Lots of negativity/skepticism here which is reasonable I would say given tech companies' abuse of our trust. I for one, am happy that Apple can afford to offer privacy as one of its strong suites. Whether they can do it because of their business model or not is moot IMO. Everyone is here to make money, I would rather have someone who doesn't have to sell every aspect of my life to do it.
The biggest problem that I have is that it's privacy built on a closed source platform that works extremely hard to wall users in and create substantial vendor lock-in.
As someone who has tried multiple times to dip their toes into the Apple world, I can tell you that it's highly hostile to users who try to pick and choose how much they want to be an Apple citizen. If you don't agree to sign up for Apple cloud on the latest iOS, it feels like 80% of the basic functions for a smartphone get locked away from you.
And they have viral aspects to their lock-in as well. Have a single family member who isn't on iMessage? Looks like they don't get to participate in your family discussions anymore.
Their privacy features are a selling point today, but your privacy is 100% in their control. If the executive team made the decision tomorrow to switch Apple into a fully panopticon ecosystem, they'd be able to switch over in a year with little visibility for their users that this transition was happening.
If you are in the Apple ecosystem, you under heavy lock-in pressure and you are fully putting your faith in Apple that the directions they go in the future will be directions that you are happy with.
This is quite at odds with my experience with my iPhone, so I'm confused.
I don't have an iCloud account. I'm not sure what "basic functions for a smartphone" I'm unable to use, but, I don't want my photos backed up to iCloud - I'll handle that on my own, for the photos I actually want somewhere other than on my local device. Everything otherwise seems to work.
I don't use iMessage. I've ticked the little box that says to use regular SMS and not iMessage. (This was back when there were stories of people getting stuck on iMessage and losing messages when they switched to another OS, and I wasn't sure I wanted to buy into the Apple platform permanently. I could probably switch back now, since I've been a regular iOS user for years and I hear that https://selfsolve.apple.com/deregister-imessage/ works.) Multi-party SMS works fine. Multi-party Signal, Hangouts, Slack, etc. chats also work great. Similarly, I don't use FaceTime, but I've got tons of messaging apps that support video calls on their own.
Generally things have been fine, so I'm curious what specifically hasn't worked for you.
I find Apple extremely annoying when you disable iCloud: they keep reminding you to enable it on every occasion (updates, freeing up space, going through photos, etc).
Hm, is that a matter of personal taste? I get the prompt for each major version update, but since it takes a few clicks to get back in after an update, one more doesn't bother me. I don't get it on point releases. There's a message about iCloud photo backups when looking at space usage but it's not even a popup/dialog, you can scroll right past it. So it doesn't bother me.
Looking harder, I think what's happening is I do have iCloud, I just don't use it. I don't have automatic backups of photos, I don't have iCloud Drive (what it prompts me for on software updates), etc. Everything is unchecked except Find My iPhone. I haven't had any downside from having iCloud in this active-but-unused state.
I think the GP meant that without an Apple ID, you basically can't install apps to begin with, and most of the OS's apps also require an Apple ID to work to their fullest.
However, I don't share the same degree of skepticism as the GP.
In practice, if not in theory, I think Android works the same way. Yes, there are other app stores, and yes you can install untrusted, but in practice, most people just use the Play Store (requiring a Google account) and if they allow untrusted or use another app store, it's not the default.
I'm not arguing Apple and Google are the same, far from, but in this area, they seem the same to me for the majority of the population. (Android user)
I definitely have an Apple ID. But I don't have iCloud enabled, and without it, having an Apple ID doesn't bother me.
My Apple ID isn't my normal email address and that hasn't been a problem: people don't contact me through it and Apple doesn't force me to publish it to others.
Lock-in is more than just "not giving you the chance to opt out ahead of time"
It's also "give you the chance to opt out LATER after you've invested some time into it."
Most people don't change defaults. So if they buy an iPhone, they are going to go all in on iMessage, whether they've heard of those horror stories of people losing messages or not.
Then, if they ever think they could switch to another OS, they experience the friction you describe, and decide it's not worth it after all.
You can disable iMessage at any point and it works. New texts from iMessage users get sent over SMS instead. You don't have to do it in advance—I just did so out of paranoia, and I don't think other people need to do the same.
(Of course, one side effect is that you can't use iMessage any more and iMessage-specific features are unavailable to you, e.g., group texts might get weird. I don't know of any platform that has the property that you can quit it and still use its features.)
> You can disable iMessage at any point and it works.
Maybe now, but there was a time when iMessage would continue to hijack your number and divert messages from your phone, even if you disabled it.
Also, have you ever tried extricating your photos from iCloud? It's ridiculously complicated, and Apple doesn't give a bulk "download all my photos and delete from your servers". You have to go photo by photo and download them.
I have an iphone, but I think a few things would be nice:
- not identify yourself to apple
- be able to firewall apps - be able to determine who your app is contacting and block them
- allow running of your own software (without asking permission from apple)
- be able to turn off location services (even if the Location Services checkbox is off, apple continuously contacts ls.apple.com)
- be able to turn off "side features" of wifi (crowdsourced location of your access points), bluetooth (ibeacons) and nfc (currently you can't disable)
I have an ad blocker app (adblockios.com) that uses an internal 127.0.0.1 VPN. The version I have was yanked by apple and they had to change to a less powerful "dns based solution".
In any case, a true firewall would be my holy grail.
- sideloading
I believe sideloading only allows you to run an app for 7 days (You have to continually ask for permission)
There is some lock-in, but that's because the system integration works so well (Mac, iPhone, iPad, Watch, etc.) that one is loath to switch, not because they actively lock up your data.
Contacts, Calendar, Photos, documents all allow exports to commonly understood formats (and iTunes with some caveats).
I would not currently consider alternative OSes because they'd not work as seamlessly for me, but if Apple became as bad as you envision, I'd be out in short order with basically all my data.
It's not that the system integration is so wonderful, it's that they make it extremely difficult to work outside of it for no reason.
A few years ago I had a friend who wanted a song put on her iphone. I've never used one but I assumed I could do exactly what I've done with every other phone/MP3 player in the universe and just connect it to my laptop via USB and move the file over to some folder called "music" or something. Nope. Needs Itunes. I fire up a VM and install itunes, she has to log into everything and authorize the phone for that machine (with a warning that she can only do this so many times) and then I was able to get the file on her phone but not before it synced her entire library onto my machine (wtf). A few days later her friend is over and she wants the same song on her phone. I still have the VM with itunes installed so we give it a try and it wipes every song on her phone. The whole thing was 100% obnoxious and unnecessary. Really put me off of Apple when every other product "Just Works" while apple requires you to jump through insane hoops for basic functionality the moment you dare to Think Different and do something in a way other than exactly how they want you do things
When was this? Because almost exactly the same story is what stopped me from moving into the Apple ecosystem, around 2010.
The only difference was that the second, wiped phone was an empty "dev" phone, thankfully. It then caused Apple to ask for a series of upgrades to develop for, starting with XCode and ending with my MacBook Pro.
I thought it couldn't have been more than 3-4 years ago, but now you've got me doubting that. I also couldn't say which iphone it was or if it was up to date. I did pull down the what was the current version of itunes at least. Now I kinda wish I hadn't deleted the VM.
Just ask Siri to play that song? Or search for it in the music app? Or was it from some Indy Band which only publishes on its own website? Then yeah, best bet to get it into a iPhone would be a browser with a download manager and Files App support. (iOS 13 will add a download manager to Safari)
The MP3 was a cool solo I recorded that my friend wanted to bring to her singing coach, but it could have been anything. An MP3 from some random CD that's never been available on the itunes, or maybe just one she wasn't interested in buying even if it were available. What you choose to listen to on your devices isn't any of Apple's business.
Streaming isn't a solution for getting media on a device either. It's a nice convenience in a lot cases, but because you're dependent on someone else to make the content available, and someone else to carry it, streaming is always uncertain and you should never assume it'll be available to you even when it has been in the past. As much as I love streaming media, it can't beat having a DRM free local copy you can keep, copy, convert, etc.
The point though is that getting an MP3 on a popular cell phone at any point over the last 3 years shouldn't be complicated. It shouldn't involve logging into accounts, needing to install bloated and intrusive software (itunes installed a service to always run in the background and set itself to start every time the OS was started) or syncing entire musical libraries (and god knows what else) anywhere. It should have been a drag and drop operation, but the internet is full of horror stories about people losing their music collections, collections being merged with other people's libraries, and requests for itunes alternatives just so people can get media onto their expensive devices.
I'm sure if she only ever used an apple computer with apple's itunes software always running on it, and no one else but her ever used it, and she paid for every piece of media she ever put on her device by using the itunes store everything would have worked wonderfully, but any deviation from that very narrow 100% apple-everything set up turns even the simplest things (like putting an MP3 on a cell phone) into an ordeal with 100% unnecessary apple-imposed complications and roadblocks.
The fact that it would have actually been easier (and probably faster) for me to install and setup a web server to host the file so that she (if she had the right browser) could download it to her phone really shows how fucked up the entire process is.
It's trivial to add an .mp3 (or, as I prefer, .m4a) to iTunes and have it sync to your phone. And that's really the model: files of certain types are handled by certain apps (on the mobile device and the computer, respectively), and sync is handled by those, as well. It makes things very simple, convenient, and consistent, and allows for rich metadata, without having to deal with the filesystem (which is really not good enough for that).
> I'm sure if she only ever used an apple computer with apple's itunes software always running on it,
That's not required. Macs come with iTunes, and on a PC you can install it. An iPhone is not a hard disk, but a computer with its own operating system, and you need dedicated software to communicate with it, imagine that.
> and no one else but her ever used it,
That's not required. You can have multiple accounts on your Mac easily, and you can also share music by putting it into a shared folder and creating respective libraries, which manage the metadata (rating, last heard, etc.) for each user independently.
> and she paid for every piece of media she ever put on her device by using the itunes store
That's not required. Most of my iTunes library is ripped from my old CDs (when iTunes came out, the motto was "Rip. Mix. Burn."). You can trivially add audio in a variety of formats (and if a format is not accepted, transcode it using eg ffmpeg).
> any deviation from that very narrow 100% apple-everything set up
Well, as outlined, it is rather special circumstances that make it cumbersome. The fundamental assumption, though, is that you get media from your computer to your mobile device using dedicated software, and I agree that that's problematic: not so much the "dedicated software" part, I have no beef with that, but you should be able to add an .mp3 or .epub to the respective library on the mobile device directly. I hope Apple addresses that without destroying the ease of use and powerful metadata we have now.
> An iPhone is not a hard disk, but a computer with its own operating system, and you need dedicated software to communicate with it, imagine that.
Lol so I guess my Android phone isn't a computer with its own OS, since I can just plug it into a computer and copy over whatever files I want without bloatware, or, even better, plug in an external drive and copy over files to my phone.
This rationale of answering "I don't want to use Apple's BS ecosystem" with "Just use Apple's ecosystem" with a side order of "you luddite this is how technology works" snide is so sadly typical of people entrenched in the Apple ecosystem.
I've been using iPhone and MacOS for years and successfully picking & choosing different parts of the ecosystem. Sure, the defaults are usually set up to opt you into their own products so it takes a bit of fiddling but it's not hard to opt into just the set of services you want to use - i.e. sync only particular services like iCloud Notes and password manager, but use gmail for email and calendars (using open formats to sync these natively to your phone), use dropbox instead if iCloud for file syncing, etc. It's very configurable and I don't feel particularly locked into anything.
And iMessage seems like a particularly bad example of lock-in because you can take your identifier (phone number) with you. If you switch from iOS to Android pretty much all that happens from a user experience perspective is your message bubbles are now green instead of blue when you text your friends with iPhones. It's very seamless between SMS and iMessages as far as messaging platforms go. To the extent that group threads with your family become harder, that's because group SMS sucks, not because you're locked in to iMessage.
It really seems like most of the time when people talk about lock in, all they mean is that the feature is particularly good. It does what I want and makes things easy, so there would be friction to change. How dare they build features like that!
You lose a lot more than just message bubble colors when you switch away from iMessage. Multimedia quality takes a nosedive to 2006, reactions don't work, you lose encryption (SMS/MMS is not encrypted at all), and you miss out on all the other little things that make people like iMessage.
Of course this isn't really Apple's fault, we can blame the cell carriers for being categorically uninterested in modernizing SMS or making it secure.
Is multimedia quality between Android phones using MMS much better than iPhone-without-iMessage? I thought it's the same, which isn't lock-in, that's just iMessage being a superior service to MMS, and in fact the iPhone is going out of its way to not lock you in and allow MMS.
On the other hand, if the iPhone is intentionally crippling MMS, that's pretty slimy lock-in.
SMS is just as bad on Android phones as it is on iPhones. The problem is it's an ancient crappy standard and carriers are uninterested in fixing it. That is why Apple created iMessage.
Apple does nothing to cripple SMS on iPhones. The only thing Apple is guilty of is not opening up iMessage to non-Apple devices. With Apple Music and TV+ making their way to other ecosystems, I'm hopeful this might change.
I'm unclear about your iMessage comment, as Android or other platforms can send and receive messages just fine with users on iMessage.
As a followup, how is Android, or chromium any better in that regard, given Googles plans to disallow proper adblocking as it interferes with their business model?
There is a fix but Android users can have trouble being in iMessage groups.
As for how is adroid better... well. It's really not. Just like AMD isn't really better than Intel for privacy and security. For many parts of the hardware stack, if you want to be in control of your own privacy, you pretty much have to drop back to 2000s era technology.
No, your family will have a thread without you, you will never see those messages.
You can create a new thread but unless each of your family
members deletes the old iMessage thread they will default to the old thread, which you are blocked from.
Furthermore, they're based in a jurisdiction that's subject to warrantless blanket subpoenas with zero oversight. They may not be selling our data explicitly to the lowest bidder, but everything they gather is still accessible to whoever sits in the White House and whatever their minions think would be fun to dig up.
What makes Apple different is that since their business model doesn't depend on gathering and selling our data, their infrastructure gathers less data. And it sounds like they've taken active steps to make sure they gather as little as possible and that it's as useless as possible for nefarious purposes.
That takes extra effort in software design and testing, and they're hoping to see the return on that investment by explaining to their customers how that translates to value in our hands. If that's a stance they're actively taking, I think any reversal would eviscerate their image, and that's my reason to actually have a little faith.
It's not as secure as some alternatives, but it's a lot easier to use, and in the real world where not everybody compiles things from source, that matters.
Except Apple went to court and proved that they can't hand over this data even if they want to. US law allows law enforcement with a warrant to require Apple to hand over any data they have, but Apple isn't required to help them crack the users password so they can decrypt it.
Name one Country where it’s way better.
Germany? Wants to ban End-2-End encryption.
Germany was also the first country i believe where they seized an entire ISP and grabbed all its servers just for one file, if I remember correctly it was because of a copyright complaint.
On the surface, compared to Android, iOS is much more secure. It seems they ensure app sandbox is not violated by any app developer. No app can steal another apps data. You can prevent/revoke access to contacts, photos, sms, location, background execution, mobile data to any app from a central place.
They allow 3rd-party apps for doing messaging (replaces iMessage), cloud storage (replaces icloud), firefox (replaces safari), 1password (replaces keychain) – all in a clean and easy way – with no ambiguity or confusion.
But w.r.t end to end encryption claims, we just take them at their word. There is no formal verifiable proof.
Recently we have repeatedly learnt the hard way to not trust corporations at they word.
Without open-source and peer-reviewed cryptographic protocols and verifiable trusted execution models, it is not safe to believe it is truly end to end encrypted and nobody is spying.
I agree. They are sitting on more and more data they will be very tempted to use if they can’t hit their growth rates in the future. It would be better if no single entity had that much data.
Isn't Apple one of the few companies going out of their way to keep as much data as possible on-device instead of in the cloud? I agree that shareholders value margins over principles and that could be an issue for companies who do hold a lot of user data.
Correct me if I'm wrong, but a core part of their messaging has been that they don't actually know what users are storing inside their cloud, has it not?
Maybe, but they can change that at any time. If they wanted to have visibility into iCloud data going forward they easily could.
With Apple products, you're putting your privacy entirely in Apple's hands and assuming that their executives will continue to follow the same branding and product strategy that they've been pursuing for the past few years.
That said, Apple is probably the least bad option for phone + cloud for most people. But it's sad that that's the case.
Didn't Apple prove to the FBI in court that they literally cannot access a users iCloud data without their password?
Obviously that still isn't as trustworthy as open source tools you can verify yourself, but it's a far cry better than any privacy guarantee you're getting from Google.
> Didn't Apple prove to the FBI in court that they literally cannot access a users iCloud data without their password?
No. Apple regularly hands over iCloud data to government investigator. In China, Apple handed over its keys, so the Chinese government does not even need to involve Apple to get iCloud data.
feature lock-in, and not feeling empowered to ignore the cloud services associated with the cellular phone you bought, are concerns. they are not security concerns.
it's privacy built on a closed source platform. that's the point you're making.
Your argument is "well maybe they won't be secure tomorrow and you're invested". Ok, but they are secure now and that's more than pretty much other major tech company. Yeah there's lock in with Apple, you don't think there is with Google too? Apple is worst I'll grant you but no one's innocent. Hell Microsoft had to pay 10s of billions for that kinda shit on the 90s. And let's not even get started on Google or IOT where they stop running the service and you're just SOL.
Apple give me privacy. Find a company that doesn't and doesn't have lock in and I'd switch in a heart beat but based on simple economics I doubt that's gonna happen any time soon
I don't think that's true, there's quite a thriving privacy based market for the tech obsessed. take librem one and purism's products, the VPN market, the pinephone, proton mail, or lavabit as examples.
Thriving may be a bit strong - These are small potatoes compared to apple, sure, but these are tech obsessed people buying privacy orientated products.
People spend money in this area. The privacy orientated crowd is willing to put their money where their mouth is.
Please keep orientating products towards it.
edit: sorry, for some reason I'm unable to reply to the comment below. Purism raised 2.1 million pre-selling their the librem 5, not in shares or anything.
You need to wait a bit for the reply button to appear. The site has a delay to prevent discussions from getting too heated. (The delay increases the deeper a comment thread gets.)
There are enough sponsored videos on YouTube tech channels by vpn providers that I think it’s safe to concede individuals are paying for those services.
The other products and services mentioned don’t seem to be prospering the same way.
Are most people using VPNs for privacy? Every individual I know that pays for one does it so they can watch TV in a different country or something similar.
There's also lots of businesses that use them for accessing internal networks externally.
I've never met anyone in real life that is using one for privacy reasons.
The end result might be privacy, but the demand is for bypassing content blocking. Your average user of a VPN doesn't care if it prevents people from identifying them, all they care about is if it lets them watch The Office from wherever they are.
Well, you could argue about whether it counts as privacy per se, but: a, they don't care to ensure that no one can identify them; b, they very much do care that it prevents whatever server they're getting The Office from from identifying them.
Needing to raise money means they don't have the luxury of volume to produce any product and that it is a risky business. Having raised the money, though, is proof that they are indeed profitable.
My assumption is that the OP meant - every company is compared to Apple and Google and Facebook in terms of profit. That the business in question has to make extreme amounts of money to be considered a success, when in reality, if the business is sustainable and marginally profitable, it should be good enough for some cases.
If we're talking about privacy, there seems to be a direct correlation between the size of a companies profits and their willingness to sell your private information. As someone who values my privacy, I prefer smaller, stable companies because I'm more confident they are acting with my best interests in mind; not chasing massive growth and huge profits.
I spend quite a bit of money per month to maintain some semblance of privacy and none of the companies I support are raking in millions in profit every quarter.
I'm not arguing that, I'm responding to this part of your comment, by showing products the privacy obsessed segment are presumably happy with as they are paying for:
"Trying to sell something to privacy obsessed tech segment is a futile effort. They are never happy and don’t want to pay for anything anyway."
I think you're both right. He's saying that from the perspective of the largest private business in the world with $100B+ yearly revenues, derping about on services worth a few million in revenue is just noise. Apple isn't going to shift it's business to capture a $10M/yr market or whatever it is.
And you're off here being like "BUT THEY DO EXIST (even if they are so trivially small that they wouldn't even make a rounded-up single line on Apple's financial disclosures)".
From Apple and his perspective, these tiny businesses are irrelevant.
> Trying to sell something to privacy obsessed tech segment is a futile effort. They are never happy and don’t want to pay for anything anyway. But that is not their target market anyway.
I was replying to a comment about negative comments here and that they are not who apple is targeting so the negativity here is just noise.
Those listed companies exist in an entirely different universe to apple and talking about them is entirely irrelevant here. Their existence proves nothing.
Other peoples concerns are not "noise" in any other than a derogative way and listing companies that refute a substantial part of your comment under your comment is not "entirely irrelevant".
edit (for clarity): Saying that Apples mass-market approach spares them from catering to privacy concerned, somewhat still niche interests would've been a completely valid comment.
Sorry I wasn't elaborate. What I was trying to say was SilentCircle had the money, the people, the pedigree, the vision and yet failed. Privacy is a hard sell and one of the reasons is that it is expensive and comes at a cost of inconvenience, unfortunately, given then way BigTech has shaped its offerings over the years.
puri.sm may yet execute well and take-off but privacy remains a seriously hard problem to tackle (due to govt, ad-net, big-tech) yet easily a problem to get passionate about.
I still don’t see how this suggests security is not a lively, profitable industry. The same anecdote could apply in spades to food startups, telecom startups, sports analytics startups, makeup startups and dozens of other types of businesses.
> I'm only too happy to pay a premium if that gives me some control over my own privacy.
Apple gives you less control over your privacy. Do you want to open map links in an offline maps app? Impossible on the iPhone. Do you want to develop apps for your own device without handing over card details? Also impossible. Do you want to install apps at all without telling Apple you installed them? Too bad. Would you rather not tell Apple your location every time you use GPS? There's no way to opt out (this is opt-in on even Google-flavored Android devices). The list goes on.
> Do you want to open map links in an offline maps app? Impossible on the iPhone.
Yes and no. The app launcher defaults to Maps. You can copy and paste addresses into any offline maps app.
> Do you want to develop apps for your own device without handing over card details? Also impossible.
Blatantly false. You can compile and sideload direct from Xcode to any iOS device without the need for a paid dev account. The paid dev account is only for putting your app on the App Store, or using Test Flight, etc.
> Do you want to install apps at all without telling Apple you installed them? Too bad.
I currently have a Nintendo DS and GameBoy Advance emulator on my unjailbroken phone. I installed direct from a website. I had to 'trust' the developer's certificate first.
> Would you rather not tell Apple your location every time you use GPS?
Citation needed. This information is stored locally and not (afaik) sent to the cloud.
> Yes and no. The app launcher defaults to Maps. You can copy and paste addresses into any offline maps app.
Are you serious? Do you normally copy and paste links instead of clicking on them? You think it's reasonable for somebody to do this with every map link? How about map links inside native applications that aren't even copyable at all?
> Blatantly false. You can compile and sideload direct from Xcode to any iOS device without the need for a paid dev account.
But you will have to reinstall it weekly, which makes this method unworkable.
> I had to 'trust' the developer's certificate first.
When you did that, you also had to tap a "Verify App" button, which phones home to Apple. Ultimately, Apple may revoke the enterprise certificate used to sign your emulator apps, and then you won't even be able to install them.
> Citation needed.
"By enabling Location Services for your devices, you agree and consent to the transmission, collection, maintenance, processing, and use of your location data and location search queries by Apple and its partners and licensees to provide and improve location-based and road traffic-based products and services."
This is true although you can turn off location sharing with apple for all these services, under Location Services->System Services. This includes Maps, Analytics, traffic, and Apple Maps improvement.
The point is that on Android and other platforms, you can get your location (or install an app, etc.) without telling anybody, while the supposedly privacy-focused Apple will only give you privacy if you essentially don't use your phone.
Except now you don't have control over your own device. I don't think they are orthogonal goals. Give me root on my iPhone and I'll switch for the privacy. Leaving gapps off an Android install is becoming crippling.
"control over your device" isn't a big concern for many in the way privacy is, though. Certainly, in the early days of smartphones I rooted my Android phones and iPhones but these days I just see my smartphone as a utility that I want to work well. There isn't really anything I want to do with my iPhone that Apple blocks me from doing.
That was my path as well. There's a very large segment of the tech community with the same story. Started with Android, why not? Fully customizable, had features earlier like 4G. Then realizing that they can be as stable and as much of a hassle as maintaining another desktop computer too (if you're doing it well/right). While I had multiple Android phones over the course of 5 years, it became a habit to restart them daily. The best one I had in that regard was a Samsung Galaxy S3, but it still wasn't up to scratch with the iPhone.
Going with Cyanogenmod (now LineageOS) helped a lot but did not resolve the need to restart often. Then my device which is primarily a phone that absolutely must work reliably and must be secure and updated, is at the whims of a rather lackadaisical volunteer effort.
Irregardless of arguing merits, the bottom line is that it's clear to me that Android's quality does not match what Apple is doing with iOS. Ultimately, I need calls and texts to guarantee to not be laggy and be reliable. It doesn't just need to be reliable, it also needs to feel reliable. I can't remember a single time an iOS app crashed on me. Android failed me in both of those regards in favor of being a mini-PC, with all the positive and negative connotations that includes.
I moved over with the iPhone5S, loved it, still usable as a backup phone unlike all of my old Android devices which are useless today and not even supported by LineageOS builds that aren't years old. I'm using an iPhone SE today, 3 years on with zero issues, still secure, private, fast and stable. It'll be getting iOS 13 in the fall, which looks better than ever.
If Apple releases an iPhone XE, I'll be buying it at launch at any stated price. I would hand Apple $1,000 for the rumored XE. Even if I only used it 3 years, which is on the minimum end of an iPhone's lifespan, per month cost is $28 at that price for 3 years. Considering the support, build quality and reliable utility, it's an absolute no brainer. A bargain. Anyone ever use the 'Apple Support' app? If you have an issue, they help you, really help you, for $0.0. I'm speaking from my own personal experience alone. I don't work for Apple, and only buy index funds. They're simply doing business right, and making everyone else look like fools. They've built their own value through reliable, hard work. Even if the iPhone costs $50 to manufacture.
Apple is one of the very few companies that from what I've seen, gave me the impression that they actually give a damn or two about their own products. I'm actually a .Net developer, a Thinkpad fan (and Macbook, because of the copious service locations), and if it's not clear yet.. love my iPhone.
I value privacy more than a robust and fair market. I can understand why others wouldn't, but I'm not the one spending their money, nor are they the ones spending mine.
Yep, truly horrible things like buying power tools and wood working plans, but not wanting to see advertisements for those things on every last fucking website or application I ever use ever again for the rest of all time.
Do you mean you think privacy and control are orthogonal goals?
They aren't quite orthogonal because if you have root on your device, then you limit the security guarantees Apple can make about their privacy measures.
This is a fairly deep problem in the sense that there is a tradeoff between having a secure enclave to support interesting security protocols on the one hand, and the fact that a secure enclave almost by definition means you don't fully own the machine on the other.
Why do people actually want to root their phones? What kind of advantage does it give to the general user, who flaunts the fact you can do that on android? What can you do now, increasing the usability of a phone, that you couldn’t without a root?
Honest question, because I have absolutely no idea.
> What kind of advantage does it give to the general user, who flaunts the fact you can do that on android?
As a member of one segment of the cellphone user population, I'll say none, really.
The ability to root your phone, IMHO, simply makes it yet another device that sucks up admin time.
Life is too short. This is the major reason I'm a participant in Apple's walled garden. I don't want to mess about more than necessary with a device that I regard as a tool. If my hammer required admin time, I'd dump it.
Well, for starters: xposed gave me a LOT of options to customize every aspect of my phone. Statusbar tweaks, screen brightness tweaks, deeper tasker integration, to name a few... for a tech savvy person with too much time on their hands it is heaven to be able to customize your phone so much more than what is initially "allowed".
Backups, for starters. Personally I value being able to restore the software to a known state in case something happens. Not having any way to back up my data was kind of a deal breaker otherwise.
Firewalling traffic and tunneling also requires root. I believe it is a popular way to block ads and analytics, either with a hosts file or iptables.
There's two competing threat models here. The first is that some shady government agency is going to take your phone and try and break into it. This is an issue if you're actually going up against a government in some form. The second is that the phone itself sends stuff across the internet that you don't want sent. Rooting your phone may hinder the first but it's necessary for the second.
How could you verify that these phones run the same setup as regular phones?
The only way to make companies fix bugs which may be difficult to find, expensive to fix, and potentially embarrassing is to make it easy to locate exploits on real hardware. Otherwise the only people with the resources to do this are government-backed entities like NSO Group, Vupen, etc, who somehow always ensure that exploits get into the hands of repressive governments.
Agreed, which is why I shouldn't have to. Give me root of of the box. Print the root password on a card in the packaging. Yes I can undo all the privacy measures if I make mistakes but that is on me.
>They are never happy and don’t want to pay for anything anyway.
I'm probably not obsessed with privacy, but I put it fairly high on my priority list, and I'm sure as hell I can and will pay for it, if it's not just an illusion. I can see value when there's value. It remains to be seen whether Apple can provide it, though.
I'm very skeptical that 25% of internet consumers use a VPN. I'd be more easily convinced that 25% of internet traffic is via VPN, but even that seems far fetched. I'm also extremely skeptical that you'd find accurate results on a random site's smattering of website resources.
But how many of them use it to bypass geoblocking or to bypass censorship? Those who bypass censorship presumably also value privacy, but from their government and not necessarily from corporations.
You know when I'll believe it? When the un-screw up their app store which vastly incentivizes the development of free-to-use ad-driven apps that prey on user tracking data over premium alternatives. Ad-based revenue has a higher value proposition to developers because it dodges the inane anachronistic 30% tax. "Privacy" first is an utter illusion when the majority of apps approved in this closed ecosystem that ostensibly supports privacy does just the opposite.
Developers aren’t doing ad supported apps because of the 30% “tax”. Did software sell with ads when they had to pay physical retail stores 60% for distribution?
They do ads because people are too cheap to buy apps.
Getting 30% less ad revenue means that subscription revenue would look marginally more attractive. Some # of apps would switch to "paid" if the tax applied to ad revenue. And maybe some apps just wouldn't get made at all, if they were already on the margin of profitability.
Most of the most profitable apps on the store are free to play games with loot boxes and in app purchases or subscriptions - and most of those aren’t even accepting purchases on the App Store anymore.
If Apple reduces their “tax” to 15% how would that compensate for not having the ongoing revenue of ad sales?
There are doubtless cases where that extra slice of one-off revenue per customer would make all the difference in the world to the business model.
At the same time, I suspect that in most cases it would not change the business decisions being made. Recurring revenue matches the financial needs of a business better in most cases.
I am not able to point concretely to any. As I am not possessed of sufficient internal fincancial information to evaluate the question, I am also not equipped to evaluate the question.
I do feel safe in suggesting that across all the apps of the world, there is a greater than 50% chance of there being at least one such application.
If they wanted, they could ban ads, end of story. This would be the equivalent of the retail distribution. They could open up their platform so people could install software outside of the app store.
Apple isn't doing anything to drive development of "free-to-use ad-driven apps that prey on user tracking data...", that would be people being unwilling to pay more than 99 cents for anything and believing subscriptions are a rip off.
It’s not a dichotomy, so I will just say that in addition to circumventing the app store’s take, developers have users to “blame” for the race-to-the-bottom of the surveillance capitalism bucket.
As long as users will balk at paying even 4.99 for an app, developers will make them free and then engage in dark business models like surveillance and terrible in-app purchases.
To be fair and stop “blaming the victims,” this is a classic hard problem in psychology: The purchase price is an immediate, objective cost. Surveillance and the possibility of getting sucked into in-app purchases are subjective, uncertain costs with consequences in the future.
In aggregate, humans are really bad at making those judgments, trebly so when other humans are rigging the game to make the judgment difficult to evaluate.
The problem is that app developers often just do both. They charge, but still use adverts.
You see this in games in particular. Paying removes /most/ adverts. However it does not remove the “watch an advert to get an extra life” style adverts. I assume it also does not remove any ad tracking.
I can't speak to all games, but the pay-once games I've seen have been free of this. No advertising at all, beyond the little ads for their DLC (if they have any.)
> As long as users will balk at paying even 4.99 for an app
Out of interest, what is the refund policy in the app store? I know, for example, I'm way more chilled about paying for "unknown" steam games when I can refund them after an hour of play if I don't like them.
I think they will refund almost automatically (seems like up to 14 days based on another comment). In my experience you need to wait a while (maybe a week?) until the charge registers. After that you can get a refund.
Psychology definitely plays a role in biasing how people interpret things they see and their priorities, but I think much of this is better understood through an economic lens.
If you consider the actions you take to preserve your privacy, it's a strategy you developed over time. And no one can claim to have a formula for devising the perfect strategy when there are non-trivial unknowns. This isn't just common, but normal in economics.
An economic actor can a. estimate the potential costs and benefits, b. observe other actors' strategy and outcomes but must ultimately c. execute their own strategy.
None of these are fully rational, and you have scarce resources (time & money, ability to survey the problem, limited exposure to the actions and consequences of other actors) to allocate to A and B.
If everything works, you stick to your strategy. If you get burned, you adjust your strategy in response. (Though a strategy may be "eat a cost less than $X.")
And if you observe it working for others or others getting burned, you might also adjust your strategy. This does lead to a natural selection of successful strategies; actors are "eventually optimal."
The solution I believe still lies in Apple's court.
Say you have an app that is a niche app with a 7 day free trial and a one-time purchase. How does this look to the user? Exactly like every other freemium/ad riddled/subscription/pay-to-play app. The download button says "Get" and underneath it you see "In-App Purchases Available." User expectations are destroyed at the download page.
One part of the solution is to allow developers to actually define an app as a time limited free trial. Make the download button say "START FREE TRIAL" and underneath "$4.99 to Purchase". Let the user buy or take the free trial from the App Store...but most importantly let them know that it isn't yet another subscription app, or something riddled with ads (Even going so far as to add an app review check that will look for ad network connections to ensure compliance.)
Apple has created a system where user's are now afraid of in-app purchases, because they allowed kids games to be riddled with them and other apps to setup up predatory free trial structures with weekly renewals (And until recently, buried the subscriptions page in a few levels of settings menus.)
But free trials are never really free: after 14 days when you've probably already forgotten about the app, your card gets charged. There needs to be a proper way to try stuff without slyly charging them.
Maybe ask them outright at the end of the trial if they want to carry on?
Unfortunately, that's one of the things that tends to be true of all new product offerings.
Mostly-screen multi-touch smartphones? They were only for the rich when they first launched too. As demand grows, scale enables other businesses to build cheaper options.
Given how quickly competitors copy anything vaguely new or novel coming out of Apple, it seems reasonable that someone will come up with a similar competing service before long.
If they don't, maybe it's also worth focusing some attention on those who directly try to exploit the poor and/or less knowledgeable?
An iPhone 7 is still perfectly usable, in my experience. They also should still be supported for a while. Used, they can easily be found around the $200 price point.
Can confirm, on a 7 Plus, phone's entirely fine, no problems at all. I don't expect to replace it for another two years or so, unless it breaks. Probably by the end of that it'll be feeling a little slow and the battery'll be down to 36hrs rather than lasting all weekend.
Also on a used first-gen iPad Pro 12.9". It's great. I may sell it and pick up a used 3rd-gen when the 4th gen comes out. Or may wait one past that, pick up a used 4th, and just give the 1st-gen to my kids rather than selling. Apple devices are worth the money in part because they don't go way downhill after 12-18mo, so 1) they actually hold some value, and 2) you can skip a couple upgrades and not feel like you're missing out on much.
Whether it's because of their business model is an important question though, because it may tell us if we this has a good chance of being genuine and whether we can expect this to last. If it's in their financial interest to protect users' privacy, then I'm much more inclined to believe that they are actually trying to do that.
If they right now appear to care about privacy, but it's for some other reason, I'd expect financial motives to eventually overrule that.
Am I the only person we thinks Apple might be setting itself up to take a shot at a private, secure, ad-free, paid for social media play?
I mean there are a growing number of people leaving Facebook (ok mostly for Instagram and WhatsApp) who would be willing to pay a few dollars a month to have an advert free experience in a private social media network.
I don’t see it being foretold by their actions, but you have a point. I hope they keep out of social media though. It would bring them within distance of becoming yet another bad privacy actor. I also prefer the separation of my apple account and such things.
Because there was never a demand for a new social network. Apple is now big enough that anything they build becomes trendy and something people will jump into.
Smartphone market share wouldn't be the defining factor in whether you could jumpstart a social network, given there are billions of active smartphones.
The actual size - not relative size - of your base would define that. The only way relative would matter is if they needed to be larger than eg Android to do it, for some reason (they don't).
They have ~1.4 billion active devices world-wide (900+ million active iPhones). You're acting like they have more like 50 million. They'll soon have a billion people using their various services.
The whole idea of a social network is to connect with your friends. Young people, the most valuable demographic, overwhelmingly use iPhone in both the UK/US. Snapchat/Instagram is a successful social network just controlling this market.
No. Failed because they refused to open up user info. Remember Ping and iAds. Ask the bitter people running those project what they think. To get any user's info you have to go through chains of managers and then a sign off from a board member.
It's all over the place I can't even begin, or do you not see the plethora of ads plaguing apps available in the app store and mobile web. If you think tracking isn't involved, you're sorely mistaken. Apple set the 30% tax for premium goods, and effectively killed the premium market as a result. Google followed suit largely because it aligns with Google's core business. Apple's angle is? Honestly, I have no clue. I'm inclined to think it's incompetency at this point.
First, companies attempting to compete with Steam have found it costs 12% to 18% to just run a digital store, without all the app review, customer discovery & acquisition, hosting and delivery, and ecosystem integration Apple and Steam are doing, much less human support.
Second, just a credit card transaction can cost 2.5% - 5% depending on the customer behavior. On a percentage take versus value provided, that seems much worse than the store cost, and it’s a huge chunk of the store cost.
Third, Apple lowers the recurring publishing, hosting, transaction, and support fee in year 2+ to 15%, still including the credit card processing.
It’d be incredibly difficult to operate a trusted digital app sales ecosystem (with human app review and support, refunds, etc.) at scale with less overhead.
But the cost of selling an app does not primarily depend on its cost. Size, frequency of updates etc. are a much bigger factor. Them taking a flat 30% is a clear sign Apple is a price-maker and the market doesn't work.
And taking 30% for in-app purchases — while forbidding developers from even advertising ways of purchasing that bypass Apple — is just plain anticompetitive.
> while forbidding developers from even advertising ways of purchasing that bypass Apple — is just plain anticompetitive.
Let’s say you are at a grocery store, offering free samples of a food, the store allows you to set up in the store however, you don’t want to let the store sell your product because of the distribution fees. While giving out the samples in their store, you tell customers to buy your product from your website directly.
Is this actually a thought process that makes sense to anyone? You want to be visible to customers in Apple’s store but you want to send those customers outside of that store to buy your product? It would seem that was freeloading. Nothing prevents you from selling outside the App Store. Look at Salesforce, they have plenty of apps on the store and they pay Apple exactly nothing when someone becomes a customer of Salesforce. Last time I checked, Basecamp isn’t doing in-app purchases either.
> Nothing prevents you from selling outside the App Store.
Apple does. They aren't 100% successful, sure. But we don't excuse the PRC's Great Firewall because people manage to bypass it either (not that the damage Apple and the PRC do were comparable). An unethical act does not become ethical because you're bad at it.
> You want to be visible to customers in Apple’s store
No, you want to be able to sell at all. Due to Apple's anticompetitive behavior that means selling on Apple's store. Your argument might be valid if Apple had a store but didn't force all Iphone and Ipad users to use it.
I have an iPhone. Where can I purchase iOS apps outside of the App Store?
>Is this actually a thought process that makes sense to anyone?
Totally. Apple encourages free apps just as much as paid apps. They even have a category on the App Store for free apps. They will promote free apps over paid apps if the free app is better. Many apps in their top10 lists are free. Does it sound to you like Apple is against free apps or is otherwise discouraging them? Also you have to pay Apple when you list your app on the App Store. I believe the developer license or whatever you need costs $100. So its not technically free, although I agree that the price is nominal.
To go back to your grocery store example, I'm selling someone a wifi router, and telling them to sign up for internet on my website. Apple wants to tax the internet too. Or I'm selling someone a Sirius XM Satellite radio for their car, and telling them to signup for service on my website.
I will concede that there is nothing either 'evil' or 'good' about what Apple is doing. But to me, taking 30% of a companies sales is super greedy at the very least. Apple does have a history of overcharging for their products. Nobody is opposed to paying premium for premium parts/labor/service, etc. But with Apple, they have an insane margin and so the extra money simply goes into a pile of cash or into some executives pocket. Its not going towards a better product.
That's a very good rebuttal, but it doesn't address the point that the premium apps are forced to shoulder more than their share of the load for operating the app store, right? Would there be some way for Apple to charge apps for tracking or running in-app adds?
Is it really that hard to deliver a 15Mb .ipa file to someone's iDevice, that Apple needs a 30% cut of every transaction to do so?
It's not incredibly difficult to operate a trusted digital app sales ecosystem at all. It's just that there is no competition. If Apple wasn't a monopoly, I have no doubt someone like Amazon could deliver a service that undercut Apple by 90% and deliver the same exact "trusted" ecosystem.
I remember life before the iOS App Store. Mechanisms for delivering software on MacOS usually took a much larger cut than 30%. Heck, when Apple announced 30%, Amazon had to scramble and switch from keeping 70% to matching Apple's 30%. Amazon still keeps 70% if you price your ebook under $3, in fact, while Apple does not.
Your comment implies price-fixing, but history demonstrates competition, and Apple lowered the costs for everyone.
Yeah. All you have to do is follow the money. They're incentivized by paying customers, and maintaining privacy serves that incentive, and double-dealing would be extremely risky at best.
Apple's play is clever because, by breeding a generation of users who are more privacy-conscious, they're also breeding a generation of users who are more likely to buy Apple in the future in a marketplace that is otherwise hostile to privacy. It's as much a long-term game as it is a short-term one.
I feel its a good market differentiator in such a crowded market. Android phones are very similar to iphones in many ways and most of them are focused on data collection.
Do businesses have to sell every aspect of your life to make money? Less than 10-15 years ago, they did not (not to this degree), and they survived just fine. Go back further and you'll find business made plenty of money with less and less of this practice.
As a society, we're able to establish laws and protections against trends where capitalism goes awry. We banned lead usage in products like paints and set regulations to protect dumping anything and eveverything into rivers (hey its cheap).
Privacy may be no different and if market forces are somehow perpetuating it to remain competitive, we as a society need to intervene in a regulatory fashion and redirect businesses to pursue other approaches to increasing revenue and implementing cost saving mechanisms.
If I never hear the argument that "tech is just too hard and bandwidth too unaffordable, poor Zuckerberg/Bezos/Brin are so destitute they would just have to shut down the web and phones completely without behavioral advertising" it would great because it's a very very bad argument.
Until a month or two ago, I was believing that Apple was committed to protecting its customers' privacy. Sure, it had been caving to the Chinese government. But I accepted that it had to, or stop doing business in China.
And then I learned that Apple does not guarantee that apps from its online store respect users' privacy. That rather gives the lie to its commitment to privacy.
I mean, it did (along with Google) take down that Facebook app that exploited the enterprise loophole to basically log all phone usage. And it has taken down apps that block ads in other apps.
So why has it been more-or-less lying by omission about tracking by third-party apps? Apps that it has supposedly vetted.
Have you looked at the keynote? They'll now be blocking a bunch of the tracking techniques that these apps use. Yes, you're right about the past, but they're making changes to be better in the future.
Sure. But would they have done this without the recent publicity about third-party app tracking? I suppose that they must have been working on this for some time. And maybe they deserve some slack.
But there should at least be an apology for not acknowledging tracking by third-party apps. For years. While they were touting their privacy stance.
And it's not just about behavioral ads. Some repressive governments have used iOS apps against dissidents.
They deserve a lot of slack. Apple's privacy approach may not be perfect but they are head and shoulders above just about every other major tech company.
I've written many privacy policies - for privacy-focused companies and for companies seeking to get away with the absolute bare-minimum. One of the best "quick and dirty" ways to assess a company's privacy policy without actually reading the whole thing is to count how many footnotes the document has. All of the important information that a company has to disclose but would rather not is hidden in the footnotes.
Apple's privacy policy[1] has zero footnotes. Google's privacy policy[2] has 51.
Certainly! I contemplated explaining a bit further about Google's footnotes but thought I might sound crazy.
Google actually takes the extra step of obscuring the footnotes to look like hyperlinks. For example, if you click "ads you'll find most useful" under "We want you to understand the types of information we collect as you use our services" you'll see that it pops out as a footnote rather than linking you to a new site.
Because I often found myself looking for footnotes to find the begrudging disclosures and because I found more and more footnotes hiding as hyperlinks I made myself a little browser extension to highlight html elements that are probably footnotes as most are still pretty obvious from the properties. For example, from Google's privacy policy:
<a class="g1mG8c" href="privacy#footnote-useful-ads" data-name="useful-ads"jsaction="click:IPbaae(preventDefault=true)">ads you’ll find most useful</a>
I'm undecided whether this is a style decision or another attempt to hide the ball. Google used to publish a pdf version which made it much easier to see the footnotes but I haven't been able to find a current pdf version in years.
It looks like the PDF version is available at the top of your linked page under the link "Download PDF" (https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e...). The footnotes are all tacked on to the end of the document there, but they're hard to make use of out of context.
It's frustrating that the footnotes contain both important disclosures like "we assign you a unique identifier to track your activity if you're not signed in to a Google account" but then use the exact same format to say "a device is a computer that can be used to access Google services."
Makes it harder to identify the important bits.
You know, it’s only just occurred to me that all this time I had been googling to find a pdf of their policy but I never actually looked on their page. Thanks! What a major facepalm on my part.
And it is frustrating for sure. Not all footnotes are bad but all the bad stuff is usually in the footnotes!
You can read their policies as well as I can. Or better, perhaps.
But my point is that Apple does have lots of rules about what apps can do, and can't do. And that it's been rather aggressive in applying those rules. If you search HN re some mix of ["Apple", "iOS", "app", "store", etc] you'll find complaints from developers about Apple removing their apps from its store.
So, in that context, why were they silent for years about privacy risks of third-party apps? That wouldn't be a remarkable omission by Google, given that its business model is largely about monetizing users' information. But for Apple, which has been promoting itself as privacy-friendly, it strikes me as a glaring omission.
I'm getting criticism for not acknowledging Apple for its stance on privacy, and for how much better it is than Google. And for blaming it for not being perfect. And yes, it is privacy-friendly, and does a far better job at privacy than Google does.
What I'm criticizing is the failure to clearly acknowledge limitations. And I'm coming at this from the perspective of users who are concerned about threats to their privacy. Users who aren't very technical, and who may misunderstand just what Apple protects them from.
Also, this isn't just me hating on Apple. I've said pretty much the same things about the Tor Project. Back in the day, when many users actually saw Tor start at the command line, they saw "[notice] Tor v0...(...). This is experimental software. Do not rely on it for strong anonymity." But the new https://www.torproject.org/ starts with "Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship." Finding anything at all about limitations is not so easy. About risks from global adversaries. About Tor-bypass risks in Tor browser. About risks from malware that phones home through clearnet, bypassing Tor. Conversely, when you start Tor browser in Whonix, you see "Whonix is experimental software. Do not rely on it for strong anonymity."
>You can read their policies as well as I can. Or better, perhaps.
>So, in that context, why were they silent for years about privacy risks of third-party apps?
My point was, you seem to have an interpretation of "Apple approved this app so therefore this means that X,Y, Z is true". I'm asking if that is actually what Apple is claiming.. officially, and also what X, Y, Z mean to you.
If you're claiming that "Approved third party app" == "no data ever leaves your phone" then this has never been the claim of Apple AFAIK.
>What I'm criticizing is the failure to clearly acknowledge limitations.
I see. But why would a company acknowledge their limitations in a commercial competitive marketplace? People who appreciate companies being honest about their limitations in such a public manner, and still end up buying their product are not in the majority, I think.
People try to avoid mentioning anything negative about their past in a job interview - which is kinda the position companies are in, when they go look for customers.
> My point was, you seem to have an interpretation of "Apple approved this app so therefore this means that X,Y, Z is true".
There's arguably an analogy to potential limitation in DCMA safe harbor protection for sites moderate user posts. So if Apple didn't vet apps in its store, and only removed apps after complaints about malicious behavior, it would have no burden for disclosure.
But Apple clearly does vet apps. Aggressively so, given what I've read. So allowing apps that violate users' privacy does create a burden for disclosure. Unless you argue that Apple didn't know that they were doing that, which seems unlikely.
> I see. But why would a company acknowledge their limitations in a commercial competitive marketplace? People who appreciate companies being honest about their limitations in such a public manner, and still end up buying their product are not in the majority, I think.
Yes, for better or worse, that's how things are.
But if you play the "you can trust us" card, and are not in fact being totally honest, it's arguably worse than not promising anything.
Google did pretty much the same, with its "do no evil" mantra. But nobody believes that anymore. I was hoping that Apple was really trustable, but now I'm dubious.
When an app asks for access to your location, you are given three choices - never, when using, or always. How technical do you have to be to know that when you allow an app access to your location - it has access to your location?
But to be clear by saying “the app asks you”, it would be more accurate that the app asks the operating system for the location, the operating system asks you and the OS enforces it.
I assume you're enough of an engineer to know that building an SSO service like this takes a lot of time and energy. Third party apps are exploiting loopholes in the system and Apple is closing those loopholes one-by-one. I don't think this is unnatural. No one has foresight.
So are you arguing that Apple hasn't known about privacy violations by third-party apps in their store?
Given that Apple is announcing patches for these loopholes, it must have been working on them for at least months, if not years. But searching "apple privacy third party app" shows nothing before late May, 2019. Maybe I missed something, and if I did, please share.
Privacy is not all-or-nothing, like a switch. Apple has been playing a cat-and-mouse game with ad companies in which they provide a token for advertisers in exchange for disallowing fingerprinting, and then ad companies abuse that, so they provide a different rotating token and do more to disallow fingerprinting, and then ad companies abuse that, so they clamp down even more, and then ad companies abuse something else, so now they're clamping down even more, and presumably ad companies will figure out still more ways to abuse something, and so on.
There is no such thing as a third-party guarantee that doesn't also disallow useful functionality.
I get that I'm being hard on Apple. And I understand that there's no way to guarantee third-party apps.
But I still maintain that they should have explicitly warned users that installing third-party apps would put their privacy at risk. The situation with Android is undoubtedly far worse. But Google doesn't (at least, not plausibly) claim to be privacy-friendly.
I mean, consider what lengths Apple has gone to to keep customers from rooting their phones. Back in the day, they were bricking them. And they justified it all for security against malicious apps.
They want to retain control over their customers; at the same time, force the developers into relying entirely on Apple as a middle man so that they can't cut Apple out of any transactions.
This way, Apple gets their cut and user's get some level of privacy.
That they can get away with this arm-twisting as "privacy" is to give credit to their brand positioning.
Arm-twisting? You are conflating two issues here. Every company wants to retain users and their business. That is how every company operates. You should judge a company on what they offer as an incentive to keep them. Privacy as a service on their platform is a great thing. Compare that to what other companies offer as incentives.
> Every company wants to retain users and their business.
I think GP's point is that Apple is doing this using lock-in, rather than having the best possible products.
If there were multiple app stores for iOS users, you could argue that Apple is behaving just like every other business. But they're not. They're stifling competition to lock their customers in.
Indeed, but which of the big tech companies does not use lock-in as a tool? Android Play Services, Google Photos, Amazon Prime, Facebook platform, any streaming service (library is „lost“ if you stop paying)..
I think you misunderstand what I meant by lock-in. Everything you just mentioned is not a lock-in for users. You can use your Android phone with non-Google operating systems without hacking your phone. The same is not true of iOS.
If you buy an iPhone, which is a big investment for most people, then you must either use Apple's App Store or jailbreak.
One person's incentives are another's abusive vendor lock-in.
Each time you use the sign in with Apple button, it becomes ever so harder to switch away from Apple products.
Each time your friends add you to an iMessage group chat (instead of, say, a WhatsApp one) it becomes ever so harder to switch away from Apple products.
Each time you buy an Apple home speaker or Apple TV or whatever else it becomes harder to switch away from Apple products.
Google's stuff works better if you're all in but works fine piecemeal. Apple's stuff works fine all in but doesn't work at all piecemeal.
Tech folks should be up in arms about all this, but all you see on this wretched forum are rationalizations involving "business models" and "paying customers".
You want to see a software maker actually care about people's privacy? See Mozilla. Oh but you can't set Firefox as your default browser on your $1200 iPhone, sorry.
At their size & scale, these tech behemoths want to be your platform and be in between everything. So the question becomes, everything else being equal among them which would you choose and why? Privacy is a good enough reason for me and I'm sure others as well.
Since the beginning, Apple wants to justify its premium by it just works which has allowed novice users to use their Macs and then iPhones and other products. With privacy, it's another one of those "it just works" plus "you don't have to worry about it".
If Apple can tie security to its already high brand equity, it will be and continue to be in a good place in today's fear mongering world. It's always better to sell a pain killer than a vitamin and security is top of mind for consumers now more than ever. If nothing else their advertising campaigns are pushing that education onto consumers.
Each time you use the sign in with Google button, it becomes ever so harder to switch away from Google services.
Each time your friends add you to a Facebook Messenger group chat (instead of, say, an iMessage one) it becomes ever so harder to switch away from Facebook.
Each time you buy an Amazon Echo or Google Home or Chromecast or whatever else it becomes harder to switch away from Amazon/Google products.
At least iMessage is based primarily on phone number, so you can turn off iMessage and keep your contacts. Deleting your Facebook account or trying to change Gmail addresses means losing it all. Lock-in is only lock-in if you let it be. Personally, I worry more about Google than Apple, but your mileage may vary.
> They want to retain control over their customers;
Comcast also wants to retain control over their customers -- they want to sell customers internet access, while also selling ISPs and websites access to the customers. This strategy doesn't make the customer better off. If Apple treats their captive customers better than Comcast it's not due to any strategy of being a "middle man".
> They want to retain control over their customers; at the same time, force the developers into relying entirely on Apple as a middle man so that they can't cut Apple out of any transactions.
The cynical part of me sees this as an "Oh Shit!" reaction to businesses starting to circumvent the App Store.
If Apple can make everybody on a iPhone dependent upon their single-sign-on, they can threaten businesses with access to it later.
We are a B2B SAAS company offering analytics and marketing data. We wanted to offer our customer the ability to have a free app to interact with our service on their phone. We wanted our customers to subscribe on the web but not using in-app subscriptions.
We are unable to release this app on the AppStore until we change our whole payment/subscription/billing stack to support Apple subscription system and agree to give them 30% / 15% of our revenues on those users (this is more than we pay for AWS, comparatively).
Keep in mind that a good chunk of of revenues comes from custom plans, so I don't even know how that would work with Apple system.
So much for not forcing developers to do anything.
Are you sure that you’re interpreting the guidelines correctly? Lots of apps serve content related to subscriptions/digital purchases that are signed up for on the web (Netflix, Prime Video, etc.). Or are you trying to use the app as an acquisition channel?
It does not matter how we interpret the guidelines. The fact is that our app has been developed and tested, but was rejected by the app store reviewer citing this reason.
We believe we fall under the exception of "business databases" which are exempted from this restriction, but the reviewer does not believe so. Guess who won.
We are not trying to use the app as an acquisition channel, we don't believe our customers would discover our service through an app store search. We want to make it more easy for our current customers to view their data on a mobile device, the app is pretty simple, coded in react native and also available on the play store.
What was their specific rejection reason? Generally the rule is you can offer a service paid for elsewhere if you don't link to it and don't tell people you can pay elsewhere.
I have apps on my phone that accept payment only on the web.
Can you release the app using enterprise distribution? While not ideal, this will at least allow your customers to use your app instead of getting nothing.
Enterprise distribution is meant just for internal use of the company using it and distributing to customers via that method is exactly why Facebook and Google had their Apple enterprise services disabled a few months ago (although I’m sure they resolved their issues with Apple to get them enabled again)
Netflix offers subscription through the app as well. If you offer those and do not advertise your other channels, you are allowed to publish. The important part here is that you have to offer the same subscriptions at the same price between your web version and your in-app version.
But this would require a significant amount of work on our side to support both web and mobile subscription. We do not expect to get any new business straight from the mobile app, we just want to offer an additional free service to our existing and future customers.
It would take us at least 2 to 3 man-month to rework our billing stack so that Apple has a chance to get 30% on some subscription. Which they won't since we really doubt B2B customers will subscribe to $2k+ yearly contracts using in-apps purchases. So it's really spending all that time/effort so that the Apple reviewer feels OK can safely check the little box on his list next to "in-app policy" :-(
> The important part here is that you have to offer the same subscriptions at the same price between your web version and your in-app version.
That can't be true, SoundCloud offers differing prices between their Go+ on their website and app store. $9.99 and $12.99. They even tell you if you sign-up through their website instead of the app store you get a "discount".
I’m pretty sure you’re mistaken about this. Apple can be sticklers about ensuring that if you offer a way to sign up for the service in the app, you must support App Store subscriptions, but there are a lot of SaaS companies with free apps for subscribers. You just can’t offer a path to signing up from the app if you don’t want to pay apple.
You absolutely, 100% can handle billing completely outside of Apple's infrastructure and have your app be a "Reader app," to use Apple's term for such apps. Apple just posted a document[0] that lists Amazon Kindle, Netflix, Audible, and Spotify as examples of this.
You seem very confident about your understanding of things, but you seem to have misidentified the exact cause of your rejection.
We are writing to let you know the results of your appeal for your app, XXX.
The App Review Board evaluated your app and determined that the original rejection feedback is valid. Your app does not comply with:
Guideline 3.1.1 - Business - Payments - In-App Purchase
We continue to find that your app offers a subscription with a mechanism other than the in-app purchase API.
While we understand that the app reads data, it does not fall into any of the categories listed in guideline 3.1.3 for reader apps:
3.1.3(a) “Reader” Apps: Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, video, access to professional databases, VoIP, cloud storage, and approved services such as classroom management apps), provided that you agree not to directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods are not designed to discourage use of in-app purchase
We hope you will consider making the necessary changes to be in compliance with the App Store Review Guidelines and will resubmit your revised binary.
Best regards,
XXX
App Review Board
--- END ---
So unless you are in one of those listed categories, it does not work. Don't know why we can't be considered to be a professional database tho.
This is totally incorrect. If you have an app on Apple store and sell subscripttions through your website, or other means, Apple forces you to sell the same subscriptions through their store.
I use Spotify, FreeAgent, Toggl, Zoom, Pipedrive, Asana and Trello (plus Basecamp previously) on my iOS devices - and pay for all of those through the respective websites without any option to pay in the App Store.
(Edit: I know Spotify used to have an option for it but they dropped that and I never used it anyway)
Apple's strategy is simple because they had no strategy. They're pretty far behind with software and had no real cloud offering besides iCloud. They're doubling down on what they can do which is to convince people to avoid moving their life online.
In reality, I don't think people will go back to Cloud 1.0 but at least Apple will keep companies in check while they rot away to oblivion.
Examples? They are a platform vendor and have done no worse than other companies when it comes to their platform. Sure macOS has stagnated somewhat, but so have nearly all desktop platforms. Windows 10 started gaining momentum only when Microsoft realized that they had no scope in mobile space and had to save the last fort they had left. And to be honest, I do not consider Windows 10 to be massively superior to macOS. There is a reason they are building a Frankenstein's Monster by grafting a Linux kernel on top of Windows.
And iOS, despite its problem, can't be considered as worse than Android -- the later has its own problems.
At this point, OS platforms are as good as they are going to get. Barring a paradigm shift in computing, all we are going to see are incremental improvements. And IMO, that is not a bad thing. I, for one, do not want to see an interface redesign every other year.
> no real cloud offering besides iCloud.
That is like saying Google and Microsoft have no cloud offering besides Google Drive and OneDrive respectively. Or are you talking about GCP/Azure? If so, how is that relevant? Apple, unlike the other two, remains a consumer focused company with limited investment into enterprise.
> In reality, I don't think people will go back to Cloud 1.0 but at least Apple will keep companies in check while they rot away to oblivion.
What does that even mean?
> They're doubling down on what they can do which is to convince people to avoid moving their life online.
> That they can get away with this arm-twisting as "privacy" is to give credit to their brand positioning.
I think most EU Advertising Control Boards would verdict that Apple's privacy claims are misleading and therefore against the applicable Advertising Law.
> I think most EU Advertising Control Boards would verdict that Apple's privacy claims are misleading and therefore against the applicable Advertising Law.
I think not. From the horses mouth[1]:
Since the directive on unfair commercial practices (2005/29/EC) is in place, the misleading and comparative advertising directive has been applied only to business-to-business (B2B) relations concerning misleading advertising.
In this verdict [0] of 18-02-2019 the Dutch Advertising Board came to the verdict Misleading "is de uiting misleidend en daardoor oneerlijk in de zin van artikel 7 NRC.". Are you stating that the Misleading verdict can not been given in EU countries in B2C advertisements?
It's a devil's bargain: now we have to choose between walled gardens that offer some privacy and extract their revenue from lock-in, and more open systems that live off spying our data.
Truth be told, the software development cost of these systems (Android and iOS) is not that huge, a reasonably good open source alternative could probably be created for less than a billion dollars, knowing how financially efficient are open source projects compared to commercial companies. That's a few cents per smartphone user per year, for the next decade, negligible compared to hardware costs.
If this order of magnitude funding could be secured for a well organized open source project, we could have the best of both worlds, a truly open ecosystem with privacy at it's center.
GP was, I believe, talking about a whole new mobile OS, built from the ground up for privacy and an open ecosystem rather than just innovating on the existing platforms.
> I don't think I've worked anywhere that's put more than $500M into a single software project. That is "huge" cost.
It's not what they put on the project in one go. It is the accumulated cost of developers, infrastructure and most importantly -- the experience and expertise that has been cultivated over decades. Do you really believe you can get a bunch of developers with limited experience to build something that is comparable to iOS/Android in a couple of years?
> Do you really believe you can get a bunch of developers with limited experience to build something that is comparable to iOS/Android in a couple of years?
I don't, no, but then I wasn't claiming it was possible, especially not for "under a billion dollars".
getting an OS up an running on a phone is easy, its the backend services and building an eco system that will/has sunk a few companies that have attempted it.
> Truth be told, the software development cost of these systems (Android and iOS) is not that huge, a reasonably good open source alternative could probably be created for less than a billion dollars
How sure are you about that? Note that there is a stark difference between “reasonably good” and “used by billions of people”, and that both Apple and Google have thousands of engineers paid five figure salaries for years to work on their mobile platforms.
Hmmm, I don't think is 100% necessary. Web assembly and PWAs have caught up in the last few years. I reckon things like firefox os would have a better chance now.
Some popular services like Snapchat and Tinder do not offer web versions of their service and are app only. The app ecosystem is important to get everyone on board because some companies prefer to keep their product off the web.
Which is a very unfortunately position to be in as a privacy conscious, price conscious consumer.
I'm in the market for a new phone, my current one being the iPhone 6s. And lots of android phones are appealing at the mid-range price bracket with features I want (headphone jack, no notch, etc). But at this price point I essentially have very little choice with Apple and it will be a compromise on features just to stay in the Apple ecosystem. I wish Apple would release a new version of the 5c but updated. They've shown some promise with the new Mac Pro, in that they have actually listened to what people wanted instead of telling them what they should want. Would be good to see them do that at the lower end of the scale with the phones.
It's not just the cost of the OS. Orders of magnitude more costly is developing and maintaining the apps. That includes 1st party apps from Google and Apple and 3rd party.
I disagree. Case in point -- Linux on Desktop. Despite being open source and privacy respecting, Linux never managed to make significant innards into the desktop market. And for good reason. Nobody, except for hardcore hackers, wants to play the sysadmin all the time -- and that is what it takes to keep Linux running -- I am speaking from years of experience here. It is successful on servers because there are battalions of engineers employed by the companies deploying and/or supporting them. Even the most user friendly distros don't hold a candle to Windows when it comes to UX -- let alone macOS.
If the situation is so dire on desktop/laptop, which is a fairly impersonal device, I don't even want to think about running the equivalent of Linux on Mobile (I am not talking about Android). Imagine troubleshooting WiFi/Bluetooth -- or worse Cellular Radio -- issues after every update -- sometimes without any updates -- on your phone.
> Truth be told, the software development cost of these systems (Android and iOS) is not that huge.
What makes you think so? Android/iOS have been developed over years -- the cost of developers itself will run into hundreds of millions of dollars. And then you have designers, project managers, testers etc. to pay -- not to mention the infrastructure costs. Or do you expect everyone to work out of their basements on their personal machines?
> a reasonably good open source alternative could probably be created for less than a billion dollars, knowing how financially efficient are open source projects compared to commercial companies.
Again, what is the basis of this statement?
> That's a few cents per smartphone user per year, for the next decade, negligible compared to hardware costs.
That is assuming you convince everyone to use the shiny new OS.
> If this order of magnitude funding could be secured for a well organized open source project, we could have the best of both worlds, a truly open ecosystem with privacy at it's center.
And there is the crus of the matter! Who is going to pay for the project? Projects like Linux are funded by large companies like IBM, RedHat, Microsoft, Google etc. who use them to make billions. Who is going to fund a mobile OS that is actively going to hinder the money making?
The problem with Open Source projects is that they are driven by developers volunteering their time. There is little incentive for them to see the project to a point where the UX is polished enough for a non-technical user to be happy. It takes a lot of work. It is easy to build an OS that will run on a cellphone, but the real challenge is building the UX and the ecosystem around it. It is not going to be built by developers working in their spare time with no real incentive -- like a five/six figure paycheck. No, engineers tend to work on open source projects till it is either good enough for them, or till they get bored and move on to other things.
Just to be clear, I am not suggesting that open source software is in any way inferior technically. If anything, it is the other way round. Bound by deadlines and other constraints -- or simply because of unreasonable expectations, proprietary software may not be as good technically as the open source counterparts. I am merely pointing out that open source community doesn't typically spend time polishing the software to the point where it becomes palatable to general populace.
Update
And let's not forget, we did have free and open source mobile operating systems -- Ubuntu Touch/FirefoxOS anyone? These operating systems were backed by giants in the open source arena -- yet they failed to gain any traction.
They’re offering privacy, yes, but not as a service. They’re still very much in the business of selling devices to their customers, and this business model is incidentally one of the main reasons they, unlike Facebook or Google, can afford to offer such comprehensive privacy measures.
In other news "Apple’s privacy reputation at risk with new iTunes class-action lawsuit"
> The plaintiffs allege that a third party can purchase a list of iTunes customers based on different demographic requirements, like a list of unmarried people who have a taste for a particular genre of music:
> The lawsuit further alleges that the third-party beneficiaries of this listening data match it to other sensitive personal information gathered about iTunes users from various sources, and then resell that information on the open market.
When I was a teen, my uncle, who was an executive at Oracle at the time, yelled at me for admitting on a medical form that I smoked pot. I said, "But, it's confidential, right?". He told me, "It may be confidential now, but it won't always be. Databases are forever." Apple won't be a privacy company in 10 or 20 years.
I think we are living at just the dawn of a long and very privacy obsessed era, that will probably become more intense as the decades pass, and the generations. I don’t see why a company that pounces on this reality now won’t be still successful at it decades from now.
Because, eventually, Apple will lose revenue, and their shareholders will demand profit. And, Apple will be sitting on a trove of data, or metadata, or predictive models built from that data.
That sounds speculative. Why will they lose revenue eventually? Do you think 40 years from now they will be in a worse position than today? After all, they are today in a better position than 40 years ago. Perhaps a privacy-focused company will actually perform better in a society obsessed with privacy, and eventually, their competitors who don't share these perspectives will be the ones that lose revenue.
It’s not speculation, just logic. Shareholders seek as much profit as possible. The moment that being PrivAAS is worth less than not being one, they’ll switch strateg
You're right that all we can do is speculate. That means that we can't assume things will work as they always have, or as they currently are. Which means you have to assume things will change.
I love this. Apple is one of the only companies (alongside perhaps Mozilla) with the brand muscle to get away with shooing third-party vultures away from a user's implicit information, like the new protections against inferring your location through IP addresses, the option to share your location only once, and enforcing other restrictions like requiring "Sign In With Apple" on all apps that offer Facebook/Google sign-in. [0]
Some developers may balk at giving up all that tasty data, but as a user, this is GREAT.
Regardless of how you feel about Apple on the whole, who else do you think can afford to put their foot down against predatory practices in favor of the user?
It's worth remembering that Apple's privacy spin began with people noticing that Siri is a joke and other ML powered functions in Apple's software are not nearly as good as the competition's, so the company line basically became "our software sucks because we don't spy on you" and because tech journalists are predisposed to hate everyone else and really love framing their stories as rivals dueling they gladly adopted that narrative.
But whatever they are, that still doesn't mean that Apple failure with Siri as alleged reason to focus on privacy is relevant when the end result is better privacy.
I love how during the keynote the only real mention of siri was hey we use neural text to speech to improve the sound of the voices, otherwise yeah siri is still a shitshow
that being said... I've had a macbook pro/ipad combo since like 2012 haha...
I've been an Apple fan for a long time but for the past 10 years or so I've been using more Google products. Well, I think that is changing. Google is proving itself more and more untrustworthy and Apple is moving in the right direction.
For example, I've been using Android phone ever since the second iPhone came out and have been very happy. I signed up for Google Fi as soon as I could and have been rocking a Nexus or Pixel device every since. However, this PaaS push by Apple, and Google's more recent announcements, have pushed me over the edge. I want to get cameras on my home. I want to sign up for things using email. I want to be able to use my personal devices without having to worry that law enforcement can back-door them. I think Apple is the only company that is taking this seriously and can be trusted to do it right.
I doubt that's it. First, it's the same size and shape and position as the selectors below. Second, the usual "clear text" X only shows up when the input box is in focus. That doesn't look to be the case in the picture.
I think it is to clear the text, thus not giving your full name to the app. I assume when the email is selected it’s not filled with an x but a check mark.
Privacy is not all or nothing issue. If you have privacy against commercial use but not against various U.S. agencies that's better than nothing.
Any service where you can reset your password/token that is known only to you after you lose it is not safe from government warrant. It can still be safe from mass collection like PRISM.
Yes - they were part of it - and they are saying "What happens on your iPhone, stays on your iPhone."... so they are effectively lying... It would be better not to say anything...
I took this to mean: we can't legally guarantee your privacy for anything not on your own device; nobody can. Their claim seems to be that private data is kept on the device (from https://www.apple.com/privacy/ ), and protected by encryption within the user's control. By designing the software such that private data stays on the device, it can't be gotten without targeted physical access (and perhaps coercing the user's passcode from them), rather than scooping up everyone's data from the cloud, unbeknownst to the users, and unauditable to security researchers.
That said, I'm not sure how much trust I'd place in Apple, but at least this security model is to some extent auditable.
They're constantly pushing you to upload your data to ICloud as well -- I apparently must have consented to upload an entire backup of my phone there recently, because I can't remember saying yes to this, but there it is. So even if my data was private while it was on my phone, it's not any more.
The bottom line is, only you care about your privacy, because you're the only one who can care about your privacy. You can do that by voting, and by running Free Software.
Effective privacy and anonymity are based on control:control of your software, control of your hardware, control of your life.
Everyone asking you for control in exchange for anonymity or privacy does not necessarily have your best interest at heart.
Apple's business model is about monetising control, and now they're extending that by ostensibly selling some of that control back to you. Apple will only grant you privacy as long as it doesn't interfere with them taking control.
Daas: Doxing as a Service, on an Open Identity Marketplace (meBay). Users can selectively sell their anonymity and personal information, consensually doxing themselves to the highest bidder, and Apple gets a 30% cut.
My cynical side read this as
cheap/free = google/android who own your data in return for their services
vs expensive = Apple who are selling you some degree of perceived privacy baked into the operating systems of their primarily hardware offerings, which you pay more for.
Are Apple phones really more expensive though? Yes you can get cheaper Android devices, but the hardware that competes against iPhones still costs roughly the same as an iPhone. A Galaxy S10 costs $900, an iPhone XS costs $999.
Cloud storage from Google costs $10/TB, iCloud storage costs $10/TB. Apple Music costs $10/mo for one person, $15 for families. Google Play Music costs $10/mo for one person, $15 for families.
You can get Android phones that are cheaper than iPhones, but that's just a function of Apple not competing in the mid and low end of the market. Comparable phone hardware is comparably priced and comparable services are comparably priced. So in that case it's more of a tradeoff of expensive and selling your data vs expensive and not selling your data.
* An iPhone 7 will likely receive timely updates for another 2-3 years, going by Apple's track record. Can the $450 Android phone guarantee that?
* The $450 Android will likely have a mid range chip -- which will likely not run Android very smoothly. iPhone 7, on the other other hand, runs iOS 12 like a charm. Sure, it is not as smooth as iPhone XS, but that is not what we are talking about, are we? And while I suspect that iPhone 7 may not beat the $450 Android on benchmarks (or maybe it can -- at least on single core performance, which matters more than one would think), benchmarks do not necessarily represent the real world performance.
* Resale value of an iPhone is always superior to any Android in my experience.
* While the camera quality varies from phone to phone, I suspect the iPhone is still above average in that regard.
* Sound is still better than most Androids I have seen -- including those costing $100 more.
* Should something go wrong with my phone, I can be reasonably confident that Apple will be able to fix it -- that they will have spare parts available. I can't say the same for Androids -- even flagships do not do well in this area -- I've been burnt too many times.
The only thing you'll miss out on is the latest design trends like bezel-less display and the notch. But I don't see how that counts towards value for money.
I know there are phones like OnePlus which are supposed to be flagship killers, but they come with their own caveats. Search for OnePlus privacy goof ups. And the latest OnePlus is not exactly cheap.
I use an iPhone and an Android on a daily basis -- I am not merely speculating here. I am just not motivated enough to collect data to substantiate my claims.
My experience has been that Android phones have lower capital costs and higher TCO. I buy an iPhone, keep it a few years, sell it for a few hundred bucks and buy another. I buy an Android phone, Google cuts the price by half six months later, and within two years the resale value of the phone is zero. One of the reasons I stopped buying Android phones was because it was an expensive habit.
But ... if you keep your phones until they literally fall apart, the economics are different. Though over a span of, say, five years, it doesn't really amount to much either way.
Apple was the first company to take accessibility seriously. And that is definitely a market where it likely didn't make a lot of revenue, if any at all.
Just consider this, if you think every niche market is irrelevant.
It's good to see at least one tech giant wants to compete on privacy, rather than selling our data. It's great that Apple does this. And yet, I find the Apple ecosystem closed and restrictive. I'm not eager to get an iPhone and would much rather use something like Lineage OS, for example.
They’ve been building up to this point, taking this lead by presenting at EU data conferences in Brussels, and calling for stronger US data protection law.
Facebook on the other hand, has announced they are now a Privacy focused company (whilst appealing the Cambridge Analytica fine of £500k) and gearing up with legal teams. Not walking the walk.
I wouldn’t say they are a privacy-as-a-service company, I’d suggest they are a company that are future proofing their revenue streams by enforcing privacy rules on their development / APP environment.
Remember Apple control their environment. It’s a closed shop. So perhaps these changes are really protectionism against Regulation.
This message is a big lie... there were many cases, where police got the data about "what happened on your iPhone"... How can they say such untruth? Can one sue for such untruth in marketing in US?
Is it only me imagining some kind of scenario where, if this gains traction, suddenly 3rd party developers will have to share revenue with Apple for being able to use the Apple sign in.
I don't think there's any need to pretend Apple is marketing this simply as a virtuous act. They have competitive advantages in some areas, and not in others. They are taking advantage of such an advantage.
When I read the keynote highlights I assumed Apple were extending the existing (iCloud) Keychain/Safari integration to include username generation, and obfuscated email generation resolving to your iCloud account. Since they implemented 2FA codes auto filling in the QuickType bar in iOS 12, they could've extended this UX further, or used 'Siri suggestions' to complete email verification.
I assume they didn't take this approach as it's harder to present a consistent call to action to initiate sign up, but it seems like a missed opportunity to me.
Does anyone know of a password manager that allows you to generate unique email addresses as a part of the core UX?
Ideally, they would work with Solid, a standards based approach to decentralized identity, to provide a general solution, rather than creating yet another new one.
I find Solid incredibly interesting academically, and watch it with interest, but I'm sadly skeptical that it'll find traction— it requires both substantial development resources (as apps need to be rewritten to its standards) and a change in consumer behaviour.
I'm reminded of this Steve Jobs response from WWDC 1997 [1]:
> One of the things I've always found is that you've got to start with the customer experience and work backwards for the technology. You can't start with the technology and try to figure out where you're going to try to sell it. And I made this mistake probably more than anybody else in this room. And I got the scar tissue to prove it.
The beauty of the implementation I described is that it could work with any existing (web) app with little-no development effort while leveraging affordance users already have from using Touch/Face ID to authenticate Keychain, Apple Pay etc.
Until a proposal like Solid is widespread, I'd love for a browser/password manager vendor I trust (for me, Mozilla or Apple) to integrate with a privacy-forward email vendor for unique email addresses to provide a less 'fingerprinted' approach to auth, useful today with all legacy (web) apps.
I don't disagree with what you're saying. But it's also reasonable to focus just on working with those who see the same thing you do, and develop widely usable systems based on that. That's where everything comes from, basically. If we keep pandering to the lowest common denominator, the results will always be compromised.
GDPR is having a big impact on these discussions. Organizations don't want to own data any more. It would be a true tragedy of more collapsing of the net if it came down to using one of a few big providers, without alternate options. Yet we're seeing this happen, since many sites now only offer login via social media, with no option via email. IMO, these sites should be boycotted.
Finally I've found at least one coment related to this point. Everyone seems so atonished because of a new alternative for monetization, they forgot that privacy is a right that tech companies must fulfill. We are running fast towards a content distopy.
Apple delivers privacy from 3rd party developers and at the same time retains all that user data for itself, shoring up its unfair competitive advantage as a non-neutral-platform who makes major forays into its partners’ businesses. Eg health apps, maps, news, podcasts, imusic, etc, etc.
The main economic incentive to collect massive amounts of user data comes from two-sided market (users and advertisers). Google, Facebook are in that market.
Except in china I guess. That place seems somehow everyone is making exception like people are different kind of human. They are the same human. Should have the same human rights.
> The onset of the Cold War soon after the UDHR was conceived brought to the fore divisions over the inclusion of both economic and social rights and civil and political rights in the declaration. Capitalist states tended to place strong emphasis on civil and political rights (such as freedom of association and expression), and were reluctant to include economic and social rights (such as the right to work and the right to join a union). Socialist states placed much greater importance on economic and social rights and argued strongly for their inclusion.
That's all fine and very good for the consumer. Now they just have to get the fuck out of PRISM and I'll start taking them seriously in the privacy realm.
That's why Apple puts so much emphasis on functions working on your phone and not in the cloud. At the keynote they said "this happens on your phone and nothing is sent to Apple" at least half a dozen times. If it's stored on your phone, it's not subject to Prism and is encrypted so the government can't pry through it at will.
They had to focus on privacy to separate out from the competition. Also this distracts the focus on walled garden criticism and freedom to own the devices.
And you need to pay an absolute premium for this pricacy - I've plotted the price of iPhone prices increase here and even after adjusting for inflation the price growth is really high. Especially if you look at the flagship phones
I don’t get how this is a value proposition. Privacy should be included in any service related to technology and data. It’s not a plus, they are trying to charge for an obligation. We are losing our rights for the creation of new markets.
I highly doubt apple isnt collecting inform on users of their services, they just aren't letting anybody else access it. Its matter of time before Apple builds something that uses all the info they have collected.
Is there an existing alternative service (read: FOSS) that would auto-generate temporary emails and manage identity for services like "Login with Apple"?
Using a password manager and a catch-all domain works fine for me. I don't use the federated systems (any more - I used to use Google) - I just make up an email address for anything I want to sign up for and save the credentials.
I am clearly in the minority here but I think "Sign in with Apple" is terrible for consumers. You keep your email address hidden from service providers, sure, but you are also placing your online identity entirely in the hands of Apple. If you get on the wrong side of Apple's algorithms, there is zero recourse. At least in the case of Facebook and others the third party still has your email address so you can always start using that to identify yourself.
Let's say I sign up for an online game using Apple's secure sign in because I don't want to share my information.
Some time passes, and I've invested 250 hours into the game, when Apple decides to ban my account for whatever reason (perhaps I've refunded too many apps, maybe the credit card that pays my Apple Music expires, my country gets sanctioned by the US gov. etc.)
Apple would, presumably, shut down email services for me. Meaning, I won't be able to log into that game any longer. With no alternative log in method (which would defeat the purpose of using Apple's sign in) I would likely lose access to that game forever.
Isn’t this just a general SSO problem - I assume the same would happen if someone signs on with Google/Facebook/Twitter and is banned from one of those services?
Is the idea here that there’s a higher chance of this account type being banned without recourse because of the number and type of ecosystem interaction points (App Store, subscription services, etc.)?
Unlike Google, where high-profile Twitter shaming is basically the only effective technique for resolving issues, for consumers the Apple stores are a legitimate place to go and complain.
It’s not perfect but on the spectrum of bureaucratic chaos, Apple is a lesser offender.
You can choose to share your email with each developer or not, so if you feel particularly attached to a service you can disable the email obfuscation. Or sign up withouth Apple ID if you know beforehand.
This is true for Google, Facebook, and Twitter logins as well. It's a valid criticism for using any third party authentication provider (which I personally avoid and will be avoiding Apple's).
The login provider doesn't store the service account itself, so it's possible to "eject" your account and use some other sign in mechanism as long as you have control over the email address.
If you're worried about that for a particular service you don't have to anonymize your email address – in fact it's opt-in not opt-out. When signing up it will use your real email address for the service or you can check a box to provide an anonymized one for free as shown in the keynote.
Apple makes good products, but they build closed ecosystem for premium price.
So, I not use they products, maximum run macOS in VM sometimes.
And if will be forced to use a smartphone (maps in new city for example), it will be iPhone, 'cause I prefer privacy vs "open source with spy" by Google.
And I, for one, am OK with that. I'm glad there's a vendor who is baking a device's lifetime of backchannel personal data "monetization" into the upfront price, and I keep my privacy.
I still can't access Techcrunch and other Oath website on mobile. Instead of the article I land on a GDPR cookie page and I can only say "OK" there is no way for me to refuse tracking or turn off part of the cookies like on every other websites. WTF?
The ‘service’ here is the apple developer subscription of $100/year. Apple is pandering to its beloved developers here, because, let s be real, the public doeskin care.
Apple is a 'use all of our products, or else we will make life inconvenient for you' company. The fact that this happens to offer some privacy benefits is just a strategy credit[1]
I'm not in any way an Apple fan and only look at their ecosystem via VM, but I curious. What company have more convenient integration of both own proprietary services and 3rd-party one? As I see it with Apple you can be at least fairly sure their products going to have good integration within their closed-garden ecosystem. With anyone else not even this is guaranteed and you'll likely be bombarded by ads.
I'm among the guys who use FOSS everywhere and it's just hard to setup and maintain own infrastructure like Desktop+Laptop+Phone+Cloud+Services integration. So I wonder if you know better options.
> What company have more convenient integration of both own proprietary services and 3rd-party one?
Most others. Google’s services work on Linux, macOS & Windows (and, I assume, the browser-based stuff works on the BSDs, too). Even Microsoft’s stuff works many places.
But Apple just locks one out if one is not using an Apple device. Two of my brothers’ families use iCloud exclusively to share & comment on family pictures; I’m locked out of my family’s life because Apple thinks it’s too difficult to display images and text on a web page (and, of course, because I value my freedom too much to use an Apple device).
And yes, I am bitter about that. The photos-and-comments stuff is bog-standard; there’s absolutely no good reason it should only work on iPhones & macOS computers.
I’m actually hoping someone will take a second to post ‘you dolt! Apple has had a website for the last 3 years to support exactly that!’ That’d be great. But that last time I checked — they didn’t.
Why should they? They want to sell you the Apple experience, where iCloud is fully integrated. Integration into Android will be half backed, which gives a bad impression.
Microsoft failed with their Windows mobile strategy and uses a different playbook, trying to get everything in Azure, no matter the specific client.
Because it makes no financial sense for them. MS’s Office is ubiquitous and has a market beyond the borders of a specific OS. Apple’s solution isn’t nearly as competitive as Google’s or MS’s. It’s a “better than nothing” approach as far as I can tell. Even Google’s solution only competes because of the synergy with the ecosystem (Android), not because of technical superiority.
It’s similar to the reason MS stopped making a mobile OS.
And if you’re wondering, Google’s solution also integrate pretty poorly with the competition’s products, if they can get away with it. But in their case it’s not because it doesn’t make sense, it’s to force people into using G stuff.
Maybe this will change if Apple guarantees some privacy features but without solid technical features to compete, it’s still a tough sell.
unfortunate (but necessary) move, considering part of the reason it failed is because Google yanked support (and later certification of Microsoft's implementations of) Google services like YouTube.
It wasn't only the lack of Google apps mind you, but they do have a certain degree of kingmaking ability with whether they put apps on your platform or not.
Google Drive increases the data you have with Google and encourages you to use other services like Gmail or GSuite. This increases the time you spend with their apps which increases the chances of clicking an in-app advertisement.
Apple doesn't sell ads so there isn't a financial benefit to them releasing iCloud Drive on Android.
Apple sells iCloud subscriptions though. And yet you're not worthy of their privacy if you didn't buy their completely DRM locked devices where they control even the content you're allowed to see.
Sure, but if you’re not using Apple products, why would you want iCloud Drive? I mean if it wasn’t deeply connected with iOS and I could slot in any third party, I’d probably never pay for iCloud Drive either.
If you want third party on Android, Microsoft’s 1TB of OneDrive as part of Office 365 (can buy annual subscriptions at a discount from Amazon as well) seems the better deal.
> but if you’re not using Apple products, why would you want iCloud Drive?
I think that's the point though: some of apple's products are quite appealing, but really only make sense if you buy into their ecosystem entirely. I could use Chrome without using anything else from Google. I can subscribe to a Google Group without having a Gmail account (though they're not making it easy, or good tbh). I can even use Android without Google – although at that point it's not much of a Google product.
iOS is looking like a nice mobile OS but I'm not interested in buying an iPhone. iTunes may be a good service but I won't be able to use it on Linux or my phone.
I run my own infra (caldav,carddav,imap/smtp) and all of it intergrates seamlessly into iOS and macOS. I tried the same on android and it did not work seamlessly with anything except google services.
Sure, their own stuff works better with their own stuff, and yes, the watches can't be configured without a phone, but that's also true of android.
Could you outline what kind of problems you had with android and integration? In my experience android is the superior platform for plugging in your own modules and your own data where you want it.
The way you describe it; I would agree. You can "do anything" on Android, but this leads to poor implementations for common things.
What I'm referencing is that the OS and Apples own applications are built to support what I would be consider very sane defaults (as in, it supports me doing my own thing, without the need for plugins/modules).
My experience is that on Android I had to have many third-party integrators to get things up and working, and they were very poor quality and would run in the background murdering my battery life. (and I had to pay for it: https://play.google.com/store/apps/details?id=at.bitfire.dav...)
IMAP/SMTP Were less of a problem but it always /felt/ very third party when using tools for that purpose, where google mail was truly first class. On iOS I don't feel this way at all, once I had push notifications set up the experience was identical (if not a little better with my own server due to apples SMTP servers getting overloaded).
So, you're right when you say that Android is more modular and supports stronger composibility of the system. But the experience of actually using it is so incredibly poor that even with Apple doing it's bullshit (no small phones, no headphone jack, protruding camera) I have very little inclination to go back- the "feeling" I get is that it's funnelling me to third parties, whether it be google or samsungs awful "samsung cloud ecosystem"
> My experience is that on Android I had to have many third-party integrators to get things up and working
That you have to buy/install CalDAV AND CardDAV connectors is indeed a weird shortcoming of Android. On the flip-side you had the option to do so.
Also, in the age of everything-SaaS, a one time payment of $10 for basic infrastructure isn’t all that bad.
> IMAP/SMTP Were less of a problem but it always /felt/ very third party when using tools for that purpose, where google mail was truly first class.
What Email app did you use? Gmail (which obviously treats Gmail better) or something else?
> But the experience of actually using it is so incredibly poor
Different strokes to different folks I guess.
I never experienced Android to be that different (or worse) when using my own standards-based providers.
That said iOS feels a lot more coherent if you stick to Apple apps all the way. But not being able to set another default browser or email client is just weird.
> That said iOS feels a lot more coherent if you stick to Apple apps all the way. But not being able to set another default browser or email client is just weird.
in this, we agree.
> What Email app did you use? Gmail (which obviously treats Gmail better) or something else?
Samsung mail, I couldn't find any decent alternatives, maybe this is my shortcoming for not knowing what is available?
>Also, in the age of everything-SaaS, a one time payment of $10 for basic infrastructure isn’t all that bad.
Except I'm paying to use a connector to use /my/ infrastructure. But, I don't mind paying for software, so long as it's good and well integrated. DavDroid was half decent, worth the money if you consider the effort involved, but not "good".
Obviously its not what Google intended, but Android is just better when it comes to support of open source alternatives. Yet obviously as I posted already in this topic it's hard to build convenient infrastructure for yourself in general.
All well and good to say such things, could you point me to a few?
I was using Android as a daily driver for over 6 months and I didn't find anything in the play store that was of sufficient quality. (DAVDroid being the closest to decent, but it ran in the background and didn't do 2-way-sync correctly etc)
FWIW I was using a Samsung Galaxy S8, and that model does not have the ability to be flashed (and I think it doesn't to this day)
I use DAVDroid (now DAVx5) and I have had no issues with it so far, coupled with a NextCloud DAV server. So far it has worked well to sync contact information, calendars and the like (for close to 2 years now)
it would be stupid (and ignorant) of me to claim that it doesn't work for anybody.
I'm glad it works for you, it wasn't a very nice experience for me and it's certainly not comparable to having the OS designed and built for my use-case in mind, but I certainly don't think it's "unworkable" just that Apple provides a superior product in this example.
Apple usually has better integration when they care about something, but in most cases I find their offering lacking or not free enough so Android feels like a better environment at this stage to supplement the functions of the base OS with less restrictions. For example, I really like the fact that I can see the file system on Android, while on iOS it's completely obfuscated from the end user.
I think its still fine, as long as someone can afford it. We can't ask them to be fair its just take it or leave it. These days privacy is a luxury, rather than a fundamental right.
> These days privacy is a luxury, rather than a fundamental right.
The EU things differently. For us privacy is very much a fundamental right, such as right for access to clean water/air, right for free access to information (internet) etc.
Looks good on paper but in reality what's being done about it? Apart from a few token court cases. People are still dumping their data wholesale in to social networks and EU is mostly powerless when faced with these companies (FB, Google).
> right for access to clean water/air
Here in Brussels you can't throw a rock without hitting 10 diesel cars that come with almost every desk job and include free diesel no questions asked. They spend most of their time sitting in some of the worst traffic in Europe.
Air quality is constantly at the worst end of the scale, both indoors and outdoors and takes years off your life. At the same time there's more and more calls for regulation of Lime scooters.
EU cares but mostly just pats itself on the back for churning out reports.
We have laws against murder and yet people commit it all the time. What kind of argument are you trying to make?
Both Google and Facebook have been hit with lawsuits in the EU. The laws are there and companies violating them are being punished. One could argue that the punishment is not large enough, if companies still repeatedly violate the laws. It'll take some time though until we see whether companies change their stance on privacy. One company which doesn't need any 'encouragement' is Apple, that's pretty clear now.
Whether what they are doing is legal or will go unpunished remains to be discovered. In the meanwhile there is a considerable increase in public awareness of (e.g.) how creepy facebook is (I know that the biggest facebook competitor is instagram, but there is a real difference between how people interact with the two platforms and also in expectations on how much public your profile and post are)
> In the meanwhile there is a considerable increase in public awareness of (e.g.) how creepy facebook is
Every non tech person I know has some notion of FB being creepy but not a single one has changed their online behavior in any way. Everyone cares until it's actually time to delete your account.
Anecdotal I know, but I know of several people who now refuse to install the Facebook app on their phones (instead using the website) because they don't want "Facebook listening in on their conversations"
Yes, but they have been already fined in the past and law enforcement is keeping an eye on them. This could be better of course, but keep in mind that the GDPR is still a new thing and enforcing it requires time.
Last time I checked Facebook was still selling our data to Cambridge Analytics and whoever they wanted to and tracking us around the whole internet. So on paper it is, in practice not so much.
ITT people who are blowing off privacy as though it's not valuable while simultaneously talking about Apple lock in like they're the only company to do that.
Idk what yall are on but privacy is valuable to most of us. That comes with a cost and it's not hard to see why - selling private data is how companies make more profit while charging less than apple. Don't wanna pay? You lose privacy. Want privacy? You pay. It's that simple. At last apple gives an option, meanwhile idk how Facebook and Google and all don't face regulation for the egregious privacy violations they commit.
I feel Apple is abusing their dominant position (single app store) to force all the developers to implement & maintain Sign In with Apple as a new SSO method: https://developer.apple.com/sign-in-with-apple/
I'm really curious to see how this will fly with the Antitrust
