Thursday, January 28, 2021

Data Privacy Day at Apple

Apple:

January 28 is Data Privacy Day, a time to raise awareness about the importance of protecting people’s personal information online. Apple is commemorating Data Privacy Day by sharing “A Day in the Life of Your Data,” an easy-to-understand report illustrating how companies track user data across websites and apps. The report also shares how privacy features across Apple’s products give users more transparency and control, empowering people with the tools and knowledge to protect their personal information.

Jason Snell (MacRumors):

On Thursday—which is apparently Data Privacy Day at Apple—Tim Cook gave a speech at the Computers, Privacy & Data Protection 2021 conference.

In it, he made some very pointed comments about companies that don’t share Apple’s commitment to building products that provide users with choices about what level of privacy or tracking they’re comfortable with.

Not that tracking doesn’t matter, but I’m much more concerned about leakage of my private data. This is an area where Apple’s policies offer limited protection and actually get in the way of users taking steps to protect themselves. I’d like to see Apple give users the choice to:

Previously:

Update (2021-01-30): See also: Apple’s Q1 2021 Results.

Update (2021-02-05): Ken Harris:

I never understood why Apple made only a single generic “Network Client” entitlement.

That’s the network version of “Full Disk Access”, only scarier, and without any “User Selected” alternative.

6 Comments RSS · Twitter


With regards "Choose which apps are backed up to iCloud", on iOS devices you can do this via Settings > iCloud > Manage Storage > Backups > This Device > Choose Data to backup.


This.

Google is using either iCloud key-value store or the keychain to persistently track you across their apps, even if you uninstall them. If you ever log in to your Google account from one app, e.g. to Google Docs, then launch Google Maps, you are logged in there as well without them ever asking you if it's OK. We need the ability to delete iCloud KVS trees and keychains the same way we can delete website data in Safari, and in fact it should be automatic if the last app from a publisher is deleted from your iPhone or iPad.


@Jose It’s not clear to me that that lets you prevent an app from being backed up in the first place, rather than exclude an app after the fact. And, unfortunately, it doesn’t include every app. For example, you cannot prevent it from storing your iMessage key.


Oh, and it would also be great for Apple to make Internet access by an app an opt-in setting, just like access to GPS, Contacts or the Photo library. This is something Android has had for ages, despite being otherwise a cesspool of privacy invasion. You can control access to cellular, mostly because of cost considerations, and you can control access to the LAN, but not to the primary channel for exfiltration of data.


+1 on control. Apple thinks privacy is important, except when it's from Apple. Hence API lock-in and thoughtless iCloud dependencies that are hard to avoid or control. Only way to be truly free is if you can theoretically block access to the Internet or Apple infrastructure and it doesn't break, or replace every endpoint with run that runs on your own hosts. But, of course, Apple's never going to countenance that. Where a choice exists, I'm afraid, user experience and profit are greater priorities. Default state for an Apple device that's not signed in: persistently connected to APNS. They have an idea that privacy means the risk of data collection and sanitisation is entirely with Apple, but I just don't think that's how most people understand the word "privacy". It is however entirely lawful including under GDPR. Unless you want to go FOSS, this is the best you can have.


Wapo says Apple's privacy ratings are... untrustorthy: https://www.washingtonpost.com/technology/2021/01/29/apple-privacy-nutrition-label/

Leave a Comment