marketing platform

              Right

              but they don’t sell/trade it

              Then what are they collecting it for? To line their servers? It’s being used to train services, and those services that have ads have those ads targeted using the data collected in the first sentence I quoted.

              In fact they DO anonymise the data they collect

              So does google. Again, to the broader thread audience replying to my original comment, what is the difference?

              • JshKlsn@lemmy.ml
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                You’re right. Not sure why you’re downvoted.

                Google would be stupid to sell your data. Instead they keep it private, and when people go to Google, they tell them to push ads to certain groups or take surveys from certain groups, and Google does so. They do not hand those advertisers your data, otherwise those advertisers would never come back. They have the data.

              • seukari@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I recently learned that one method for companies to get around data selling laws is to give the data away for free in order to attract certain types of advertisers, then, they sell ad slots for people with specific demographics or interests.

                They don’t sell the data because that is harder to do with laws restricting it, so they just use it as advertiser bait in ways that bypass the law.

                Further reading: https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and

      • Yendor@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Did you read the article you posted? Apple serve you ads, they don’t sell your data. And they allow you to opt out of tracking. It’s all right there in your article.

        • JshKlsn@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          I know this is off topic, but Apple isn’t innocent.

          It’s almost worse to think your privacy is protected when it’s not, than to know it’s not. At least I know Google is sending my Google Assistant sound clips to be analyzed. Sucks when you learn the person you thought you could trust is fucking behind your back.

    • DragonAce@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      6
      ·
      edit-2
      1 year ago

      Any company that obfuscates all their security practices, refuses to give statistics on security risks and counter measures, and boils their product security down to “Trust us, bro.”, doesn’t actually give a fuck about your security. They’re just the last company who is still able to keeps everything secret so they can make shit up as they go along. Apple’s security is a joke and they’re just as bad as any other manufacturer on the market, the only difference is they have successfully kept their shit secret for all these years and spent decades convincing people they actually give a fuck about security.

      I still remember a few years ago having a conversation with a coworker about her iphone and she bragged about Apple never being hacked and this was right after I had just got done reading an article about a large scale hack on their network. Of course Apple never said a damned thing about it, so I forwarded her the article. IIRC she mumbled something about how the article was probably not accurate. Apple fanatics do some crazy mental gymnastics to justify them spending thousands on a phone thats probably worth about $300 at best(their hardware is on average 1-2 generations behind other devices on the market).

      Did you know that most celebrity phone hacks are thru apple accounts?

      • kautau@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        obfuscates all their security practices

        https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

        https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web

        https://developer.apple.com/documentation/cloudkit/encrypting_user_data

        I had just got done reading an article about a large scale hack on their network

        Source? Or should I just “trust you bro”

        Did you know that most celebrity phone hacks are thru apple accounts?

        Did you know that most celebrities own iPhones by a far margin? These aren’t the encryption was broken hacks when someone is getting into an iCloud account, these are social engineering hacks. That’s what happens when your publicist, your agent, and others have access to your digital accounts so they can get you a new phone quick while you are on the road, grab the photos you took on your phone from your iCloud account to share, etc. More holes in security.

        about $300 at best(their hardware is on average 1-2 generations behind other devices on the market)

        Flagship android phones, barring a few exceptions, are not sold without pre-installed apps that subsidize the cost of the phone.

        Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device? I’d accept that generally iPhones are ~$100-200 above the price of devices with competitive hardware, but a current gen iPhone having $300 hardware? The specs are very similar to other devices in similar price ranges

        I’ve owned both Pixels and iPhones before. While each has its pros and cons, I’ve found that the app sandboxing, default settings, and ability to opt out of telemetry was always better on iPhone. And until google has free, easy-to-use E2E encryption for Android devices and the related cloud services, customer data on Google’s servers is more at risk to be stolen/sold for profit/used without explicit user consent.

        • Whirlybird@aussie.zone
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device? I’d accept that generally iPhones are ~$100-200 above the price of devices with competitive hardware, but a current gen iPhone having $300 hardware? The specs are very similar to other devices in similar price ranges

          Not to mention that iPhones are literally best in the world in terms of the SOC. No other phone in the world matches them. Saying “their hardware is on average 1-2 generations behind other devices on the market” shows how wrong that person is.

          • kautau@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Yeah tbh I started to write a comparison of phones like the fairphone and the purism librem 5, and even the pixel 7, but they are laughable in comparison to just the base iPhone 14 hardware wise. Sure, one is $150 less, but the Librem is like 1300 dollars by comparison to the iPhone 14s $800, and they are performing at maybe 1/3 of the A15 Bionic SOC. The pixel 7 doesn’t fair much better by price comparison, and again, it’s making google money by selling user telemetry more actively.

            I encourage competition, I don’t think apple should own the market forever. And they haven’t. They almost failed before the first iPod and iPhone. But they’ve come back in terms of their ability to produce powerful silicon. The M series of processors solidifies it.

            Competition is good, and when a company is pushing the market and also pushing a real security agenda? It’s a good thing, let the competitors catch up with security, and then work to beat apple at the SOC game.

            Apple has been dethroned at silicon before, once PowerPC died, it can (and probably will) happen again.

            That’s a good thing.

            Let competitors build better E2E encryption and on-device security. The competition of better security is good for everyone.

            I would love to see apple be de-throned, but I think until there is a shift on a combined focus of hardware/software/security as a product (and having users pay the premium for that) it won’t happen for awhile

          • kautau@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I won’t disagree with that, it certainly seems to be the most secure OS available for modern smartphones.

            My points were purely refuting the commenter I responded to’s weird obsession with “Apple = Bad and Insecure.” We should encourage competition and support efforts to increase security anywhere they occur. Brand tribalism doesn’t help anyone.

        • gian @lemmy.grys.it
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          2
          ·
          1 year ago

          Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device?

          Ulefone Armor 21 😉

          Perhaps is even better.

          • microwavedgerbil@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            How long will that device get major updates? How about security updates? If I break the screen, how long does it take to get another one? What if liquid penetrates the device? Can I take it to a service center? If the service center doesn’t have the parts, will they give me a loaner device while mine is being repaired off-site? Can the off-site repair be done in under a week? How long is the warranty? Can I pay to extend it? What if I lose the device? Is there insurance for that?

            That’s if we pretend for a moment that the MediaTek G99 isn’t a quarter of the speed of the A15.

      • SmashingSquid@notyour.rodeo
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Apple processors outperform flagship android phones on benchmarks every generation. Where are you getting your information?

        • kautau@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          Sadly it’s tribalism. It’s “apple = bad” so anything mentioned about apple isn’t looked at logically but rather with an “us vs them” mentality. It’s common across the spectrum of thinking critically nowadays, but I felt I had to refute all points because it’s dumb and doesn’t help anyone.

          More security is good. Hating on apple because they are convinced that it’s an overpriced conspiracy is stupid. Every tech company deserves some hate, Apple included, but making that your identity instead of thinking critical does nothing to advance the work being done.