Skip to content

Top New Best Ask Show Jobs

iPhone = Privacy? | Better HN

iPhone = Privacy? (opens in new tab)

(kerkour.com)

48 points_3lin3y ago105 comments

105 comments

Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.

Much of this criticism seems misplaced or invalid. Apple tracks your IMEI? Well, sure, unless you choose otherwise, and they've given you a convenient place to turn off. Apple chipsets track your location down to the meter? Well, yes, that's a feature most people enjoy - and they've given you a convenient place to turn off, if you don't. Apple is using third party app Siri interactions to train Siri? How is this even a privacy issue... has any real world privacy problem ever occurred because of this? If you don't want Apple to hear your voice or process your Siri requests... don't use Siri? They've given you a convenient place to turn it off.

The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.

judge20203y ago

> The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.

The likely reasoning behind this, although unspoken, was to (at some point in the future) enable E2EE for iCloud Photos. Currently, Apple doesn't do nearly any CSAM scanning on iCloud Photos[0], so the FBI et al. are pushing for them to change that - instead of licensing PhotoDNA, they tried to create something that would keep image data out of their hands while not further enabling CSAM distributors.

0: "According to NMEC, Apple submitted 205 reports in 2019 (a third my my reporting volume). Apple increased a little, to 265 in 2020, but then dropped in 2021 to only 160 reports. That's nearly a 22% decrease over two years!" https://www.hackerfactor.com/blog/index.php?/archives/955-NC...

nathancahill3y ago

Yeah, I'm a huge privacy advocate but the part people are missing with this fiasco is that client-side scanning before _anything_ is uploaded is objectively less invasive than every single photo being scanned on iCloud (the direction legislation is heading). Again, this is an _opt-in_ behavior when you enable iCloud Photos, for photos that you're trying to upload (currently not E2EE) anyway. The feature comes with the potential upside of allowing Apple to enable E2EE for all photos, while credibly proving to the government there's no CSAM.

> has any real world privacy problem ever occurred because of this

Yes. People who don't quite understand how Siri works will divulge a lot of personal information. There's many stories from workers at these third parties about how much intimate detail they've heard when listening to these clips.

Now, that said, Google and Amazon do this too. It's truly a strike against all providers.

spideymans3y ago

When you setup a new Apple device, Apple asks users whether they want to share Siri recordings with Apple.

>There's many stories from workers at these third parties about how much intimate detail they've heard when listening to these clips.

Assuming those internet stories are even true - can anyone show me actual harm occurring to anyone based on Apple's use of Siri training? I've heard some Alexa stories, but frankly, Apple seems to do a really good job of protecting that information, at least so far, at least as far as the public knows.

Because the code of IOS is closed source, we have to trust these settings actually stop transmitting data back to Apple. Given how valuable such data is to central collectors, this trust is a big leap for some of us. Comparing Apple to Google is a false dichotomy since many alternatives now exist.

> The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.

There's also a convenient place to turn it off: CSAM scanning doesn't happen if you don't use iCloud photos/files syncing.

Yet.

Seems to - because it's a great marketing.

shadowgovt3y ago

This is all reasoning we heard in the past to defend Google.

With Google, it was all true and still is...

> Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.

My TV also doesn't have data as its main business model, however ... it still collects data on me.

olivierestsage3y ago

The cost of TVs is now heavily subsidized by the data-mining, though, whereas I don't see much evidence that's the case for Apple products, whatever their other problems (if such evidence does exist, I'd be interested to see it).

restore_creole_3y ago

> Apple ad exec wants to more than double ad revenue with new ads across iOS

https://arstechnica.com/gadgets/2022/08/report-apple-is-expl...

rickdeckard3y ago

> Apple seems to prioritize privacy more than the competition, while for Google collecting, and combing through to monetize, your personal data is a big part of their business model.

It's puzzling to me how this keeps getting repeated without any strong foundation. This story that others sell your data while Apple holds it secure is a narrative established by Apple that keeps coming up like a mantra.

The implication is that Google is gathering personal data to then then sell it to third parties.

But this is not their business model. They profile their customers via their behaviors and personal data, match them to a persona and then sell services to third parties to advertise to users fitting that persona.

I don't see how Apple is doing any less of customer profiling and persona generating than Google. They are both in the business of profiling their users and then monetizing them by offering services to internal/external customers who look for a certain audience.

The core of this is exactly the same between Apple and Google. Neither of them is selling the user-data directly, they both process it in order to package their users into a service they can sell to others.

The main thing that Apple does differently is, that they took stronger measures to ensure that the data THEY collect from their users can only be collected by THEM.

So Apple took action to protect their unique market position of selling ANY kind of goods to users of Apple products, and they claim that they are more honorable to hold and process all your data for financial gain just because (so far) they failed to compete in the advertising industry.

>The implication is that Google is gathering personal data to then then sell it to third parties.

No, the implication is that Google collects as much of your personal data as possible, stores it forever, and monetizes it. You can tell because that's what I actually said. What you're responding to is a red herring - you brought up third parties, not me.

If I use the Apple Mail app with default settings from my iCloud account to e-mail ten lawn care services, I won't start seeing web ads for lawn care. If I use Gmail with default settings, I will.

> The main thing that Apple does differently is, that they took stronger measures to ensure that the data THEY collect from their users can only be collected by THEM.

No, the main thing that Apple does differently is make their money by selling hardware, software, and services directly to end users. This is in stark contrast to Google, whose typical business model offers free services that make the end users into the saleable product.

matai_kolila3y ago

> Thus, anyone who has access to your iCloud account, whether it be a hacker, an Apple employee, or a government agency, has also access to that data.

Lost a lot of credibility here by including Apple employees, as that’s not a thing.

Honestly this just reads as a bunch if FUD for what appears to be no reason. There’s no new info, no new perspective, no attempt at fair explanation of why those things might actually be desirable for the customer…

Just a bunch of bad faith interpretations of how an iPhone works to try and scare or confuse the reader, and no discernible reason for why.

The CSAM scanning would have required Apple employees to view flagged photos to confirm if they are CSAM - so yes, Apple employees will have some level of access to iCloud data, otherwise, legal requests for data would be impossible.

This wouldn't be an issue if iCloud was E2EE, but they probably save a chunk of money by only storing one copy of the "meme du jour" on their servers.

esotericimpl3y ago

Honestly would an apple employee be able to access my icloud account? I understand that the icloud data is encrypted in the cloud and the decryption key is part of signing onto icloud via 2 factor to authorize the device.

Would an apple employee be able to view icloud without the 2nd factor to pull down the decryption key?

icloud data isn't end-to-end encrypted, so there are undoubtedly some employees who can view icloud data.

In a well-run organisation this power would only be available to a small number of employees, would require a good reason and multiple people's authorisation, and would produce audit records. Is Apple such an organisation? Nobody knows.

bb1233y ago

For me it's a question of incentives. Apple makes the vast majority of its income selling hardware to people. That makes me the customer. Google makes the vast majority of its income selling user data to advertisers. That makes me the product and advertisers the customer. Which company has more of an incentive to compromise my privacy by accessing my data in a dishonest way?

saiya-jin3y ago

Thats a bit naive approach. Both (and other) companies exist primarily to earn money to owners. If Apple will find it can extract even more money from consumers on top of hardware, ie overpriced forced walled gardens called app shops, it will. As long as it doesn't affects its main money pipeline which are devices. Like it or not, most folks don't care about nor understand privacy, so Apple has a lot of leeway there.

The idea of taking Apple seriously on privacy is a bit of bad joke when they block Firefox having ublock origin or implement at least the same for its Safari, and give users full option to install plugins for this browser (even if only from Apple-curated plugin store). It would be trivial for army of Apple devs to create similar blocking, yet they just curate what ads you see based on what they think is maximum acceptable amount & type for users, so no real privacy choice there.

I've heard even comments here on HN about how its actually a good thing to not have this freedom as 'power user'. Can't say I know how to respond to such schizophrenia so I'll pass on that, everybody can make up their own opinion.

Apple - fix this, and I will start taking your PR about security seriously. Till then, I simply can't since its obvious you talk more than actually do where it matters most, the wild unruly Internet of these days.

spideymans3y ago

On the contrary, I’d say access to user data is a liability for Apple.

Apple saw how damaging the iCloud privacy scandal and Cambridge Analytica were. They responded by fully hitching Apple’s brand to the privacy train.

If Apple were to be caught intentionally violating user privacy now, the damage to the brand would be immense.

Apple makes their money primarily by selling cool stuff to people. If they tarnish their brand by violating people’s privacy like Google or Meta, end users have far less incentive to buy Apple’s products.

Apple has indeed less incentives than Google [0]. But a third alternative also exists (see my other comment).

[0] https://www.barrons.com/articles/apples-advertising-business...

Apple want to vastly increase the amount of money they make from ads - that blurs the line somewhat, no?

shockeychap3y ago

What is the source for this claim? I haven't heard anything to this effect and nothing I've seem from Apple signals anything along these lines.

Algent3y ago

> When you put your phone in airplane mode, you are simply telling your phone's OS to stop using the mobile network. The baseband system is still on and can be pinged by the mobile network.

I just started reading and there is already a sentence I don't believe very much, even less as a generalization. Does anyone here have a basis that could explain this bold statement ?

> Does anyone here have a basis that could explain this bold statement ?

It's just wrong. On iPhones, Airplane Mode turns off all radios except Bluetooth.

WiFi still remains on, no?

arubania23y ago

I think they probably mean that this switch is software-based, so turning it on does not physically disconnect the underlying hardware.

I doubt there is any proof that some kind of system activity is still taking place while in airplane mode, but that might be irrelevant.

For some people, depending on their threat model and personal preference, what's important is that it's impossible to prove beyond any doubt that this is _not_ the case.

Algent3y ago

Ok I see, I understood the first sentence like you then but wasn't sure what was the point of a blanket statement there. I do feel like this this is something measurable with tool it could be easy to prove but I guess this isn't the point of this paper.

Technically, you are only asking your software to turn the modem off. It can disobey if it wants, you can't be sure.

The reason airplane mode exists is a radio 30000 feet above the ground violates assumptions baked into the terrestrial cellular architecture. If iPhones were regularly flying around with their radios enabled we would have heard about it by now.

The place where Apple is the most dishonest is in their scaremongering popup dialogs that constantly prompt me to re-authorize Google Maps, which I use daily, to access my location. They exempt themselves from this authorization by laundering Apple Maps location access through "System Services". iOS will never, ever pop up a dialog asking if you were aware that "System Services" has accessed your location on behalf of Apple 10000 times in the last month for the purposes of improving maps and providing traffic data to other Apple Maps users. Even if you, like me, never intentionally use Apple Maps, Apple silently accesses your location for these purposes. And even if you, like me, have been an intentional and fully-informed user of Google Maps for 15 years, Apple will still regularly urge you to revoke location data access from Google Maps.

To me, this seems really dishonest.

HunterWare3y ago

Huh, I use Google Maps daily too and have never had a popup since the first time I used it and picked "While using". I could have picked "Always", which worked too, but choose not to for reasons outlined in other posts here.

You can also easily turn off "Maps" tracking or limit it the same way if you choose.

I got to admit that I don't see the meat in this burger, so to speak.

If you go into privacy settings and try to disable the “system services” it will prompt you, twice, with a big scary warning about how nothing on your iPhone will ever work again.

russianGuy838293y ago

> Another innovation announced yesterday for the iPhone 14 event was Satellite communication. Apple is now able to locate an iPhone anywhere in the world (where it would require connectivity to the mobile network, Wifi, or another device before.

Thats just plain wrong. Poorly researched article.

iPhone = Not perfect but better than all comparable alternatives

Perhaps the biggest advantage of the iPhone, aside from Apple making most of their money selling real products not your data, is that every concern he had was accompanied by a setting to disable it

These settings tend to magically change in your disadvantage after you update some software or click yes somewhere when you weren't paying attention.

spideymans3y ago

> Perhaps the biggest advantage of the iPhone, aside from Apple making most of their money selling real products not your data

This is the reason why I have a certain degree of confidence in Apple’s privacy aspirations. Apple makes their money primarily by selling cool stuff to end users. Their business model heavily disincentives mass tracking.

Google and Meta couldn’t ever be as privacy-friendly as Apple, due to their business models.

Every concern he had that wasn't based on fabrication, yes.

Airplane mode leaves the cellular radio on? Not according to signal tests!

kraf3y ago

I feel that GrapheneOS is a good compromise. It's significantly more private than an iPhone and after 2 years of using it I really don't feel like I'm missing out on anything.

Couple that with a Nextcloud instance, and you are golden. This private cloud is where you can synchronize your contacts, calendar, photos, files, bookmarks, passwords, location, news, podcasts, music, tasks, notes and host chats and video calls.

To mitigate telco surveillance, switch your number to VOIP and use burner SIM's or pretty good phone privacy.

zimpenfish3y ago

I like how "First, it generates a lot of false positives" is linked to an article about Google, not Apple, scanning cloud photos, not on-device, and it was only a false positive in the intent of the photos - the actual photos (of a child's penis) are exactly what should be flagged, no?

(Human review with explanation and consultation with the doctor / police should have led to "ok, false positive this time".)

> With all that information, I think it's reasonable to say that iPhones are far from private. But, as the alternatives are even worse

Android smartphones are indeed worse, but it's not the only alternative. Consider GNU/Linux phones if you care about privacy and want to support it: https://puri.sm/products/librem-5 and https://pine64.org/pinephone.

There are also things like /e/OS (Edit: and GrapheneOS), but they are installed on Android phones and must obey their planned obsolescence due to the proprietary drivers (tied to an old Linux kernel).

LinuxBender3y ago

Also GrapheneOS [1] but hardware options are limited. LineageOS [2] and its fork /e/ [3] appear to have some more hardware support.

How many years will a phone running these be usable on average?

[1] - https://grapheneos.org/faq#device-support

[2] - https://wiki.lineageos.org/devices/

[3] - https://e.foundation/

sbuk3y ago

Didn’t you just challenge someone for ‘shifting goalposts’ and being off topic? What has GrapheneOS got to do with Apple?

I said that GrapheneOS is a relatively good alternative to Apple, although with a downside. Where is shifting goals? It's important to discuss solutions to the problem, not to say "you are also spied by other people and companies".

scarface743y ago

And that phone also sends your IMEI and your location to the carrier. It has to enable to work.

It does only if the hardware kill switch is on. You control it. Also, it doesn't send anything else to anyone.

Are there articles that actually audit the data sent from your phone? My biggest gripe is we're supposed to take all marketing at face value.

https://news.ycombinator.com/item?id=26639261

imgabe3y ago

> iOS sends a lot of data about your phone to Apple, such as your phone number, your unique device identifier, your location and your IMEI number

Oh no! The manufacturer of my phone knows the unique identifier they created and assigned to my phone? Whatever shall I do?

Seriously? Obviously the problem isn't that they know the IMEI, it's that they now have an IMEI linked to a specific person along with your UDI, location, and phone number.

imgabe3y ago

Turn off location, buy a secondhand iPhone with a gift card, create an apple account with a throwaway email, move to a cabin in the woods to work on your manifesto. Easy peasy.

If one did not need to register the device to one's real ID when activating it, this would not be such a big issue. I ditched my Iphone long ago for this reason, and to my knowledge it is still not possible to make an Iphone anonymous unlike other Android or Linux based devices.

They may know IMEI, since they made the phone. But why do they have to know your phone number and location? How can I avoid that?

Algent3y ago

They 100% need the phone number for some of the base features like imessage. The location however without the "find my phone" it shouldn't have a reason, I guess it's to allow them to put on the map any apple tags you have in range. I think these tags are opt out but I'm still stuck on how Apple casually sell the biggest semi-passive stalking tool ever made.

> But why do they have to know your phone number and location? How can I avoid that?

By not using a phone, because your carrier knows this information too and also sells this data (Apple does not).

qclibre223y ago

Leave it at home or turn it off.

No phone == privacy

beders3y ago

There's no privacy. There's just a price tag to your private data.

Same as with security.

privacy (prī′və-sē) [noun] - The quality or condition of being permitted to terminate pregnancies.

(This definition brought to you by Marshall's Englishish Dictionary)

pookha3y ago

Privacy wise, I'd argue that GrapheneOS and the like are not at all worse than an IPhone. You have a significant level of control with one of these rooted phones that have stock android.

j / k navigate · click thread line to collapse