"What does HN think? Is this a viable business differentiator for them, long term? Or will they have to shift to the 'dark side' of personalized data and services to remain competitive in the future?"
Honestly, I cant possibly trust Apple to always do the right thing. A corner stone of digital privacy and security is being in control of your systems and data which Apple takes away from its customers. When I buy and use Apple products - I have to have faith in Apple to do nothing wrong with my data or send me a malicious update that compromises my system. It is all closed source and you only get occasional white papers explaining technology in abstract terms about their intentions. There is no independent person(s) that can vouch for Apple's integrity in building the systems the way they claim so.
That said, based on current status quo, I'd rather warily trust Apple with some of my personal data like GPS location, browsing history, Notes etc than Google or Facebook given the latter have a business motive to sell me out.
So when my friends or relatives ask me what phone/computer I think they should buy, I opinionatedly recommend iPhone + GnuLinux for the tech savvy and iPhone and Mac for the non tech savvy. I also give them a mini 5 minute lecture about
* Not allowing Location access to all the apps they download - Why would a calculator app need your location "Even while not using the app"?,
* Paying for their email service - I use Fastmail. ,
* Enabling tracking prevention in their browser to prevent tracking cookies,
* Using separate browser for FaceBook, Amazon and others while using FireFox only for personal/sensitive browsing needs.
Realistically though, your real world choice is android or iOS. Either a product which is half closed (play services) from a company that makes 90% of its revenue from ads, or a product which is entirely closed from a company that makes all of its revenue from selling products directly to their customers. In theory you can get AOSP and be in control, but in practice that’s not practical for normal people.
My two cents: half closed is pretty much the same thing as fully closed from a trust perspective, and apple’s incentives are much less in conflict with user privacy than google’s.
I wouldn’t touch Android with a 10ft pole - none of that open source stuff means anything when no human in earth has the time/money/competency to audit it.
I highly recommend an ad blocking VPN so rest of the apps hitting G ad network are blocked as well.
Googles explicit goal is to collect data about you to make money with advertizing. It works so well, Google even gives you stuff for free so you stay with them.
A privacy oriented VPN providers explicit goal is to give you some privacy, and you pay them for it.
Sure, a VPN can turn on you, but then they bite the hand that feeds them. Also, it would contradict what they explicitly say, completely unlike the situation with Google.
A Debian developer might also try to bring a backdoored package to your machine. Is therefore trusting Debian and trusting Apple the same? They are not, as Debians structure is transparent, the developers carry individual responsibility not just towards the Debian project, but towards every body that can see it, i.e. the whole world.
The theoretical possibility of multiple things being equally bad is irrelevant as long as other significant aspects are ignored.
On Android it's DNS66 [2] or NetGuard [1] (only the github version has hosts based blocking) for me. Both are open source and act as a fake vpn to intercept traffic locally on your device. No Cloud service needed.
I find Block This! to be pretty good on my Android devices. It's not actually a VPN--it's a fake VPN that just runs a host filter and dumps ad traffic.
They have a build on the web; I compiled my own off of their source, though, so can't vouch for that.
on ios, the ($3) app 'adblock' is a local vpn with domain-based adblocking rules -- in practice it's essentially an adblock hosts file, and doesn't take nearly as much battery
Does it? I've been using it on and off, on Android. I have set it to disconnect when screen is off. The impact on battery does not seem to be drastic, though it is difficult to do real side by side comparison.
Another option is to only use it on demand, while browsing.
It can leave connection open which prevents many cellular radio technologies from falling into lower power state.
Really depends on how optimized the cell modem is and how often keepalive packets are being sent by the VPN. Honestly, I haven't seen too much of a battery hit on ipsec VPN on the iphone SE. However, my older android phones used to get shredded on OpenVPN.
EDIT: If anyone's asking, I use the algo.sh script to deploy ipsec vpn on digitalocean (has option to enable adblocking too) https://github.com/trailofbits/algo.
What makes you think Android isn't audited besides insufficient knowledge on the subject? Wouldn't you think that the most popular OS in the world that has the top security researchers and companies combing through its source code trying to find vulnerabilities for over a decade would classify as being somewhat audited? I find it odd that you would not "touch Android with a 10ft pole" yet have no problem touching an OS that you, or a security researcher, can't audit the source code of. Security through obscurity doesn't work and your pole can't really help you when it bites you and it will.
You can't seriously tell iOS is not entirely closed just because they release source for two components under GPL. If they were able to stop using this GPL-ed close they certainly would.
Apple even stripped most of iOS related code for their MacOS open source drops. E.g they only recently started to release XNU source with code for iOS.
You don't have to use Play Services, and this is very easy to do. You can also use Play Services piecemeal. The choice really is between open or closed.
You can use Firefox as your default browser on Android but are limited to a bastardized version on iOS. You can run an OpenStreetMap app as your default map on Android, but you have no choice on iOS. You can build your own apps and run them indefinitely on Android, but you have to pay a $99 yearly fee (on top of the Mac tax) or rebuild every 7 days on iOS.
I don't recommend iOS to anybody. People who think it is more secure don't understand defense in depth, and people who think it is more private don't understand that Pixel and Android One builds actually collect less information by default (before opting in on any of the dialogs).
I tried the lineage version: I can't even register for signal (a messaging app) with microg enabled. The only workaround is to disable microg, register signal, then enable microg.
> People who think it is more secure don't understand defense in depth, and people who think it is more private don't understand that Pixel and Android One builds actually collect less information by default (before opting in on any of the dialogs).
For one, orders of magnitude more iOS users have been infected by malware than users of Google or Amazon flavors of Android even though there are orders of magnitude more users of the latter. See Xcodeghost, which Apple had to rely on Twitter users to find instances of in their own App Store. Compare to Google and Amazon, which run static and dynamic analysis of apps uploaded to their stores and allow third party security research on their stores, enabling both earlier detection of malware and faster takedown of all apps that share the same malware.
This is dangerously misleading nonsense. Yes, XCodeGhost was bad for iOS in China, but Android malware in China is of a different class entirely: it often comes pre-installed in the firmware [1]. Furthermore Play Store isn't available in China, and the Android app stores available in China are overflowing with malware.
500 million is the number of devices which potentially had access to an app store containing apps that had malware. It's not the number actually infected. I mean, come on.
> 500 million is the number of devices which potentially had access to an app store containing apps that had malware. It's not the number actually infected. I mean, come on.
From the article: "XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region." After that article was published, Angry Birds 2 was also discovered to be infected.
Did you notice how I compared to Google and Amazon app stores? Those are the devices that HN readers would buy (those Chinese app store phones are not available for sale in the US), and they have vastly more users than the iTunes App Store yet in total infected devices can't come anywhere close to the toxic hellstew that is the App Store.
Again, source? Xcodeghost was one instance of limited impact.
> Compare to Google and Amazon, which run static and dynamic analysis of apps uploaded to their stores and allow third party security research on their stores, enabling both earlier detection of malware and faster takedown of all apps that share the same malware.
No need to assume. https://researchcenter.paloaltonetworks.com/2015/09/more-det... not only shows that there were thousands more apps affected by Xcodeghost than originally reported (and thus, more infected users than the approximately 500 million estimate from the earlier link based on the original 50 apps), but also that Apple was still taking down affected apps days later, waiting for third parties to report them. This despite that Xcodeghost represents a single malware that can be detected with a binary grep. That Apple didn't have the infrastructure to deal with even that demonstrates how woefully inadequate their app management infrastructure is for dealing with malware.
Where does the link say this? As far as I know Apple has all the information needed to make this decision themselves. As you said, a binary grep, coupled with many of Apple's static/dynamic analysis tools should be enough to find this issue.
"Starting September 18, Apple began to remove some iOS apps infected by XcodeGhost from its App Store.... As of this writing, on Monday, September 21, we notice that there are still some previously known infected iOS apps available in App Store."
> As you said, a binary grep, coupled with many of Apple's static/dynamic analysis tools should be enough to find this issue.
As I said, it should be so simple if Apple had set up the basic infrastructure for this. Since it had not, Xcodeghost remained on the App Store long after it was initially discovered, allowing researchers to find thousands more affected apps. Compare to Google's Play Store which not only performs static analysis but also crash analysis, battery usage analysis, and dynamic analysis through running the apps in cloud VMs (something Amazon did at launch).
Is it actually easy to avoid using Play Services on Android? The ways I've seen this done before requires rooting your Android phone, which is sketchy at best, and often cannot be done at all.
I don't understand why you are downvoted. The relative openness of Android is the reason something like GNU's Replicant, LineageOS or CopperheadOS (all without Google software) is possible in the first place.
To see proprietary and incredibly locked-down devices such as iPhones advocated for so strongly seems so weird. As if openness and security are at odds or something.
Though an iOS user myself, I was on board with the logic of your comment until this point:
> … or rebuild every 7 days on iOS.
By tossing in a flippant remark, you undermine the legitimacy of the other arguments. I don’t think a reasonable person would conclude that you actually believe the above statement to be true. This type of rhetoric, in which reality is knowingly distorted to make a point, may be less effective than you consider it to be.
Honestly, I cant possibly trust Apple to always do the right thing. A corner stone of digital privacy and security is being in control of your systems and data which Apple takes away from its customers. When I buy and use Apple products - I have to have faith in Apple to do nothing wrong with my data or send me a malicious update that compromises my system.
For a user who doesn't have the foggiest idea about technology, to whom the whole thing is "magic," why isn't this rational? Do you closely examine the safety of chemicals in all of your cleaning products, household items, clothes, your car, and the devices in your home? For most people, probably no more than in a cursory sense, as it's not normally one's area of expertise.
We have to "outsource" many aspects of daily life to experts.
Paying for their email service - I use Fastmail.
You've effectively outsourced your email security to Fastmail. How is that any different?
I was not calling Using Apple stuff irrational. I use an iPhone myself. I was just saying that I still don't "trust" it because Apple can go rogue if they want to and I can't do anything about it. If it was an open source eco system, there would be more eyes on the product that even if I personally don't read the source code entirely, some non-apple person does and Apple would be wary of the public eye.
"Do you closely examine the safety of chemicals.."
No, but they need to list the ingredients, get it certified by authorities, and labs can freely test for the ingredients without the company's input. Software is just not the same as chemicals.
True, trusting FastMail is no different than trusting Apple. I didnt mean to say that FastMail was magically more secure. Just that they have no incentive to sell me out. I could've used any company for this. Just trying to not put all eggs in one basket. It is certainly a better choice than Google which creepily builds a profile of me to make money.
I don’t mean to be short, but your views demonstrate completely the bizarre myopia of the “hacker community” (for lack of a better term.)
Everyday users experience massive troubles with security issues, and incur painful losses, at the hands of criminals and black hats! I have no awareness of a major corporation “going rogue” and deliberately harming their users, ever.
The incentive structure is the opposite: companies generally try to help their customers.
That’s not to say they don’t fuck up, particularly when the incentive structure gets “skewed.”
To see that there is actually an inverse correlation between personal control of software and security, just observe the crypto currency space.
The losses suffered by users from bugs, security failures, and hacking are comically large.
"I don’t mean to be short, but your views demonstrate completely the bizarre myopia of the “hacker community” (for lack of a better term.)
Everyday users experience massive troubles with security issues, and incur painful losses, at the hands of criminals and black hats! I have no awareness of a major corporation “going rogue” and deliberately harming their users, ever."
English is not my first language, and I was ambiguous in what I wrote. By "Apple could go rogue", I meant that Apple could change their policies on user privacy and muck around with making money of user data. True that it is bad PR, and reversal of their current state, but what if there is a leadership change and the new ones think it is a goldmine waiting to be opened?
After all, we have seen Apple do exact things they said they wont. Big iPhones, mini ipad, give up on user privacy to the government in China...
"The incentive structure is the opposite: companies generally try to help their customers."
I think that's a bit too abstract. Companies try to help customers as long as it is in their business interest.
What do I wish would exist?
A hardware company in the class of Apple that stays with hardware, and a company like RedHat that builds mobile Linux OS with a GNU app store, where users can buy apps from the developers straight and install it themselves. That way no one is in complete control. Phones are pretty powerful these days to start using the features we have developed for laptops..
> A corner stone of digital privacy and security is being in control of your systems and data
I see this as an opportunity that Mozilla has, and I'd submit an "idea" to them but I don't know how. Google got big by making ads suck less - they were the first that delivered non-intrusive ads that actually worked (and were personalized too, to boot - without being intrusive!)
I wonder if there isn't a serious market for flipping the paradigm on its head. The marketers do need to deliver relevant messages to relevant persons... but I think they don't need to collect lots of personal data about you. What if someone trustworthy would flip the paradigm on its head? Say that you tell Firefox your interests, and, besides being a browser, it becomes a sort of "local ad exchange" too - when you visit "New Yorker", it says "I can display here an add about cars, or one about sleep pills, or one about cruises etc.". Instead of profiling the user - send extensive ad profiles to the browser, and let the browser pick locally based on user profile & preferences. It would be wasteful in that you potentially send a lot of ad metadata to a single browser... but, theoretically, all that metadata can be cached. And, I dunno, maybe it's not really that much metadata, afterall? It's a rough idea, but I feel it's one worth exploring that could provide genuine benefits both for (non-shady) marketers & for end-users.
Interesting, but I think that data would be only semi-useful for marketers. Situations change, needs change, and for some things, on a frequent basis. I imagine most users are disinterested in constantly going into their preferences to update what they're willing to view. It's much easier for them to let someone passively observe their life and web activity the way Facebook or Google do it. And except for a number of tech savvy tinfoil hats, most people would still choose convenience over privacy and security. The proof is in the numbers. So this would probably be dead in the water for Firefox because few marketers would find value in it. Hopefully, I'm wrong about people continuing to value convenience over privacy and security though.
Well, Firefox _could_ passively observe your life and update your preferences (better than Facebook or Google do, if it's the primary browser - since they'd observe you across all activities). It's just that it wouldn't need to share that information with anyone except you - it stays local. That's what I love about the system - you can be as targeted/"privacy invasive" as you wish without actually invading anyone's privacy, since people stay firmly in control of their own data.
To add to that, "private mode" would actually do what people expect it to do - keep them anonymous on the web, and not leak sensitive/ embarrassing information about themselves.
A great business differentiator, and something that could be much easier to execute at Apple (due to them controlling the whole stack) would be to create a fully trusted platform.
That is, design all hardware and software in-house, and use formal methods (theorem proving, program analysis and model checking) to verify everything. Furthermore, adopt a Qubes-like architecture where external untrusted applications can be run in an isolated way.
I switched over to fastmail last year and never looked back. I get no spam, it seems as secure as email can be in terms of the business model being aligned with my needs.
Good idea for the separate browsers too, I never considered that. I would just throw a vpn you trust (or roll your own) in that list, along with uBlock Origin and uMatrix.
Honestly, I cant possibly trust Apple to always do the right thing. A corner stone of digital privacy and security is being in control of your systems and data which Apple takes away from its customers. When I buy and use Apple products - I have to have faith in Apple to do nothing wrong with my data or send me a malicious update that compromises my system. It is all closed source and you only get occasional white papers explaining technology in abstract terms about their intentions. There is no independent person(s) that can vouch for Apple's integrity in building the systems the way they claim so.
That said, based on current status quo, I'd rather warily trust Apple with some of my personal data like GPS location, browsing history, Notes etc than Google or Facebook given the latter have a business motive to sell me out.
So when my friends or relatives ask me what phone/computer I think they should buy, I opinionatedly recommend iPhone + GnuLinux for the tech savvy and iPhone and Mac for the non tech savvy. I also give them a mini 5 minute lecture about
* Not allowing Location access to all the apps they download - Why would a calculator app need your location "Even while not using the app"?,
* Paying for their email service - I use Fastmail. ,
* Enabling tracking prevention in their browser to prevent tracking cookies,
* Using separate browser for FaceBook, Amazon and others while using FireFox only for personal/sensitive browsing needs.