Reasons (not) to trust Apple's privacy promises

Apple made themselves a target by starting the discussion. It isn’t really bashing, either, many of the points on that list are very valid, and its only at the very end that it gets a bit snide.

Questioning, or being critical of something does not equal “bashing”. Apple is just a faceless corporation selling mass produced consumer products, they are probably not looking out for your best interests, they don’t care about you. Why care what people say about them? They don’t need your defence, or devotion.

This is also true of Google, and the makers of the hardware their OS runs on as well. None of these corporations are saints, and all of them have some dubious moves in their history. We should be skeptical of all of their claims, and we should be very critical of their products and services when it comes to our security and privacy. If this is " bashing" then we should be bashing the living hell out of all of them.

Yeah, darn them for making promises about their user’s privacy!

I’ve long been of the opinion that Cory knows quite well that a great deal of his readership use Apple products, and figured out awhile back that clickbait articles like this drive comments.

Whoops. I wasn’t aware I was making that argument; mea culpa. But are they harder to discover? In fact, I see (just from the news) that problems are discovered with closed sourced-systems all the time. They are then fixed in the same manner. It’s happened to every company that releases software, open or not. If an argument is made that suggests open source is better because something can be seen, then the issue of OpenSSL is a clear and direct challenge to its efficacy.

Whereas if a company assembles a staff of experts whose job it is to explicitly hunt down and find problems with their own software, the issue of whether something is actually being actively scrutinized is then much more moot. Obviously, no process can be perfect; security holes will still likely slip through, especially since software is so complex these days. And we’ve even seen some breaches have happened that have nothing at all to do with software: a telephone call and someone willing to game customer support is all it took to compromise some accounts.

I don’t see this as much of an issue. If who I decide to “trust” (with caveat quotes) comes down to aesthetics, then it is just about politics, since it seems no company is ultimately trustworthy in the strictest possible sense. But if I want to participate in a modern life, then I can make a few informed choices based on my needs. The case for open software is easy for those who choose to use it, or who have the professional capacity to really understand its implications and can make solid choices based on what they see.

But for everyone else, it boils down to who is doing what with their data. Right now, Apple appears to be taking this seriously (my hope is that some of the industry will do likewise). You might claim that this is making a judgement on faith, but as far as I can see that’s little different from what open source advocates who are not experts in security are doing.

This would be why I’ve just put Ubuntu on my MacBook as the sole OS.

Until there’s a fire.

Tim Cook was on Charlie Rose last week and pointed out that Apple has always been in the business of selling hardware combined with software. That is the source of their wealth. He further stated that Apple has never sold user data unlike un-named competitors whose main source of income is just that.

If it is marketing I am okay with it. That is how markets work. Face it, the world is keeping a close eye on Apple and the minute they show they are not doing what they say we will all know.

He claimed that Apple can’t deliver a lot of user information like the contents of text messages because they do not have access to it, it is encrypted and they don’t have a key. If this is how they are going to differentiate themselves from their competition then GREAT! Let the others catch up.

“They are lying.” is the weakest sort of defense.

My only comment here is that the whole ‘I refuse to capitalize iOS’ thing is basically the sort of thing that people make fun of nerds and journalists for, because it’s absolutely dumb.

I lied; here’s a comment. I think it’s totally fair to say that unless a company has a history of problems, automatically assuming that they’re lying is the sort of thinking that logically ends up with you living in a bio-neutral house in the woods off the grid.

I’ll just say ‘There’s Obama coming to take your guns!’ and they’ll run out of there in no time.

For those people who fear that Apple is untrustworthy… if you put a tin-foil hat on your head you’ll feel a lot less stressed.

(͡° ͜ʖ°)

Privacy isn’t anything new to Apple, it’s fundamental to its DNA. The company is notorious for this. This ‘new’ policy is merely the application of that. If time is taken to do a fine-grained study of Apple longitudinally, it will be found to be unique in its underpinning ethos in this regard.

Each of Apple’s consumer-facing information envelopes is different, and so each carries differing levels of potential security vulnerabilities.

iCloud: I never use any Cloud-based storage services, Apple included. I believe the company has the best of intentions, but I don’t trust my data to be stored anywhere outside of the physical confines of my private life.

That said, the large majority of people should use automatic Cloud backup, as they likely otherwise risk the irreplaceable loss of deeply personal data, particularly photos of key life events and people.

iDevices (iOS/OSX): If you enable encrypted storage on your Apple device, you’re the only one who has the key. Apple can’t access your data. Law enforcement can’t either. So it depends on your cooperation with a Lawful Request.

If lost or stolen, you can remotely locate, lock, wipe and disable your iDevice.

iMessages: These are end-to-end encrypted using ephemeral, single-use private keys. A year or so ago it was demonstrated in a US Court that Law Enforcement could gain access to all other personal data except iMessages.

Everything else isn’t unique to Apple, and the usual caveats apply. Of course, the usual caveats also apply to Apple stuff too. As a general rule, no human system is impervious to human creativity. It’s all a matter of weighing the risk of disclosure against the probability of enough interest, coupled to the availability of the needed resources to achieve it.

Apple is the most fastidious company on earth. You can tell that by the level of attention to detail in its product design and manufacture. When you hold or use an Apple product you are seeing into the company’s soul, because of the necessary cultural backend required to produce that integrated software/hardware/industrial design.

The same can be said for any company or person. Look at how they handle the minutely small and incidental details and you will know whether to trust them with the big things, like the integrity of your personal data.

And I promise to stop world hunger, I must be a saint.

I agree with the majority of your post, but I think there is a distinct flaw in the thinking behind this statement:

But are they harder to discover? In fact, I see (just from the news)
that problems are discovered with closed sourced-systems all the time.
They are then fixed in the same manner. It’s happened to every company
that releases software, open or not. If an argument is made that
suggests open source is better because something can be seen, then the issue of OpenSSL is a clear and direct challenge to its efficacy.

Bugs are found in closed source software all the time. Many large companies actually offer bug bounties, and you will find in a large number of cases when the patches are posted that third party researchers are credited with finding the bugs. This can not be used as an argument that closed source is just as easy to review and test as open source. It’s a ‘back box’ problem with closed source and while there are numerous techniques for testing for bugs, they certainly can’t be considered lower effort than being able to read through the actual code.

Likewise, the spectacular oversight with OpenSSL is not an argument against open source being easier to review It’s just a sad case of a bug being in plain sight and not caught. When it was noticed, people traced it back to a line or two in a single code check in. It was small, overlooked, and catastrophically flawed. To say it was a failure is fine. To say it disproves the notion that open source is no easier to review or catch bugs in than closed source is a fallacy.

I don’t trust anyone’s privacy policies anymore.

Also, I’m surprised no one has mentioned that the Apple “warrant canary” has gone missing.

https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/

Don’t be surprised: they have.

’ Because they want to help the terrorists win?’

My, how rational.

Ok, security-and-privacy buffs who use Android: can you explain simply what exactly do you do with its ‘fenceless garden’ that makes a difference beyond implicitly supporting open source? Do you install alternatives to the regular Android Store full of safer and better alternatives to the Google stuff? Something else?

Serious question. I hear much talk online about iOS being closed but the only real-life use I’ve seen of Android’s open nature by non-techies was either a bit of customization like looks and keyboards, or the ease of pirating software without having to jailbreak.

Otherwise people seem to me happy to trust Google instead of Apple with their data and that’s hardly an improvement.

I dunno about security (seems like Apple is, at least, trying to make some positive changes), but it’s really creepy how much of their identity people put into their choice of consumer electronics. Giant corporations are not your friends. Google, Apple, Microsoft, Sony, whatever.

I have an iPod, but I don’t identify as an Apple user. My smart phone runs Android, but I’m not in love with Google. Seeing people bicker over which uncaring, faceless entity values their privacy more is surreal.