I was about to say, this is about as unsurprising and reasonable as Google Search listening to what you type into the search bar and which links on the search results page you click.
Many sites, probably including Google Search, also monitor where you move your mouse cursor, even if you’re not clicking. A lot less reasonable and more surprising.
Maybe on Windows, idk, but I am not sure how Google Search could do it on either iOS or macOS.
On iOS, there is no mouse cursor, so there is nothing to track in the first place.
On macOS, you have to give permissions on a per-app and per-domain basis. For example, if I want to let Google Maps use my current location, first I will get a prompt to give that permission to the browser I am using in the OS settings, and then I have to give that permission again from within the browser specifically for Google Maps. Also, the web browser shows which specific permissions a page I am on has, and I can revoke them at any given time. Same thing for tracking mouse cursor movements, except it is governed by the macOS accessibility permissions iirc, rather than location permissions, and I don't remember Google Search ever requesting that. Just checked, and the only app that has those permissions on my machine is Discord, and it requested those only when I attempted screensharing.
Maybe I am mistaken, and there is some trick around needing permissions to track mouse cursor movements in a browser on macOS (especially given how complex in-browser JS execution behaviors have gotten over time). In which case, someone please correct me.
I agree though, tracking mouse cursor movements is definitely a bit more surprising and unexpected than tracking what you type in the website's search bar. Which I would be way more surprised by it not being tracked. It's like expecting Amazon or Steam or Twitter to not track what queries you search for in their search bars (which all of them definitely do, as evident by you being able to look at your search history from within the website).
Ah, thanks for the links. I guess it makes sense, given that mouse-tracking within a specific web page is pretty much impossible to ban on technical level, since you can just place a ton of invisible pixels covering the entire page, and track the mouse hover events over them. And it would be impossible to block by browser too, unless the browser prohibits mouse hover interactions with components present on the page entirely.
Obviously Amazon knows what you search for on Amazon. But they probably also track what you type into the search field, even if you then delete it and never actually perform the search and even if you turn off the suggestions.
Just like when you chat with a company through one of those web chat apps, they see everything you type, even if you delete it before you press enter to send it. That is tracking on the modern web.
It's still entirely reasonable. People often hover over things and get confused about animations, and so seeing where the cursor goes is essential to notice this.
I believe Amazon, Airbnb, airlines and many others are doing / were doing same on their web pages too. It allow to provide better personalized (TM) experience and significantly increase ROI.
I think of all the tech I use that could track me, I’m most OK with the Kindle. All my books come from Libby so the Library Industrial Complex also knows.
Android manufacturers also started beveling their phone corners after Apple made it popular, not that it made the phones easier to hold or easier to manufacture. It might be hard to imagine, I know, but sometimes Apple makes the wrong decision.
OP misconstrues an iOS tracking dialog to support their complaint:
> The strange thing is that Apple introduced strict measures in iOS 14.5 to prevent developers from fingerprinting users.
The dialog text in their screenshot reads:
> Allow “App” to track your activity across other companies’ apps and sites?
Users refusing this permission are not prohibiting tracking by the company that issued the dialog. They are prohibiting the company from tracking users beyond the boundary of their corporation. Apple’s App Store app is within the boundary of Apple Corporation, and so the tracking dialog shown is not relevant to their complaint.
(I have no viewpoint to offer on OP’s argument beyond the logical reasoning error described above.)
If you do that, you lose all your apps and settings. Ergo, nobody does that. If you switch phones, you transfer the account. Also, Apple tracking what you do in their App Store is perhaps not very nice but doesn’t affect anyone in any detectable way so no normal person is going to go through the effort to avoid it, if they even know it is happening.
This argument’s logical error is declaring that an inconvenience takes higher precedence than the desired outcome.
For example, I am seriously considering doing exactly what you describe as “nobody does that” — having to repurchase all my apps and redo all my settings — in order to complete my transgender name change. Apple refuses to purge my old deadname’s iCloud email address, and so if I want to remove it, I’ll need to start a new Apple account and re-purchase all of my apps and content.
It's extremely easy to disregard and disable any mention of your iCloud email address. You can set an apple id's email itself in settings -> user -> "name, phone numbers, email" which changes what nearly every part of the OS refers to. I forgot I even had one until I read this comment.
You are an extreme outlier, Apple is not going to risk their reputation fingerprinting users just so they can track you.
If you truly have a request like this, send an email to the person in the executive team responsible for Apple accounts, they’ll probably have executive relations fix it for you.
This argument’s logical error is presenting unprovable beliefs as if they were facts.
Apple may or may not care if users switch accounts. Only Apple confidential knowledge can prove or disprove this argument with certainty. In the absence of certainty, a best-faith effort must be made to determine whether their actions support or contradict these assertions.
The claim “Sure they do” is unsupported both by available evidence and by a good faith interpretation of their material actions. Apple’s public statements and app store policies do not support the assertion “More data is better”. There is no indication that Apple is performing enrichment of accounts using third-party data.
This argument’s logical error is approaching a response to a statements as if it exists in isolation.
The person you are replying to was merely offering an example to contradict a blanket statement without a factual basis, essentially that Apple does not track users because the user is already logged in. The respondent presented a situation in which that reason would not apply.
Also, your way of engaging people in this way is annoying -- specifically starting every reply with 'This argument’s logical error' and then coming up with a seems-right-at-a-glance breakdown of their argument's faults. Are you doing it on purpose to annoy people?
Everyone’s using my comment about the OP post as a launching point for their own discussions and arguments about Apple, that would have earned their own standing as top-level threads — and ideally, some would have displaced mine. So I certainly didn’t expect to wake up and see my comment earning so much attention. Hooray, I suppose. Anyways, I stand by my original point and the reiteration of it demonstrated in that chain of replies:
Unsupported arguments based on misconstrued statements and logical fallacies waste all our time here at HN. Do better, please.
What? If they switch devices and accounts, it doesn't matter WHAT is being "fingerprinted'... there's no way a unique identifier will persist across that type of change. Points for the theory though.
This doesn't look like tracking or fingerprinting at all to me - they're logging user interaction (that many apps and websites have done for decades).
Even if they didn't do this just about every click you make in the App Store results in a query to their backend for more information, presumably with the account id (so family, regional, parental control works).
Whatever Apple is doing, it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again. Otherwise you bought a service, not a product.
Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.
The line is blurry with smartphones, as all kinds of "smart" functionality IS a service, and depends on contacting the vendor.
>Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.
Not that nuts. It's intended to be able to blacklist malware and such and retroactively disable it, through notarization (basically, registering apps to Apple and them getting a kind of fingerprint).
They could have done it with a local cache (and they probably do in some capacity), but it would still need to ask/sync every now and then.
And if you want a phone that works that way, they do exist. Personally I'm happy to offload most of that to one service provider, so I'm happy to use an iPhone. If that changes, I'll look elsewhere. Your mileage may vary.
>No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.
Yes. But then it wouldn't be a commercial commodity product, it would be more of a build-your-own DIY kit. Would it be as succesful?
>Choice of blacklists, content filters etc. is also orthogonal to the vendor.
Everything is orthogonal to the vendor, even choice of screen or disk.
But most people don't like choice, want something that mostly works as is. And even for those that do the optionally increases the product complexity, maintainance, and error condition space (integrated vs mix-and-match).
Plus, a few modular laptop and mobile phone designs never sold well.
It's a different discussion but I don't buy the "alternatives exists" argument. There are huge network effects. Some governments even make apps only for the duopoly. Banks also. Yes, sometimes you can use websites instead of apps, but it is not the same thing. Alternatives exist only in theory. Companies should not have absolute freedom if this means that the freedom of the consumer is restricted in any way.
The world isn't as simple as: there are companies and they can sell whatever they like, and there are consumers and they can buy whatever they like, because that would end very badly for the consumers.
I agree there should be basic standards of service, disclosure, quality and safety that products should have to meet in order to be marketable. Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.
Personally analytics don't bother me, I don't think they're a significant privacy issue. The service provider already knows almost everything you do with the service anyway, just as a requirement to provide the service. I don't believe that invasive regulation on the detailed behaviour and functions of a phone by governments is genuinely in the interests of users. I suspect that the detrimental effects would far outweigh the benefits, which would only be useful to a tiny fraction of users anyway.
> Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.
But what confidence do you have if the product you bought is tethered to the original vendor? What if they decide to do something that makes you unable to use the product?
I don't have a problem with the original vendor. If the vast majority of users don't have a problem with a relationship like this, and think it's acceptable, then I don't see a strong argument for making it illegal.
As for making the product unusable, they can do that anyway through OTA updates, which are applied at the user's discretion. If you think that's a problem then you should regulate that, not some other technical issues that may or may not be related.
> The service provider already knows almost everything you do with the service anyway
Knowing is not the issue. The issue is they use that understanding to their advantage, not yours. Their duty is to maximize shareholder value, not your health, happiness, and well being.
I'm not saying don't use them. I am saying it's naive to trust so blindly.
> "Alternatives exists" sounds a lot like this fallacy
The fact that an argument is superficially similar to an informal fallacy doesn't make the argument inherently fallacious. You can easily construct a variation of the same conversation which is structurally identical but is obviously not fallacious—
Critic: "I want a banana, but I don't like the texture."
Respondent: "If you don't like them, don't eat them."
What the respondent said is only a fallacy if the purpose was to counter the criticism. But the criticism wasn't rejected. What was rejected was the unstated but implied assertion that the critic was entitled to a banana which satisfies them.
Now let's turn that into an "alternatives exist" argument and replay—
Critic: "I demand a banana that I do like."
Respondent: "I understand your desire for a banana which suits you. However nobody is obligated to supply you with such a banana. Thankfully, alternatives do exist, such as the nectarine."
That's not a fallacy. And it's not a fallacy to say that Apple is not obligated to make an iPhone which satisfies you. Especially because it's a statement of fact.
If you don't like that you can't buy an Apple branded dumbphone, and you have failed to convince Apple to make it for you, perhaps try lobbying your government? They could pass a law which requires smartphone makers to also sell dumbphones.
I would like to access my bank, or my investment account, pay my tax.
However in many cases I can only do that via an app, and apps are only available on iOS or Android. Your argument a based upon me being able to buy something from an alternative manufacturer, yet here we are. And I have to purchase Apple or Android to be able to function in society.
If Apple isn't going to follow open standards yet be the largest phone manufacturer then we are going to have to regulate them. You don't have to be the only company to be a monopoly.
If you did, what has any of that got to do with anything I wrote? How does your complaint relate to what I’m talking about? Which open standard, specifically relevant to your ability to access your bank account and do your taxes, is Apple not following? And how is that relevant to concerns over privacy?
(Seriously, I’d like to engage with your argument but it seems like you’re confusing a discussion about the choice to buy a zero-tracking device with a unspecific complaint about standards.)
> it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again.
Apple doesn't even allow users to turn off Bluetooth or GPS (easily in a straight-forward way, it prevents you to make it easy). And while some of it is to provide a better experience to you, major reason is to provide service to other Apple customers.
That does not do what you think it does: that’s the button to disconnect from currently connected devices, not to turn off radios. Similarly, the airplane mode button above it will maintain Bluetooth.
I created a Shortcut for that, essentially a button on my homescreen I can press which actually disables bluetooth and wifi. And when my phone is connected to wifi, mobile data gets disabled.
It's not perfect, but at least I don't have to open the settings app each time.
Turning Airplane Mode on and then tapping the Bluetooth icon will fully disable Bluetooth (gray background, not white). You can also just disable it in Settings. Apple’s argument, as I understand it, is that Bluetooth and WiFi don’t actually consume much battery, but non-technical users would habitually disable them to save battery and then complain that Location Services didn’t work well. Hiding the setting but keeping an essentially useless toggle prevented those non-technical users from making their device function worse while still letting them feel like they were saving battery life.
Yeah but they forget about users who simple want to disable yet another tracking vector on their device.
To add insult to injury, when you automate WiFi and Bluetooth to turn off when you leave your home you need to manually affirm this action via a notification every time.
Unless this person shows us Settings > Privacy & Security > Analytics & Improvements, the only thing I can conclude is that they left the setting on and they’re confusing third party app tracking controls with Apple’s analytics setting.
They literally say in the body of the first post, verbatim "(data usage & personalized ads are off)"
If the "only thing" you can conlcude is user error, you must be unfamiliar with the insane amount of ambient telemetry iOS/MacOS collects even when disabling analytics (OCSP ring a bell?)
"Data usage & personalized ads" is not the setting I'm talking about.
Personalized Ads is a different setting than the one I described, located in the "Apple Advertising" section, not the "Analytics & Improvements" section that I think the relevant setting lives in.
"Data usage" isn't the name of any setting on iOS, that phrase is too vague to be sure what they mean.
This is why I say that I'd like to see a screenshot of the relevant settings panes. How do I know this person didn't accidentally flip them back on during an update?
OCSP isn't relevant to this issue. It's not "analytics," it does not seem to collect personal data, anonymized or not.
OCSP is used to verify/revoke certificates, essentially for the purpose of removing malware and spam, which is a basic function consumer-friendly OS: https://apple.stackexchange.com/a/420002
To me that's a really legitimate use of a "phone home" when we're talking about commercial consumer operating systems.
Tracking how users use your own app is hardly malicious, in fact it's entirely in an effort to identify user frustration and solve it or otherwise improve the product. Tracking across different apps is definitely malicious, though.
That is not what is happening here. Users' on-screen taps inside the App Store app are being tracked. Not their interactions with any other aspect of the phone.
Not convinced. By your logic, an nginx log with your IP in it is a similarly egregious and unethical privacy violation.
If you're going to commit to "all forms of tracking are bad no matter what" I'm going to need stronger evidence than a link a page on the UN's website.
Saving that IP to the webserver's log is rather necessary for it to function, whereas these detailed records of user behaviour can almost never be.
Just because someone uses an application, does not mean you "own" them and have a moral right to freely collect and do whatever you want with records of their behaviour. Also it's just weird.
Interestingly, I started up an Nginx server and piped the logs to /dev/null and it worked just fine!!
Wow, turns out those logs weren't necessary at all. And by your standard, where tracking that isn't necessary for the website to function is unethical, that makes every single person running Nginx in its default configuration bad and participating in unethical tracking of users!
Because it doesn't seem like I'm going to get a response to this, I'll walk down the rest of the logic for completeness's sake.
I think we can both agree that "all unnecessary tracking is unethical" doesn't make sense and leads to insane conclusions like "all Nginx users with IP addresses in their logs are participating in unethical tracking".
So we're back to square one, where someone needs to demonstrate this type of tracking is actually unethical. So far we've got "all tracking ever is unethical" and "all tracking not necessary for function is unethical", but both of those seem to be dead ends.
I think the argument is a bit nuanced, but I see where the "tracking is bad" comes from.
I think everyone would agree that it would be very bad if eg. an instant messaging app logged message contents and allowed devs to look at anyones messages.
On the other hand, most people would not object to an app that sends an anonymous weekly counter of which buttons were tapped.
Anything between these two takes a lot of care and deliberation; on the one hand devs want useable data, on the other hand users don't want sensitive data tracked.
But it takes a lot of effort to make sure you don't accidentally log sensitive data. Eg. if you log spell check suggestions (to determine common typos) you might probably be able to use that data to reconstruct message contents.
Now, as a user, do I trust random companies to get this right? Do I trust random companies to not accidentally log sensitive data?
And the answer to that question is NO, I don't trust them. So if you ask me if I would consent to activity tracking, I would almost definitely say no, even though I don't think anything is wrong with anonymous usage tracking -- I just don't trust every company to get this right, so I'd rather have them not track anything at all.
Of course I agree there is nuance, but that's the point I'm trying to make. So far every argument I've seen against it in this thread is along the lines of "all tracking is bad" or "[overly broad category of tracking] is bad". Nobody seems to be willing to substantiate the more nuanced claim of why this specific type of tracking is bad.
For the record, I agree that this type of tracking should require consent (or at least be able to be turned off).
The following is meant as constructive feedback, and I hope you will take it as such even if it happens you disagree:
Your comments here consistently come across as highly adversarial: Assumptions and conclusions are liberally asserted, every sentence only attacks, there is no room for nuance, and attempts to find common ground are either mistaken for a new enemy assault or remain unrecognised entirely.
This makes for an uninviting and frustrating conversation, which is a real shame because you are clearly not a stupid person.
Admittedly my previous comment was not very constructive either. An unfortunate outing of my frustrations at the time.
Again, I post this with genuinely positive intent, and hope that when we next cross paths it might lead to a more constructive and enjoyable talk!
In this spirit, I have some constructive criticism for you. Comments like this (https://news.ycombinator.com/item?id=33528012) are so vague I am forced to make assumptions about what you're trying to say.
You post an extremely vague comment, I try to muster a response by making some assumptions about what you're trying to say. You post something that I think is obviously wrong, but I ask for an explanation just in case I am wrong or misunderstanding you, and you post this:
I'll admit my comments were somewhat aggressive, but up until this comment (which, for the record, has changed my mind on this) you seemed to be participating in blatant bad faith.
If you want people to understand the nuance in your position, you have to actually say it, not just provide a random link to the UN Declaration of Human Rights. Your original comment seemed to be genuinely making the claim that 'all forms of tracking are bad because they are a privacy violation'. Maybe that's not what you meant, but I have to make assumptions about what you're trying to say when you don't actually say it and leave me to interpret what your quote and link are meant to say.
You're taking a full black-or-white approach, which isn't helpful. Yes, an nginx log contains personal data (which is why a GDPR-compliant nginx log obfuscates the IP, absent of user consent). But tracking user interactions is much more invasive, which is why the parent posters complained about it.
I'm not taking a black/white approach, as a matter of fact I'm the one pointing out that doesn't make sense.
I asked for reasons for why this tracking is bad, and I got what basically amounts to "all tracking ever is bad", and thus I'm explaining why that "all tracking is black" approach doesn't work.
Did you clearly ask the users if you can do it? If not, there's probably a reason why not, because users wouldn't like it if they found out they were being recorded.
Imo, as long as you clearly say "here's the choice: opt in or opt out, we are doing XYZ" in clear words, it's fair.
It doesn't really matter whether on each tap you fire a specific event ("TapOnList", "TapOnPurchase") or whether you log all app interactions (where the user taps, are they going around the app not finding something?). Or does it? Where do you cross the line?
If this app would be Facebook I would see your grievances - devs could see personal data. But let's assume it's an app where there's barely any personal data, or specific views do not have this logging enabled.
Why? The act of monitoring is not inherently malicious. The word malicious has a specific meaning and definition: an intent to harm. A life guard monitoring a pool clearly isn’t acting with malice and yet is monitoring. A store CCTV camera monitoring shoppers isn’t designed to harm but rather prevent harm. So monitoring a webapp may or may not be malicious depending on the intent and effect of how the monitoring is used.
> That it's on your own app where you anyway know exactly which backend endpoint has been called by the user does.
If it only exposed information the user was already sending, the vendor wouldn't bother with the spyware.
> What private information do you think is sent to the vendor that would not be otherwise?
Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.
No one is modeling your state of mind because it doesn’t work. We do look at click stream data and try to push down the number clicks/swipes/etc to purchase. Everything is done on a cohort basis, there is no value at an individual scale.
> Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.
Not being funny but I think you’re vastly overestimating the capabilities of most engineering teams.
You mean the browser developed by a adTech company, the browser developed by the company who gets $18B a year from an adTech company to be the default search engine or the browser created by a company who only survives because of the adTech company?
My guess? They don't only get a unique identifier, but they get to know and link you to other more useful data using your Apple/Android device ID and so on, that they can use to track you across multiple user accounts. Something that browser fingerprinting can't guarantee 100% (but getting very accurate these days)
Apple specifically limits apps ability to get a unique identifier that can be used across apps. And the percentage of people who use multiple accounts is not even worth optimizing for.
I don't seem to be able to reply to your post, but to the sibling;
I'm not an app developer so I don't know specific, but by the amount of websites begging you to use their native apps it is quite obvious that there is something they get from the native apps they can't get from the website that they are very interested in.
Just try to go to the reddit website on a mobile (not old.) and see how fast they spam you with the app prompt.
I don’t think that’s a fair comparison. Screen tracking is essentially logging which UI elements users interact with and some metadata like the time, their device config, etc.
It doesn’t necessarily require capturing video of the user.
A better analogy would be hooking up a door open/closed sensor to the cupboard, and capacitive sensors that log the location of touches, so that you can analyse what % of users struggle to find the door handle.
The user scrolled past "cancer patient therapy" and selected "cancer survivors forum". Then they uninstalled that and searched for "colon cancer support"
This is exactly why I distrust all the apps on my phone and desktop unless I've grabbed them from some reliable open source repository. The disgusting entitlement to stalk me at every step and use me as a lab rat is exactly what's wrong with modern software.
Tbh I don’t see it as a huge problem as long as a. The data is anonymous, and b. they aren’t trying to sell the data.
I mean if you choose to use someone’s service, you’d want it to get better. And one of the reasons they get better is by collecting feedback of what’s working, what isn’t.
It’s very hard to nail down a good ux without feedback.
Point B requires trust, which users shouldn't give to developers who collect as much analytics as possible. If you can't trust a company to respect a reasonable expectation of privacy then why would you expect them to not profit off of it? It's just all very quiet and down in the Ts & Cs, but that doesn't mean it isn't the logical conclusion if given exposure.
Now imagine what LogRocket could do with that data when they blended it with data from their other users, or if they augmented it with data they bought in from other services. Or perhaps LogRocket could sell the data to a broker, and then on to [Meta|Google|me].
That's what you're doing to your users.
I'd consider that something to see.
(I don't have any evidence to believe LogRocket are doing this; LogRocket is just the example. Other tracking services exist, and they sure as hell do do this sort of thing.)
I mean, tracking lets companies identify you across different events. Apple doesn't need to ask for that when you are using iphone. I don't even mean it in a malicious way, just the fact that it will keep doing authenticated requests to their servers. They are not able not to track you while providing their services.
(this is regarding your comment not the article itself)
I bought an Apple device. Did not sign up to be anyone else’s payday. I want Apple to improve their devices. Don’t care if anyone else benefits from it.
Really frustrating to live in a country that wants forced socialization if their is opportunity to make money off me, but otherwise I’m just a cost center.
In no way does my use of an Apple device act as an open door for anyone else.
I’m not interested in technology to help some coder feed himself but because tech is fun and intellectually interesting.
> In no way does my use of an Apple device act as an open door for anyone else.
Sure, as long as your definition of "anyone else" excludes the NSA, FIVE EYES, China, anyone distributing Pegasus, Akamai and the rest of Apple's contractors.
This is not what they are doing, though. As far as I can tell, Apple never does the kind of "Tracking" that is reserved for that popup — namely, using a unique identifier to track a user across apps & sites not owned by Apple
The Tracking popup requests that the user allows an application to send a unique identifier which can be correlated by other apps, advertising networks, social media platforms (eg. like buttons, embeds, etc), in order to correlate a user's identity between different properties on the web in order to personalise advertising. AFAIK Apple does not participate in this form of tracking
Apple does ask users if they want to opt-in to analytics (for Apple) and separately for third-party developers. This refers to allowing an application to submit analytics data purely for that application or for the operating system and not in a way which tracks the user between apps owned by different companies
In this case Apple is violating their own opt-in analytics policy with regards to the App Store application. It appears to be collecting analytics data even when a user has opted out of submitting analytics
Apple: Proof you can pay and still be the product.
It's like someone breaking into your house and rummaging through your desk taking photos because that suits them and there is fine print. One day as a society having a networked cpu involved in someone doing something won't make nearly every lawmaker, lawyer, judge and customer have their brain fall out of their ear and they'll actually be able to think critically about it and respond.
"But facebrick/goog/the stasi are a little bit worse so..."
Sure but the apple enthusiasts tend not to accept that because they're all companies where the managment is in Asia with those making decisions raised in the various and quite different to each other Asian cultures, (Japan, China, Korea etc.) Obviously this distinction is garbage. Surveillance capitialism is an american innovation.
Apple is as american as apple-pie. "If you don't pay for it you're the product." Comes up whenever Apple create yet another problem for which the "best" solution is to pay apple even more money.
Apple customers are an Apple product they sell. Paying Apple does not remove you from that. No matter who is your provider you are the product right up until the point someone can go to jail for it. Fines are merely a business expense and treated as such.
CEO can do time for breaking the rules. Whole different approach ensues.
What rules? How to enforce? How to interpret? How to ensure the courts don't just have a mental breakdown, throw up their hands and pass because a cpu attached to a network is on the critical path of what was done that would be clearly, wholly and totally illegal if it were replaced with an army of workers and a mountain of paper and filing cabinets.
It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple or third parties.
I also wish they would've tried Lockdown Mode, at least.
Per the article, other vendors do just that: “He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.”
>It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple
Given that the app store comes installed by default and can't be uninstalled, it seems fairly reasonable to assume that it's part of the OS. Therefore it's not unreasonable to assume that disabling "device analytics" would also disable app store analytics.
The purpose of analytics is firstly to recreate bugs, and also to identify cases where users are getting stuck or frustrated. An example of the latter might a user repeatedly going back to the same screen again and again because they can’t find something. It's generally not useful at the individual level, but can be if you see similar behaviour across a large number of sessions.
I know you don’t care if there’s a real reason or not, but others here might. Anyway, it's good they're moving towards seeking more comprehensive permission for this kind of analytics.
Your assumption is that Lockdown Mode doesn't change the scope of telemetry data sent back to Apple, but we don't know this, which is why testing it would be interesting.
I don't understand people still hanging on to the fiction that Apple is some sort of bastion of privacy. Do they know that google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches? If that's not "selling your data" I don't know what is.
This is like complaining that your soundproof apartment isn't giving you the right level of privacy because when you stand on a soapbox in the town square and shout "I wear pink underwear" everyone knows what color your underwear are. If you want privacy, why not, you know, use the privacy features? (Like chat messages, which are NOT sent to Google).
I'm not sure you thought this through... Apple does not care about your privacy if they are willing to sell it for $12 Billion. I don't have an iPhone, and I never complained about them. To be honest, it's not clear that you even read my message at all. For context, I wrote that comment in a different thread and it got moved here: see https://news.ycombinator.com/item?id=33527500
I have an iPhone and don’t use Google search (I’m not logged in to any Google services actually, unless Apple Mail loading Gmail counts) so I’m pretty sure Google is not tracking _all_ users’ searches.
Yes, you are right. Additionaly, chinese users are not using google, although they are certainly being tracked. I've added the word "almost" into my comment. So it now reads:
>google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches
Disclaimer: happy iOS and Android user -- I like both platforms and think both have strengths and weaknesses. Mostly a Linux user on desktop.
> Do they know that google pays Apple... to be default search
This statement comes off a bit ironic in the fact that you are pointing out a deal that Apple has with Google -- the current steward over Android -- as a reason that Apple isn't a bastion for privacy. This irony highlights the fact that one is often worse-off from a privacy perspective in using Android -- the main competitor to iOS -- because it is built with Google as a first party.
I absolutely agree that there is an exaggeration of privacy with Apple. But in most cases, iOS does actually do privacy better than Android. Private Relay, App Tracking Transparency and Google not being a first-party in the development in the Operating System are things that come to mind. Additionally, according to a research paper done in 2021, Google collects around 20x more data (around 1+ TB every 12 hours) on Android compared to iOS (around 6 GB)[0]. Even if the methodology behind the paper wasn't perfect (which Google claims) I don't think anyone would be surprised that Google collects more information than Apple.
My opinion is that the sweet spot for privacy on a mobile device is to buy a Pixel (for the great hardware security benefits) and go with a custom, de-Googled ROM like CalyxOS and try to use F-Droid for all your apps. For those who are even more hardcore, GrapheneOS is awesome.
In my opinion, stock Android is far worse for privacy than iOS simply because of Google's first-party influence. And then if you go with a vendor like Samsung you not only have Google as a first party on your mobile device but also Samsung.
The only option left if you want more privacy on mobile than an iPhone is to either flash a de-Googled ROM, like I said earlier, or to go with some sort of Linux distribution on mobile -- both of those alternatives come with huge downsides.
(Sorry for the rant, I always find this topic interesting)
I never said Google or android protect users privacy. Android violating users privacy is not to the exclusion of Apple doing the same even if to a lesser extent. Everyone knows how bad android is this respect. Yet there is this idea that Apple does care about users' privacy, and won't sell users' data, with apple themselves saying things like:
>Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms.[0]
and
>In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s.
This second statement, even if technically true, is incredibly disingenuous and misleading in light of the fact that typing anything that is not a URL into the safari search bar will by default cause tracking. _That's_ the issue here. "We don't sell your data, we just sell you to somone else that does"
Ah, yeah, I can see what you mean. Apple is definitely hypocritical, and it bugs me how they handle certain aspects of privacy. And the overzealous Apple crowd often behaves as though privacy is achieved just because they're using Apple products.
iMessage is perhaps the most annoying offender to me because it's not end-to-end encrypted if iCloud backups are enabled -- meaning that my iMessage conversations have a high chance of not being E2EE on the other person's end.
Hopefully it made sense why I compared to Android. Apple does seem like a bastion of privacy when compared to Android -- just because Android and iOS are the only mainstream options on mobile. I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).
If we define bastion to be that way then sure. I was using this definition:
>an institution, place, or person strongly defending or upholding particular principles, attitudes, or activities.
>I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).
You may be interested in Nestbox[0] (not affiliated) which makes use of the madatory kvm in android 13 assuming latest kernel to run Linux in a vm with no root on android on pixel 6 and 7
Indeed. Asking the question not because i am defending apple, but just pointing out that this common practice. If you want typeahead there is no way around sending all keystrokes. Poor phrasing on my end.
So then it seems like the clear difference there is whether the user is getting meaningfully useful functionality by having their information given to the vendor. Although I'm not particularly impressed with the privacy implications of type ahead, it is at least an obviously useful feature in exchange for the user's information. What do we think Apple is giving the user in exchange for this information?
This is nothing new. Apple has been tracking searches in the App Store, which apps you scroll past and which ones you tap on very far back, maybe even since the initial App Store, that's how they figure out how to rank various apps for various search terms (I don't know the exact formula but one of the components is CTR for a particular search term, others appears to be rating score, number of ratings, number of written review, number of total downloads, download velocity, given keywords, title, company name, trademark, update frequency, etc).
If you search multiple times for the same term you will see a slight variation in search results, that's how they give apps a chance to move up or down. IE they move you down one slot but you still outperform the app above in CTR, you probably should remain in your current spot, or move up. Another app gets moved in front of their current ranking and the app that got moved down outperforms it in CTR, keep things as they are.
I'm seeing a lot of comments saying things like "seems reasonable" and "of course", but I thought Apple was supposed to be for the privacy conscious? Why is HN not bothered by this?
HN is full of not-so-subtle Apple marketers. Every other day I see a post about how privacy-first Apple is, but when the truth actually comes out the narrative instantly shifts to "well who cares, everyone else does that, stop noticing things"
204 comments
[ 3.1 ms ] story [ 232 ms ] threadOn iOS, there is no mouse cursor, so there is nothing to track in the first place.
On macOS, you have to give permissions on a per-app and per-domain basis. For example, if I want to let Google Maps use my current location, first I will get a prompt to give that permission to the browser I am using in the OS settings, and then I have to give that permission again from within the browser specifically for Google Maps. Also, the web browser shows which specific permissions a page I am on has, and I can revoke them at any given time. Same thing for tracking mouse cursor movements, except it is governed by the macOS accessibility permissions iirc, rather than location permissions, and I don't remember Google Search ever requesting that. Just checked, and the only app that has those permissions on my machine is Discord, and it requested those only when I attempted screensharing.
Maybe I am mistaken, and there is some trick around needing permissions to track mouse cursor movements in a browser on macOS (especially given how complex in-browser JS execution behaviors have gotten over time). In which case, someone please correct me.
I agree though, tracking mouse cursor movements is definitely a bit more surprising and unexpected than tracking what you type in the website's search bar. Which I would be way more surprised by it not being tracked. It's like expecting Amazon or Steam or Twitter to not track what queries you search for in their search bars (which all of them definitely do, as evident by you being able to look at your search history from within the website).
Just like when you chat with a company through one of those web chat apps, they see everything you type, even if you delete it before you press enter to send it. That is tracking on the modern web.
Talk about feeling like a lab-rat.
There is good book how it works in offline world. https://www.npr.org/2017/02/13/514322899/aisles-have-eyes-wa...
> The strange thing is that Apple introduced strict measures in iOS 14.5 to prevent developers from fingerprinting users.
The dialog text in their screenshot reads:
> Allow “App” to track your activity across other companies’ apps and sites?
Users refusing this permission are not prohibiting tracking by the company that issued the dialog. They are prohibiting the company from tracking users beyond the boundary of their corporation. Apple’s App Store app is within the boundary of Apple Corporation, and so the tracking dialog shown is not relevant to their complaint.
(I have no viewpoint to offer on OP’s argument beyond the logical reasoning error described above.)
For example, I am seriously considering doing exactly what you describe as “nobody does that” — having to repurchase all my apps and redo all my settings — in order to complete my transgender name change. Apple refuses to purge my old deadname’s iCloud email address, and so if I want to remove it, I’ll need to start a new Apple account and re-purchase all of my apps and content.
If you truly have a request like this, send an email to the person in the executive team responsible for Apple accounts, they’ll probably have executive relations fix it for you.
Apple may or may not care if users switch accounts. Only Apple confidential knowledge can prove or disprove this argument with certainty. In the absence of certainty, a best-faith effort must be made to determine whether their actions support or contradict these assertions.
The claim “Sure they do” is unsupported both by available evidence and by a good faith interpretation of their material actions. Apple’s public statements and app store policies do not support the assertion “More data is better”. There is no indication that Apple is performing enrichment of accounts using third-party data.
The person you are replying to was merely offering an example to contradict a blanket statement without a factual basis, essentially that Apple does not track users because the user is already logged in. The respondent presented a situation in which that reason would not apply.
Also, your way of engaging people in this way is annoying -- specifically starting every reply with 'This argument’s logical error' and then coming up with a seems-right-at-a-glance breakdown of their argument's faults. Are you doing it on purpose to annoy people?
Unsupported arguments based on misconstrued statements and logical fallacies waste all our time here at HN. Do better, please.
So that will persist across devices and accounts.
And before you say that's crazy, location information can mean they only need to distinguish a handful of people at a time.
So switching accounts would not only mean you lose all of your App Store purchases, iCloud data etc. It would mean having to get a new credit card.
That would make the likelihood of this scenario happening being pretty slim.
Apple has access to the logged-in account’s properties, as you assert, but this does not rule out Apple having other incentives for tracking.
This doesn't look like tracking or fingerprinting at all to me - they're logging user interaction (that many apps and websites have done for decades).
Even if they didn't do this just about every click you make in the App Store results in a query to their backend for more information, presumably with the account id (so family, regional, parental control works).
Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.
>Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.
Not that nuts. It's intended to be able to blacklist malware and such and retroactively disable it, through notarization (basically, registering apps to Apple and them getting a kind of fingerprint).
They could have done it with a local cache (and they probably do in some capacity), but it would still need to ask/sync every now and then.
No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.
> It's intended to be able to blacklist malware
Choice of blacklists, content filters etc. is also orthogonal to the vendor.
Yes. But then it wouldn't be a commercial commodity product, it would be more of a build-your-own DIY kit. Would it be as succesful?
>Choice of blacklists, content filters etc. is also orthogonal to the vendor.
Everything is orthogonal to the vendor, even choice of screen or disk.
But most people don't like choice, want something that mostly works as is. And even for those that do the optionally increases the product complexity, maintainance, and error condition space (integrated vs mix-and-match).
Plus, a few modular laptop and mobile phone designs never sold well.
Apple most definitely sells you a service, which is a managed computing platform. Alternatives exist. (And if they don’t, that’s not Apple’s problem.)
"Alternatives exists" sounds a lot like this fallacy: https://en.wikipedia.org/wiki/Ergo_decedo
The world isn't as simple as: there are companies and they can sell whatever they like, and there are consumers and they can buy whatever they like, because that would end very badly for the consumers.
Personally analytics don't bother me, I don't think they're a significant privacy issue. The service provider already knows almost everything you do with the service anyway, just as a requirement to provide the service. I don't believe that invasive regulation on the detailed behaviour and functions of a phone by governments is genuinely in the interests of users. I suspect that the detrimental effects would far outweigh the benefits, which would only be useful to a tiny fraction of users anyway.
But what confidence do you have if the product you bought is tethered to the original vendor? What if they decide to do something that makes you unable to use the product?
As for making the product unusable, they can do that anyway through OTA updates, which are applied at the user's discretion. If you think that's a problem then you should regulate that, not some other technical issues that may or may not be related.
Knowing is not the issue. The issue is they use that understanding to their advantage, not yours. Their duty is to maximize shareholder value, not your health, happiness, and well being.
I'm not saying don't use them. I am saying it's naive to trust so blindly.
The fact that an argument is superficially similar to an informal fallacy doesn't make the argument inherently fallacious. You can easily construct a variation of the same conversation which is structurally identical but is obviously not fallacious—
What the respondent said is only a fallacy if the purpose was to counter the criticism. But the criticism wasn't rejected. What was rejected was the unstated but implied assertion that the critic was entitled to a banana which satisfies them.Now let's turn that into an "alternatives exist" argument and replay—
That's not a fallacy. And it's not a fallacy to say that Apple is not obligated to make an iPhone which satisfies you. Especially because it's a statement of fact.If you don't like that you can't buy an Apple branded dumbphone, and you have failed to convince Apple to make it for you, perhaps try lobbying your government? They could pass a law which requires smartphone makers to also sell dumbphones.
However in many cases I can only do that via an app, and apps are only available on iOS or Android. Your argument a based upon me being able to buy something from an alternative manufacturer, yet here we are. And I have to purchase Apple or Android to be able to function in society.
If Apple isn't going to follow open standards yet be the largest phone manufacturer then we are going to have to regulate them. You don't have to be the only company to be a monopoly.
If you did, what has any of that got to do with anything I wrote? How does your complaint relate to what I’m talking about? Which open standard, specifically relevant to your ability to access your bank account and do your taxes, is Apple not following? And how is that relevant to concerns over privacy?
(Seriously, I’d like to engage with your argument but it seems like you’re confusing a discussion about the choice to buy a zero-tracking device with a unspecific complaint about standards.)
don't connect it to the internet.
It's not perfect, but at least I don't have to open the settings app each time.
To add insult to injury, when you automate WiFi and Bluetooth to turn off when you leave your home you need to manually affirm this action via a notification every time.
Super annoying.
You're asked whether you want to send analytics to Apple as soon as you set up any device.
If the "only thing" you can conlcude is user error, you must be unfamiliar with the insane amount of ambient telemetry iOS/MacOS collects even when disabling analytics (OCSP ring a bell?)
Personalized Ads is a different setting than the one I described, located in the "Apple Advertising" section, not the "Analytics & Improvements" section that I think the relevant setting lives in.
"Data usage" isn't the name of any setting on iOS, that phrase is too vague to be sure what they mean.
This is why I say that I'd like to see a screenshot of the relevant settings panes. How do I know this person didn't accidentally flip them back on during an update?
OCSP isn't relevant to this issue. It's not "analytics," it does not seem to collect personal data, anonymized or not.
OCSP is used to verify/revoke certificates, essentially for the purpose of removing malware and spam, which is a basic function consumer-friendly OS: https://apple.stackexchange.com/a/420002
To me that's a really legitimate use of a "phone home" when we're talking about commercial consumer operating systems.
They can see where users are struggling with the app and where extra-guidance is necessary.
I'm assuming many many many other apps and web pages are doing the same thing.
Nothing to see here.
>tracking how users use your own app is hardly malicious
https://www.un.org/en/about-us/universal-declaration-of-huma...
If you're going to commit to "all forms of tracking are bad no matter what" I'm going to need stronger evidence than a link a page on the UN's website.
Just because someone uses an application, does not mean you "own" them and have a moral right to freely collect and do whatever you want with records of their behaviour. Also it's just weird.
Interestingly, I started up an Nginx server and piped the logs to /dev/null and it worked just fine!!
Wow, turns out those logs weren't necessary at all. And by your standard, where tracking that isn't necessary for the website to function is unethical, that makes every single person running Nginx in its default configuration bad and participating in unethical tracking of users!
I think we can both agree that "all unnecessary tracking is unethical" doesn't make sense and leads to insane conclusions like "all Nginx users with IP addresses in their logs are participating in unethical tracking".
So we're back to square one, where someone needs to demonstrate this type of tracking is actually unethical. So far we've got "all tracking ever is unethical" and "all tracking not necessary for function is unethical", but both of those seem to be dead ends.
I think everyone would agree that it would be very bad if eg. an instant messaging app logged message contents and allowed devs to look at anyones messages.
On the other hand, most people would not object to an app that sends an anonymous weekly counter of which buttons were tapped.
Anything between these two takes a lot of care and deliberation; on the one hand devs want useable data, on the other hand users don't want sensitive data tracked.
But it takes a lot of effort to make sure you don't accidentally log sensitive data. Eg. if you log spell check suggestions (to determine common typos) you might probably be able to use that data to reconstruct message contents.
Now, as a user, do I trust random companies to get this right? Do I trust random companies to not accidentally log sensitive data?
And the answer to that question is NO, I don't trust them. So if you ask me if I would consent to activity tracking, I would almost definitely say no, even though I don't think anything is wrong with anonymous usage tracking -- I just don't trust every company to get this right, so I'd rather have them not track anything at all.
Considering how often companies misuse even this data...
For the record, I agree that this type of tracking should require consent (or at least be able to be turned off).
Your comments here consistently come across as highly adversarial: Assumptions and conclusions are liberally asserted, every sentence only attacks, there is no room for nuance, and attempts to find common ground are either mistaken for a new enemy assault or remain unrecognised entirely.
This makes for an uninviting and frustrating conversation, which is a real shame because you are clearly not a stupid person.
Admittedly my previous comment was not very constructive either. An unfortunate outing of my frustrations at the time.
Again, I post this with genuinely positive intent, and hope that when we next cross paths it might lead to a more constructive and enjoyable talk!
You post an extremely vague comment, I try to muster a response by making some assumptions about what you're trying to say. You post something that I think is obviously wrong, but I ask for an explanation just in case I am wrong or misunderstanding you, and you post this:
> Perhaps you'll find this book interesting: Networking All-in-One For Dummies https://www.amazon.com/gp/product/B0921K9YTS
I'll admit my comments were somewhat aggressive, but up until this comment (which, for the record, has changed my mind on this) you seemed to be participating in blatant bad faith.
If you want people to understand the nuance in your position, you have to actually say it, not just provide a random link to the UN Declaration of Human Rights. Your original comment seemed to be genuinely making the claim that 'all forms of tracking are bad because they are a privacy violation'. Maybe that's not what you meant, but I have to make assumptions about what you're trying to say when you don't actually say it and leave me to interpret what your quote and link are meant to say.
I'd love to hear the nuanced version of the argument why it's bad, maybe I'd be convinced.
I asked for reasons for why this tracking is bad, and I got what basically amounts to "all tracking ever is bad", and thus I'm explaining why that "all tracking is black" approach doesn't work.
Company internal testing can only go so far, especially in a small team.
It doesn't really matter whether on each tap you fire a specific event ("TapOnList", "TapOnPurchase") or whether you log all app interactions (where the user taps, are they going around the app not finding something?). Or does it? Where do you cross the line?
If this app would be Facebook I would see your grievances - devs could see personal data. But let's assume it's an app where there's barely any personal data, or specific views do not have this logging enabled.
"pregnancy tracker"
"democrat donation app"
"cancer survivors forum"
I really don't get the outrage about that, it's something that has existed for 15 or 20 years at least and is used a lot on most websites you go on.
What private information do you think is sent to the vendor that would not be otherwise?
If it only exposed information the user was already sending, the vendor wouldn't bother with the spyware.
> What private information do you think is sent to the vendor that would not be otherwise?
Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.
Not being funny but I think you’re vastly overestimating the capabilities of most engineering teams.
Just because they may be bad at something doesn't mean they don't attempt it.
You can see how valuable this tracking is by the amount of websites begging you to install their native apps. No thanks!
I just try to minimize it.
I'm not an app developer so I don't know specific, but by the amount of websites begging you to use their native apps it is quite obvious that there is something they get from the native apps they can't get from the website that they are very interested in.
Just try to go to the reddit website on a mobile (not old.) and see how fast they spam you with the app prompt.
If you block that data, most webapps, especially things like an app store, will be useless.
If the website is not using a third party site for tracking, you can’t block the owner from tracking and storing your interactions.
I personally use that + VPN that cuts the rest that sneaks in
They can see where users are struggling with the furniture and where extra-guidance is necessary.
It doesn’t necessarily require capturing video of the user.
A better analogy would be hooking up a door open/closed sensor to the cupboard, and capacitive sensors that log the location of touches, so that you can analyse what % of users struggle to find the door handle.
Tracking invades one of my most used tools, and what's worse I can't see all the tracking that happens.
Still think this isn't invasive?
I mean if you choose to use someone’s service, you’d want it to get better. And one of the reasons they get better is by collecting feedback of what’s working, what isn’t.
It’s very hard to nail down a good ux without feedback.
That's what you're doing to your users.
I'd consider that something to see.
(I don't have any evidence to believe LogRocket are doing this; LogRocket is just the example. Other tracking services exist, and they sure as hell do do this sort of thing.)
It is disingenuous of them to use the word ‘Tracking’ for everyone else and ‘experience improving’ for themselves.
(this is regarding your comment not the article itself)
Really frustrating to live in a country that wants forced socialization if their is opportunity to make money off me, but otherwise I’m just a cost center.
In no way does my use of an Apple device act as an open door for anyone else.
I’m not interested in technology to help some coder feed himself but because tech is fun and intellectually interesting.
Sure, as long as your definition of "anyone else" excludes the NSA, FIVE EYES, China, anyone distributing Pegasus, Akamai and the rest of Apple's contractors.
You see a handful of corrupt government agents. I see a world where billions do not kill thousands of government agents.
The public has made its choice. Some vain apes on HN who see deluded masses in need of rescue may in fact be the deluded fools.
The text of the prompt people are talking about is "Allow MyApp to track your activity across other companies' apps and websites".
Third party tracking mandates permission. First party tracking and data sharing mandate disclosure.
The Tracking popup requests that the user allows an application to send a unique identifier which can be correlated by other apps, advertising networks, social media platforms (eg. like buttons, embeds, etc), in order to correlate a user's identity between different properties on the web in order to personalise advertising. AFAIK Apple does not participate in this form of tracking
Apple does ask users if they want to opt-in to analytics (for Apple) and separately for third-party developers. This refers to allowing an application to submit analytics data purely for that application or for the operating system and not in a way which tracks the user between apps owned by different companies
In this case Apple is violating their own opt-in analytics policy with regards to the App Store application. It appears to be collecting analytics data even when a user has opted out of submitting analytics
It's like someone breaking into your house and rummaging through your desk taking photos because that suits them and there is fine print. One day as a society having a networked cpu involved in someone doing something won't make nearly every lawmaker, lawyer, judge and customer have their brain fall out of their ear and they'll actually be able to think critically about it and respond.
"But facebrick/goog/the stasi are a little bit worse so..."
Apple is as american as apple-pie. "If you don't pay for it you're the product." Comes up whenever Apple create yet another problem for which the "best" solution is to pay apple even more money.
Apple customers are an Apple product they sell. Paying Apple does not remove you from that. No matter who is your provider you are the product right up until the point someone can go to jail for it. Fines are merely a business expense and treated as such.
CEO can do time for breaking the rules. Whole different approach ensues.
What rules? How to enforce? How to interpret? How to ensure the courts don't just have a mental breakdown, throw up their hands and pass because a cpu attached to a network is on the critical path of what was done that would be clearly, wholly and totally illegal if it were replaced with an army of workers and a mountain of paper and filing cabinets.
I also wish they would've tried Lockdown Mode, at least.
Given that the app store comes installed by default and can't be uninstalled, it seems fairly reasonable to assume that it's part of the OS. Therefore it's not unreasonable to assume that disabling "device analytics" would also disable app store analytics.
I know you don’t care if there’s a real reason or not, but others here might. Anyway, it's good they're moving towards seeking more comprehensive permission for this kind of analytics.
[0]https://www.nytimes.com/2020/10/25/technology/apple-google-s...
>google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches
> Do they know that google pays Apple... to be default search
This statement comes off a bit ironic in the fact that you are pointing out a deal that Apple has with Google -- the current steward over Android -- as a reason that Apple isn't a bastion for privacy. This irony highlights the fact that one is often worse-off from a privacy perspective in using Android -- the main competitor to iOS -- because it is built with Google as a first party.
I absolutely agree that there is an exaggeration of privacy with Apple. But in most cases, iOS does actually do privacy better than Android. Private Relay, App Tracking Transparency and Google not being a first-party in the development in the Operating System are things that come to mind. Additionally, according to a research paper done in 2021, Google collects around 20x more data (around 1+ TB every 12 hours) on Android compared to iOS (around 6 GB)[0]. Even if the methodology behind the paper wasn't perfect (which Google claims) I don't think anyone would be surprised that Google collects more information than Apple.
My opinion is that the sweet spot for privacy on a mobile device is to buy a Pixel (for the great hardware security benefits) and go with a custom, de-Googled ROM like CalyxOS and try to use F-Droid for all your apps. For those who are even more hardcore, GrapheneOS is awesome.
In my opinion, stock Android is far worse for privacy than iOS simply because of Google's first-party influence. And then if you go with a vendor like Samsung you not only have Google as a first party on your mobile device but also Samsung.
The only option left if you want more privacy on mobile than an iPhone is to either flash a de-Googled ROM, like I said earlier, or to go with some sort of Linux distribution on mobile -- both of those alternatives come with huge downsides.
(Sorry for the rant, I always find this topic interesting)
[0] https://www.scss.tcd.ie/doug.leith/apple_google.pdf
>Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms.[0]
and
>In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s.
This second statement, even if technically true, is incredibly disingenuous and misleading in light of the fact that typing anything that is not a URL into the safari search bar will by default cause tracking. _That's_ the issue here. "We don't sell your data, we just sell you to somone else that does"
[0]https://www.apple.com/ge/privacy/approach-to-privacy/
iMessage is perhaps the most annoying offender to me because it's not end-to-end encrypted if iCloud backups are enabled -- meaning that my iMessage conversations have a high chance of not being E2EE on the other person's end.
Hopefully it made sense why I compared to Android. Apple does seem like a bastion of privacy when compared to Android -- just because Android and iOS are the only mainstream options on mobile. I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).
>an institution, place, or person strongly defending or upholding particular principles, attitudes, or activities.
>I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).
You may be interested in Nestbox[0] (not affiliated) which makes use of the madatory kvm in android 13 assuming latest kernel to run Linux in a vm with no root on android on pixel 6 and 7
[0]https://www.patreon.com/posts/74333551
https://twitter.com/kdrag0n/status/1589542963629395970
(via https://news.ycombinator.com/item?id=33527141, but we merged that thread hither)
I certainly did not think Apple would do this.
Their PR department certainly earns their keep.
If you search multiple times for the same term you will see a slight variation in search results, that's how they give apps a chance to move up or down. IE they move you down one slot but you still outperform the app above in CTR, you probably should remain in your current spot, or move up. Another app gets moved in front of their current ranking and the app that got moved down outperforms it in CTR, keep things as they are.