Comment by StopDisinfo910

Comment by StopDisinfo910 5 days ago

23 replies

View on Hacker News

Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?

Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.

What supposedly so good about it? Their track record seems awful to me.

thewebguyd 5 days ago

E2EE (advanced data protection) without having to use something like Proton, so can stay in the very convenient "ecosystem." With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

It's still a compromise, sure, but it's a better compromise than what Google offers.

Plus small things. Apple's tracking protection for example is opt in instead of opt out on Android. Google's core business is ads, they won't push features that can negatively impact that. Apple also has an ad division but it's not their main focus, hardware is. They can implement better privacy without impacting their bottom line. Apple's refusal to unlock phones at the request of the FBI, etc.

It's not that Apple is the be all end all for privacy, but they are far ahead of Google and are by far the most convenient option if you are within the walled garden.

Reply View 8 replies
  • bmicraft 5 days ago

    > With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

    Or so they say. Has that actually been proven?

    Reply View 7 replies
    • NobodyNada 5 days ago

      It's impossible to prove a negative, like "Apple doesn't have a backdoor". One can prove the existence of a backdoor by reverse-engineering suspicious code or network traffic, but not the nonexistence without poring over every byte of machine code, and quite a lot of the hardware too.

      This is not unique to Apple, it's impossible to prove any system is free of a backdoor, including Linux distributions (see: the xz backdoor, or "Reflections on trusting trust"), unless you hand-crafted your whole smartphone from raw silicon.

      Reply View 0 replies
    • gruez 5 days ago

      You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?

      Reply View 5 replies
      • tga_d 5 days ago

        People reproducibly build Signal all the time. There's a bug right now that makes the play store version differ from the one you get by downloading off their website/build from source, but you can examine the differences to see they're minor.

        Reply View 4 replies
iamdamian 5 days ago

> Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?

The end-to-end encryption guarantees on this page seem pretty real to me and have little to do with marketing: https://support.apple.com/en-us/102651

Reply View 4 replies
  • lern_too_spel 4 days ago

    Google backup on Android is also end-to-end encryption. The difference is that on Android, I can self-host anything that Apple won't end-to-end encrypt, like maps or application installs.

    Reply View 0 replies
  • snypher 5 days ago

    Can any of this be verified or confirmed independently?

    Reply View 2 replies
    • atomicthumbs 5 days ago

      how do you propose they prove that they don't have your encryption keys

      Reply View 0 replies
    • ritcgab 5 days ago

      You just cannot prove a party doesn't own something.

      Reply View 0 replies
nicoburns 5 days ago

> Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.

It's very easy to completely disable iCloud. I've never used it and don't intend to, despite running a mac as my primary computer for ~12 years now.

Reply View 2 replies
  • StopDisinfo910 4 days ago

    > It's very easy to completely disable iCloud.

    My experience widely differs.

    Apple will nag you all the time if you don’t have iCloud or just use the free tier and the free tier is very limited. You lose the only way to actually easily sync the phone when you disable it.

    Most of the iPhone owners I know including me have caved and pay the additional tax every month.

    Reply View 0 replies
  • throwaway290 4 days ago

    This is correct. Maybe settings will show you a login button but except for that you're fine.

    Reply View 0 replies
paulddraper 5 days ago

Apple is much more strict on app tracking (and apps in general).

Reply View 5 replies
  • v5v3 5 days ago

    Yes.

    As an example I think Androids have a single device ID which is given to all apps. But iOS has a per app device ID.

    Reply View 4 replies
    • theshrike79 5 days ago

      And the ID resets pretty often.

      The marketing department exploded when Apple announced that change, it made user conversion tracking completely useless.

      Reply View 0 replies
    • ajross 5 days ago

      There is no device ID, only ones tied to a user login on a phone, and the app must request a permission to get it. You can, for example, know that the user ID (which you obviously also need to have a permission to retrieve), is being used on the same device as was used to access your service in the past. Or you can know that this particular otherwise-anonymous user/device combination is being used again. I'm pretty sure that's likewise possible on iOS, but folks can chime in.

      And of course there are guidelines that disallow most of the abuse scenarios I suspect people want to imagine: https://developer.android.com/identity/user-data-ids

      Reply View 1 reply
      • thewebguyd 5 days ago

        Not familiar with how Android does it anymore, but sounds fairly similar to iOS.

        The main difference is it's opt in on iOS, but opt out on Android I believe.

        On iOS, when the app pops up and asks to track, if the user says no, the app can't access the system advertising ID at all, and also is not permitted to track activity via other means like email address, user ID, etc (but the only thing that's technologically enforced is the system advertising ID, it's only forbidden by policy to not use other tracking methods).

        Given the huge fit Meta threw after Apple implemented this, while they were silent about Android, I'm inclined to believe Apple's method has more of a privacy impact.

        Also worth noting Google is hoping to move away from device-level advertising IDs with their "privacy sandbox" thing.

        Reply View 0 replies
    • gruez 5 days ago

      Yes, specifically both have some variant of "advertising ID", which is shared across all apps. The difference between iOS and Android is that iOS requires you to opt every app into receiving it, whereas Android is opt out. However on top of this Android has a "gsf" id, which is shared between apps, and can't be changed without a factory reset.

      Reply View 0 replies