Are you sure. I mean, I know it's tinfoil and the refusal to open phones for the FBI is debunking it, but we've given Apple a database of our fingerprints and now our facial ids as well as constant real time location data of our whereabouts.
It's probably not abused, but how can we really know in the post Snowden world.
There's no real reason Apple wouldn't use your data if they thought they could do so without getting caught. Anyway I thought this was all moot since Snowden happened?
Do you have a source for these claims? Specifically the ones about your locations being sent to Apple and then Apple sharing all of this data with the ‘US federal government’.
1. My understanding is that FISA requests data using warrants. So your statement that Apple divulges this information without a ‘warrant’ would be false if this is correct.
2. You once again repeat the outright lie that Apple is collecting a person’s travel history.
All you are actually referring to is that they receive TCP connections and so know people’s IP addresses. Just like anyone else who operates any web service.
In an earlier comment on this thread, you more honestly state that IP addresses can be used to infer coarse location data. This is correct.
As we have discussed before, it’s a lie to claim that Apple is recording people’s travel history, because you have no evidence that these recordings are in fact being made. Only that they could be.
It’s entirely possible that they never actually do perform geolocation on the log data, and that they scrub or anonymize IP addresses before storing them longer term. They state that they use such practices in general.
I can’t prove that they use these practices with this data, so it would be a lie to say I know they don’t record people’s travel history, just as it is a lie every time you say they do.
Please either provide evidence or stop repeating this lie.
As far your comment that “Compelled
By law is a dodge”.
It’s not a dodge - either they are compelled by law, or they are not.
You didn’t actually answer that question, I note. Not answering a question seems more obviously like a dodge!
You gave the impression that they are not compelled by law, but I don’t think that is true.
Also, this raises the question, what is being dodged?
If Apple were giving out information about users without being compelled by law, then that would be a strong indicator that they didn’t care about privacy, but I don’t think this is true.
As to ‘building a giant trove of activity history” about users - Aside from your lie about Apple recording people’s travel history, what ‘Activity History’ are you referring to here?
It’s true that there could be a more sophisticated E2E mechanism to place most user data beyond Apple’s ability to provide it when compelled.
It’s also true that iCloud backups are not secure.
Users who have reason to be concerned about this should not opt-in to these backups.
Apple should definitely provide a way for backups to be E2E encrypted.
There is an unproven assertion that they haven’t done this due to pressure from the FBI. This may be true.
It’s also true that your complaint about holding user data applies to almost every single YC company, and almost every single web service* .
Perhaps you have some examples of companies that handle things the way I think we’d both like? I can’t think of a good one.
There are obvious usability issues and technical challenges that need to be overcome in order to apply E2E to all data at rest.
Even when they do roll it out, I expect it to be opt-in and progressive, much as FDE was rolled out slowly over many years. Users will need to make decisions to sacrifice things like the web versions of apps.
The risk of data loss if handled incorrectly is much higher than the chance of innocently being one of the 30,000 people you say are targeted by FISA.
This is not to downplay the concern. I think it’s very important that this problem be solved and I think Apple should be one of the leaders in solving it.
Again, if you have an example of someone who has already solved all of these problems, that would be helpful
Let’s not pretend this is trivial to do at scale.
The fact that they haven’t solved problems that nobody else has solved either, is really evidence of very little.
Also you say it’s safe to assume that FISA warrants require all data a provider has on a user. Is it? Do we have any evidence of that? I’m sure some requests are blanket requests, but do we know that they all are? Many could be superficial requests to eliminate or include people from one pool or another.
You keep saying ‘Apple is recording your location’. You haven’t provided a single link to a single piece of evidence.
‘You already agreed to that except last time, you said it was "anonymized."’
If this is true you’ll be able to find a link to where I agree that Apple records your location.
As to me saying it’s anonymized. It’s not just me. Apple states that the location data is anonymized. I’m basing my statement on their published statements.
We do have clear evidence that Apple devices track our location, and we do not have ability to turn it off. We do not have evidence that logs are not kept or shared nor of the E2EE of those recordings. This is not conspiracy theory. We are asked to be credulous of how the largest market cap corporation in the world handles this valuable and sensitive data. The onus is on them to prove what they say, and if they cannot, I do not buy it.
It seems like several people are assuming that Apple is storing the data now and that it is personally identifiable. My assumption was that, of course they would not do that. But of course I could be wrong.
With a billion iOS devices out there, if Apple was truly collecting information about you and selling it to third parties, there would have to be some evidence that compromised data is out in the wild. To date, no one has found any.
So it's pretty safe to say that yes, you can trust Apple.
I've heard (2nd-level -- ie, people that talked to people in Apple, in confidence) rumors that they want to use the data themselves to sell more stuff. All under the guise of "privacy," it's the best marketing ploy ever... if true.
I like what Apple is doing, but I've heard that rumor enough times from former employees who worked on this stuff, and people who've come out of meetings with the Safari guys, that I continue to be wary of Apple.
Anyone who doesn’t embed Tor for all communications, is recording your travel history?
First off, this is still simply false.
It may be technically possible that they are in fact reconstructing identifiable location history for individuals.
It’s also possible that they do what they say they are doing, which is to anonymize as early as possible and not use data for this purpose.
They could easily be keeping these logs separate, and disposing of them in a timely fashion, and not attempting to use them to analyze individual’s locations.
You are clearly technically competent enough to know that either scenario is possible (as well as many others).
Therefore you know it is not true to say that Apple is ‘recording you travel history’ in the absence of additional evidence.
But only because they can tie it to a user account. If DDG is the middleduck acting as an anonymizing layer, Apple won't be able to perform such analysis on the data.
This is all conjecture obviously, it's hard to know exactly how much data Apple is getting, and if they could use something else to fingerprint users, but I'll give DDG the benefit of doubt for now.
As an outsider, I have absolutely no way to verify what you're saying is true. I'd like to think that they're not spying on me, but I have no evidence about anything they do because Apple is not transparent about anything they do.
So here is where "meta data" and direct access to app info gets really interesting.
Firstly - the NSA has no need to be able to access the fingerprint. The fact that the fingerprint is your passcode barometrically ties you to the device, without a doubt, and makes the meta data all that much more accurate.
What we know is that the NSA has complete upstream dominance, direct and indirect access to company data and extremely powerful correlation tools.
With the features of the 5S' "always on motion sensors, tied to health apps - they basically can construct not only WHO, WHERE, HOW, WHEN, you do something, they'd be able to go as far to be able to develop a "health number" into that dossier.
The fact of the matter is that while the Apple product is a nice shiny thing - and sure - as a phone and a tech, I'd love to use it -- but the data it produces about its users is 100% transparent to the NSA, based on everything we have seen so far. And more egregious; the fact that the NSA unabashedly abuses this access and does construct elaborate pictures of your behaviour then SHARES this with other agencies.
The passcode and fingerprint only serve to prevent the data the NSA IS collecting from being wrongly attributed to another human body.
We don't know what Apple does with their data. They might print it out and make paper airplanes with it. They might use it to test their backups. And yes, they even might sell it. Or, they may do nothing with it at all. We just don't know.
I'm not accusing them of misusing our data, but I do know that they have, in the past, chosen to do something that looks like they are disregarding their user's privacy in order to make a buck (https://www.cnet.com/news/apple-moving-icloud-encryption-key...).
And they can set up their systems in a way that ensures they aren't violating our privacy or trust, but they choose not to do that. That to me, is very suspicious.
I do agree that they seem like the best tech giant for user privacy, but that is a super low bar. Just because they are "the best", doesn't mean they are good at it.
Just pointing out the obvious: Absence of evidence is not evidence of absence.
The only eyeopening part would be the fact, that Apple doesn't store much about it's users, which isn't verifiable.
Also unique identifiers are not the only way to link data. And due to differential privacy the guarantees that the data cannot be linked decays over time (see https://news.ycombinator.com/item?id=15224312)
Strange assumption. Apple certainly make claims that they don't (which can result in nasty legal consequences if they are lung), provides access to the data they collect on you on phone, allow people to opt out data collection.
And that's all public. It's possible they're lying. Maybe you know they are lying. But unless you do it seems like a weird assumption.
It's probably not abused, but how can we really know in the post Snowden world.
reply