Keeping Your Data From Apple Is Harder Than Expected
Minna Tiainen (via Hacker News):
The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.
The fragility of the privacy protections surprised even the researchers.
‘Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.
[…]
‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.
Mysk:
Privacy Nutrition Labels are a great idea, but the lack of a mechanism to verify what’s on them makes them unreliable. They can be inaccurate or misleading. Here’s an example: Apple’s own Podcasts app states that search history isn’t linked to the user’s identity, but experiments show that every search performed in the app sends a request to Apple servers with the user’s iCloud ID associated with search keywords, as shown in the screenshot. Perhaps this data is discarded, but in theory the data is enough to build a search history that is linked to a particular user. And this’s not what the privacy label says.
Previously:
- Apple Memory Holes OCSP Preference
- Lawsuits Over Apple Analytics Switch
- iOS VPNs Are Broken
- Expectations When Opting Out of Tracking
- Misleading and Inaccurate iOS Privacy Labels
- Apple’s “Privacy Nutrition Labels” Are a Blessing and a Curse
- Apple Apps Exempt From Network Filters and VPNs
- Opting Out of Sharing Siri Audio Recordings
2 Comments RSS · Twitter · Mastodon
I think the benefit of “privacy nutrition labels” would be a much easier way to hold tech companies accountable from a legal perspective. I totally agree it’s a “trust me bro” situation Rlph. But while a company could argue their complicated and obtuse TOS had some provision of some subsection that allowed them to violate your privacy, it’s much harder to defend a straightforward industry-standard “nutrition label” that they’re just lying on. So yeah, easy to lie but hopefully also a catalyst for accountability?
Privacy Nutrition Labels are "trust me bro"