[HN Gopher] Apple's privacy labels show WhatsApp and Facebook Me...
___________________________________________________________________
Apple's privacy labels show WhatsApp and Facebook Messenger hunger
for user data
Author : ColinWright
Score : 426 points
Date : 2021-01-08 11:32 UTC (11 hours ago)
(HTM) web link (www.techradar.com)
(TXT) w3m dump (www.techradar.com)
| hugi wrote:
| I'd love to be able to see a table/grid listing my installed
| applications along with the permissions they've been granted.
| Aachen wrote:
| Try Exodus, available from f-droid and scans for trackers as
| well as displaying permissions.
|
| https://exodus-privacy.eu.org/
|
| https://f-droid.org/packages/org.eu.exodus_privacy.exoduspri...
| eznzt wrote:
| Well of course they hunger for user data. THey are free services.
| Would you rather have to pay for whatsapp? Or have banner ads?
| Because I rather not
|
| And the comparison to imessage is a bloody joke. You already paid
| a shitton of money for your iphone, they don't need your data for
| anything
| S4mb wrote:
| I remember when you had to pay a buck a year or so for
| Whatsapp. I really liked the feeling of this straight forward
| business model and paid.
| acmecorps wrote:
| How sustainable is that $1/yr tho I wonder
| YetAnotherNick wrote:
| Good luck justifying the 19 billion dollar they sold their
| business for using $1/user/year.
| cwhiz wrote:
| Would I rather have to pay?
|
| Fucking yes! This should be the default. The default should be
| pay, with a free option that requires you to dump truck all
| your data.
|
| Tech giants have completely ruined the internet economy. You
| can't even pay for these things now. It's just hand over all
| your data and secrets, or fuck off.
|
| And the worst is that new businesses can't compete unless they
| do the same. You can't compete with free.
| davidy123 wrote:
| IMO it would be perfectly reasonable for everyone to have an
| Internet connection(s), and much of the rest is handled by
| community efforts. That's how Bittorrent works, and it's very
| scalable and open. Emerging protocols can add privacy. Solid
| is another effort in this direction, where any third party
| could host your data. Finding ways back to that (since it's
| more or less how things worked pre tech giants) offers a lot
| of solutions. The tech giants could even pivot (or be forced
| to pivot) to this approach, which is simply about being less
| captive on particular ecosystems. It's not even the grand
| vision of rich interoperability that doesn't depend on
| backroom deals, which is what we should be talking about now.
| 4ggr0 wrote:
| imo, that's a very, very dangerous proposal. I agreed with
| you for a couple of seconds, but this sounds like yet another
| way to fuck poor people.
|
| It should just be default to not collect unnecessary data,
| whatever that may be, while being free. Maybe make paid plans
| with premium features. Everything else will just mean that
| Big Tech can spy and manipulate poor people, because they
| can't afford to pay for every service they (have) to use. We
| should stop tying privilege to money.
|
| Maybe I'm being too dramatical, but that's what came to my
| mind after reading your suggestion.
| cwhiz wrote:
| Access to internet services is not some fundamental human
| right. No one HAS to use these services. You can live a
| perfectly fine life without FB, WhatsApp, Instagram,
| Twitter, Google, etc. I don't have accounts with any of
| these services. My life is better for it.
|
| Moreover, paying for goods and services is how the economy
| works. Netflix does not have a free tier. Are they fucking
| over poor people?
| enumjorge wrote:
| > Or have banner ads?
|
| You do realize that this type data collection is almost always
| in service of displaying ads, in some way, to users, don't you?
| There's been reports about FB working to add ads to WhatsApp
| for a while now [0].
|
| [0] https://www.techradar.com/news/whatsapp-could-be-getting-
| ads...
| jwr wrote:
| Ironic -- the article shows up obscured by a full-page overlay
| and a banner with my favorite phrase "We value your privacy" (I
| read this as "your data has value to us"), that goes on to say:
|
| "We and our store and/or access information [...] and process
| personal data, such as unique identifiers and standard
| information sent by a device for personalised ads and content, ad
| and content measurement, and audience insights [...]
|
| With your permission we and our partners may use precise
| geolocation data and identification through device scanning. You
| may click to consent to our and our partners' processing as
| described above. Alternatively you may access more detailed
| information and change your preferences before consenting or to
| refuse consenting. Please note that some processing of your
| personal data may not require your consent, but you have a right
| to object to such processing."
|
| I can then click "MORE OPTIONS" to enter the deceptive dialog,
| where you think everything is off, but really everything is
| hidden under "LEGITIMATE INTEREST" (another one of my favorite
| sneaky phrases). I don't know how you can really turn the
| tracking off.
| 0goel0 wrote:
| Beat the dead horse - news sites need money and show ads.
| fouric wrote:
| ...and to _continue_ to beat the dead horse, news sites can
| either (1) straight-up paywall their content or (2) show ads
| without invading your privacy.
|
| Tracking in every form but the anonymous, opt-in, and truly
| optional (no restrictions (other than the obvious) if you
| decline) in not acceptable.
| mrybczyn wrote:
| Showing ads is one thing, but more savage beasts lurk in the
| javascript jungle...
| grishka wrote:
| > I don't know how you can really turn the tracking off.
|
| Install a good ad blocker like uBlock Origin. You may also want
| to disable third-party cookies for good measure.
| jahlove wrote:
| Unfortunately Apple doesn't allow such plugins on iPhone.
|
| It comes full circle...
| grishka wrote:
| Doesn't iOS 14 have DNSoTLS? You could use that to block
| ads system-wide. I've been doing this on Android with my
| own sever for several years now, and it's so surprisingly
| effective that I forget internet ads are a thing.
| katsura wrote:
| I use the Lockdown Privacy[0] app, it saves me from most of
| the ads, although, not from the cookie popups. It works
| pretty great and is open source.
|
| [0] https://apps.apple.com/us/app/lockdown-
| privacy/id1469783711
| reaperhulk wrote:
| Apple has allowed content blockers in safari on iOS for
| several years.
| Nextgrid wrote:
| Which are much less powerful than uBlock Origin and only
| work in the browser (which isn't an issue on desktop, but
| on mobile a lot of the tracking is also done by apps, so
| blockers need to be more than just browser-focused).
| whatever1 wrote:
| That is wildly inaccurate. Apple should report for each of their
| apps the iOS data they are collecting on top of the application
| specific data. Apple has my location, my friend's location, my
| contact list, and stores all of my iMessages with the encryption
| key in iCloud.
| yokoprime wrote:
| As far as we know (and evidence seems to support it, apple does
| does not hand out users data to authorities) apple cannot
| decrypt your data at will.
| whatever1 wrote:
| At the phone. At icloud is a different story.
|
| "Messages in iCloud also uses end-to-end encryption. If you
| have iCloud Backup turned on, your backup includes a copy of
| the key protecting your Messages. This ensures you can
| recover your Messages if you lose access to iCloud Keychain
| and your trusted devices. When you turn off iCloud Backup, a
| new key is generated on your device to protect future
| messages and isn't stored by Apple"
|
| https://support.apple.com/en-us/HT202303
| ascagnel_ wrote:
| I think this is the best way to do it.
|
| - If you want to hold the keys to your backups and set up
| the system to be private, you have the option to do so, and
| are presented with that option at the time the device is
| set up (and you are also presented with the option to use a
| local backup to restore or set up a device). The
| implications of the choice to use a cloud backup should be
| made more clear, though.
|
| - For the vast, vast majority of users who don't have good
| backup hygiene, having someone else manage backups and hold
| decryption keys is a good trade-off, considering that the
| alternative is total data loss.
| whatever1 wrote:
| e2e encryption for all icloud data + a dialog prompt on
| whether you authorize to store the decryption key on the
| server would suffice.
| tobyhinloopen wrote:
| Funny how this article bombarded me with cookie popups
| Shivetya wrote:
| Like many other unpleasant facts it is one thing to know
| something is happening and another to have it proven to your face
| in an indisputable format.
|
| However I have to ask, will this become another surgeon generals
| warning or calorie labeling of restaurant menu experience? By
| that I simply mean, people will not only click through it but
| also accept it as they don't see any real cost.
|
| Eventually as with everything presented under dire warnings you
| drown your audience to the point they tune it all out and go
| right back their blissfully attitude of just accepting it under
| the guise of its not going to matter
| protoman3000 wrote:
| If it's impossible/forbidden/very costly for the vendor to put
| poison in the food, then they won't do it. Nobody will come and
| say ,,I would like to have this extra fatty extreme glucose
| meal, please".
|
| This is why we need opt-in instead of opt-out as default.
| parthdesai wrote:
| YMMV, but I actually do look at the calories before ordering at
| a restaurant. There are times when I have ordered something
| else because of the number of calories was too high in what I
| wanted.
| themark wrote:
| What search history is linked to iMessage? Is it the searches you
| do on your phone?
| mrweasel wrote:
| It's really hard to tell with Facebook if they understand that
| their massive data collection is at least morally questionable,
| and they business plan is simply a calculated risk. Given that
| most people seem to care more about free services, than they do
| about privacy, Facebook may see privacy labelling is a pointless
| exercise that won't change anything anyway.
|
| Or perhaps we are back at Upton Sinclair: "It is difficult to get
| a man to understand something, when his salary depends on his not
| understanding it." and Facebook as an organisation is simply
| unable to acknowledge the problem, because doing so would ruin
| them.
| bhntr3 wrote:
| Well, you can't undelete data you didn't collect. So I think
| there's this natural tendency toward omnivorous data collection
| in every tech company.
|
| Then we rationalize it by telling ourselves that we use it
| ethically. It's almost always true . . . except when it's not.
| If 99% of the time the data is used ethically, it's easy to
| write off that 1% even when the 1% is all that matters.
| DSingularity wrote:
| If Facebook charged 2$ a month for their services, would they
| not make more than their operational costs? They choose to
| exploit and straddle areas that are morally and legally dubious
| because they want more money.
| hairofadog wrote:
| A family member recently relayed the story of his kid begging
| for $20 for a "bunny suit" Fortnight skin and how he, the
| adult, slowly came to understand that the skin didn't even do
| anything; it just ever-so-slightly changed how the game
| looked (which I already knew, but his exasperation was
| amusing). We were like, huh. Kids today.
|
| Anyway, for reasons I don't totally understand, in my
| experience this dad's bunny-suit exasperation is how most
| people feel about paying for software of any kind. It's not
| just frugality but indignation at the very idea that they be
| asked to pay for software.
| jpttsn wrote:
| What does a real world bunny suit do that a Fortnite bunny
| suit doesn't?
| hairofadog wrote:
| TERRIFY CHILDREN
| germinalphrase wrote:
| For one, you own it - so you can sell it when it's no
| longer amusing.
| conistonwater wrote:
| Do you mean to say there is a market for used bunny
| suits? I think 'jpttsn might have a point specifically
| with respect to useless nonsense products.
| germinalphrase wrote:
| Whether or not anyone wants to purchase is a separate
| concern from the fact of ownership.
|
| Edit: there are approx. 1000 used bunny suits for sale on
| EBay, so...
| sbierwagen wrote:
| If you check the "completed listing" box, most of the
| ones that sell seem to be doll clothing or other
| collectables. Half of the human clothing listings that
| sold are skiing "bunny suits" https://www.ebay.com/sch/i.
| html?_from=R40&_nkw=bunny+suit&_s...
| Zhenya wrote:
| I think the feeling of something tangible (ie takes
| physical resources to create it) is a big driver of it.
| In a sense its own vs lease.
|
| I have met people who refuse to pay for digital music but
| have zero qualms buying records. Arguably the records
| have less use cases but they are YOURS and tangible.
| FalconSensei wrote:
| Besides you owning a physical product:
|
| 1 - if it's like a Kigurumi (pajama), you can wear at
| home during winter, looking good/cute
|
| 2 - If you are female (can apply to males to maybe), Wear
| and post photos on instagram/twitter, make Only
| Fans/Patreon sets to make money
|
| 3 - if it flows your boat, wear during... you know...
| Spivak wrote:
| Yeah, these kids today wanting to pay for things that
| change their appearance in the world where they interact
| with their friends.
|
| I really don't get this. Did you never buy a ringtone for
| your phone because you thought it was cool? Or some item of
| clothing that didn't serve a purely functional purpose. Do
| you not have any art or photos on your wall? I assume you
| still have your default desktop wallpaper and phone
| background.
|
| Like I live my life surrounded by all sorts of random junk
| that brings me joy. How can you not?
| hairofadog wrote:
| I meant it to be an amusing anecdote about someone being
| confounded by something not in their realm of culture,
| not a critique of young people or Fortnight or even of
| digital bunny suits (though I admit $20 does seem
| expensive for a digital bunny suit). I meant no offense.
| Surely there's some cultural phenomena (truck nuts?
| Haunted dolls? Calvin peeing? Beanie Babies? VSCO girls?)
| that makes you think, huh, that's a thing that I don't
| quite get? That's all I meant to convey.
| berkeleyjunk wrote:
| Facebook made approximately $30 (USD) per user in advertising
| revenue last year. I think the bigger issue (IMHO) is that
| the people who are prepared to pay to not be profiled are the
| people who are the most valuable to advertise to. i.e. they
| are worth way more than $30 in revenue per year.
| thatguy0900 wrote:
| On the other hand, the people willing to pay to not be
| profiled are probably already using adblockers and piholes
| everywhere they can, no?
| Nextgrid wrote:
| Facebook is relatively immune to ad blockers as most
| Facebook, WhatsApp & Instagram usage is mobile (and why
| Instagram's web version is very bare-bones and lacks
| critical functionality).
| thatguy0900 wrote:
| That's fair. I'm still using Firefox mobile with
| adblocking, so I didn't consider that.
| godzillabrennus wrote:
| Facebook grosses about $22/user/year from their platform.
|
| If all users paid $2/month they'd be fine.
|
| Problem is, not many people would shell out $2/month to
| socialize online.
| FalconSensei wrote:
| Also, let's say I'm willing to pay $2 to use facebook and
| socialize with my friends. If 2 or 3 close(-ish) friends
| drop off because of that, facebook would no longer be worth
| $2, so I would also drop off
| skocznymroczny wrote:
| They'd lose many users. $2 a month might not be a lot, but
| any non-zero amount of money is a barrier for users. On one
| side some users might not have an easy way to pay, others
| will still have to reconsider whether Facebook itself offers
| enough to be worth the $2 a month (even if it totally does).
|
| Also, a more likely outcome would be Facebook charging $2 a
| month on top of their usual data collection practices.
| mrweasel wrote:
| That's really the scary part, most people wouldn't pay $2
| per month for Facebook. Most wouldn't pay the $1 for
| WhatsApp. That shows you how little value these services
| actually provide to most people. The remaining users
| wouldn't pay for year two, because to many others would
| have left the platform.
| CallMeMarc wrote:
| Didn't WhatsApp actually cost like 1 EUR/year before FB
| bought it?
| mrweasel wrote:
| It did, first year free, then $1 per year, but I think
| many just created a new account, or WhatsApp perhaps
| didn't really enforce the payment much.
| CallMeMarc wrote:
| IIRC I even bought the app on the app store and then had
| some kind of "lifetime" plan, easier times
| fakedang wrote:
| Yep, first year free, then $1 payment, but if you wanted,
| you could just uninstall, reinstall and it would reset
| the entire schedule. Acton and Koum really wanted it to
| be something different than what it is now.
| akoncius wrote:
| I think it was highly profitable business because before
| FB acquisition it was very small company (~100 people)
| compared to user base (hundreds of milions). but FB did
| acquisition not because of profits but because of
| userbase to collect more data. So to increase userbase
| even more, FB got rid of payment plans and made service
| for free.
|
| Edit: tried to google concrete numbers what revenue was
| back then, could not find any clear answer, because it
| was doing some juggling with stocks etc.
| https://techcrunch.com/2014/10/28/whatsapp-revenue/
| akoncius wrote:
| as far as I remember - yes, it was 1 dollar/euro per year
| after first year for free.
| durovo wrote:
| Most wouldn't pay because there are alternative free
| services with a somewhat similar model. This analysis
| would be more interesting if all these 'free'
| alternatives go away.
| rootusrootus wrote:
| It's not just Facebook and WhatsApp, it's pretty much any
| service we've become accustomed to getting for 'nothing'.
| As a comparison, I run the domain my family uses for
| e-mail (not just my spouse/kids, but my brothers and
| parents and a few extended family members as well), and
| it's currently hosted on GSuite, grandfathered in from
| way back when you could get it free. I wanted to switch
| us away from Google to FastMail, but everyone balked at
| $5/month for e-mail. Even the ones making well into six
| figures didn't want to cough up $60/year for something
| they've been getting for free. So I could pay it out of
| pocket, or we stay on GSuite, or I kick everyone off that
| won't pay and deal with hurt feelings.
| chongli wrote:
| Most people wouldn't pay but some would pay a lot, in the
| form of donations.
|
| I can easily envision a world where Facebook was a
| nonprofit along the lines of Wikipedia. Ad-free and
| supported by donations, the site would serve to connect
| the world (Facebook's ostensible mission) without
| resorting to dark patterns or A/B testing for addictive
| engagement. I think there are plenty of wealthy people
| out there who would love to support such a site, if it
| existed.
|
| Technology-wise, such a site could be built today, no
| problem. I have no idea what to do about the network
| effects that comprise Facebook's moat, however.
| MajorBee wrote:
| I think most people do manage to get at least a buck or
| two's worth (adjusted for local purchasing power) of use
| out of WhatsApp (if not facebook.com); surely, the
| ability to instantly contact people via text/call/video
| must be more useful than music streaming?
|
| The problem seems to be that if competing services remain
| free, then users might start questioning the fee and
| eventually the base might migrate.
|
| Really, while "free" internet services appear as if they
| are straight out of a post-work utopia, all they seem to
| be doing is trivializing the social cost of accurate and
| insidious targeting of groups jazzed up in sexy terms
| like "digital marketing" and "adtech".
| Retric wrote:
| People using WhatsApp _are holding a cellphone,_ so it's
| not about suddenly being able to communicate with people.
| MajorBee wrote:
| Holding a cellphone is step 1; step 2 is having a tool
| that can facilitate frictionless communication to one or
| more people -- easy and cheap enough for pretty much any
| demographic to grasp. Contacting someone from what was
| essentially a portable landline is surely very different
| from using WhatsApp (or any chat application) on a modern
| smartphone?
| filleduchaos wrote:
| > People using WhatsApp are holding a cellphone
|
| Have you actually _used_ cellphones? They 're extremely
| expensive to actually communicate with, especially in the
| countries where WhatsApp is near ubiquitous (and we're
| talking within country, let's not even get into how
| horrendously expensive communicating with people
| internationally can be via regular cell service).
|
| I really don't understand why so many people on HN are
| this adamant about trivialising the value that apps like
| Whatsapp provide.
| Retric wrote:
| WhatsApp adoption clearly demonstrates they are providing
| value to people. My point is people are looking at what
| the app does rather than why people use it. Phone
| conferences for example have been a thing for decades,
| but they weren't free.
| skinkestek wrote:
| > Most wouldn't pay the $1 for WhatsApp.
|
| It had explosive growth despite (or to some degree
| because of) the yearly $1 fee.
|
| I'd happily also paid for my kids and a number of my
| friends to keep them on old WhatsApp, pre-Facebook, if
| they needed it.
|
| Instead they sold out.
| Shish2k wrote:
| > Most wouldn't pay the $1 for WhatsApp. That shows you
| how little value these services actually provide
|
| Most people don't pay for air, therefore those people
| would be happy if their access to air was removed?
| helsinkiandrew wrote:
| What would be interesting if they offered an ad free option
| - like Amazon Kindle, youtube etc.
|
| Back of the envelope calculation suggests they make about
| $2 a month from each user (~$70B revenue/year divided by
| ~2.7B active users/month)
| SCNP wrote:
| I would love this if I trusted any online service to
| maintain the paid option as truly ad-free over time but
| I've been burned by the TV industry too many times. Ad
| creep ruins every paid service and ultimately just drives
| the price up.
| Spivak wrote:
| * Offering an ad-free version devalues their ad network
| so it would end up being more tha $2/mo.
|
| * Even if they didn't show you ads they have no reason to
| not still obsessively track you and monetize that data in
| other ways.
| JKCalhoun wrote:
| Yes, but if they continue to hemorrhage users they may
| come to _wish_ they were making $2 /user.
|
| Long term, Facebook is dead. Perhaps internally they know
| that and are already planning for it.
| SCNP wrote:
| This is kind of my point, too. Free market will
| incentivize getting money both ways so without
| regulation, this is what we get. And I hate it.
| seppin wrote:
| I don't value Facebook at $2 a month, I bet most people
| don't either.
| chiefalchemist wrote:
| It's not hard. Clearly the understand. Their M.O. is
| predictable to a fault. These are not accidents.
|
| This should help. I immediately bought the book.
|
| https://www.wnycstudios.org/podcasts/otm/segments/living-und...
| KaiserPro wrote:
| I think you ascribe far to much skill and control to a
| company that clearly has little to no coordination.
| AlexandrB wrote:
| Of the entire FAANG lineup, Facebook has the simplest chain
| of responsibility. Mark Zuckerberg is not only the CEO but
| owns a majority of voting shares. If he decided tomorrow
| that Facebook should prioritize user privacy, he could make
| it happen. Who's going to stop him? It's weird to describe
| this kind of corporate structure as one that has "little to
| no coordination".
| chiefalchemist wrote:
| Perhaps. But there is a common ends (i.e., profitting from
| data collection) and common means (i.e., Privacy? What's
| that??).
|
| There doesn't have to internal coordination any more than
| FB has to coordinate with (e.g.) Google. Priorities drive
| action.
| jliptzin wrote:
| If they can't manage to charge $1 per user per month for their
| service then perhaps their service isn't worth anything at all.
| themacguffinman wrote:
| By that logic, is Wikipedia perhaps not worth anything at
| all? Monthly user subscriptions is not the only way to
| determine value.
| chongli wrote:
| Wikipedia is supported entirely by donations. I would
| hazard a guess that people who donate to Wikipedia consider
| it to be worth the money they choose to donate, and more.
| themacguffinman wrote:
| So, mostly worthless to the overwhelming majority of
| people who don't donate, and even more who donate less
| than the equivalent of $1/user/month? I'm aware that
| Wikipedia is supported by donations, that doesn't change
| the fact that Wikipedia is immensely valuable to many
| people even though they apparently can't manage to charge
| $1 per user per month for their service. In many ways,
| Wikipedia is so valuable _because_ they don 't charge
| their users.
| chongli wrote:
| A lot of people in Canada don't pay anything for their
| health care and don't pay taxes either because they don't
| earn any income. I don't think it is reasonable to
| suggest these people think their health care is
| "worthless."
|
| The mistake here is conflating price with value. The
| price people are willing to pay is relative to their
| means. The value, on the other hand, is relative to the
| utility they derive from it. Moreover, there is an
| additional external utility accrued to society from
| having a better educated, healthier population.
| aerosmile wrote:
| I am all for bashing Facebook, but comments like this don't
| help us come across as thoughtful in our criticism. The
| question is not _if_ they could run their business with an
| ARPU of $1.00, but instead _why_ would they do so if they are
| able to achieve an ARPU of $39.63 (Q3 2020).
|
| Most companies in this world choose not to willingly leave
| money on the table, and Facebook is simply taking the same
| position as millions of other businesses. The only way to get
| them to earn less than they could is by forcing them to do so
| through market forces (eg: iOS 14) or regulation.
| seppin wrote:
| Tell that to FB and Linkedin's valuations.
| sbierwagen wrote:
| And WeWork was worth $47 billion at peak. So?
| FalconSensei wrote:
| Then all (citation needed) search engines are not worth, as
| they are free. HN and wikipedia are also completely
| worthless.
| timwis wrote:
| I read through WhatsApp's new terms and I don't understand what
| the big deal is. Isn't it mostly about messages with businesses?
| ub wrote:
| https://twitter.com/NiamhSweeneyNYC/status/13471854630571171...
| intellirogue wrote:
| The changes differ based on your location.
|
| In the EU (and UK), it's some fairly minor changes to do with
| business messaging.
|
| Outside of the EU, it is much more significant, merging your
| WhatsApp data with your Facebook data (including the phantom
| profiles FB create for users who don't have accounts). They
| can't do this in the EU (yet) due to privacy laws.
| perryizgr8 wrote:
| Kind of stupid to compare against Imessage. It says Imessage can
| link to your device id. And once apple knows the device id, they
| basically know everything about you since they own the device
| (remember: you don't own your Iphone). It is admirable that
| signal is not using any identifiable data, though.
| tanzann wrote:
| Phone number can tell more than enough (as phone is used as a
| user id in Signal).
| 8fingerlouie wrote:
| > It is admirable that signal is not using any identifiable
| data
|
| They don't need to. You identify yourself within the app with
| your login.
|
| > It says Imessage can link to your device id
|
| While iMessage is vulnerable to (certain) MiTM attacks, and
| storing your message archive in iCloud is (was ?) unencrypted,
| iMessage is surprisingly resilient to attacks (on the protocol
| itself).
|
| Every iOS/Mac device generates it's own key and uploads the
| public certificate to Apple's keyserver, this is why they need
| your device id.
|
| When you send messages with iMessage, your device then contacts
| Apple's keyservers, gets ALL public certificates for the
| recipient, and encrypts the message once for every key, and
| sends an encrypted message per device.
|
| Attachments are handled a bit different. Insted of encrypting
| the attachment n times, a new key is generated, which is then
| used to encrypt the attachement, the encrypted attachment is
| uploaded to Apple, and the key is sent using normal iMessage
| messages (encrypted)
|
| Your private keys NEVER leave your device, so iMessage is end
| to end encrypted as long as you don't enable iMessage in
| iCloud.
|
| I said that iMessage was vulnerable to MiTM attacks, which it
| is. There's nothing stopping Apple from adding a "shadow"
| device to your list of devices with it's own set of keys, which
| would then receive a copy of every message sent to you, and
| that's probably how iMessage in iCloud works, but they have no
| way of retrieving your message history from before the shadow
| device was added.
|
| There's a somewhat recent (2016) paper on it here :
| http://www.cs.tufts.edu/comp/116/archive/fall2016/xshi.pdf
| perryizgr8 wrote:
| > They don't need to. You identify yourself within the app
| with your login.
|
| By that logic even whatsapp/facebook don't need anything
| apart from login. So why do they collect all the other stuff?
| Signal is making an effort to make do with the minimum amount
| of data.
|
| > While iMessage is vulnerable to (certain) MiTM attacks
|
| Apple doesn't need to MITM Imessage. They own the app,
| service, and devices on both sides. That's why it's silly to
| compare it with whatsapp/facebook.
| galad87 wrote:
| iMessage in iCloud is end-to-end. Probably you are confusing
| it with the iCloud Backup, which is not. iCloud Backup
| contains the Messages in iCloud keys anyway, so if you want
| the best security it's better to not use iCloud Backup.
|
| https://support.apple.com/en-us/HT202303
| 8fingerlouie wrote:
| Seems i was wrong, though backup is encrypted. The "issue"
| is that the encrypted backup contains a copy of your key
| used to decrypt the (encrypted) messages within the backup.
|
| https://support.apple.com/en-us/HT202303
| galad87 wrote:
| Yes, but you can use Messages in iCloud and keep iCloud
| Backup off.
| Guereric wrote:
| I am flabbergasted that this author attributed to 9to5 mac the
| privacy labels of different apps in the screenshot, when tracing
| the sources shows it was Zak Doffman at Forbes who created it.
| Poor journalism.
| refracture wrote:
| This is cute and all but so long as Android (and to a lesser
| extent Windows/Linux PCs) cannot run iMessage... what does any of
| this matter? Yeah iMessage is great between me and anyone I talk
| to with an iPhone, but it's still largely an Android world and in
| the best case scenario I can convince an Android user to install
| Signal, but usually not.
| stevehawk wrote:
| Well, that's the point from Apple's standpoint, right? It's
| marketing for them to convince you to convince your friends to
| buy iPhones. And in the mean time they'll keep blocking out
| apps like Signal from integrating in iOS the way they can in
| Android.
| refracture wrote:
| To be clear I wasn't trying to defend Apple here, it's more
| in the spirit of meaning they should just shut up about how
| great they think iMessage is so long as it's only available
| on Apple devices.
| lalos wrote:
| Actual 9to5mac article referenced:
| https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-...
| izacus wrote:
| iMessage seems to be a bit dishonest, because Apple, the owner,
| has way more information about you through iCloud and Apple ID -
| contacts, location, payment data, phone number, etc.
|
| Forcing Facebook to clearly list all of this for the facebook
| account is great, but then failing to disclose this for their own
| account seems like double standard.
|
| Just like having their own separate Ad Tracking switch which is
| on by default. (And even hidden under "System Services" on
| macOS!)
| pram wrote:
| It has its own section in the Privacy tab, which is exactly
| where I'd expect to find it. Hidden in plain sight maybe
| izacus wrote:
| It seems to be hidden enough that it's not added to this
| comparison.
| katbyte wrote:
| That may be true but I disabled that a long time ago and it's
| _stayed_ turned off across multiple ios upgrades.
|
| Unlike others os/phones where such things are turned on at
| every opportunity
| izacus wrote:
| Hmm, I'm being badgered to reenable iCloud on every single
| minor iOS update and rather commonly on macOS as well. Are
| you sure you were never asked about it?
| manyxcxi wrote:
| I have iCloud turned on but it's set to only sync Notes or
| something trivial like that that I don't even use- I can't
| recall ever having been badgered for more.
|
| Maybe I got to that state because I was being badgered?
| It's been long enough though I can't recall.
|
| Might be worth a shot if the risk is acceptable enough to
| you vs the badger.
| izacus wrote:
| I'll try it, but it was mostly for family members who
| didn't have any use for any of the cloud products.
| simonh wrote:
| Those have nothing to do with iMessage though. If they aded
| them to the iMessage list people would naturally think that if
| they didn't use iMessage those things would be disabled, which
| is not true, so what you're asking for would be highly
| misleading and disingenuous.
| np_tedious wrote:
| That's the point, it's not about iMessage but it is about
| Apple. So to include Facebook things that are not necessarily
| Facebook Messenger things makes the comparison oranges-apples
| misleading
| simonh wrote:
| You're misunderstanding the warning on WhatsApp, those are
| the actual information specifically exposed by WhatsApp
| itself. The one for iMessage lists all the information
| specifically exposed by iMessage, so they are equivalent.
| everdrive wrote:
| >iMessage seems to be a bit dishonest, because Apple, the
| owner, has way more information about you through iCloud and
| Apple ID - contacts, location, payment data, phone number, etc.
|
| But do they bring all that data together, correlate it, and
| sell it?
| grishka wrote:
| You can't know that. The moment it reaches their servers, you
| are not in control of what _actually_ happens to it.
| izacus wrote:
| Can any app on AppStore avoid declaring those flags if they
| say in their marketing that they don't sell it? Or why does
| it matter for Apple and not for them?
| shuckles wrote:
| Data used to track you is gathered separately from data
| linked to you.
| Anon1096 wrote:
| No advertising agency sells your data. That would destroy all
| their competitive advantage. They sell access to the people
| they have data on. Regardless, it's irrelevant because the
| App Store labels aren't about selling the data, but about
| what is collected. (or supposed to be, as claimed by Apple)
| ogre_codes wrote:
| They don't sell data, they sell access to fine grained
| slices of their users.
|
| "You want to advertise to 65 year old white people[1] in
| QAnon so you can pedal a very specific kind of fear? No
| problem."
|
| "You want to buy access to black women under 30? We
| gotcha!"
|
| That is what Facebook does which Apple doesn't.
|
| [1] I know FB doesn't actually allow targeting based on
| race anymore. They do allow targeting based on interests
| though which can easily amount to the same thing.
| kingnothing wrote:
| They all pay to "share" data through data brokers in order
| to get more info about you. It's the same thing.
| saddlerustle wrote:
| Facebook buys data from data brokers, but does not share
| data with data brokers.
| kingnothing wrote:
| Do you work for them? The way data brokers work, from
| what I understand, is that it's a 2 way agreement. You
| only get the data if you give data.
| ampdepolymerase wrote:
| A government agency can still order them to hand over all
| data they have, they are still a single point of failure from
| a privacy point of view.
| tinus_hn wrote:
| It is debatable what that data includes but even if true it
| isn't what these labels are about. The list shows purposes
| and types of data and Facebook declares they use all that
| data for the purposes of tracking, advertising and
| analytics.
| everdrive wrote:
| I think that's fair, but is certainly a different concern
| than what facebook is doing.
| S_A_P wrote:
| Claims that company x oversteps privacy boundaries is often met
| with oh yeah? But Apple isn't perfect. I agree, and I think
| there is room to push Apple to be a bigger advocate for
| privacy. Currently I think they are arguably doing the best job
| of this, however and pointing the finger at other people doing
| the same or similar behavior is not really an excuse. Pointing
| out hypocrisy doesn't excuse bad behavior.
| jiveturkey wrote:
| > iMessage seems to be a bit dishonest
|
| i like to call it end to end to end encryption. i came up with
| that for zoom but it applies to iMessage as well.
| [deleted]
| mtgx wrote:
| Also, last I checked iMessage was automatically backed to the
| iCloud when iCloud sync is enabled and you couldn't
| specifically disable the iMessage syncing alone.
|
| Is that still the case? Because in effect that makes the E2EE
| of iMessage irrelevant for 90% of iPhone users.
| joshspankit wrote:
| I don't entirely agree with you here, but I _do_ agree that
| Apple should be leading by example here and putting their
| privacy warnings exactly where they expect everyone else to. I
| _want_ to be prompted for whether iMessage can be tied to data
| collected from other apps, or whether I should allow "Find my"
| to "continue accessing location in the background".
|
| For me, it would go a long way towards seeing Apple as not just
| trying to leverage their platform to be anti-competitive, but
| as a company who is honestly protecting my privacy.
| tinus_hn wrote:
| On iOS your location data, as far as Apple has it, is not
| associated with you or your device but with an identifier that
| is changed weekly.
|
| If you choose to use iCloud to store your contacts (and you can
| choose any other service that implements the carddav standard)
| Apple declares the information is transmitted and stored
| encrypted and can't be used for any other purpose.
|
| https://support.apple.com/en-us/HT202303
| suprfsat wrote:
| Apple shares iCloud backups with law enforcement.
| Humdeee wrote:
| I don't get this take. Your bank, employer, ISP, pretty
| much any tech company, etc. would also share your data with
| law enforcement if court ordered.
| iknowstuff wrote:
| If you ask around people feel like they have more privacy
| when using apple products, yet the truth is they all use
| iCloud backups, iCloud photos and iCloud drive, none of
| which are E2EE. Meanwhile, Google does allow for E2EE in
| cloud Android backups!
|
| iMessage can be MITM'd by Apple when requested by the
| government and you, the user, will have no way of
| verifying your correspondent's public key (unlike
| whatsapp, signal, keybase etc).
| jiveturkey wrote:
| except apple has the tech to not _be able to_ share it.
| they use this for some of your data. but intentionally
| not for icloud.
|
| it's probably nothing to do with USA law enforcement. my
| reasonable guess is they don't care much and would go
| full private. i think the reason here is china. that way
| they don't have to have a separate china policy which
| would draw undue attention to that point.
| iknowstuff wrote:
| Reuters says it was because of the US as well:
| https://www.reuters.com/article/us-apple-fbi-icloud-
| exclusiv...
| jiveturkey wrote:
| To the degree that's true, my guess is that, just like
| China, it's to manage public perception. That is, not
| "because of the US", ie some policy forced upon them.
| izacus wrote:
| Of course and that's constantly being brought out as a
| huge negative when talking about Google, Facebook,
| Microsoft data storage. It also needs to be clearly said
| for Apple as well and not just swiped under the rug
| underneath corporate marketing.
| soupson wrote:
| Yes, it's brought out as a negative because those
| companies are actively using that data to influence your
| behavior and serve you ads. Apple does not do this.
| reaperducer wrote:
| _Of course and that 's constantly being brought out as a
| huge negative when talking about Google, Facebook,
| Microsoft data storage_
|
| No, what is constantly being brought out as a huge
| negative when talking about Google and Facebook is them
| using your data and data about you to make money.
| tinus_hn wrote:
| If you read the document, it has a list of types of data
| protected by end-to-end encryption, which no one but
| yourself has access to. This list does not include iCloud
| backups.
|
| If you do not want this to happen, do not turn on the
| optional iCloud backups.
|
| But anyway, although Apple could decrypt the other data,
| they declare they don't. Which is what the labels are
| about.
| iknowstuff wrote:
| It also does not contain iCloud Photos. Nor iCloud Drive.
| For that matter, apple can intercept and MITM iMessage
| when requested by the government and don't allow you to
| verify the key unlike, say, Signal or WhatsApp. I mean
| it's available in China for a reason.
| coldcode wrote:
| If it's truly end to end encryption it can't be MITM.
| However it could be required to be intercepted ETE in
| China
| jordan_curve wrote:
| If it's end-to-end encrypted, why would intercepting the
| message be an issue?
| judge2020 wrote:
| MITMing future messages could be completely transparent
| to the user.
| costsNall wrote:
| Apple follows law, but otherwise appears to not grift on
| users except for the purchase of products, film @ 11
|
| Different economic models. Google and Facebook cannot exist
| without free user data. IMO the benefits to me are suspect.
| m3kw9 wrote:
| As you said it, but only if required by law.
| shoo_pl wrote:
| >iMessage seems to be a bit dishonest
|
| Maybe I misinterpret the idea behind this list.
|
| To me, its not listing all the things that the company knows
| about you, its listing all the information that app reads about
| you.
|
| In other terms, this is what Apple knows when I disable the
| iCloud and only use iMessage. And this is what Facebook knows
| when I only use it though that messenger and nothing else.
| whoisjuan wrote:
| That's not it at all. If you have iMessage in your phone it's
| completely tied to Apple whole data gathering context because
| your phone is made by Apple.
|
| I understand what you're saying. If the App is only
| collecting certain amount of information on its own, then
| they should only list that right? ... But that's unfair with
| the rest of the vendors because they are forced to list
| everything they track, while iMessage obscures it by saying
| "the app doesn't collect anything"...yet the phone is and
| iMessage is the default messaging system for iOS.
|
| I'm a loyal Apple user but this is anti-competitive behavior.
| As much as I love Apple's privacy focus, it seems that
| they're using it as a proxy to unfairly compete with other
| companies and claim that they only care about the end's user
| privacy, which is clearly not true.
|
| Apple does and will use your data to push Apple products.
| They should be transparent about that.
| ogre_codes wrote:
| Anti-competitive for what?
|
| Apple's News+ advertising empire? App Store advertising? Is
| there any evidence at all that they cross pollinate data in
| either of these contexts? If so, it certainly isn't clear
| based on the advertising I see in News+
|
| Much of the stuff you are complaining about is "collected"
| because it's needed by other services. The real question is
| whether the data is reasonably siloed and how easy it is
| for Apple or third party's (governments, etc) to access and
| abuse.
| manyxcxi wrote:
| I'm not an apologist or shill, but as a user I feel like I
| understand what I'm giving to Apple (or
| Microsoft/Google/$OS_VENDOR) when I am using their OS _AND_
| enabling any kind of cloud sync. Maybe they're taking more or
| less than I expected, but if I'm syncing my entire contact list
| I just have to assume now they have my contact list- and I
| accepted that when I enabled the functionality.
|
| Some feature flags/settings across all the OSes get hidden, are
| non-obvious, on by default, or are flat out using dark patterns
| (looking at you Win10) but in general I assume the default
| state (for all OSes) is a combination of reducing support
| incidents, easiest on-boarding, and trying to push some
| corporate strategic objective summed up as keep the average
| user happy enough to stick around and possibly give us more
| money.
|
| Any app I install on said OS, may want to access this
| information but without all the permissions explainers I have
| no idea what it's going to want or why.
|
| Again, I assume the OS has access to all of this because it's
| the OS it either needs it or is the manager of the info and
| access broker.
|
| To sum up my thought, I guess I agree that there's a double
| standard but disagree that it's necessarily bad or shady- but
| that's because I already had a double standard in mind when I
| think about OS vs App.
|
| Specific to ad-tracking and Apple: I have no proof for my
| belief but I believe Apple who primarily wants to sell me
| hardware and has made public acknowledgements of the importance
| of privacy, including making noticeable improvements to their
| OS, is significantly less likely to abuse my privacy than any
| other OS vendor out there.
|
| I'm not saying this as a whataboutism, I just base it on my
| perceptions given all the things you just flat out can't turn
| off in Win10 and that Google literally makes their money off of
| getting ads to your eyeballs and Android's permissions are a
| dumpster fire nightmare for privacy.
|
| I feel (again, no real proof) that the Apple eco-system is
| providing me the best _mainstream and low-effort_ steps to
| privacy protection vs the others, but I concede that it's
| probably not good enough in many ways.
| jiofih wrote:
| The data listed for FB Messenger is taken directly from your
| phone and explicitly used for advertising and "other purposes".
| If you added what Facebook has access to from your account it
| would cover two entire pages. Apples and.. blueberries?
| KaiserPro wrote:
| I am not a fan of FB. Lord knows they are arseholes.
|
| I _do_ like these labels, I think they are good.
|
| _but_
|
| It is dishonest to say the least that imessenger only has access
| to just those details. To use imessenger, you need an icloud
| account.
|
| Tie that to the location services and any payment information,
| Apple knows everything about you, even more than FB.
|
| The issue is about trust. rightly people don't trust FB with
| their data. However I don't think we should be letting apple off
| so lightly, especially when they are pointing the blame at other
| people.
| helsinkiandrew wrote:
| To be pedantic you need an Apple ID rather than a iCloud
| account to use iMessenger. So in theory payment information
| isn't included.
|
| However once you've got someones email or phone number you can
| ultimately tie it to any other data when you've used it
| elsewhere - medical records, phone calls to prostitutes, hacker
| news posts etc.
|
| I think the difference is that Apple don't (or claim to not)
| use that data to categorise you and serve ads like Facebook.
| Apple make lots of money from hardware sales, a few cents from
| aggregating data is a drop in the ocean and they can take 'the
| moral highground' towards privacy.
| nathanyz wrote:
| I think the difference is that you are paying Apple to not
| abuse your privacy. With Facebook, you know you are trading
| some amount of privacy, but these new labels make it clear just
| what that true cost is.
| KaiserPro wrote:
| I am paying to trust apple with my data. Much more sensitive
| data than I share with Facebook.
|
| I don't give facebook my health, location or payment details.
| Apple gets all of that _and_ extracts a fee.
|
| I don't give a shit about advertising, advertising is always
| about the aggregate.
|
| What I care about is someone getting access to _my_ data
| directly to do something with it. For me, my main fear is
| hackers and corrupt insiders.
|
| Facebook is going to spend the next five years transforming
| from a naive company that is/was loosey goosey with peoples
| data, to I suspect a fee extracting privacy first AR
| platform. You might laugh, but look at microsoft, look how
| they have changed.
| gen220 wrote:
| I agree with this take, and it's the same take I share with
| friends and colleagues. It's certainly better than FB.
|
| However, are we sure that Apple, in 30 years, will be the
| same proponent of privacy that they are today? Even if
| there's a 10% risk that they won't, they'll have your same
| data then that they have now.
|
| Strong encryption with user-owned keys is the only way you
| can mitigate against this scenario. I'm optimistic that we'll
| get there eventually, but we aren't there yet.
| freewilly1040 wrote:
| The data they collect today will be worthless for
| advertising purposes in 30 days, much less 30 years.
| gen220 wrote:
| Yeah, but the data can be used for many purposes other
| than advertising.
| meowster wrote:
| "you are paying Apple to not abuse" _you_
|
| That sounds like a familiar business model.
|
| Granted I pay for an email service that could similarly abuse
| me.
|
| I think the goal should be to create services/software that
| make it impossible for a company to abuse people, so we don't
| have to rely on their word, or have to worry about them
| changing their word later.
| K0nserv wrote:
| Intent matters, simply collecting data to support the features
| you are providing is not inherently bad. Collecting data for
| third party ad targeting on ther other hand...
|
| See: https://news.ycombinator.com/item?id=25684491
| tempfs wrote:
| Expect more of this pushing competitors out as Apple transitions
| further into the 'services' business model by monetizing their
| vast trove of user data.
|
| MSFT and GOOG have been doing this too for years ofcourse.
|
| While GOOG has had to be content only with what they can read
| from emails/calendars, texts, web searches, calls/voicemail,
| maps/location data and anything else that they can scrape from an
| Android device.
|
| MSFT has had all of that a much, much more since they own the
| whole OS for workstation/server class devices where actual work
| gets done. MSFT will claim that all that data is for quality
| control and now security services but ofcourse they are going to
| squeeze every last drop of money they can from it. To expect
| otherwise would be like asking an alcoholic to guard a brewery
| and never sample the product, completely ridiculous. The US has
| no serious legal repercussions for doing so. Probably because the
| US intelligence community depends on that data since IT is
| forbidden from collecting it from Americans on its own.
|
| Gee, I wonder why...
| m3kw9 wrote:
| Problem is that most people already have WhatsApp installed and
| won't be looking at that label anytime soon. Even if they had to
| reinstall it, they would likely never look past the download
| button
| GlobalInsurance wrote:
| We have to do something as a collective unit.
| ericmay wrote:
| If only Apple didn't have a monopoly on the App Store on the
| iPhone. Then we wouldn't have to know this information because we
| could get it from a different App Store where Facebook doesn't
| have to share this info!
| tmpUserA wrote:
| Is there a single time in tech history where a monopoly was not
| totally abused ? You are asking Apple to take over the world
| because you buy their privacy propaganda but ICloud is not even
| end2end encrypted, employee are listening to Siri conversation,
| Apple knows all apps you run and when instead of just providing
| a blacklist you compare against locally... There's a scandal
| every month about Apple privacy.
|
| How long before they ban ProtonMail because "You know what, we
| think our emails are "better for you". How long before they ban
| Signal because "You know what, IMessage has a better security
| than signal so it's "better for you".
|
| Monopoly / tech dictatorship are the easy and tempting solution
| but nothing good ever came out of giving some dude total power
| over you. And even if you like those dude because you buy their
| propaganda, many other people might not share your view.
| IntelMiner wrote:
| That's a pretty intentionally obtuse take on a completely
| unrelated problem
| evgen wrote:
| It is actually too obtuse, to be honest.
|
| It would be better to be explicit: if it were not for the
| Apple 800 lb gorilla holding the Facebook 800 lb gorilla's
| feet to the fire here due to its self-appointed role as
| gatekeeper of the iOS App Store then this information would
| remain hidden from general consumers.
| Daho0n wrote:
| And while they force this to be disclosed about Facebook
| Apple hide its own data harvesting since they can collect
| via sources Facebook cannot. This is pure PR and abuse of
| market share to better Apple's own ad service.
| AlexandrB wrote:
| I've seen multiple people allude to Apple secretly
| collecting data before. I would _really_ like a source
| because it 's very plausible but I haven't seen any
| independent research showing that this is actually
| happening or what's being collected.
|
| Google searches turn up stuff like this:
| https://www.zdnet.com/article/apple-data-collection-
| stored-r...
| evgen wrote:
| You have repeatedly made this claim and have yet to
| provide even the thinnest shred of evidence. Please
| supply some or stop making these unfounded assertions.
| teekert wrote:
| We do one thing right! So we don't need competition because you
| can safely assume all other things are right and the way they
| should be!
| dwighttk wrote:
| Yeah Epic sure showed Google Play, didn't they?
| vincnetas wrote:
| App distribution can be totally different from API access to my
| device. No matter where i get the app from, when accessing
| certain APIs i would get notified about that, or would have to
| explicitly enable that functionality in OS settings.
| Razengan wrote:
| For Apple to know about API access the app would still have
| to submitted to them in some manner.
| nicky0 wrote:
| The idea was that the phone OS could detect the usage of
| those APIs and prompt the user wthout Apple having to be
| directly involved in the process.
| nautical wrote:
| "that the phone OS could detect the usage of those APIs"
|
| This must be handled correctly as it can this also lead
| to privacy violation.
| darkwater wrote:
| Just like on device image recognition which Apple is
| already doing.
| nicky0 wrote:
| There is no reason it can't all be done on-device. That
| is indeed how the current "Enable camera access?" etc.
| system works.
| nautical wrote:
| This is not a question at all that this can be done or
| not ( There is no reason it can't all be done on-device.
| )
|
| Question is will this be ethical .. I will not be
| comfortable using a device that logs every API an app on
| it is calling.
| nicky0 wrote:
| Why would anything have to be logged? Apple phones
| _already_ do this and have done for years. With no
| phoning home.
| mamon wrote:
| Access control is not the same as logging - the first
| time an application tries to access the API the OS checks
| permissions, asks user to approve/deny, and then stores
| the user's choice. No need to log the actual API calls at
| all, no permanent records needs to be created.
| absolutelyrad wrote:
| I'd argue that if apple didn't have a monopoly, we'd have
| stores that catered to privacy conscious people far earlier.
|
| If apple didn't restrict the OS so much, you'd have people
| making their own Facebook clients, wouldn't have mattered if
| Facebook liked it or not. The monopolization of Facebook's
| control on personal connections is partially because of closed
| OS's. And Apple's iOS is one of the most responsible OS's that
| gave rise to Facebook's data monopoly.
|
| Had it been like Windows, there wouldn't be a way that Facebook
| could've maintained their monopoly.
| Razengan wrote:
| > _I 'd argue that if apple didn't have a monopoly, we'd have
| stores that catered to privacy conscious people far earlier._
|
| That didn't happen before the App Store and isn't happening
| anywhere else after the App Store either.
| [deleted]
| dwighttk wrote:
| What's the well-known privacy-conscious Android store that's
| been running for a long time?
| papaf wrote:
| F-Droid: https://f-droid.org/en/packages/io.kuenzler.whatsa
| ppwebtogo/
| ascagnel_ wrote:
| > If apple didn't restrict the OS so much, you'd have people
| making their own Facebook clients, wouldn't have mattered if
| Facebook liked it or not.
|
| You're totally wrong on this. In fact, the first alternative
| FB clients I remember using sprang up on the iPad, before FB
| bothered to put a native app out for it.
|
| What killed alternative FB clients was FB itself -- they've
| slowly closed off the APIs you'd need to access to make an
| alternative client optional. FB has also closed off their own
| alternative clients as well (FB Paper), and have been forcing
| users into their official web or native clients for a while.
| fsflover wrote:
| F-Droid proves your point.
| qwytw wrote:
| Are there any "unofficial" Messenger apps on F-Droid?
| papaf wrote:
| F-Droid has a search box you could use to answer such
| questions for yourself:
|
| https://search.f-droid.org/?q=facebook&lang=en
| qwytw wrote:
| That was a rhetorical question. AFAIK the closest thing
| you can get is wrapper around messenger web app which
| (which by default doesn't work on mobile browser because
| FB wants to force everyone to use their native apps).
| davidy123 wrote:
| While it wraps their web app, I use Frost for Facebook,
| which is an open source app that lets me access Facebook
| messages on mobile without using any of Facebook's apps.
| BlueTemplar wrote:
| I thought that Facebook didn't allow for any unofficial
| clients, be it for Facebook itself or Facebook Messenger
| ?
| qwytw wrote:
| I'm not sure that it really workout that way, you wouldn't
| have Facebook clients on these privacy conscious stores
| because FB wouldn't provide an open API which they could use.
| Otherwise are there any reasons why these client can't be
| published on the App Store besides that there no way to make
| one?
|
| Instead it's probably more likely that FB would host
| Messenger and Whatsapp clients on their own app store with
| all the details hidden somewhere in the user agreement.
| Nabati wrote:
| How does using Facebook via another client prevent or
| diminish Facebooks data monopoly?
| absolutelyrad wrote:
| If you're serious about this question.
|
| The the answer is: a competitor could build their services
| on top of Facebook. They wouldn't have to start from
| scratch. Independent client's mean if the one user trusts
| you with their data, you can provide them a bigger value.
|
| Today you cannot innovate on top of Facebook. Their network
| effects mean if your service is superior, you need to beat
| the network effects first.
|
| And Facebook cannot reasonably offer independent access
| because: Cambridge Analytica.
|
| Independent client's do what they want without Facebook
| taking a hit on their reputation. No one blames apple for
| the crimes committed using their phones/computers do they?
| the_french wrote:
| I think that building a competitor on top of facebook is
| against their terms of service. You wouldn't be able to
| build an 'alternative facebook client', legally at least.
| [deleted]
| [deleted]
| tchalla wrote:
| There are other OS with a larger percentage of devices
| installed with other app stores possible. How many privacy
| focused stores do we see with privacy focused Facebook
| clients? How many of the users exercise those privacy options
| and give informed consent to share their data?
|
| Hypotheticals can be argued either way but it's just one
| possible option, not the only one.
| realusername wrote:
| > There are other OS with a larger percentage of devices
| installed with other app stores possible.
|
| Like which ones? There's the AppStore, the PlayStore and
| that's it, nothing else is even worth being mentioned in
| terms of market share.
| absolutelyrad wrote:
| The answer is chrome web store/firefox store and
| adblock/tracker block. They offer a hint into a more free
| future.
|
| Imagine if adblock wasn't allowed on those stores. Today
| the equivalent is alternative clients to Facebook not being
| allowed on iOS and the App Store.
|
| Look at YC startups like motion being built on top of the
| web. They are building on top of the network effects of
| gmail/google/facebook/slack etc. We aren't allowed any of
| that on mobile. Had they been allowed more access to the
| mobile OS's, they could be a very successful company. We
| haven't even touched the tip of cross OS productivity
| integrations.
| k4rli wrote:
| If only Apple had a monopoly on all phones and computers so
| everyone would know it, right?
| nine_k wrote:
| Why, the idea of an universal benevolent overlord is neither
| obscure nor new. It's basically the idea of God.
|
| Do you know what's the problem with God?
| dwighttk wrote:
| What's the problem with God?
| wizzwizz4 wrote:
| Well, for one, God isn't Apple Inc..[citation needed]
| dingaling wrote:
| Well it's not entirely a fair comparison since iMessage doesn't
| support in-app services and purchasing like Facebook Marketplace,
| as WhatsApp does. For which naturally it has to gather additonal
| data.
|
| Also until iMessage is available on other platforms, what it
| slurps or doesn't slurp is academic for most users of WhatsApp.
| thih9 wrote:
| You're saying that WhatsApp needs more data for additional
| features. But I don't use Facebook Marketplace, I just use
| messaging; it makes sense for me to compare WhatsApp with apps
| that act as communication tools only.
|
| I think most WhatsApp users see WhatsApp like this and I'd
| guess article's authors assumed the same.
| K0nserv wrote:
| That doesn't follow, Apple provides 6 different purposes for
| collecting data linked to the user:
|
| * Third-Party Advertising
|
| * Developer's Advertising or Marketing
|
| * Analytics
|
| * Product Personalization
|
| * App Functionality
|
| * Other Purposes
|
| The features you mentioned would fall under "App Functionality"
| and as you imply it would be legitimate. The reservation with
| Facebook is all the data they collect for the five other
| purposes. In my own analysis of thousands apps[0] I explicitly
| excluded data collected for app functionality purposes because
| of this. FWIW most of Facebook's app collect 128 data types(by
| far the most of the ~5000 apps I've analysed) across those five
| purposes, WhatsApp collects only 18.
|
| 0: https://hugotunius.se/2021/01/03/an-analysis-of-privacy-
| on-t...
| dwighttk wrote:
| Facebook is persona non grata when it comes to trusting them to
| use information that they'd obviously need for a service only
| in the way they'd obviously need to use it while not adding it
| their advertising database.
| croes wrote:
| Maybe FB should have let WhatsApp be a messenger then and made
| the Marketplace its own app. But this way, the tracking
| functions can be pushed to everyone under the guise of the
| Marketplace functions, even if they only use the Messenger.
| [deleted]
| oauea wrote:
| Why would I want in-app services and purchasing like Facebook
| Marketlplace in my chat messaging app? It should facilitate
| chat and messaging, and no more. This is how it used to be,
| until Facebook acquired and ruined WhatsApp.
| darkwater wrote:
| Because other chat systems in other countries (like WeChat)
| did, it was a great success and FB copied it.
| oauea wrote:
| I don't know about that, I have literally never used it or
| heard of it. It was today I learned that WhatsApp has a
| bunch of these useless features.
|
| Besides, China should not be your model if you care about
| privacy.
| figassis wrote:
| Do one thing well is not the only valid model. For instance
| why would you want apps on your phone? It should facilitate
| phone calls and messaging.
| enumjorge wrote:
| I don't think more features is the issue. It's adding them
| at the cost of your personal data, especially when you need
| to pay the cost even when you don't use those features.
| strulovich wrote:
| It's unclear that these data is collected if you don't
| use these features.
|
| Same as an app may need disclose it can use you mic, but
| it only does it if you use specific features. (The model
| for such permissions used to be before installation on
| Android and improved over time, and perhaps something
| similar can be done for data collection permissions as
| well)
|
| Right now, more features, whether you use them or not,
| will have their data collection appear on this screen,
| without context. So while these labels are a welcome
| addition, they can also be scarier than reality.
| halukakin wrote:
| We should understand Facabook was the best platform to advertise
| mobile game apps and etc, for almost 10 years. Apple took 30% of
| all that revenue without any objection.
|
| Now Apple has its own ad infrastructure, and this is a perfect
| strategic move by Apple.
| Daho0n wrote:
| And at the same time Apple pretends not to do this themselves
| since they can harvest the data in other ways so iMessage doesn't
| have to show as many warnings. Very disingenuous and pure PR
| (that clearly is working as intended even on HN). With cloud,
| iMessage and a unique advertising id Apple knows way more about
| its users than Facebook does. Great that Facebook gets exposed,
| but naive that people believe Apple collect less.
| nottorp wrote:
| In other news, google apps still don't have a privacy label:
|
| https://www.macrumors.com/2021/01/05/google-hasnt-updated-io...
|
| I really wonder why :)
|
| And apparently iMessage has a privacy statement now, and it's
| much shorter than whatsapp's:
|
| https://www.forbes.com/sites/zakdoffman/2021/01/03/whatsapp-...
|
| (This is posted on HN too).
| [deleted]
| ogre_codes wrote:
| > I really wonder why :)
|
| No big mystery there.
|
| > iMessage has a privacy statement now, and it's much shorter
| than whatsapp's
|
| Or there.
|
| I wonder how effective these things really will be. Most people
| aren't going to scroll through these so the average person is
| going to ignore the everything below the fold. It's like the
| required disclaimers on medicines which people ignore. Once you
| get past the first few, nobody pays attention.
| simpss wrote:
| It doesn't have to have an effect to everyone, it's about
| taking responsibility and actually defining what they're
| doing.
|
| Once we have everyone actually publishing what they're doing
| it's a lot simpler to file complaints to DPA's and to verify
| they're actually compliant with legislation.
| m463 wrote:
| I wonder...
|
| If they don't update the apps, do they have to update the
| privacy policy?
| radley wrote:
| iMessage is shorter because Apple already uses the OS for data
| collection and can easily match your id:
|
| https://support.apple.com/en-us/HT205223
| creddit wrote:
| Exactly. I've generally not been excited about the idea of
| industrial policy targeting OSes beyond App Store
| limitations, but at this point I feel pretty strongly about
| its need. The absurdity of this is getting a wee bit out of
| hand.
| asdfasgasdgasdg wrote:
| I'm curious: if Facebook did exactly what Apple describes in
| this document for its WhatsApp customers (at least for data
| beyond the minimum required to deliver their service), would
| their privacy statement be able to look like iMessage's? I'm
| guessing not, but I wonder if someone who is more
| knowledgeable could answer the question definitively.
| [deleted]
| surround wrote:
| The article references a 9to5Mac article, which in turn
| references this article by Forbes, which I think should be the
| submission url instead.
|
| https://www.forbes.com/sites/zakdoffman/2021/01/03/whatsapp-...
| xoa wrote:
| Already an active submission on it
| (https://news.ycombinator.com/item?id=25683727), maybe the
| threads could just get merged?
| matsemann wrote:
| The Forbes article goes on and on and never really gets to the
| point. And it had to load for ~3 minutes for the cookie banner
| to set my preferences.
| altitudinous wrote:
| I see this diagram posted everywhere on the internet, and whilst
| of course Facebook collects a lot of data, in this situation I
| believe they just selected every option available to them for
| display on their app listing. If they declare every single option
| that Apple presents then Apple cannot complain, and it is not
| going to deter end users one iota from downloading the Facebook
| app and the other Facebook owned properties.
___________________________________________________________________
(page generated 2021-01-08 23:01 UTC)