Because a rooted Android device with a Google-free AOSP distribution is (mostly - radio firmware being the exception) 'my phone' while an 'iPhone' is not. On the Android I get to decide what software gets installed, what services to run and which to shun, which programs to allow network access with fine-grained control, both in- and outgoing traffic, which versions of the software to run, etcetera. With the iPhone the choice is rather limited and the controls are mostly in the hands of Apple. While some seem to consider Apple to be a benevolent dictator I'd rather avoid dictators altogether, apart from my doubts about their benevolence.
Security on most mobile devices other than those by Apple is a joke. I understand wanting features that aren’t there, but for me these things are very small and easy to work around relative to the benefits iOS provides: namely that the software is generally advanced and high quality.
True, those bugs are worrying. But I still feel iOS and macOS are the most secure choice because:
1. This incredibly obscure bug (in the sense that I'm surprised someone was able to find this) was found relatively quickly
2. After it was found a fix was developed and tested quickly
3. Once that fix passed QA my devices received a software update over the air and the problem was solved. One of the big problem with other mobile OSs is that the OS updates are often going through the carrier or device manufacturer and it takes time or you don't get it at all.
I don't expect a device that's perfectly secure. I'm sure there are hundreds if not thousands of undiscovered vulnerabilities on the device I'm using to type this to you right now. But that's not the whole picture on security.
There are blunders - but the difference is that there is a lot of scrutiny on iOS and macOS compared to other more niche options. But I guess security through obscurity is not too bad. Apple did benefit from it for many years.
Indeed they have. Apple also agreed there is a problem, and they are apparently trying to fix it. Better answer to the problem than I expected, honestly.
Is there any reason you need exactly these "top tier" devices? For under $200 there is well-built Xiaomi devices with 3-4GB RAM, powerful CPU and everything except for removable battery.
Of course you should never use firmware from Chinese company, but it's true for 98% of other Android devices too and LineageOS + microG work great on these phones.
Because mobile phones are complex beasts hardware- and software-wise, and going top tier makes it much more likely you'll have a fast device for years, that works with whatever random idiosyncratic software and hardware you throw at it.
Like, e.g., last year my SO was changing phones, and we didn't have much budget left, so we went with then-recommended Huawei P8 Lite. Almost good enough, except it seems to have its Bluetooth stack broken in a very specific way that renders her Pebble almost useless. Oh, and every other day, it randomly drains battery very fast. It's those kinds of things you generally don't have to deal with when you go with higher-end devices.
Might be I was just lucky with few devices I owned over last 5 years, but I only got problems with them after putting them in some insane conditions like living in Asia with constant overheating, sand and sea all around. Though I only ever used Cyanogenmod / LineageOS and specifically was looking for older, but tested devices that work well with custom firmware.
Also when it's $160 device I don't need to worry about randomly died battery because I can always get new phone.
No, not really. I'm personally an iPhone user, but my wife has a really nice Android phone. I like top tier phones even though they're more expensive. That said, I didn't want to spend so much (or wait) for an iPhone X, so I updated my iPhone 6 to an iPhone 8.
I thought that would be a big deal when I purchased my iPhone 8, but using the AirPods, I've never once felt the urge to plug in wired headphones. Wireless headphones really are better.
It seems quite clear to me. No-one cares about users, they care about customers. Apple care about their customers. Google care about their customers. Facebook care about their customers.
I am an Apple customer. I am a Google user. I am a Facebook user. See the difference? So do they.
Could you explain what you mean? I’m genuinely curious if Apple has taken an anti-privacy stance.
From what I can tell, they’re the best tech giant for user privacy. They’ve fought the FBI in court to not put in a government backdoor to unlocking user’s devices. Lawyers ain’t cheap.
We don't know what Apple does with their data. They might print it out and make paper airplanes with it. They might use it to test their backups. And yes, they even might sell it. Or, they may do nothing with it at all. We just don't know.
I'm not accusing them of misusing our data, but I do know that they have, in the past, chosen to do something that looks like they are disregarding their user's privacy in order to make a buck (https://www.cnet.com/news/apple-moving-icloud-encryption-key...).
And they can set up their systems in a way that ensures they aren't violating our privacy or trust, but they choose not to do that. That to me, is very suspicious.
I do agree that they seem like the best tech giant for user privacy, but that is a super low bar. Just because they are "the best", doesn't mean they are good at it.
If you want software updates, you can get those through your computer rather than connecting to Apple directly. I'm not sure what would be involved in opting out of Apple's iMessage system. Edit to add: looks like that's an option as well in the settings. (https://discussions.apple.com/thread/6430569)
Are you asking rhetorically? For someone who repeatedly, adamantly, and assuredly posts about Apple and security, I'd be surprised if you don't already know the answer to your question.
I mean most of the apps, like Maps, Email, GPS, etc.
And I don't know the answer to that, because I haven't used an Apple product since the original iPhone. If I'm misunderstanding how they work, then, please, inform me as to what I'm missing. I'm very willing to admit I was mistaken if they don't work the way I think they do.
I try to keep up with the basics of how they work, I have my friends show me things, etc. But I in no way want to paint myself as an Apple expert.
Then perhaps dial back the anti-Apple rhetoric, or at least post something more substantial and thoughtful when you do. You’ve seen enough responses from people to anticipate objections. It’s tedious and boring to see the same arguments again and again.
Mail is a mail client: if you use an Apple domain, you’ll use their servers. If not, then not. And you don’t need to use the built-in mail client. If you use Apple Maps, yeah, you’re using their service. You can use Google Maps or Waze or other alternatives if you choose. GPS is a radio: it doesn’t involve any service provider other than the satellites it receives information from, same as any other GPS radio.
> Then perhaps dial back the anti-Apple rhetoric, or at least post something more substantial and thoughtful when you do.
I don't have to be a mechanic to know when a car is broken, just like I don't have to know how all of Apple's software works to know that they don't actually value privacy. Please, prove me wrong. I'd love it if Apple actually put their money where their mouth is. Until then, I know enough about their stack to know that they don't build it in a way that ensures privacy.
> You’ve seen enough responses from people to anticipate objections.
And? I can anticipate objections as to any argument. That doesn't change the validity of either side. I don't think I get what you mean by this.
> It’s tedious and boring to see the same arguments again and again.
Once those arguments become invalid, I'll stop. If I'm saying something that isn't true, please point it out. Until then, I'll will proudly correct the lie that "Apple cares about privacy". I'm sorry that the truth is tedious to you, but there's not much that I can do about that.
> Mail is a mail client: if you use an Apple domain, you’ll use their servers. If not, then not. And you don’t need to use the built-in mail client. If you use Apple Maps, yeah, you’re using their service. You can use Google Maps or Waze or other alternatives if you choose. GPS is a radio: it doesn’t involve any service provider other than the satellites it receives information from, same as any other GPS radio.
But they could build their systems so that I don't have to go through Apple to use their app, just in the same way that email works. They choose not to. My point is that, until they design their systems so that I can use all of the standard functionality without going through their servers, they aren't taking privacy seriously.
When asking you to "post something more substantial and thoughtful when you do. You’ve seen enough responses from people to anticipate objections.", I'm asking you to do more than repeat "Apple pretends to care about privacy as long as it is good for the bottom line." to start out. From what I gather, your complaints with respect to Apple and privacy center around the source code not being open and you'd like them to provide more choice. Those are reasonable and understandable positions. I'm not trying to build a straw man here, so please correct me if I'm misreading you. When you start a conversation with only "Apple pretends to care about privacy as long as it is good for the bottom line", that's indistinguishable from trolling, when you can easily sum up your issues there as well and encourage a substantive conversation.
From that, you make an absolute claim that "Apple cares about privacy" is a lie. I think a more accurate description is "Apple doesn't care about privacy as much as I want them to." The latter is a perfectly valid, understandable opinion. The former is not. Apple has sunk substantial resources into privacy; you may feel that the Secure Enclave isn't really, because it's not open, but it's wrong to deny that they've put money into developing it. That's an example of putting their money where their mouth is. Likewise refusing to assist the FBI in unlocking their phones. That cost them money (if only in legal fees), and raised the ire of some in law enforcement and the government.
You can point to decisions Apple has made to operate in China, and reasonable people can disagree about their decision there. It's fair to also hold other companies to the same criteria when doing so. It'd also be helpful to point to examples of what you think are good examples of privacy.
You also mention "I do agree that they seem like the best tech giant for user privacy, but that is a super low bar. Just because they are "the best", doesn't mean they are good at it." Can things be better? Sure. If you care about privacy and "agree they seem like the best tech giant for user privacy", do you use Apple devices? Not since the first iPhone, you say. Then, why not? Are you working to improve security on other platforms? It's understandable if you're not: security is tough, and I don't necessarily expect everyone to contribute to open source. Are you evangelizing for those platforms? That sounds like something you could be doing, along with making reasonable arguments about issues you see with Apple.
Similarly "they could build their systems so that I don't have to go through Apple to use their app". Are you referring to the App Store? Getting software updates through Apple? As for other software, as far as I know, there are alternatives you can use. If you've got specific examples, please do provide them. Again, people can reasonably disagree about these. For a counterpoint, by controlling the marketplace, Apple has more control over quality and security, as well as the responsibility when something goes wrong. One can reasonably argue that they prefer this over letting anyone provide apps because they're concerned about malware being loaded, that other providers won't be paying as close attention. You may reasonably disagree that that's the best way to handle it.
On the other side, Apple doesn't have an business model where they make money from user data: they make money through hardware. The way they've had a hard time providing a good ad platform is an example of this: if they were really interested in selling Apple customers to advertisers, they would have figured this out. A customer benefit of this is that Apple can take privacy seriously: they don't have a motivation to make user data accessible. The other big player here, Google, is in the business of advertising. That's very much not to my liking, but I don't go around commenting only "Google doesn't care about privacy": I know the discussion is more nuanced that that, and to do otherwise is just encouraging flamewar.
All of this comes down to "Apple doesn't care about privacy as much as I want them to". Perfectly reasonable. The absolute "Apple doesn't care about privacy", not so much.
I don't feel like anticipating arguments is very helpful, as much as it just adds noise. I could anticipate that someone will argue that because the sun is round, it proves that Apple can do no wrong, yet I don't bring that up, because until someone does, it seems to me to be a waste of time. In short, I am trying to be succinct rather than waste everyone's time arguing over something that nobody wants to argue about.
I don't view "Apple pretends to care about privacy as long as it is good for the bottom line" to be trolling, though I do admit I could phrase it better. Possibly "We don't know how much Apple cares about privacy, but they have taken a lot of actions that suspiciously point to them not caring about it more than they care about their bottom line. They also refuse to take actions that would prove to us that they do take privacy seriously.".
In trying to be succinct, it seems that I lost a lot of the important nuance, which I agree is important.
I would like to point to tech-giants that are pushing good security/privacy, but unfortunately, I don't know of any. I think the best I can point to might be Librem, but they don't have a functioning phone AFAIK.
> For a counterpoint, by controlling the marketplace, Apple has more control over quality and security, as well as the responsibility when something goes wrong. One can reasonably argue that they prefer this over letting anyone provide apps because they're concerned about malware being loaded, that other providers won't be paying as close attention.
I get this concern, but until they let go of that control, they are not enforcing reasonable privacy. It's a trade-off, and it's totally Apple's decision to make, but that means that they aren't doing "privacy right" if they choose the option that disregards privacy. Maybe that's better for their users, maybe not, but they have chosen the side that disregards privacy either way.
> On the other side, Apple doesn't have an business model where they make money from user data
That you know of. Unless you know something that I don't, you don't have access to see where all of their money is coming from. I agree it provides them a better incentive, but incentives don't mean anything.
I don't like comparing Apple to Google, because I find it irrelevant what Apple does. Google is an entirely different business. I dislike Google, and I believe that in many ways they are worse than Apple, but that's irrelevant to the discussion.
"Apple doesn't care about privacy as much as I want them to" doesn't accurately represent what my issue is. My issue is that the statement "At least Apple seems to care about privacy" is true, but the statement "Apple cares about privacy" is not true based on the decisions they make. They may care about it but their actions speak otherwise, and it doesn't matter what groups say, it matters what they do. Just because they "seem" to care about privacy doesn't mean that they do, and I don't want unaware users to support a company that, based on their actions, is likely lying to them.
What would satisfy you that Apple takes privacy seriously?
- Open source the enclave?
- Open source the OS (be it macOS, iOS)?
- Allow you to install your own OS and software?
- Refuse to do business in China?
- Open all of their books so you can view the revenue stream?
If this is wrong or incomplete or to expansive, please do clarify, but also please be specific. I want to understand in detail what your reservations are.
All of the above would be great, obviously, but for me to take Apple seriously, I'd say that they'd need to:
Open source pretty much anything that they can, allowing me to compile and install my own os and software. And this would have to be without having to contact apple's servers in any way.
There might be more that I can't remember ATM, but I think that's the main gist of it.
By not allowing me to see how the code works, I can't know what they are doing with my data. And by designing a system where I could set up as much of the stack as possible without having to contact any central source, would ensure that everyone could use it without fear of that data being mis-handled.
That's not the intent of my question. I'm asking "how" in the sense of explain (as opposed to just a "yes" or "no" answer). I'm asking you to apply those same criteria to the system you're using with the same critical eye and see how it stacks up. I don't know you system and I want to learn more about it.
Oh, my apologies then for assuming the intent of your question.
My current phone is somewhat open-source (cyanogenmod), though I think Google's version of "open-source, but you totally need to rely on our stuff to get basic functionality" is fairly bullshit.
I can compile my own OS and additional software
I can put tools on my phone that severely limit it's contact with Google's servers, although I suspect that there is an underlying system that ignores those tools.
As for my computers, I use Linux. I typically run them on Thinkpads, but I've tried a few other systems as well. My next computer will be a Purism or System76 laptop.
All in all, I'm not happy with any phone that I've seen. I can't think of any that I believe has taken legitimate action to show that they care about my privacy.
As far as computer OS's, I think Linux has strongly taken action to ensure my privacy.
Thanks for elaborating. Where do you get your software? Do you compile it all yourself? Have you audited the code? Which servers do you connect to using your devices? Which services do you use? Do you run the tools you mention that limit network access to specific servers?
I typically download it from the official website or a mirror. Sometimes I compile it, sometimes I don't. I typically only try to connect to my own servers, but I obviously connect to the open web in some circumstances. I sometimes do audit the code, but not always. I run a bunch of my own services, including a mail-server and some social-media stuff. The tools that I use to limit connections typically just turn off access to the internet as a whole, rather than to specific servers, though some of my firewall rules only allow certain things to hit certain servers.
That's probably a good summary, though I do reserve some wiggle room in case I'm forgetting something
FYI, this thread is getting a bit out of hand, so if you'd like to continue this conversation, I don't mind, but LMK how I can contact you because I'm not likely to keep checking for responses |;)
If you want to block all connections to Apple, configure an always-on VPN to intercept all network traffic, then use a firewall to stop all Apple connections.
If you want to minimize connections to Apple, don't use Apple apps or services. Wire replaces iMessage. 2doapp replaces Notes.
And if Apple wanted to prove that they actually care about privacy, they would design their apps in a way that I wouldn't have to connect to their servers in any way. This is true even when talking about their apps and services.
There are a ton of them. Look at any open-source email/dav/webserver/etc projects.
As an example: Dovecot (https://en.wikipedia.org/wiki/Dovecot_(software)) doesn't require me to connect to their servers for anything. They have no idea what I'm doing with my data, and they've designed their software so that they can't violate my privacy.
I also don't see why it matters whether or not nobody else sells a smartphone like that. Just because everyone else is doing shady shit with their products doesn't mean Apple gets a free pass.
Incorrect. You can use apps which have other synchronization mechanisms, including competitors to iCloud. With "document provider" apps, you can use SSH as a transport mechanism for files.
> Apple pretends to care about privacy as long as it is good for the bottom line.
I don't care why Apple's interests are aligned with mine, as long as they are. When it comes to corporations, dealing with one whose bottom line is aligned with my interest is exactly what I want.
Also, Apple is not 'pretending' to care about privacy. While they have had some embarrassing bugs, they do put privacy as a high priority. Many speculate that Apple is behind in the assistant category because of privacy concerns.
> I don't care why Apple's interests are aligned with mine, as long as they are. When it comes to corporations, dealing with one whose bottom line is aligned with my interest is exactly what I want.
Agreed! I have no problem with that either, and I think it's great when it happens!
> Also, Apple is not 'pretending' to care about privacy. While they have had some embarrassing bugs, they do put privacy as a high priority. Many speculate that Apple is behind in the assistant category because of privacy concerns.
Just because you don't like the fact that they are pretending, doesn't make it untrue. I'm sure that to a certain degree they do care about privacy, but when push comes to shove, they choose money over privacy. They have the ability to design systems with privacy inherent in them, yet they choose not to.
Sure. And as it is likely to continue to be good for their bottom line for the forseeable future, I continue to benefit from patronizing them. See what's happening here? It's a selfish economic system whereby we both benefit. I guess capitalism works sometimes, at least for (relatively) short periods of time. Who knew?
The problem is that you don't both benefit in the ways you think you are. Apple is pretending to be pro-privacy, but they actually aren't pro-privacy. You think you are getting a privacy-oriented device, but you are not.
I would love it if Apple did build privacy oriented systems. I would be their biggest supporter, and I would spend mountains of money on their products. And I do think they would make good money from it from everyone. But until they do design their systems correctly, all we have evidence of is that they can make money by deceiving their users.
> If you want purity of intent in every transaction or contract you ever enter into then the world is going to be a very frustrating place.
I do, and it is. I don't think I get what you mean. Just because a lot of groups choose to lie about their intentions means that it's OK that Apple does the same?
But they aren't lying are they? "We care about your privacy" is not a lie just because they care out of necessary for their share price, it's just not the unreasonably ideal situation you want. You cannot reasonably expect everyone with the same goals to have perfectly aligned intent, and you certainly cannot expect a company of tens of thousands of people to all completely align their intent not only as a collective but also with you as an individual.
If their goals shift, forced by their intent, you drop them. I can't see any other way to pragmatically get along or make progress in life.
I'd strongly argue that my view isn't about being ideal, it's the minimum.
Fact: We don't know what they do with our data
Fact: They refuse to show us what they do with our data, even though they could
Fact: They have taken actions that, while I obviously don't have direct evidence of this, looks extremely like they are handing over control of other people's data to someone else, who is known to be abusive with it
Fact: They can design their system in a way that avoids all of this, yet they continually choose not to
All of this points in one direction, and there's very little evidence pointing in the other direction. It seems pretty obvious to me that their pro-privacy standpoint is all just smoke and mirrors. I'm sure they care to some extent, but they clearly value money over their user's privacy.
If I say that I care about my health, but I eat terrible quality foods, don't exercise, and ignore people who try to encourage me to be healthier, then it it obvious that I don't care about my health, despite what I say.
Apple wants 30% of all the money spent on iPhone apps. This alone is the reason enough to never support them. If they win and it becomes the only option it will be a disaster for developers. Can you imagine a world where there is a 30% tax on all the sales generated in our profession going to a private corporation?
