" Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways." -Google
This is a beautiful quote because it is an example of one industry's bad behavior leading to another industry's bad behavior, upon which the first industry then users the second's similarity to justify themselves. Cars only started doing this because phones made it normal. It's wrong in both cases.
It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
The 30% cut was considered very good at the time. It was way better than the 50-90% cut that traditional publishers would take.
A sibling comment notes that Steam charged 30% at the time (though some had better deals) but it's worth noting that Steam was not an open platform that anyone could publish on. Much like for consoles, to put a game on Steam you had to have a preexisting relationship with Valve, or try to develop one with no certainty of success. This was also considered a very generous cut because getting on Steam was almost a guarantee of financial success.
"The 30% cut was considered very good at the time."
Let me fix this.
There was a full range of views. Some considered the 30% cut to be good at the time, some didn't consider it much at all, some considered it to be a criminal abuse of market power. I remember commenting myself that microsoft would be crucified for attempting to tax everyone who wanted to write software for windows 30% of revenue. I don't recall anyone suggesting that was a controversial comment.
You want to sell software you wrote to run on an iphone. You have zero choice. Apple tax your revenue.
You want to sell software you wrote to run on a pc. Steam is not your only choice. I am not defending steam or valve here, I've never sold anything using their stuff, nor am I suggesting anything other than that their market power over pc compared to apple's store over the iphone is not remotely comparable.
It actually works against you to suggest apple's iphone software store and steam are comparable at all because it's so incredibly bogus.
You want to make the case that steam suck too but with loads less market power. Go right ahead. We're listening. You don't need absolute and total market power to be abusive of it. Apple will immediately attempt redefine the market to include android or people spending money on coca cola instead of apple product to suggest that customers have real choice so there is no market power abuse here.
I can't help but feel like having it this way is breaking one of the huge reasons that made computers so absurdly exciting and enticing in the past.
The fact that there was this wide open field, where, sure, maybe you paid Microsoft for the OS, but then the rest was up to you. Trade shareware CDs, install stuff from the internet, type in code from a book or whatever, it felt like an infinite open field of possibilities.
I guess it's normal that the exciting frontier shifts around, but I really can't believe that it's somehow a good thing in this case.
When I was authoring software (over two decades ago) and a company acted as publisher they took 85% of gross.
For author/publisher relationships at that time, this was pretty typical (book authors/publishers being the closest analog).
Needless to say there was, in addition to the cost of creating and shipping floppies, advertising that the publisher had to cover.
Apple's 30% cut seemed fair to me when the App Store arrived.
I'm not sure if I would try to ship an iOS app these days though. Not because of Apple's cut but because of the race to the bottom that was unleashed shortly after the App Store gold rush: where now you don't appear to even be able to sell a $0.99 app.
No, it wasn't. I'm not going to dig up links, but one could pop a web site storefront and Fastspring for payment processing (as one example of a company I used) for less than 10% (Fastspring would take something like 6-7%, IIRC). Discovery has always sucked on Apple's store, so no value-add there. In fact, I'd argue that the only value-add one gets out of Apple's store is access to their closed garden.
And "50-90%"? Is that in reference to putting software in physical boxes and on CompUSA shelves? Because no mobile publisher charged 90% before Apple's store came along.
> The 30% cut was considered very good at the time. It was way better than the 50-90% cut that traditional publishers would take.
Why didn't Steve Jobs go with web distribution of first class web apps or allow Flash on his platform? If they truly wanted to be remarkable, this would have been the future.
The answer is control.
Apple is a cutthroat business just like any other, and their "privacy first" veneer is just a wolf in sheep's clothing. They're playing it up as an attack against Google and Facebook, meanwhile they still phone home about the apps you're running and can shut them off remotely.
Microsoft never taxed software on their platform. Jobs had to invent that business model. It flourished like wildflowers thanks to him.
This may be pedantic, but Steam was collecting its 30% long before the App Store opened. Thought maybe that was inspired by Apple's cut of music revenues in the iTunes Store.
I could walk into Best Buy and buy the game I want off the shelf. I have no such option if I want to buy an iOS app from a store or the developers themselves.
Steam also don't engage in anti-competitive behavior and prevent billions of people from using alternative game distribution methods like Apple does.
What we need is real competition in the mobile app distribution market to determine whether or not that 30% is actually fair, efficient and competitive. As it stands, there is no competition in mobile app distribution.
You pay 30% for all the hosting and listing and payment processing. But then you aren't required to use Steam to distribute your game — you could as well set up your own website. There's nothing preventing you. There's no predatory code signing on desktop OSes.
On the other hand, you can't sideload apps onto iOS devices. You HAVE to go through Apple. You either publish on the app store, or you don't have an iOS app. That's different. That's very different. That's antitrust-can't-happen-sooner different.
And just to be complete, there is little preventing other people from creating their own Steam (many do) or not using Steam at all (developers can publish their apps directly to users). This is not the case with the App store.
I suspect that statement was to placate people with "your car does it too", but mine certainly doesn't --- it doesn't even require a computer to run --- and the statement had the exact opposite effect, namely to revalidate the reason I don't drive a "modern car".
That said, I do have an Android, but it is rooted and spends most of its time off. As I type this message, it is on the other side of the room.
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
Apple established a standard for the Apple app store. There was a lot of complaint about "Apple Tax" and Apple merely pointed out that it wasn't a "Apple Tax". Sure, Apple started it but others which are not even connected to the Apple ecosystem simply followed. They could have not decided to but they did (Re:Table 1) [0]. Microsoft, Samsung, Google and Amazon all have the same 30% tax. Heck, even commission rates for Xbox, Playstation, Nintendo have the same rate (Re : Table 2). I am sure Apple is not forcing them to have those rates.
Somehow, this conversation turns into an "Apple" vs rest conversation. There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market". I would be open to come up to an alternate number. Most arguments against the 30% is that it is too high. Well, every penny that goes out from the developer's pocket is too high. The cost of an iPhone might be too high. Something, being too high is not an argument to not have that rate.
this is a classic example of how companies collude without direct communication. it's a type of game theoretic outcome that's actually taught in business school - how to read your competitor's intentions from public information (like pricing intentions) and legally act and counter-communicate publicly your own intentions to not compete (in many cases by not lowering price).
this can practically only happen in oligarchic markets (those controlled by a few large players) who can safely assume a smaller competitor won't undercut them. unfortunately, most major markets in the US are oligarchic, if not downright monopolized (e.g., cellular service).
> There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market".
There is no competition in the mobile app distribution market. Apple and Google have a duopoly on mobile app distribution, and they behave like a cartel when it comes to price fixing.
For over a decade now, consumers and developers could have benefited from real competition in the mobile app distribution market. Real competition between companies means that consumers can benefit from increased efficiencies and reductions in cost when it comes to distributing mobile apps.
Instead, Apple and Google have kept a stranglehold on the mobile app distribution market, and it took over a decade and the threat of regulation before Apple chose to lower costs to developers somewhat.
How can anyone know what prices are "industry standard" or "too high" when it comes to mobile app distribution if there is no real competition in that market, just a cartel consisting of two trillion dollar companies controlling mobile app distribution for nearly 13 years?
I have an android phone and there is one clear difference: I can go elsewhere to get apps other than the official channel. For Microsoft I can go as far as installing a whole different OS on the device. You can do neither with iPhones. Sure, you can buy a different phone but it isn't as simple as that
It even polluted into other markets, like Wolt.com taking a 30% (!!) cut of food delivered using their platform. On top of the actual delivery charges.
I remember thinking that Just-Eat.com were criminals for taking 10%.
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
I thought Apple chose that figure as game developers were already used to it from consoles and Steam.
It goes back much further than that—the mobile phone 'app' market was a lot worse (50%? And not a fun developer process) and was pretty poorly saturated by Java-based games and lightweight apps.
It all depends on what software / 'app' stores we're comparing to.
IMEI and serial number make sense, I think too: Apple’s activation lock is a big reason why I bought an iPhone and as far as I can tell, it requires interaction with the server on every boot to work.
I disagree that telemetry is inherently bad. As product engineers, telemetry is often our only visibility into whether or not a system is functioning healthily. How else can you detect difficult-to-spot bugs in production?
As a software engineer I disagree. You are saying that you want to collect my personal information so you can fix your bugs. I don't see it being a valuable trade. I'll just find someone who can fix their bugs without tracking me.
+1 to this. As long as proper privacy concerns are addressed and the data gathering is imperceptible to the product experience, telemetry signals are immensely valuable for improving the product in a variety of ways.
So why does $product need to send telemetry data via google? Why can highly complex software that runs most of the worlds internet infrastructure (linux) work without telemetry? Why is telemetry not opt-in or relies on reports in situation where a bug causes an issue like firefox crash reports? I'd rather have privacy and buggy software then bug free software in exchange for no privacy at all
We’re increasing the risk exposure for every user for our own trivial convenience. It is inherently bad, just like other forms of widespread surveillance that is often motivated by some seemingly good cause, like catching terrorists.
Telemetry is inherently bad if it's not done with the informed, opt-in consent of the end user whose data it's (mis)appropriating, oftentimes silently.
There's no issue with opt-in telemetry, where the user says "yes, it's okay to track me".
Invisible, silent, always-on telemetry is actually just spyware that's been mislabeled.
Ultimately it's not the telemetry that's at issue: it's the unethical and selfish behavior of the software/device manufacturer.
No sane or reasonable person thinks that an EULA is informed consent.
Once upon a time fixing bugs in production didn't happen because the product got all the bugs out before production. If it had bugs in production, the product failed.
The more concerning thing about the car data is that the manafacturers resell it to third parties and those third parties have the right to resell it again. It's a mess.
As a comparison, I don't know if much of Google's data ever leaves Google.
i'm getting the impression that iot providers have far, far lower privacy standards vs dedicated tech providers. This to me indicates that they don't take the internet capability of their kettles/cars seriously enough. It's just a gimmick. This is not a constructive way to advance iot.
I read Steven Levy's book "Hackers" recently. One interesting insight was that developers for Sierra On-line and other early publishers had deals for the developer to get a 30% royalty on the games they wrote, with Sierra collecting 70% as the publisher. Over time, as there was some market saturation in the early 80s, this number decreased.
Got a courtesy call from BMW the other day to let me know my brake fluid needed changing and would I like an appointment made at my nearest garage?
I get that there are privacy concerns, but also that's pretty cool. It also has GPS and will automatically alert BNW if air bags are deployed. Has saved lives.
It is like I tell my kids, "pointing to bad behavior does not justify your bad behavior"
Cities frequently do this when they want to raise fees or taxes, 'Hey look at City B and City C, our fees are still lower even with this unneeded and uncalled for increase'
>Cars only started doing this because phones made it normal. It's wrong in both cases.
I don't know that this is true, planes have been doing it for quite some time now, although obviously they existing in a totally different bracket of price and complexity.
although obviously they existing in a totally different bracket of price and complexity.
There's a whole world of difference between a plane operating commercial service in a highly-regulated industry and one's own car. At least there is an expectation of personal privacy - and some semblance of freedom - with the latter.
It’s way worse. Google is the pioneer in that type of analytics.
Apple took the existing model and automated it. They didn’t invent it, it’s been around since RCA/Victor. Retail takes bigger cuts (Walmart used to get 60% from AV vendors). Enterprise software resellers and distributors take a similar share to Apple, and do other shenanigans as a financing mechanism. When you hear about “shipments” that’s what that means.
Let's not forget that "better" is from the viewpoint of a giant corporation whose primary reason for existence is to suck as much profit out of you as it can...
Which makes it weird that we accept this bullshit from our phones, considering that you have your phone with you whether you're driving or walking or taking the bus.
"20X more telemetry", in terms of data usage, is a pretty meaningless statistic on its own (unless it's large enough to affect your mobile data cap or something).
For instance, I would consider it a much bigger privacy violation for my phone to transmit my exact location every hour than my current CPU usage every 10 seconds.
Which Apple is apparently doing - they send location, local IP, and nearby wifi mac addresses even when you're not logged in. Similarly Apple is collecting more data types than Google according to the research paper.
They do send nearly WiFi hotspots for crowd sourcing purposes but it is never in conjunction with your local IP address (which is an identifying piece of information).
Allowing wifi mac addresses, ssids, bssids, etc. of leased equipment in combination with subscriber address/goelocation to be shared or otherwise disclosed to third party affiliates, partners, agencies is a requirement included in the fine print of some residential ISP's agreement terms I've read, fwiw.
I assumed that this probably is implemented as a 'non-public' goelocation service api as well raw data sharing agreements in some cases, but I'd doubt the data 'processors' and 'controllers' are known to anyone outside those parties.
Sending telemetry can get expensive: in situations where bandwidth/throughput is restricted people often get picky about giving PCs with Windows installed internet access because of this. It can be bad even in normal situations: My girlfriend's laptop has so much broken telemetry crap between Microsoft and HP that her applications actually get pushed into swap (or whatever it's called on Windows.)
Sending telemetry _poorly_ can get expensive. A good client can aggregate, even compress locally, and publish telemetry in batches. Let's not rule out telemetry entirely because of bad implementations.
I'd say the moral of the story here is that Microsoft and HP just write shitty software.
Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039
Does this matter? How many people do you know that aren't logged in on their phones? It is literally one the first things Android asks you to do even before showing you the main screen.
> When the user is _not_ logged in, iOS collects "location" whereas Android does not.
This may be only technically true. It's not Android, it's Google Play Services, which collects "anonymized", high-accuracy[1] location data constantly.
[1] Yeah, that's actually a contradiction-in-terms. There is no such thing as anonymized, high-accuracy location data.
It doesn’t seem like they actually “collect” this information with any identifier and only use it for limited strict purposes. This is unlike google who can pop up a map of everywhere you’ve been minute by minute over the last 5 years. I guess that’s only when you’re logged in to your google account, but that’s 99% of Android phones.
I only skimmed the paper, but I think the title extracts and confuses a small part of the paper:
"Google collects around 20 times more handset data than Apple"
They didn't intend to say that google collects 20x more data than apple in total, which is what the use of the term "devices" kinda leads us to think. The paper seemed to be equally critical of both and this article made it into an attack on google.
Idk which device is worse, but this article title is a bit misleading. Why not just quote the paper directly?
As users, we are assured that telemetry is only for the purpose of "improving products and services", "improving user experience", etc. If one company is collecting 20x as much as another, all else being equal, one would expect that this would be reflected in the quality of the product/service/experience.
Of course, Google's service is to advertisers, first and foremost. Users generally do not pay for what they receive from Google. Perhaps Google's paying customers, advertisers, are the ones seeing the improvement in the quality of service as a direct or indirect result of telemetry.
YMMV, but as much as I like Apple Maps and use it as much as I can, for the more complex/unknown routes I definitely rely more on Google Maps to get it right. I don't know if telemetry is the cause for the better service, but it is noticeably better for me.
Separately, I'm also a google customer as I run an Ad campaign for a small business (skilled labor), and the dollars spent on search ads are extremely efficient with an incredible ROI. Even with CACs in the 10s of dollars, with the size of the contracts being signed it typically costs much less than .5% of the total.
Just quickly comparing Apple Maps and Google Maps:
There is no Apple Maps web page. With Google I can do a complex route plan on my PC and my phone will have the "recent searches" in it ready to go when I get in the car.
Apple Maps doesn't show how packed the trains are. Google Maps shows me how full individual train carriages are!
Apple Maps can't provide cycling directions in my area (a world city!), Google can.
Apple Maps routinely provides driving time estimates that are 2x longer or 2x shorter than the actual time. The Google maps estimation error is more like 5-10% instead of 100%!
Google Maps has a trustworthy "star" review score for local restaurants. Anything that's mid-4s or higher with over a hundred reviews is definitely worth going to. For a popular local cafe Apple maps shows the worthless Tripadvisor score with just 16 votes. Google shows its own data with 357 votes.
I don't think this is necessarily true. I believe that Google Maps navigation and location accuracy is significantly better on Android than iOS (no claim on 20x...but anectdatally better)
Google Maps getting more precise telemetry data is actually so useful in improving the navigation experience in tricky intersections, overlapping roads, or low bandwidth areas where GPS signal and service can be spotty. I can speak from experience that friends with Android phones experience less jumpiness in their GPS location, less errors in navigation, and less of that pesky "You've Arrived" notification triggering when still far away from the destination.
Also anecdotally speaking, conversely, I used to use Waze/Google Maps, and nowadays just use Apple Maps. The latter has been more than sufficient in my day to day travels. I can't think of any errors in navigation.
If telemetry is used for improving services then why does every project who's UI decisions are based on telemetry[1] consistently rebuild their UIs in less usable and less user friendly ways?
[1] Pretty much anything from Mozilla or Google, Reddit, lots of others.
You bet they are improving. I don’t know any big vendor who is worse than google in ux. Another question is, where is the good old “hiring few hundred users from different groups and watching what they do with a test device” instead of spying on millions of the same kind.
A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure. Years ago Google SRE wanted to extend observability beyond their edge so that there could be an SRE team responsible for the performance of first-party mobile applications. So, there's an SRE team at Google with a dashboard that shows them Google search latency from Google app v42 and v43 which is deployed to 1% of clients. This is why there is so much telemetry.
Another big thing about Android is anti-abuse, keeping people from running ad click fraud in apps running on emulators. That is the whole DroidGuard thing that the paper mentions and doesn't explore further. It is a device-specific virtual machine and bytecode for the virtual machine which is intended to authenticate it as a real device, not an emulator.
> A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure.
This quote should be more than enough to justify legally separating Google from ownership of both platforms. It is a similar problem we're seeing Tesla now extend to it's cars. Regardless of who legally owns the device, the company's employees feel entitled to data from it and de facto ownership of it. In most cases collecting data that the actual owner of the device is unable to see or utilize themselves.
Not all of it is inaccessible to users. CPU profiles of ChromeOS, for example, are collected on user devices, aggregated, and checked into the public source code repos where anyone can use them, usually for optimizing a chromium build but any purpose you can think of.
Every week there's a story here on HN that makes me mourn the demise of the Nokia N900. Still the best smartphone ever made by a massive margin.
I hope both those things are made obsolete by stories of smartphones that work well and are vastly more trustworthy than Google and Apple. The longer it takes, the harder it gets. Whatsapp/Signal ports are now hard requirements for much of the population. :S
yeah, about them. Don't we all want them to go on to succeed as well as the n900? Then better. Want that badly. Or anything else similar. Not yet though, huh?
In addition to size of the data transmission being a poor measure of privacy implications (XML versus JSON anyone?), this paragraph is nonsense: "The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes."
Apple doesn't have an advertising business, nor does it share that information with advertisers.
"Several pre-installed system apps make regular network connections that share device identifiers and details
...
The Clock app connects to Google Analytics ssl.
google-analytics.com/batch."
Really, the clock app calls analytics on a regular basis. That is just ridiculous.
What are the best alternatives to iOS and Android? Is it reasonable to consider the hardware itself "safe", given that the software tracks and calls home about every single thing it does? What are the alternatives?
As mentioned in sibling comment, there are no alternative, but I use microG, which is an open source Google Play Services (the core vehicle of most of this fuckery) shim that allows you to use apps that require Google Play Services (like Uber or Tinder or whatever) without actually having to install any binary blobs from Google. The future is so stupid.
There's /e/ OS for one. Debatable how far you get from the Google ecosystem, since it's an AOSP fork, but I think it's a fine middle ground of functionality and practical privacy.
The hardware itself is insecure in 99% of modern phones because the modem has its own tiny CPU with access to the main CPU and memory. I have no evidence that anyone does use this to collect your data, but somebody totally could. Desktop processors have something similar called the Intel Management Engine or AMD Ryzen has the PSP
None of the distributions on the PinePhone work well for all the things that people use that little computer in their pocket (which is no longer just a phone) for. For maps, for instance, all of the PinePhone's choices are little more than lightweight tech demos compared to, say, OSMAnd on Android. There is no official Signal client, no powerful browser beyond the clunky Desktop-Firefox-for-Postmarket-OS hack, etc.
It is unlikely that "all the work that would need to be done" to make the PinePhone as useful as an Android phone (even with pure libre software) will even get done. The problem is that the PinePhone is just too underpowered in CPU and RAM, comparable to devices from many years ago. Plus, the PinePhone dev community just doesn’t appear to be large and motivated enough to cover all the bases of e.g. battery optimization that the corporate mobile developers have done.
> Note that if you clear your cache, you will lose your opt-out setting.” Tap OK to continue and implement the change.
Which cache is that talking about, the browser, or some system level thing? Doesn't clearing your cache break some of their fingerprinting and tracking stuff (timing side channels, etc.)? Seems kind of egregious to have clearing that simultaneously opt you back in.
PSA: This does NOT stop Google tracking your smartphones location. If you think taking these steps means Google's blissfully unaware of where your smartphone is located is denying themselves reality, there are many, many ways to track where a handset is at any given moment (IP address, cellular tower location, with 5G it can be even more precise).
I'd be shocked if after turning off all the settings on my phone it was impossible to track its location via some capability somewhere.
Last week my Pixel started to display an overlay with closed captions of the audio flowing through the device.
It listens in on any audio and transcribes it. Probably handy for podcasts, but other things are just scary.
Maybe it's OK if Google does it, I don't really know. I dislike it, it concerns me. The device would have a transcription of audio conversations I have through apps like WhatsApp. Or it could do something useful like transcribe podcasts and hand the transcription over to the owners, so that they can publish it along with their podcasts, without Google needing to dedicate their servers to it.
But if companies like Xiaomi get this feature for free on Android 15 or 16, I know what they will use this tech for. I know what Facebook would use this tech for, and I wouldn't be surprised if they finally start to sell a cheap but powerful Android device.
With offline transcription the "your device is recording me" will get so much harder to detect, as no audio will get streamed. It will become so easy to listen for keywords like "lawnmower" and count their occurrences or their proximity to phrases like "need to buy", or "is pregnant" and stuff like that.
When you enabled the Live Caption (similarly to how folks told you to disable it --- on my phone it was turned off by default) the following informational screen should have been displayed:
"Live Caption detects speech on your device and automatically generates captions.
When speech is captioned, this feature uses additional battery. All audio and captions are processed locally and never leave the device. Currently available in English only."
So note that Google does not get a copy of the audio stream. It stays local to your device only. I don't know about you, but seems like a really handy feature to me, especially for those who might have hearing difficulties.
The live transcription behavior is enabled by a button at the bottom of the volume control toggle. If it transcribes even if that button is off that seems a lot more concerning.
I don't think transcribing on device and then uploading would make any sense: for something like podcasts they could just do serverside transcription (they already do for youtube videos at least).
I'm waiting for a traffic analysis to turn up that Google gathers location, wifi APs and cell towers even when all possible consent is revoked. Because, with Google's greed, no way I'm believing that they would give that up, and I'm not turning the location service on.
Reminder that Google literally provides a location database for US cops, who are getting bulk data on people simply being in some place at some time and doing nothing wrong: https://www.nytimes.com/2019/04/13/technology/google-sensorv... Meanwhile other countries want to make Google store that data on their territory when it's about their citizens.
“The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes.
Second, that the telemetry collection process allows the OS makers to track users’ location based on the IP address that connects and uploads device telemetry to their servers.
The researcher said that currently, there are very few, if any, realistic options for users to prevent telemetry collection from their devices.”
This is not what I signed up for, makes me want to leave my smartphone at home or in a faraday cage powered off so I’m not being triangulated by cell towers or these ubiquitous telemetry logs.
One thing I noticed is that Google does not collect location and nearby MACs by default and Apple does. That's a pretty serious difference IMO. And one I didn't expect.
Some skips the device's own MAC but they already know that anyway as they manufactured it.
"Google and Apple both collect a lot more telemetry from devices with Android/iOS respectively devices then they should be; with Google outdoing Apple."
You can turn "location" off on Android just as you can turn "third party cookies" off on the Chrome browser. Google counts on 95% of users not doing that. Neither of these are perfect solutions but they do help a lot for minimal effort.
There is no point defending Apple or Google. Both of them probably collect data. Personally I'd be more comfortable with Apple collecting my data as they don't have an Advertisement based model. They've less incentives to use our data, whereas Google's business is based around that very idea! Apple advocates privacy and has made many features available as part of the IOS to enable very granular level control.
Both Google and Apple forbid health agencies around the world wanting to install apps to store similar data for the purposes of pandemic data and suppression - which is understandable that many governments would use it for all sorts of nefarious reasons, but it's also rather hypocritical that they can infer that 'we can use it for whatever because quality. And advertising'.
I've switch off every possible toggle on Apple TVs, iPhones MacBooks and all the devices still ping back to Apple HQ with time.apple.com, time-osx.g.aaplimg.com, metrics.icloud.com..... so I take this with a grain of salt. I've logged all DNS - using nextdns - and the number of requests back to HQ is more that it should be.
Approaching this constructively - is it possible that this data is used for verification purposes? E.g. iOS will alert your iCloud account if it detects a new IMEI/phone number?
The claim of “20x more data” is a bit suspect as well. 20x the byte-level amount of data? Yes, the math checks out. 20x the data points? Likely not.
Well I have a different personal email account and a different google phone account.
There used to be more android mail apps that allow logging in directly without using the phone’s credentials but its getting more and more rare.
Any Android mail apps suggestionsthat use web login than android are welcome
Google makes money by collecting data (and lately, cloud services), Apple makes money by selling hardware and putting huge margin on it. (And lately, cloud services.)
So it's all not surprising, really? Different business models lead to different outcomes.
I'd be interested to learn more. E.g, to what extent is the data anonymized?
I also want to know what the data is used for and how long it is stored for, but I suppose those are very tough questions for an external researcher to test.
It's all the little needling ways that get to me. For example, Google Maps works fine with GPS. However, if you drag the map view so it isn't centered on you and tap the "center" button, you get a pop-up begging you to let Google scan for access points even when your wifi is turned off. Hit no and hit the center button again and it works normally.
Fucking why, Google? It's irrelevant to the function I'm trying to use. Not only that but you already have my answer, which is no. Maybe I don't want to be your personal 24/7 wardriver. Maybe I don't want you running my battery down for no reason. Maybe I'm somewhere I'm not allowed to emit 2.4GHz signals and your scanning could get me in trouble with my job or even the law.
Data collection is what companies do when they have no empathy. It's like an ivory tower effect where you don't interact with customers day to day or don't know what they want, so you try to use data to fill in the (large) gap. I could come up with countless examples of amazing products where nobody was using data to justify their decisions.
If you're saying they are the product, that's a very old trope and easily falsified. For example, advertisers come to Facebook because, and only because, users are there. If users stopped liking Facebook, they wouldn't be there anymore. If they aren't there anymore, advertisers don't want to be there either. Thus, Facebook is incentivized to keep users happy - they are the most important people to Facebook. From what I've heard, Facebook struggles to get engineers to work on ads. If advertisers were the true customers, I imagine most engineers would be more gung-ho to work on ads because that would align more closely with career success at the company.
The above doesn't justify unrestrained tracking of user activity - but let's not pretend companies get to where they are because they create a first-class space for advertisers. They get to where they are because they, at least at one point, created a great product for their customers.
You'd have to ask Apple, but I'd imagine they would say they use it to improve location services. Access point / MAC address data is really useful in aggregate as a way of augmenting GPS, especially indoors. And of course it's also a great way of seeing who associates with each other, but that's at least somewhat mitigated by most devices broadcasting random MAC addresses until they actually join a network.
It's a long often too verbose read by "The Age of Surveillance Capitalism" is unforgiving in its detailing of the past, and relentless in its fear of what the future likely holds.
Most people seem to say "oh I know they're collecting data." Unfortunately they don't - likely can't - grasp the depth and breadth. And the motive? Most will never make it that far.
The Age of Surveillance Capitalism rips off the bandaid, one greepy greedy power move at a time.
For example, the phones send tons of data to Google when first booted. But there is no data on the phone at that point! Then maybe this is not data gathering just bad software??
There IS a lot of data even at the very first boot: unique device ID, IP address, MAC address, location, SSID, etc. It can be used to track you later on.
I think the most important point here is missing. When Google collects data, it's the basis of their whole existence. It is the source of their main stream of income.
When Apple does it, I'm sure it helps, but that data is not the reason Apple is one of the biggest companies in the world. And that is why I use iPhone.
Most of the info Apple sends shouldn't be considered telemetry though.
The hardware info is used to make sure that blacklisted/stolen devices are rendered inoperable.
The other requests are simply due to used apps...it seems the researcher is unclear about many aspects of iOS. i.e. typing a url into Safari kicks off to find links, apps, etc. that will be the logical next step for a "search"
He also doesn't understand the difference between Siri the voice assistant and Siri the platform.
tldr; Google vacuums everything it can...Apple is the exact opposite.
This is precisely why I always choose to use the mobile version of a site/app rather than the app if it's available.
Safari has great adblocking. Also, the mobile version of a site is typically a superior UX compared to apps because the controls are consistent. It's usually faster, and best of all, it's MUCH easier to block all of the tracking.
I went to visit an apartment to rent with a friend. While waiting for the owner my friend was reading the names on the mailbox, and read the "x" out loud said "this person is probably Romanian". I when I was home I had notification if I knew this "x" person. All this time my phone was in my pocket. It is just creepy and I'm going to change my pixel 2 as soon as I can for an Iphone.
I mean at this point it's obvious if you're using a digital device data is going to be collected, that's part of society and living in the 21st century; could be your toothbrush, fridge, washing machine, car...All these devices generate data that is going to be collected.
It's also changing how crime is investigated; Google can be asked for a list of smartphones in an area at a given time, can be used to collect evidence or information (were you in this building on this floor at this time?). Carrying a smartphone can implicate you (or not) and you can be photographed by anyone at any moment regardless of your "rights".
I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
This is neither shocking nor unexpected. Humans generate data, data is going to be collected and used.
That's not going to change any time soon. Some thought Google would introduce a similar privacy feature to Apple's tracking consent but I lol'd at anyone who believed that.
>I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
While I agree with this in principle, I've never really understood why we forgive poor user behaviour when it comes to computers when we don't do the same with basically any other tool humans regularly use, despite the negative consequences being comparable, I don't think it's reasonable to expect people to just quietly accept 'tracking's just the way it is, deal with it.'
That doesn't come down to poor user behaviour in that case, it comes down to malicious behaviour by device manufacturers and software developers in the name of profit.
It's all well and good to expect users to take steps to deal with that behaviour, but it shouldn't just be accepted that, 'that's just the way it is.' And companies should be held accountable for at least the deceit that surrounds it.
Just being honest and open about it all would be a start. At least then you could make the excuse 'oh well the user should have tried harder to not be tracked.' Because they have a fair chance of knowing where and how they're being tracked.
This current system of deceit and bullshit is the problem.
The point of the comparison made in the headline here is exactly that one does not need to expect the worse from everyone and therefore stop caring and complaining.
" Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways." -Google
This is a beautiful quote because it is an example of one industry's bad behavior leading to another industry's bad behavior, upon which the first industry then users the second's similarity to justify themselves. Cars only started doing this because phones made it normal. It's wrong in both cases.
It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
The 30% cut was considered very good at the time. It was way better than the 50-90% cut that traditional publishers would take.
A sibling comment notes that Steam charged 30% at the time (though some had better deals) but it's worth noting that Steam was not an open platform that anyone could publish on. Much like for consoles, to put a game on Steam you had to have a preexisting relationship with Valve, or try to develop one with no certainty of success. This was also considered a very generous cut because getting on Steam was almost a guarantee of financial success.
"The 30% cut was considered very good at the time."
Let me fix this.
There was a full range of views. Some considered the 30% cut to be good at the time, some didn't consider it much at all, some considered it to be a criminal abuse of market power. I remember commenting myself that microsoft would be crucified for attempting to tax everyone who wanted to write software for windows 30% of revenue. I don't recall anyone suggesting that was a controversial comment.
33 replies →
This is such a nonsense justification.
You want to sell software you wrote to run on an iphone. You have zero choice. Apple tax your revenue.
You want to sell software you wrote to run on a pc. Steam is not your only choice. I am not defending steam or valve here, I've never sold anything using their stuff, nor am I suggesting anything other than that their market power over pc compared to apple's store over the iphone is not remotely comparable.
It actually works against you to suggest apple's iphone software store and steam are comparable at all because it's so incredibly bogus.
You want to make the case that steam suck too but with loads less market power. Go right ahead. We're listening. You don't need absolute and total market power to be abusive of it. Apple will immediately attempt redefine the market to include android or people spending money on coca cola instead of apple product to suggest that customers have real choice so there is no market power abuse here.
32 replies →
I can't help but feel like having it this way is breaking one of the huge reasons that made computers so absurdly exciting and enticing in the past.
The fact that there was this wide open field, where, sure, maybe you paid Microsoft for the OS, but then the rest was up to you. Trade shareware CDs, install stuff from the internet, type in code from a book or whatever, it felt like an infinite open field of possibilities.
I guess it's normal that the exciting frontier shifts around, but I really can't believe that it's somehow a good thing in this case.
16 replies →
It depends of course on how you published.
When I was authoring software (over two decades ago) and a company acted as publisher they took 85% of gross.
For author/publisher relationships at that time, this was pretty typical (book authors/publishers being the closest analog).
Needless to say there was, in addition to the cost of creating and shipping floppies, advertising that the publisher had to cover.
Apple's 30% cut seemed fair to me when the App Store arrived.
I'm not sure if I would try to ship an iOS app these days though. Not because of Apple's cut but because of the race to the bottom that was unleashed shortly after the App Store gold rush: where now you don't appear to even be able to sell a $0.99 app.
1 reply →
Bullshit - we were building and publishing mobile apps in the early 2000’s and the top rate was 15%.
The 30% cut was considered very good at the time.
No, it wasn't. I'm not going to dig up links, but one could pop a web site storefront and Fastspring for payment processing (as one example of a company I used) for less than 10% (Fastspring would take something like 6-7%, IIRC). Discovery has always sucked on Apple's store, so no value-add there. In fact, I'd argue that the only value-add one gets out of Apple's store is access to their closed garden.
And "50-90%"? Is that in reference to putting software in physical boxes and on CompUSA shelves? Because no mobile publisher charged 90% before Apple's store came along.
17 replies →
> The 30% cut was considered very good at the time. It was way better than the 50-90% cut that traditional publishers would take.
Why didn't Steve Jobs go with web distribution of first class web apps or allow Flash on his platform? If they truly wanted to be remarkable, this would have been the future.
The answer is control.
Apple is a cutthroat business just like any other, and their "privacy first" veneer is just a wolf in sheep's clothing. They're playing it up as an attack against Google and Facebook, meanwhile they still phone home about the apps you're running and can shut them off remotely.
Microsoft never taxed software on their platform. Jobs had to invent that business model. It flourished like wildflowers thanks to him.
10 replies →
This may be pedantic, but Steam was collecting its 30% long before the App Store opened. Thought maybe that was inspired by Apple's cut of music revenues in the iTunes Store.
I could walk into Best Buy and buy the game I want off the shelf. I have no such option if I want to buy an iOS app from a store or the developers themselves.
Steam also don't engage in anti-competitive behavior and prevent billions of people from using alternative game distribution methods like Apple does.
What we need is real competition in the mobile app distribution market to determine whether or not that 30% is actually fair, efficient and competitive. As it stands, there is no competition in mobile app distribution.
9 replies →
You pay 30% for all the hosting and listing and payment processing. But then you aren't required to use Steam to distribute your game — you could as well set up your own website. There's nothing preventing you. There's no predatory code signing on desktop OSes.
On the other hand, you can't sideload apps onto iOS devices. You HAVE to go through Apple. You either publish on the app store, or you don't have an iOS app. That's different. That's very different. That's antitrust-can't-happen-sooner different.
47 replies →
And just to be complete, there is little preventing other people from creating their own Steam (many do) or not using Steam at all (developers can publish their apps directly to users). This is not the case with the App store.
Older app stores and especially physical retail collected a lot more than 30%.
Steam charges that amount because it brought a customer to you.
If I did my own marketing to gamers and they downloaded the game from my website I would have to pay 0% to any intermediary.
I suspect that statement was to placate people with "your car does it too", but mine certainly doesn't --- it doesn't even require a computer to run --- and the statement had the exact opposite effect, namely to revalidate the reason I don't drive a "modern car".
That said, I do have an Android, but it is rooted and spends most of its time off. As I type this message, it is on the other side of the room.
Out of curiosity, how old is your car?
1 reply →
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
Apple established a standard for the Apple app store. There was a lot of complaint about "Apple Tax" and Apple merely pointed out that it wasn't a "Apple Tax". Sure, Apple started it but others which are not even connected to the Apple ecosystem simply followed. They could have not decided to but they did (Re:Table 1) [0]. Microsoft, Samsung, Google and Amazon all have the same 30% tax. Heck, even commission rates for Xbox, Playstation, Nintendo have the same rate (Re : Table 2). I am sure Apple is not forcing them to have those rates.
Somehow, this conversation turns into an "Apple" vs rest conversation. There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market". I would be open to come up to an alternate number. Most arguments against the 30% is that it is too high. Well, every penny that goes out from the developer's pocket is too high. The cost of an iPhone might be too high. Something, being too high is not an argument to not have that rate.
[0] https://www.analysisgroup.com/globalassets/insights/publishi...
this is a classic example of how companies collude without direct communication. it's a type of game theoretic outcome that's actually taught in business school - how to read your competitor's intentions from public information (like pricing intentions) and legally act and counter-communicate publicly your own intentions to not compete (in many cases by not lowering price).
this can practically only happen in oligarchic markets (those controlled by a few large players) who can safely assume a smaller competitor won't undercut them. unfortunately, most major markets in the US are oligarchic, if not downright monopolized (e.g., cellular service).
16 replies →
> There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market".
There is no competition in the mobile app distribution market. Apple and Google have a duopoly on mobile app distribution, and they behave like a cartel when it comes to price fixing.
For over a decade now, consumers and developers could have benefited from real competition in the mobile app distribution market. Real competition between companies means that consumers can benefit from increased efficiencies and reductions in cost when it comes to distributing mobile apps.
Instead, Apple and Google have kept a stranglehold on the mobile app distribution market, and it took over a decade and the threat of regulation before Apple chose to lower costs to developers somewhat.
How can anyone know what prices are "industry standard" or "too high" when it comes to mobile app distribution if there is no real competition in that market, just a cartel consisting of two trillion dollar companies controlling mobile app distribution for nearly 13 years?
6 replies →
I have an android phone and there is one clear difference: I can go elsewhere to get apps other than the official channel. For Microsoft I can go as far as installing a whole different OS on the device. You can do neither with iPhones. Sure, you can buy a different phone but it isn't as simple as that
It even polluted into other markets, like Wolt.com taking a 30% (!!) cut of food delivered using their platform. On top of the actual delivery charges.
I remember thinking that Just-Eat.com were criminals for taking 10%.
Hungry.dk takes 1-2%.
1 reply →
> It's similar to when Apple defended it's 30% store cut by claiming it's an "industry standard"... specifically, an industry standard that Apple established.
I thought Apple chose that figure as game developers were already used to it from consoles and Steam.
It goes back much further than that—the mobile phone 'app' market was a lot worse (50%? And not a fun developer process) and was pretty poorly saturated by Java-based games and lightweight apps.
It all depends on what software / 'app' stores we're comparing to.
I honestly don't mind information about crashes being sent as long as it is very sanitized and easy to disable- similar to how Fedora reports issues.
They send only a list of functions on the stack without any of the arguments or data.
Example: https://retrace.fedoraproject.org/faf/problems/bthash/?bth=3...
Where Google goes too far is sending everything in the name of security or better yet to "serve" the user.
IMEI and serial number make sense, I think too: Apple’s activation lock is a big reason why I bought an iPhone and as far as I can tell, it requires interaction with the server on every boot to work.
1 reply →
I disagree that telemetry is inherently bad. As product engineers, telemetry is often our only visibility into whether or not a system is functioning healthily. How else can you detect difficult-to-spot bugs in production?
> our only visibility into whether or not a system is functioning healthily.
Your problem here is viewing the end user's setup as part of your system.
It's the user's private system -- why should you have any visibility into how it is functioning?
5 replies →
As a software engineer I disagree. You are saying that you want to collect my personal information so you can fix your bugs. I don't see it being a valuable trade. I'll just find someone who can fix their bugs without tracking me.
6 replies →
For me, the point is really about control.
These companies know people don’t actively want to be surveilled which is why they sneak this shit in instead of being upfront about it.
If it was so great for consumers it would be an opt in not an opt out hidden behind a series of dark patterns.
Even Apple switches Siri back on after every OS upgrade.
+1 to this. As long as proper privacy concerns are addressed and the data gathering is imperceptible to the product experience, telemetry signals are immensely valuable for improving the product in a variety of ways.
3 replies →
So why does $product need to send telemetry data via google? Why can highly complex software that runs most of the worlds internet infrastructure (linux) work without telemetry? Why is telemetry not opt-in or relies on reports in situation where a bug causes an issue like firefox crash reports? I'd rather have privacy and buggy software then bug free software in exchange for no privacy at all
9 replies →
We’re increasing the risk exposure for every user for our own trivial convenience. It is inherently bad, just like other forms of widespread surveillance that is often motivated by some seemingly good cause, like catching terrorists.
Telemetry is inherently bad if it's not done with the informed, opt-in consent of the end user whose data it's (mis)appropriating, oftentimes silently.
There's no issue with opt-in telemetry, where the user says "yes, it's okay to track me".
Invisible, silent, always-on telemetry is actually just spyware that's been mislabeled.
Ultimately it's not the telemetry that's at issue: it's the unethical and selfish behavior of the software/device manufacturer.
No sane or reasonable person thinks that an EULA is informed consent.
Once upon a time fixing bugs in production didn't happen because the product got all the bugs out before production. If it had bugs in production, the product failed.
3 replies →
The more concerning thing about the car data is that the manafacturers resell it to third parties and those third parties have the right to resell it again. It's a mess.
As a comparison, I don't know if much of Google's data ever leaves Google.
i'm getting the impression that iot providers have far, far lower privacy standards vs dedicated tech providers. This to me indicates that they don't take the internet capability of their kettles/cars seriously enough. It's just a gimmick. This is not a constructive way to advance iot.
2 replies →
I read Steven Levy's book "Hackers" recently. One interesting insight was that developers for Sierra On-line and other early publishers had deals for the developer to get a 30% royalty on the games they wrote, with Sierra collecting 70% as the publisher. Over time, as there was some market saturation in the early 80s, this number decreased.
> cars regularly send basic data
I'm still terrified by the fact that some cars now apparently have network interfaces for some reason.
Got a courtesy call from BMW the other day to let me know my brake fluid needed changing and would I like an appointment made at my nearest garage?
I get that there are privacy concerns, but also that's pretty cool. It also has GPS and will automatically alert BNW if air bags are deployed. Has saved lives.
4 replies →
It is like I tell my kids, "pointing to bad behavior does not justify your bad behavior"
Cities frequently do this when they want to raise fees or taxes, 'Hey look at City B and City C, our fees are still lower even with this unneeded and uncalled for increase'
>Cars only started doing this because phones made it normal. It's wrong in both cases.
I don't know that this is true, planes have been doing it for quite some time now, although obviously they existing in a totally different bracket of price and complexity.
although obviously they existing in a totally different bracket of price and complexity.
There's a whole world of difference between a plane operating commercial service in a highly-regulated industry and one's own car. At least there is an expectation of personal privacy - and some semblance of freedom - with the latter.
Apple didn’t establish the 30% cut. They kited the idea from console makers and other walled garden industries that came before them.
This doesn’t make it more defensible, but they didn’t create it.
It’s way worse. Google is the pioneer in that type of analytics.
Apple took the existing model and automated it. They didn’t invent it, it’s been around since RCA/Victor. Retail takes bigger cuts (Walmart used to get 60% from AV vendors). Enterprise software resellers and distributors take a similar share to Apple, and do other shenanigans as a financing mechanism. When you hear about “shipments” that’s what that means.
OT, but since you mentioned it, does anyone happen to know what the most recent model years without any kind of cellular radio might be?
In a similar vein, can the radios be physically removed from any newer cars without the car complaining about it?
Depends on the package you opt for, but I'd guess up to 2011 for cars without onstar
1 reply →
Telemetry allows people to make better decisions. It's not a bad practice. Information deserves to be free.
Let's not forget that "better" is from the viewpoint of a giant corporation whose primary reason for existence is to suck as much profit out of you as it can...
1 reply →
I wonder if they figured out the perfect "benign phrases" using a/b testing.
It's called the "tu quoque" logical fallacy
Such an important point.
And, as with most things, there’s an XKCD for that: https://xkcd.com/978/
I seriously don’t mean this in an offensive way. But isn’t bringing Apple now into this, “Whataboutism” in disguise?
>cars regularly send basic data
My car doesn't and I absolutely would never buy one that does even if that meant walking/taking the bus.
Which makes it weird that we accept this bullshit from our phones, considering that you have your phone with you whether you're driving or walking or taking the bus.
4 replies →
"20X more telemetry", in terms of data usage, is a pretty meaningless statistic on its own (unless it's large enough to affect your mobile data cap or something).
For instance, I would consider it a much bigger privacy violation for my phone to transmit my exact location every hour than my current CPU usage every 10 seconds.
Which Apple is apparently doing - they send location, local IP, and nearby wifi mac addresses even when you're not logged in. Similarly Apple is collecting more data types than Google according to the research paper.
Please provide evidence of this because Apple's official documentation says otherwise:
https://support.apple.com/en-us/HT203033
They do send nearly WiFi hotspots for crowd sourcing purposes but it is never in conjunction with your local IP address (which is an identifying piece of information).
14 replies →
Allowing wifi mac addresses, ssids, bssids, etc. of leased equipment in combination with subscriber address/goelocation to be shared or otherwise disclosed to third party affiliates, partners, agencies is a requirement included in the fine print of some residential ISP's agreement terms I've read, fwiw.
I assumed that this probably is implemented as a 'non-public' goelocation service api as well raw data sharing agreements in some cases, but I'd doubt the data 'processors' and 'controllers' are known to anyone outside those parties.
I was also surprised by the emphasis on "20x more data" aspect. The table on kinds-of-data sent was showing Apple in a much more negative light.
The article is surprisingly short on details. E.g., Google does know your location and the Wifi APs, it's just not the OS that sends it.
Sending telemetry can get expensive: in situations where bandwidth/throughput is restricted people often get picky about giving PCs with Windows installed internet access because of this. It can be bad even in normal situations: My girlfriend's laptop has so much broken telemetry crap between Microsoft and HP that her applications actually get pushed into swap (or whatever it's called on Windows.)
Sending telemetry _poorly_ can get expensive. A good client can aggregate, even compress locally, and publish telemetry in batches. Let's not rule out telemetry entirely because of bad implementations.
I'd say the moral of the story here is that Microsoft and HP just write shitty software.
Not mentioned in the headline: When the user is _not_ logged in, iOS collects "location" whereas Android does not.
I am actually a little surprised that iOS would gather this information. What use would it serve?
It's possible this is referring to this feature: https://krebsonsecurity.com/2019/12/apple-explains-mysteriou...
Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039
That link is returning "429 Too Many Requests." What feature is it you're referring to?
12 replies →
Find My Phone? It is a choice to enroll in this, and it’s mighty convenient when you lose or get your phone stolen.
No, it's the location it uses to report to Apple Maps for the purposes of improving traffic.
1 reply →
Presumably it could wait until someone actually asks for the phone's location in that case. No need to report the location if no one's asked for it.
That works when you're not logged in?
5 replies →
> When the user is _not_ logged in
Does this matter? How many people do you know that aren't logged in on their phones? It is literally one the first things Android asks you to do even before showing you the main screen.
I also found this to be an almost useless case to examine. The number of people not-logged-in must be infinitesimal.
I didn’t think iOS even lets you past the welcome screen without signing in.
1 reply →
Might be for crowd sourcing open wifi location data.
Find my iphone?
This is for logged-out. I believe find-my-iphone is only for users logged into their iCloud accounts.
1 reply →
> When the user is _not_ logged in, iOS collects "location" whereas Android does not.
This may be only technically true. It's not Android, it's Google Play Services, which collects "anonymized", high-accuracy[1] location data constantly.
[1] Yeah, that's actually a contradiction-in-terms. There is no such thing as anonymized, high-accuracy location data.
What does login state have to do here? The controls for device analytics are available and controllable separately from any login state.
You really expect the headline to list out arbitrary specific examples?
It doesn’t seem like they actually “collect” this information with any identifier and only use it for limited strict purposes. This is unlike google who can pop up a map of everywhere you’ve been minute by minute over the last 5 years. I guess that’s only when you’re logged in to your google account, but that’s 99% of Android phones.
I only skimmed the paper, but I think the title extracts and confuses a small part of the paper: "Google collects around 20 times more handset data than Apple" They didn't intend to say that google collects 20x more data than apple in total, which is what the use of the term "devices" kinda leads us to think. The paper seemed to be equally critical of both and this article made it into an attack on google.
Idk which device is worse, but this article title is a bit misleading. Why not just quote the paper directly?
As users, we are assured that telemetry is only for the purpose of "improving products and services", "improving user experience", etc. If one company is collecting 20x as much as another, all else being equal, one would expect that this would be reflected in the quality of the product/service/experience.
Of course, Google's service is to advertisers, first and foremost. Users generally do not pay for what they receive from Google. Perhaps Google's paying customers, advertisers, are the ones seeing the improvement in the quality of service as a direct or indirect result of telemetry.
YMMV, but as much as I like Apple Maps and use it as much as I can, for the more complex/unknown routes I definitely rely more on Google Maps to get it right. I don't know if telemetry is the cause for the better service, but it is noticeably better for me.
Separately, I'm also a google customer as I run an Ad campaign for a small business (skilled labor), and the dollars spent on search ads are extremely efficient with an incredible ROI. Even with CACs in the 10s of dollars, with the size of the contracts being signed it typically costs much less than .5% of the total.
Just quickly comparing Apple Maps and Google Maps:
There is no Apple Maps web page. With Google I can do a complex route plan on my PC and my phone will have the "recent searches" in it ready to go when I get in the car.
Apple Maps doesn't show how packed the trains are. Google Maps shows me how full individual train carriages are!
Apple Maps can't provide cycling directions in my area (a world city!), Google can.
Apple Maps routinely provides driving time estimates that are 2x longer or 2x shorter than the actual time. The Google maps estimation error is more like 5-10% instead of 100%!
Google Maps has a trustworthy "star" review score for local restaurants. Anything that's mid-4s or higher with over a hundred reviews is definitely worth going to. For a popular local cafe Apple maps shows the worthless Tripadvisor score with just 16 votes. Google shows its own data with 357 votes.
Etc...
3 replies →
I don't think this is necessarily true. I believe that Google Maps navigation and location accuracy is significantly better on Android than iOS (no claim on 20x...but anectdatally better)
Google Maps getting more precise telemetry data is actually so useful in improving the navigation experience in tricky intersections, overlapping roads, or low bandwidth areas where GPS signal and service can be spotty. I can speak from experience that friends with Android phones experience less jumpiness in their GPS location, less errors in navigation, and less of that pesky "You've Arrived" notification triggering when still far away from the destination.
Also anecdotally speaking, conversely, I used to use Waze/Google Maps, and nowadays just use Apple Maps. The latter has been more than sufficient in my day to day travels. I can't think of any errors in navigation.
If telemetry is used for improving services then why does every project who's UI decisions are based on telemetry[1] consistently rebuild their UIs in less usable and less user friendly ways?
[1] Pretty much anything from Mozilla or Google, Reddit, lots of others.
Because they're optimizing for some engagement metric and not user experience.
Power users turn off telemetry and skew data?
You bet they are improving. I don’t know any big vendor who is worse than google in ux. Another question is, where is the good old “hiring few hundred users from different groups and watching what they do with a test device” instead of spying on millions of the same kind.
A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure. Years ago Google SRE wanted to extend observability beyond their edge so that there could be an SRE team responsible for the performance of first-party mobile applications. So, there's an SRE team at Google with a dashboard that shows them Google search latency from Google app v42 and v43 which is deployed to 1% of clients. This is why there is so much telemetry.
Another big thing about Android is anti-abuse, keeping people from running ad click fraud in apps running on emulators. That is the whole DroidGuard thing that the paper mentions and doesn't explore further. It is a device-specific virtual machine and bytecode for the virtual machine which is intended to authenticate it as a real device, not an emulator.
Anyway check out this slide deck for how Google SRE views mobile as being in their world: https://www.usenix.org/sites/default/files/conference/protec...
PS that team is called MISRE, pronounced "misery" and some of the founders of that team migrated from "SAD SRE" make of that what you will.
> A lot of this reveals the way that Google itself perceives Android devices, and also ChromeOS devices to a lesser extent, to be inside their infrastructure.
This quote should be more than enough to justify legally separating Google from ownership of both platforms. It is a similar problem we're seeing Tesla now extend to it's cars. Regardless of who legally owns the device, the company's employees feel entitled to data from it and de facto ownership of it. In most cases collecting data that the actual owner of the device is unable to see or utilize themselves.
Not all of it is inaccessible to users. CPU profiles of ChromeOS, for example, are collected on user devices, aggregated, and checked into the public source code repos where anyone can use them, usually for optimizing a chromium build but any purpose you can think of.
You sure you don’t mean SWE? SREs care about reliability
Every week there's a story here on HN that makes me mourn the demise of the Nokia N900. Still the best smartphone ever made by a massive margin.
I hope both those things are made obsolete by stories of smartphones that work well and are vastly more trustworthy than Google and Apple. The longer it takes, the harder it gets. Whatsapp/Signal ports are now hard requirements for much of the population. :S
But what about Librem 5 and Pinephone?
yeah, about them. Don't we all want them to go on to succeed as well as the n900? Then better. Want that badly. Or anything else similar. Not yet though, huh?
1 reply →
Smartphones are personal tracking devices that also allow you to browse the web and make phone calls.
I've always thought of them as "endpoints for deploying cooperate software into your life" but this is also a pretty good description.
The iPhone is basically a vending machine for entertainment, owned by Apple and paid for by you.
1 reply →
In addition to size of the data transmission being a poor measure of privacy implications (XML versus JSON anyone?), this paragraph is nonsense: "The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes."
Apple doesn't have an advertising business, nor does it share that information with advertisers.
Apple supposedly makes billions every year from ad revenue. Not a core part of their business but still nothing to sneeze at
In addition to https://searchads.apple.com there's ads in the stock and news apps.
From the study[0]...
"Several pre-installed system apps make regular network connections that share device identifiers and details ... The Clock app connects to Google Analytics ssl. google-analytics.com/batch."
Really, the clock app calls analytics on a regular basis. That is just ridiculous.
[0]-https://www.scss.tcd.ie/doug.leith/apple_google.pdf
What are the best alternatives to iOS and Android? Is it reasonable to consider the hardware itself "safe", given that the software tracks and calls home about every single thing it does? What are the alternatives?
There are no practical alternatives.
If you're serious enough to use impractical solutions, you probably want a non-google Android distro: https://en.wikipedia.org/wiki/List_of_custom_Android_distrib...
As mentioned in sibling comment, there are no alternative, but I use microG, which is an open source Google Play Services (the core vehicle of most of this fuckery) shim that allows you to use apps that require Google Play Services (like Uber or Tinder or whatever) without actually having to install any binary blobs from Google. The future is so stupid.
There's /e/ OS for one. Debatable how far you get from the Google ecosystem, since it's an AOSP fork, but I think it's a fine middle ground of functionality and practical privacy.
The hardware itself is insecure in 99% of modern phones because the modem has its own tiny CPU with access to the main CPU and memory. I have no evidence that anyone does use this to collect your data, but somebody totally could. Desktop processors have something similar called the Intel Management Engine or AMD Ryzen has the PSP
Ubuntu Touch, Plasma Mobile, Sailfish OS, Nemo Mobile, postmarketOS. I use UT as my main smartphone OS and it does everything I need.
Here you go: https://en.wikipedia.org/wiki/Librem_5.
Manjaro Phosh edition on the Pinephone is pretty good these days. There's still a lot of work to be done, but it works just fine as a phone.
None of the distributions on the PinePhone work well for all the things that people use that little computer in their pocket (which is no longer just a phone) for. For maps, for instance, all of the PinePhone's choices are little more than lightweight tech demos compared to, say, OSMAnd on Android. There is no official Signal client, no powerful browser beyond the clunky Desktop-Firefox-for-Postmarket-OS hack, etc.
It is unlikely that "all the work that would need to be done" to make the PinePhone as useful as an Android phone (even with pure libre software) will even get done. The problem is that the PinePhone is just too underpowered in CPU and RAM, comparable to devices from many years ago. Plus, the PinePhone dev community just doesn’t appear to be large and motivated enough to cover all the bases of e.g. battery optimization that the corporate mobile developers have done.
8 replies →
Here I am still waiting for my Purism Librem 5 I ordered in 2019 while google continues to suck up my data.
Any day now...
Could an admin please adjust the typo in the title? Goolgle -> Google
The OP can also edit the title for a period of time after submission.
How to fully disable Google location tracking on your smartphone:
https://www.androidpolice.com/2019/10/08/how-to-fully-disabl...
How to disable personalized ads on Android:
https://www.androidguys.com/tips-tools/how-to-disable-person...
> Note that if you clear your cache, you will lose your opt-out setting.” Tap OK to continue and implement the change.
Which cache is that talking about, the browser, or some system level thing? Doesn't clearing your cache break some of their fingerprinting and tracking stuff (timing side channels, etc.)? Seems kind of egregious to have clearing that simultaneously opt you back in.
PSA: This does NOT stop Google tracking your smartphones location. If you think taking these steps means Google's blissfully unaware of where your smartphone is located is denying themselves reality, there are many, many ways to track where a handset is at any given moment (IP address, cellular tower location, with 5G it can be even more precise).
I'd be shocked if after turning off all the settings on my phone it was impossible to track its location via some capability somewhere.
Last week my Pixel started to display an overlay with closed captions of the audio flowing through the device.
It listens in on any audio and transcribes it. Probably handy for podcasts, but other things are just scary.
Maybe it's OK if Google does it, I don't really know. I dislike it, it concerns me. The device would have a transcription of audio conversations I have through apps like WhatsApp. Or it could do something useful like transcribe podcasts and hand the transcription over to the owners, so that they can publish it along with their podcasts, without Google needing to dedicate their servers to it.
But if companies like Xiaomi get this feature for free on Android 15 or 16, I know what they will use this tech for. I know what Facebook would use this tech for, and I wouldn't be surprised if they finally start to sell a cheap but powerful Android device.
With offline transcription the "your device is recording me" will get so much harder to detect, as no audio will get streamed. It will become so easy to listen for keywords like "lawnmower" and count their occurrences or their proximity to phrases like "need to buy", or "is pregnant" and stuff like that.
I don't want my devices to do this.
When you enabled the Live Caption (similarly to how folks told you to disable it --- on my phone it was turned off by default) the following informational screen should have been displayed:
"Live Caption detects speech on your device and automatically generates captions.
When speech is captioned, this feature uses additional battery. All audio and captions are processed locally and never leave the device. Currently available in English only."
So note that Google does not get a copy of the audio stream. It stays local to your device only. I don't know about you, but seems like a really handy feature to me, especially for those who might have hearing difficulties.
The live transcription behavior is enabled by a button at the bottom of the volume control toggle. If it transcribes even if that button is off that seems a lot more concerning.
I don't think transcribing on device and then uploading would make any sense: for something like podcasts they could just do serverside transcription (they already do for youtube videos at least).
1) press volume down
2) you should see the volume dialog with a box with squiggly lines in it at the bottom of the volume slider
3) press that to turn it off
3 replies →
I'm waiting for a traffic analysis to turn up that Google gathers location, wifi APs and cell towers even when all possible consent is revoked. Because, with Google's greed, no way I'm believing that they would give that up, and I'm not turning the location service on.
Reminder that Google literally provides a location database for US cops, who are getting bulk data on people simply being in some place at some time and doing nothing wrong: https://www.nytimes.com/2019/04/13/technology/google-sensorv... Meanwhile other countries want to make Google store that data on their territory when it's about their citizens.
“The University of Dublin professor says that this expansive data collection raises at least two major concerns. First, that the telemetry can be used to link physical devices to personal details, data that both companies are most likely exploiting for advertising purposes.
Second, that the telemetry collection process allows the OS makers to track users’ location based on the IP address that connects and uploads device telemetry to their servers.
The researcher said that currently, there are very few, if any, realistic options for users to prevent telemetry collection from their devices.”
This is not what I signed up for, makes me want to leave my smartphone at home or in a faraday cage powered off so I’m not being triangulated by cell towers or these ubiquitous telemetry logs.
One thing I noticed is that Google does not collect location and nearby MACs by default and Apple does. That's a pretty serious difference IMO. And one I didn't expect.
Some skips the device's own MAC but they already know that anyway as they manufactured it.
By "Some" I meant "Apple". Autocorrect (swiping) with my fat fingers :P
"Google and Apple both collect a lot more telemetry from devices with Android/iOS respectively devices then they should be; with Google outdoing Apple."
There, fixed that title for you.
You can turn "location" off on Android just as you can turn "third party cookies" off on the Chrome browser. Google counts on 95% of users not doing that. Neither of these are perfect solutions but they do help a lot for minimal effort.
EDIT And this just in, more third party cookies:
There is no point defending Apple or Google. Both of them probably collect data. Personally I'd be more comfortable with Apple collecting my data as they don't have an Advertisement based model. They've less incentives to use our data, whereas Google's business is based around that very idea! Apple advocates privacy and has made many features available as part of the IOS to enable very granular level control.
Both Google and Apple forbid health agencies around the world wanting to install apps to store similar data for the purposes of pandemic data and suppression - which is understandable that many governments would use it for all sorts of nefarious reasons, but it's also rather hypocritical that they can infer that 'we can use it for whatever because quality. And advertising'.
Some anecdotal from the Apple camp.
I've switch off every possible toggle on Apple TVs, iPhones MacBooks and all the devices still ping back to Apple HQ with time.apple.com, time-osx.g.aaplimg.com, metrics.icloud.com..... so I take this with a grain of salt. I've logged all DNS - using nextdns - and the number of requests back to HQ is more that it should be.
Approaching this constructively - is it possible that this data is used for verification purposes? E.g. iOS will alert your iCloud account if it detects a new IMEI/phone number?
The claim of “20x more data” is a bit suspect as well. 20x the byte-level amount of data? Yes, the math checks out. 20x the data points? Likely not.
Well I have a different personal email account and a different google phone account. There used to be more android mail apps that allow logging in directly without using the phone’s credentials but its getting more and more rare. Any Android mail apps suggestionsthat use web login than android are welcome
Google makes money by collecting data (and lately, cloud services), Apple makes money by selling hardware and putting huge margin on it. (And lately, cloud services.)
So it's all not surprising, really? Different business models lead to different outcomes.
I'd be interested to learn more. E.g, to what extent is the data anonymized?
I also want to know what the data is used for and how long it is stored for, but I suppose those are very tough questions for an external researcher to test.
It's all the little needling ways that get to me. For example, Google Maps works fine with GPS. However, if you drag the map view so it isn't centered on you and tap the "center" button, you get a pop-up begging you to let Google scan for access points even when your wifi is turned off. Hit no and hit the center button again and it works normally.
Fucking why, Google? It's irrelevant to the function I'm trying to use. Not only that but you already have my answer, which is no. Maybe I don't want to be your personal 24/7 wardriver. Maybe I don't want you running my battery down for no reason. Maybe I'm somewhere I'm not allowed to emit 2.4GHz signals and your scanning could get me in trouble with my job or even the law.
I got a feeling the only reason here is that Google is a search engine/ad business and Apple isn't.
Data collection is what companies do when they have no empathy. It's like an ivory tower effect where you don't interact with customers day to day or don't know what they want, so you try to use data to fill in the (large) gap. I could come up with countless examples of amazing products where nobody was using data to justify their decisions.
That's because the user of the service or device is not the customer.
If you're saying they are the product, that's a very old trope and easily falsified. For example, advertisers come to Facebook because, and only because, users are there. If users stopped liking Facebook, they wouldn't be there anymore. If they aren't there anymore, advertisers don't want to be there either. Thus, Facebook is incentivized to keep users happy - they are the most important people to Facebook. From what I've heard, Facebook struggles to get engineers to work on ads. If advertisers were the true customers, I imagine most engineers would be more gung-ho to work on ads because that would align more closely with career success at the company.
The above doesn't justify unrestrained tracking of user activity - but let's not pretend companies get to where they are because they create a first-class space for advertisers. They get to where they are because they, at least at one point, created a great product for their customers.
So they have 20x better informed decisions in their development processes then. Good!
Might I suggest Lineage OS. Very little if any data is sent out from my testing.
I would wager that a good share of it would be device vendor related telemetry
shouldn't be sending any. need a pure Linux phone to deal with Google
I guess this is interesting but it's comparing trash with garbage
Just to be clear the actual paper mentions Android exactly zero times.
Why do they need IMEI for? and mac addresses of close networks (besides location).
When the user gives consent for PII like IMEI, location, networks mac addresses?
I wonder if both companies might be breaching the Children's Online Privacy Protection Rule ("COPPA").
You'd have to ask Apple, but I'd imagine they would say they use it to improve location services. Access point / MAC address data is really useful in aggregate as a way of augmenting GPS, especially indoors. And of course it's also a great way of seeing who associates with each other, but that's at least somewhat mitigated by most devices broadcasting random MAC addresses until they actually join a network.
There is a typo in the title. It should be Google and not Goolgle.
It's a long often too verbose read by "The Age of Surveillance Capitalism" is unforgiving in its detailing of the past, and relentless in its fear of what the future likely holds.
Most people seem to say "oh I know they're collecting data." Unfortunately they don't - likely can't - grasp the depth and breadth. And the motive? Most will never make it that far.
The Age of Surveillance Capitalism rips off the bandaid, one greepy greedy power move at a time.
https://www.wnycstudios.org/podcasts/otm/segments/living-und...
Not sure if I agree with the author.
For example, the phones send tons of data to Google when first booted. But there is no data on the phone at that point! Then maybe this is not data gathering just bad software??
There IS a lot of data even at the very first boot: unique device ID, IP address, MAC address, location, SSID, etc. It can be used to track you later on.
Thats like 1K data in total
1 reply →
Google - if you're explaining you're losing
You are the Product.
It’s always interesting how Android is given the benefit of the doubt on intent and that never happens with iOS.
Seems like the answer is to use just iOS and apple products if you care about privacy.
and microsoft probably collects 200X from windows...
I think the most important point here is missing. When Google collects data, it's the basis of their whole existence. It is the source of their main stream of income.
When Apple does it, I'm sure it helps, but that data is not the reason Apple is one of the biggest companies in the world. And that is why I use iPhone.
I wrote about CompatTelRunner because of the CPU time it consumes, which even MS employees like Billy O'Neal complain about: https://en.wikipedia.org/wiki/Draft:Desktop_Analytics
It's all about the data. Even here. They track who posts what, when, and from where.
Google needs to be reined in. They're running wild. Too arrogant, too powerful, too much influence. And actively evil.
Just to be clear the actual paper mentions Android exactly ZERO times.
Most of the info Apple sends shouldn't be considered telemetry though.
The hardware info is used to make sure that blacklisted/stolen devices are rendered inoperable.
The other requests are simply due to used apps...it seems the researcher is unclear about many aspects of iOS. i.e. typing a url into Safari kicks off to find links, apps, etc. that will be the logical next step for a "search"
He also doesn't understand the difference between Siri the voice assistant and Siri the platform.
tldr; Google vacuums everything it can...Apple is the exact opposite.
This is precisely why I always choose to use the mobile version of a site/app rather than the app if it's available.
Safari has great adblocking. Also, the mobile version of a site is typically a superior UX compared to apps because the controls are consistent. It's usually faster, and best of all, it's MUCH easier to block all of the tracking.
I went to visit an apartment to rent with a friend. While waiting for the owner my friend was reading the names on the mailbox, and read the "x" out loud said "this person is probably Romanian". I when I was home I had notification if I knew this "x" person. All this time my phone was in my pocket. It is just creepy and I'm going to change my pixel 2 as soon as I can for an Iphone.
I mean at this point it's obvious if you're using a digital device data is going to be collected, that's part of society and living in the 21st century; could be your toothbrush, fridge, washing machine, car...All these devices generate data that is going to be collected.
It's also changing how crime is investigated; Google can be asked for a list of smartphones in an area at a given time, can be used to collect evidence or information (were you in this building on this floor at this time?). Carrying a smartphone can implicate you (or not) and you can be photographed by anyone at any moment regardless of your "rights".
I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
This is neither shocking nor unexpected. Humans generate data, data is going to be collected and used.
That's not going to change any time soon. Some thought Google would introduce a similar privacy feature to Apple's tracking consent but I lol'd at anyone who believed that.
>I think people need to understand you are responsible for what you do on a computer; your clicks, searches, taps, installed app list, and basically everything is being recorded regardless of consent (which appears to be an illusion these days).
While I agree with this in principle, I've never really understood why we forgive poor user behaviour when it comes to computers when we don't do the same with basically any other tool humans regularly use, despite the negative consequences being comparable, I don't think it's reasonable to expect people to just quietly accept 'tracking's just the way it is, deal with it.'
That doesn't come down to poor user behaviour in that case, it comes down to malicious behaviour by device manufacturers and software developers in the name of profit.
It's all well and good to expect users to take steps to deal with that behaviour, but it shouldn't just be accepted that, 'that's just the way it is.' And companies should be held accountable for at least the deceit that surrounds it.
Just being honest and open about it all would be a start. At least then you could make the excuse 'oh well the user should have tried harder to not be tracked.' Because they have a fair chance of knowing where and how they're being tracked.
This current system of deceit and bullshit is the problem.
The point of the comparison made in the headline here is exactly that one does not need to expect the worse from everyone and therefore stop caring and complaining.