How iOS 15 escalates the privacy war of Facebook vs. Apple
If Mark Facebook thought Tim Apple enforcing Privacy Labels and App Tracking Transparency in iOS 14 was terri-bad… wait 'till he gets a load of App Privacy Reports and Private Relay in iOS 15, because, well…
Previously on Facebook vs. Apple
It's been interesting-as-in-terrifying to watch the ongoing feud between Mark Zuckerberg, who wants to inflict pain on Apple, and Tim Cook, who wants Facebook to delete our data, to… privacy is a human right vs. free as in data. And I'm working on another video right now about how Facebook intends to use the metaverse, the upcoming extranet of VR, AR, and IRL to just… FTL jump around all of Apple's user protections if they can. Especially now that we've finally started getting informed consent on our iPhones, and so many of us are opting to withhold that consent. Hard. Opting out of being tracked in the digital world, finding it pretty much as creepy as being tracked in the physical world. And apparently driving a lot of the most data-thirsty ad spend to Android instead. At least for now.
iOS 15 privacy escalation
When it comes to App Privacy labels in iOS 14, though, they really only show us what the company behind the apps and services say they're accessing. With some level of scrutiny, sure, but also with a ton of opportunity for obfuscation as well. We're basically filing their paperwork and taking them at their word.
With iOS 15, though, we're getting App Privacy Reports. Its a new section in Settings that lets us examine how often apps actually access the various features of our iPhones, and not just things like camera, mic, location, photos, or contacts, but… yes… that… but also which third-party domains they're contacting and how recently. So we're not just accepting their paperwork anymore; we're checking their damn receipts.
Likewise, App Tracking transparency really only gave us control over our digital location on-device. It let us, and not some giant social search internet company, decide whether or not our activity and behavior could be tracked all over our phones and across the web. Whether… Facebook could follow us out of Instagram, into our dating or fertility journal app, over to our local church site, favorite fringe adult site, online games, or baby shopping site.
But, by itself, App Tracking transparency doesn't cover everything. Specifically, it only covers third-party tracking, not first-party. So Facebook can and still does track us freely and fully across their own massively popular apps and sites, including Facebook proper and WhatsApp, and Instagram. But outside the honor system — basically, their choosing to respect our wishes — there's just no real way to force them not to track us across the web anyway, not when so many sites integrating their web and social services, so they can still get their shadow profilers on.
Right now, anyone and everyone from our internet service provider that sends us out onto the web, to the sites we land on, to the data harvesters face-huggered onto them, can see our IP address, the address of the devices we're using to access the internet, and know it's us.
And then build and refine those shadow profiles of us, whether we use Facebook or not. From our IP address to our email address, even physical address, just by linking the logins we use, the newsletters we subscribe to, the physical address we provide for deliveries, even deals they make with real-world data brokers to get our credit card transactions. They get to know us so well we start the think the only way they could possibly know us that well is if they're spying on us through our microphones and cameras. But that's the reason they don't have to. Shadow profiles are just far less conspicuous and far more power-efficient ways of harvesting our behavior.
And this is what Private Relay is going to address. Now, I already did an in-depth explainer on Private Relay and how the technology works, but the gist is this — Apple encrypts all the internet requests leaving our devices, so even our ISP can't see where we're going on the web, then replaces our real IP address with a random one, and passes our encrypted request on to a third-party relay. That third-party relay only gets the random IP address, so it doesn't know who we are, decrypts the request, and sends it off to the internet, so the website we land on doesn't know who we are either. And the data harvesting face-huggers attached to them can't link the random IP addresses back to us or link any of our other activities, email or physical addresses, or real-world transactions. Because random.
In other words, our ISP and Apple know who we are but not where we're going on the web, and the web, including Facebook, knows where we go but not who we are. Not any more.
Bye bye, honor system. Hello, firewall.
Battles and wars
Now, of course, if we go to Facebook and log in or YouTube or Gmail or any other website where we have an account, we'll be telling them who we are anyway. Just like if we go into a real-world store and buy a mocha mint salted s'mores no cap cap coffechino, the barista will know it's us buying it. But if we… EatsDashMates Run, Barry, Run it, the barista won't be able to get in the car with the driver, come to our homes along with it, and hang out in our bathroom and bedrooms for the rest of the night.
The difference is, now the choice is ours. Not theirs. We're giving it, not having it taken. And yes, for sure, Facebook will have another tantrum, take out more full-page ads in the papers they've tried to put out of the ad business, secretly send more lobbyists to claim Apple is abusing a monopoly by trying to protect Apple users from abuse. Instead of just taking a moment, a single moment, to stop and think different — to think that maybe they're not entitled to our more private data by divine right, and they need to figure out more honest, more equitable relationships with us. In other words, a better deal for all of us.
Get the best of iMore in your inbox, every day!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.
Well said, thank you!
Private Relay sounds suspiciously like a Proxy Server. These are not new. But who/what is this “third party”? Who is running that? If the “third party” is decrypting the traffic that Apple encrypted, what’s to stop the Facebooks of the world from also decrypting it? Also, I can’t imagine all traffic from every iOS device on the planet going thru the same “web site”, in order to get to the actual destination. This would be like routing all automobile traffic in the U.S. thru Billings, Montana. Lots of questions come to mind with this. Lots of answers needed.