Apple's privacy policy and why it matters

March 14, 2019: Apple's new ad is all about the realities of virtual privacy

I love this ad. As I've repeated numerous times, it's easy to get a sense of how much we're paying for something when it comes to money — we see it leaving our wallets and our accounts. Even time, we see the clock ticking down. But no giant internet company is forced to show us how they vacuum up our private photos, personal messages, location, and activity. So, paying with data feels cheap. It feels free.

That's why I kinda love this new ad from Apple, which uses real-world examples of private situations and privacy measures we all understand, every day, but within the context of digital situations.

It may not convince everyone. We've gotten so used to being data rich and mortgaging our privacy to pay for this or that "free" service. But given everything that's been happening in the world, I think it's going to resonate with more and more people.

Security and the need for it online are now generally understood. It was ugly, full of malware and maleficence, but we got there. Now, it's all about the privacy.

More ads like this, please.

Apple's CEO, Tim Cook, in an essay on privacy, just right now published in Time Magazine:

In 2019, it's time to stand up for the right to privacy—yours, mine, all of ours. Consumers shouldn't have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.This problem is solvable—it isn't too big, too challenging or too late. Innovation, breakthrough ideas, and great features can go hand in hand with user privacy—and they must. Realizing technology's potential ­depends on it.

Read the whole thing.

October 28, 2018: Tim Cook's Privacy Policy for the World

Tim Cook delivered the keynote speech at this year's International Conference of Data Protection and Privacy Commissioners, on Wednesday 24 October 2018. It's significant because Apple, as a matter of company policy, believes privacy is a fundamental human right. From Tim Cook at the very top to engineers on the front line, this belief permeates Apple and drives the company's product development process every bit as much as the technology itself. As much as Apple is designing for experience and for accessibility, the company is also designing for security and privacy.

Apple's belief in privacy is made manifest again today with the launch of an updated version of apple.com/privacy (opens in new tab).

I had the chance to talk with Apple ahead of the new site going live and once again came away impressed not just that privacy mattered to them as an ideal but the depth and thoughtfulness of how privacy and security has been implemented within the design and development from the very beginning of every new and updated product.

New features aren't simply created and then handed off to a "privacy and security team" mandated to shellack a thin veneer of legal ass-coverage on top. Privacy and security are intrinsic parts of the product, from hardware to software, on-device and through Apple's servers.

Why Apple's stance on privacy matters

Because of their business models, Google, Facebook, and similar companies build and retain complex profiles on us, including our behavior and our relationships.

They claim not to share or sell that data, but through their advertising systems, they share and sell insight into it and us. We can quibble about how much and what patterns can be derived from them, but when you see an ad for a product you'd previously searched for, or you see your photo used in an ad, you feel exposed.

What's more, the simple act of keeping all that information, whether for themselves or for their advertising customers, creates a vulnerability. The potential for abuse, no matter how unlikely, is staggering:

  • "Which way are you going to vote? If you thought information about your web history would be made public, now which way would you vote?"
  • "You are transacting business in our country. Your servers will be made available to us. You will show us all interactions between individuals on the following lists…"
  • "Hey, let's see what your ex is up to…"

The examples above are extreme and safeguards no doubt exist to try and prevent such exploits. But this isn't FUD. Google has stolen Wi-Fi data in the past. It has exposed the location of victims to abusers. Uber has tracked people without their knowledge. Government agency contractors have snooped outside the bounds of law and morality. This is a real, valid concern.

The only way to absolutely prevent the abuse and disclosure of personal data is not to store that data. Google, Facebook, and other large data harvesting companies simply can't do that. But Apple can.

Apple, because of its own business model, has no need to persist our data, our behavior, and our relationships on its servers. What's more, by virtue of the company's belief in privacy and security, it wants no part of our data. Instead, it collects no data if it doesn't absolutely have to, collects the minimum amount of data possible when it does have to, anonymizes and does not associate that data with any user accounts unless it absolutely has to, encrypts the data end-to-end during any and all transmissions of that data, and then keeps the data only as long as it absolutely has to.

Take features like Siri and Faces (in Photos) sync. For years, Apple stuck to on-device data because, by definition, it is more private and secure. But it's not more convenient, especially when you have to retrain Siri or re-identify photos every time you switch devices. So, now, Apple is doing secure, private sync between devices.

It's different than typical sync where the single truth lives on the server and all your devices sync to that truth. That leaves the truth exposed and vulnerable on the server. Apple's implementation encrypts the data end to end and then moves transist it via a secure version of CloudKit, the infrastructure behind iCloud.

Apple doesn't store anything and doesn't even "see" anything aside from the encrypted blobs going through the system. Only devices you've set up with your Apple ID have the keys to decrypt and make use of the data.

The services that Apple offers are also in silos, so data — and potentially identifying patterns — can't pass between them. It's part of what lets Apple scale technologies like differential privacy from detecting trends in the QuickType keyboard to detecting trends in bad websites on Safari and data types in Health.

Best of all, by continuing to publish privacy and security policies and white papers, and rolling out technologies like differential privacy, which is continues to improve with better algorithms and implementations, and neural networks for Face ID, Apple invites scrutiny. The more people examine, probe, push back, and find bugs, the more Apple has to live up to and improve. Standards are meaningless of you're not continually held up to them.

The downside of privacy-first

Everything comes at a price. Historically, it's taken Apple longer to implement secure, private versions of popular services like assistant or photo sync, and the company has yet to implement all the services Google and even Facebook offer "for free".

(I put "for free" in quotes because we actually pay for them in data, which is incredibly expensive. It's so valuable, big internet companies spend billions of dollars to harvest it and, instead of paying us for it, convince us they're doing us a favor by letting us give it to them for their services.)

Critics have said Apple's policies on privacy and security keep means the company will never catch up to its rivals. Of course, critics said the same thing about artificial intelligence, then Apple debuted A11 Bionic, silicon three years in the making.

The point is valid, though: Apple is deliberately sacrificing expediency for privacy. From Apple's point of view, privacy is inextricably linked to making the product great. And the company will take time to make what it believes are great products. That frustrates some but it comforts others.

If you do choose to use Google or Facebook, Apple still tries to help you maintain as much privacy as possible. For years, it's been providing tools that limit or prevent certain types of online tracking. This year, as part of iOS 12 and macOS Mojave, Apple has given Safari the ability to block social networking buttons and comment forms, which are used to track you across the web, and made "fingerprinting", which tries to identify the unique characteristics of your computer set up, much, much more difficult.

It's also expanded the iOS permission requesters and protectors to macOS, so apps and services have to ask you before they can use your camera or microphone, access your files or message databases.

There are still concerns around the third-party analytics some apps use, and what's done with that data, and I'd love to see the App Store permissions system expanded to include "Can we collect analytics data?" as well.

Choice

I still use Google for work and Facebook for real-life friends and relatives but I lock them down as much as possible. For all my personal stuff, though, I use Apple. I may be missing out on some features and conveniences, but it's currently worth it to me.

As someone who covers consumer technology, I'm glad there is that choice. As a consumer, I'm glad I have that choice.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

18 Comments
  • Exactly. Well written. Haven’t used anything by google since 2011. Don’t use social media. Now, here come the google/android/Apple-hating trolls....
  • This is well-written. Of course all of these companies track you anyway regardless of whether you "use" their services. Every time you visit a web page with google analytics or a facebook "like" button, it basically phones home to the mother ship for logging purposes. Do you really feel the need for Sundar Pichai and Mark Zuckerberg (and the folks at other internet companies like Twitter, Amazon, etc.) to track all of your web browsing? Probably not. Facebook and other advertising-based internet companies also use sneaky tricks like asking you for your phone number for two-factor authentication or account recovery, then using it to link you, to any business you've ever given your phone number to (usually required for credit card verification or for shipping/delivery notification.) If you or anyone you know uploads a contact list, they harvest the email and phone number information from that as well. So all of these businesses and purchases get linked to your facebook profile, web browsing history, and any other information they have collected. Amazon already has your number if you're a customer, and Amazon ads link it to your web browsing. The practice of collecting personal information for one purpose and using it for another (usually undesired) purpose without your explicit request and approval is deceptive and violates privacy – that's why it's forbidden by the ACM Code of Ethics (see section 1.6, https://www.acm.org/code-of-ethics .) Presumably a number of employees at these companies are members of the ACM and are ostensibly required to abide by this code, but even those who aren't would do well to follow such a code of professional ethics. Unfortunately this type of systematic privacy violation and unethical behavior seems to be standard business practice at Google, Facebook, etc..
  • Rene, do you use Amazon? They also track you via Amazon ads and Alexa analytics. Does Jeff Bezos really need to know your web browsing history (not to mention everything you say in your living room?) just so they can sell you more stuff with free Prime shipping?
  • *(free with $99 prime membership and collection of your information for advertising purposes)
  • It is not the collection of data that is the issue per say. it is how the data is being collected; without informed user permission and not being told what it they are using the data for that is the main issue. If I do not want my information collected I should have that option. I also think there are other ways to prevent the abuse of data. As the article states it is not only tech companies that collect you data. basically everyone does. Banks telephone companies, utilities providers, governments, stores, online ads and websites, everyone and everything does. Better laws and policies to protect our data need to be implemented. You must never forget that companies are only out for themselves. They will say whatever they think you want to hear even if they lie or not tell the whole truth whatever benefits them. European policies such as GDPR and The right to be forgotten are great stepping stones but we need to go much further. Right now there are no protections for consumers in the US and until that changes I do not see how this gets any better.
  • The US is behind Europe in so many ways it's embarrassing, I can't see much being done about privacy in the US to be completely honest.
  • Lol. Your sly insinuations at what Google does or does not do (all the while conveniently forgetting that Apple hypocritically extorts concessions from Google to be their default search engine) is getting old at this point Rene but I don't expect anything less from Apple's #1 Cheerleader.
  • Apple is still ahead of Google in privacy, whichever way you look at it
  • And like the faithful Apple hound you are Danny you immediately come to Apple/Rene's defense. Come on. Apple being ahead of whoever is irrelevant. You don't see Apple's (and by extension Rene's) hypocrisy in making insinuations at Google all while Apple is happy to extort 9 billion in consessions from them?
  • It’s not really irrelevant when that’s the main issue. Other companies have a lot to learn from Apple when it comes to privacy.
  • It's irrelevant and deflection. Answer my question: You don't see Apple's (and by extension Rene's) hypocrisy in making insinuations at Google all while Apple is happy to extort 9 billion in consessions from them?
  • useless to even try Narthalus. He's so far up Rene's and apple's *** that he licks Tim Cooks tonsils!
  • Nope, I just recognise Apple is doing more to protect user's privacy, and as I've already said, they still have much more to do.
  • poooof ala-kazaam. The lemming believes everything apple says. Reality distortion field in full effect! Don't get me wrong, I love my iPhone and ipad better than anything you can get from an android based device, but I am not dumb enough to fall for apple's stance on their so called privacy views. They are just as corrupt as the rest. Its just the dummies like you believe them, where as people who are not complete lemmings know otherwise.
  • Saying they are "just as" corrupt is crazy, there are different levels of corruption, e.g. like countries have different levels of corruption (https://wikipedia.org/wiki/Corruption_Perceptions_Index)
  • Yes and no. Running AOSP on a device w/o Google services is arguably more private than iOS, mainly because you can verify the source. iOS has Spybook baked into the settings. I can also run a local VPN/adblock on my Android device that redirects all of Spybook's domains to 0.0.0.0 so there's no tacking or reporting by an app to a Spybook server. iOS doesn't let me do that from what I've seen, but please correct me if wrong (most of the iOS whole device adblockers I've seen don't allow me to add domains). I can also block apps from going online at all on Android, iOS doesn't allow that. These are 3rd party apps that let Android do this, but still, that's arguably more private than iOS. Also with Bouncer, I can have permissions revoked once I exit the app. That's more private. iOS's privacy claims aren't 100% verifyable as I can't validate that the Spybook link in the settings isn't setting a UUID that an app can link to for Spybook data collection.
  • "iOS has Spybook baked into the settings." It's funny how many times I've read this and I hadn't even realised that it's not even in Settings anymore. It was removed in iOS 11. "I can also run a local VPN/adblock on my Android device that redirects all of Spybook's domains to 0.0.0.0" You can redirect all traffic through a VPN, I don't think you can create a local VPN (unless you mean on your local network hosted via another device), there are various VPN services which allow you to block domains or IPs. "I can also block apps from going online at all on Android, iOS doesn't allow that" Ok I agree, you can't block apps from going online. You can block them from using mobile data, which if you don't have Wi-Fi enabled, would prevent them going online, but that's not the best solution. I don't personally have too much of a problem of apps going online so long as I'm wary of what's being sent, which iOS handles mostly. "Also with Bouncer, I can have permissions revoked once I exit the app" Most of the iOS permissions are revoked when the app is in the background. If not, iOS flashes a bar at the top of the screen telling you it's doing something like using location. Ultimately iOS isn't open-source, which will never be as transparent as open-source software, but you can still do things like monitor network requests, and if you were really curious, you could Jailbreak to have an even better idea of what's going on behind the scenes.
  • Well, yes, not open source but transparency. An app (open source or not) will be transparent if designed to be and will be as opaque as you can make it if that's what the developer wants. Poor regular users will have no clue one way or another. If a system can only be ensured to be private and secure by expert users then it is not a secure system at all.
    My issue is with Android. When you call their APIs through any app (and all apps have to at some point) they (Google) will do whatever the **** they want with the information you send through that API. Fb has been taking advantage of that in the past and cannot be trusted not to do it again.
    iOS seems better in that regard, it has a better track record, but seems is the only word we can use indeed. This comes down to trust. Google doesn't have a good record and their best interest-mining my data-goes against mine - protecting it. I trust Apple more for now but mind you not 100% either.