A Look Inside Apple's User Data Utilization Wars

tlhIngan writes: It's no secret Apple [is] on a privacy bent as of late. But that extends inside of Apple as well with various internal groups fighting for access to user data and often being denied by Apple's "privacy czars" who ensure Apple doesn't collect information they don't [need], that information is used only [in] ways the user allows, and to design the systems to keep user data separate. This has lead to many conflicts, especially for the Siri and iAd team who often cannot access [the] user data they need. Of course, Apple can do this because unlike Google, Facebook or [Amazon], Apple makes money on hardware and not on the sale of customer data.

And if you believe that

I've got some swampland in Arizona I'll sell you for $1 per acre.

Re:And if you believe that

[What] the [heck] are [you] talking [about] ?

Re:And if you believe that

How [did] this commenter get marked as a troll for simply disagreeing with the article? [If] anyone needs to be modded down it's [the] submitter for his absurd use [of] brackets? Or was [the] writer of the referenced post [that] illiterate that he didn't include basic conjoiners etc in [their] submission? Seems unlikely...

wrong

"Apple makes money on hardware and not on the sale of customer data."

iAd ... http://advertising.apple.com/
iBeacon ... https://en.wikipedia.org/wiki/IBeacon
iTunes ...

All of these use user data to facilitate advertising or other revenue for Apple.

Re:wrong

iAd, iBeacon, et. al., give Apple a 24/7/365 ability to track where a device is in real time. If the data is there, it can be used and seized.

If Apple were a privacy champion, they would be doing something against intrusive ads, not joining the intruders and privacy violation squad.

Re:wrong

[Old97]

You don't even know what these things are. Read the other posts. As to iBeacon, it's not giving data to Apple. Some business, e.g. MLB, buys and installs iBeacon technology in order to sell goods and services or enhance their experience. The purchaser of iBeacon, not Apple. If a user allows his/her device to communicate with iBeacon - the owner or user of the device, the iBeacon or the business operating it - then and only then is their an exchange of data. Any device that has cellular communications or bluetooth turned on is providing some data to whatever is scanning for it, It's the nature of electronic communications. The issue is whether or not it provides data you've put in or made available to your device and that is what Apple puts in the device owner's/user's control.

Re:wrong

[SeaFox]

"Apple makes money on hardware and not on the sale of customer data."

iAd ... http://advertising.apple.com/
iBeacon ... https://en.wikipedia.org/wiki/...
iTunes ...

All of these use user data to facilitate advertising or other revenue for Apple.

iAd is being discontinued.
With no new ads being accepted once current campaigns end it will be gone. The sales team has already been dismantled.

You're title is correct in that you're wrong

[rsborg]

"Apple makes money on hardware and not on the sale of customer data."

iAd ... http://advertising.apple.com/
iBeacon ... https://en.wikipedia.org/wiki/...
iTunes ...

All of these use user data to facilitate advertising or other revenue for Apple.

Revenue breakdown for Apple:
http://www.statista.com/statis...

So they make 80% of their revenue from hardware. iTunes exists because of the hardware. All of that other stuff like iAd/iBeacon is probably a rounding error.

Oh and:
http://www.engadget.com/2016/0...

Re:You're title is correct in that you're wrong

Try to use that hardware without iTunes. No really, try it.

Re:You're title is correct in that you're wrong

[NatasRevol]

Most people do these days. My family has half a dozen iDevices. If they're hooked up to the computer once a year, that seems like a lot.

Re:You're title is correct in that you're wrong

Okay, done... what's the issue you're supposed to hit?

Re:You're title is correct in that you're wrong

I have been for years.

Re:You're title is correct in that you're wrong

Try to use that hardware without iTunes. No really, try it.

Tried it. It works!
There are quite a lot of people using Apple hardware for work related task, you know. We're not all 'consuming media' on overpriced hardware just because Apple!

Re:You're title is correct in that you're wrong

[Gr8Apes]

I have multiple devices without iTunes running, a couple not even installed including this machine I'm posting from. What's your point again?

Re:You're title is correct in that you're wrong

[mlts]

I can run without iTunes, with the device backing itself to iCloud, and after an erase, having the device restore itself completely.

However, there is one use that iTunes is a must: If I want to do a DFU restore, I have to plug it via a wired connector, and load a firmware version that is within Apple's signing window.

Does this mean iOS is better? No. I can run an Android device, and not need to use an ADB driver until I need to flash a ROM. Restores are easy as well, as app backups are stashed on a cloud provider, then get reloaded via Titanium Backup.

I would say iTunes is a must on a computer, or at least a virtual machine, just for doing a DFU reload. Otherwise, one can run day to day without it.

Re:You're title is correct in that you're wrong

From your own iAd engadget article...like the subtitle..."iAds will still exist, but this tool for developers is going away."

So glad this is marked informative by Apple drones.

Re:You're title is correct in that you're wrong

[MobileTatsu-NJG]

Try to use that hardware without iTunes. No really, try it.

Going on six years now.

Re:You're title is correct in that you're wrong

[Lumpy]

Not a problem. I haven't loaded itunes for YEARS for my ipads or iphones.

I am guessing you haven't touched an apple product for over 5 years now.

Re:You're title is correct in that you're wrong

[tlhIngan]

iAd failed because they were unable to get user information.

The only information Apple was going to give marketers? How many people viewed the ad. No IDs, no counts, not even an anonymous ID they could use to track people.

Marketers obviously balked because they could get far more information using AdMob than iAd. The iAd people even wanted to mine iTunes data but was refused, three times. This would allow them to target the ads to individual users, but that request was denied - it was basically just advertise and you'll get back a count of how many people viewed it.

iBeacons are Bluetooth LE devices that transmit an ID code. Your device, on getting an ID code with a suitably equipped app, could display extra information. All an iBeacon does is transmit - it could collect who it talked to, but that would require it also be able to offload that information somehow.

Yes, Apple could make Siri and iAd better if they allowed data sharing like Google. But they deliberately chose not to, even though it costs money (iAd opportunities lost because marketers went elsewhere), and performance (Siri being more useful). Tell me why would Apple deliberately leave money on the table and make their products perform worse on purpose?

Re:You're title is correct in that you're wrong

All of that other stuff like iAd/iBeacon is probably a rounding error.

iAds and iBeacons earn the company revenue by driving hardware sales, a platform that doesn't offer an ad revenue method for developers to monetize their applications isn't going to do well.

Oh and: http://www.engadget.com/2016/0...

"What is happening, is that the similarly-named iAd App Network, which allows developers to advertise their own apps through iAds, is going away."
So what's your point?

Re:You're title is correct in that you're wrong

It does work but it means that the ~80GB of data on my iDevices would need to be uploaded to iCloud and I'd have to pay quite a bit (relative to the cost of a HDD) for the privilege. So you can do it but it isn't really practical for anybody with any significant amount of data.

Re:You're title is correct in that you're wrong

[Bing+Tsher+E]

I now have OTG (On the Go) USB thumb drives that have a standard USB 3.0 connector and a MicroUSB connector on the opposite end. When I want to watch a movie on my Android tablet I can throw it on the dual interface drive (its a 32GB that I paid $10 for at WalMart) at the PC, plug the drive into the MicroUSB connector on my Tablet, and watch the movie.

So I seldom connect my tablet or Android phone to the PC anymore either. But it's pretty easy to get data onto it. How do you sync data fast (i.e. by wired means) to your iDevices?

Re:You're title is correct in that you're wrong

[Bing+Tsher+E]

You're clearly not putting on or getting much data from your iDevice, then. Not with any speed, anyway.

That's cool, some people don't want to throw a chunk of movies or music onto a portable device and use it disconnected from anything that they have to pay for. Some of us do, though. OTG connections rock.

Re:You're title is correct in that you're wrong

[MobileTatsu-NJG]

Yes, I'm clearly using my phone differently than you use yours. Not sure what the hostilty is about, though.

Re:You're title is correct in that you're wrong

[laxguy]

You can backup all your data perfectly fine without iCloud

Re:You're title is correct in that you're wrong

You can backup all your data perfectly fine without iCloud

Yes if you use iTunes, which is what this thread is about not using and the only alternative is iCloud.

Re:You're title is correct in that you're wrong

And from apache.cassandra.org:

"One of the largest production deployments is Apple's, with over 75,000 nodes storing over 10 PB of data. Other large Cassandra installations include Netflix (2,500 nodes, 420 TB)"

That is an awful lot of space for just the data they 'need'. I guess you have no choice but to throw away data you don't 'need' when you have to scale to those sizes.

Correctly tagged

At least this story is correctly tagged as a slashvertisement. It's way too obvious to think people wouldn't assume that anyway.

Cognitive Dissonance

[labnet]

How is the /. user not segment fault over this good news!

Re:Cognitive Dissonance

https://www.youtube.com/watch?v=m_mDTLphIVY

Another humble brag from Apple?

[JoeyRox]

For a company as secretive as Apple, stories like this don't get out unless Apple intentionally leaks them. It's just like the recent story of how some Apple engineers might quit if forced to implement an encryption backdoor for the government.

Re:Another humble brag from Apple?

[wickerprints]

Really? Are we really that cynical?

The fact remains that the only major technology company that doesn't base their entire business model around collecting and exploiting the personal data of its users, is Apple. You can't even say that about Microsoft, which we have seen is all too willing to force people to upgrade to their Windows 10 spyware. And your reaction is, "another humble brag?" Boastful or not, leaked or not, deliberate manipulation or not, the bottom line is that nerds who bitch and moan about the attacks by of corporate and government entities on the security and privacy rights of the user should not, in the same breath, insinuate that a company who at least makes the defense of user security and privacy a selling point for their products is just motivated by greed and making the issue a marketing point.

If you want companies to care about protecting your rights, it's naive to think that they should do it purely out of the goodness of their hearts. The fact that Apple wants to create products that are secure and that they don't want to be in the business of tracking everything you do so that they can sell that data to someone else, is far more than you can say about Google, Microsoft, Amazon, Facebook, and practically every other tech company on the planet.

Re:Another humble brag from Apple?

[the_B0fh]

But how are Apple haters going to be able to come around to these set of facts...?

Re:Another humble brag from Apple?

[JoeyRox]

I don't dispute the facts of the article or any of the points made in your post. My contention is that nothing leaks out of Apple unless Apple wants it to be leaked. Apple has made the protection of user data a cornerstone of their smart device strategy. We saw nearly zero leaks out of Apple for the last 10 years yet suddenly we now get inside information about how their engineers reacted to the potential of having to compromise their encryption and now how their business group is reacting to pressure to utilize user data, both stories which support Apple's strategy. You'd have to be cynical not to believe that these leaks weren't humble brags straight from Apple HQ.

Re:Another humble brag from Apple?

[Bing+Tsher+E]

Except, wasn't the whole Jennifer Lawrence naked photos scandal all about images leaked out of an iPhone? Wasn't it images on an Apple cloud drive??

And there have been a rash of 'leak' incidents and issues just since the start of this year.

Re:Another humble brag from Apple?

[JoeyRox]

I'm not referring to security breaches.

Re:Another humble brag from Apple?

[tlhIngan]

Except, wasn't the whole Jennifer Lawrence naked photos scandal all about images leaked out of an iPhone? Wasn't it images on an Apple cloud drive??

And there have been a rash of 'leak' incidents and issues just since the start of this year.

Actually, it turns out that it was not Apple's fault - it was the result of a massive phishing attack.

It wasn't an attack on iCloud security, it was just social engineering, which explains why "the fappening" was limited to only a few accounts.

Re:Another humble brag from Apple?

[Plumpaquatsch]

Except, wasn't the whole Jennifer Lawrence naked photos scandal all about images leaked out of an iPhone? Wasn't it images on an Apple cloud drive??

Nope, more than half were from hacked Gmail accounts - keep up with the news, binge shitter.

https://www.washingtonpost.com/news/the-intersect/wp/2016/03/16/the-shockingly-simple-way-the-nude-photos-of-celebgate-were-stolen/

Based on what we know from the plea agreement and prosecutors, it appears that one major part of Celebgate is much less elaborate than what some 4chan users claimed at the time: that many of the photos were stolen through a clever exploitation of a previously unknown iCloud security flaw — a claim that Apple had denied.

Instead, Collins used a method of gaining access to password-protected accounts that can victimize pretty much anyone. Phishing schemes come in a lot of different flavors, but all follow the same basic outline: Users are tricked into giving out sensitive information by malicious email accounts or websites that appear legitimate. Spear phishing, which appears to be what happened here, involves targeting specific users by impersonating businesses or individuals they might already know.

According to court filings, Collins stole photos, videos and sometimes entire iPhone backups from at least 50 iCloud accounts and 72 Gmail accounts,

Re:Another humble brag from Apple?

[Plumpaquatsch]

I don't dispute the facts of the article or any of the points made in your post. My contention is that nothing leaks out of Apple unless Apple wants it to be leaked. Apple has made the protection of user data a cornerstone of their smart device strategy. We saw nearly zero leaks out of Apple for the last 10 years yet suddenly we now get inside information about how their engineers reacted to the potential of having to compromise their encryption and now how their business group is reacting to pressure to utilize user data, both stories which support Apple's strategy. You'd have to be cynical not to believe that these leaks weren't humble brags straight from Apple HQ.

What's your point? That you would only entrust your data to companies that can't even keep their own company secrets to themselves?

Google becoming Microsoftish

[Tablizer]

Apple can do this because unlike Google, Facebook or [Amazon], Apple makes money on hardware and not on the sale of customer data.

Google Maps on Android wanted me to register (with Google) in order for Maps to remember recent queries done just 5 minutes ago even. If you don't register, you gotta re-type them in.

And the User Agreement does permit them to share map queries with vendors.

Technically a map app could cache recent map queries on the phone itself rather than The Cloud.

I'm thinking of going back to iPhone.

Re:Google becoming Microsoftish

I think that the people at Google not-so-secretly hate their users. I imagine that it's similar to how an abusive person feels about a spouse that keeps coming back for more or how a slaughterhouse operator feels when they leave the gates open and none of the livestock even try to escape. How can you have any respect for people who continually and voluntarily interact with Google?

Re:Google becoming Microsoftish

[Tablizer]

Didn't they change their creed from "Don't be evil" to something non-committal like, "Make a reasonable attempt cut down on evil a tad if you have the time and it's not too costly"?

Re:Google becoming Microsoftish

[Bing+Tsher+E]

But if you go back to iPhone, the maps will lead you out onto an active airplane runway.

Or was it into a live volcano? I can't remember the details....

Re:Google becoming Microsoftish

[Plumpaquatsch]

Yeah, and Google Maps constantly tells people to "turn left" where they aren't allowed to. The difference is Apple actually fixes bugs fast. And that's ignoring the way hackers can manipulate Google Maps https://search.slashdot.org/story/14/07/10/198205/how-google-map-hackers-can-destroy-a-business

Considering the head start,Google Maps should be miles ahead compared to Apple Maps instead of "sometimes better, sometimes worse".

Yeah, Apple can do this

[viperidaenz]

Perhaps they shouldn't though.
It could be why Siri is something people use twice then give up because it's not as good as it could be.

Re:Yeah, Apple can do this

Perhaps they shouldn't though.
It could be why Siri is something people use twice then give up because it's not as good as it could be.

This. I've tried it hundreds of times and have never seen it work a single time.

The Siri team really needs feedback on all of the failures.

Re: Yeah, Apple can do this

I guess they're waiting until it starts working before allowing third-party integration.

Re: Yeah, Apple can do this

Siri is an embarrassment to Apple.

apple makes money on its much hyped brand

[sittingnut]

"Apple makes money on hardware and not on the sale of customer data."
actually apple makes money on its much hyped brand, using it to sell overpriced (and usually copyrighted and patent protected) hardware, software and content.

pseudo news ads like this, and whole encryption saga, are all part of brand protection and enhancement. (which they apple is perfectly free to do btw).

--
also logically speaking, however it makes money does not necessarily limit its options with regard to user data.

Is in the Amazon?

What does it mean? Are terrorists using /. to communicate?

Re:Is in the Amazon?

My mistake - Is need in the Amazon. Still don't get it.

Forced PR

This whole "Apple cares about your privacy" just feels phony to me.

Laws/Regulations protecting customer info exist...

[Lodragandraoidh]

Information privacy or data protection laws prohibit the disclosure or misuse of information held on private individuals. These laws are based on Fair Information Practice, first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). The basic principles of data protection are:

For all data collected there should be a stated purpose.

Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual

Records kept on an individual should be accurate and up to date

There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting

Data should be deleted when it is no longer needed for the stated purpose

Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited

Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)

Apple still has some security to work out.

[NatasRevol]

iMessage leaves all kinds of forensic evidence behind AFTER a message is deleted. Including records of when it was deleted...

https://twitter.com/JZdziarski...

Re:Apple still has some security to work out.

[mlts]

On Android, the app I'd use for securing texts is TextSecure. It not just provided key exchanges, but it stashed the SMS messages encrypted. Sadly, it doesn't seem to be on the Play Store anymore. It didn't have as much functionality as dedicated SMS apps... but it did work and seemed to have been well designed. I'd definitely use this if it were still around, or on iOS.

Re:Apple still has some security to work out.

Signal has replaced it.

Missing the poinnt, as usual.

It is completely irrelevant how good or bad Apple's user data utilization governance is. What is relevant is that Apple even has access to the user data and that their usage of it is at their discretion. This can only end badly. It will take a while, but either Apple itself will move to the dark side, or an employee will steel the data, or governments will force Apple to hand it over.

The way forward is clear. All systems handling user data must be designed in such a way that only the user himself has access to the information. It will not be easy, but it is either that or the complete loss of privacy. Any other way, and it will be abused.

And obviously this does not only apply to Apple.

Re:Missing the poinnt, as usual.

[tnk1]

Theoretically it is very easy to create, although people may not trust that it was actually done that way.

The user will generate a personal key on their device for their data or more importantly, be able to enter their own encrypted key file manually. The data sent will be encrypted with that key. Apple will store the data in a bucket labelled by the device ID or Apple ID. Now Apple is storing your data on their computers and they can access it, but they can't read it unless they can break the encryption or get the key and unencrypt the key.

On your phone, all apps are closed and flash images purged and your unencrypted secret key is deleted from memory when you lock the phone and only decrypted by entering your password on the unlock screen or on some other password screen. Now a locked phone means that even your device cannot access its own stored data on the server.

The decrypt-encrypt scheme is definitely processor heavy, there is still a race condition for the lock, and there are other disadvantages, but I'm only talking about a very blunt, brute force encryption protection scheme. Surely the geniuses at Apple could do better than I.

"ish"??

[SuperKendall]

Google to my mind has far surpassed Microsoft in unpleasantness to the user. Microsoft primarily was involved n creating bad user interfaces that were overly complex and lacked style; even though they collect a lot of user info also they don't spread it around nearly so much as Google does. Google's ecosystem is far more "leaky" if you will in terms of apps or advertisers getting a trove of information about your behavior from search or even just day to day movement.

Re:"ish"??

Does Google really leak info to advertisers? It's always been my impression that Google is building a warehouse of profiles and the last thing they want is advertisers to ever access that info. So Google is very aggressive about collecting data about your habits and wants, but that data only helps them sell a targeted product to advertisers (i.e. acting as a middleman). If that middleman position is ever weakened by "leakage" then it's game over for their 90% share of gross revenue.

Am I misunderstanding their business model?

Re:"ish"??

What I detest about Google is how easy they make it to "share" information with them: deliberately or not.
One small oversight during setup ... they get your contacts / calendar / etc.

For years they've hidden the per app firewall (Privacy Guard) that's available standard with other distributions e.g. Cyanogenmod.

And I know that, even when I take every step to protect my privacy, Google is still mining my data via other people's devices.
Either their contacts list: John Smith / Cell Number / email@example.com / DOB / Address
or via emails that I send to / receive from a Gmail account.

I loathe Google.

Re:"ish"??

[shawn2772]

It's always been my impression that Google is building a warehouse of profiles and the last thing they want is advertisers to ever access that info... Am I misunderstanding their business model?

IMO you're overstating Google's "aggressiveness", but you've got the business model right, and you're right that the last thing Google wants to do is give the data to advertisers. And, frankly, advertisers couldn't use it as effectively.

Re:Laws/Regulations protecting customer info exist

[Alumoi]

For all data collected there should be a stated purpose.

Becasue we want to do it.

Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual

You did read the 100+ pages EULA, right?

Records kept on an individual should be accurate and up to date

And that's why we're always traciing you.

There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting

Nothe the 'should' and 'may' not the 'must' and 'will'. But hey, not everyone in US speaks English so we may get away with this.

Data should be deleted when it is no longer needed for the stated purpose

Again, 'should' not 'will'.

Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited

But, your honour, their law said they care about data protection, it's not our fault they don't enforce it.

Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)

We've seen it all, there's no need to be sensitive.

Re:Laws/Regulations protecting customer info exist

Information privacy or data protection laws prohibit the disclosure or misuse of information held on private individuals. These laws are based on Fair Information Practice, first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). The basic principles of data protection are:

For all data collected there should be a stated purpose.

   

Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual...

...and I'll just cut you off right here until you can prove that the majority of consumers even bother reading the EULAs they willingly agree to before even connecting their shiny new device to the internet.

For FUCKS SAKE, wake up already. You're more clueless than the average consumer who no longer gives a shit about privacy.

Google does not sell user data

According to Google anyhow: https://privacy.google.com/

Please cite your source.
thx

Marketing, nothing more

This is nothing more than marketing. Apple is very cynically manipulating you, and you've fallen for it. Apple's encryption is 100% about protecting the walled garden, not in any way about protecting you. It's blatantly obvious that the iPhone has been allowed to succeed in China only because the government feels no threat from Apple. That, in itself, is strong evidence that Apple has caved completely on privacy. Keep believing the marketing and giving them their 30% cut on all of the media and apps that you consume while believing that you're better than that.

Re: Marketing, nothing more

Any sort of facts to bolster this claim would help.