Apple seems to be investing heavily in security and privacy, but I'm curious to see if they can actually convince the average consumer to care (and/or buy into their security narrative, depending on your level of cynicism). So far, the convenience and features offered by their competition (at the expense of user privacy) seem to be a stronger draw.
I figure either (A) they're trying to carve out a niche of hardcore consumers who do care, or (B) they're trying to play a long game, hoping that broad sentiment shifts towards valuing electronic privacy. If it's the former case, I think they're doing fine; these kinds of whitepapers will reach most of those who care, and periodic news articles ("Terrorist iPhone unable to be unlocked!") will reach the rest.
If it's the latter, I think it's a pretty big risk given the scale of their re-education task (the pool of users willing to sacrifice personal privacy for other benefits, i.e. Google and Facebook's bread and butter) and the potential pushback they'll receive/have been receiving from governmental sources.
What does HN think? Is this a viable business differentiator for them, long term? Or will they have to shift to the 'dark side' of personalized data and services to remain competitive in the future?
"What does HN think? Is this a viable business differentiator for them, long term? Or will they have to shift to the 'dark side' of personalized data and services to remain competitive in the future?"
Honestly, I cant possibly trust Apple to always do the right thing. A corner stone of digital privacy and security is being in control of your systems and data which Apple takes away from its customers. When I buy and use Apple products - I have to have faith in Apple to do nothing wrong with my data or send me a malicious update that compromises my system. It is all closed source and you only get occasional white papers explaining technology in abstract terms about their intentions. There is no independent person(s) that can vouch for Apple's integrity in building the systems the way they claim so.
That said, based on current status quo, I'd rather warily trust Apple with some of my personal data like GPS location, browsing history, Notes etc than Google or Facebook given the latter have a business motive to sell me out.
So when my friends or relatives ask me what phone/computer I think they should buy, I opinionatedly recommend iPhone + GnuLinux for the tech savvy and iPhone and Mac for the non tech savvy. I also give them a mini 5 minute lecture about
* Not allowing Location access to all the apps they download - Why would a calculator app need your location "Even while not using the app"?,
* Paying for their email service - I use Fastmail. ,
* Enabling tracking prevention in their browser to prevent tracking cookies,
* Using separate browser for FaceBook, Amazon and others while using FireFox only for personal/sensitive browsing needs.
They own the enterprise market for phone and tablet, despite being one of the most obnoxious vendors to deal with. Big enterprises that found that unacceptable (like NYPD, who went all in with Microsoft), came crawling back.
They own the universe of mobile users who actually spend money on mobile.
I think they’ve established that they can virtually print money without the intrusive and risky data gathering that their competitors engage in. Fundamentally, they operate an honest business — you give them cash, they give you stuff.
Everyone I know who works on the iPhone, iOS or related products cares deeply about privacy. They aren’t just making your phone. They’re making their own.
It worked on me (It was a leading reason for going back to an iPhone after switching to android. The others being customer service and iMessage). And I think it will be an increasingly powerful differentiator as time goes on.
They don't need to do the reeducation. Ask yourself, will there be more security breaches / issues in the future or less? Will there be more issues with governments and companies taking advantage of private users data or less? Will there be more demands for your data in the future (health, context, emotional signals) or less? I think the answers there are pretty obvious, and owning the "we care about our users, their privacy and security" frame is going to be an increasingly powerful one.
There are some short term wins of course, especially as they can use this to paint their competitors’ business model and strengths as a negative. But I think this approach will pay additional dividends when they move deeper into healthcare and more computers make the move onto and then into our bodies.
I think Apple employs engineers and leadership who care about privacy and security and are willing to marshall the resources to bring that about. I doubt too many customers really truly care.
Somehow I don’t really like the framing of this question. It simply takes an economic lens and misses the nuances that agency and morality bring to the table.
As the richest organization in the world I would argue that Apple is uniquely positioned to act and further their own goals and agenda – especially long term. If they felt that privacy was a cause to fight for... who could really imagine what could be done with those deep pockets? However, you will never get there if you employ a purely economic lens. Economics is a mostly value-free toolset you need to fill with assumptions to get any results.
For what it’s worth I see a stronger path in shaping/making the future than speculating about the infinite possible alternatives that are out there. So I would rephrase the question to something like:
Is security/privacy a worthwhile goal for Apple to pursue – not only economically but in general?
This question is imho a lot more tractable and you can get somewhere with it. For example, the current market climate and possible re-education cost you mention are really important aspects to consider – but they are not the only ones... people are not just pawns but capable of reasoning => we are interested in what SHOULD happen.
> Apple seems to be investing heavily in security and privacy
I would say on the surface. The latest bugs that allowed you to login as root with an empty passwords could have been avoided with more testing (I would assume).
I think people increasingly do care, and will care more and more.
Some points:
* The revelations of Snowden and all the many hack attacks in the news have impacted the average Joe
* Many security experts expect more downfalls in the short future. For instance, cyberwarfare has relatively just begun.
* As example, in Germany, people are much more conscious about privacy.
* And think now about people who want to secure their crypto assets investments.
All in all, I think Apple is betting properly on security and it will have an economical reward.
I know a number of non-tech people that tell me they use iPhones because they believe they are more secure, and they think Apple is better with privacy issues.
>Apple seems to be investing heavily in security and privacy, but I'm curious to see if they can actually convince the average consumer to care (and/or buy into their security narrative, depending on your level of cynicism). So far, the convenience and features offered by their competition (at the expense of user privacy) seem to be a stronger draw.
I'd hazard a guess and say they're doing this for reason A. It definitely sets them apart from Google though, as it's Google's bread and butter to collect data on users in order to sell ads. Apple doesn't have a horse in that race, so it's a win/win.
I guess my cynicism level is the issue :I don't trust Apple a whole lot than, let's say Google.
Their servers are still operating in the US, they don't have a stellar history of protecting their consumer's privacy (for example not so long ago people realized that their iPhones were sending location data to Apple.
Apple's stance on privacy seems more motivated by PR than a genuine core value of the company.
One of the ways to view Apple is through the lens of the field of luxury marketing - because the iPhone is a luxury good, a status symbol, and very successful one at that.
One of the major techniques in this field is that in order to create a luxury good, you need to tell a story about a genius creator, creating something that nobody else can create, with unique methods only his company possess.
So when the iPhone was new, this story was partially true(yes the iPhone was really unique. but no Steve Jobs didn't create it with it's bare hands). but once competitors created high quality products with great design, Apple needed new stories.
So there the unique manufacturing method for the metal body, and the glass. And their processor which was really the best(but did the users really use that? ). And now we have privacy.
And marketing wise, the iPhone still remains a status symbol. So what they're doing is working. And i wouldn't bet against them.
As for them needing personalized data and services in the future ? Well they've got Google's apps for that(a good deal for Google too). And that way users can have their privacy cake, and eat it too.
The irony is that Apple's offering is not at all compelling to anyone who actually understands anything about security and privacy. Yes, Apple's security is strong with respect to outside threats, but at the cost of putting absolute blind trust in Apple. So your actual privacy is only as good as Apple's internal policies allow it to be, and those are not only completely opaque, but Apple is under no obligation whatsoever to maintain those policies in the future. Apple could be selling your data to the Chinese on the side, and there would be no way for you to know. And even if they're not doing it today, they could decide to do it tomorrow. At that point, even if you somehow found out, you'd be very hard-pressed to do anything about it.
[UPDATE] This comment is getting a lot more attention that I expected it to. I've watched the point count on it go as high as 20 and as low as 0, with several cycles between 0 and 10 and back, so a lot of people are voting on it. So let me say a few additional things.
First, I concede that the way I phrased my position was inartful. I apologize for that.
Second, Apple is probably the best solution on the market in terms of security and privacy. My complaint is not about them per se, it's really about the state of the market. My choices are either to hand my data over to Google or Microsoft, or to hand over my control of what I can and cannot run on my system to Apple. Neither of those is a satisfactory option IMHO.
I hope Apple will begin to spin privacy and security as part of their "premium lifestyle". Because if privacy and security will be associated with premiumness, other companies will have an incentive to implement similar measures in their products. People will actually care about their digital privacy for the first time! (though not because of the benefits of privacy, but to show off to others that they can afford a premium product with privacy)
Sort of like how companies suddenly started caring about their mobile phones' package design after the iPhone was released with its sleek packaging.
Hopefully this doesn't backfire though: by associating privacy with a "premium lifestyle", it by definition stops becoming something accessible to everyone and instead something you must pay for.
Apple security is confusing. For example, Find My Mac does not require 2FA even when 2FA is enabled. An attacker can remotely wipe your MacBook with just your iCloud password.
Another example: apparently there is a distinction between "two-factor authentication" and "two-step authentication", the later being a deprecated, but active system. Reading the docs for the older system, you'll soon discover differences in things such as account access and recovery that lead to an entirely different set of consequences and caveats for security. You'll find out that in certain scenarios you could permanently lose access to your iCloud account and iTunes purchases under "two-step authentication*, but not the newer "two-factor authentication". If a user confused the two while reading the Apple online support pages, it could have grave consequences.
Security is something that needs to be documented and marketed in clear terms. Why Apple would adopt names so similar for two distinct implementations of a security mechanism that they could arbitrarily describe either is incoherent with Apple's supposed model of user friendliness. It's what Microsoft does with its products, not Apple. Additionally, all facets of a security feature should be documented, and documented well. It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well.
> An attacker can remotely wipe your MacBook with just your iCloud password.
This is not a security/privacy issue–none of your information is leaked.
> It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well.
Should every password field have a disclaimer that says it can be "bypassed" by someone who knows your password?
I certainly appreciate this effort, whatever their long term intention or strategy is with this in a commercial way (or not), it’s in line with what I expect when it comes to my privacy and security.
Some of the google/Android “features” and what they do with your data, make old school keyloggers look like a joke.
"The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using a shared key provisioned for each Touch ID sensor and its corresponding Secure Enclave at the factory."
> "at the factory"
I suppose the secret key is erased at the factory, however, what if it isn't? Or, is the secret key generated on-chip via a random number generator? If it were stored at the factory somewhere then it would be possible to link it to each iPhone. I'm not familiar with cryptography, so I think it's just a misunderstanding on my part, and I'm not sure if this would be a weakness in the Touch ID sensor.
iCloud Keychain may be surprising for some folks. For example, it can be restored from an iCloud backup only to the same machine. Also, you have no ability to recover your iCloud keychain from your own time machine backups.
The reasons, as the document outlines, are for added security. But, having recently wiped my iCloud keychain by resetting Safari's privacy settings and inadvertently loosing all my passwords, I was surprised to discover that I couldn't restore my passwords from my own backups. The upside is a compromised iCloud password doesn't also leak all the keychain passwords.
> "The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using a shared key provisioned for each Touch ID sensor and its corresponding Secure Enclave at the factory."
If I understand this correctly, IF they're using Diffie Hellman key exchange to generate the shared session key for every chip, doesn't this mean Apple also owns the session key for every single iDevice out there and can crack into them if they wanted to?
Does this mean the "security" only protects users from men-in-the-middle, but not from Apple (or NSA if they come after them)?
Regarding iCloud accounts, Apple seems to be forcing the usage of phone numbers for 2FA and account recovery without an option to disable it. I switched from an Android device to an iPhone recently and was asked to setup an iCloud account. I went through the setup process and realized that my phone number was setup as a 2nd factor with no option to disable it [0]. For all the talk about Apple devices being the most secure, not many people seem to be complaining about how Apple forces a phone number as a 2nd factor + account recovery method. Most people backup very personal data to their iCloud accounts and forcing users to use a phone number for 2FA and account recovery is ridiculous. IMO Google gets 2FA right : I can setup a Yubikey + Authenticator + backup codes and remove my phone number as a 2FA method. And I also realized that there's no way to delete an iCloud account. I assumed all the big companies will have an option to delete accounts. I hope there's a law mandating all online accounts need to have a clearly defined lifecycle with an option to delete accounts and personal data if users want to.
(First time using an Apple device, so I might be misunderstanding the 2FA situation, correct me if I'm wrong.)
Is this chain-of-trust implementation the reason my backlit-keyboard on my macbook pro won't light up whilst asking me for my password on coldboot? It's a giant pain in the rear to get up and flip on a light when you're in bed programming at night... ( sigh )
This looks like a great example of insecurity through security.
Given that Apple is not trustworthy and you need to be able to change and/or inspect a device to have a chance at security, this is a solid strike for a human-thought-free insecure world.
[+] [-] gervase|8 years ago|reply
I figure either (A) they're trying to carve out a niche of hardcore consumers who do care, or (B) they're trying to play a long game, hoping that broad sentiment shifts towards valuing electronic privacy. If it's the former case, I think they're doing fine; these kinds of whitepapers will reach most of those who care, and periodic news articles ("Terrorist iPhone unable to be unlocked!") will reach the rest.
If it's the latter, I think it's a pretty big risk given the scale of their re-education task (the pool of users willing to sacrifice personal privacy for other benefits, i.e. Google and Facebook's bread and butter) and the potential pushback they'll receive/have been receiving from governmental sources.
What does HN think? Is this a viable business differentiator for them, long term? Or will they have to shift to the 'dark side' of personalized data and services to remain competitive in the future?
[+] [-] reacharavindh|8 years ago|reply
Honestly, I cant possibly trust Apple to always do the right thing. A corner stone of digital privacy and security is being in control of your systems and data which Apple takes away from its customers. When I buy and use Apple products - I have to have faith in Apple to do nothing wrong with my data or send me a malicious update that compromises my system. It is all closed source and you only get occasional white papers explaining technology in abstract terms about their intentions. There is no independent person(s) that can vouch for Apple's integrity in building the systems the way they claim so.
That said, based on current status quo, I'd rather warily trust Apple with some of my personal data like GPS location, browsing history, Notes etc than Google or Facebook given the latter have a business motive to sell me out.
So when my friends or relatives ask me what phone/computer I think they should buy, I opinionatedly recommend iPhone + GnuLinux for the tech savvy and iPhone and Mac for the non tech savvy. I also give them a mini 5 minute lecture about
* Not allowing Location access to all the apps they download - Why would a calculator app need your location "Even while not using the app"?,
* Paying for their email service - I use Fastmail. ,
* Enabling tracking prevention in their browser to prevent tracking cookies,
* Using separate browser for FaceBook, Amazon and others while using FireFox only for personal/sensitive browsing needs.
[+] [-] Spooky23|8 years ago|reply
They own the universe of mobile users who actually spend money on mobile.
I think they’ve established that they can virtually print money without the intrusive and risky data gathering that their competitors engage in. Fundamentally, they operate an honest business — you give them cash, they give you stuff.
[+] [-] JumpCrisscross|8 years ago|reply
[+] [-] jsloss|8 years ago|reply
They don't need to do the reeducation. Ask yourself, will there be more security breaches / issues in the future or less? Will there be more issues with governments and companies taking advantage of private users data or less? Will there be more demands for your data in the future (health, context, emotional signals) or less? I think the answers there are pretty obvious, and owning the "we care about our users, their privacy and security" frame is going to be an increasingly powerful one.
[+] [-] sunflowerfly|8 years ago|reply
[+] [-] avdempsey|8 years ago|reply
[+] [-] hemancuso|8 years ago|reply
[+] [-] ace_of_spades|8 years ago|reply
As the richest organization in the world I would argue that Apple is uniquely positioned to act and further their own goals and agenda – especially long term. If they felt that privacy was a cause to fight for... who could really imagine what could be done with those deep pockets? However, you will never get there if you employ a purely economic lens. Economics is a mostly value-free toolset you need to fill with assumptions to get any results.
For what it’s worth I see a stronger path in shaping/making the future than speculating about the infinite possible alternatives that are out there. So I would rephrase the question to something like:
Is security/privacy a worthwhile goal for Apple to pursue – not only economically but in general?
This question is imho a lot more tractable and you can get somewhere with it. For example, the current market climate and possible re-education cost you mention are really important aspects to consider – but they are not the only ones... people are not just pawns but capable of reasoning => we are interested in what SHOULD happen.
[+] [-] nkkollaw|8 years ago|reply
I would say on the surface. The latest bugs that allowed you to login as root with an empty passwords could have been avoided with more testing (I would assume).
[+] [-] juanmirocks|8 years ago|reply
Some points:
* The revelations of Snowden and all the many hack attacks in the news have impacted the average Joe * Many security experts expect more downfalls in the short future. For instance, cyberwarfare has relatively just begun. * As example, in Germany, people are much more conscious about privacy. * And think now about people who want to secure their crypto assets investments.
All in all, I think Apple is betting properly on security and it will have an economical reward.
[+] [-] canes123456|8 years ago|reply
[+] [-] radicaldreamer|8 years ago|reply
[+] [-] Angostura|8 years ago|reply
I’m struggling a bit to think what this convenience and features might be. What sort of things were you thinking of?
[+] [-] jonahhorowitz|8 years ago|reply
[+] [-] m3kw9|8 years ago|reply
[+] [-] ksk|8 years ago|reply
How much money is Apple investing ?
[+] [-] skjerns|8 years ago|reply
But again I'm probably a hardcore consumer who cares.
I really hope that there will be a change in mentality. It's crazy what google keeps of you if you enable Google Now.
[+] [-] make3|8 years ago|reply
[+] [-] DSingularity|8 years ago|reply
[+] [-] I_am_tiberius|8 years ago|reply
[deleted]
[+] [-] horse_factory|8 years ago|reply
[+] [-] on_and_off|8 years ago|reply
Their servers are still operating in the US, they don't have a stellar history of protecting their consumer's privacy (for example not so long ago people realized that their iPhones were sending location data to Apple.
Apple's stance on privacy seems more motivated by PR than a genuine core value of the company.
[+] [-] petra|8 years ago|reply
One of the major techniques in this field is that in order to create a luxury good, you need to tell a story about a genius creator, creating something that nobody else can create, with unique methods only his company possess.
So when the iPhone was new, this story was partially true(yes the iPhone was really unique. but no Steve Jobs didn't create it with it's bare hands). but once competitors created high quality products with great design, Apple needed new stories.
So there the unique manufacturing method for the metal body, and the glass. And their processor which was really the best(but did the users really use that? ). And now we have privacy.
And marketing wise, the iPhone still remains a status symbol. So what they're doing is working. And i wouldn't bet against them.
As for them needing personalized data and services in the future ? Well they've got Google's apps for that(a good deal for Google too). And that way users can have their privacy cake, and eat it too.
[+] [-] lisper|8 years ago|reply
[UPDATE] This comment is getting a lot more attention that I expected it to. I've watched the point count on it go as high as 20 and as low as 0, with several cycles between 0 and 10 and back, so a lot of people are voting on it. So let me say a few additional things.
First, I concede that the way I phrased my position was inartful. I apologize for that.
Second, Apple is probably the best solution on the market in terms of security and privacy. My complaint is not about them per se, it's really about the state of the market. My choices are either to hand my data over to Google or Microsoft, or to hand over my control of what I can and cannot run on my system to Apple. Neither of those is a satisfactory option IMHO.
[+] [-] tzahola|8 years ago|reply
Sort of like how companies suddenly started caring about their mobile phones' package design after the iPhone was released with its sleek packaging.
[+] [-] saagarjha|8 years ago|reply
[+] [-] amckinlay|8 years ago|reply
Another example: apparently there is a distinction between "two-factor authentication" and "two-step authentication", the later being a deprecated, but active system. Reading the docs for the older system, you'll soon discover differences in things such as account access and recovery that lead to an entirely different set of consequences and caveats for security. You'll find out that in certain scenarios you could permanently lose access to your iCloud account and iTunes purchases under "two-step authentication*, but not the newer "two-factor authentication". If a user confused the two while reading the Apple online support pages, it could have grave consequences.
Security is something that needs to be documented and marketed in clear terms. Why Apple would adopt names so similar for two distinct implementations of a security mechanism that they could arbitrarily describe either is incoherent with Apple's supposed model of user friendliness. It's what Microsoft does with its products, not Apple. Additionally, all facets of a security feature should be documented, and documented well. It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well.
[+] [-] eridius|8 years ago|reply
This is intentional. Otherwise people who only have one device would be unable to wipe their device if it gets lost.
[+] [-] saagarjha|8 years ago|reply
This is not a security/privacy issue–none of your information is leaked.
> It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well.
Should every password field have a disclaimer that says it can be "bypassed" by someone who knows your password?
[+] [-] 5_minutes|8 years ago|reply
Some of the google/Android “features” and what they do with your data, make old school keyloggers look like a joke.
[+] [-] polygot|8 years ago|reply
> "at the factory"
I suppose the secret key is erased at the factory, however, what if it isn't? Or, is the secret key generated on-chip via a random number generator? If it were stored at the factory somewhere then it would be possible to link it to each iPhone. I'm not familiar with cryptography, so I think it's just a misunderstanding on my part, and I'm not sure if this would be a weakness in the Touch ID sensor.
[+] [-] samat|8 years ago|reply
I see that iCloud Keychain is still secure, but pretty much everything is fucked up, right?
[+] [-] miles|8 years ago|reply
[+] [-] josho|8 years ago|reply
The reasons, as the document outlines, are for added security. But, having recently wiped my iCloud keychain by resetting Safari's privacy settings and inadvertently loosing all my passwords, I was surprised to discover that I couldn't restore my passwords from my own backups. The upside is a compromised iCloud password doesn't also leak all the keychain passwords.
[+] [-] neom|8 years ago|reply
[+] [-] cocktailpeanuts|8 years ago|reply
If I understand this correctly, IF they're using Diffie Hellman key exchange to generate the shared session key for every chip, doesn't this mean Apple also owns the session key for every single iDevice out there and can crack into them if they wanted to?
Does this mean the "security" only protects users from men-in-the-middle, but not from Apple (or NSA if they come after them)?
[+] [-] ploggingdev|8 years ago|reply
(First time using an Apple device, so I might be misunderstanding the 2FA situation, correct me if I'm wrong.)
[0] https://support.apple.com/en-us/HT204915
[+] [-] walterbell|8 years ago|reply
[+] [-] mr_toad|8 years ago|reply
[+] [-] BillinghamJ|8 years ago|reply
[+] [-] mrblues|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] ghews|8 years ago|reply
[deleted]
[+] [-] jrcii|8 years ago|reply
[deleted]
[+] [-] TraceyMorgan|8 years ago|reply
[deleted]
[+] [-] zython|8 years ago|reply
[+] [-] yorby|8 years ago|reply
[+] [-] ConcernedCoder|8 years ago|reply
[+] [-] MikeGale|8 years ago|reply
Given that Apple is not trustworthy and you need to be able to change and/or inspect a device to have a chance at security, this is a solid strike for a human-thought-free insecure world.