undefined | Better HN

0 pointsStopDisinfo9108mo ago0 comments

Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?

Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.

What supposedly so good about it? Their track record seems awful to me.

0 comments

thewebguyd8mo ago

E2EE (advanced data protection) without having to use something like Proton, so can stay in the very convenient "ecosystem." With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

It's still a compromise, sure, but it's a better compromise than what Google offers.

Plus small things. Apple's tracking protection for example is opt in instead of opt out on Android. Google's core business is ads, they won't push features that can negatively impact that. Apple also has an ad division but it's not their main focus, hardware is. They can implement better privacy without impacting their bottom line. Apple's refusal to unlock phones at the request of the FBI, etc.

It's not that Apple is the be all end all for privacy, but they are far ahead of Google and are by far the most convenient option if you are within the walled garden.

bmicraft8mo ago

> With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

Or so they say. Has that actually been proven?

NobodyNada8mo ago

It's impossible to prove a negative, like "Apple doesn't have a backdoor". One can prove the existence of a backdoor by reverse-engineering suspicious code or network traffic, but not the nonexistence without poring over every byte of machine code, and quite a lot of the hardware too.

This is not unique to Apple, it's impossible to prove any system is free of a backdoor, including Linux distributions (see: the xz backdoor, or "Reflections on trusting trust"), unless you hand-crafted your whole smartphone from raw silicon.

gruez8mo ago

You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?

1 more reply

iamdamian8mo ago

> Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?

The end-to-end encryption guarantees on this page seem pretty real to me and have little to do with marketing: https://support.apple.com/en-us/102651

lern_too_spel8mo ago

Google backup on Android is also end-to-end encryption. The difference is that on Android, I can self-host anything that Apple won't end-to-end encrypt, like maps or application installs.

snypher8mo ago

Can any of this be verified or confirmed independently?

atomicthumbs8mo ago

how do you propose they prove that they don't have your encryption keys

ritcgab8mo ago

You just cannot prove a party doesn't own something.

nicoburns8mo ago

> Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.

It's very easy to completely disable iCloud. I've never used it and don't intend to, despite running a mac as my primary computer for ~12 years now.

StopDisinfo910OP8mo ago

> It's very easy to completely disable iCloud.

My experience widely differs.

Apple will nag you all the time if you don’t have iCloud or just use the free tier and the free tier is very limited. You lose the only way to actually easily sync the phone when you disable it.

Most of the iPhone owners I know including me have caved and pay the additional tax every month.

throwaway2908mo ago

This is correct. Maybe settings will show you a login button but except for that you're fine.

paulddraper8mo ago

Apple is much more strict on app tracking (and apps in general).

v5v38mo ago

Yes.

As an example I think Androids have a single device ID which is given to all apps. But iOS has a per app device ID.

theshrike798mo ago

And the ID resets pretty often.

The marketing department exploded when Apple announced that change, it made user conversion tracking completely useless.

ajross8mo ago

There is no device ID, only ones tied to a user login on a phone, and the app must request a permission to get it. You can, for example, know that the user ID (which you obviously also need to have a permission to retrieve), is being used on the same device as was used to access your service in the past. Or you can know that this particular otherwise-anonymous user/device combination is being used again. I'm pretty sure that's likewise possible on iOS, but folks can chime in.

And of course there are guidelines that disallow most of the abuse scenarios I suspect people want to imagine: https://developer.android.com/identity/user-data-ids

1 more reply

gruez8mo ago

Yes, specifically both have some variant of "advertising ID", which is shared across all apps. The difference between iOS and Android is that iOS requires you to opt every app into receiving it, whereas Android is opt out. However on top of this Android has a "gsf" id, which is shared between apps, and can't be changed without a factory reset.

j / k navigate · click thread line to collapse

0 comments

thewebguyd8mo ago

It's still a compromise, sure, but it's a better compromise than what Google offers.

It's not that Apple is the be all end all for privacy, but they are far ahead of Google and are by far the most convenient option if you are within the walled garden.

bmicraft8mo ago

> With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

Or so they say. Has that actually been proven?

NobodyNada8mo ago

gruez8mo ago

You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?

1 more reply

iamdamian8mo ago

> Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?

The end-to-end encryption guarantees on this page seem pretty real to me and have little to do with marketing: https://support.apple.com/en-us/102651

lern_too_spel8mo ago

Google backup on Android is also end-to-end encryption. The difference is that on Android, I can self-host anything that Apple won't end-to-end encrypt, like maps or application installs.

snypher8mo ago

Can any of this be verified or confirmed independently?

atomicthumbs8mo ago

how do you propose they prove that they don't have your encryption keys

ritcgab8mo ago

You just cannot prove a party doesn't own something.

nicoburns8mo ago

It's very easy to completely disable iCloud. I've never used it and don't intend to, despite running a mac as my primary computer for ~12 years now.

StopDisinfo910OP8mo ago

> It's very easy to completely disable iCloud.

My experience widely differs.

Apple will nag you all the time if you don’t have iCloud or just use the free tier and the free tier is very limited. You lose the only way to actually easily sync the phone when you disable it.

Most of the iPhone owners I know including me have caved and pay the additional tax every month.

throwaway2908mo ago

This is correct. Maybe settings will show you a login button but except for that you're fine.

paulddraper8mo ago

Apple is much more strict on app tracking (and apps in general).

v5v38mo ago

Yes.

As an example I think Androids have a single device ID which is given to all apps. But iOS has a per app device ID.

theshrike798mo ago

And the ID resets pretty often.

The marketing department exploded when Apple announced that change, it made user conversion tracking completely useless.

ajross8mo ago

And of course there are guidelines that disallow most of the abuse scenarios I suspect people want to imagine: https://developer.android.com/identity/user-data-ids

1 more reply

gruez8mo ago

j / k navigate · click thread line to collapse