Apple collects tons of user data, and I'm sure they use some of it to provide machine-learning backed services, and I'm sure they'll come out with much nicer products to compete with Google in the future, also enhanced by machine learning techniques.
The difference that Tim Cook wants you to believe in is that Apple doesn't directly make money from your data, they just use it to improve their product; alternatively, Google makes money from your data by providing advertises with guided access to your eyeball.
But the danger isn't in the fact that Google lulls you into complacency with free services. The danger isn't in the fact that Google sells guided access to your attention. The danger is just in the collection of data, and the fact that one day the government or somebody could find a way.
There's only one way to be safe. And that's to collect only minimal amounts of data for minimal apps. That means gimped Siri. No Apple competitor to Google Photos. And I don't think Apple will do that. I think they'll continue to amass all the data they use to improve customer experience. The fact that Apple makes money differently off the data doesn't change the fact that it's collection that's inherently dangerous.
> "There's only one way to be safe. And that's to collect only minimal amounts of data for minimal apps."
No. The only way to be really safe is to go live in a cave, not to have any friends and never go anywhere near any tech ever again. I'm sure you can tell that I don't consider that to be much of an option.
It's unhelpful to label 'data collection' as the source of the problem as 'collection' happens everywhere in our interactions with the world. There are valid arguments and discussions to be had about who really owns that data. It may well be about me, but that doesn't necessarily mean that it's mine. I'd say the majority of people are only just beginning to understand that a discussion needs to take place even though technical folks have known this for a long time.
One solution to the 'ownership' problem is to make it possible for everyone to run their own infrastructure. i.e. have their own 'backend' that apps/services can be installed into, which their end-devices can then connect to. This is already possible for the technically savvy but a lot of work is needed before I feel we can trust such systems (I'm working on approaches to this [1,2], based on unikernels).
In the meantime, I applaud business models that are not built around profiling (which is the crux of the issue cf. advertising). They're the only ones where the incentives have any hope of aligning.
+ "Run your own infrastructure" is currently a pipe dream for what is 99.9% of people.
+ Companies selling data when they go bankrupt or M&As changing the nature of what they do with the collection happens regularly.
+ Discussing ownership is fairly simple as well, "Does the company already have your data?"
+ Any business not based around profiling has a additional options to make more money by selling their (your) data.
Why isnt excess data collection a problem? Is it because its very very hard to solve and if we pass laws bad actors will continue to flaunt them? Is it because we are past the point of no return?
I just find it hard to run my own infrastructure. I tried setting up an e-mail server once, and the e-mails I sent from it were directly routed to the Spam folder of any Gmail account I tried to send them to.
I tried DKIM, but the e-mails were still sent to Gmail's spam folders. Eventually I gave up on self-hosted e-mail.
> Is it because we are past the point of no return?
If you look at the computer history, we already had several cycles from single computer to timesharing to mainframes/supercomputers to PC to thin-clients/mobile to (?). There has always been a time when single powerful computers were in the majority and then there has been times when thin-clients with big server structures were the majority. The Internet supports also the model of more decentral computers and everyone could host their data on their own devices. It's currently just not the right time and there is no business model behind it, so no one push for that solution at the moment.
Thank you for posting a well-balanced summary of the situation.
I think the biggest difficulty with balancing privacy concerns against other factors -- or even encouraging debate about and awareness of the issues among non-technical friends and family -- is that an item of data is itself neutral. It is how that data is used or combined with other data that may or may not be in any given party's interests.
Sometimes the exact same technology or data could be used for very good purposes, useful and generally harmless purposes, or hostile purposes, depending on the context. For example, consider automated number plate tracking of motor vehicles. If your child has been kidnapped and a witness caught the plate of the kidnapper's vehicle, you're going to appreciate the police being able to find and intercept that vehicle as quickly as possible. If you're an urban planner responsible for keeping transport infrastructure as efficient as possible in the face of a rising population, an aggregated data set showing how real travellers want to move around your city could be very useful, helping you make decisions that improve the system for everyone. If you're that same urban planner but on the side you're working with a load of jewel thieves and abusing your access to historical movement records to figure out when specific wealthy residents are usually away from their homes so the thieves can break in and then abusing your access to real time tracking to confirm that the residents really are out or warn if they come home early, that's not such a happy ending for the data subject. Analogous issues arise with many kinds of personal data, including more sensitive areas like financial or health data.
In the modern world, with vast databases and powerful data analysis tools and effectively instant communications and effectively unlimited storage, sometimes seemingly innocuous data can also give away a lot more about you than you might want or need. Things like what you bought at a store, or who you were tagged with in photos on social media, or a recording of you walking across a street on CCTV, can be used to determine many apparently unrelated things about you with relatively high (but, significantly, not complete) reliability, again sometimes quite sensitive ones that you might very much prefer to keep to yourself. Consider the store loyalty programme that determines a girl is pregnant from her purchasing patterns long before her partner or parents know. What about the person outed as gay because they were tagged with a whole group of openly gay people on holiday? Oh, by the way, unlike their friends in the photos, the first person lives in a country where homosexuality is still frowned upon and being open about it has real consequences. Also, gait analysis said you looked nervous as you walked into the airport, but it couldn't tell whether you just read a news story about a plane going down or you have inside knowledge of a terrorist threat, so unfortunately you won't be flying today. Just wait until automated text analysis software reaches the point that it can effectively de-anonymise posts like this one, and suddenly a lot of people who thought posting under a pseudonym was going to hide their criticism/whistle-blowing/advocacy of some controversial subject realise they weren't as safe as they thought and those comments are now permanently recorded on some public web site.
We therefore need to move beyond black and white assessments like "data collection is dangerous" or "social media sharing is fun". What matters is not just what data is collected, but also who has access to that data, what they are allowed to use it for (including for how long it's stored, what else it can be combined with, and the like), and crucially, how these things can effectively be controlled or regulated to ensure that everyone is playing by the rules when data is data and once someone has it for one purpose it can readily be used for another.
Agreed that data is in and of itself neutral. Similar to a gun it is not its use but how it is used that can be detrimental. In fact, this is true of most anything from a pencil to a car.
I think at the core however the issue is not how the data is used but one of ownership and privacy. It is "my" business where I drive. It is "my" business whom I call. It is data about me and my behavior. So to have that information about me used, even if it could be assessed publicly, without any need for consent from me becomes the issue.
License plate readers are tantamount to placing a tail on me. The same with tracking my movements via several CCTV cameras, etc.
Retention just makes the situation worse. Yes, you could approach it with laws of appropriate use of this data but the problem is what about when the laws change. And the data is still there. Similar to how people gave data to Radio Shack years ago to find it now being sold to 3rd parties. Privacy policies are constantly shifting for the companies' best interests. Who can keep track?
The problem is that once the data is collected it is out of your hands. And why the regulations need be at the collection level with strict opt-in requirements as well as the usage and retention level.
True enough. However, it is also the business of the people who are responsible for building and maintaining the roads to know how those roads are being used.
It is "my" business whom I call.
True again. However, it is also the business of the phone company who must provide the service you ordered and to which you will owe money based on the calls you make and, in some cases, who you are calling.
I do understand your concern about data being out there at all. However, the reality is that we interact with the world and the people around us all the time. Sometimes that will result in data that refers to us but also affects other people for legitimate and often unavoidable reasons. So I don't think an extremist position that no-one should ever be able to collect data about you without your explicit consent is ever going to work. As others have noted, that would mean you couldn't interact with almost anyone or anything in the modern world, and unless you're planning to live 100% off-grid as a hermit that's just not a viable possibility. Instead, we should consider issues like the retention and repurposing of data.
Licence plate readers that are automatically tracking cars through a congested area that has variable speed limits are potentially in everyone's interests: smoothing out the traffic flow makes everyone's journey faster and safer, and has basically no downside. However, once a vehicle has left that area, it is no longer necessary to keep any specific details about it for that purpose. The data can be discarded, or completely anonymised simply by turning each plate into a unique but otherwise meaningless number before it's recorded if it's useful to store aggregated data for more general traffic planning purposes. Similarly, if plate recognition is being used for enforcement of that speed limit, there is no need to record the details of anyone except those the system has determined to be exceeding the speed limit, where the evidence will be used for a subsequent prosecution. Once any resulting legal processes have run their course, the data can also then be completely discarded if no conviction resulted.
The risk in either case is not the scanning itself, it is the retention of the data and potentially use for other purposes and correlation with other data sets later. Given robust rules about keeping personal data no longer than necessary for its stated purpose, and probably about declaring its stated purpose in a meaningful and usefully specific way, this is not so much having a tail as having a driver in a car behind who happens to be following you for a while on the same road but then forgets they ever saw you within moments of going your separate ways. I doubt even the most privacy-conscious person would consider that an unreasonable risk in other contexts or expect to be able to prevent it.
> Apple doesn't directly make money from your data, they just use it to improve their product
Apple improves their products for several reasons, but as a for-profit business the main reason they would use some of their limited capital to "improve their product" would be to make money.
The details about how a business exploits user data is not that interesting. Arguments about this kind of minutia are a distraction and a waste of time. The problem is, as you say, the fact that they collect data at all.
> That means gimped Siri
As Dan Geer said regarding the inevitable software-industry complains about liability legislation
"Yes, please! That was exactly the idea."
Some people may wish to trade their future privacy for whatever clever trinket is being sold. I believe that is usually a bad trade, but they have the right to make that kind of choice. What is not being discussed is how the people that use Siri (and similar live-microphone-with-network-access products, including newer "smart TVs") are making that privacy decision not only for themselves, but they are also imposing their choice on everybody else the microphone can hear.
In his recent (highly recommended) talk[1], Aral Balkan suggested a very interesting model, because there is another product that is well-known to adversely impact the people "near" the user as a secondary effect: tobacco. Siri, Amazon's Echo, and most of Google's services are like software "second-hand smoke". Like smoking, I don't care what you do in your own home. What we need - at a minimum - is new social conventions/etiquette where you ask permission or step outside before enabling any of these recording devices.
The third party surveillance issue is certainly one that needs more attention and consideration.
Not on a social networking site? Don't worry, they probably know a significant amount about you anyway, just from friends who have given the social network the entire address book from their phone and a few photos with you in them.
Decided not to use Google because you're not sure about how much data they collect these days? Don't worry, they probably have a significant proportion of all the e-mails you ever send from one of the other parties anyway, and you have no reliable way to determine when this is happening or to avoid participating.
And of course there are the numerous third party widgets that not only make the modern web a slower, sometimes malware-ridden, often ad-ridden mess, they also follow those not technically skilled enough to protect themselves around. Don't worry, they promise they won't tell your health insurer about the medical conditions you were looking up. No, wait, they didn't.
Now we have the kinds of technologies mentioned in the parent post, with smartphones and headsets and home automation systems that have sensors and network connections being placed just about everywhere, and we really are starting to live in a society with permanent surveillance.
In many ways, these kinds of issues are much harder to address than the already difficult questions of how to control first party data collection. Most of them by their nature operate in the background where a lot of people will never even know they are there, and even those who do may or may not be able to do much about it.
It's more complicated. Apple's position as a hardware company that sells them with very good software is certainly the better position in comparison to Google, Microsoft & co.
Siri (as well as several other similar products) is based on Nuance technologies (speech recognition, text-to-speech, etc). It was recently in the news that Nuance outsourced their voice technology quality control (US based human workers listen to your voice data and checks the speech recognition quality, some workers mentioned they recognized single persons from reoccurring voice data). So your voice data is being processed by several parties.
The two big mobile OS vendors Apple and Google and also smaller players like Microsoft make it incredible hard to not-use their cloud storage&sync offering. Storage space is synthetically limited to low GB, with an high up price for additional storage. An SD-Card slot (= cheap extra storage, as a card is very cheap) is only available in Android devices (third party vendors hardware manufacturers like Samsung, Sony, etc.) but not from Google itself. All the inbuilt sync functionality only works with their own cloud storage, no third party cloud nor a simple sync over Bluetooth, Wifi or USB-cable. They could do better.
Actually, there's another alternative. Provide all these "insights" with offline, data-on-computers-you-own systems. The intelligence can be carried with you, without internet. This is traditional computing. Apple or Microsoft, or even any other competitor could provide that. They just need to sell you this software (oh and also build it first).
I'd like to disagree. When Google Now reads my email to track my delivery package number or flight number, it's my data. When it understands that I like sport team X, it's my data. When it knows where I work and live to ask Google servers the weather or how long it would take to go somewhere, still my data used as the request base.
When Google(+) Photos auto-tags my photos, still my data, although I'd admit the IA training requires a big amount of photos.
Looking at https://www.google.com/landing/now/#cards ; it's obvious a lot of those need online information. It's not obvious that the data source for requiring those online informations has to be in the cloud, or combined from multiple people's data.
>When it understands that I like sport team X, it's my data
It is, but that's pretty useless unless Google also knows so that it can send you the relevant updates.
>When it knows where I work and live to ask Google servers the weather or how long it would take to go somewhere, still my data used as the request base.
The weather, possibly (although again, it's not much use unless Google know enough to target the local weather at you). The how long to get there, not so much. One of the key things they use is info on where everyone else is. This is a classic case of pooling everyone's data in order to add value.
It is, but that's pretty useless unless Google also knows so that it can send you the relevant updates.
It's shortsighted to say that just because (example implementation) my device polls their server for $team, that it is the same as "google knowing" I like $team. The interface does not need to be authenticated, or keep logs. There is just a slippery slope between monitoring for diagnostics and abuse that incremental business value very quickly slides into tying team-specific view counters and a favorite team to my user identifier.
Yes there are other solutions that don't require Google to know who your favourite team is, but needing to have your device run a specific background process to constantly poll a remote server for each of the things you're interested in is a pretty clunky and resource-inefficient way of solving it vs subscribed push notifications from the server.
And Google doesn't necessarily know that you like $team. It knows that the email address you used to sign up to the alerts has requested updates on it. Is that really particularly scary?
I agree about the value Maps/Waze style pooling of information. Also agreed that social (what your contacts like) recommendations might be useful. Leaving aside the possibility of implementing those in a P2P fashion, I'm just saying this is not all there is, and that is in fact a minority of the useful stuff.
I think your point is good, and depends on the question of how much can be done on current and future hardware, and what differences might result to product quality in local-only storage and processing.
there is a point though in having as much data as possible for trainig and learning purpose.
Even with a locally installed AI, it will need to be trained on real and up to date data, it needs feedback on what was well recognized and on which data it failed, etc.
the training and update cycle can be done on an individual basis, but having a distributed system sharing a huge set of varied data would accelerate the process exponentially.
Ideally training data shouldn't be stored once it is ingested by yhe AI, but we'd need at least interconnected AIs dharing data from different users
Agree to a certain point. When Google wants to make suggestions based on preferences of other people (known as collaborative filtering), how do you suppose that information is computed?
Right, It's your data because it's the things you care about, but knowing you isn't what google cares about, they want to know where you intersect with everyone else.
I'd like Google to store only at most N bits of information about me. That way, when I type "python" in the search bar, Google knows I'm a programmer, and am not interested in results about snakes. However, google does not know what television show I watched last night, because that doesn't fit in the N bits that I'm allowing Google to store about me.
Viewed differently, the value of N specifies how uniquely identifiable the user is.
I know it's been beaten to death. The cloud has been winning over last decade, we'll just have to wait for the next wave to come and bring back the intelligence next to the user.
I gateway all my devices through one computer running a stripped down kernel. Through this host I monitor all attempted network connections. I block ads and of course this means I block Apple.
Apple devices are like beacons, attempting to contact a variety of Apple servers from the moment you turn them on and continuing to "phone home" incessantly 24/7 until you turn them off. That is only one example, but to me it is the most egregious.
Apple's competititors are no better. Do users really believe that one of these companies is going to protect them?
When the owner of a Chromecast plugs it in for the first time it tries to connect to Google to patch itself and prevent the owner from jailbreaking.
Perhaps my favourite was this patent application from Apple, with the CEO as a listed inventor.
As for "providing advertisers with guided access to your eyeball" I believe that is what the App Store system does; it lets the app developers do the providing by embedding advertising into applications (cf. operating system, as in the above application).
Have you analyzed this traffic to see what it is? I would expect some of it to be stuff like NTP, checks for internet connectivity and app store updates.
> I gateway all my devices through one computer running a stripped down kernel. Through this host I monitor all network connections. I block ads and of course this means I block Apple.
Do you do this always via a vpn or something or was it just to try it out?
For me, the ad blocking is most easily done via DNS. djbdns features make it especially easy. I have been using DNS to block ads especially in app ads for several years now. Never expected it to work so well (such heavy reliance on DNS by developers), but it does.
There are of course other ways besides DNS to block unwanted connections including ones to Apple and third party ad servers.
As for Apple's VPN capabilities, I have experimented with xl2tpd but not as a way to block ads.
It's even worse than that.Not using Apple's products is a good way to increase privacy. How ?
If you use Google's products(and who doesn't use Google Search ? ) , Google already knows plenty about you. And even if you don't use Google products, Google knows plenty about you, since it's tracking software is installed in large percentage of sites, etc.
And if you add machine learning on top of that , the amount that Google knows about you is great - even if you use Apple's products.
In reality, by using Apple's products, you don't gain privacy , you lose privacy - now two companies know a lot about you, instead of one.
It feels like the same underlining luxery branding of Apple products. Those guys are tacky and cheap, we are HBO. Apple doesn't even own a TV, they go to the art house theater...
With the car industry about do become part of the ecosystem it makes sense. Get in a Google Taxi and you'll have to watch targeted ads the whole way there. Get in an Apple Taxi and listen to classical music.
IMO, the main difference is that Apples gives you more choice in the matter. I can still choose to not enable iCloud, and only sync my iPhone / iPad to my computer.
Also, for some data collection Apple explicitly asks you whether you want to share the data to improve its service (location data and crash report data, for instance)
This is just a another way of saying "business good, government bad".
The fact that Google abuses the data and Apple doesn't is already a major difference. Just because government can use its monopoly on violence and imprisonment to go one step beyond doesn't make what businesses do harmless.
Yes, the collection is already inherently dangerous, and what Apple does is certainly not harmless. And yes, they will use that data to their advantage.
But the unscrupulous abuse of that data, the blatant disregard for privacy, a business model that depends on abuse of that data, and the obvious hunger for social and economic power by Google and co is not a minor difference.
That it happens to be commercially advantageous for him to say that his business model is more virtuous than Google's or Facebook's doesn't bother me. In fact, I think there are fixes that could preserve their business models yet reduce the threat. Great. In the mean time, we need people to understand that unfettered surveillance and data use, taken together, are a drastic threat to human freedom.
I like the idea that doing the right thing can be profitable, and don't see why a business should be criticized for aligning interests with its customers. It's a better way to enforce privacy than laws.
I'm repeating myself (from other threads) but Mozilla should use this sales pitch. Very few users can evaluate business' privacy practices; they only can trust the business. Due to their non-profit, public good status, their mission, and their track record, nobody could compete with Mozilla on trust.
EDIT: I'll add: Certainly the other two leading browser makers couldn't compete, and in mobile platforms only Apple, if they sell Cook's pitch effectively, can provide any competition.
Does Mozilla's track record include their suggested advertising tiles on your newtab page, based off your browsing history? Or their defaulting to Yahoo to send your searches because they were the highest bidder?
Now yes, they say the tiles are based on your local history and not transmitted anywhere; so it's not as bad (I don't care if other people don't see it, I don't want my data mined even locally for the purpose of showing me ads); but it's pretty clear that Mozilla is a business that wants to earn money. And as the saying goes, "if you're not paying for it, you're not the customer -- you're the product."
But you're right about one thing: they're probably the least bad of all the browser manufacturers on all this. Maybe what we need is a crowdfunded browser, where the company listens to their users and has no conflicts of interest.
The huge difference is that they are completely upfront about it, turning it off is trivial and requires no digging into settings as the switch is right on that page, what they do with your data in terms of the tiles is entirely open source, etc. Plus, the default search engine is paid everywhere. Google, Yahoo, Bing, Yandex, DuckDuckGo, etc all pay for placement in browsers. Users are free to select whatever browser they want in good browsers.
Mozilla's a non-profit - the money it collects goes into supporting additional open-source products. At the moment, it does this on income of $300 million per year (mostly from their search provider). Of this money, $200 million goes on software development, $10 million goes on running their services (downloads, sync etc), and $70 million goes on administration, general costs (buildings etc) and marketing.
So yes, if you're hoping to crowdfund you a browser, then if you can't persuade people to donate millions and millions and millions then you're not going to be successful. A modern browser engine is millions of lines of highly optimised code long (check out Servo), and that corresponds to hundreds of millions of dollars of investment.
At the moment, you're essentially trying to say that being open-source and being actively developed are mutually exclusive, which seems odd (if Mozilla threw away Yahoo, they'd be bankrupt).
> A modern browser engine is millions of lines of highly optimised code long, and that corresponds to hundreds of millions of dollars of investment
Currently Firefox is 12,000,000 LOC, so each line of code costs $25 per year? o_O If so, I am in the wrong business, given my main project is 300,000 lines of my own code.
Now, I totally believe the costs are astronomical to run a web browser team and all the servers required for such a feat. But surely it can't cost nearly this much. Especially with volunteers working on it as a labor of love as with many other major open-source projects, such as Linux.
In my ideal world, access to technology has become so essential that I think it's not unreasonable to consider public funding for things like an operating system and web browser. I do realize this is the worst site possible to suggest such a thing, of course ;) There's countless problems with that idea as well. We'd need a government that didn't spy on its own citizens, and wasn't far more wasteful than the private sector. But a man can dream.
But at this point, I'd be happy with a $1m Kickstarter to develop a fully-featured Webkit-based browser UI that is absolutely by the users, for the users. Taking only their input in mind (no crazy designers that "know better than the users"), no compromises on corporate interests (DRM), and never implementing any form of advertising nor doing any backroom deals with companies that want to mine your data like Google and Yahoo.
Mozilla do a lot of work besides Firefox. They have Thunderbird, Firefox OS, Rust, Servo, Bugzilla, etc etc.
Brooks' estimates suggest that cost of development increases with the square of the length of the code.
Likewise, a single developer should expect to achieve around 10 lines of code per day on an established codebase. This is about $45 per line of code at SV rates.
Mozilla has over a thousand employees on its various projects, and this income is necessary to keep them in work.
You wouldn't get $1M out of that Kickstarter. You could literally just change the default search engine and compile Firefox yourself.
I don't really mind the default search engine all that much, personally. Not gonna lie, I use Google anyway for web search because it's the best at what it does.
I do think it creates a conflict of interest when you're a privacy organization and by far your biggest customer is a company that makes all its money in the advertising business, but like you said, it's easy to turn off.
I'm a lot more creeped out by the newtab tiles. Again, I know you can turn it off, and I know it's not transmitting my search history off of my PC. I don't think that makes it okay, though. I don't want code on my PC that's designed to analyze my behavior to push products on me.
I know I'm in the minority here, but I'd be willing to pay some money for a light, configurable, sensible browser like Firefox 4 but with modern HTML5/CSS3/etc support. It'd have to run on FreeBSD and be open source, of course.
> Mozilla has over a thousand employees on its various projects, and this income is necessary to keep them in work.
Here's a thought experiment - what it Mozilla spun-out a "Firefox foundation" that only worked on Firefox? How many employees & how much funding would that require? I suspect it could get by without the ads and could infact, be kick-started.
Granted, this would not mesh with Mozilla's manifesto, and the other projects would die without the ad-powered money-printer that Firefox is.
Mozilla clearly likes having all those projects, and is willing to make compromises to achieve that. Maybe you think the non-firefox work they do is valuable enough that you're ok with them auctioning off the default search engine setting (for example) to fund it.
Myself, I'll stick to Konqueror. You don't need a Mozilla-sized organization or Mozilla-scale funding to make a great (IMO better than firefox in many respects) open-source browser.
> Does Mozilla's track record include their suggested advertising tiles on your newtab page, based off your browsing history?
Yes, in fact it enhances Mozilla's reputation (or should): 1) It doesn't compromise your confidentiality because, as you point out, your data never leaves your computer; and 2) They provide a way (and open code) for the whole industry to greatly improve the confidentiality of their advertising.
> I don't want my data mined even locally for the purpose of showing me ads
That's fine, but it's not a confidentiality issue.
> defaulting to Yahoo to send your searches because they were the highest bidder?
Given that there are confidential search vendors, such as DuckDuckGo, I agree that this is a confidentiality issue.
At the moment, this thread seems more like a YouTube comment section than a HN one. Though it's not exactly surprising given that Tim Cook's speech is obviously aimed at Google/FB.
Let's start with the facts. Apple makes its major money in hardware. Google makes its major money in search. Obviously, iOS has to be able to compete with Android in order for iPhones to sell well. Google offers services like Google Now and Google Photos that can be tailored in a more personal and effective way. How? They collect as much data as they can get away with. Consumers get to have services that should be better suited to them because of this.
If Apple wants to compete, it seems that there are two options:
1. Start mass collection and become a better Google.
2. Reject Google's model, and build iOS around privacy and non-invasiveness.
That's what this is. I do think Apple will either make a search engine focused on privacy or buy one (e.g., DuckDuckGo). Personally, I am happy that Apple and Google are competing in this way.
The problem is that Duck Duck go doesn't provide as good results, because it lacks the personalized data. Google knows that when I search for Django I want the web framework. Duck duck go gives me that as well as many links to the film. I think option 1 is more likely for Apple.
I've been using DuckDuckGo as my main search engine for about a year now. It is good enough for me in most cases. For the times it isn't, I use Google.
I think there is a large amount of value in both of options 1 and 2. To me, the idea of Now on Tap and Google Photos is absolutely horrifying. On the other hand, my roommate told me that the Google Photos app was perfect.
I suspect that my views will hold, but it is possible that personalization becomes too important to opt out of. I tried to delete my Facebook for similar reasons recently. I missed out on enough party invites and messages from classmates that I ended up going back.
Unless Jamie Fox someday starts giving speeches about Django framework, this sounds like a pretty weak excuse to use a google-style (i.e. 'personalised') search engine.
> I think option 1 is more likely for Apple.
Google's business model is basically selling aggregated user data - not in the form of raw data but in the form of targeted ads - for $0 (note, they aren't "free") services.
Apple's business model is about selling hardware and software, and providing a fairly complete ecosystem to use those products in/with.
Given that Apple's iOS+ecosystem accounts for close to 90% of the profits in the smartphone market, I don't understand this claim by people "Apple will have to adopt google's strategy to remain competitive".
If anything people are becoming more sensitive and more aware about the "creepy" factor of having all your personal information in the hands of some corporation that uses it for profit.
Well, the search engine I'm using not being able to find what I'm looking for is also a not a good thing.
I quite like DuckDuckGo, but 10% of the time DuckDuckGo falters on a search and I have to put in a '!g'. Clearly, you can't be the absolute no. 1 search engine accross almost all queries without using some degree of personalisation.
As for a search bubble, Google and DuckDuckGo just take two highly opposing views. In reality, I'd love to be able to turn personalised search on and off at will, but neither DuckDuckGo or Google are going to let me do that any time soon.
I don't get the argument being presented there. In either situation, some information is visible, and other information is buried. Presenting the same top results to everyone is just as bad of a bubble.
> everyone seeing the same results for the same search terms is inherently not a "bubble"
Sure it is; the difference is its a search-provider-specific bubble, rather than a user-specific bubble. Both isolate you from information which exists and potentially distort your view of reality.
Its analogous to the difference provided by the information bubbles provided from the (highly-selective, often-biased-in-the-same-way, rather homogenous) mainstream media in the pre-internet era and those provided by the much more heterogenous, audience-specific online media outlets from which people increasingly get news today.
Sure it is. Everyone's exposed to the "average" person's top 10 or so results. With personalized results, potentially millions of different pages are exposed as the top 10 or so results depending on who's searching.
You get stuff that's a little more relevant to your usual interests, which places you in your own bubble, but IMO that's better than everyone in the world being in the same shared bubble.
I don't think you understand the term "search bubble". It's a bubble because you're cut off from the rest of the world, like the boy in the bubble.
The only way everyone getting the same results is a "bubble" is if you consider us living within the atmosphere of Earth as being in a "bubble".
> You get stuff that's a little more relevant to your usual interests
Did you even read the linked page?
Claiming that getting results that are in-line with your pre-disposed ideas (which are expressed through the profile Google/etc have of you) is like claiming that a board of directors full of yes-men is a great recipe for success.
> It's a bubble because you're cut off from the rest of the world, like the boy in the bubble.
Everyone getting the same narrow set of search results for a term based on global popularity means everyone's cut off from more diverse search results. We've seen research that indicates people click only the top couple results. IMO, that's a big bubble.
> Claiming that getting results that are in-line with your pre-disposed ideas (which are expressed through the profile Google/etc have of you) is like claiming that a board of directors full of yes-men is a great recipe for success.
And giving everyone the same results is like having a single board of directors for everyone.
I have duck duck go set as my default, but when I want to get something specific and quickly, I often have to use the "g!" option. DDG works well for more "mainstream" searches but for niche stuff the results are not as good.
Is it really so much harder to search for "django framework" instead of "django unchained" or "django guitar"? When you type in "django", DDG will suggest some searches to autocomplete as well. Is the performance benefit of personalized searches really worth it, compared to refining your search technique in small ways?
Personally I prefer DDG simply because the bang codes are so convenient.
You're not wrong, but I wouldn't separate the two. The reason Google can have the #1 advertising platform is because it runs the #1 search engine. Search powers personalized advertisements, and is responsible for most of the money in Google's business.
I don't think Tim Cook specifically rejects the collection of data on customers. I think he is pro-collection of data where it helps improve customer experience. His criticism is for companies whose model of business involves selling guided access to customer attention, aka Google and Facebook. His criticism is for what you do with that data. He would probably say that Apple uses its data to help its customers, while Google or Facebook "sells" out their customers.
From that communication, I read that Tim Cook is against some business models, not machine learning or data collection.
> From that communication, I read that Tim Cook is against some business models, not machine learning or data collection.
Which sounds exactly like posturing to me. Contrast this with what he says about back doors - if it's there a key under the mat for cops, the bad guys will get it. The same applies to data collection - the motives behind the collection don't matter. If data is collected, sooner or later some of it will fall into the hands of a 3rd party the user didn't expect - possibly bad guys (through legal discovery, a hack, bankruptcy sale, or some NSA ALL-CAPS program).
The right thing for privacy is to not collect the data, but Apple is unwilling to take that business decision (imagine how bad Siri would be if voice data wasn't sent to a backend).
It makes me chuckle when you mention this being like a YouTube comment section, thanks! I always found it very sad that the comments section on YouTube is typically chock-full of disgusting insults, profanity and general horrible comments. It should be renamed the "abuse" section instead of "comments". It makes you lose any hope in humanity pulling itself out of the cess pool.
Making a speech is easy, compared to actually doing the right thing.
Just a month ago, I was asked by an employee of an Apple Certified Service Provider to decrypt my hard drive in order for Apple to make a "hardware test". There was an issue with my display, but they insisted that Apple's hardware test needed to have access to the data on my hard drive and send information back to Apple via the Internet. What about privacy, now?
So, don't believe anything they tell you. If you want to be secure, you need to take care of it yourself.
Edit: Just to make it clear, the employees were asking me, to hand over my administrator password, which should be added to their database, in order for the technician to successfully run Apple's hardware tests. This is literally the most insane thing that ever happened to me...
My out-of-warranty MBP needed a new battery because the original battery had started to swell up. I called my local Apple Authorized Service Provider (the only one within 250km) what the procedure was if I wanted to purchase a new battery.
They said I would need to drop off the computer with them; they would order a new battery and I could have it back in a week or so. I said I couldn’t do without the computer and I couldn’t let them access the hard drive (not encrypted) as I have proprietary data on it.
They said I could make the full payment and bring it in when the replacement battery arrives, leave it with them and collect it in a few hours. They insisted they could not replace it with me present and the minimum time I would need to leave it was 3 hours. This is easily enough time to clone the hard disk, which I did point out, politely, but they said this was the most they could do for me.
I ended up buying a third-party battery and changing it myself. It took less than 10 minutes. If it doesn’t last long, I’ll just have to buy a new Mac.
So yes, apparently there are no standards in place for data security as far as authorized service centres are concerned.
Well, I was arguing with them for 10 Minutes. They tried to get my administrator password (because I use FileVault) and I refused. They wouldn't even look at the display issue (not software or data related) without the password.
In the end I just wiped the hard drive. They should've asked for that immediately.
>"In the end I just wiped the hard drive. They should've asked for that immediately."
They should have. That said, I'm confident that the significant majority react extremely negatively towards that request, so they have learned to ask for passwords first. Best practice? Definately not.
I added a little bit to my comment above. They are asking people for administrator passwords and put them into forms in their computer system. Rule number one of computing is that you shouldn't ever tell anybody your passwords. Asking for it is ridiculous. Considering how casual they acted, I can only assume that quite a lot of people actually told them. That makes me really worried.
If you have full disk encryption enabled, the system won't boot if you don't give it the password. They write it down because you can't expect a tech to remember 16 digits of alphanumeric password for each client, as it looks bad when they have to phone up the client asking what their password is when they forget it.
Writing down passwords is bad because other people can find them. If they're kept safe, there's no issue.
How about asking to backup your data (which they ask anyway) and asking that the disk be wiped. There are no problems then.
Handing over your password means that there is practically no barrier for a technician to obtain all your data, all your private keys, etc. It only takes one guy with malicious intend to make your life miserable. Often, people also store their work related keys on their computers. So how about opening your company up for someone else?
The issue is that not all people are careful with that. And the code of conduct of Apple to just trust any technician 100% is completely wrong. Setting up a secure infrastructure means, you should assume that parts of it are already compromised. In that case, assume the technician is trying to obtain as much private data as possible, how can they still keep their customers safe?
If you do work related stuff on your computer, your work should be taking care of the computer. This is why most people get assigned a computer by their places of employment, and are not expected to use their own. The place of work has their own tech team who deal with these types of issues. It's a really bad idea to do work stuff on a home computer because it makes your device much more vulnerable to being snooped on and controlled (for example, your place of employment may gain the ability to remotely wipe your device), and generally if you are in such a pickle then you should just not give them your password.
Again, it could be a software issue. If I complain that my WiFi isn't working, and you take it in to have a look, and your diagnostics say that WiFi works, then without the password you can't do anything at all. If my problem is that Safari runs really slowly and you can't log in, you're not going to be able to fix that.
If your only fix is then to reinstall the operating system and hope for the best, then you've done a terrible job.
In any case, the tech has physical access to your computer, and in the presence of that you should not assume any security from your disk encryption. FDE is good for one loss of control; after that you should assume compromise.
They can still do some tests. It's not like wiping the hard drive helps solve software issues.
>FDE is good for one loss of control; after that you should assume compromise.
If the threat model is a malicious actor, yes. If the threat model is accidental plaintext password leaking, there is a huge difference between the scenarios. I could construct a similar argument against password hashing on servers...
>If the threat model is accidental plaintext password leaking, there is a huge difference between the scenarios.
That's just fear mongering.
Why would you not change your password before taking it in? You should be changing it regularly anyway, and you shouldn't be using that password in more than one place. The idea of it leaking from a technician's database is irrelevant because you would change it as soon as you get the machine back.
99.999% people in this world would much rather take the risk of an Apple tech having their password, then go through the trouble of wiping their drive and reinstalling. Perfect is the enemy of good. Apple has made it easy for people to encrypt their drive with FileVault, which is a huge step forward for privacy and security. As a result, I am okay with a single Apple tech having my password, which I assume gets purged once the computer is returned to me.
If you are that worried or tech savvy, just wipe it before you go in. You seriously expect them to ask every single customer to wipe their drive?
They can't boot it off a flash drive? I can understand asking for a password to do that, but the system should not be designed so that they need access to the current OS install to diagnose hardware problems.
Who said it's a hardware problem? When my logic board was replaced recently, I had horrendous issues for a few days, with Chrome unusable, high CPU usage, etc - something was funny with the drivers, and it took some command line mucking about to fix the issue.
Had I given them my password, I'd not have had the issue. I was able to do the fix, but not everyone would be able to.
Was this done through an Apple Store?
The Apple Store staff have asked me for my password too. I've always asked if a Guest account was enough and it's never been a problem.
I've always found the "Geniuses" to be fairly helpful and they always explain what they were going to do to my gear.
It works with a Guest account, if you don't encrypt your hard drive. If you use FileVault, they specifically need your administrator password. So what are they actually doing there?
That rule #1 doesn't quite apply in this situation.
That you should never need to give out passwords is mostly a safeguard for social engineering and phishing scams for accounts stored on a server over the internet. Only a malicious third party would ever ask for these types of account passwords, because those with legitimate needs to access it (you and the service operator) already have it (hopefully just the hash in the case of the latter).
The password you're referring to here is an encryption key for a local hard drive that nobody else has access to. If they do in fact need access to the encrypted OS partitions stored on your hard drive in order to diagnose your problem, then they have no choice but to ask you for your encryption key. That's cryptography working as intended.
I disagree. Not even someone who's there to help you should know your passwords. Consider that many people use the same password for a lot of accounts. On top of that, they already have your email address. By asking their customers for their passwords, they don't just ask them to hand over all the data on their computers, but they also make them vulnerable with regards to their internet accounts.
If I have a hardware problem with my display, I don't want them to read my hard drive. Apparently they still try to do so, which I think is a severe violation of privacy.
I'd have completely understood if they'd asked me to wipe my hard drive because of some data crawling Apple hardware test with an uplink to HQ. So they do have a choice "Can you make a backup and wipe your hard drive?" But asking me for my encryption password means they fail to understand why people encrypt and they don't care for the integrity of your computing.
Apple techs have access to external drives with multiple versions of OSX installed. If they need to boot your device to test the hardware itself, they will use one of these. If those tests indicate no hardware issue, their only next step is to check out your OS. That would require administrator access to your machine if you're using whole drive encryption.
I mean, I get what you're saying... they should have verified those things up front before asking for access, but I'm pretty sure they work on the concept of getting you the fastest service they can, balanced with the amount of customers they need to help simultaneously. My guess is that the admin password is a default question because they know they _generally_ will need it, so it's best get it up front rather than waiting hours or days for the customer to get back to them.
Personally, when I had to take my Macbook in, I just zero'd out the sensitive data, changed my admin pw to something temporary, and let them have it. I know this will be a TOTAL surprise, but the multibillion dollar corporation didn't use this as a chance to hack my life. What a novel thought.
But they did not use any backdoor. Etchalon is right - if they had to access file system how should they do that if it was encrypted? And you were in control of the situation - next time change the password to temporary one before handing it over. And if you are really paranoid decrypt and encrypt the drive afterwards to have new encryption keys ;-)
Yes, this speech is more marketing than anything. At the end of the day, just like with google, apple is sending your data to the cloud. Location data, they even have their own street view now...
If Cook is serious, the message will have to trickle down to the people who make these processes to be sensitive to privacy needs. It takes some commitment.
In addition to the comments already here, I think this comes down to trust. Which companies do you trust? Which CEOs do you trust?
Eric Schmidt: "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It." [1]
Mark Zuckerburg: "They trust me — dumb fucks." [2]
Tim Cook: "I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” said Cook. “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be." [3]
Tim Cook: "Our business is based on selling products, not on having information about you. You are not our product." [4]
Tim Cook: "We take a very different view of this than a lot of other companies have. Our view is, when we design a new service, we try not to collect data" [5]
Actually I trust Schmidt more after that particular quote because he was warning about the Patriot Act before pretty much anyone but privacy advocates cared:
> "People are treating Google like their most trusted friend. Should they be?"
> "I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines, including Google, do retain this information for some time. And it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that information could be made available to the authorities."
But as I said below, that never got play back then, so we get the incomplete quote everywhere. It took Edward Snowden to make the tech blogs finally change narrative.
Also I'm not sure how an obviously poor sampling of quotes demonstrates much of anything. Even if you were doing some squishy sentiment analysis your study would still be thrown out for poor coverage.
Currently Mozilla is the only Internet company that I trust not to sell me out. And I'm keeping an eye on them as they develop the new New Tab, which will feature advertising.
In context, the most charitable interpretation I can give is that he's saying you shouldn't trust anyone (not even Google) with data you want to keep private. A less charitable interpretation is to replace "not even Google" with "especially not Google", as they're not just retaining incidental personal data but actively harvesting as much as possible.
“I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,”
“They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”
This is a great strategy to win the hearts and minds of privacy advocates like me and take shots at companies like Google at the same time.
But it's still mostly bullshit, though, especially coming from a company using closed source software for most of its products. Nobody can really tell what they are collecting, what they do with it and how much of it they share with third parties (including governments).
If you google a bit, I bet you will find similar speeches from every single big company CEO these past years: "Privacy is our number one priority, blah blah blah".
If you think Apple is different just because Tim Cook has great speech writers, you're being naive.
All these companies are in it to win your private information, and we are all prepared to give them some of our private information if what we get in return is worth it. That's the game, simple.
As I never tire of pointing out, he was actually pointing out how to protect your privacy from the federal government before many cared at all:
> "People are treating Google like their most trusted friend. Should they be?"
> "I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines, including Google, do retain this information for some time. And it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that information could be made available to the authorities."
But that never got play back then, so we get the incomplete quote everywhere. It took Edward Snowden to make the tech blogs finally change narrative.
The government doesn't force Google to run their business the way they do, dependent as it is on such huge amounts of personal information, to provide "better" (for some peoples value for better) targeted ads.
If Google don't track/store what I search for, what results I click through to, etc, it doesn't matter what the US government asks them for - they are technically unable to hand over data they don't have.
I guess. It's a tradeoff, really. I find it very convenient to store all my photos with Google, for instance, and I make that decision with eyes wide open. Same with search history or even location history. I'm sympathetic to the argument that there are a lot of consumers making that decision without full knowledge (the help documents are actually pretty good[1], but you have to know they exist to read them). However, I'm not remotely sympathetic to the idea there's no possible reason one would make that tradeoff.
I think, sadly, that's not true. The government can force them to change their business, and begin recording personal information that passes through their hands. Its very strange.
There is a lot of tracking Google does that couldn't just be instantly turned on at the request of a government if Google wasn't already doing it.
For example Google Analytics: if that product didn't exist the government couldn't just ask Google to install tracking scripts on half the websites in the world without anybody noticing.
You could argue that the government could force Google to create and market Google Analytics. But that just re-enforces the idea that we shouldn't be using Google Analytics - we don't even know if it isn't entirely a program created at the request of the US government (I don't actually believe this, but it's where you end up if you start worrying about the government forcing Google to change their business).
If you have a site where this would be a significant worry for you, then yes, you absolutely shouldn't be using a CDN (or, at least, should only be using it in limited ways; images are probably safe); the CDN provider or anyone who can control it can do you a lot of damage.
The correct analogy would be "by that argument, everyone should think very carefully about the pros and cons of using a CDN to serve part/all of their website".
Which.... is true anyway, regardless of the potential for government-enforced data collection.
As magicalist points out in his response, you are taking Schmidt's quote completely out of context. Don't feel bad, you're not the only one.
Schmidt (and Google) are extremely pro-privacy and against sharing information with the government. Google must have like ten lawsuits going on at all times on the entire planet trying to fight intrusive data request from governments. They spend hundreds of millions of dollars every year to prevent governments from gaining access to their data.
At least with Android being open source, they have a reasonable track record of transparency (obviously, that doesn't apply to their search logs, which are still proprietary).
> Schmidt (and Google) are extremely pro-privacy and against sharing information with the government.
Privacy doesn't mean "don't share my data with the government".
> They spend hundreds of millions of dollars every year to prevent governments from gaining access to their data
Funny how you say "Google are extremely pro-privacy" and then describe the vast amassed personal information of users as "their data", referring to Google.
That's exactly what privacy means. When I'm dancing naked in my house, I don't care if the guy holding the IR camera across the road is a government employee or a company's employee. All I care is that he has a camera.
If some private data of mine (including, but not limited to pictures of my genitalia) ended up someplace other than on a medium I own, that data is no longer private. I.e. it was a privacy breach.
This is exactly what "Apple-is-better" people on this thread do not get.
They are suggesting that the Apple IR camera is good because it improves the user "experience by syncing with itunes to play a song with the right tempo as you dance" as opposed to the Google IR camera which will result in sun-burn cream ads. What the typical person would want is no IR camera at all.
> Apple collects far less personal data than Google/etc
Agreed.
I don't know if we are disagreeing. Or perhaps you disagree with the notion that the ideal situation for privacy is when no personal collection is done?
Android is becoming less and less open source by the minute. Google used the opensourcedness as a trojan horse to get the OEMs, but now it's pulling it away.
Ignore that: Google had to rein shitty OEMs in because they were trashing the brand as bad as OEMs screwed Windows. Bad OOBE, inconsistent, buggy, etc. Using GApps as a carrot/stick is something they should have had from the beginning.
There may be other reasons, but the QA aspect is enough that Google would have to hit the OEMs, even if Google wanted to promote open source.
It's funny how Google advocates always "bash" apple for being "closed source" when this company ships the most popular Unix in the world... and all of their products, even the watch, are based on it. Yes, they do keep the Application/UI layer closed source, but so does google ("Google Apps").
Yet google has spend years propagandizing that they are "open" while Apple is "closed" and that plays right into the latent desire to hate Apple from those who got a PC instead of a Mac when they were a kid.
Apple is different because for nearly 40 years they have been honest and forthright and treating people different. Google says "don't be evil" and then goes out and does evil. Apple doesn't say it, they just don't do it.
The idea that all these companies want private info and thus are all going to be evil is cynical.
And it ignores the fundamental truth: Apple's product is really nice software sold in a hardware box. Google's product is your private info.
> The idea that all these companies want private info and thus are all going to be evil is cynical.
"cynical: believing that people are motivated by self-interest"
In a free trade, capitalistic society, companies are by definition cynical, because the ones that are not go bankrupt.
> Apple is different because for nearly 40 years they have been honest and forthright and treating people different. Google says "don't be evil" and then goes out and does evil. Apple doesn't say it, they just don't do it.
I was with you until that last part. I would totally be on board with you if you say Google and Apple are both equally evil because they are looking after their own interest. The fact you think that google is doing evil and Apple is not makes me think you're a bit too far gone on the fanboy side.
>It's funny how Google advocates always "bash" apple for being "closed source" when this company ships the most popular Unix in the world... and all of their products, even the watch, are based on it.
Android ships far more units than OS X/iOS and their derivatives do.
I stand corrected. You appear to be technically correct that OS X is "Unix" [0] not Unix-like or a Unix clone like Linux-based operating systems. Legal precedent established in the SCO-linux cases [1] seems to confirm this technicality.
I think the distinction is pedantic, but I think we can agree that Android is the most widely shipped OS based on a Unix-like kernel.
And while technically unix, the command line tools which ship are so horribly out of date as to be almost unusable.... Try using sftp on a mac sometime, if you enjoy the sensation of bleeding from your eyes.
> Google says "don't be evil" and then goes out and does evil.
"Evil" such as serving you ads?
> Google's product is your private info.
Better ads targeting using your private info - not selling your private info to advertisers/governments. It's evident how much you distrust Google, but don't spread and allude to FUD.
> Apple is different because for nearly 40 years they have been honest and forthright and treating people different. Google says "don't be evil" and then goes out and does evil. Apple doesn't say it, they just don't do it.
Google and Apple behave similarly, as far as I can tell. TBH, I wouldn't call either company "evil," but they're both equally unfriendly to users, IMO. I'm curious why you think Apple is less "evil"?
> And it ignores the fundamental truth: Apple's product is really nice software sold in a hardware box. Google's product is your private info.
That's not a fundamental truth, and it's a false dichotomy. Apple's products are both software/hardware AND private info.
Everyone was happy to believe Google when they used to say their motto was, "Don't be evil," but not willing to believe the CEO of Apple, even though they've done a LOT to show they are working inline with his speech. I'm not saying Apple is a saintly corporation, but just assuming they are bad because they they COULD be bad comes off as paranoid more than insightful.
>Nobody can really tell what they are collecting, what they do with it and how much of it they share with third parties (including governments).
Yes, this could all be lies, but so could literally anything anyone says. Either you choose to live as a recluse in the woods with no technology, or you choose to trust at least some corporations. That might mean trusting your search engine, your cell phone company, your car manufacturer. Heck, you're trusting your ISP right now not to do a MITM attack on you. The natural conclusion is that you should use strong encryption in everything you do. At this point, there is one company spearheading this to get it into the hands of consumers who don't know any better.
Again, I realize Apple isn't blameless, but there's an awful lot about their recent actions to show they are making decisions based on what is best for the consumer. I think that's a good thing, and it's hard to imagine why someone would argue against it.
> All these companies are in it to win your private information,
The companies he Tim Cook described, that offer "free" services and data-mine/aggregate/sell your personal information to fund the business? Yes.
Apple has a vested interest in not collecting, analysing, aggregating and using the vast amounts of private information other companies do: they're seen by many as a premium brand, where you pay a bit more and get a better product/experience. Part of that is not getting "maybe you'd like X" emails from the App Store, or "Hey do you need a new printer for that Mac you just bought on Apple.com" type shit.
> and we are all prepared to give them some of our private information if what we get in return is worth it.
You might be. "We" are not all prepared to hand over private information.
Part of that is not getting "maybe you'd like X" emails from the App Store
I use a fair variety of google products on a couple of different platforms and have for years. Google has never sent me a suggest-sell email. They don't hide the fact that they're in the advertising and marketing business, but they're not that unsubtle.
Perhaps other people get suggest-sell emails from Google, but it's not something I've seen (or heard people complain about).
Yes, you did. You referenced the companies Cook was talking about, and he was primarily talking about Google. Google also operates the only software market that's close to the App Store in size, apart from the niche-market case of Steam.
One of my pet hates is people who imply something, then use "but I didn't LITERALLY write the exact words that say that". You can play that game forever - for instance, where in my first reply to you did I explicitly mention that you did say it? I never said you did.
Isn't implication a wonderfully deniable building-block of human communication?
Tim Cook specifically LITERALLY says that he is talking about multiple companies:
> I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information
> where in my first reply to you did I explicitly mention that you did say it
You were the one who brought Google into the conversation. I said Apple don't send spamvertising emails based on App Store purchases, because that's a very easy concept to understand how apple could use the private data they do have (i.e. my purchase/download history of iOS apps) as a revenue stream.
I think Google should be avoided whenever possible, but I'm not stupid enough to think they're the only company with skeevy data collection policies at the core of their business model.
The fact that you say you can't pick up that the major target in Cook's speech is Google simply means that either you're lying to save face, or you're incapable of picking up subtext in what people say. Cook's talking about 'data on our devices' and 'free services' and 'having your email, search history, and now family photos'. Who the hell do you think he's referring to here? Second in his firing line is Facebook, but it's clearly squarely aimed at the Goog, because Facebook has had your family photos for years.
And just in case you are enough of a naif that you missed that 'subtext', if it can be called that subtle, the article even explicitly highlights that it was a swipe against Google and spends a paragraph explaining why. Cook was the one who brought Google into the conversation, not me. He just didn't say the word 'google'.
And besides, what kind of counter is "these were the literal words" to someone whose argument is "there is more to communication than literal words"?
> Apple has a vested interest in not collecting, analysing
Do you seriously believe that? They are doing this non stop. Not a month goes by without my iPad requesting my iCloud password so it can back up my entire tablet, even though I've repeatedly declined to provide it.
They are collecting and analysing PII data all the time. They need it because it's an arms' race. They will only stop if compelled to do so by governments or by a privacy scandal.
> "We" are not all prepared to hand over private information.
Unless you tell me you never, ever use a search engine (not just Google, could be Bing or Yahoo or whatever), I am pretty sure you are in denial about that compromise. You are giving away private information all the time, you just don't realize it, or you are okay with the fact that "Getting good search results for this query is worth Google logging my IP".
> Not a month goes by without my iPad requesting my iCloud password so it can back up my entire tablet, even though I've repeatedly declined to provide it.
Apple prompts you to backup your data... so they must be analysing your data? Can I get whatever brand of space cakes you're snacking on?
> They need it because it's an arms' race
Google/etc are dependant on that information - without it they have almost no revenue at all.
Apple sells physical and digital products, and provides services. Almost all of these cost money to use, and the amount of data personal information required from the customer to provide those services is close to zero.
So tell me again why apple "needs" the data which they have repeatedly said they don't collect and don't want to collect?
> Unless you tell me you never, ever use a search engine
Yes, they say they properly anonymize and location-scrub this personal information before they store, aggregate and analyze it (and I have no reason to doubt that they're doing that, at least for their own use), but they are clearly collecting it. And if you're going to talk about things like vulnerability to government surveillance, just collecting it in the first place is more than enough to open that door.
> Not a month goes by without my iPad requesting my iCloud password so it can back up my entire tablet, even though I've repeatedly declined to provide it.
Settings -> iCloud -> Backup -> switch slider to off.
It's disingenuous to ask for it in the first place when one touts itself as a privacy advocate. Vast majority of users will do what they are told to do by default and Apple knows and exploits that.
Can one buy Apple products for cash, without supplying any personal information or identication?
Edit: This is a prerequisite for meaningful privacy. Plus having a pseudonymous account, funded by Bitcoins, for buying apps and stuff. Otherwise it's all based on trusting Apple, and so there's a single point of failure.
The Apple Store is extremely Tor-friendly, I find. There are no CAPTCHAs. In creating Apple IDs, there are no requests for personal information. Gift cards purchased with Bitcoins are recognized. I am gobsmacked! Maybe Apple is actually walking its privacy talk.
However, using ever-changing Tor exit IPs does trigger account locks, which require password reset. But that's arguably a feature, and not a bug.
I'd want an Apple account so that I can buy stuff. Maybe I could get by with open-source apps, but that would be a pain. Even if I take Tim Cook's speech at face value, there's the catch that Apple knows who I am. If Apple really wanted to make a point about being privacy-friendly, they would allow account creation via Tor, and accept Bitcoins.
Your needs are such that buying gift cards with cash is not secure/anonymous enough for you, yet it is too painful to use open-source software from outside the App Store?
I would suggest that this may be too small of a market to be commercially viable.
You may be right about open-source software being sufficient on Apple gear. But I wouldn't want to go through the hassle of buying gear anonymously, and then discover that I need something via Apple.
I'm sure that I represent a small market. But it's arguably a market that Apple must serve well for Tim Cook's claims about privacy to be credible.
I don't see how buying gift cards for cash in person is less secure than buying something online for bitcoin. Cash would seem the least identifying and/or trackable way of purchasing gift cards.
One can easily use VPN services and Tor to anonymize IP address. And one can easily anonymize Bitcoins using various mixing services via Tor. But in buying gift cards with cash, there is in-store video. There's also cellphone tracking, for those who are careless.
It's also, more cynically, trying to cast Apple's business model as a moral issue.
I mean, to be fair, Google does this too -- their emphasis on openness with Android, or "the next billion" with the low-cost, low-margin devices they enable are casting their business model as more moral than Apple's -- but advocating for the moral superiority of spending high-end money, as Cook is here, always strikes me as kind of gross.
(Also, when he implies that Google sells your data, he's just wrong. Google uses the heck out of it, but they don't sell it -- why would they? It's their competitive advantage, they don't want other people having direct access to it.)
Cynically, and hypocritically. Just checked, the Facebook app is still in the store. Apple has been happy to take the search payments from Google from the first iPhone. Astonishing how Cook's "morality" has no practical implications that require his company to do anything.
I agree with what you said here but I think that when Google, in the pursuit of their primary revenue stream, sells an ad targeted at you, they can only do that because of what they know about you and your search history. That is very close to the same thing as selling your data is it not?
No, it's very different. If I'm concerned about my privacy, I'm concerned about who knows stuff about me.
Google knows a bunch of stuff about their customers inherently (because their customers have all their email on Google servers, do Google searches, etc.), so Google customers have already decided they trust Google with that information.
If Google were selling it, they'd be passing it along to other organizations that users haven't explicitly trusted. That'd be bad. But they don't do that -- they use their information to show you things based on what they know, with targeted ads; that might bother you from an aesthetic/anti-capitalist perspective, but isn't an extra concern from a privacy perspective.
(Interesting fun fact: You know who does actively sell your information? Your bank, for just about any big bank.)
(1) Google also puts ads and other little tracking widgets (google analytics, G+ social buttons, etc.) all over the web, gathering massive amounts of information about people’s browsing habits unrelated to any direct customer relationship or informed consent.
(2) Use of Google search does not at all imply that a customer wants all of their searches to be associated with their identity, processed, stored indefinitely, used to build a comprehensive dossier to better target advertising on unrelated pages, or handed over to nation-state spooks who come asking. It’s not at all clear that most customers understand what information they’re handing over or what can be done with it when they use services like search.
[Yes, plenty of other ad networks, analytics companies, social media services, etc. do the same thing, and plenty of other types of companies (e.g. the banks you mention) and government agencies also build permanent profiles of people based on whatever scraps of data they can; this is not only a Google problem. It’s creepy when anyone does it, which is why there should be better regulatory oversight ensuring that customers know what data is collected and how it is used, restricting certain types of data aggregation and customer profiling, and placing limits on how long various types of data can be kept.]
Re 1 - I agree that is by a mile the most problematic part of Google's business. It's not a problem that Google knows what's in the emails I store on their servers -- of course they do, I put them there -- but it is problematic if they know I go to www.controversialsite.com when they should have no reason to.
But the implication there is that Google's most privacy-invasive product, by a mile, is Google Analytics, which doesn't really help Cook's case in any meaningful way, because that has nothing to do with the Google services that compete with Apple.
Analytics uses first-party cookies for the site's domain, not your google cookie(s). And you'll have to take them at their word, but they don't combine it with some IP address trickiness or whatever (though that would be a pretty bad idea if you want decent profiles anyway): https://support.google.com/analytics/answer/6004245?hl=en
That is just a Terms Of Service change away. Such legal changes aren't even unlikely: Google already changed their Terms of Service in the past to allow them to combine information from separate sites and services, which they didn't explicitly claim to do before[1].
The 'reassurances' provided in Google's Terms of Service don't mean jack shit when they have the power to change the terms in the future to whatever they want.
That would only work going forward. You wouldn't be able to merge the data retroactively.
And why would they do that is the question. Again, since they don't serve google cookies on analytics this would be virtually useless. An IP address isn't much to go on. Even a 5% misidentification rate would lead to horribly polluted data about users very quickly.
No, because the relationship is between Google and you. The advertiser doesn't know the criteria that leads Google to show the ad to you, they just pay Google to know what they are doing and deliver relevant leads.
I know exactly the criteria google uses to show the ad to someone, because that's what I buy when I buy keywords.
That google found those keywords in some poor souls email, and I don't have access to the email, doesn't make it any less the case that google is selling that poor souls info to me.
Edit: New policy. I won't respond to responses when my comment is negative. HN is rife with people who are just down voting anything based on ideology, or in a lot of cases, straight up hatred and bigotry. (IT's not question Google zealots hate Apple, and are irrational in this.) I won't be the queer in your game of smear the queer. I don't care how rational the response is.
I'm not saying you downvoted me, just that I'm done putting effort in when it's the comments are literally rendered unreadable and censored by people who don't care about rational discourse. So why participate?
That doesn't seem all that different than advertising in the yellow pages to me. You have to ask the customer how they heard about you, but if they mention the yellow pages, you're pretty sure you know what they were looking for, because you picked the section(s) you advertised in.
To my knowledge, Google doesn't tell you where the keyword was found, or even if it was an exact keyword match or something they deemed similar enough to show (but I'm by no means an expert in Adwords).
At some point you just have to accept that when you call a plumber, the plumber going to have a pretty good base to assume you need a plumber, and this is releasing some information to them. Without that, communication would be impossible.
> I know exactly the criteria google uses to show the ad to someone, because that's what I buy when I buy keywords.
No, you know exactly the criteria Google requests from you when you buy the ad. That's most likely a subset of the criteria Google uses to display the ad (which can include things like the past performance of your ads / of similar ads, in different contexts, for different kinds of users and probably all sorts of stuff I'm not thinking of).
No, if they sell your data, the recipient can user it for many purposes, including redistributing. If they use your days to target adds, the external customer can't do anything else with it.
How do you define "sell"? Adsense and Adwords - can very well be argued as selling the distilled gist mined from troves of data collected from your search history, email, photos, android app usage.
>You're arguing over semantics. Selling a product (ads) that is a direct result of having that data is basically selling that data.
For some definition of "basically" that means "not whatsoever". Selling involves exchanging money for goods or services with another party (to paraphrase Homer Simpson).
Perhaps a privacy advocate should be wondering about the 'sniff test' of the speech. What does “Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security” mean? That there's a serious argument that less privacy is more security? Aren't they functionally the same thing in this context - 'security' here is about maintaining privacy.
It's also a bit rich that Cook is talking about other entities gobbling up your data for themselves, when Apple is the epitome of the 'walled garden'. Apparently being in control of your own information is only what Apple wants if it's concomitant with their control of your information.
Cook isn't being morally upstanding here. He's just reframing his company's position to make the other guy look bad. It's the traditional pattern of hide your weaknesses and expose those of your competition.
I don't know, it looks pretty obviously like he's talking his book. I care about privacy, but Cook using it to sell me Apple products is a turn-off to me.
As long as Apple heavily relies on closed source technology I'm fairly skeptical about their commitment.
Additionally being a US based company all it takes is a friendly government agent showing up and I'm sure they'll hand over stuff without putting up too much of a fight
I'd also guess that they do use cookies for their website and pay for web based advertising (thus being an enabler). Siri also makes me rather uncomfortable.
Don't get me wrong, better privacy is an important issue and if Apple sees it as a potential competitive advantage that's pretty good (as it'll force others to improve there as well). I'll be very interested in seeing how much they push this as a general strategy.
[sadly I'd argue it's not really all that great of an idea because if push comes to shove most people will readily give up privacy for convenience (imo)]
> “I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,”
That is just really, really, REALLY RICH, coming from the company who's behind this kind of shit: http://i.imgur.com/1lGp7ps.jpg
Yep, to turn off ad-tracking, you have to go to... Settings... then 'General'... and then... About. Wait, "About"? Yes, "About", then "Advertising" ... and then do "Limit Ad Tracking". "Limit Ad Tracking", what a wonderfully clear label huh!
Of course that's coming to you form the individual who likes to give lofty speeches about how he and Steve Jobs led in 'advancing humanity through the equality of all its employees' [1]. Because let's please just forget about how Apple had its part in collusion over hiring policies [2].
They are setting the stage for announcing the launch of their google now compete which they will sell as more secure and private (no selling your info for ads!) [0]
I agree.
Don't mean to be cynical but every public speech given by Tim Cook (and everyone else of high profile) is about setting the stage for something. Aka posturing. They have too much money, control, brand, power at stake.
And this isn't much different from Google blasting Apple for selling products assembled in sweatshops (not that google does that)...
I agree. Don't mean to be cynical but every public speech given by Tim Cook (and everyone else of high profile) is about setting the stage for something.
Apple is in the fortunate position that most of their profits come from hardware. With Snowden's publications, the security/privacy advantage is practically thrown in their lap. So, why not run with it? We customers only benefit (not only Apple customers, because this will put pressure on others).
As a side node, given Cook's sexual orientation, I am sure that this is an important issue for him personally as well. There are many countries where you can't be gay openly (yet), and digital privacy is a tiny part of the puzzle of protecting people in countries with less liberal laws.
Another way of looking at it is that they've built their business model this way and they're making the case why it's better for their customers and the right thing to do. Volvo likes to advertise the safety engineering of its cars. Is that cynical?
I'm not sure it'd be possible to make a good competitor to Now without tracking what someone does all around the web. That's sort of the point of it - the more it knows the better it works.
The most useful things I get from Now are travel info (mostly comes from email/calendar), sports scores (I have to set these up manually), flights details (again from email), deliveries (again email). So they can do quite a lot with just email and calendar access. If you use iCloud they already have these things and don't sell ads against them so you can get some of the functionality (imo the best parts) without tracking. What parts of Now do you think they couldn't do without heavy tracking?
They clearly couldn't do "new posts from sites you read" and "people who read the sites you read liked this article", which are very nice Now features. I suspect they'd struggle to do "recommended restaurants/museums/etc. near your current location" - Now seems to have figured out my restaurant price range (for example), and I can only assume that was through tracking.
Everyone seems to be Apple-bashing, and ignoring the fact that Apple really don't make money out of your private information. They make cash out of selling devices. So their interests are more aligned with yours. You may have noticed that Google don't make their money out of selling hardware. So they make it through other means. This is really inarguable, regardless of whether you think Apple are using that for marketing or whatever.
Personally, I'm happy to pay a company with a sound business model that doesn't rely on advertising (and by proxy your private information).
How on earth some of the other commenters arrived at their worldview, I have no idea. Unusually close-minded for HN. A lot of Google employees, perhaps?
I think the strong reaction is because the distinction between Apple and Google is much fuzzier and weaker than Tim Cook (and some commenters here) are trying to make it sound.
Apple makes money from device sales. Apple can make more money by using private information (to improve their cloud services, selling the search default to Google, for iAds and so on) - as long as they don't do something with it that makes people reconsider their next device purchase.
Google makes money from advertising. Google can make more money using private information with their advertising - as long as they don't do something with it that makes people reconsider using Google services.
There's a difference here but it's a difference of degree, not kind. At bottom, Apple and Google are both companies with incentives for collecting and using private information and risks that encourage them not to misuse it. You can try to squeeze a moral distinction out of the details, but it is spin, not substance.
> There's a difference here but it's a difference of degree, not kind.
True, but what a degree, and the difference matters [1]:
- 91% of Apple's income is from hardware.
- More that 90% of Google's income is from advertising.
There's also a very big difference between trying to understand your customers better so that you can build a better mousetrap, rather than selling their information to third parties, directly or indirectly.
Apple and Google both collect user data and send it to the cloud. Why does the degree matter? If it's a matter of principle, don't collect user data at all! Since Apple are collecting data anyway, I guess the reason is not principle.
IMO, the why doesn't affect personal privacy. Pure motives don't count for anything when user data falls into the hands of 3rd parties (through hacks, leaks, or divorce lawyers).
> - 91% of Apple's income is from hardware.
> - More that 90% of Google's income is from advertising.
So, in a nutshell - it's not the collection of data that is bad, but advertising? That's BS. The collection of personal data itself is inherently bad, motives be damned. Apple is no snow-flake as Tim would have you think, they also want to gain a competitive edge from aggregating and mining user data.
Apple does not just sell hardware. They charge for hardware, but they sell a well integrated combination of hardware, software and services. That's what makes Apple unique. Otherwise they would be like Samsung.
The question is how much the usefulness of that combined offering depends on collecting user data. I think the dependency is not as deep as for Google but it is growing fast if you look at the ever more central role of iCloud.
Google does not sell user information by the way. Google sells conclusions they draw from user data. I am concerned about the wealth of data Google holds about me. But I'm not that much less concerned about the data Apple holds about me.
But it is debatable as to whether they really do cater to you. In the end, if they release a product you don't like you have to like it or lump it. The same goes with their software.
There was a significant backlash from when they changed the style in iOS7. They didn't ask you what you wanted.
There was also a backlash when they introduced Lion and got rid of "Save As" or got rid of the maximise-equivalent in Yosemite (you have to hold down Alt now, how irritating), or when they removed the Web Sharing option in System Preferences and you have to manually restart Apache etc. etc. etc.
They also removed DVD drives on laptops, never gave us a Bluray drive, stopped us being able to upgrade RAM in laptops and Mac Minis, ditched accelerated graphics for the Mac Mini etc. etc. etc.
The list is quite long of the things that they have changed or removed that you can't do anything about (and it is frequently irritating). As you decide to buy them and are happy with them, you may rationalise this as them making products that cater to you, but in truth they do not.
I say this as a developer who writes software for OSX as my day job btw. It's not an anti-Apple rant - it's more truth.
Comcast has considerable monopoly power: in certain areas there are no good alternatives or your apartment complex might have the cables from Comcast installed but not others. Apple has less monopoly power because of Android competition.
Software is eating everything, including hardware. If Apple is not capable of doing good software it's doomed. It appears to me that Apple is giving up on software. By software I mean the code that recognize things in my photos in Google Photos or the software that sort the items in my Facebook News Feed. Apple is incapable of doing software like that. At least today.
So what they're doing is bashing those who actually can do things with their data.
I like to believe there is a company that cares about my privacy but we all know if Apple can make a good business from my data it will(iAd). They simply can't!
Tim's argument is simply that free is not free: google's business model requires them to monetize your pictures, through advertising etc. Apple's business model is to charge you for it.
So why they have an ad network? Why they collect your searches in iOS and OSX? They don't mind doing what Google does on top of premium prices but they can't.
iAd gives developers an easy way to run an ad-supported game/etc in the App store without the compromise in personal privacy (for the player/user) that comes from an ad network like Google's, that is heavily focused on highly targeted ads.
What are you talking about ? Apple is far more invested in software than ever before and have acquired a lot of software companies over the last couple of years for which we not seen the output of:
And Apple does have software that does the recommendations for iTunes Store, Apple Store and App Store but I am guessing the billions of money to be made by optimising those wouldn't be worth investing the time in.
Also, Apple has had face recognition in Aperture, and probably iPhoto, for many years. Probably around the time that Facebook got it.
Of course people who dislike Apple are unlikely to be using Apple software and wouldn't know this.
Edit after the vote brigade:
These are two straight up statements of fact. When you down vote them, you tell me that you're being ideological and you don't care what the facts are.
Likely explanation for the downvotes: By stating "Apple has had face recognition in Aperture, and probably iPhoto" here, you're heavily implying some things which aren't true at all.
In particular, you're implying that as well as including local face recognition features, Apple is somehow transmitting face recognition data to its servers and/or elsewhere. This is simply not true; these features are entirely local.
I always organised my data myself in directories etc. and find any software that attempts to organise it for me to be incredibly annoying.
Admittedly, it seems most people's filing system is basically lob all their bits of paper in one room and shut the door hence the need for these "let me organise it for you!" software features.
> Software is eating everything, including hardware. If Apple is not capable of doing good software it's doomed.
What? Apple makes nearly all its money from hardware, and it is selling more and more.
Software is a key part of their product, sure, and they seem to be doing ok there, but software usually runs on a hardware platform, which someone has to make.
I know people from those teams as well. Pretty sure Siri, iTunes Match, iTunes Store, App Store, iMessages, iCloud etc use just a little bit of data so clearly they aren't idiots.
And with the acquisition of the guys from FoundationDB pretty sure they will have at least some skill in high end database engineering.
You just listed a bunch of broken products that do nothing but make me skeptical of apple even being able to properly store my data, let alone analyze it.
imessages is notorious for not even being able to deliver messages in order many times. It is easily apples worst service, and should be brain dead simple.
App Store is s bare minimum store that's only real change since its inception was just now supporting videos and a higher reliance on curation (because they can't possibly figure out more automated ways). It loads horribly, and barely has any helpfulness in suggesting new apps. Search is a mess that will often not give you an exact string matchas the first result. It's a joke compared to a real online store like Amazon, and it doesn't even have physical products or difficult problems like figuring out shipping.
iCloud has had repeated public embarrassments, and can't seem to guarantee basic uptime and service despite being overpriced, and IsItself the result of several relaunches due to predecessors making such a bad reputation for themselves (.mac, MobileMe).
Siri was a purchase, and despite having is integration does not compete that great against Google now. Same goes with mapping of course.
Apple may get good at services someday, but that day is not now.
1. iMessages is not dead simple. Not sure if you've ever worked on highly concurrent, real time systems but they are never as trivial as it seems to the lay outsider. And whilst I can't comment on it getting messages out of order (never happened to anyone I know) it isn't widespread based on media reports.
2. Not sure why you are comparing App Store with Amazon when Apple has an equivalent: the Apple Online Store. It does have physical products and has to deal with figuring out shipping across multiple regions. It's actually comparable to Amazon since they both use the microtransactions approach to billing.
3. iCloud is free up to 5GB and isn't hugely overpriced compared to Google Drive/Dropbox given that it isn't just a drive. Agreed that it has a checkered past but actually is pretty good given that it has more functionality than what Google or Microsoft provides.
4. Siri was initially a purchase but was completely rebuilt on a pretty impressive Mesos based architecture. It is a world apart from what it was originally and as I've mentioned below the integration of Cue and Spotsetter should make them far more competitive with Google Now.
I am not saying that Apple is the best at services but I think people grossly underestimate the scale at which Apple is operating with some of their services.
> 2. Not sure why you are comparing App Store with Amazon when Apple has an equivalent: the Apple Online Store. It does have physical products and has to deal with figuring out shipping across multiple regions. It's actually comparable to Amazon since they both use the microtransactions approach to billing.
Are you serious? The idea that Apple's online store is even vaguely comparable to Amazon in terms of complexity is just laughable. To start with, Amazon sells essentially everything Apple's store does - plus millions of other products too. And unlike Apple, they're tracking a wide variety of promotions and offers over those millions of products. Then we can talk about all the third-party providers that also sell via Amazon. And how many orders of magnitude more difficult Amazon's search problem is. Not to mention Amazon's recommendation engine. Or the order of magnitude more online users and transactions (Apple's user base is in the same ballpark, but how many of them buy online vs in-store or via a retailer or carrier?). And on and on.
1. Here you go, first result from Google search: https://discussions.apple.com/thread/4408578?start=0&tstart=.... Problem starts in 2012, still going end of 2014. 50,000 views. My current issue with iMessages is the completely random behavior of whether my computer or phone will get the message. Before iMessage it was pretty deterministic, now its like a game! The frequent solution is to text my iMessage email AND phone number, so then I'm in a group message with myself.
Its dead simple because other services seem to have figured this out. Twitter does actual real time systems, and its not 1-to-1. Slack meanwhile seems to have no trouble delivering me messages. iMessage however is the outlier here, maybe because they don't live and die on this system like the others I mentioned. If you're going to make a new system to replace the old one (text messages), make sure it works first.
2. The comparison is because it is a strictly easier problem and they still do strictly worse. If you want to compare Apple Online Store to Amazon Online Store, the report card is equally bad: imagine if every time Amazon added a new major product they took the ENTIRE STORE DOWN FOR HOURS.
3. It seems to me that iCloud is the thing that is more like "just a drive". Google has Photos, Calendars, and email too, so I'm not sure what you're referring to with all this Google comparison. 5GB is kind of nothing when we start talking photos and email, and Google actually does cool stuff with my Photos, and Dropbox still hilariously feels more integrated with the OS than iCloud, not to mention having integration with other services.
The truth of the matter is that they do bare minimum on all their services, which is FINE btw -- just absurd to claim they have any special competence in the area. Nothing about their services stands out, with each one its literally one step above nothing which would be unacceptable. With email they NEED some basic email to give you with your devices. With the App Store they NEED some way for you to get apps. With the online store they NEED some way for you to order products.
Now compare Apple to Apple (ha): look at their absolutely, everyone agrees, stellar physical stores. Thats something to write home about. Look at their amazing supply chain where they can replace or fix a phone in hours -- truly surprising every time I go in. This is something they have clear core competency in.
Its dead simple because other services seem to have figured this out. Twitter does actual real time systems, and its not 1-to-1. Slack meanwhile seems to have no trouble delivering me messages.
I can confirm these problems. When I had an iPhone and iMessage, they were out of order all the time, and delivered unpredictably.
However, Slack, Twitter, etc. are not solving the same problems. iMessage does end-to-end encryption and has perfect forward secrecy (which, if I understand correctly, implies that they need to re-key fairly often).
> For years we’ve offered encryption services like iMessage and FaceTime because we believe the contents of your text messages and your video chats is none of our business.
Sounds great, but take note that it's none of their business today and we know they can be compelled to spy on their users by NSLs.
They control the key infrastructure with their closed-source software that runs on their closed-source hardware.
If they wanted to go into the business of sucking up all of your private messages and parsing them to sell advertising or if the government wants to read some messages, they wouldn't need to do anything besides issue you a different key.
iMessage won't even let you look at the fingerprints of your friends, and it won't warn you if they've changed. [1]
TBH, the only app that does this correctly is Threema, with a clear indicator that you have verified the contact. Not even TextSecure does it correctly, and TS is supposed to be the gold standard (you can verify fingerprints, though)
If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich. Seeing as no one has even proposed a solution in theory, it's most likely unsolvable. I'll bet if you can formulate it clearly enough, you can even prove it so.
Look at say, Dark Mail. After all that hype, their design is "uh basically SMTP+TLS, or PGP if you're paranoid".
The only thing that comes close is PGPfone and similar things (ZRTP). And that's because when you call someone, there's an obvious and built-in verification system, voice. (Note: doesn't work as well with deaf people or async comm).
So pointing out Apple fails here? Yes, sure. Expecting anything different? Seems very unlikely. Either they'd break all user expectations, or they'd get an NSL/court order to break the whole system in order to comply with a wiretap.
> If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich.
How so? Who's going to pay for it?
I reckon I could do it, you know. Use PGP for the backend (duh) but take some time off work, hire actual designers for the UI, make the identity verification step make sense for the user. But 98% of users don't care about security, and 98% of the remainder can't tell the difference between good and bad security.
> If anyone manages to make a messaging app that both has strong security and is user friendly and supports features users expect, they will become very rich. Seeing as no one has even proposed a solution in theory, it's most likely unsolvable. I'll bet if you can formulate it clearly enough, you can even prove it so.
Caveat being how Apple looks at privacy isn't necessary how Facebook or Google views privacy because Apple is a store while Google and Facebook are clubs.
It's in a store's best interest to keep their customer records private.
A club's best interest is to broadcast how much fun it is to join them. That's not to say a club doesn't and wouldn't want to keep their member records private as well.
In fact, clubs work hard to do so, just ask how Meerkat is doing, or any other third parties looking to build on top of a platform they don't own.
Additionally a club like Google or Facebook doesn't sell sell your information. They do the same song and dance as all mass communication companies in the past do, they merely sell hints of it.
To compare a store's motive with a club's motive is interesting, it's almost like comparing apples and oranges. It might also speak to why the core DNA of Apple isn't in creating web services, why Google's core DNA isn't in creating physical products, and why I much prefer speaking to Google Now on my iPhone.
They both see the world differently.
--
The real interesting question is this.
Apple's service agreement states they store and encrypt iMessages. There have been 300 billion messages thus far. Apple has a centralized system for managing those messages while others use a decentralized peer-to-peer system.
So a positive is that the government can't hack into it.
The negative being that if the government justifies in asking for it instead Apple has no recourse but to give it up.
When push comes to shove, will Apple, the largest company in the world, step up to the plate and spend money to fight the United States in court?
Otherwise this is just a sales pitch that Don Draper pulled when he told a fictional cigarette company to start claiming their tobacco is sun-dried so that every other cigarette company looks weaker in comparison.
I find taking pot shots at competing companies really cheap.
Its 2015 and by now I think most people are aware that Facebook and Google collect all the information they can so that they can offer their services for 'free'.
How many would really pay for email, cloud storage, search, social network, browser..? what guarantees do I have that the government will NOT have access to my data if I pay for it?
I do pay for email, cloud storage and browser. There's a strong argument my personal information should not be harvested by the folks I paid.
But paying for things is entirely unrelated to the government having access to your data. The govt can require a company to collect personal information that passes through their hands, even if they weren't collecting it for business purposes.
People pay when they have to. People buy antivirus software and get no new features at all - just to avoid losing ground. As these other services become fragile (cost-cutting, competition driving dev costs up) folks will flock to anyone that doesn't suck, and pay for it.
Thanks, I did wonder. I think we forget quickly how much software we get in OSes now (unless it's iOS where you need to download a Calculator app.....)
Apple's statements about privacy, combined poor end-user control and openness (transparency), are an interesting dichotomy. Usually I associate privacy with the latter two. What does it mean without them?
1) To what degree can you trust the systems without openness? Maybe what Cook thinks is valuable data, adequate confidentiality, or acceptable risk, is not what you think. On the other hand, few people actually review the security of FOSS systems.
2) To what degree can you have confidentiality without controlling the system and data? Maybe tomorrow an update will expose your data because you're doing something Apple didn't anticipate or approve. On the other hand, from a system administrator's perspective, it's much easier to secure systems that the sysadmin manages and controls than systems controlled by the users.
It's too bad the debate here has turned into a huge Apple vs Google thing when it's really a story about not letting the government strip away people's privacy and ability to properly encrypt their data.
Like really, we get it you might not like iOS or OSX, but it's not about that right now.
It's too bad the debate here has turned into a huge Apple vs Google thing when it's really a story about not letting the government strip away people's privacy and ability to properly encrypt their data.
But these issues are not independent. Full end-to-end encryption is not acceptable to Google in the short term, since it would mean that they have to store or transmit data that they cannot profile.
This has two consequences: 1. end-to-end encryption is less important to Google and they'll be less inclined to fight governments' attempts to strip away the right to do end-to-end encryption; 2. having data unencrypted data at rest[1] makes it easier for government agencies to request and use that data.
[1] The whole 'data encrypted at rest' thing seems to be doublespeak to me. Their storage backends may only see encrypted data, so it may protect against storage server theft, but as long as they also hold the encryption keys it's only marginal security against hacks and the government, and no protection against the cloud providers themselves.
> Cook went on to state, as he has before when talking about products like Apple Pay, that Apple ‘doesn’t want your data.’
I was actually somewhat disappointed by the Apple Pay approach (and that Android Pay is going to follow suit). I'd actually much rather have Apple or Google as an intermediary and give the credit card issuer no information about my transaction. It may seem nice to say that your phone OS sees no data about it, but of course the tradeoff is that the issuer does, and they are notorious sellers to data brokers.
I'd much rather have one time tokens for both the seller and the bank, and only my phone knows what actually happened in between.
Yea, that'd seem preferable but who would be on the hook for fraud/chargebacks etc? I don't see Apple or Google wanting to be in that game and I don't see consumers wanting to lose those protections.
Think PayPal. The bank pays Apple Pay, Apple Pay pays the vendor. Google Wallet worked sort of like this through the dummy MasterCard card (MasterCard knew about the payment and the vendor, but not sure if it knew who you were).
But as Sophistifunk says, this would be an incredibly hard sell for an industry already extremely reluctant to team up with anyone or anything new.
While there is obviously plenty of eye-rolling at the obvious digs at Google, I'm pleased to see such strong push-back against the government arguments for weakening or punching holes in encryption.
I think that in the long run, this will matter way more than which giant tech company makes a bit more money than the other.
"It could be argued that it [(Apple)] doesn’t gather enough, as Google Now, Google on Tap and other holistic offerings have the potential to give users much more lateral movement and ‘delight’ moments on Android specifically due to how much data Google gathers on its users."
Many years ago, thinking about the future, I imagined to have a device that would give me more or less what Google Now can give me. What I didn't imagine is that it would be a central server to collect all of that information (about everybody) and send me only a feed. This is very mainframe-like and that was the time we were starting to use Personal Computers (IBM/Apple/any) so you could forgive my naivety. Still I think that's possible to build a Google Now without a server owned by a single central organization and there are things like this https://news.ycombinator.com/item?id=9204954 to prove it (and also prove how hard it is).
So I'm left with not using Google Now and most Google services (no Gmail) because I feel that letting a company access to all those information is creepy and a transitive distrust for every company in similar markets. Recap: what I want is my data only in my hands and clients that query servers and collect the information I need. No clouds thanks, those are good only for encrypted backups. If I want sync and continuity, that should go through a server I control.
> We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose.
That's very sanctimonious of the CEO of the richest corporation in the world.
Speeches are great but what would be even better is for them to deign to actually sell something to the poor, the people who cannot afford to buy into Apple's privacy respecting products.
I've read many highly rated comments that state something on the lines of "Apple sells hardware not ads, so they don't want to collect your data". If we shorten this to "<somebody> sells <whatever>" then you already have the foundation of what requires data. Sales and marketing probably eat the biggest amount of money in any company. And they get better and cheaper with more data. That's why Google ads works so well. They can connect the right customers with the right products, because they have the data.
Therefore I'd say everybody wants all data about you they can get, including Apple, because everybody sells. I would guess they'll collect your data and call it privacy because they protect it against third parties, but they themselves wouldn't protect your data from Apple.
It also doesn't make much sense to really protect data. The supermarket in front of my office sells so called "Extra Cards" which advertise to not care about your data because you don't have to enter your name or something. That they still collect what you buy, when you buy, and where you buy they simply don't say and many people are fine with that. Even software developers have this card because they think their data is safe.
It's hip to sell privacy, it's not hip to really offer privacy.
The internet was built on open peer-to-peer protocols. Email was designed to be p2p, not client-server like gmail is.
In the near future, the fundamental structure of the internet as we know it today will change. All of a user's data, activity log etc generated by all the 100 sensors + services that a user uses will be centralized in a repository that will be owned by the user. Different services and tools and devices will just get on-demand access to the data as and when they need it to provide a service to the user. It will also require them to contribute any activity data back to this repository. This will lead not just to solving privacy, but way better user experience and services that are not possible today due to data silos. It is sad how corporations with an objective to make money(which it should be) have misguided internet to become a siloed structure designed to benefit different corporations. This incorrect structure needs to and will be broken...
This, combined with a few reports from a couple months ago, sounds like Apple might be ramping up a search engine competitor that could be more privacy-focused.
'Private search' already exists. If that's what you want, then use duckduckgo. As a bonus, it's outside the Apple ecosystem, so you're diversifying your risk.
Apple has shown they aren't really into your data, but they've also got a pretty atrocious security record (poor handling of data on phones and slow OS patching among others) making it seem like that's also not as much of a concern as it should be.
I don't trust google and I would love to pay for 'cloud' but I think trusting Apple is also misguided.
I think that's possibly the case, but what I wonder is why they don't just buy DuckDuckGo.
I've built a search engine, from scratch (Eg: before Lucene and Solr existed) it's not a trivial endeavor, and due to VC interference we lost to google... these days not only do you need the infrastructure technology (something that google, notably, is not open sourcing) but you need a decades worth of historical info from past crawls to train your systems.
EDIT: Ah, I see all of my comments are being downvoted, in a vindictive fashion.
I guess I should expect nothing less.
This site needs to reform itself. I'm signing off for awhile.
I downvoted this comment. Your claims that your startup could have been where Google is if it weren't for "VC interference", and that a search engine necessarily requires "decades worth of historical info from past crawls" are both of the sort that require at least some explanation beyond mere assertion.
In other words, Apple is incapable of competing at delivering valuable user experiences on the basis of machine learning, so they are trashing the concept.
Downvote if you want, but billions of people get value every day out of Facebook, Google, and Amazon knowing them. Saying scary words about advertising isn't going to keep people from abandoning Apple's premium priced lower quality photo service.
So I downvoted your original comment not because people get value out of machine learning (which I agree with) but that you purport that Apple is incapable of delivering something based on machine learning. Unless you're a core Apple engineer I don't see how you could know this for sure; it sounded more like an opinion that didn't further the discussion.
In fact I wouldn't be surprised if they use machine learning for a few things (they do collect data after all just not as much).
But you can't improve your machine learning without collecting huge amounts of data right? Google Now wouldn't be possible without their data. If Apple is against collecting data then how would they be able to build a service that relies on data?
People get value from the core service of Facebook, Google and Amazon not their machine learning driven advertising/recommendation engines. And I would argue that given that since those engines are used to drive company profit first and user experience second they are of limited value to the user.
And if you are talking about Google Now style functionality well I haven't seen that changing the world same with Siri, Cortona etc. But Apple did aquire Spotsetter and Cue so Apple will be coming out with an equivalent soon enough.
I get value from Google's personalized search and Facebook's customization of my News Feed. I'm not saying those services don't exist to drive company profit, but I do think that machine learning and personalization can add value for the end user.
Personally I do get value from Facebook ads, I very often see ads for vendors and events that I am interested in and did not know of before.
Regardless, what is the value of Facebook being free? Would most people rather pay with their money or with their data? Can you make a definitive argument that giving my data to Google or Facebook costs me anything?
I am not disputing that people may get value from advertising but (a) it is not the reason people use the service and (b) it is not even close to being a popular feature of the service.
And giving data costs you when something goes wrong. Dealing with identity theft, stolen credit cards etc is not fun a experience to deal with.
How, exactly, has Google's collection of personal information contributed to identity theft?
I suppose, on paper, you're more vulnerable to Google employees or contractors using internal access to steal identities, but is that a problem in practice (if so, I'd love pointers)? Or are Google's internal security measures and controls effective in preventing it?
Meanwhile, Google's done more than most companies to protect the information they have from third-party attacks (HTTPS, two-factor authentication, certificate pinning, and so on), probably partly because it is so important to their business model. Apple, on the other hand, has often been slow to implement new security features out of concerns it will compromise the user experience, leading to well-known breaches like this one: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
The downside of a company collecting data is the risk of what happens if that data leaks. There was an example of a very popular site here in Australia being hacked 3 years ago that only just notifed customers (of which I was one). Credit card numbers and other PII data was stolen. I had to dig through credit card transaction list and there is still the ongoing concern of identity theft.
The risk of Google, Facebook being hacked is small but that is the risk of handing over your data. Most people including myself are happy to take that risk but not everyone is.
The risk of you being personally targeted and hacked is greater than Google being hacked. The only entity I'm concerned about that might access Google's data is the US government. OTOH, If you don't trust Google with your data, I don't see how you can trust anyone else - at that point you might as well be writing your own PGP implementation.
This is a rather strange comment since we already know for sure that Google has already been hacked by both the British[1] and Chinese[2] governments. And of course the US government access information from Google without hacking: they just make legal requests, even when that means Google is breaking the law in other countries that they operate in.
The difficulty of compromising Google is to a large extent offset by the juiciness of the target. Google actually get compromised more often than the average savvy home user (which for most people I know is zero, compared to several times for Google). Not because Google is less competent, but because they are a hugely valuable target.
>> The risk of you being personally targeted and hacked is greater than Google being hacked
> This is a rather strange comment since we already know for sure that Google has already been hacked by both the British[1] and Chinese[2] governments.
With that fact established, the question still stands: who do you trust to not get hacked by the British and Chinese governments? The point GP was making was Google's security is pretty robust and if it's not sufficient, you'd be hard-pressed to find another service provider who can do better securing the data.
I think Apple may be communicating something different: I think Tim Cook is merely criticizing that those companies make money off of your information somehow, while giving you a service "for free".
I don't think that precludes Apple from using machine learning techniques on mass-collected data.
This is marketing folks. Apple's behavior towards Google changed dramatically after Android starting getting traction, and this sudden pivot towards pro-privacy is an Apple's attempt to damage the reputation of it's biggest competitor. Apple hasn't been consistently speaking with the same voice on privacy, both before or after Snowden, and Tim Cook's comments IMHO look cynically designed.
Apple collects plenty of personal data in their cloud services:
1) iTunes and App Stores can track your browsing and purchase data. This is likely used to model and create profiles of your app store behavior so as to revenue maximize what's offered or displayed to you as alternate suggestions for what you might like.
2) Their streaming media services will have data on music preferences. Beats Audio will know whether you like Classic Rock or Jazz, or Beyonce.
3) iCloud Photo Library is not encrypted client side in a way that prevents Apple from decrypting it on the server, so like Google Photos, Apple will have your photos. Apple is not good with cloud services, it's their weak point, so naturally their incentives are to argue against better competing services.
4) iOS ecosystem is freemium based and there are tons of iOS apps in the store that show apps or collect analytic data. You can't claim to value privacy, run a walled garden, and then let third parties collect data to make your ecosystem monetizable and viable. It's benefitting from data collection indirectly, but looking like you're clean.
Now, you can make an argument that you trust Apple more, and make the usual arguments about business model motives, but that's just arguing that Privacy doesn't matter as long as the person violating your privacy isn't monetizing it. Just because Apple isn't monetizing it now doesn't mean they won't later, especially if hardware revenue tops out. If your want total protection, you can't rely on "trust", you have to rely on not sending plaintext in the first place. That rules out iCloud as well.
Overall, Apple may be painting themselves into a corner like Google's "Don't be evil" phrase, where they go all-in on privacy claims so much, that people will over scrutinize any exceptions or violations of principle. When you cloak yourself in piety, people start looking for hypocrisy.
As an example of boxing ones self in, certain kinds of services simply are impractical to run completely client side right now, and homomorphic encryption/computation isn't there yet to make server side computations on ciphertext feasible for many types of services you'd want to offer.
Take for example, organizational assistance, image search, voice recognition. Apple can't improve it's Siri quality without getting actual voice samples from tons of users and storing them so they can use machine learning algorithms to improve accuracy. That's not really feasible to do completely client side. Likewise, if you're trying to train up an image clustering service, you could try running them on publicly published Flickr professional photos, but it won't give you a good sample of real world photos that people take.
Apple may be working on a Google Now service that runs locally, but this might be fundamentally limited in how good it, or Siri can get, and so Apple's ambitions of an intelligent assistant could be limited. Apple also may be working on a search engine, but fundamentally, the iPhone can't store the index for 40 billion documents, which means any search service they offer will have to send your queries to the server, which again, creates an audit trail.
My point is, you may agree with Apple's arguments, but other individuals have been making those philosophical arguments for ages -- those without $180 billion in cash and a huge empire of phones under assault from competitors -- so when Apple execs parade around talking about privacy, you should have the same skepticism you have for any other executive with a vested interest in hawking their products.
Even Microsoft started to fund "Scroogle" ads - while themselves being a similar offender.
The point is that Apple is compelled to hand over your data and backdoor their services just like every other company. The Third Party Doctrine, section 702 of FISA, tap and trace laws, Stored Communications Act, CALEA and numerous other provisions are requirements for Apple to follow - just like every other business.
The only thing Apple can do is not voluntarily give extra information (it's true that many large companies do this).
Apple's "vault" technology doesn't mean anything if the key space provided by the user is 15 bits and the rest is located in some hardware manufacturer that keeps a list of keys that are available to request.
No business is your friend. Every business, by law, has to maximize the profit it can extract from you in return for handing the minimum over. A healthy market will a lot of competition can increase the minimum and lower the maximum, but the relationship stays the same. The rest is branding and marketing. That's not to say that you can't benefit from making trades - it just means that care need be your first priority, and the first part of that is understanding your and Apple's incentives.
Note: I think you should have started your post stating that you work for Google. It's relevant information in this context.
3) iCloud Photo Library is not encrypted client side in a way that prevents Apple from decrypting it on the server, so like Google Photos, Apple will have your photos.
Having the data is only one part, the other part is what you can do with the data. Google's rights are extremely broad, although they conveniently did not put most stuff in the privacy policy:
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps).
tl;dr: Google can keep your data, even if you stop using their services. Google can use your data for promoting their service and in new services.
I don't think most people realize that there is no way back: once you store your data (e.g. photos) in a Google service, it's theirs to keep (how that works with Dashboard, I don't know).
Please show me comparable terms for Apple Photos (Apple can keep your stuff forever and use it to promote services). If they are not there, there is clearly a difference between storing photos in iCloud or Google Photos.
We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.
We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Apple’s products, services, and customer communications.
Upon termination of your Account you will lose all access to the Service and any portions thereof, including, but not limited to, your Account, Apple ID, email account, and Content. In addition, after a period of time, Apple will delete information and data stored in or as a part of your account(s).
This is basically the same as the Google terms, which appears to be, eventually it'll be deleted but no guarantees will made. Any Cloud provider worth their salt will have multiple datacenter copies as well as tape storage. It's not easy to go back and surgically delete data on tapes, so you've got to expect this will happen slowly, at unspecified times, for example, when old tapes or harddisk clusters are wiped and destroyed.
I mean, if you want to be pedantic, Apple doesn't say how they delete the data. What secure procedures do they use to ensure a clean wipe?
I'm not a lawyer, and this is strictly my own guessing, but I think often times these privacy policies exist to prevent being sued for regular app behavior. For example, ability to create derivative works, publish, or distribute content could cover things like transcoding, proxying, caching, and redisplay.
So for example, if you don't claim the right to create derivative works, then transcoding an image, sending it from a different CDN domain, etc could get you in trouble.
Trying to read worst case scenarios by reading between the lines I think amounts to FUD because the policies are authored for the judicial system, not the consumers. Lawyers try to stake out as much leeway as they can. These companies will be judged on what they say they will and will not do and that doesn't just mean the legalese.
For example, if Google Photos says they will not do X or Y with your photos, they will be judged on whether or not they ever do that, whether or not that particular restriction is part of the general blanket policy for all services.
My general opinion is to attack people for actually what they do, not what they could theoretically do. Really, do you think Google Photos is going to people's private photos and use them without permission in promotional materials without permission? You've taken a particular example (a public business listing) and applied it to a case like Photos.
"Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems."
Which seems to suggest that if you delete data, it will eventually be removed, but might linger on in old backup tapes. Now imagine you don't carve out such leeway, and nuisance lawsuits are brought against you because say, you only destroy your oldest backups every N months for practical reasons. Or perhaps an HTTP caching proxy ends up with a non-accessible copy lingering on its disk.
There's two ways you can think about such policies, cynicism or optimism. The cynic can assume the worst, and they want to keep your photos even after you leave, because machine learning algorithms predicted you'd be the best model for a new TV commercial campaign. The optimist will see it as part of providing a reliable, fault tolerant, cloud service, and that the data is actually used for what they say it is: to improve services.
If you want to be cynical and paranoid, at least be consistent. Run your own Cloud servers, don't upload unencrypted data to other people's cloud, that includes Apple, don't trust anyone, because they can always change their mind, management, policies, later.
But if you are willing to trust, then stake your trust on what ills have actually been done or not done. A lot of claims are continually put forward about harm, but IMHO, the only one that really hold any water are the ones that involve the government getting access to your cloud data, and that'll apply equally to all vendors in the jurisdiction, which goes back to the former point about cynicism and paranoia. If you're paranoid enough, you should avoid cloud services altogether.
BTW, Google is blocked in China, Apple isn't. What do you think Apple is doing differently in China that allows their services not to get blocked by the government?
Can Apple really deliver the security it promises? Hundreds of millions of systems being used and configured in every way imaginable, and a very attractive target for attackers -- I don't know what promises I would make publicly.
A scathing attack because their business model doesn't depend on privacy, but if Apple is in a business like Google/Facebook, would he still feel icky like this?
I'm tempted to flag your comment for the baseless and distracting claims it makes, but I'm going to hold off since it is essentially self-parodying. I am curious about the "You lot are a bunch of god germans" thing, though.
I understand the sentiment. As a long time Mac user it just gets tiring to hear again and again that Macs are overpriced junk from people who have never used a Mac before.
But I also didn't understand the god germans line.
I guess. As another very-longtime Apple fan, there comes a certain point when you have to let go of the persecution complex because 45% of it is in your head and another 45% is because you picked a particular online echo chamber that amplifies those posts.
MCRed's post is flagged now so I can't copy/paste from it, but I wasn't kidding with the self parodying bit. When you're lashing out with the exact same arguments you're accusing others of using you need to 1) evaluate whether they have similar motives to your own in making them and 2) if that means those arguments are just as bullshit coming out of your own keyboard as you are claiming they are coming out of theirs.
There seems to be a lot of commenters on this thread whose love for and dedication to Apple is clouding their judgement. Apple no more worthy of being entrusted with one's data than any other big tech company, for example: Google. The only difference is that Apple is not trying as hard to monetize that data, which is a huge red herring privacy wise, because it happens to have absolutely nothing to do with gov't surveillance.
If what Tim Cook said could be easily discounted as puffery, it would be largely ignored by the Google fanboys. But the fact that you don't even have to believe what Tim Cook says or even trust him, because Apple's business model doesn't benefit from the perverse incentive that Google's does, is driving them crazy. And no iAd doesn't count, that's a service for third party developers to monetize their own apps. There are no ads in Apple's first party apps. It's also been criticized by advertisers because of Apple's protection of customer privacy. http://adage.com/article/digital/amazon-apple-catch-a-break-...
It's an interesting twist for HN, which is normally ready to take strong pro-privacy positions in the wake of the Snowden leaks under the premise of potential abuse by governments.
The difference that Tim Cook wants you to believe in is that Apple doesn't directly make money from your data, they just use it to improve their product; alternatively, Google makes money from your data by providing advertises with guided access to your eyeball.
But the danger isn't in the fact that Google lulls you into complacency with free services. The danger isn't in the fact that Google sells guided access to your attention. The danger is just in the collection of data, and the fact that one day the government or somebody could find a way.
There's only one way to be safe. And that's to collect only minimal amounts of data for minimal apps. That means gimped Siri. No Apple competitor to Google Photos. And I don't think Apple will do that. I think they'll continue to amass all the data they use to improve customer experience. The fact that Apple makes money differently off the data doesn't change the fact that it's collection that's inherently dangerous.