139 comments

[ 3.3 ms ] story [ 239 ms ] thread
Of course Tim Cook would say that. His business model doesn't depend on it. When he decides to unwall the iPhone garden, i'll give him the time of day on issues like this. Until then, he's just looking out for his own interests, as far as i'm concerned.
Opening up iMessage to Android users would definitely reduce Facebook's collection of user data, since friends wouldn't be compelled to use FB Messenger. But yeah it's not in his business model.
Compelled to use FB Messenger when WhatsApp is available? I don't think there are many people who have FB, but not WhatsApp.
Facebook owns WhatsApp.
Certainly but WhatsApp is rather privacy-friendly.
What makes you say this? How do you know what Facebook is doing with the whatsapp data?
If WhatsApp is not lying about end-to-end encryption, FB don't have the data.
There’s plenty of useful data besides the content of messages.
I find WhatsApp is ubiquitous among my international friends, but my American friends who joined Facebook in college don't have it. Anecdotal data, of course.
You know the phone numbers of all of your FB contacts?

Getting someone's phone number has always felt like a much higher bar than their FB since you could harass them with calls, SMS, etc and it's more difficult to block. Plus there's an implicit sexual connotation if you ask a woman for her phone number that doesn't apply to Facebook or LinkedIn.

I really don't like how WhatsApp piggybacks on phone numbers and phone contacts but clearly I'm in a tiny minority given how successful they've become.

> You know the phone numbers of all of your FB contacts?

I don't have a Facebook account.

> Getting someone's phone number has always felt like a much higher bar than their FB since you could harass them with calls, SMS, etc and it's more difficult to block.

It's quite easy to block a number. If they'll go as far as to use a different phone to call you, then they could also use someone else's FB account too.

> Plus there's an implicit sexual connotation if you ask a woman for her phone number that doesn't apply to Facebook or LinkedIn.

That's probably something specific to your culture or a misconception on your part. I don't see how the two actions are different when in the same context, except friending someone on FB means you let them not only try communicate you, but observe a certain period of your past and see pictures/videos/posts of yours. I can't see how that's not more demanding in terms of privacy than asking for someone's phone number.

I'd ideally go for an e-mail address instead of both of them, but well...

But I would be more concerned about the privacy of the iMessage content on an Android device than on an iOS device.
It’s nice that Apple’s interests and my interests align. It always refreshing when a company puts a lot of effort into structuring their company in such a way that it aligns with users’ beat interests.
Note: Above not valid in China
It's just co-incidence that they align on this issue, though. They care about user privacy because they happen to make most of their money by selling hardware, not ads or data. But ask them to open up that hardware and let you install your own OS? That's a no. Even something as simple as letting your preferred mapping software be the default.

Apple loves privacy and hates freedom. It sure looks like the only thing they actually care about is their financial interest.

Apple can make a very good case that your vision of freedom is in opposition to privacy. By preventing certain things you categorize as 'freedom' Apple can provide stronger security and privacy protection, they can limit the ability of untrustworthy developers to sidestep protections, they can make it incredibly difficult to set up side-channels that leak privacy, and they can set OS-mediated protections of device info (GPS, etc) that are difficult to bypass.

The fact that this privacy protection happens to be in the financial interest of Apple pleases me, because they are unlikely to sell out long-term interests in protecting reputation for short-term gain in abusing my trust. This alignment of interests makes Apple a better guardian of my privacy, not worse.

> Apple can make a very good case that your vision of freedom is in opposition to privacy. By preventing certain things you categorize as 'freedom' Apple can provide stronger security and privacy protection, they can limit the ability of untrustworthy developers to sidestep protections, they can make it incredibly difficult to set up side-channels that leak privacy, and they can set OS-mediated protections of device info (GPS, etc) that are difficult to bypass.

None of that is true. All they need to do is create an opt-out mechanism to over-ride those security settings that requires authentication. It's trivial to have both, they just choose not to.

It is also trivial to convince technically unsophisticated users to over-ride these security settings to get some ephemeral (and probably not even true) benefit. On the front page of HN today was another story describing how Facebook harvested a large chunk of contact info and text messages because people _gave it permission to do so_ when the app asked for it. Expecting these same users to be sophisticated enough to know what they are actually opting out of in this case strikes me as being a bit delusional.
So make it difficult and explicit. Or shit, just don't go out of your way to make it impossible. Android threads this needle extremely well. Installing a different kernel is not something a casual user can be tricked into doing. It requires a restart, and a moderately complex sequence of clearly dangerous actions. There is no epidemic of people being 'tricked' into installing alternate Android kernels.
Are you not conflating two separate issues here?

How is letting you install your own OS helping with improving privacy?

In today's world can you really decouple hardware and software if you want strict controls over data and hence privacy?

I'm not conflating the issues. What i'm saying is that Apple acts like they care about privacy, because it's in their strategic interest to do so. However, truly caring about privacy tends to go along with caring about freedom. Apple does not care about freedom, as evidenced by their device locking. Ergo, Apple cares about privacy only insofar as it benefits them to do so.
> truly caring about privacy tends to go along with caring about freedom

Only in your opinion. A non-free system whose vendor has an incentive to protect privacy may also provide even stronger privacy protection for the masses than a system that meets your version of 'freedom'.

> Only in your opinion. A non-free system whose vendor has an incentive to protect privacy may also provide even stronger privacy protection for the masses than a system that meets your version of 'freedom'.

This isn't a "version" of freedom. It is what freedom literally means. You can say you're willing to sacrifice some freedom to gain privacy, sure. But from a technical perspective, that's a totally false choice.

It is not a false choice from either a technical nor a philosophical perspective. There are positive and negative freedoms/liberties and each leads to different results when applied to a real world situation. You view freedom as a negative liberty (e.g. absence of obstacles, barriers or constraints) so anything that hinders your usage of a device in a manner you desire is contrary to your view of 'freedom'. Others may view device freedom as a positive liberty, where freedom is manifested in a way that enables them to take control of their life and realize a more fundamental purpose. If I view a computer as a means of accomplishing some other goal and not a tool that I need to think about much or to modify, but where the existence of such liberties can negatively impact my goal then your version of freedom makes me less free. If I need to spend time and mental energy wondering if some action I take might make my privacy less secure, if some app I install is a threat or a benefit, or if some action a third-party asks me to take is going to subtly invalidate a simple security model I keep in my head, then I am less free.

To dive straight towards the third-rail of this conversation, some people think that being able to go out and buy a gun makes them more free while other people think that the ability of other people (of possibly questionable mental state or moral character) to buy a gun increases the probability that they will be killed by someone else with a gun and because of this they are less free. Both are correct.

If only the market would allow us to make a choice as to which version of freedom we wish to engage in and would provide us with multiple competing platforms that represent alternative visions of computing and informational autonomy. If only...

> If I view a computer as a means of accomplishing some other goal and not a tool that I need to think about much or to modify, but where the existence of such liberties can negatively impact my goal then your version of freedom makes me less free.

How, exactly? Are you saying that the burden of potentially unlocking your device in error, even if Apple makes that a convoluted, explicit process makes you less free? If i'm misunderstanding your argument, let me know. If i'm not, I think we both know it's totally silly.

> Apple loves privacy and hates freedom. It sure looks like the only thing they actually care about is their financial interest.

Hates freedome how? This statement is overbroad.

In a nutshell, I would rather support Apple as they're primarily a hardware company that has stated their privacy interests align with mine. As opposed to me supporting an advertising company that happens to sell phones and produce a mobile operating system that seems tailored to do the opposite.

The fact that I can't install my own OS is entirely tangential to the overall company goals of Apple versus Google or even Samsung. Focusing on a phone platform to behave as if it was the PC platform of the 80's reminds me of the for want of a nail proverb.

https://en.wikipedia.org/wiki/For_Want_of_a_Nail

Focusing too far down on "freedom" from the gnu perspective will just put us into territory we can't cover at all realistically right now.

Besides which, I just want to use my phone, not spend endless hours fucking around with it to install all manner of stuff.

> Hates freedome how? This statement is overbroad.

In the sense that their devices are not free.

> Besides which, I just want to use my phone, not spend endless hours fucking around with it to install all manner of stuff.

The fact that you don't want to use it that way is hardly relevant to the question of freedom.

Listen, i'm not saying they should spend a bunch of time engineering a solution to support this use case. I'm not saying they should aid people in doing it in any way. But that's not all they're doing. They actively expend resources to thwart people controlling their own devices. It is their corporate policy not just not to support this behavior, but to make it technologically impossible. That is the key point.

If Apple had just said "if you modify the OS, you void your warrant and you're on your own - we offer you zero support", i'd be totally fine with that. Personally, i'm not interested in modifying my device at all, i'm happy to leave it as is. But to go out of their way to make it impossible to do that? That's anti-freedom, no matter how you slice it.

The fact that they make it hard is what guarantees that there's a large pool of people with stock iphones. And this pool is too big a market to ignore, which is why I can have good apps, even from companies I don't trust, and deny them permissions I don't want to grant.

I think Apple understands this. The freedom you desire has ecosystem effects which I don't want.

You may quibble about precisely how hard is hard enough. Maybe they could loosen up a little bit, walk some middle path, and satisfy both of our desires. Maybe. Has anyone done it? Apparently people will sign anything you ask them to in order to play farmville. And every jailbreak seems like a security hole I'd rather not have.

I see no reason to think that making this possible would alter their ecosystem at all. It would always be a small minority of users. A small minority that developers could always just ignore. Developers on Android don't bother to think about custom Android kernels, unless they're specifically targeting that user niche.
I'm not too sure what exact freedom this minority of users is after. Does granting the ability to load a custom kernel require zero engineering effort from Apple? Including doing it in a way which won't leave the door open for the FBI, and whoever else, to break in?
It requires substantially less engineering effort than they've put into making sure people cannot do those things.
They are just preventing several potential headaches in their view. If I build something and I don't want end users to do X with it, I'm entitled to do that. If the user doesn't like it, the user can go elsewhere. Those are the terms I set as the vendor and you are free to not engage, you have other choices.

In short, you are still free to not buy their hardware.

Absolutely true. Just as you are free not to use Google and Facebook if you don't want your data collected. Not trying to say they don't have every right to do it.
If a company’s business model is aligned with statements by its CEO, I would consider those statements more valid, not less. Apple is putting its money where Tim Cook’s mouth is. That’s a good thing.
They didn't align their business model in order to further privacy, though. It just happened to shake out that way. If Apple cared in the slightest about issues like this, they wouldn't make it impossible to control your own hardware when you buy an iPhone.
That’s Apple cared only about issues like this. In the slightest is too narrow.

Plausibly they care for many things and trade them off.

That's fair. My point is only that self-interest explains more variance here than caring about privacy. They may genuinely care about privacy to some degree - just as i'm sure Google and Facebook do. They both just care about profit more, and for Google/FB, those things come into conflict. For Apple they don't.
(comment deleted)
Your stance seems unfalsifiable. If a company did exist that cared more about their values than profit, how would you recognize it?

But more importantly: who cares? We’re not judging whether Tim Cook oughta get into heaven.

People seem highly driven by the profit motive, arguably more than by most other motives. If Apple’s goals are aligned with mine and motivated by profit so they’re likely to be careful to keep from damaging their reputation... great!

It is falsifiable, i've explained elsewhere my reasoning, but i'll repeat it here: The same basic moral orientation that would motivate one to care about privacy would also motivate them to care about freedom. Apple's policy of not giving you sovereignty over your device is anti-freedom. However, the thing that explains both behaviors is self-interest. It's to Apple's strategic interest to focus on privacy, it's not to their strategic interest to focus on freedom. Therefore, the most likely explanation for their behavior is their strategic self-interest, and not any moral orientation towards privacy.

It's also been brought up by others that Apple discards its privacy morals when it comes to China. Which is another point in the "probably doesn't actually care about privacy" column. Occam's razor says the simplest explanation is most often true. The simplest explanation here is self-interest.

so in summary you are saying 1. Apple is selfish (like any other company). 2. Their self interest is coupled to user privacy (but not freedom or moral values).
I'm saying that their stance on privacy is motivated by self-interest. Nothing more, nothing less.
What disincentives are implicit in Apple's business model that discourages collecting more data from their users?
Not collecting user data is something that only Apple can do. Google depends on data collection for its primary revenue stream. Apple does not. This means that focusing on privacy is a uniquely competitive tactic for Apple to take, and they have shrewdly taken it.

To be absolutely clear, i'm not disparaging them for taking this position. I think it's great. I'm just trying to contextualize it.

And yet we know that the personal data of your customers is worth billions.

And we also know that nothing about writing walled software ecosystems prevents one from syphoning this data.

So it would appear that Apple has purposefully left money on the table.

So please tell me how that fits with your 'self-interest' explanation of Apple's stance here.

I already have elsewhere in this thread, but here goes: Google's primary business model is contingent on user data collection. Apple has the most profitable business in the world, which is not contingent on user data collection. Yes, you are absolutely correct that Apple is leaving a few billion dollars on the table by not doing this. However, that's only true in a fairly narrow, greedy (in the sense of a 'greedy algorithm') sense.

Taking a more strategic perspective, you would look around and see that your competitors have to collect this data to survive. But you don't. That makes this a weakness for them, which means that it's a differentiating factor for your product that they can never copy. This strategic advantage is worth much more than the few billion in quick cash they might pick up by monetizing their user data.

But we see that the general public's relationship with privacy is a lax one at best and at a time when AI solutions are the breakthroughs and revenue generators of the future, that Apple is restricted to an uncertain trajectory. Are you sure that the market value of data and their derived innovations aren't worth more in dollar terms than the privacy market?

Not only that, but having taken this stance so strongly, it makes any future relaxations of their self-imposed rule an even riskier move as it exposes them to hypocrisy. So it's clearly a double edged sword. And while it's certain Google depends on data now, nothing stops them from making excellent phones with excellent hardware with privacy to boot to compete with Apple on their turf.

If the CEO of a tobacco company say cigarettes do not cause cancer, should should consider this statement valid?
Apple, Microsoft and Amazon will be perfectly unperturbed when the so-called “attention economy” goes away. They are real companies offering real goods and services.
I don't know about completely. They still all show ads and collect user data. But they will be less affected than some others (google).
I think it will hit them as well, just not to the same extent as Facebook & Google.

Microsoft owns LinkedIn, which is an advertising company. I also seem to recall that they make a reasonable chunk of change from search advertising and other online properties.

According to this link they took in a little over 6 billion in advertising revenue last year:

https://www.statista.com/statistics/725388/microsoft-corpora...

According to this link, amazon took in somewhere in the region of 1.7 billion in revenue from mainly advertising last quarter alone:

https://www.statista.com/statistics/725388/microsoft-corpora...

Microsoft for example has several billion dollar businesses aside from Windows, Office, and enterprise. Their Surface and Xbox hardware, for example, pulls in that much revenue each. They'll be fine.
Yeah, Google and Facebook are not tech companies. They are mainly ad companies run by social justice activists. Their only purpose is to stuff ads down peoples throats.
Google could exist in a diminished form off their cloud and office suite. But e.g. GMail is not a viable business without slurping user data.
I get where you're coming from, but I'm not sure that matters to me personally. Privacy and security are important to me, and that's what Apple is selling, so I'm going to buy.

The more consumers support privacy as a selling feature, the more Apple will guard it. I'll gladly pay a premium to a company that has a vested interest in keeping my shit safe, and a straightforward business model of keeping me happy enough to sell me more shiny things.

I don't disagree. I'm not trying to discourage anyone from buying their products. If you care about privacy, absolutely, buy an iPhone. I'm just trying to point out that their caring about privacy comes as much from a place of greed and fortunate coincidence than anything else.
I'm not sure it's fortunate coincidence, seems like Apple chose this path. As for greed, well, they're a corporation. That's a given. They're driven to profit by their very nature. If you need a phone you choose one, or you build one yourself.
It's a cynical view but valid. It's not like Apple made a decision to be a non-player in social media for moral reasons - they just never got around to it because of the insane profits they got from selling iPhones.
Of course Google will tell you that cigarettes cause cancer and climate change is a threat: they don't sell tobacco or drill for oil! They're just looking out for their own interests.

Apple actively chooses to not pursue these revenue streams even though they have the resources and reach to do so.

Exactly. Apple has lots of opportunities to monitize the App Store by profiting from user data.
> Apple actively chooses to not pursue these revenue streams even though they have the resources and reach to do so.

I disagree. Apple can't compete in those spaces effectively because they're already owned by Google/FB. Microsoft has similar resources to Apple, and they tried to compete with Google on search - look how that turned out. Even Google can't compete with FB in social, look at Google Plus.

Apple has, intelligently, recognized that they cannot compete in that space. So they aren't trying. They are then using that to their advantage, by focusing on privacy, which is something their competitors cannot focus on. It's a perfectly legitimate strategy, and there's nothing wrong with them doing that. I support it wholeheartedly.

On the contrary however, it is not in Apple's strategic interest to give users's sovereignty over their devices. In both cases, their behavior aligns not with user interests, but with their own. Being financially self-interested better explains the sum total of Apple's behavior than any interest in user well-being.

Microsoft azure is not going so bad, and it started in a space where amazon was far ahead. A large head start doesn't mean that you can't compete, it depends largely on the space.
You're completely right. I didn't mean to imply that you can't compete with a head start. What I meant to imply was that in social/search specifically, it's extremely difficult to compete, due to the virtuous cycles of networks and data.
(comment deleted)
I like the reward system with-in Bing. Covered the cost of my kids Xbox gold/live subscription.
Correct. They didn't build a business model around doing something unethical, which eventual can get the entire company in trouble - so great strategic leadership I'd say.
"Unwall the iPhone garden"—you mean allow anyone to access things like SMS, or chat logs as was the case on Android? In that case I very much like those walls, thank you.
Do you really want to live your days feeling dependent on this sort of "service"? Do you really want to say, "but I need Facebook!".

In today's age, you need a phone number and e-mail. It's ok - they are decentralized. Don't let a centralized platform of Facebook's evil nature become necessary for you to live your life.

Delete and forget it existed. Ignore and move on. Give up the benefits and pay the cost.

Apple's non-investment in cloud is starting to pay off. Hey Tim, how about letting app developers and browser makers use a non-safari rendering engine on the iPhone?
Tim has watched War Games apparently.

iCloud exists but facilitates storing only core data and otherwise is a sync mechanism.

Social aspects of iCloud are what's "missing" so even a large breach wouldn't result is 100x users being exposed.

The most galling part of the FB failure was that the people breached weren't the ones who installed the misbehaving app. And society at large paid for it.

>And society at large paid for it.

What's the cost again? I'm still experiencing cognitive dissonance over the fact that this is news here on HN. What Facebook was doing was common knowledge (for the last 8 years?). I assumed all those spammy facebook apps, like candy crush, had access to the entire social graph of facebook (not just US) or at least built it up over time. All those stupid "Log in with Facebook" apps almost always asked for your friend information.

Did you also assume they were exfiltrating that data and selling/giving it to third parties? I didn't.
Whose 'they'? And after all those sketchy apps asking for your friends list all these years? Yeah. Yeah I did.
I hope Apple follows up on this by actually lobbying for a GDPR bill to be passed in the US.
Good point. I see a lot of good things coming with GDPR, foremost a realization that its NOT ok to just store personal data without meaningful reasons and abilities to let one know what a company stores about them. It's not perfect, rather ambitious in can cases, but I like how these conversations are now happening more broadly.
It's funny that this comment has 10 upvotes but fell to the bottom of the page. No doubt there's a lot of vested interests against privacy legislation. To the Facebook and Google employees: it's already in the EU, and it's likely coming to the US in some form. If not at the federal level, certainly at the state level.
GDPR is a rare area where I see as many positive and negative opinions on it in communities such as HN. Will be interesting to see how this develops with further fallout from the Facebook story, and with GDPR actually coming up to the deadline for implementation in May
And ios locked bootloader, no root, running only appstore code should not exist, but here we are ...
With the data Apple collects including via Apple Pay and Health I’m not sure there is that much difference in all honesty.

What the data is used for is another issue.

That’s misleading, Apple goes through pains to keep data on the device, or limit their exposure. They don’t store your transaction history for Apple Pay, and I believe the same is true for HealthKit. iCloud backups are a glaring privacy issue but you can also manage your own backups locally.
You can decide for yourself whether you believe Apple or not, but they're pretty clear on what data is available to Apple in these circumstances:

Apple Pay:

https://support.apple.com/en-us/HT203027

> "Apple Pay is also designed to protect your personal information. Apple doesn’t store or have access to the original credit, debit, or prepaid card numbers that you use with Apple Pay. And when you use Apple Pay with credit, debit, or prepaid cards, Apple doesn't retain any transaction information that can be tied back to you—your transactions stay between you, the merchant or developer, and your bank."

Also (https://www.apple.com/privacy/):

> "When you use a credit or debit card with Apple Pay we don’t keep transaction information that can be tied back to you, so we can’t create a history of your purchases. And when you use Apple Pay Cash, information is stored only for fraud prevention, troubleshooting, and regulatory purposes."

If you're suspicious, there's plenty of room in "fraud prevention" and "trouble shooting" for you to make whatever case you want. The first sentence is pretty clear that there isn't enough information to create a history. I suppose there's wiggle room to interpret that as they may be keeping some kind of summary of the purchase history rather than a detailed transaction log.

Health data:

https://www.apple.com/privacy/approach-to-privacy/

> "When your phone is locked with a passcode, Touch ID, or Face ID, all your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers."

> "We also require apps that work with HealthKit to provide a privacy policy for you to review. Your data in the Health app and your activity data on Apple Watch are encrypted with keys protected by your passcode."

What about the data that Apple collects in macOS 10.13 users? Anonymous data collection is not really anonymous. IP addresses and other logs leak lots of identifiable information even with all of the collection settings toggled off in various preference panes. It is kind of hypocritical for Tim to criticize a practice that Apple currently engages in (you can't claim otherwise once you jump down that rabbit hole).
What data collection are you referring to? Apple collects crash log data if you opt-in, which can contain logs. It also collects "device analytics" using differential privacy (not containing logs); this is stronger than anonymized data because it retains some privacy even if it is de-anonymized, and is also opt-in. Is there another practice I'm not aware of?
(comment deleted)
(comment deleted)
It makes a difference having a CEO that is so vocal about this, it changes what everyone in the org does and sees as "right". It's a good thing.

At Facebook the understanding seems to be more Orwellian community like, spearheaded by Mark Zuckerberg. They envision and build a future where everyone is under surveillance at all times - so collecting a bit more doesn't matter, more to the contrary. Last week there was a story that FB internally also does surveillance on employees and they know what employee click and hover over on, and they monitor their messenger conversations. And it's all okay in their world view. Good to see some balancing conversations.

I believe Apple took even a toll and fell a bit behind the last few years in regards to eg. Siri as they take personal data more of a liability rather than an asset. So, much respect from my side to Apple and Tim Cook for this. And I'm really not much of an Apple fan, but reconsidering with statements like this one.

the CLOUD Act (S. 2383 and H.R. 4943), a measure pushed by Apple and other tech industry giants but strongly opposed by privacy advocates.

- https://appleinsider.com/articles/18/03/23/apple-supported-c...

They didn’t push it. They were just glad something was finally in writing. The alternative was letting the courts and companies battle it out. And all it takes is one bad precedent to fuck everyone. Laws are malleable, they can be massaged through the courts and have to be to be renewed. Precedents are much harder to fix and can only be overturned in a higher court. No one is happy about this, but they are relieved.
(comment deleted)
(comment deleted)
<IAmEveryone attr=“suck my dick”>

  operating devices owned by an employer 
  is strike one. It’s not your personal 
  property. You didn’t buy it from the store, 
  you give it back when you quit or get fired, 
  right?
</IAmEveryone>
> operating devices owned by an employer is strike one. It’s not your personal property. You didn’t buy it from the store, you give it back when you quit or get fired, right?

By that logic, your landlord could install a camera in your bedroom. It’s their property after all, right?

(comment deleted)
You pay for your apartment, it’s reasonable to expect privacy.
We also pay for Internet service, yet a lot of ISPs collect and extract browsing behaviour about their customers.
(comment deleted)
(comment deleted)
BYOD and things like that are common at modern companies. Lines are blurry. You could say, oh when you join the device to the domain it's not yours anymore - still pretty odd. Even if they are legally okay, its unethical (especially when done covertly).
Apple isn’t the privacy white knight either. By default every iPhone logs and sends to the mothership your gps locations. They designed iMessage in a way that ensured they could access the conversation. IOS comes with an advertising ID, etc. They are certainly not as bad as a Google or Facebook but they are not good either.
> By default every iPhone logs and sends to the mothership your gps locations.

> They designed iMessage in a way that ensured they could access the conversation

Neither of these sound correct. Can you explain more or link a source on either?

On locations: https://support.apple.com/en-gb/HT207056 (it is enabled by default)

On iMessage, the encryption keys are managed and accessible by Apple. Steve Gibson makes regular references in his podcast, like this episode: https://www.grc.com/sn/sn-574.htm

> enabled by default

Actually, the device asks during setup whether you want to enable location services or not. They are also configurable per-app, obviously

That’s to switch off all GPS. To disable the logging/upload to mothership, the settings is buried in Settings/Privacy/Location Services/System Services.
Right. So location services are absolutely not enabled by default. You have to turn them on.
If you’re not an iPhone user you may not be clear on this, as I see the help page isn’t explicit, but during setup it actually asks if you want to allow Location Services and you can turn it off as a whole right there. No default exists for it, as it is a yes/no selection on initial setup (And if yes, you still need to approve each app’s access, but you might be thinking of how it is auto-enabled by default for system services after you initially opt to turn on location services).

For iMessage, I think you are getting something mixed up. Apple does not have your encryption keys, but like Signal it does control the server used to retrieve keys for your interlocutor(s). This is a trade-off based on the fact that most iPhone buyers likely do not have a desire to run their own server nor would they probably be able to get their friends to all use it. However, apps are available in the App Store if you do want to do that.

It is worth noting that Tim Cook said this in China, where Apple happily hands over all user data to the Chinese government.

http://money.cnn.com/2018/02/28/technology/apple-icloud-data...

It is worth noting that disabling iCloud backups and iCloud features vastly limits what data Apple ever sees. iOS+passphrase is the best security available.
There's a lot of comments here that superficially try to paint Apple as hypocrites but it falls apart the moment you actually think about it.

Apple will hand over all user data in iCloud to any law enforcement agency with a warrant [1]. That doesn't conflict at all with calling for privacy regulation. China has enacted a data localization law, and they aren't the only ones that are doing it [2]. The CLOUD Act is related to this issue.

Apple retains control of the keys for iCloud. The iCloud services that are end-to-end encrypted remain so. Apple also informed all their Chinese customers prior to this change happening.

You could argue that Apple should leave the Chinese market but that isn't realistic because it's a large market to sell to and where all of Apple's production takes place. Shutting down iCloud in China will have no practical benefit to Chinese customers (and likely make them worse off).

The common retort is to point to Google taking a big stand on principle in leaving China. But if that's the case why haven't they also left Russia and Turkey? In fact they've complied with Russia's data localization law [3] and Turkey's censorship [4] to avoid being blocked. And they're attempting to re-enter the Chinese market [5].

Apple is not a state actor and can't do anything about China's laws other than lobby against it, which they did [6]:

>“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said.

Fortunately the rule of law prevails in the US, and it is certainly well within Apple's rights to lobby for privacy legislation. And I hope they do.

[1] https://www.apple.com/privacy/government-information-request...

[2] https://www.servers.global/meeting-the-challenge-of-data-loc...

[3] https://www.wsj.com/articles/google-moves-some-servers-to-ru...

[4] https://www.nytimes.com/2015/04/08/world/europe/google-turke...

[5] http://www.scmp.com/news/china/policies-politics/article/207...

[6] https://www.reuters.com/article/us-china-apple-icloud-insigh...

You’re editorializing with “happy” and it’s a false narrative. Apple specifically said they weren’t happy about it and fought against it, but that the end result was they could either close shop in Chins or comply with the law so they decided it was better to be there than not.
So they'd defend the privacy as long as it doesn't require any serious effort from them - like denouncing Zuckerberg - but the moment the interests of their business and their users contradict, they'd throw the users under the bus. Understandable position, probably, but not exactly the one that should be a source of pride.
What actually said differs from the headline:

>"The ability of anyone to know what you've been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life — from my own point of view it shouldn't exist."

He said that the ability to know what they've collected about you shouldn't exist. Very different.

You’re reading that incorrectly, the headline is right.
(comment deleted)
I think there have been some valid points made in this thread about business models. Facebook is the least diversified company out of the big five when it comes to how much of their business model depends on collecting user data (and how personal that data is). At the same time, Facebook, Amazon, Google, Apple, and Microsoft weren't just handed their business models. Each company decided to what (and what not) to pursue, and how they would pursue it. (Can anyone forget how utterly PUSHY Facebook was at getting people to use Messenger?)

At the end of the day we all checked off Facebook's EULA and Privacy Policy box and uploaded thousands of artifacts from our lives onto the platform. Perhaps it was a bit naive and overly trusting, but it was our decision. This does not dissolve Facebook of its ethical responsibility to not abuse customer data, but we, at the same time, shouldn't think that we're handing off our private data to some benevolent force that's just going to hold onto it without using it for their own gain.

TBH what disturbs me the most is how much data Facebook has on people's children. There's going to be an entire generation of people whose conception to high school graduation has been archived in Facebook servers, without their consent.

> At the end of the day we all checked off Facebook's EULA and Privacy Policy box and uploaded thousands of artifacts from our lives

That might be true for you, but there are hundreds of millions of people who have been captured in Facebook's surveillance web, despite never interacting directly with Facebook themselves.

> TBH what disturbs me the most is how much data Facebook has on people's children. There's going to be an entire generation of people whose conception to high school graduation has been archived in Facebook servers, without their consent.

This scares the hell out of me. Millions of children are having their ability to choose whether or not they wish to have their entire lives archived on the servers of an advertising and manipulation corporation taken from them at birth by irresponsible parents trying to build internet points for themselves.

>> TBH what disturbs me the most is how much data Facebook >> has on people's children. There's going to be an entire >> generation of people whose conception to high school >> graduation has been archived in Facebook servers, >> without their consent.

I find it unsettling that Facebook has built profiles on kids who can not, legally, _give_ consent, I mean, at all. Facebook probably has a profile on me (although I have never visited them) because I am active in a community of heavy smartphone users; but at least I am an adult and you could argue that people/institutions/organizations that I interact with have kinda given consent on my behalf (without asking me) by agreeing to these websites' Terms & Conditions. So for adults, you could say it is "Indirectly Implied Consent".

But how can you apply this argument to kids' profiles collected/built/scraped without consent?

We have a lot of work to do, as a society. A combination of laws, co-ordinated across countries, and social shaming perhaps?

> I find it unsettling that Facebook has built profiles on kids who can not, legally, _give_ consent, I mean, at all. Facebook probably has a profile on me (although I have never visited them) because I am active in a community of heavy smartphone users; but at least I am an adult and you could argue that people/institutions/organizations that I interact with have kinda given consent on my behalf (without asking me) by agreeing to these websites' Terms & Conditions. So for adults, you could say it is "Indirectly Implied Consent".

Yeah, this would line up with privacy laws about photography/videography, at least in the US. Say I'm not a Facebook user, but I go to a party with my Facebook-using friends. My photo is taken spilling food all over my shirt and that gets posted to Facebook. My participation in an event that had no reasonable expectation of privacy means that any photos of me can be legally taken and posted to Facebook.

> But how can you apply this argument to kids' profiles collected/built/scraped without consent?

Well, one of the problems is that as it stands right now, parents/guardians control that consent. And parents are largely the ones posting pics and FB statuses about their kids. I think there would have to some kind of laws that give children rights to a certain degree of privacy outside of their parents' control.

There was a case in 2016 where an 18 year-old sued her parents to remove 500 of her baby photos from Facebook:

https://www.usatoday.com/story/news/nation-now/2016/09/16/18...

It seems unfortunate to me that she had to wait until she was eighteen in order to address the issue. A lot of social damage can be done before eighteen.

Agreed. The shadow profile stuff is really creepy.
Have they deleted Facebook's Messenger from App Store yet for the way they bully people into enabling access to contacts? No? They could kindly quit bullshiting us then.
> "At Apple, we believe privacy is a fundamental human right."

I agree and think Apple promoting and implementing it in their products is wonderful. But most of the world can't afford Apple products and therefore are effectively denied this human right.

It would be great if Apple could provide a low-cost line, probably under a different brand name, that implemented the privacy technologies in otherwise basic phones, laptops, etc. Or maybe license the privacy tech to someone else who does that. (I realize it might be much more complicated than what I describe; for example, the security tech could be too tightly integrated with the rest of the product. Would they have to license iOS? A stripped down version?)

I'm not complaining; it's not Apple's job to solve this problem created by other phone and OS makers. But they could make a big impact and I don't think it would take sales from Apple products; an otherwise cheap phone with Apple's boot security subsystem isn't going to compete with an iPhone.

Apple's business model is unlike Facebook's business model in that it does not make money from ad targeting.

Facebook's business model is unlike Apple's business model in that it does not make money from sending 12-year-olds into cobalt mines.

https://www.amnesty.org/en/latest/news/2017/11/industry-gian...

Huh, I expected much worse than “Earlier this year, Apple became the first company to publish the names of its cobalt suppliers, and Amnesty’s research shows it is currently the industry leader when it comes to responsible cobalt sourcing. Since 2016, Apple has actively engaged with Huayou Cobalt to identify and address child labour in its supply chain.”
Apple became the most valuable company in the world in 2012 (https://www.forbes.com/sites/davidthier/2012/08/20/apple-bec...) and had been a leader for the better part of ten years before that.

A recent change in procurement doesn't change the fact that they grew their business on the backs of teenagers who were sent into unreinforced holes in the ground to dig while kindergarten age children crushed the ore without the benefit of any protective gear.

I'm an iPhone user and I understand the world is a messy place. My point is it's rich of Cook, whose sub-contractor had to install nets outside of windows to prevent suicides, to lecture Zuckerberg about morals.

At the end of the day, Facebook has built an incredibly powerful adtech platform. An unpopular person used it to get elected. That's bad. Tim Cook's career has been spent building workplaces that either crushes spirits, leading to suicide, or literally crushes bodies in mine collapses.

>Facebook's business model is unlike Apple's business model in that it does not make money from sending 12-year-olds into cobalt mines.

This is the kind of response that I am increasingly finding indistinguishable from propaganda intended to sow discord.

The CEO of the largest corporation in the world is calling out his competitors for perceived moral failings in their business models.

I'm calling out the CEO of the largest corporation in the world for moral failings in his business model. I wish higher profile reporters were doing so.

The goal is not to sow discord, it's to highlight hypocrisy.

What’s Apple’s market share worldwide? What percentage of Facebook users access it from mobile? What percentage of those users are using Android devices that also need the same materials? When did you last hear about Samsung or Xiaomi or others on slave labor or child labor?

I’m sure Apple has a long way to go on several fronts, but one sided hyperbole like in the above comment is unproductive.

It's not hyperbole. Apple may be the best of a bad lot, but that doesn't change the reality of the situation.

Like I said in the OP, I know the world isn't perfect. Normally, I wouldn't call out Apple. But when Cook decides to lecture about the dangers of social media and privacy and calls for more regulation, which would also weaken his competitors, he should have his bad practices brought to light.

Ace to grind? The source you linked yourself says Apple is at the forefront of this issue which is industry-wide in small electronics.
They may be at the forefront, but what does that mean exactly? They don't have the kindergarten age kids grinding the ore anymore? They're still sending people into unsupported mineshafts barefoot, but they're all now 18+?

All that said, I wouldn't highlight Apple's supply chain failings if their CEO wasn't out chastising competitors for the undesirable traits of their business models.

Maybe Tim Cook should put Apple’s money where his mouth is and give us an alternative social network that respects users’ privacy.