Comment by StopDisinfo910
4 days ago
Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?
Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.
What supposedly so good about it? Their track record seems awful to me.
E2EE (advanced data protection) without having to use something like Proton, so can stay in the very convenient "ecosystem." With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.
It's still a compromise, sure, but it's a better compromise than what Google offers.
Plus small things. Apple's tracking protection for example is opt in instead of opt out on Android. Google's core business is ads, they won't push features that can negatively impact that. Apple also has an ad division but it's not their main focus, hardware is. They can implement better privacy without impacting their bottom line. Apple's refusal to unlock phones at the request of the FBI, etc.
It's not that Apple is the be all end all for privacy, but they are far ahead of Google and are by far the most convenient option if you are within the walled garden.
> With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.
Or so they say. Has that actually been proven?
It's impossible to prove a negative, like "Apple doesn't have a backdoor". One can prove the existence of a backdoor by reverse-engineering suspicious code or network traffic, but not the nonexistence without poring over every byte of machine code, and quite a lot of the hardware too.
This is not unique to Apple, it's impossible to prove any system is free of a backdoor, including Linux distributions (see: the xz backdoor, or "Reflections on trusting trust"), unless you hand-crafted your whole smartphone from raw silicon.
You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?
5 replies →
> Could anyone here waxing lyrically about Apple so called privacy stand explain to me what that actually is apart from a marketing point Apple keeps repeating?
The end-to-end encryption guarantees on this page seem pretty real to me and have little to do with marketing: https://support.apple.com/en-us/102651
Google backup on Android is also end-to-end encryption. The difference is that on Android, I can self-host anything that Apple won't end-to-end encrypt, like maps or application installs.
Can any of this be verified or confirmed independently?
how do you propose they prove that they don't have your encryption keys
You just cannot prove a party doesn't own something.
> Because from where I stand they do load everything into their cloud. They insist on having you pay for iCloud through obnoxious means. They have you go through their store for everything. They even have an ad platform.
It's very easy to completely disable iCloud. I've never used it and don't intend to, despite running a mac as my primary computer for ~12 years now.
> It's very easy to completely disable iCloud.
My experience widely differs.
Apple will nag you all the time if you don’t have iCloud or just use the free tier and the free tier is very limited. You lose the only way to actually easily sync the phone when you disable it.
Most of the iPhone owners I know including me have caved and pay the additional tax every month.
This is correct. Maybe settings will show you a login button but except for that you're fine.
Apple is much more strict on app tracking (and apps in general).
Yes.
As an example I think Androids have a single device ID which is given to all apps. But iOS has a per app device ID.
And the ID resets pretty often.
The marketing department exploded when Apple announced that change, it made user conversion tracking completely useless.
There is no device ID, only ones tied to a user login on a phone, and the app must request a permission to get it. You can, for example, know that the user ID (which you obviously also need to have a permission to retrieve), is being used on the same device as was used to access your service in the past. Or you can know that this particular otherwise-anonymous user/device combination is being used again. I'm pretty sure that's likewise possible on iOS, but folks can chime in.
And of course there are guidelines that disallow most of the abuse scenarios I suspect people want to imagine: https://developer.android.com/identity/user-data-ids
1 reply →
Yes, specifically both have some variant of "advertising ID", which is shared across all apps. The difference between iOS and Android is that iOS requires you to opt every app into receiving it, whereas Android is opt out. However on top of this Android has a "gsf" id, which is shared between apps, and can't be changed without a factory reset.