What about Apple and Google Search? What about Apple and China? What about Apple and cross platform services? What about Apple and App Store app abuses? What about… you get the idea.
And that's fine. That's great. That's exactly what I want. I said from the beginning that all of this, all the columns I've done on privacy and security, were meant to be parts of the conversation.
So, let's converse.
Should Apple keep Google as its default search engine?
If Apple is all about privacy, then why is Google still the default search engine in Safari for macOS and iOS? Why not a service that respects search privacy, like DuckDuckGo. Apple might tell you it's because Google gives the best results and, ultimately, that's the tradeoff that matters to most of their users. Others will point to Google paying Apple, according to some reports, high single-dight, approaching low-double digit, billions-with-a-b dollars for default search engine placement.
And, yeah, this one resonates. Apple does a lot to intermediate Google, including sending searches through Spotlight and Siri, where Google only gets Apple's data, not yours. But, if you type something into Safari, that's all you, naked on the internet. And so, if Apple really wants to completely lock down privacy on iOS and macOS, they'll need to plug that default leak in Safari one way or another.
As much as it's tempting to just say Apple should default to DuckDuckGo instead, Google, warts and harvesting and biases and all, really does still provide the best results.
So, my preference would be for this: The first time you launch Safari on a new Mac, iPhone, or iPad, it asks you what you want to use as your default search engine, with a randomized list of choices including Google, DuckDuckGo, and Bing.
Then, people who care about privacy can choose DuckDuckGo and keep their personal search data personal. And people who don't care, or simply find the data-for-services deal worth it, can choose Google and just… Google away.
Should Apple store Chinese iCloud data on Chinese servers?
Apple also gets dinged for its willingness to follow Chinese law and host Chinese customer data in China on Chinese-owned servers. I've done a column on this already, but too long didn't read: China has a long history of civil and human rights violations, and localizing data could allow it to be used against locals.
But, part of the pushback also smacks of ethnocentrism. Many governments and citizens of other countries feel just as concerned about their data being stored in the U.S. and potentially subject to Snowden-style abuse by agencies and entities in the U.S.
I'm by no means false-ing any equivalencies here — there is absolutely no comparison between the two governments and their track records. It's critical, however,l to understand that China doesn't trust U.S. tech companies with its citizens data any more than the U.S. trusts Huawei with American data, and we've all seen how that's been playing out recently.
For Apple's part, the company insists that while the data has been moved to China in keeping with Chinese law, it's still encrypted and subject to the same privacy policies and key-storage protocols as data stored in the U.S.
And that means, at least for now, Chinese customers still get to enjoy the benefits of backup and recovery for all their apps and media and the photos and videos of their kids and family, rather than being abandoned by Apple and left without that service.
It's a tight rope walk and one without a net, absolutely, so if and when the Chinese government does anything to violate that data, we'll have to see how Apple handles it.
Should Apple completely lock down iCloud backups?
Apple is 100% security first when it comes to real-time data. Everything you send from one iOS device to another, or from an iOS device to iCloud, is end-to-end encrypted, and not accessible to anyone but you and the person you're sending it to. That's fail secure.
But, Apple has been criticized over how it handles backups. Those aren't encrypted, at least not in a way that absolutely keeps everyone out forever and always. If something goes wrong, Apple can help you recover that data. That's because it's fail safe.
I've written a column explaining the differences between fail secure vs. fail safe before as well. Link in the description. Basically, for some people, having their nudie pics and sexts leak is the worst possible thing that can happen. For others, having their family photos and tax info lost is the worst thing that can happen.
Apple originally erred on the side of security but people who lost data got upset. Now they're more in the middle, and privacy and security advocates are upset. There are rumors Apple has considered adding encryption to backups, which would increase security but also increase loss again.
My personal preference for backups would be fail safe by default but fail secure as an option for people who care enough to go in and set it. That adds significant architectural complexity, but ultimately I think it's the best solution for everyone, in every geography, going forward.
Should Apple offer privacy-first services for Android and Windows?
There have been some suggestions that Apple should, for example, make iMessage and FaceTime for Windows and Android because encrypted communications for everyone is the moral, ethical thing to do.
Adding hundreds of millions, if not potentially billions of new users to Apple's iMessage servers would be the dictionary definition of non-trivial. That's especially true for Apple, which has been knocked for both its services and its cross-platform apps for over a decade.
Viable business model not withstanding — because this would be for the moral imperative, right? — I'm also not sure that singling Apple — and making them a target — out is best for any of us.
Better for everyone would be to apply loud, consistent pressure to every major messaging network until they all enable end-to-end encryption by default.
That said, if Apple could figure out a viable business model, or if iMessage and FaceTime becomes more valuable as services than incentives, I'd hope Apple would flip that cross-platform switch before it's too late. See: BlackBerry, Messenger.
Should Apple ban Google and Facebook from iOS?
An equal but opposite argument has been made that, rather than crossing platforms, Apple should shut them out. In other words, Apple should ban Facebook and Google from the App Store so that those companies can no longer use iOS as a platform to harvest and exploit user data from iPhone and iPad owners.
Unless Apple black lists the Facebook and Google domains at the root level of the iOS internet stack, people who want those services on iPhone or iPad could use Safari or a third-party browser wrapper to use them. That's how people are used to accessing those services on the desktop anyway.
Beyond that, Apple already faces a lot of scrutiny when it comes to what the App Store policies are and how they enforce them — or fail to enforce them.
Preventing people from downloading any app that supports any business that harvests user data, including Facebook — which includes WhatsApp and Instagram — Google — including YouTube, Waze, and Gmail — Uber, Amazon, Twitter, and many of the most popular apps ever made, could not only make the App Store inhospitable or even downright user-hostile, but it could open Apple up to anti-trust investigations — remember the great Google Voice pocket veto scandal of ought nine?
Apple, as a company, also has a consistent policy of staying as engaged as possible with problematic entities an areas because that's how Apple thinks it can best influence, advocate, and push for change.
It would be far better for everyone, especially long term, if Apple's commitment to encrypted messaging and privacy results in a truly private Google and Facebook messenger, and more responsible Google and Facebook apps.
What about Apple and Google Search? What about Apple and China? What about Apple and cross platform services? What about Apple and App Store app abuses?
Those aren't just valid questions. They're important ones. They're the kinds of questions that, when any company champions privacy, have to be asked for that company to become more than just a champion, but an example — an agent for change.