Reasons (not) to trust Apple's privacy promises


#1

[Permalink]


#2

Remind me what a “los” is again?


#3

Cory’s passive-aggressive way of spelling iOS to avoid “branding” or some such nonsense.

Because we can read the source code and the protocol descriptions ourselves, and determine just how secure they are

Yeah, that sure helped with the OpenSSL fiasco, didn’t it?

Companies are going to make marketing claims. We’re kind of used to that. But unless you are a programmer capable of reading the source code and a cryptographer capable enough to analyze it, you, as a consumer, are going to have to place your trust in someone.

My available smartphone choices right now appear to be:

  1. a company that has long held a monopoly position in the PC marketplace and been shown to be perfectly willing to abuse that position to the detriment of its customers
  2. a company that makes the majority of its money by selling the personal data they can collect about me to third parties
  3. a company that makes its money entirely by building a hardware/software combination and selling it for a profit.

I’ll take #3, personally.


#4

In general, I like the EFF but this post just sounds like the whining of a petulant child.

Obviously any one who is truly worried about their privacy will take other measures but for the rest of us what Apple is announcing is so much better than nothing. (Or is the EFF really trying to say that what Apple is doing is worse than doing nothing?)

Why not say, “Hey Apple, this is a great start. Better than your competitors. Why don’t we work together to make things even better?” I suspect its because offering solutions is hard. While complaining is easy.


#5

It’s been proven time and time again: people will choose convenience over security every time. It is damn hard to be perfectly secure and anonymous while enjoying the fruits of the modern web. While I admire efforts like the Black Phone, apple’s approach strikes me as (superficially, at least) reasonable. At least they work hard to indicate that they are not intentionally trying to monetize my private data.


#6

Apple makes a good point, about its business model naturally being more privacy-friendly. Right now, on the privacy front, Apple looks better to me than Google.

I intend to stick with Android for now though, because Apple’s walled garden still feels like an affront to my intelligence.

In terms of completely trusting any corporation to protect my privacy for me - my position is Never Do That.


#7

Apparently TV Magicians never use camera tricks…


#8

It’s Spanglish: “los privacy policies.”


#9

I’d like to know in which OS vendor Cory has placed his trust.


#10

Which may have originated as a distorted version of “lost-privacy policies”.


#11

All of the arguments are convincing. Encryption that nobody can inspect is worthless. And devices whose software is not fully under your control are not save. Any other point of view borders lunacy. All your apples are belong to us. (And as some will point out: most of these arguments apply to Android as well. But: that basic system including the encryption is open source. So as it stands, Apple still delivers a less trustworthy platform. Not that I would recommend doing anything on an Android phone that the government should not see. But sill.)


#12

I would extend it to hardware as well. Hardware-based trojans, or hardware-mediated exploits, can be pretty nasty.

Specific example, the baseband processor in cellphones, it’s holey. As you cannot easily-enough get a trustable software for it, just some “trust us we mean well” blobs from megacorps, it would make sense to separate it from the rest of the hardware using some sort of constrained-functionality bus and API. And of course vendors won’t tell you if their hardware architecture shares memory for both the application and the baseband processor.

Does Apple say?


#13

Are you new here? The only post about Apple made by Cory that I can ever remember being neutral (there have been no positive posts) was the one about the warrant canary situation the other day. I was surprised that Cory didn’t somehow turn it into something bad, but clearly he’s back on his soapbox.

Cory’s mentioned Apple four times in the last 100 days or so:
http://boingboing.net/2014/06/12/apple-adds-privacy-protecting.html (the headline sounds like it might be positive but he made sure to add a comment from the EFF that trivialised and mocked it).

http://boingboing.net/2014/07/23/back-doors-in-apples-mobile.html (another negative one)

http://boingboing.net/2014/09/18/apples-patriot-act-detecting.html (neutral)

…And of course the current link, obviously a negative one.

Here’s a fun game tho: find some posts in roughly the same period the Cory’s made about Samsung, HTC, Motorola, Nexus, or Google (related to Nexus). I checked and couldn’t find any. Nor any about Android, CyanogenMod, Replicant, and AOSP.

I know I shouldn’t care, that I should just ignore Cory’s rants but sometimes its hard not to say something.

Oh and full disclosure: I’m a Mac, iPhone, iPad, and Android/Samsung owner/user. In the past I’ve used Linux (SuSE, Debian, and Ubuntu), Windows (everything from 3.11 to Win 7 (MCP Win95 & WinNT)), MacOS (obviously), and even - briefly - BeOS. Oh and GEM OS as well. In my working life, I’ve admin’d WinNT, Win2k, and Linux server boxes. I support the EFFs goals and work and, occasionally, throw some cash their way. I also think Cory Doctorow is a self-aggrandising jackass and definitely am biased against him.

Rant over, I’m off my own little soapbox now. Sorry folks!


#14

Is there any room for hope in your nightmare?


#15

How Cory works, on lifehacker, 2013

Ubuntu on a Thinkpad and Android on a Google Nexus, apparently (as of spring 2013).

He’s been an enthusiastic Apple user for 27 years, though, but he decided to switch in 2006 because of “proprietary Mac file-formats and the increasing use of DRM technologies in the MacOS.”

His reasons, as discussed on Daring Fireball (great read!)
His BoingBoing post about switching

The recent capitalization of Apple trademarks stands in stark contrast to Cory’s “iCreations” in his older posts, particularly in his 2010 iPad post, where he talks about the “iStore” and its “iApps”.

See also his 2012 Nexus 7 post, in which he praises the Google Play store and includes this gem:

I’ve found the Nexus 7 to be a breeze to use. Jellybean, the latest
iteration of Android, has plenty to love about it, including the Google
Now predictive search that uses your location and search-data to guess
at the information you’ll be needing. For once, this feels like a good
privacy quid-pro-quo: if I let Google see some of my data, it will use
that to actually feed me back useful information, including things like
daily exchange rates while I’m travelling overseas, a pedometer that
uses the built-in accelerometer to count my steps, and travel times to
places I’ve recently looked up.


#16
Yeah, that sure helped with the OpenSSL fiasco, didn't it?

It’s a fiasco because everyone hears about it. Not so much the fiasco of KB2347378 or the fiasco of Security update 108-29384.

You forgot:
4. a small company that makes it’s money by building a hardware and tailored software combination phone specifically for privacy but it really expensive.


#17

If there is hope then it would be the incompetence of the state, the NSA, the BND, the Stasi and similar institutions that collect data without ever realising that while knowledge might be power - collections aren’t knowledge. But to return the question: is there any hope in your (possibly consumerist) nightmare?


#18

I’ve highlighted the key word there.


#19

Does anybody really still believe that any corporation has products that are not/will not be used in the collection of personal data by NSA (etc)?


#21

Reputation management: it’s not a job, it’s a lifestyle! Also, it’s an embrace of the concept of living the role of human garbage.