I don't feel like anticipating arguments is very helpful, as much as it just adds noise. I could anticipate that someone will argue that because the sun is round, it proves that Apple can do no wrong, yet I don't bring that up, because until someone does, it seems to me to be a waste of time. In short, I am trying to be succinct rather than waste everyone's time arguing over something that nobody wants to argue about.
I don't view "Apple pretends to care about privacy as long as it is good for the bottom line" to be trolling, though I do admit I could phrase it better. Possibly "We don't know how much Apple cares about privacy, but they have taken a lot of actions that suspiciously point to them not caring about it more than they care about their bottom line. They also refuse to take actions that would prove to us that they do take privacy seriously.".
In trying to be succinct, it seems that I lost a lot of the important nuance, which I agree is important.
I would like to point to tech-giants that are pushing good security/privacy, but unfortunately, I don't know of any. I think the best I can point to might be Librem, but they don't have a functioning phone AFAIK.
> For a counterpoint, by controlling the marketplace, Apple has more control over quality and security, as well as the responsibility when something goes wrong. One can reasonably argue that they prefer this over letting anyone provide apps because they're concerned about malware being loaded, that other providers won't be paying as close attention.
I get this concern, but until they let go of that control, they are not enforcing reasonable privacy. It's a trade-off, and it's totally Apple's decision to make, but that means that they aren't doing "privacy right" if they choose the option that disregards privacy. Maybe that's better for their users, maybe not, but they have chosen the side that disregards privacy either way.
> On the other side, Apple doesn't have an business model where they make money from user data
That you know of. Unless you know something that I don't, you don't have access to see where all of their money is coming from. I agree it provides them a better incentive, but incentives don't mean anything.
I don't like comparing Apple to Google, because I find it irrelevant what Apple does. Google is an entirely different business. I dislike Google, and I believe that in many ways they are worse than Apple, but that's irrelevant to the discussion.
"Apple doesn't care about privacy as much as I want them to" doesn't accurately represent what my issue is. My issue is that the statement "At least Apple seems to care about privacy" is true, but the statement "Apple cares about privacy" is not true based on the decisions they make. They may care about it but their actions speak otherwise, and it doesn't matter what groups say, it matters what they do. Just because they "seem" to care about privacy doesn't mean that they do, and I don't want unaware users to support a company that, based on their actions, is likely lying to them.
What would satisfy you that Apple takes privacy seriously?
- Open source the enclave?
- Open source the OS (be it macOS, iOS)?
- Allow you to install your own OS and software?
- Refuse to do business in China?
- Open all of their books so you can view the revenue stream?
If this is wrong or incomplete or to expansive, please do clarify, but also please be specific. I want to understand in detail what your reservations are.
All of the above would be great, obviously, but for me to take Apple seriously, I'd say that they'd need to:
Open source pretty much anything that they can, allowing me to compile and install my own os and software. And this would have to be without having to contact apple's servers in any way.
There might be more that I can't remember ATM, but I think that's the main gist of it.
By not allowing me to see how the code works, I can't know what they are doing with my data. And by designing a system where I could set up as much of the stack as possible without having to contact any central source, would ensure that everyone could use it without fear of that data being mis-handled.
That's not the intent of my question. I'm asking "how" in the sense of explain (as opposed to just a "yes" or "no" answer). I'm asking you to apply those same criteria to the system you're using with the same critical eye and see how it stacks up. I don't know you system and I want to learn more about it.
Oh, my apologies then for assuming the intent of your question.
My current phone is somewhat open-source (cyanogenmod), though I think Google's version of "open-source, but you totally need to rely on our stuff to get basic functionality" is fairly bullshit.
I can compile my own OS and additional software
I can put tools on my phone that severely limit it's contact with Google's servers, although I suspect that there is an underlying system that ignores those tools.
As for my computers, I use Linux. I typically run them on Thinkpads, but I've tried a few other systems as well. My next computer will be a Purism or System76 laptop.
All in all, I'm not happy with any phone that I've seen. I can't think of any that I believe has taken legitimate action to show that they care about my privacy.
As far as computer OS's, I think Linux has strongly taken action to ensure my privacy.
Thanks for elaborating. Where do you get your software? Do you compile it all yourself? Have you audited the code? Which servers do you connect to using your devices? Which services do you use? Do you run the tools you mention that limit network access to specific servers?
I typically download it from the official website or a mirror. Sometimes I compile it, sometimes I don't. I typically only try to connect to my own servers, but I obviously connect to the open web in some circumstances. I sometimes do audit the code, but not always. I run a bunch of my own services, including a mail-server and some social-media stuff. The tools that I use to limit connections typically just turn off access to the internet as a whole, rather than to specific servers, though some of my firewall rules only allow certain things to hit certain servers.
That's probably a good summary, though I do reserve some wiggle room in case I'm forgetting something
FYI, this thread is getting a bit out of hand, so if you'd like to continue this conversation, I don't mind, but LMK how I can contact you because I'm not likely to keep checking for responses |;)
If that's the case, then you can replace your original
> "Apple pretends to care about privacy as long as it is good for the bottom line."
with
> "If Apple truly cared about privacy, they'd allow open access to their hardware and software"
That would provide actual substance and be less flame-baity. HN strives for substantive discussion. Yes, this conversation may be a bit unwieldy, but it's length is, I'd argue, at least in part a result of your initial comment.
People have different priorities. You acknowledge you can't really know what's going on with the hardware. Acknowledging that having the option is a benefit, you also don't always fully audit or compile your on OS, so you're relying on some level of trust. You're also making a tradeoff by supporting/benefitting from an organization (Alphabet/Google) that does earn its revenue based on collecting user data (in that CyanogenMod is based on Android).
A tradeoff I've made is to go with a vendor that provides good hardware and good software while acknowledging I don't have access to the source. I can disable services on iOS that I don't want to use. You continue to bring up that we can't know that Apple isn't dealing in user data. There's no evidence that they do, and you end up arguing for Russel's Teapot when you continue to bring up this point.
I prefer this than relying on software that doesn't work as I expect it to (yes, that's a preference) and not buy further into the Google system. Android has not created a system with universally more secure hardware and software, while benefitting Google's advertising system, which relies on that user data. I understand you're likely not contributing to that directly, but that's part of the system buying Android-compatible devices supports. Clearly your priorities are different, and that's okay.
If you find anything to take away from this, I hope it's at least two things: it's important to error on the side of substance and balance as opposed to flamebait; and that reasonable people can disagree on their choices and priorities.
I don't view "Apple pretends to care about privacy as long as it is good for the bottom line" to be trolling, though I do admit I could phrase it better. Possibly "We don't know how much Apple cares about privacy, but they have taken a lot of actions that suspiciously point to them not caring about it more than they care about their bottom line. They also refuse to take actions that would prove to us that they do take privacy seriously.".
In trying to be succinct, it seems that I lost a lot of the important nuance, which I agree is important.
I would like to point to tech-giants that are pushing good security/privacy, but unfortunately, I don't know of any. I think the best I can point to might be Librem, but they don't have a functioning phone AFAIK.
> For a counterpoint, by controlling the marketplace, Apple has more control over quality and security, as well as the responsibility when something goes wrong. One can reasonably argue that they prefer this over letting anyone provide apps because they're concerned about malware being loaded, that other providers won't be paying as close attention.
I get this concern, but until they let go of that control, they are not enforcing reasonable privacy. It's a trade-off, and it's totally Apple's decision to make, but that means that they aren't doing "privacy right" if they choose the option that disregards privacy. Maybe that's better for their users, maybe not, but they have chosen the side that disregards privacy either way.
> On the other side, Apple doesn't have an business model where they make money from user data
That you know of. Unless you know something that I don't, you don't have access to see where all of their money is coming from. I agree it provides them a better incentive, but incentives don't mean anything.
I don't like comparing Apple to Google, because I find it irrelevant what Apple does. Google is an entirely different business. I dislike Google, and I believe that in many ways they are worse than Apple, but that's irrelevant to the discussion.
"Apple doesn't care about privacy as much as I want them to" doesn't accurately represent what my issue is. My issue is that the statement "At least Apple seems to care about privacy" is true, but the statement "Apple cares about privacy" is not true based on the decisions they make. They may care about it but their actions speak otherwise, and it doesn't matter what groups say, it matters what they do. Just because they "seem" to care about privacy doesn't mean that they do, and I don't want unaware users to support a company that, based on their actions, is likely lying to them.