204 comments

[ 3.1 ms ] story [ 232 ms ] thread
Well at this point I expect this to happen for any input on any web page or app.
Seems reasonable enough
I was about to say, this is about as unsurprising and reasonable as Google Search listening to what you type into the search bar and which links on the search results page you click.
Many sites, probably including Google Search, also monitor where you move your mouse cursor, even if you’re not clicking. A lot less reasonable and more surprising.
Maybe on Windows, idk, but I am not sure how Google Search could do it on either iOS or macOS.

On iOS, there is no mouse cursor, so there is nothing to track in the first place.

On macOS, you have to give permissions on a per-app and per-domain basis. For example, if I want to let Google Maps use my current location, first I will get a prompt to give that permission to the browser I am using in the OS settings, and then I have to give that permission again from within the browser specifically for Google Maps. Also, the web browser shows which specific permissions a page I am on has, and I can revoke them at any given time. Same thing for tracking mouse cursor movements, except it is governed by the macOS accessibility permissions iirc, rather than location permissions, and I don't remember Google Search ever requesting that. Just checked, and the only app that has those permissions on my machine is Discord, and it requested those only when I attempted screensharing.

Maybe I am mistaken, and there is some trick around needing permissions to track mouse cursor movements in a browser on macOS (especially given how complex in-browser JS execution behaviors have gotten over time). In which case, someone please correct me.

I agree though, tracking mouse cursor movements is definitely a bit more surprising and unexpected than tracking what you type in the website's search bar. Which I would be way more surprised by it not being tracked. It's like expecting Amazon or Steam or Twitter to not track what queries you search for in their search bars (which all of them definitely do, as evident by you being able to look at your search history from within the website).

AFAIK, all web pages can track mouse position, as long as the mouse is inside the page’s window, and they don’t need special permission to do so. See https://developer.mozilla.org/en-US/docs/Web/API/Element/mou... or https://stackoverflow.com/questions/7790725/javascript-track...
Ah, thanks for the links. I guess it makes sense, given that mouse-tracking within a specific web page is pretty much impossible to ban on technical level, since you can just place a ton of invisible pixels covering the entire page, and track the mouse hover events over them. And it would be impossible to block by browser too, unless the browser prohibits mouse hover interactions with components present on the page entirely.
Obviously Amazon knows what you search for on Amazon. But they probably also track what you type into the search field, even if you then delete it and never actually perform the search and even if you turn off the suggestions.

Just like when you chat with a company through one of those web chat apps, they see everything you type, even if you delete it before you press enter to send it. That is tracking on the modern web.

It's still entirely reasonable. People often hover over things and get confused about animations, and so seeing where the cursor goes is essential to notice this.
Ah, this may explain why i get asked "if I'm a robot so frequently", I very rarely use moues for navigation and mainly use keynav.
What else do they do, record your facial expressions and every sound you make while using the phone?

Talk about feeling like a lab-rat.

They could, if battery life impact weren’t a thing. This is going to be the biggest “gotcha” with VR as well.
I believe Amazon, Airbnb, airlines and many others are doing / were doing same on their web pages too. It allow to provide better personalized (TM) experience and significantly increase ROI.

There is good book how it works in offline world. https://www.npr.org/2017/02/13/514322899/aisles-have-eyes-wa...

Just don't read it on a Kindle, another device which monitors everything you do (how long you remain on a page etc).
I think of all the tech I use that could track me, I’m most OK with the Kindle. All my books come from Libby so the Library Industrial Complex also knows.
I consider the books i read to be quite private information. Just think about medical or psychological books.
Lots of companies use Glassbox to this degree.
There are so many sites that use Hotjar.
Apple iOS is turning into an Android, but without a headphone jack.
Unfortunately, even most Android phones also are being made without a headphone jack nowadays
But I can still find a phone with headphone jack. Can't do that with Apple.
Hate to break it to you but a few years after Apple made this daring move, almost all Android manufacturers have followed suit.
Android manufacturers also started beveling their phone corners after Apple made it popular, not that it made the phones easier to hold or easier to manufacture. It might be hard to imagine, I know, but sometimes Apple makes the wrong decision.
OP misconstrues an iOS tracking dialog to support their complaint:

> The strange thing is that Apple introduced strict measures in iOS 14.5 to prevent developers from fingerprinting users.

The dialog text in their screenshot reads:

> Allow “App” to track your activity across other companies’ apps and sites?

Users refusing this permission are not prohibiting tracking by the company that issued the dialog. They are prohibiting the company from tracking users beyond the boundary of their corporation. Apple’s App Store app is within the boundary of Apple Corporation, and so the tracking dialog shown is not relevant to their complaint.

(I have no viewpoint to offer on OP’s argument beyond the logical reasoning error described above.)

Also Apple doesn’t have any incentive to ‘fingerprint’ App Store users because they are either logged in or using a unique identifier.
Sure they do. What if they switch accounts, usernames, phones, etc. More data is better.
If you do that, you lose all your apps and settings. Ergo, nobody does that. If you switch phones, you transfer the account. Also, Apple tracking what you do in their App Store is perhaps not very nice but doesn’t affect anyone in any detectable way so no normal person is going to go through the effort to avoid it, if they even know it is happening.
This argument’s logical error is declaring that an inconvenience takes higher precedence than the desired outcome.

For example, I am seriously considering doing exactly what you describe as “nobody does that” — having to repurchase all my apps and redo all my settings — in order to complete my transgender name change. Apple refuses to purge my old deadname’s iCloud email address, and so if I want to remove it, I’ll need to start a new Apple account and re-purchase all of my apps and content.

It's extremely easy to disregard and disable any mention of your iCloud email address. You can set an apple id's email itself in settings -> user -> "name, phone numbers, email" which changes what nearly every part of the OS refers to. I forgot I even had one until I read this comment.
You are an extreme outlier, Apple is not going to risk their reputation fingerprinting users just so they can track you.

If you truly have a request like this, send an email to the person in the executive team responsible for Apple accounts, they’ll probably have executive relations fix it for you.

This argument’s logical error is presenting unprovable beliefs as if they were facts.

Apple may or may not care if users switch accounts. Only Apple confidential knowledge can prove or disprove this argument with certainty. In the absence of certainty, a best-faith effort must be made to determine whether their actions support or contradict these assertions.

The claim “Sure they do” is unsupported both by available evidence and by a good faith interpretation of their material actions. Apple’s public statements and app store policies do not support the assertion “More data is better”. There is no indication that Apple is performing enrichment of accounts using third-party data.

This argument’s logical error is approaching a response to a statements as if it exists in isolation.

The person you are replying to was merely offering an example to contradict a blanket statement without a factual basis, essentially that Apple does not track users because the user is already logged in. The respondent presented a situation in which that reason would not apply.

Also, your way of engaging people in this way is annoying -- specifically starting every reply with 'This argument’s logical error' and then coming up with a seems-right-at-a-glance breakdown of their argument's faults. Are you doing it on purpose to annoy people?

Starting every comment with “this argument’s logical error is…” is nauseating and hinders good conversation. Your point would sound better without it.
Everyone’s using my comment about the OP post as a launching point for their own discussions and arguments about Apple, that would have earned their own standing as top-level threads — and ideally, some would have displaced mine. So I certainly didn’t expect to wake up and see my comment earning so much attention. Hooray, I suppose. Anyways, I stand by my original point and the reiteration of it demonstrated in that chain of replies:

Unsupported arguments based on misconstrued statements and logical fallacies waste all our time here at HN. Do better, please.

What? If they switch devices and accounts, it doesn't matter WHAT is being "fingerprinted'... there's no way a unique identifier will persist across that type of change. Points for the theory though.
The context here is "fingerprinting" you based on what your fingers do.

So that will persist across devices and accounts.

And before you say that's crazy, location information can mean they only need to distinguish a handful of people at a time.

I remember credit cards being only usable by one AppleID.

So switching accounts would not only mean you lose all of your App Store purchases, iCloud data etc. It would mean having to get a new credit card.

That would make the likelihood of this scenario happening being pretty slim.

This argument’s logical reasoning error is to claim the absence of all incentive due to the absence of one incentive.

Apple has access to the logged-in account’s properties, as you assert, but this does not rule out Apple having other incentives for tracking.

(comment deleted)
you can use an apple device without logging into icloud
> I have no viewpoint to offer on OP’s argument.

This doesn't look like tracking or fingerprinting at all to me - they're logging user interaction (that many apps and websites have done for decades).

Even if they didn't do this just about every click you make in the App Store results in a query to their backend for more information, presumably with the account id (so family, regional, parental control works).

Whatever Apple is doing, it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again. Otherwise you bought a service, not a product.

Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.

That exists. It's called a dumbphone
The line is blurry with smartphones, as all kinds of "smart" functionality IS a service, and depends on contacting the vendor.

>Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.

Not that nuts. It's intended to be able to blacklist malware and such and retroactively disable it, through notarization (basically, registering apps to Apple and them getting a kind of fingerprint).

They could have done it with a local cache (and they probably do in some capacity), but it would still need to ask/sync every now and then.

> The line is blurry with smartphones, as all kinds of "smart" functionality IS a service, and depends on contacting the vendor.

No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.

> It's intended to be able to blacklist malware

Choice of blacklists, content filters etc. is also orthogonal to the vendor.

And if you want a phone that works that way, they do exist. Personally I'm happy to offload most of that to one service provider, so I'm happy to use an iPhone. If that changes, I'll look elsewhere. Your mileage may vary.
>No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.

Yes. But then it wouldn't be a commercial commodity product, it would be more of a build-your-own DIY kit. Would it be as succesful?

>Choice of blacklists, content filters etc. is also orthogonal to the vendor.

Everything is orthogonal to the vendor, even choice of screen or disk.

But most people don't like choice, want something that mostly works as is. And even for those that do the optionally increases the product complexity, maintainance, and error condition space (integrated vs mix-and-match).

Plus, a few modular laptop and mobile phone designs never sold well.

The merits of your arguments aside, Apple is not obliged to sell you a device that satisfies your personal requirements.

Apple most definitely sells you a service, which is a managed computing platform. Alternatives exist. (And if they don’t, that’s not Apple’s problem.)

It's a different discussion but I don't buy the "alternatives exists" argument. There are huge network effects. Some governments even make apps only for the duopoly. Banks also. Yes, sometimes you can use websites instead of apps, but it is not the same thing. Alternatives exist only in theory. Companies should not have absolute freedom if this means that the freedom of the consumer is restricted in any way.

"Alternatives exists" sounds a lot like this fallacy: https://en.wikipedia.org/wiki/Ergo_decedo

The world isn't as simple as: there are companies and they can sell whatever they like, and there are consumers and they can buy whatever they like, because that would end very badly for the consumers.

What do you mean in theory? You can buy a Pinephone today. If your government isn’t making web sites it seems like you should take that up with them.
What you are proposing is entirely unrealistic. That's what I mean by "in theory".
Why is it unrealistic? There are people who function fine without a phone at all.
I agree there should be basic standards of service, disclosure, quality and safety that products should have to meet in order to be marketable. Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.

Personally analytics don't bother me, I don't think they're a significant privacy issue. The service provider already knows almost everything you do with the service anyway, just as a requirement to provide the service. I don't believe that invasive regulation on the detailed behaviour and functions of a phone by governments is genuinely in the interests of users. I suspect that the detrimental effects would far outweigh the benefits, which would only be useful to a tiny fraction of users anyway.

> Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.

But what confidence do you have if the product you bought is tethered to the original vendor? What if they decide to do something that makes you unable to use the product?

I don't have a problem with the original vendor. If the vast majority of users don't have a problem with a relationship like this, and think it's acceptable, then I don't see a strong argument for making it illegal.

As for making the product unusable, they can do that anyway through OTA updates, which are applied at the user's discretion. If you think that's a problem then you should regulate that, not some other technical issues that may or may not be related.

> The service provider already knows almost everything you do with the service anyway

Knowing is not the issue. The issue is they use that understanding to their advantage, not yours. Their duty is to maximize shareholder value, not your health, happiness, and well being.

I'm not saying don't use them. I am saying it's naive to trust so blindly.

> "Alternatives exists" sounds a lot like this fallacy

The fact that an argument is superficially similar to an informal fallacy doesn't make the argument inherently fallacious. You can easily construct a variation of the same conversation which is structurally identical but is obviously not fallacious—

  Critic: "I want a banana, but I don't like the texture."
  Respondent: "If you don't like them, don't eat them."
What the respondent said is only a fallacy if the purpose was to counter the criticism. But the criticism wasn't rejected. What was rejected was the unstated but implied assertion that the critic was entitled to a banana which satisfies them.

Now let's turn that into an "alternatives exist" argument and replay—

  Critic: "I demand a banana that I do like."
  Respondent: "I understand your desire for a banana which suits you. However nobody is obligated to supply you with such a banana. Thankfully, alternatives do exist, such as the nectarine."
That's not a fallacy. And it's not a fallacy to say that Apple is not obligated to make an iPhone which satisfies you. Especially because it's a statement of fact.

If you don't like that you can't buy an Apple branded dumbphone, and you have failed to convince Apple to make it for you, perhaps try lobbying your government? They could pass a law which requires smartphone makers to also sell dumbphones.

I would like to access my bank, or my investment account, pay my tax.

However in many cases I can only do that via an app, and apps are only available on iOS or Android. Your argument a based upon me being able to buy something from an alternative manufacturer, yet here we are. And I have to purchase Apple or Android to be able to function in society.

If Apple isn't going to follow open standards yet be the largest phone manufacturer then we are going to have to regulate them. You don't have to be the only company to be a monopoly.

Did you reply to the right thread?

If you did, what has any of that got to do with anything I wrote? How does your complaint relate to what I’m talking about? Which open standard, specifically relevant to your ability to access your bank account and do your taxes, is Apple not following? And how is that relevant to concerns over privacy?

(Seriously, I’d like to engage with your argument but it seems like you’re confusing a discussion about the choice to buy a zero-tracking device with a unspecific complaint about standards.)

> it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again.

don't connect it to the internet.

Apple doesn't even allow users to turn off Bluetooth or GPS (easily in a straight-forward way, it prevents you to make it easy). And while some of it is to provide a better experience to you, major reason is to provide service to other Apple customers.
Can’t you just swipe down from the top of the screen and press the Bluetooth icon, or am I missing something?
That does not do what you think it does: that’s the button to disconnect from currently connected devices, not to turn off radios. Similarly, the airplane mode button above it will maintain Bluetooth.
I created a Shortcut for that, essentially a button on my homescreen I can press which actually disables bluetooth and wifi. And when my phone is connected to wifi, mobile data gets disabled.

It's not perfect, but at least I don't have to open the settings app each time.

Why do you do that though?
If I turn off bluetooth and wifi I want them to be off.
Turning Airplane Mode on and then tapping the Bluetooth icon will fully disable Bluetooth (gray background, not white). You can also just disable it in Settings. Apple’s argument, as I understand it, is that Bluetooth and WiFi don’t actually consume much battery, but non-technical users would habitually disable them to save battery and then complain that Location Services didn’t work well. Hiding the setting but keeping an essentially useless toggle prevented those non-technical users from making their device function worse while still letting them feel like they were saving battery life.
Yeah but they forget about users who simple want to disable yet another tracking vector on their device.

To add insult to injury, when you automate WiFi and Bluetooth to turn off when you leave your home you need to manually affirm this action via a notification every time.

Super annoying.

Unless this person shows us Settings > Privacy & Security > Analytics & Improvements, the only thing I can conclude is that they left the setting on and they’re confusing third party app tracking controls with Apple’s analytics setting.
Doesn't that just say more about how obtuse these settings are designed to be though?
No. The settings pane has multiple sentence explanations for what the privacy settings do.

You're asked whether you want to send analytics to Apple as soon as you set up any device.

They literally say in the body of the first post, verbatim "(data usage & personalized ads are off)"

If the "only thing" you can conlcude is user error, you must be unfamiliar with the insane amount of ambient telemetry iOS/MacOS collects even when disabling analytics (OCSP ring a bell?)

"Data usage & personalized ads" is not the setting I'm talking about.

Personalized Ads is a different setting than the one I described, located in the "Apple Advertising" section, not the "Analytics & Improvements" section that I think the relevant setting lives in.

"Data usage" isn't the name of any setting on iOS, that phrase is too vague to be sure what they mean.

This is why I say that I'd like to see a screenshot of the relevant settings panes. How do I know this person didn't accidentally flip them back on during an update?

OCSP isn't relevant to this issue. It's not "analytics," it does not seem to collect personal data, anonymized or not.

OCSP is used to verify/revoke certificates, essentially for the purpose of removing malware and spam, which is a basic function consumer-friendly OS: https://apple.stackexchange.com/a/420002

To me that's a really legitimate use of a "phone home" when we're talking about commercial consumer operating systems.

We use LogRocket to record all interactions with our front-ends and it's awesome for trouble shooting and also invaluable for our product managers.

They can see where users are struggling with the app and where extra-guidance is necessary.

I'm assuming many many many other apps and web pages are doing the same thing.

Nothing to see here.

Tracking how users use your own app is hardly malicious, in fact it's entirely in an effort to identify user frustration and solve it or otherwise improve the product. Tracking across different apps is definitely malicious, though.
Tracking how users use their own phones is certainly malicious. Regardless of whether they are using an application that you wrote, it is their phone.
That is not what is happening here. Users' on-screen taps inside the App Store app are being tracked. Not their interactions with any other aspect of the phone.
He/she is referring to parents comment

>tracking how users use your own app is hardly malicious

Where, pray tell, are the user's on-screen taps occurring, if not on the user's phone?
You can justify a lot of crazy behavior with "we need it to improve our product", that doesn't make it inherently ethical though.
That also doesn't make it inherently unethical, and so far nobody has provided evidence of that claim.
The Universal Declaration of Human Rights says something about arbitrary interference in a person's privacy not being okay, so there's that.

https://www.un.org/en/about-us/universal-declaration-of-huma...

(comment deleted)
Not convinced. By your logic, an nginx log with your IP in it is a similarly egregious and unethical privacy violation.

If you're going to commit to "all forms of tracking are bad no matter what" I'm going to need stronger evidence than a link a page on the UN's website.

Saving that IP to the webserver's log is rather necessary for it to function, whereas these detailed records of user behaviour can almost never be.

Just because someone uses an application, does not mean you "own" them and have a moral right to freely collect and do whatever you want with records of their behaviour. Also it's just weird.

Please explain how webserver logging is "necessary for it to function".
So I'll take that as you can't demonstrate it?

Interestingly, I started up an Nginx server and piped the logs to /dev/null and it worked just fine!!

Wow, turns out those logs weren't necessary at all. And by your standard, where tracking that isn't necessary for the website to function is unethical, that makes every single person running Nginx in its default configuration bad and participating in unethical tracking of users!

Because it doesn't seem like I'm going to get a response to this, I'll walk down the rest of the logic for completeness's sake.

I think we can both agree that "all unnecessary tracking is unethical" doesn't make sense and leads to insane conclusions like "all Nginx users with IP addresses in their logs are participating in unethical tracking".

So we're back to square one, where someone needs to demonstrate this type of tracking is actually unethical. So far we've got "all tracking ever is unethical" and "all tracking not necessary for function is unethical", but both of those seem to be dead ends.

I think the argument is a bit nuanced, but I see where the "tracking is bad" comes from.

I think everyone would agree that it would be very bad if eg. an instant messaging app logged message contents and allowed devs to look at anyones messages.

On the other hand, most people would not object to an app that sends an anonymous weekly counter of which buttons were tapped.

Anything between these two takes a lot of care and deliberation; on the one hand devs want useable data, on the other hand users don't want sensitive data tracked.

But it takes a lot of effort to make sure you don't accidentally log sensitive data. Eg. if you log spell check suggestions (to determine common typos) you might probably be able to use that data to reconstruct message contents.

Now, as a user, do I trust random companies to get this right? Do I trust random companies to not accidentally log sensitive data?

And the answer to that question is NO, I don't trust them. So if you ask me if I would consent to activity tracking, I would almost definitely say no, even though I don't think anything is wrong with anonymous usage tracking -- I just don't trust every company to get this right, so I'd rather have them not track anything at all.

> On the other hand, most people would not object to an app that sends an anonymous weekly counter of which buttons were tapped.

Considering how often companies misuse even this data...

Of course I agree there is nuance, but that's the point I'm trying to make. So far every argument I've seen against it in this thread is along the lines of "all tracking is bad" or "[overly broad category of tracking] is bad". Nobody seems to be willing to substantiate the more nuanced claim of why this specific type of tracking is bad.

For the record, I agree that this type of tracking should require consent (or at least be able to be turned off).

The following is meant as constructive feedback, and I hope you will take it as such even if it happens you disagree:

Your comments here consistently come across as highly adversarial: Assumptions and conclusions are liberally asserted, every sentence only attacks, there is no room for nuance, and attempts to find common ground are either mistaken for a new enemy assault or remain unrecognised entirely.

This makes for an uninviting and frustrating conversation, which is a real shame because you are clearly not a stupid person.

Admittedly my previous comment was not very constructive either. An unfortunate outing of my frustrations at the time.

Again, I post this with genuinely positive intent, and hope that when we next cross paths it might lead to a more constructive and enjoyable talk!

In this spirit, I have some constructive criticism for you. Comments like this (https://news.ycombinator.com/item?id=33528012) are so vague I am forced to make assumptions about what you're trying to say.

You post an extremely vague comment, I try to muster a response by making some assumptions about what you're trying to say. You post something that I think is obviously wrong, but I ask for an explanation just in case I am wrong or misunderstanding you, and you post this:

> Perhaps you'll find this book interesting: Networking All-in-One For Dummies https://www.amazon.com/gp/product/B0921K9YTS

I'll admit my comments were somewhat aggressive, but up until this comment (which, for the record, has changed my mind on this) you seemed to be participating in blatant bad faith.

If you want people to understand the nuance in your position, you have to actually say it, not just provide a random link to the UN Declaration of Human Rights. Your original comment seemed to be genuinely making the claim that 'all forms of tracking are bad because they are a privacy violation'. Maybe that's not what you meant, but I have to make assumptions about what you're trying to say when you don't actually say it and leave me to interpret what your quote and link are meant to say.

Also, for the record, I still disagree this type of tracking is unethical.

I'd love to hear the nuanced version of the argument why it's bad, maybe I'd be convinced.

You're taking a full black-or-white approach, which isn't helpful. Yes, an nginx log contains personal data (which is why a GDPR-compliant nginx log obfuscates the IP, absent of user consent). But tracking user interactions is much more invasive, which is why the parent posters complained about it.
I'm not taking a black/white approach, as a matter of fact I'm the one pointing out that doesn't make sense.

I asked for reasons for why this tracking is bad, and I got what basically amounts to "all tracking ever is bad", and thus I'm explaining why that "all tracking is black" approach doesn't work.

I think the argument here is that tracking how users interact with an app isn’t necessarily private information
Because humans aren’t omniscient with perfect reasoning ability, and full knowledge of all possible user circumstances and needs.
How would you find out what causes user frustration?

Company internal testing can only go so far, especially in a small team.

What is malicious about monitoring use to provide a better product in service of users?
Did you clearly ask the users if you can do it? If not, there's probably a reason why not, because users wouldn't like it if they found out they were being recorded.
Imo, as long as you clearly say "here's the choice: opt in or opt out, we are doing XYZ" in clear words, it's fair.

It doesn't really matter whether on each tap you fire a specific event ("TapOnList", "TapOnPurchase") or whether you log all app interactions (where the user taps, are they going around the app not finding something?). Or does it? Where do you cross the line?

If this app would be Facebook I would see your grievances - devs could see personal data. But let's assume it's an app where there's barely any personal data, or specific views do not have this logging enabled.

Since we are discussing an app store:

"pregnancy tracker"

"democrat donation app"

"cancer survivors forum"

The monitoring is the malicious part.
Why? The act of monitoring is not inherently malicious. The word malicious has a specific meaning and definition: an intent to harm. A life guard monitoring a pool clearly isn’t acting with malice and yet is monitoring. A store CCTV camera monitoring shoppers isn’t designed to harm but rather prevent harm. So monitoring a webapp may or may not be malicious depending on the intent and effect of how the monitoring is used.
(comment deleted)
That you find it useful doesn't make it not an invasion of privacy.
That it's on your own app where you anyway know exactly which backend endpoint has been called by the user does.

I really don't get the outrage about that, it's something that has existed for 15 or 20 years at least and is used a lot on most websites you go on.

What private information do you think is sent to the vendor that would not be otherwise?

> That it's on your own app where you anyway know exactly which backend endpoint has been called by the user does.

If it only exposed information the user was already sending, the vendor wouldn't bother with the spyware.

> What private information do you think is sent to the vendor that would not be otherwise?

Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.

No one is modeling your state of mind because it doesn’t work. We do look at click stream data and try to push down the number clicks/swipes/etc to purchase. Everything is done on a cohort basis, there is no value at an individual scale.
> Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.

Not being funny but I think you’re vastly overestimating the capabilities of most engineering teams.

> in an effort to

Just because they may be bad at something doesn't mean they don't attempt it.

This attitude is why I hardly have any native apps on my phone and use a browser with ublock origin for it.

You can see how valuable this tracking is by the amount of websites begging you to install their native apps. No thanks!

Websites can still track everywhere you're tapping though. Wasn't that the original scare?
Yeah I know they do, but websites can collect much less data than native apps.

I just try to minimize it.

What data can apps collect without you giving them permission that websites can’t?
A unique identifier which is 100% stable over multiple sessions for once. Which makes the rest of the data so much more useful.
There are plenty of ways to uniquely enough identify a user on the web.
Why is that possible in native apps but not websites?
In the end, this is because the browser works for you, and the app works for the company.
You mean the browser developed by a adTech company, the browser developed by the company who gets $18B a year from an adTech company to be the default search engine or the browser created by a company who only survives because of the adTech company?
My guess? They don't only get a unique identifier, but they get to know and link you to other more useful data using your Apple/Android device ID and so on, that they can use to track you across multiple user accounts. Something that browser fingerprinting can't guarantee 100% (but getting very accurate these days)
Apple specifically limits apps ability to get a unique identifier that can be used across apps. And the percentage of people who use multiple accounts is not even worth optimizing for.
I don't seem to be able to reply to your post, but to the sibling;

I'm not an app developer so I don't know specific, but by the amount of websites begging you to use their native apps it is quite obvious that there is something they get from the native apps they can't get from the website that they are very interested in.

Just try to go to the reddit website on a mobile (not old.) and see how fast they spam you with the app prompt.

So you don’t use native apps because they can track everything you do in the app so you use websites that can track everything you do on their site?
They said "...a browser with ublock origin.." uBlock Origin is a content blocker that would help prevent tracking.
But wouldn't they be able to infer what you clicked by the data loaded?

If you block that data, most webapps, especially things like an app store, will be useless.

Cutting the shit out of website is much easier compared to app. I am doing it by default.
What extension allows you to block “hover” tracking and not “click” tracking?

If the website is not using a third party site for tracking, you can’t block the owner from tracking and storing your interactions.

hover tracking is done by js, hence any js stopping would do.

I personally use that + VPN that cuts the rest that sneaks in

Hopefully you have declared that in your privacy statement if you sell in the EU.
We use cameras to record all interactions with our cupboards and it's awesome for trouble shooting and also invaluable for our product managers.

They can see where users are struggling with the furniture and where extra-guidance is necessary.

I don’t think that’s a fair comparison. Screen tracking is essentially logging which UI elements users interact with and some metadata like the time, their device config, etc.

It doesn’t necessarily require capturing video of the user.

A better analogy would be hooking up a door open/closed sensor to the cupboard, and capacitive sensors that log the location of touches, so that you can analyse what % of users struggle to find the door handle.

It's still a stretch since a cupboard can work offline while performing basically any action in App Store requires an API call anyway.
Yes, it's not fair. My phone keeps more privat data than my cupboard and I use and need my far less than my phone.

Tracking invades one of my most used tools, and what's worse I can't see all the tracking that happens.

The user scrolled past "cancer patient therapy" and selected "cancer survivors forum". Then they uninstalled that and searched for "colon cancer support"

Still think this isn't invasive?

This is exactly why I distrust all the apps on my phone and desktop unless I've grabbed them from some reliable open source repository. The disgusting entitlement to stalk me at every step and use me as a lab rat is exactly what's wrong with modern software.
Tbh I don’t see it as a huge problem as long as a. The data is anonymous, and b. they aren’t trying to sell the data.

I mean if you choose to use someone’s service, you’d want it to get better. And one of the reasons they get better is by collecting feedback of what’s working, what isn’t.

It’s very hard to nail down a good ux without feedback.

Point B requires trust, which users shouldn't give to developers who collect as much analytics as possible. If you can't trust a company to respect a reasonable expectation of privacy then why would you expect them to not profit off of it? It's just all very quiet and down in the Ts & Cs, but that doesn't mean it isn't the logical conclusion if given exposure.
Now imagine what LogRocket could do with that data when they blended it with data from their other users, or if they augmented it with data they bought in from other services. Or perhaps LogRocket could sell the data to a broker, and then on to [Meta|Google|me].

That's what you're doing to your users.

I'd consider that something to see.

(I don't have any evidence to believe LogRocket are doing this; LogRocket is just the example. Other tracking services exist, and they sure as hell do do this sort of thing.)

After iOS 16 Apple asks for ‘analytics’ to improve iOS.

It is disingenuous of them to use the word ‘Tracking’ for everyone else and ‘experience improving’ for themselves.

I mean, tracking lets companies identify you across different events. Apple doesn't need to ask for that when you are using iphone. I don't even mean it in a malicious way, just the fact that it will keep doing authenticated requests to their servers. They are not able not to track you while providing their services.

(this is regarding your comment not the article itself)

I bought an Apple device. Did not sign up to be anyone else’s payday. I want Apple to improve their devices. Don’t care if anyone else benefits from it.

Really frustrating to live in a country that wants forced socialization if their is opportunity to make money off me, but otherwise I’m just a cost center.

In no way does my use of an Apple device act as an open door for anyone else.

I’m not interested in technology to help some coder feed himself but because tech is fun and intellectually interesting.

> In no way does my use of an Apple device act as an open door for anyone else.

Sure, as long as your definition of "anyone else" excludes the NSA, FIVE EYES, China, anyone distributing Pegasus, Akamai and the rest of Apple's contractors.

Are you making a moral claim?

You see a handful of corrupt government agents. I see a world where billions do not kill thousands of government agents.

The public has made its choice. Some vain apes on HN who see deluded masses in need of rescue may in fact be the deluded fools.

(comment deleted)
You are still allowed to log into a google account. You are still allowed to set session cookies.

The text of the prompt people are talking about is "Allow MyApp to track your activity across other companies' apps and websites".

Third party tracking mandates permission. First party tracking and data sharing mandate disclosure.

This is not what they are doing, though. As far as I can tell, Apple never does the kind of "Tracking" that is reserved for that popup — namely, using a unique identifier to track a user across apps & sites not owned by Apple

The Tracking popup requests that the user allows an application to send a unique identifier which can be correlated by other apps, advertising networks, social media platforms (eg. like buttons, embeds, etc), in order to correlate a user's identity between different properties on the web in order to personalise advertising. AFAIK Apple does not participate in this form of tracking

Apple does ask users if they want to opt-in to analytics (for Apple) and separately for third-party developers. This refers to allowing an application to submit analytics data purely for that application or for the operating system and not in a way which tracks the user between apps owned by different companies

In this case Apple is violating their own opt-in analytics policy with regards to the App Store application. It appears to be collecting analytics data even when a user has opted out of submitting analytics

(comment deleted)
Apple: Proof you can pay and still be the product.

It's like someone breaking into your house and rummaging through your desk taking photos because that suits them and there is fine print. One day as a society having a networked cpu involved in someone doing something won't make nearly every lawmaker, lawyer, judge and customer have their brain fall out of their ear and they'll actually be able to think critically about it and respond.

"But facebrick/goog/the stasi are a little bit worse so..."

(comment deleted)
A much easier example: TV manufacturers. High end TVs cost a couple arms and a leg and the UI is still infested with trackers and ads.
Sure but the apple enthusiasts tend not to accept that because they're all companies where the managment is in Asia with those making decisions raised in the various and quite different to each other Asian cultures, (Japan, China, Korea etc.) Obviously this distinction is garbage. Surveillance capitialism is an american innovation.

Apple is as american as apple-pie. "If you don't pay for it you're the product." Comes up whenever Apple create yet another problem for which the "best" solution is to pay apple even more money.

Apple customers are an Apple product they sell. Paying Apple does not remove you from that. No matter who is your provider you are the product right up until the point someone can go to jail for it. Fines are merely a business expense and treated as such.

CEO can do time for breaking the rules. Whole different approach ensues.

What rules? How to enforce? How to interpret? How to ensure the courts don't just have a mental breakdown, throw up their hands and pass because a cpu attached to a network is on the critical path of what was done that would be clearly, wholly and totally illegal if it were replaced with an army of workers and a mountain of paper and filing cabinets.

One doesn't become a near-monopoly to play nice, you should assume everybody does everything they can get away with.
It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple or third parties.

I also wish they would've tried Lockdown Mode, at least.

Per the article, other vendors do just that: “He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.”
>It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple

Given that the app store comes installed by default and can't be uninstalled, it seems fairly reasonable to assume that it's part of the OS. Therefore it's not unreasonable to assume that disabling "device analytics" would also disable app store analytics.

The purpose of analytics is firstly to recreate bugs, and also to identify cases where users are getting stuck or frustrated. An example of the latter might a user repeatedly going back to the same screen again and again because they can’t find something. It's generally not useful at the individual level, but can be if you see similar behaviour across a large number of sessions.

I know you don’t care if there’s a real reason or not, but others here might. Anyway, it's good they're moving towards seeking more comprehensive permission for this kind of analytics.

Lockdown mode didn't exist on iOS 14 sadly
Lockdown Mode has absolutely nothing to do with any of this.
Your assumption is that Lockdown Mode doesn't change the scope of telemetry data sent back to Apple, but we don't know this, which is why testing it would be interesting.
Your comment shows that you have misunderstood the purpose of Lockdown Mode.
I don't understand people still hanging on to the fiction that Apple is some sort of bastion of privacy. Do they know that google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches? If that's not "selling your data" I don't know what is.

[0]https://www.nytimes.com/2020/10/25/technology/apple-google-s...

(comment deleted)
This is like complaining that your soundproof apartment isn't giving you the right level of privacy because when you stand on a soapbox in the town square and shout "I wear pink underwear" everyone knows what color your underwear are. If you want privacy, why not, you know, use the privacy features? (Like chat messages, which are NOT sent to Google).
I'm not sure you thought this through... Apple does not care about your privacy if they are willing to sell it for $12 Billion. I don't have an iPhone, and I never complained about them. To be honest, it's not clear that you even read my message at all. For context, I wrote that comment in a different thread and it got moved here: see https://news.ycombinator.com/item?id=33527500
Who is Apple selling your data to for $12 billion?
I have an iPhone and don’t use Google search (I’m not logged in to any Google services actually, unless Apple Mail loading Gmail counts) so I’m pretty sure Google is not tracking _all_ users’ searches.
Yes, you are right. Additionaly, chinese users are not using google, although they are certainly being tracked. I've added the word "almost" into my comment. So it now reads:

>google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches

Disclaimer: happy iOS and Android user -- I like both platforms and think both have strengths and weaknesses. Mostly a Linux user on desktop.

> Do they know that google pays Apple... to be default search

This statement comes off a bit ironic in the fact that you are pointing out a deal that Apple has with Google -- the current steward over Android -- as a reason that Apple isn't a bastion for privacy. This irony highlights the fact that one is often worse-off from a privacy perspective in using Android -- the main competitor to iOS -- because it is built with Google as a first party.

I absolutely agree that there is an exaggeration of privacy with Apple. But in most cases, iOS does actually do privacy better than Android. Private Relay, App Tracking Transparency and Google not being a first-party in the development in the Operating System are things that come to mind. Additionally, according to a research paper done in 2021, Google collects around 20x more data (around 1+ TB every 12 hours) on Android compared to iOS (around 6 GB)[0]. Even if the methodology behind the paper wasn't perfect (which Google claims) I don't think anyone would be surprised that Google collects more information than Apple.

My opinion is that the sweet spot for privacy on a mobile device is to buy a Pixel (for the great hardware security benefits) and go with a custom, de-Googled ROM like CalyxOS and try to use F-Droid for all your apps. For those who are even more hardcore, GrapheneOS is awesome.

In my opinion, stock Android is far worse for privacy than iOS simply because of Google's first-party influence. And then if you go with a vendor like Samsung you not only have Google as a first party on your mobile device but also Samsung.

The only option left if you want more privacy on mobile than an iPhone is to either flash a de-Googled ROM, like I said earlier, or to go with some sort of Linux distribution on mobile -- both of those alternatives come with huge downsides.

(Sorry for the rant, I always find this topic interesting)

[0] https://www.scss.tcd.ie/doug.leith/apple_google.pdf

I never said Google or android protect users privacy. Android violating users privacy is not to the exclusion of Apple doing the same even if to a lesser extent. Everyone knows how bad android is this respect. Yet there is this idea that Apple does care about users' privacy, and won't sell users' data, with apple themselves saying things like:

>Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms.[0]

and

>In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s.

This second statement, even if technically true, is incredibly disingenuous and misleading in light of the fact that typing anything that is not a URL into the safari search bar will by default cause tracking. _That's_ the issue here. "We don't sell your data, we just sell you to somone else that does"

[0]https://www.apple.com/ge/privacy/approach-to-privacy/

Ah, yeah, I can see what you mean. Apple is definitely hypocritical, and it bugs me how they handle certain aspects of privacy. And the overzealous Apple crowd often behaves as though privacy is achieved just because they're using Apple products.

iMessage is perhaps the most annoying offender to me because it's not end-to-end encrypted if iCloud backups are enabled -- meaning that my iMessage conversations have a high chance of not being E2EE on the other person's end.

Hopefully it made sense why I compared to Android. Apple does seem like a bastion of privacy when compared to Android -- just because Android and iOS are the only mainstream options on mobile. I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).

If we define bastion to be that way then sure. I was using this definition:

>an institution, place, or person strongly defending or upholding particular principles, attitudes, or activities.

>I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).

You may be interested in Nestbox[0] (not affiliated) which makes use of the madatory kvm in android 13 assuming latest kernel to run Linux in a vm with no root on android on pixel 6 and 7

[0]https://www.patreon.com/posts/74333551

https://twitter.com/kdrag0n/status/1589542963629395970

As Apple's in PRISM, I just assume everything on the device is sent to the NSA.
Every webapp with typeahead functionality does it. How is this any different?
Apple is supposed to be good for privacy.
Indeed. Asking the question not because i am defending apple, but just pointing out that this common practice. If you want typeahead there is no way around sending all keystrokes. Poor phrasing on my end.
So then it seems like the clear difference there is whether the user is getting meaningfully useful functionality by having their information given to the vendor. Although I'm not particularly impressed with the privacy implications of type ahead, it is at least an obviously useful feature in exchange for the user's information. What do we think Apple is giving the user in exchange for this information?
Why are they looking at software from 18 months ago and not iOS 16?
(comment deleted)
It's for their own good
I don't know about you, but I basically assume every app is doing this. Is this really a surprise? Were not all apps doing this for a long time?
Instagram? Facebook? Maybe.

I certainly did not think Apple would do this.

Apple isn’t the savior of privacy. Their privacy features will only go as far as they can market it, and only for as long as they can profit from it.
>I certainly did not think Apple would do this.

Their PR department certainly earns their keep.

To be fair, they said they'd protect your data, not that THEY wouldn't collect it. They want to be the gatekeeper of it.
Repeat after me, "You are the product" only when you buy an Android phone.
And this is news, why?
Because Apple spends billions of dollars, for them fighting for user privacy and keeping all your data on the phone being a news.
This is nothing new. Apple has been tracking searches in the App Store, which apps you scroll past and which ones you tap on very far back, maybe even since the initial App Store, that's how they figure out how to rank various apps for various search terms (I don't know the exact formula but one of the components is CTR for a particular search term, others appears to be rating score, number of ratings, number of written review, number of total downloads, download velocity, given keywords, title, company name, trademark, update frequency, etc).

If you search multiple times for the same term you will see a slight variation in search results, that's how they give apps a chance to move up or down. IE they move you down one slot but you still outperform the app above in CTR, you probably should remain in your current spot, or move up. Another app gets moved in front of their current ranking and the app that got moved down outperforms it in CTR, keep things as they are.

I'm seeing a lot of comments saying things like "seems reasonable" and "of course", but I thought Apple was supposed to be for the privacy conscious? Why is HN not bothered by this?
HN is full of not-so-subtle Apple marketers. Every other day I see a post about how privacy-first Apple is, but when the truth actually comes out the narrative instantly shifts to "well who cares, everyone else does that, stop noticing things"
My view on it, Apple is the least of all the evils. Even if they seem to be getting worse advertising wise