← Back to context

Comment by jlokier

4 years ago

The information reveals in exquisite detail what times of day I'm working, what times I'm slacking off, which days I work too.

And whether I'm taking a long or short lunch break, or lots of breaks. Whether I stay in bed until late, or work late at night. It's enough to predict whether I'm a "good" worker.

It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day. It also reveals what time I open any of several video conferencing apps.

And the sort of thing some HR would like to browse when assessing job candidates. They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".

And whether I'm running tools I "shouldn't".

All that seems quite sensitive and personal to me.

4 comments

jlokier

Reply
brundolf  4 years ago

> It's enough to predict whether I'm a "good" worker.

If your employer is willing to be that invasive, they already have a much easier route for getting that information: forcibly installing surveillance software on your work machine.

> It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day.

How...? How would the binaries you're running have anything remotely relevant to say about this?

> They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".

That's a pretty contrived use-case for a pretty significant and unscrupulous bit of data-sharing. From a PR perspective Apple would never intentionally and publicly share this data. So assuming this data is even stored anywhere after the check is complete, and assuming any personal identification is kept with it, both of which are huge ifs, that leaves a couple of possibilities:

- Hackers gain access to the data

- Government subpoenas the data

- Extremely lucrative contracts, probably from advertising companies, are enough to motivate Apple to sell the data despite the risk of a massive PR scandal

I don't see any of those falling under your proposed scenario of random employers casually perusing the logs.

  • jlokier  4 years ago

    > If your employer is willing to be that invasive, they already have a much easier route for getting that information: forcibly installing surveillance software on your work machine.

    The question was whether the information gathered is personal and sensitive.

    The fact there is another way it could be gathered doesn't make the information less personal or sensitive.

    > How...? How would the binaries you're running have anything remotely relevant to say about this?

    Because your temporary IP address is part of the hash request, and that's usually enough to identify which major organisation's network you are on, not counting any geolocation.

    Thus, coffee shop (which brand), library (government network), home or mobile, at least.

    I expect the websites and services I'm using to have this when I'm using them. That's reasonable, I'm reaching out to them.

    Apple itself is not a service I'm using constantly, so I don't expect it to be sent a minute-by-minute update of my movements whenever I'm doing work in a CLI, and happen to have wifi on.

    (I don't use iCloud, btw. Perhaps people using iCloud expect activity to be streamed constantly.)

    > From a PR perspective Apple would never intentionally and publicly share this data.

    Again, the question was whether the information is personal and sensitive. That's a property of the information itself.

    Not whether Apple intends to store it and share it.

    • brundolf  4 years ago

      > Because your temporary IP address is part of the hash request, and that's usually enough to identify which major organisation's network you are on, not counting any geolocation.

      Okay. You realize that you literally have to turn off the network connection completely to prevent dozens of companies from getting this information every waking moment? Windows and even Ubuntu constantly send back basic telemetry, not to mention the many more less-trustworthy apps that are refreshing in the background, the websites you interact with (even with ads/tracking blocked, the site itself still knows your IP address and time of access!), and so on.

      Maybe it's not the exact point I was making originally, but my point now is that this is a ridiculous thing to focus on in the grand scheme of privacy concerns. It might be the single least-privacy-significant network request that any of your devices ever makes. Personally, if that's the only cost, I'll take the tradeoff for the security benefits. But even if I didn't feel that way, it's not what I would be spending my energy worrying about.

      1 reply →