• JoeKrogan@lemmy.world
    link
    fedilink
    English
    arrow-up
    502
    arrow-down
    3
    ·
    edit-2
    1 year ago

    This is the correct response. Either everyone has protection or no one has. Not that I’d trust apple anyway but by pulling the service your average person is likely to make some noise because they can feel the effect.

    • hardypart@feddit.de
      link
      fedilink
      English
      arrow-up
      135
      arrow-down
      27
      ·
      edit-2
      1 year ago

      I’m not even an Apple user but somehow I still feel like Apple is one of the very last companies where privacy and the security of your data is more worth than a dime.

      • zettajon@lemmy.ml
        link
        fedilink
        English
        arrow-up
        136
        arrow-down
        101
        ·
        edit-2
        1 year ago

        Nope, Apple sells your data just as much as Google does: https://www.insiderintelligence.com/content/apple-ad-revenues-skyrocket-amid-its-privacy-changes https://www.vox.com/recode/2022/12/22/23513061/apple-iphone-app-store-ads-privacy-antitrust#luMMel

        While people noticed their new policies against 3rd party apps, that masked the fact that those policies carved out an exception for first party apps, meaning they collect (anonymous) data on you through Health, Journal, Music, etc. just like every other company. “Trusting them more” is simply a result of you and everyone else getting hit with their privacy ads recently.

        Edit: “just like every other company” meant Google and Microsoft, i.e. the other big equivalent tech companies, my fault for not being specific.

        • steal_your_face@lemmy.ml
          link
          fedilink
          English
          arrow-up
          147
          arrow-down
          3
          ·
          1 year ago

          While I’m all for calling out companies for abusing your privacy, your own links show that they don’t collect as much data as google. They could (and should) be better though.

        • AngrilyEatingMuffins@kbin.social
          link
          fedilink
          arrow-up
          94
          arrow-down
          8
          ·
          1 year ago

          Anonymous data is actually pretty different to the data everyone else collects, which literally has your name and picture

          Apple’s data is useful for trends but it can’t be used to study who I am.

          • generalpotato@lemmy.world
            link
            fedilink
            English
            arrow-up
            19
            arrow-down
            9
            ·
            1 year ago

            This comment needs to be further up rather than the idiotic takes that don’t understand the difference between anonymized data collection (Apple) vs identifiable data collection (Meta/Google/most other tech).

            • QuadratureSurfer@lemmy.world
              link
              fedilink
              English
              arrow-up
              9
              arrow-down
              2
              ·
              1 year ago

              Well, then there’s also the people that don’t realize that there are all sorts of programs out there that will try to take that “anonymized” data and then tie it right back to a persons profile.

              For example, you can anonymize GPS location data, but just because you strip away identifying information doesn’t mean that you’re truly anonymous. It can still be obvious where you live and where you work. And once you figure out where they live (again based on anonymous data) you can tie that information right back into their profile and continue to track them as if nothing has changed. https://www.popularmechanics.com/technology/security/a15927450/identify-individual-users-with-stravas-heatmap/

              • Yendor@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                11
                arrow-down
                2
                ·
                1 year ago

                That won’t work on Apples data - they group all the data into cohorts, so the anonymising isn’t reversible.

                • QuadratureSurfer@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  Can you explain a bit more about Apple grouping their data into cohorts? I haven’t heard much about this before. For example, how would grouping data into cohorts work with GPS data?

              • generalpotato@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                arrow-down
                4
                ·
                1 year ago

                Not all anonymization techniques are created equal? I’m pretty sure this is fairly obvious at this point to anybody remotely familiar with how data collection works when it comes to privacy and device metrics.

                So, how is this relevant to this conversation besides adding more FUD and misinformation?

                • QuadratureSurfer@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  4
                  ·
                  1 year ago

                  You sound like you know a lot more than everyone else on this subject so I thank you for your responses as a means to educate others.

                  Just a word of advice, be sure to treat others with respect rather than assuming the worst of their intentions or calling them idiots because they don’t know as much as you.

                  My response is still relevant to the conversation as we are talking about “anonymized data”. The link in my comment above proves that just because you are told your data has been “anonymized” does not truly mean that it’s impossible to re-attribute it back to an individual.

                  So if you trust that Apple has great techniques for data anonymization, that’s awesome, feel free to expand on that and explain why. Just don’t go around telling others that simply having any sort of anonymization technique makes it so you don’t have to worry.

        • circuitfarmer@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          72
          arrow-down
          5
          ·
          1 year ago

          As much as Google? Likely not. Does their carefully curated pro-privacy image actually match their practices? Also likely not.

        • SidneyGrant@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          46
          arrow-down
          7
          ·
          1 year ago

          I feel like wuth the amount of stuff done on device and not in the cloud with iPhones and other Apple products, saying that Apple sells just as much as Google is at the very least disingenuous…

          • IronCorgi@kbin.social
            link
            fedilink
            arrow-up
            8
            arrow-down
            33
            ·
            1 year ago

            Why? They gather data locally on your device rather than on a cloud service. Why do you feel the locality where they gather your data makes the comment disingenuous?

            • kirklennon@kbin.social
              link
              fedilink
              arrow-up
              56
              arrow-down
              4
              ·
              edit-2
              1 year ago

              If your device locally analyzes your behavior and files, then Apple itself is not actually collecting and analyzing your data. The “locality” is a fundamental difference in who is doing what. If your private information never leaves your phone, your privacy is still fully maintained.

        • webghost0101@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          19
          arrow-down
          1
          ·
          1 year ago

          There is a massive leap between collecting data and selling your data.

          I am against both but in the digital age actually knowing who has your data is such a relief. My old email got sold to third party’s a bit to many times and to this day 80% of the incoming messages are blatant generic America targeted phishing.

        • Platform27@lemmy.ml
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          1
          ·
          1 year ago

          Health is on-device, and is E2EE. To my knowledge, that’s always been the case. They do allow optional data linking services, but those need to be setup by the end-user. Apple should have no knowledge of this data, by default. Notes can be E2EE (with ADP), and with Journal (a new iOS feature) being E2EE. Music is a paid for service, with no ads, and is one of the more privacy respecting options. Data is needed for Music to help serve the user, and suggest artists/songs… it’s literally one of the platforms benefits, over self-hosting.

          • zettajon@lemmy.ml
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            2
            ·
            1 year ago

            None of the major players literally sell your true name and address. All mask the data, and then do stuff with it like create trends to know which ads to display to “users that search for tiktok on the app store/play store”

            • Platform27@lemmy.ml
              link
              fedilink
              English
              arrow-up
              11
              arrow-down
              5
              ·
              edit-2
              1 year ago

              Apple does not sell user data. By all means, look at their Privacy Policy (it’s easy to read), and show me where this is mentioned. They do collect it, and use it for their own marketing platform, but they don’t sell/trade it. In fact they DO anonymise the data they collect. Take a look: https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf This is just one document, found after a quick search. They also disclose other details on their security, and other privacy (or lack thereof) aspects.

              Now show me where other ad agencies, not just one or two, that goes to the same lengths, while also giving decent documentation. I’m not saying Apple is perfect (far from it).

              • zettajon@lemmy.ml
                link
                fedilink
                English
                arrow-up
                12
                arrow-down
                7
                ·
                1 year ago

                They do collect it, and use it for their own marketing platform

                Right

                but they don’t sell/trade it

                Then what are they collecting it for? To line their servers? It’s being used to train services, and those services that have ads have those ads targeted using the data collected in the first sentence I quoted.

                In fact they DO anonymise the data they collect

                So does google. Again, to the broader thread audience replying to my original comment, what is the difference?

                • JshKlsn@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  8
                  ·
                  1 year ago

                  You’re right. Not sure why you’re downvoted.

                  Google would be stupid to sell your data. Instead they keep it private, and when people go to Google, they tell them to push ads to certain groups or take surveys from certain groups, and Google does so. They do not hand those advertisers your data, otherwise those advertisers would never come back. They have the data.

                • seukari@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  I recently learned that one method for companies to get around data selling laws is to give the data away for free in order to attract certain types of advertisers, then, they sell ad slots for people with specific demographics or interests.

                  They don’t sell the data because that is harder to do with laws restricting it, so they just use it as advertiser bait in ways that bypass the law.

                  Further reading: https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and

                • Rakn@discuss.tchncs.de
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  The difference is that there are actually companies out there that will sell you the raw data they collected. E.g. your name and address if they have, your browsing history obtained through shady extension and so on.

                  So there is a difference between selling the data and hoarding it to show targeted ads.

                  And while both may not be cool, to me anyone with some money being able to buy my data is clearly worse. So it’s helpful distinguishing there. It’s not all “selling your data”. You are also doing your argument a disservice by lumping it all into the same bucket.

        • Elthesensai@mastodon.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          @zettajon @hardypart there is nothing stating that Apple is using your data, selling your data, or even getting your data. While it did create a situation where ad dollars are going to App Store it’s still not targeted other than by search. Your own posted link says nothing about what you claimed. There are plenty of issues to bring up about Apple without the need of fabricating one.

        • Yendor@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          5
          ·
          1 year ago

          Did you read the article you posted? Apple serve you ads, they don’t sell your data. And they allow you to opt out of tracking. It’s all right there in your article.

          • JshKlsn@lemmy.ml
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            5
            ·
            1 year ago

            I know this is off topic, but Apple isn’t innocent.

            It’s almost worse to think your privacy is protected when it’s not, than to know it’s not. At least I know Google is sending my Google Assistant sound clips to be analyzed. Sucks when you learn the person you thought you could trust is fucking behind your back.

      • DragonAce@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        25
        ·
        edit-2
        1 year ago

        Any company that obfuscates all their security practices, refuses to give statistics on security risks and counter measures, and boils their product security down to “Trust us, bro.”, doesn’t actually give a fuck about your security. They’re just the last company who is still able to keeps everything secret so they can make shit up as they go along. Apple’s security is a joke and they’re just as bad as any other manufacturer on the market, the only difference is they have successfully kept their shit secret for all these years and spent decades convincing people they actually give a fuck about security.

        I still remember a few years ago having a conversation with a coworker about her iphone and she bragged about Apple never being hacked and this was right after I had just got done reading an article about a large scale hack on their network. Of course Apple never said a damned thing about it, so I forwarded her the article. IIRC she mumbled something about how the article was probably not accurate. Apple fanatics do some crazy mental gymnastics to justify them spending thousands on a phone thats probably worth about $300 at best(their hardware is on average 1-2 generations behind other devices on the market).

        Did you know that most celebrity phone hacks are thru apple accounts?

        • kautau@lemmy.world
          link
          fedilink
          English
          arrow-up
          28
          arrow-down
          3
          ·
          1 year ago

          obfuscates all their security practices

          https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

          https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web

          https://developer.apple.com/documentation/cloudkit/encrypting_user_data

          I had just got done reading an article about a large scale hack on their network

          Source? Or should I just “trust you bro”

          Did you know that most celebrity phone hacks are thru apple accounts?

          Did you know that most celebrities own iPhones by a far margin? These aren’t the encryption was broken hacks when someone is getting into an iCloud account, these are social engineering hacks. That’s what happens when your publicist, your agent, and others have access to your digital accounts so they can get you a new phone quick while you are on the road, grab the photos you took on your phone from your iCloud account to share, etc. More holes in security.

          about $300 at best(their hardware is on average 1-2 generations behind other devices on the market)

          Flagship android phones, barring a few exceptions, are not sold without pre-installed apps that subsidize the cost of the phone.

          Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device? I’d accept that generally iPhones are ~$100-200 above the price of devices with competitive hardware, but a current gen iPhone having $300 hardware? The specs are very similar to other devices in similar price ranges

          I’ve owned both Pixels and iPhones before. While each has its pros and cons, I’ve found that the app sandboxing, default settings, and ability to opt out of telemetry was always better on iPhone. And until google has free, easy-to-use E2E encryption for Android devices and the related cloud services, customer data on Google’s servers is more at risk to be stolen/sold for profit/used without explicit user consent.

          • Whirlybird@aussie.zone
            link
            fedilink
            English
            arrow-up
            15
            arrow-down
            2
            ·
            1 year ago

            Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device? I’d accept that generally iPhones are ~$100-200 above the price of devices with competitive hardware, but a current gen iPhone having $300 hardware? The specs are very similar to other devices in similar price ranges

            Not to mention that iPhones are literally best in the world in terms of the SOC. No other phone in the world matches them. Saying “their hardware is on average 1-2 generations behind other devices on the market” shows how wrong that person is.

            • kautau@lemmy.world
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              edit-2
              1 year ago

              Yeah tbh I started to write a comparison of phones like the fairphone and the purism librem 5, and even the pixel 7, but they are laughable in comparison to just the base iPhone 14 hardware wise. Sure, one is $150 less, but the Librem is like 1300 dollars by comparison to the iPhone 14’s $800, and they are performing at maybe 1/3 of the A15 Bionic SOC. The pixel 7 doesn’t fair much better by price comparison, and again, it’s making google money by selling user telemetry more actively.

              I encourage competition, I don’t think apple should own the market forever. And they haven’t. They almost failed before the first iPod and iPhone. But they’ve come back in terms of their ability to produce powerful silicon. The M series of processors solidifies it.

              Competition is good, and when a company is pushing the market and also pushing a real security agenda? It’s a good thing, let the competitors catch up with security, and then work to beat apple at the SOC game.

              Apple has been dethroned at silicon before, once PowerPC died, it can (and probably will) happen again.

              That’s a good thing.

              Let competitors build better E2E encryption and on-device security. The competition of better security is good for everyone.

              I would love to see apple be de-throned, but I think until there is a shift on a combined focus of hardware/software/security as a product (and having users pay the premium for that) it won’t happen for awhile

            • kautau@lemmy.world
              link
              fedilink
              English
              arrow-up
              7
              ·
              1 year ago

              I won’t disagree with that, it certainly seems to be the most secure OS available for modern smartphones.

              My points were purely refuting the commenter I responded to’s weird obsession with “Apple = Bad and Insecure.” We should encourage competition and support efforts to increase security anywhere they occur. Brand tribalism doesn’t help anyone.

          • gian @lemmy.grys.it
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            1 year ago

            Do you have an example of a device priced at $300 with competitive hardware to the base iPhone 14, without bloatware subsidizing the cost of the device?

            Ulefone Armor 21 😉

            Perhaps is even better.

            • microwavedgerbil@programming.dev
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              How long will that device get major updates? How about security updates? If I break the screen, how long does it take to get another one? What if liquid penetrates the device? Can I take it to a service center? If the service center doesn’t have the parts, will they give me a loaner device while mine is being repaired off-site? Can the off-site repair be done in under a week? How long is the warranty? Can I pay to extend it? What if I lose the device? Is there insurance for that?

              That’s if we pretend for a moment that the MediaTek G99 isn’t a quarter of the speed of the A15.

        • SmashingSquid@notyour.rodeo
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          1 year ago

          Apple processors outperform flagship android phones on benchmarks every generation. Where are you getting your information?

          • kautau@lemmy.world
            link
            fedilink
            English
            arrow-up
            17
            arrow-down
            1
            ·
            1 year ago

            Sadly it’s tribalism. It’s “apple = bad” so anything mentioned about apple isn’t looked at logically but rather with an “us vs them” mentality. It’s common across the spectrum of thinking critically nowadays, but I felt I had to refute all points because it’s dumb and doesn’t help anyone.

            More security is good. Hating on apple because they are convinced that it’s an overpriced conspiracy is stupid. Every tech company deserves some hate, Apple included, but making that your identity instead of thinking critical does nothing to advance the work being done.

    • MxM111@kbin.social
      link
      fedilink
      arrow-up
      74
      ·
      1 year ago

      I think this is correct response not just in case of morality, but in case of technology. How can you guaranty privacy of a call if the recipient is from UK?

    • EighthLayer@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      ·
      1 year ago

      iMessage isn’t a big loss in the UK. FaceTime would be.

      WhatsApp pulling out of the UK would have the biggest impact. Almost everyone uses it here.

      • iMike@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Can confirm, it had swipe to reply for a while now, it’s coming to iMessage in next iOS… The only thing that annoys me about WhatsApp is the high picture compression resulting in low quality images.

        • shebpamm@lemmy.ml
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          If you need to send uncompressed images send it as a “document” rather than an image. You won’t get the preview but it’ll be the same file as on your phone.

      • EliasChao@lemmy.one
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        WhatsApp also uses E2EE, wouldn’t also be targeted under this same legislation?

        Meta pulling WhatsApp out of the UK would affect way more people.

    • Misconduct@lemmy.world
      link
      fedilink
      English
      arrow-up
      45
      arrow-down
      2
      ·
      1 year ago

      Other than their asinine charging cable/accessory situations I consistently find myself agreeing with Apple pretty much any time any government body or group is mad they won’t do something.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        49
        arrow-down
        3
        ·
        1 year ago

        They’re generally on the wrong side of the battle for right to repair and removable batteries too.

        But yeah, privacy they almost always have the right of it.

      • TwanHE@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        ·
        1 year ago

        Requiring usb c was something I agreed with. But indeed many times apple has rightly fought for their userbase.

      • kameecoding@lemmy.world
        link
        fedilink
        English
        arrow-up
        25
        arrow-down
        7
        ·
        1 year ago

        how do you reckon?

        only time they have been on the consumer’s side was with regards to privacy, refusing to comply with the FBI and now this.

        everything else they are pretty anti-consumer, off the top of my head

        • first to remove jack 3.5 (even though I don’t really care about this, others do.)
        • sticking to shitty lightning cable so they can sell overpriced cables
        • the charger thing with the EU
        • worst of all entirely against right to repair
        • Perhyte@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          1 year ago

          To be fair, those first three points fall squarely under that “charging cable/accessory situations” exception. With Apple, it turns out that’s a pretty broad exception.

          • lemme_at_it@lemmy.world
            link
            fedilink
            English
            arrow-up
            11
            ·
            edit-2
            1 year ago

            Bluetooth provides another vector of attack for the convenience. There is already quite a list of known vulnerabilities. Yes, many of these get patched but as the open standard evolves, so do the hackers. You could turn it off entirely, plug in a cable & forget all that if all you wanted to do was use audio/video.

          • kameecoding@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            1 year ago

            like I said, I personally don’t care, but it’s a nice port, pretty ubiquitous and it’s nice to have choice for customers.

    • Whirlybird@aussie.zone
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      10
      ·
      1 year ago

      Remember how everyone kicked up a giant stink about apple adding “on device CSAM scanning when uploading photos to iCloud”?

      They did that precisely because it would allow them to search for CSAM without giving up any privacy. As I said back when all that rage was happening, if apple don’t get to implement it this way you can be damn sure that the government is going to force them to implement CSAM scanning in a much more privacy-destroying way, and well here we are.

      • nanoUFO@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        1 year ago

        CSAM without giving up any privacy.

        Hmmmm funny because security researchers said the opposite, I kinda believe them more?

        • Auli@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Who said it was givening up privacy. The worst I heard is slippery slope of they donthis they might ad more to it later. And how was it privacy compromising?

          • 4AV@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            And how was it privacy compromising?

            1. Anything could be added to the hashes with the user having no way to know what’s being searched for beyond “trust us”. This could be partially alleviated if, for example, the hash had to be signed by organizations in a combination of states that’d make it difficult to push through hashes for anything other actual CSAM (so not just Five Eyes)

            2. Adversarial examples to intentionally set off the filter were demonstrated to be possible. Apple made it clear that there are types of content they’d be legally obligated to report once they became aware of, and it’d be well within a government agency’s capabilities to honeypot, say initially, terrorist recruitment material

            3. Coincidental false positives are also entirely possible (ImageNet had some naturally occuring clashes) and can result in their employees seeing your sensitive photographs

            4. The user’s device acting against the user cements other user-hostile and privacy-hostile behavior. “People could circumvent the CSAM scan” would be given as another reason against right to repair and ability to see/modify the software your own device is running

            5. Tech companies erode privacy by flip-flopping between “sure we’re giving ourselves abusable power, but we’ll stand up to governments pressuring us to expand this” and then “well what were we supposed to do, leave the market?” when they inevitably concede

            • Auli@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              What’s anything? They are not looking for any CSAM pictures they are looking for specific ones that are in a database. Its not like they can create a hash for a guy letting his dog on a horse and find all those pictures.

              • 4AV@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                they are looking for specific ones that are in a database

                They could be looking for any images without your knowing - there’s no guarantee that those images came from a CSAM database.

                Its not like they can create a hash for a guy letting his dog on a horse

                They could trivially create a hash for a picture of a guy letting his dog on a horse (which would also include other very similar images).

                I didn’t necessarily mean to claim that they can scan for a concept lacking a fixed image, if that’s what you’re saying. That would theoretically be possible with enough hashes, but impractical.

      • Proweruser@feddit.de
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        1
        ·
        1 year ago

        Like the politicians would have cared. This is just a convenient excuse. Either they would have found another one or they would have said “we can’t trust Apple to scan for this material. The police has to do these scans!”

        We were right to oppose it then and we are right to oppose it now.

        • Whirlybird@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          10
          ·
          1 year ago

          We were right to oppose it then and we are right to oppose it now.

          You were right to oppose doing it in the most privacy conscious way? Or were you against CSAM scanning at all?

          • jmfwnsfw@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            It was a government provided list of hashes check against. For me, I don’t like it because I don’t trust 3 letter agencies to not abuse the ability to search every iDevice in the world for arbitrary file hashes.

            • Whirlybird@aussie.zone
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              It was a database of hashes that were taken from the intersection of multiple country CSAM databases.

              Germany couldn’t just put a picture of a nazi in there and have every iPhone flag everyone that has a picture of a nazi on it unless multiple other countries also had that same picture in their CSAM db.

              It also only happened when you uploaded the photo to iCloud. Know what they do now instead? Just scan for CSAM on iCloud like google, Microsoft, imgur, Reddit, etc all do.

              The end result is the same in detecting CSAM, but the way apple proposed was more secure and valued your privacy more.

      • Hello Hotel@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        1 year ago

        CSAM, as defined by apple, SPOILER that could be anything, including, and I could rattle off names, anything that threatens the government or those who got their tendrils into it, if we, For example have authoritarians change us to be facist, or re-introduce slavery or segrogation. A mere picture of your bedroom or face could have a somthing in it that allows you to be put into a cohort for later use (legal or not)

        • Whirlybird@aussie.zone
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          3
          ·
          edit-2
          1 year ago

          No, that’s not at all what it was defined as or what it could be. CSAM is Child Sex Abuse Material. It wasn’t going to be memes of winny the pooh like people argued.

          That’s also not how CSAM matching works. It simply compares hashes of images. If you take a photo of you in your bedroom with a sign saying “fuck the government” it will not match any CSAM database hashes no matter how authoritarian or fascist the government is, because they don’t have that same photo in their CSAM databases.

          You’re doing what the outraged did back then and thinking CSAM scanning is some sort of AI powered image recognition that scans images for specific things. It’s not that at all. It is a database of known CSAM images that have been hashed and that have been confirmed by multiple different governments (multiple different ones so one government can’t just put an image of their president that they don’t like in theirs and then find out who has uploaded that photo. If it only appears in one government CSAM database it will not be checked). It takes your photo, hashes it, and then checks to see if that hash is in the CSAM database. It won’t be, ever.

          You know what will be in there and matched? If you download child porn that is already out there on the web.

          • Archer@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            4
            ·
            1 year ago

            You’re naive if you think that is all it will ever be, and that there will never be scope creep, especially malicious scope creep that turns into overreach

      • bigdog_00@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Anything scanning messages or media on my device is an absolute NO if I don’t control it.

        • Whirlybird@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          You did control it though. It only scanned what you were uploading to iCloud, and only during the upload process.

          If you turned off iCloud upload it never scanned anything.

  • Dionysus@lemmy.world
    link
    fedilink
    English
    arrow-up
    161
    arrow-down
    1
    ·
    1 year ago

    There’s legitimate criticism to be made for Apple, but this is something I really appreciate about them.

    • TerraNova@lemmy.ca
      link
      fedilink
      English
      arrow-up
      87
      arrow-down
      5
      ·
      1 year ago

      Walled garden aside, I think they do care about privacy and security.

      • GunnarRunnar@kbin.social
        link
        fedilink
        arrow-up
        69
        arrow-down
        2
        ·
        edit-2
        1 year ago

        It’s their brand. And I’m glad it is. It’s something Samsung can’t copy (I presume because of the Google backbone) or attack.

        (Written on a Samsung phone btw.)

        Edit. I should probably add why it’s good even when I’m not in their ecosystem. It raises the bar for competition and shows that privacy adds value.

      • Juviz@feddit.de
        link
        fedilink
        English
        arrow-up
        31
        arrow-down
        3
        ·
        1 year ago

        I don’t know if they actually care, but I think they figured privacy was a great niche to jump in when they started losing more and more market share to android

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          It’s a brilliant move for Apple because Google can’t play that game.

          Google is fundamentally an advertising company. They materially benefit from user data in providing a more valuable service to advertisers. If Google takes a strong stance on privacy, it could disadvantage the primary business.

      • catastrophicblues@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        4
        ·
        1 year ago

        Yup. They have had issues (think CSAM scandal), but they’re slowly earning back my trust. I’m still a bit wary, but for big tech they have a pretty good track record.

        • Whirlybird@aussie.zone
          link
          fedilink
          English
          arrow-up
          19
          arrow-down
          4
          ·
          1 year ago

          They have had issues (think CSAM scandal)

          People like you that think that was a “scandal” are half the problem though.

          What they were doing with the on-device CSAM scanning as part of the upload to iCloud only was actually good for your privacy. It enabled them to comply with any current and future CSAM laws while protecting your privacy by doing the scanning on your device. It meant that they could then add E2E encryption to iCloud (and then iMessage as well) while still complying with CSAM laws. The alternative - and what everyone else does including google, microsoft, imgur, dropbox, etc - is doing the CSAM scanning in the cloud after you’ve uploaded it completely insecurely, requiring the data to be stored unencrypted and visible to those companies (and the government).

          Doing it on device should have been applauded, but it was attacked by people that didn’t understand how it’s actually better for them. There was so much misinformation thrown around - that it would scan all of your photos and files as soon as they were created and then instantly report to the police if you took a photo of your infant in the bath, for example, or that it would be used by governments to identify people who have memes saved that they don’t like, which is absurd because that’s not how the CSAM databases work.

          Apples proposed CSAM scanning was literally the best for privacy in the entire industry, and people created such an outrage over it that they basically went “oh well, we’ll just do what everyone else is doing which is far more insecure and worse for privacy” and everyone congratulated themselves lol

          • catastrophicblues@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            You make a good point. I guess the outrage was more about scanning at all, though I suppose that’s not on Apple.

  • FlyLikeAMouse@feddit.uk
    link
    fedilink
    English
    arrow-up
    116
    arrow-down
    2
    ·
    edit-2
    1 year ago

    The incumbent government is circling the drain and are, it seems, determined to leave a trail of destruction and burned bridges for their successors to repair.

    • ward2k@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      No offence but isn’t a very similar policy about banning end-to-end encryption also in talk in the EU

      Absolutely don’t agree with it, will be the beginning of the end for privacy but this is more of a European wide (and even world wide) push for a close to e2e encryption

      • LUHG@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        GDPR is basically encrypt your shit and you’ll be fine. If they are seriously considering banning encryption the IT sector might as well shut up shop and run for the hills.

        It’s so bad the UK politicians actually use non MDM unmanaged devices so they can install whichever app they see fit. Tiktok you name it.

        We won a physical war via encryption and we’ll lose a digital one without it.

      • ayhon@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I do seem to recall that some countries petitioned a weakening of e2ee. Some other countries through were firmly against it, so it seems it has lead to nowhere. For sure something to be aware of.

  • falkerie71@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    85
    arrow-down
    1
    ·
    1 year ago

    There are a lot of things to hate about Apple, but this I can get behind. Get people using 3rd party messaging apps too! Preferably ones with e2e encryption.

    • hiire@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      I hate how people turn a blind eye to these things nowadays. They’re willing to give away their personal lives at the expense of the shittiest excuses out there. Privacy should be a necessity, ffs.

    • dunestorm@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Why don’t they just actually give their actual reason: to spy on UK citizens.

      To use children and criminals as a scapegoat for this attrocity is disgusting.

    • perviouslyiner@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      protect the public from criminals, child sex abusers and terrorists

      Aren’t two of those just subsets of the first one?

      What a curious pair of emotionally manipulative examples to choose, when it adds absolutely no extra meaning to the Home Office’s statement.

      • darcy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        i would assume they mean ‘criminals, especially…’, but classic tHiNk oF tHe ChiLdReN argument

  • Paws@lemmy.world
    link
    fedilink
    English
    arrow-up
    69
    ·
    1 year ago

    Signal and WhatsApp have also said they’d likely leave the UK market if this bill is passed as it currently is.

  • ritswd@lemmy.world
    link
    fedilink
    English
    arrow-up
    82
    arrow-down
    15
    ·
    1 year ago

    I once had a conversation under NDA (which has expired since) with an engineer at Apple who was working on iCloud infrastructure, and he was telling me that his team was a bit shocked to read that Dropbox was releasing apps for photos at the time “because they’ve noticed that most of the files users are uploading to Dropbox are photos”. He was like: how do they know that exactly? His team had no idea and couldn’t possibly find out if the encrypted files they were storing were photos, sounds, videos, texts, whatever. That’s what encryption is for, only the client side (the devices) is supposed to know what’s up.

    Not having that information meant a direct loss of business insights and value for Apple, since Dropbox had it and leveraged it. But it turns out Apple doesn’t joke around about security/privacy.

    • whatsarefoogee@lemmy.world
      link
      fedilink
      English
      arrow-up
      45
      ·
      1 year ago

      What?

      https://support.apple.com/en-us/HT202303

      Under Standard Data Protection photos, general drive storage and device back up are not end-to-end encrypted. Meaning that Apple has full access to reading and analyzing them.

      Under Advanced Data Protection which is an opt-in feature available since iOS 16.2, you can have those files end-to-end encrypted.

      End-to-end encryption makes the user responsible for keeping an encryption key safe, irreversibly losing their data if they lose the key. It’s not practical for the general population. I would guess its use is in low single digit percent of apple customers.

      And this feature came out in December 2022. A bit over half a year ago. Unless your friend’s NDA was super short, I presume the conversation took place before it was released. Either your friend was bullshitting you under an NDA or he’s an idiot.

      • wtfeweguys@lemmy.whynotdrs.org
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Advanced Data Protection has a social recovery option that does not require end users maintaining a security key. It’s far more accessible to average users than one might think, though perhaps still a bit intimidating.

          • wtfeweguys@lemmy.whynotdrs.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            You can select up to five contacts that also have an iPhone to help you get back into your account if you get locked out (ex. losing your phone and getting a new one)

      • Platform27@lemmy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Could be the engineer didn’t have permission to see file details. They could still be readable by higher-ups, but not to the general engineer. This is how it should work, if e2ee is not used. If Dropbox allowed everyone who worked on their server to read files… that’s a huge invasion of privacy.

        • LUHG@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Makes no sense though. As if the engineer is the one deciding which apps are built. He’s just saying things he thinks he sees.

      • ritswd@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Oh that’s interesting!

        Yeah, that conversation is much, much older, pretty close to the very start of iCloud file storage. I’m guessing either things changed since and they used to be end-to-end encrypted, or more likely, what the friend was complaining about is his iCloud infrastructure team didn’t have access to the keys stored by another team, and reverse. So basically, Apple could technically decrypt those files, but they don’t by policy, enforced by org-chart-driven security.

        Now excuse me while I go change a setting in my iCloud account… 😳

      • JshKlsn@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        4
        ·
        1 year ago

        Really proves that Apple users believe Apple is perfect and they are protected, even when there’s official documentation stating otherwise. It’s baffling how many Apple users think they are fully anonymous and protected and not tracked. Apple is brainwashing you well.

        • DeadlineX@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I’m an apple user. I don’t think these things. I have a plethora of apple devices. I also have a few chromebooks, a high-end desktop I built for gaming and developing.

          We as people really need to stop generalizing and insulting {X group of people who are not me}. I mean, you don’t like apple. That’s totally fine! Use whatever pleases you. That doesn’t bother me at all. But stop calling me brainwashed for enjoying an ecosystem that makes my life and day-to-day easier and more enjoyable.

          People like to think of themselves as superior to the other group. But we are all individuals with our own preferences and life experiences. I had a google g1. I’ve had multiple android phones. Admittedly, they were all during android’s Wild West days where I barely got any major os updates and half of them failed within a year.

          What I’m saying (and I know this is a reply to you, but this has been frustrating me with a LOT of things, not just “Apple users”) is that we should try to put things in perspective before insulting an entire group of people that we don’t even know. That’s my two cents.

    • paysrenttobirds@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      1 year ago

      I don’t know anything about this, but the files may be encrypted blobs, but if they are mapped to the original filenames (as is the case with Dropbox) with suffix like jpg, etc, they could assume the type without decoding the file. Not saying there’s no difference between Dropbox and Apple, but I’m not sure people expected filenames to be encrypted back in the day (if even now).

      • ritswd@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Yeah, to be clear, what the friend was saying that day is that they don’t even have access to file names. For them it’s 100% mangled data.

        I would definitely consider file names to be personal information, that I would expect to be encrypted. If I store a file named “Letter to IRS for 2020 violation.doc”, then suddenly you know something about me that I probably don’t want you to know.

  • Adam@geddit.social
    link
    fedilink
    English
    arrow-up
    77
    arrow-down
    11
    ·
    1 year ago

    Don’t you know anything, Brits? Apple only strips security features for the Chinese government, you fools!

      • Adam@geddit.social
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        I mean, they didn’t cave to Russia either. Apple just has principles until there’s enough cash on the table. Then they claim to “always abide by local laws” wherever they operate.

      • DreamButt@lemmy.world
        link
        fedilink
        English
        arrow-up
        15
        ·
        edit-2
        1 year ago

        it has more to do with where their factories are located. Hard to negotiate with the people who control the very land and people you utilize to build your hardware

        Not saying that justifies it, just think we should be accurate with our outrage

        • Adam@geddit.social
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          They could have factories in China and not sell phones there. There are also other places to build factories. They just might have to trim back their 42% profit margin. It’s still a willingness to abandon principles for a price, isn’t it?

        • PooCrafter93@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah I agree that the CCP have more leverage due to the factories, aa well as the larger user base.

          Just like to point out apple aren’t some altruistic organisation, they are a corporation out to make money, and that the CCP suck.

          Also, I profoundly disagree with the legislation this thread was originally about.

        • rbits@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I think it’s more that they know they don’t have any negotiating power in China. China doesn’t care if they have iMessage, but the UK and the british people do.

      • damnYouSun@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        Oh, they are authoritarian enough. They just aren’t powerful enough.

        Want to know what it looks like to go power crazy with no power, then go look at the Tories.

      • Shaggy0291@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Take it from me, the British state is just too paralysed by corporate capture and broke to offer any pushback against corporations. They can’t even afford to run a properly equipped and staffed police state, let alone enforce any legal proclamations they make against Apple.

    • GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It’s this publicly known, or just assumed because China blocks everything they can’t read?

      I assume that Apple gives the Chinese government access somehow, but I’ve never read details.

        • GenderNeutralBro@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Thanks for the links. Unfortunately, that NYT article does not make a single mention of iMessage or end-to-end encryption.

          Last I checked, iMessage still works in China. I find it implausible that China would allow this without access. If there’s a mechanism for that, I’d like to know what it is and how far it extends. The fact that Apple doesn’t admit that there’s a difference in iMessage’s security in China makes me wonder whether it is compromised globally.

          • Adam@geddit.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I don’t think there’s any evidence of a global compromise but I think you’re right that China wouldn’t allow access if it didn’t ultimately control it.

            I couldn’t find anything specific about iMessage but the keys are backed up to iCloud – and we know that’s compromised. I can’t imagine them leaving users the option to just not back up to iCloud to avoid surveillance, but I haven’t seen any specifics. Best to assume that under no circumstances do you ever have privacy from the gov’t in China or even when messaging someone in China.

  • ichbinjasokreativ@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    arrow-down
    4
    ·
    1 year ago

    The one good thing I can say about apple is that they at least push back against this kind of bullshit, even if they only do so for marketing.

    • Zpiritual@lemmy.world
      link
      fedilink
      English
      arrow-up
      49
      arrow-down
      5
      ·
      1 year ago

      The other side is that they’ll also push back against good stuff for the consumer since everything they do is completely out of self interest.

      • Isthisreddit@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        8
        ·
        1 year ago

        Your gonna have to back up that sort of statement. I’m not an apple fanboy, but I take security and privacy seriously, and they seem to really be on the consumers side in that regard. Please inform me how they push back against “good stuff” for the consumer

  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    3
    ·
    1 year ago

    Those proposals will never be made law and acted upon.

    It’s infeasible nonsense to pander to the Daily Mail reading curtain-twitchers. They’ve had 13 years to try and do this. If they wanted to (and indeed if it was in any way possible), they’d have done it already.

    It’ll be just “Vote for us and we’ll make your children safe from nonces and muzzies!” until the end of time.

    • QuadratureSurfer@lemmy.world
      link
      fedilink
      English
      arrow-up
      38
      ·
      1 year ago

      This has nothing to do with RCS from what I read on the article. It looks like the UK wants to be able to tell companies to disable security features such as End to End Encryption so that they can view the messages.

    • warmaster@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      3
      ·
      1 year ago

      That would be better than iMessage or Whatsapp, but even better if we all moved to Simplex, or other secure and private messaging app.

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not necessarily. Google has implemented E2EE in their implementation, but it only works if both parties are using Google Messages. It’s not a standard part of the spec.

        • vrighter@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I too could manually encrypt data and send it via regular old sms. That would require the other party to know of and make use of extra tools to be able to read and reply. If not, then they might not be able to read the message, or worse, reply in plaintext. That’s what google is doing with rcs. Rcs is not encrypted. the google app encrypts the data and sends it “unencrypted” over rcs. From rcs’ point of view it looks like “this user is trying to send random junk… who am I to judge?”