73 comments

[ 3.5 ms ] story [ 132 ms ] thread
"But all my friends are using $App, and ..."

"But $App is free, and it's so cool, and ..."

"Who cares? That's how the world works now."

Etc.

I know this is not how the comment is originally intended, but I am slowly starting to throw in the towel with regards to trying to convincing others. Best I can do is my immediate family. I don't even dream about my social circles anymore. I just want a relatively safe digital space for my family.
Okay. This is very realistically your hobby horse, and you aren’t respecting that people might want a relationship with you without you lecturing them about this thing that you just care a lot more about than they do.

I don’t think that people should be lining up to show sympathy in this scenario.

I am not looking for sympathy. Everyone is advocating for their favored position all the time. X good. Y is bad. We should do Z. We shouldn't do W. Why is my position so much different than everyone else's?

The question is whether I am able to convince anyone, but that is a separate part. I assume since you used word 'lecture', you are not convinced it is an issue worth discussing among your family, friends and peers?

edit: I thought a little more about what you wrote in:

'people might want a relationship with you without you lecturing them'

I am starting to wonder. Should humans have EULAs?

25 years ago everyone was singing the praises about Google the search engine, and then a few years later, Gmail. At one point you'd see Ad Sense on many tech blogs.

The phenomenon you describe is hardly new, it's just easier.

(comment deleted)
The article is absolutely all over the place.

The gist of it is that apps are allowed to run a bit of code when they receive a notification and they can use that bit of code to send some telemetry back to the mothership.

And the craziest part is

> What many people don’t realize is that targeted advertising and other invasions of digital privacy are all about figuring out your identity.

And then they interviewed Facebook and LinkedIn. They already know who you are. Facebook knows a lot more about you because of what people voluntarily tell them about your personal life and LinkedIn already knows everything about your professional life.

As often as people tag exactly where they are real time in posts, it seems unnecessary to gather more information via IP addresses.

Not saying some companies aren’t up to no-good. But, collecting timezone (or ip to infer timezone), as long as it’s done with user consent in the privacy policy and or notifications setup process is actually helpful for end users. Most of us want (for example) our exercise reminder or our news update to arrive at breakfast even when we travel across Timezone boundaries. I don’t want to have to sign in to an app or go to a settings page for an app to tell it when I cross Timezone boundaries. If apps are collecting info to allow inferring Timezone without user consent then thats a different kettle of fish.

Not that I ever want linked in notifications, I definitely don’t want linked in notifications at 3am in the morning because I crossed a few international date lines.

Not clear why the app needs location info for this. Notifications should just be relative to the current local time.
Spoken like someone who has never implemented a push notification system.

How does a server know when to send a push notification to a client if the server doesn’t know the users local Timezone.

Want a wake up call at 7am? How does the server know when to make the call? Want to avoid sending a study reminder at 3am, how does the server know when it is 3am? Most websites do some kind of location detection to show times back to the user that are likely in their current Timezone.

> as long as it’s done with user consent in the privacy policy

No one¹ reads those. I wouldn’t consider that informed consent.

¹ Not literally. I read them but personally know no one else who does.

How much information do app devs get when customers disable app notifications from their app entirely? Some apps (especially food delivery.. doordash, i'm looking at you) have such spammy notifications, I tend to disable notifications from the app entirely unless I'm actively using it (eg, an order is pending).
My feature request for iOS:

Allow me to disable notifications from an app unless I have opened it within the last X hours.

I’d set it to a couple hours. My food apps could then tell me the order is ready, but can’t spam me with “Special Offers For You” days later.

Maybe I can do this with an automation?

I'd LOVE this.

I also want something else that I wonder if I could dummy up myself. I want to change certain phone behaviors based on whether or not a given Bluetooth device is connected.

My use case is "when I'm on my motorcycle, connected to headset audio, I want (a) the phone to read me texts and (b) to turn on navigation audio." I do not want either of these things UNLESS I'm on the motorcycle with the Cardo turned on.

it might be possible to get this together using apple's "shortcuts" app
No hooks for what I want there, sadly.
Seconding that I'd love this. At the same time, has App Store's guidelines/rules changed to allow spammy ads notifications? It used to be 100% disallowed and I worked for a company that got an app denied because of it until changed, nowadays it seems to just be completely common. I fucking hate it.
Yeah, Apple should properly write/enforce App Store rules on this. Make marketing notification a separate permission if necessary and be strict about it.

After all, topics like this are why we succumb to their curation and App Store monopoly instead of using more open devices.

Apple with its current incentives will never do this. I’m sure they know quite well which % of their services revenue comes from enticing push notifications from casino games.

But with all that said, don’t kid yourself with any thoughts that the “we” in your sentence refers to anything more than a practically immaterially small contingent of nerds. Poll 100 people off the street and for the vast majority of them, a more “open” mobile platform is—at best—some nebulous advantage of owning an Android phone that some dweeby family member ranted to them about. In reality, they are reality not directly making use of any of that “openness”, instead just using a worse, malware-infested iPhone alternative.

An ad for the product itself is very different than an app sending a third party app as a notification. They absolutely need to enforce the latter as not ok.
Making marketing notifications a separate permission doesn't really nerf the casino games much.

And I believe the "we" refers to far more people than you describe. It's ultimately a question of UX.

They had rules for this. But apps like Uber never followed them and Apple never enforced it. Then Apple itself started doing it. Then they revised the rule to allow it.
Whats the problem of simply uninstalling the app once it does that?
Some apps provide genuinely useful notifications (like shipping updates), but also send spammy notifications that are just ads.
Because then you'd have no apps left for food delivery or rides, to name a few categories.
I used to uninstall food delivery apps when not using them, but found that just killing their ability to notify me was equally effective without the hassle of re-signing in every time I needed to use them.
This guideline has been revised in 2020.

> Apple updated its App Store guidelines today with a change to its traditionally strict restrictions around push notifications. Apple has long banned apps from using notifications for “advertising, promotions, or direct marketing purposes,” but that changes today. Apps can now send marketing notifications when “customers have explicitly opted in to receive them.” Users must also be able to opt out of receiving the ads.

> The change follows a couple incidents over the past two years in which Apple bent its own rules by sending out push notifications that read a lot like ads. Since other companies’ apps could be banned or have their push notification privileges revoked for that behavior, the moves were criticized as another example of Apple getting away with special treatment because it controls the platform.

https://www.theverge.com/2020/3/4/21165087/ios-apple-push-no...

And yet, I’m constantly getting advertisements from Uber and Instacart
I bet Uber and instacart have proof of you 'explicitly' opting in /s. The world we live in is such a joke.
Did they change it back? Reading the guidelines themselves...

2.5.16 Widgets, extensions, and notifications should be related to the content and functionality of your app.

2.5.18 Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc.

I just got an AD (one with four proper nouns I didn't recognize, an offer to win a $15 reward, and free movies for a year, all in one sentence!) as a notification from Sports Engine, the app (owned by NBC!) you use to check your kids sports schedule. This is an app the association pays to use.
I think there should be a spam complaint button for notifications. I used to have the "KaufDa" app on my smartphone but they would send me spam notifications in addition the useful ones and when contacting support they would feign ignorance.
Or just fix the root problem so that the notification is just a notification and not a way to harvest data, I guess.
I don't even allow DoorDash to send notifications. They're so spammy and abusive with it that I turned them off, and just keep an eye on the app when an order pending. It's less net annoyance to me.

I allow very few notifications on my phone, and nearly all the exceptions are iOS built-ins like Mail (which I still heavily restrict). Honestly, I think the only non-Apple exceptions are my VOIP softphone and Teams.

Does iOS not have anything akin to the concept of Android's notification channels? Using Doordash as the example, at the OS level I can independently disable "General" notifications, which cuts out all the advertising spam, Delivery Status, and Payment Status. Long-pressing on an offending notification displays a button that takes you directly to the channel which that notification went through, potentially so you can disable it.

With how much Android and iOS have copied from each other, that seems like fertile ground to improve the experience.

iOS has limited extra settings for notifications that are "time sensitive" and "direct messages", mostly to allow excluding them from notifications summaries and sending them immediately. It doesn't have the same rich/extensive notifications channel support android has.

In practice, apps also abuse the channels and tag things as (at least) direct messages when they are not.

Android is much better in notification config flexibility vs iOS.

Android had a good idea that the scumbag MBAs and marketers ruined.

Whenever I get a spammy notification from an app I'd prefer to not uninstall, it's always logged under a general category that is mixed in with notifications that I want. Amazon for example has channels for Alexa, account authentication, and then a notifications category.

This tribalism is flat-out childish.

A “good idea” that doesn’t stand up to adversarial actors isn’t a “good idea”. And I assure you that your developer buddies were just as complicit as the evil business-people and marketers in ruining it.

This is a poor argument. Don't murder is a good idea for a law even if it doesn't stop everyone. Most apps do implement channels correctly, because if they don't they get uninstalled.

I've also been happy with my career. I've only had one scummy feature handed to me my first week at a job. I called out the product manager for it during a full engineering team meeting, asking him if he thought our customers were stupid, and earned a lot of good will with the other engineers for calling him on his shit. He was fired within the year, I'm still on the team, and that implementation is now gone.

Do you have first hand knowledge of who initiated this change?
Best app I've bought for android in years is buzz kill which lets you auto dismiss notifications that match certain terms or icons, or cool down apps so they can only notify you once in x mins etc. it's really tidied up my notifications queue
Door dash is breaking their website on purpose (pretty clear how they force hiding things when they detect them) for it to not work properly in phone browsers. This should be illegal.
That would be absurd to legislate.
There's tons of legislation on e.g. accessibility that is quite expensive for companies to comply with. At some point in the past, I'm sure quite a few people would have considered these expenses absurd as well.

If there's a clear benefit to society, I don't think it would be an absurd regulation at all, and there's precedent for equally fine-grained/detailed regulations in many industries.

Another one of that category I'd love to see: Mandate at least one secure 2FA method other than SMS-OTP.

You can do this with a custom "focus" which allows you to block notifications from specific apps (or make an allow list which is probably not what you want). Then you use that focus by default most of the time.

Unfortunately I don't know how to do the same with notifications that are sent via SMS.

You could invert it and make a focus for “I’m expecting a delivery soon”, with a whitelist of delivery/service apps. And with Shortcuts, you could create a script to turn it off after a set amount of time.
Yet another reason to deny notification rights to pretty much everything nonnative, and to restrict the native stuff.

I mean, first, they're disruptive. You don't need to know every time you get an email. Even on my laptop, I only get an email ding if it's from (a) a coworker (and it's a small company) or (b) my wife.

Second, the notification-spam ship has sailed. Apps behave TERRIBLY and abuse the privilege. DoorDash, for example, will spam you with ads using notifications if you turn it on. As a consequence, I just watch the app itself when food delivery is pending -- and so no notifications are required.

That's why I'm pretty aggressive about white-listing my notifications. Apple would do well to make this the default. The default answer is that they wouldn't for financial reasons, but over the past few years, I've been pleasantly surprised by changes they've implemented that I thought weren't in their best interests for those same reasons.
How much data is Gizmodo harvesting from you when you read this article?

uBlock Origin shows 16 domains connected; most of them loading JavaScript. The real number is probably far higher when no ad-blocker is used.

This is how I feel every time I see any mainstream news outlet copy-pasting any privacy related piece.

All the outrage companies and people have is posturing in almost every case, in my opinion.

You want to push it, until we are forced to return the favour?

When one side doesn't listen, then these conversations are nonsense. The concept of having a conversation is coming to a close.

And you’re on a VC company’s advertising “social network”. Whataboutism does nobody any good.
HN is not a social network
And it loads zero trackers. Zero external domains contacted, also.
I’m not usually reading a Gizmodo article with my screen locked and my phone in my pocket as I walk around the city, with the article able to determine (at a minimum) my IP address, which can tell them whether I’m at home, work, the mall, or the doctor etc.
Privacy badger has a big old 29 potential trackers listed when I visit that site.
This kind of “let him first cast a stone” comments needs to stop or else we will never get news.

If anything, having a publication release an article like this shows that they’re not held back by conflicts of interest.

Back in '12 we wanted to know if people uninstalled an app, so we sent a quiet push notification every night. At least back then it didn't turn up on the phone if the text was empty or something.
That still happens to this day, one can send both silent and alerting push.
Ssh stop telling the world about the adtech data collection tricks.

In all honesty this is just one of the many ways companies feed the ads monster. coal is to steam train as user data to adtech.

Maybe you might know. I assume most webpages and native apps are harvesting all data available that they can get their hands on that the users/OS will let them take and then selling that off to the highest bidder. Including information that is completely unrelated to the operation of the application.

Seems like you can make correlations with almost any type of data these days so I imagine even things that seem useless to capture could be valuable in the future.

> For example, the tests showed that when you interact with a notification from Facebook, the app collects IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and a host of other details.

I feel like "...when you interact..." is a very key part of this. If I understand it correctly, that to me really makes the headline seem less bad. So if you just delete the notification and never tap it, do they not get any data? That part is unclear but very important to this context.

This is why websites push you to apps. Venmo recently stopped me from transferring money using web even though it worked just fine a month ago!
This whole article is kinda weird.

These are apps that already are installed, the user chose to get notifications ... yes so when the notification runs the app runs and some telemetry is collected.

Cat is out of the bag already.

I'm concerned about this whole topic too but man that article is hard to read and really just kinda states the obvious. Why it is focused on notifications is sort of beyond me. There's nothing presented to say that users don't know that the notification from the app is ... the app.

It also seems like you have to interact with the notification for any of this to happen. That's not surprising as that usually leads to the app that you already have / know is there and so on, and now you interacted and opened the app. If you're opening facebook notifications, you have facebook installed, you likely logged in ... so yes there's tracking going on.

Article seems to imply this is some extra level sneaky way for apps to collect data but it doesn't seem to be that way anyway.

The problem is, people who care about their privacy do not want to be tracked when they’re not using the app.

But if an institution wants to find out what devices subscribe to certain groups or pages

They could correspond the times that a pages media posts, with the times a range of devices received a notification from specific apps.

It’s that easy

The even more significant bit is that governments can track users this way without standard warrants: https://www.washingtonpost.com/technology/2023/12/06/push-no...

It's unclear what data the government tracks, but it's annoying that Apple allows such a trivial security hole when they keep bragging about "privacy".

The “privacy” brag is just a successful marketing campaign.
I think it is also worth noting that Apple goes out of their way to prevent developers--both technologically and contractually/procedurally--from building alternatives even for privacy-focused applications.
"This isn't the first time Mysk's tests have uncovered data problems at Apple, which has spent untold millions convincing the world that "what happens on your iPhone, stays on your iPhone.""

The safest "app store" would be one where all "apps" must be open sourced so that, optionally, if a customer dislikes a certain "feature" or other behaviour of the software, she can remove it from the source and compile her own version. Additonally, the customer could add "missing features". As it stands owners of Apple computers have no control over anything really . They delegate all of it to Apple. That is why every thread about these issues includes futile pleas to Apple. (That will go unaswered.) There is no DIY. That would be "unsafe" according to Apple's media spin. Perhaps the closest we have to an "open" app store is f-droid.org.

https://world.hey.com/dhh/apple-s-new-extortion-regime-to-ke...