I think one of the worst barriers to good data security is how very complicated and unfriendly the software is. I’m not too stupid, but I can’t spend 40 hours learning the piles of things needed to properly encrypt and privacificate everything. However, I’d spend quite a few bucks for a software suite that does all that for me. If Apple can finally make that easy then I’m buying stock, but I’m surprised some entrewpreneur didn’t do this years ago. Maybe all the techies are happy to spend that 40 hours, so they assume the rest of us feel the same way, I dunno?
hrm, the thing is i don’t see a way to do it that doesn’t involve either a walled garden (and a trusted or trusted-enough manager such as, in this case, Apple) or some crypto-anarchist fantasy of webs of trust. the central problems, imho, aren’t purely technical, and have more to do with the fact that mathematically formalizing relationships is an arduous and unpleasant task.
and in fact, that seems to be the way things are going. the very few people who really need to use it will learn hard crypto or hire a consultant, and for everyone else there will be walled gardens of varying credibility.
This is transparent how?
To the question of how to improve privacy for civillians:
- Require a password to unlock every device.
- Encrypt every drive by default. Doesn’t have to be flawless encryption (ahem TrueCrypt) to improve matters in many scenarios. OSX has a built in feature that works invisibly.
- Get a password manager (ex: LastPass), and use unique, generated passwords.
- Don’t use public wifi without a VPN.
- HTTPS whenever possible, perhaps via HTTPS Everywhere browser extension.
- Avoid dodgey browser extensions and native apps. (Adios, Hola)
- Read the EFF’s privacy how-to manual and adapt to your life as needed.
I’m not a huge Apple defender, but on-device caching of location data to display maps faster isn’t really comparable to a business model built on selling ultra-targeted ad placements. Apple’s model of direct sale of hardware is better in narrow but meaningful ways than several existing alternatives (EDIT: as noted below, their ad business shares Google’s issues; it’s just a smaller wedge of the business pie).
Saying “everyone sucks” makes it harder to identify and address problems.
They may not want my data, but they’re also pretty bad at protecting it.
As per the very article that you linked, it’s stored locally (as a feature, to improve mapping and suggestions) and never sent anywhere. So where exactly is the invasion of privacy, there?
Also, trivially easy to turn off. It’s the first thing I did when I got my iPhone for work.
Is HTTPS everywhere really much use any more? I ran into issues with it years ago, where it was breaking certain sites (possibly this very one, now that I think about it), and now as far as I can tell most of the sites I use that HAVE https, will default to it any way.
We don’t want your data, just your money, and to lock you in to our services, and to prevent competitors from doing anything remotely similar to what we’ve done, even if they did it first or better.
I think it’s simple enough. Apple makes it’s money by selling hardware of different kinds, and it makes enough money out of that, that it has no need to sell your data as well. Its services which are free at the point of use exist to make the hardware and the ecosystem more attractive. Companies that make basically ones and zeroes have no real alternative for making money other than to sell your data. Apple has a competitive advantage if it does not do so. That’s why the mostly likely model for the future is a paid tier of services for those who are prepared to put a small amount of money into privacy, and a much larger, unpaid but dubious tier which will be notionally “free”.
Facebook may be using HTTPS now, but HTTPS Everywhere still does yoeman’s work on some of the buried services under many websites. For BoingBoing, it says it moved me to the HTTPS version of the following requests…
Ghostery provides this. I don’t run it myself because I do web work and it complicates logs.
Ironically, the software makes the overly attractive and overly expensive but also overly simplistic hardware a dealbreaker for many.
The problem is that the more you trust another person (or company) the more ability they have to betray that trust. Apple for instance touts the end to end encryption of iMessage, but Apple is the gatekeeper that connects users together. That allows them (or any one that can successfully masquerade as them) to subvert the encryption. And since Apple hides all the messy complex bits even an expert can’t detect that they have been subverted.
they’re listed as options in the system settings, and you can turn them off. that’s relatively transparent.
That wasn’t my message at all, though I do find the Mac fanboys’ condemnation of Google ridiculous. Tim Cook is saying there is something wrong with the intrusiveness of Google and Facebook’s business model. I’m simply pointing out that, while different, Apple is just as guilty of spying on users information. They are taking the Google model into reality where they can note your behavior in the real world. They know where you spend time, where you shop, where you eat, who you visit, and it’s all cached in a tidy database for them. They may or may not use this information for their own business. They also force you to opt-out of their iAd service which runs similarly to Google allowing their business partners to track your behavior for ads.
Google allows you to opt-out of ad tracking, and has for several years. But if anyone believes they, Facebook AND Apple aren’t fully taking advantage of the information they gather about you, you’re delusional.
And I’d much rather an internet company know what I shop for online, than where the FBI can send a goon squad to pick me up at any given moment. If you’re into anything nefarious online, you’re much safer with Google than with Apple. I can fully disable location tracking and delete my history from Google.
And if it’s something you wouldn’t want anyone to know about in the first place, why are you doing it online?
Which was a long way of saying; Standard US company.
Except… They’re not. At least not in the case of the iPhone’s location tracking that you linked above (I didn’t bother looking at the iPad or other one, since I have no experience with those). The phone itself saves the information, and uses it to improve performance of location-centric apps on the phone, but that data isn’t actually sent off the phone. So I’m not sure how they are “spying” on anything.