I have to say, working at Apple and knowing all the hard work that goes into this and making sure your data stays private while also being able to combat this disease, it's very frustrating to read a lot of the comments here. I can understand why the public is skeptical, but I feel like as a society we've swung so far away from institutional trust that now nothing good can actually emerge. The anti-vax movement is a perfect example where the collective work of thousands of people over decades to save millions of lives just gets tossed aside because some celebrity 'feels' like there's a connection that isn't there, and in the process, the level of public harm becomes severe.
Note: All opinions (in this comment and all of mine on HN) are my own.
I think the notion of trusting any company over a certain size is crazy - I wish people would stop anthropomorphizing companies that way. Basically, I can trust specific people if I feel that I know their character, and by proxy I might trust a company that these people have significant control over. Once a company reaches a certain size, any power that individual employees wield will have been diluted to microscopic levels, and even founders' altruistic motivations tend to fade or get drowned out by the basic profit motives of an increasingly large group of shareholders. At that point, it's not a matter of trusting, it's at best a matter of recognizing if the strategic goals of the company aligns with my interests in specific ways. For example Apple has made a strategic choice to double down on privacy, because invading privacy is not core to their business the way it is to Google and Facebook, so this allows them to gain an edge over their rivals. Great, that's something. That doesn't mean I "trust" Apple the way I would a person - it's more akin to how I'd recognize when a wild animal doesn't view humans as prey, so I'm willing to get relatively close to them without protective equipment. I don't trust them in general, I don't expect them to care about me at all, but I trust them to follow their instinct, which is to not attack me unprovoked.
I've long felt like Apple is uniquely easy to distrust, due to its almost total lack of visible employees. I assume there are actual people working there, but I've never seen one, say, speak (openly) at a meetup or answer a stackoverflow question, or the like. ~Everything I know about Apple either comes from an advertisement or from a guy who talked to a guy who talked to Gruber, and I have a feeling that that makes it easier for people to assume nefarious behavior behind the scenes.
Actually, with the exception of people working on standards committees, I think your comment may be the first time I've ever seen an Apple employee openly comment in a public forum.
As an Australian who has privacy concerns their government's COVIDSafe app (see https://github.com/vteague/contactTracing), and hence not installing it, I'm really thankful that Apple and Google are pushing this model of contact tracing. We still don't know if digital contact tracing is effective in practice, but it's still important to try, but we can do this in a way that avoids giving governments with worrying authoritarian tendencies another tool.
As a lifelong public servant, welcome to the ungrateful side of life. If you're providing a service to the public with the hopes of their gratitude, you will be sad. Do it for the same reason you change your baby's diaper: you love them and it needs doing. They might take pleasure in pissing on you while you're doing it, but this thing you love will be better off afterward.
The anti-vax movement challenges science itself; the anti-Google/Apple movement challenges corporate-level ethics and human control over identity. You can independently reproduce experiments demonstrating the efficacy of medicine. You can’t reproduce the faith that you place in your own corporation.
As a former Apple employee, it's gutsy for you to post this, or anything, certainly on a controversial topic.
You don't work for the kind of employer that values someone sticking their head out and saying ... anything. They want to control the message, and saying anything may be worse for both you, and for Apple, than saying nothing.
Just be careful. Apple's got the people to manage this PR situation.
Yeah, there’s so little critical thinking going on in general.
I wish people really tried to understand rather than just give knee-jerk negative responses to go along with their existing world view.
A lot of people are trying to do the right thing and working hard to do good. The cynical HN default response just feels like a lazy way to try and signal intelligence.
> I feel like as a society we've swung so far away from institutional trust that now nothing good can actually emerge. The anti-vax movement is a perfect example where the collective work of thousands of people over decades to save millions of lives just gets tossed aside because some celebrity 'feels' like there's a connection that isn't there, and in the process, the level of public harm becomes severe
This is not an accident. A great deal of work has gone into destroying public trust and the capacity of institutions to make impartial decisions based on data. Partly from the profit motive, partly for destructive political purposes. And a lot of people in the tech industry and on here actively support the right to destroy that work by posting the most thoroughly debunked and dangerous lies on popular tech platforms - again for their own ideological purposes.
Release the source code and provide some mechanism for users to have verifiable proof that the published code matches the application running on the device and we can start talking about trust.
Given past track record of both companies, this is the only way I would ever have of not being skeptical.
Institutional trust has been eroding since Watergate and almost non-existent since Snowden leaks.
Seeing Apples name on the PRISM slide was a gut bunch, you dont and will never get blind trust anymore.
Saying this is similar to the anti-vax movement is so frustrating for me to read when special closed courts are set up in my country to deliver verdicts on the legality of data acquisition and they STILL found the GCHQ overeached and illegally spied on citizens.
The UK gov has even decided to not use the API provided by Apple here so if I could trust Apple (which I don't) its being undermined by the fact the government decided to take Palantir on to help make it and it looks like they are getting involved in the US effort too.
If you want to restore trust then stop fighting with users and give them control over their devices.
iOS is full of dark patterns and a few absolutely awful restrictions that are very anti user. It shouldn’t be surprising that the users don’t trust Apple.
(Hopefully this doesn’t come across as disrespectful, I think the work you guys have done on contact tracing is awesome.)
In your example, institutions built up trust and it was broken by some third party. Public health was compromised as a result.
In the case of privacy, the trust was broken by the institutions themselves (Facebook, Apple, Google, Microsoft, US gov obviously as well). Public privacy was eroded as a result.
Apple doesn't make it easy to be liked overall. For example, trying to get 30% of a company revenue to publish an app on ios store and push the arrogance all the way to ask a company to change its business model is insane. I'm not gonna go all the way to ask to be able to build or test things in containers, but at least do it easily in virtual machines legally without having to buy or rent some apple hardware for no good reason. Why not even being able to build ios apps outside of macos? There's no technical reason not to be able to do so neither.
For me, the discrepancy between apple marketing around the products and how it feels being stuck in the past as soon as having to build and support anything related to apple makes the whole company not likeable and not trustworthy.
We are culturally obsessed with "Luke, trust your feelings." There is something extremely wrong and dangerous with Star Wars and that idea to put away reason and just trust our feelings. Joseph Campbell what did you do?
Give me an example from history where everyday 'papers please' has worked out well.
There are many reasons to challenge broad authoritarian policy. Don't pollute the dialog with anti-vaxers, that shuts down a completely legitimate conversation that should happen in a healthy society.
Accepting wide-spread social tracking unchallenged is worrisome. I should not have to explain to intelligent minds why. The paths you open up when you allow something like social compliance tracking and scoring are just terrifying. Way more terrifying for our children than the immediate health problems.
> I feel like as a society we've swung so far away from institutional trust that now nothing good can actually emerge.
You frame that like society itself or the people that make up society are somehow at fault. Perhaps the issue is that elements of society like Apple have taken actions or have failed to take actions which would have engendered the sort of reaction that you would prefer to see.
If Apple wants my trust they need to earn it.
Why should I give Apple my trust again after being burned by them repeatedly?
If you don't trust Google and Apple when they say their API does what they say it does, then you can't use an iPhone or Android phone.
I understand that people are conscious about these things but what I don't understand is how people say "oh I'd never run an app using an API from google/apple, they have a horrible track record" and then carry a phone in their pocket with an OS from either Google or Apple, where those companies can basically do whatever they want. If you carry such a phone you already trust them. If this API does what it says it does (basically exchange random numbers) then how is that worse than what you already trust your phone to do?
The title of this article is incorrect. FTA: “Apple […] and […] Google on Monday said they would ban the use of location tracking in apps that use a new contact tracing system the two are building”.
Will be interesting to see if they can ban Indian govt. app[1] which needs full location access(clarified)[3]. A lot of people like this app(including me) but also know government does not have good track record in securing private data.
Previously Apple were made to bend their rules when India threatened to ban Apple devices if they don't allow TRAI Do Not Disturb app in 2018.[2]
I've been wondering about the UK contact tracing app because they seem to be deliberately misleading saying that data is secure on the phone, yet it's a centralised model, and they are using bullshit terms like "clinically secure algorithm" to describe the one-time codes;
Is the source code of these apps something that could be FOI requested from NHSx seeing as it is publicly funded by the tax payer?
I mean, imagine the repercussions of allowing third party apps to do this. It's tragedy of the commons for health info.
i.e. A crappy mobile app that spams notifications when you're around someone who was in contact with Covid infected. One which doesn't have any oversight and motivation other than mobile ad views.
Google have flat out banned any apps that have anything to do with combating COVID-19 if they aren't either funded by their government or are a registered health company. I tried releasing a symptom tracker app before Zoe released theirs and it was rejected for this reason.
Sure. It's maybe a bit unsettling to see a global corporate monopoly telling countries what they're allowed to do, but in this case it's the right thing.
I think it’s unsettling that were so used to companies and people with actual power doing fuck all to stand up to government abuses that it’s weird when it actually happens.
I trust a democratically elected government above a duopoly personally, and I'm not convinced the decision of how far to trade off privacy concerns against public health is one those corporations are competent to make.
Contact tracing with location tracking must surely be more effective than contract tracing without location tracking.
I'd quite like my government to decide how contact tracing should work in my country, instead of two companies making that decision. I cannot vote against Apple or Google if I don't like what they do.
Also, I'd like to leave my home without worrying about catching a dangerous and possible fatal disease, and if I have to sacrifice some privacy to do this then that's ok.
Privacy is important, and it's lovely that IT people care so much about it, but all the people on zero-hour contracts and with underlying health conditions would probably rather that we prioritise the most effective approach to eliminating the virus.
Its interesting that they call this a "Contact Tracing app" even after changing the naming to ExposureNotification.framework
I think these restrictions are meant to win confidence with a somewhat skeptical public. This will also confine the apps to be single purpose for contact tracing only.
The title says "ban use of location tracking", but the article says "will not allow use of GPS data". There are many ways to extrapolate a user's precise location from non-GPS data.
Can anyone show me an app in the wild that uses Bluetooth like or close to what the Covid apps wants to?
Why isn't HN talking about the technical side at all?
We know Bluetooth on phones can't do what the governments says it can.
We've all gone through the stage of, what if we used Bluetooth to track people indoors and do cool stuff! Then we realise you can't. The best we see is advertising maybe doing low quality beacons.
It like we think C19 makes the impossible possible.
We probably shouldn't call them "contact tracing" apps since what they plan to do is so different than manual contact tracing. "Exposure notification" is a better term.
Nothing prevents anyone from using their phone's location history to remember what to tell the contact tracing people.
covid19 has become a buzzword factory. Politicians popularize terms like "herd immunity" , "crush the curve", "testing", "ventilators", "PPE" etc to appear to be doing something. "Tracing" is the next in line, but it's a total sham. No country has been able to contain the epidemic with bluetooth. And all the countries that manage the epidemic have first waited until they have very few cases , which can be traced manually, and they did isolation well. As long as there is a high number of active cases, tracing won't work.
So, it's good that apple+google are banning those apps because they would be useless and a damn spying vector.
Bluetooth is only really an option for Apple, not any iOS developer. Slightly different for Google, where Android lets background apps use Bluetooth. So no country has tried to use bluetooth in their apps. Other than South Korea it sounded like contract tracing had been abandoned.
Would you rather nothing be done? This is potentially a big deal way to automate at scale that has no precedent. It's impossible to say this will/won't work, as it's never been tried.
We've been looking at digital contact tracing from the perspective of Australia, as we see a huge push for the COVIDSafe app, based on Singapore's TraceTogether app.
It seems the sensible order of questions is:
1) Do we have a contact tracing problem?
2) Does digital contact tracing generally solve it?
3) Is the specific app / implementation useful / safe / privacy-respecting?
It appears the national conversation almost entirely skips thinking about 1) and 2) and gets lost in the limited analysis of 3).
The post has a very city-specific view. (and it may have good points about that environment) Compare it to a regional town: minimal public transport, few/no dense residential buildings, no large offices. For me the app is literally a "does anyone I stood next to in the shop / petrol station test positive" indicator.
Location information, political preferences, socioeconomic status, photos, emails, search locations, to name a few. Is very dangerous that they are openly monopolizing access to everybody's life without regulations in place. I personally believe that Engineering teams do their best to anonimize individuals but reality is that other products teams such as Ads or growth don't do it
The idea that this won't be abused is nuts after seeing what's already been done by the likes of Facebook, Zoom, Microsoft and others. Privacy is privacy. No one has the right to take that away.
[+] [-] azinman2|5 years ago|reply
Note: All opinions (in this comment and all of mine on HN) are my own.
[+] [-] m12k|5 years ago|reply
[+] [-] fenomas|5 years ago|reply
Actually, with the exception of people working on standards committees, I think your comment may be the first time I've ever seen an Apple employee openly comment in a public forum.
[+] [-] bjz_|5 years ago|reply
[+] [-] killjoywashere|5 years ago|reply
[+] [-] choppaface|5 years ago|reply
[+] [-] arcticbull|5 years ago|reply
You don't work for the kind of employer that values someone sticking their head out and saying ... anything. They want to control the message, and saying anything may be worse for both you, and for Apple, than saying nothing.
Just be careful. Apple's got the people to manage this PR situation.
[+] [-] gonehome|5 years ago|reply
I wish people really tried to understand rather than just give knee-jerk negative responses to go along with their existing world view.
A lot of people are trying to do the right thing and working hard to do good. The cynical HN default response just feels like a lazy way to try and signal intelligence.
[+] [-] pjc50|5 years ago|reply
This is not an accident. A great deal of work has gone into destroying public trust and the capacity of institutions to make impartial decisions based on data. Partly from the profit motive, partly for destructive political purposes. And a lot of people in the tech industry and on here actively support the right to destroy that work by posting the most thoroughly debunked and dangerous lies on popular tech platforms - again for their own ideological purposes.
[+] [-] Legogris|5 years ago|reply
Given past track record of both companies, this is the only way I would ever have of not being skeptical.
[+] [-] AJRF|5 years ago|reply
Seeing Apples name on the PRISM slide was a gut bunch, you dont and will never get blind trust anymore.
Saying this is similar to the anti-vax movement is so frustrating for me to read when special closed courts are set up in my country to deliver verdicts on the legality of data acquisition and they STILL found the GCHQ overeached and illegally spied on citizens.
The UK gov has even decided to not use the API provided by Apple here so if I could trust Apple (which I don't) its being undermined by the fact the government decided to take Palantir on to help make it and it looks like they are getting involved in the US effort too.
[+] [-] swiley|5 years ago|reply
iOS is full of dark patterns and a few absolutely awful restrictions that are very anti user. It shouldn’t be surprising that the users don’t trust Apple.
(Hopefully this doesn’t come across as disrespectful, I think the work you guys have done on contact tracing is awesome.)
[+] [-] herdodoodo|5 years ago|reply
In the case of privacy, the trust was broken by the institutions themselves (Facebook, Apple, Google, Microsoft, US gov obviously as well). Public privacy was eroded as a result.
[+] [-] verve_rat|5 years ago|reply
[+] [-] stilisstuk|5 years ago|reply
One should never unequivocally trust for-profit companies.
Also: https://www.bbc.co.uk/programmes/w3cszcms
[+] [-] boudin|5 years ago|reply
For me, the discrepancy between apple marketing around the products and how it feels being stuck in the past as soon as having to build and support anything related to apple makes the whole company not likeable and not trustworthy.
[+] [-] adatavizguy|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] monkeynotes|5 years ago|reply
There are many reasons to challenge broad authoritarian policy. Don't pollute the dialog with anti-vaxers, that shuts down a completely legitimate conversation that should happen in a healthy society.
Accepting wide-spread social tracking unchallenged is worrisome. I should not have to explain to intelligent minds why. The paths you open up when you allow something like social compliance tracking and scoring are just terrifying. Way more terrifying for our children than the immediate health problems.
[+] [-] Teever|5 years ago|reply
You frame that like society itself or the people that make up society are somehow at fault. Perhaps the issue is that elements of society like Apple have taken actions or have failed to take actions which would have engendered the sort of reaction that you would prefer to see.
If Apple wants my trust they need to earn it.
Why should I give Apple my trust again after being burned by them repeatedly?
Does Apple even trust me?
[+] [-] alkonaut|5 years ago|reply
I understand that people are conscious about these things but what I don't understand is how people say "oh I'd never run an app using an API from google/apple, they have a horrible track record" and then carry a phone in their pocket with an OS from either Google or Apple, where those companies can basically do whatever they want. If you carry such a phone you already trust them. If this API does what it says it does (basically exchange random numbers) then how is that worse than what you already trust your phone to do?
[+] [-] Someone|5 years ago|reply
So, contact tracing apps that don’t use that system, such as the one from the UK (https://www.bbc.com/news/technology-52441428) still would be allowed to do location tracking.
[+] [-] karambir|5 years ago|reply
Previously Apple were made to bend their rules when India threatened to ban Apple devices if they don't allow TRAI Do Not Disturb app in 2018.[2]
[1] https://play.google.com/store/apps/details?id=nic.goi.aarogy...
[2] https://9to5mac.com/2018/11/30/apple-approves-india-dnd-app/
[3] https://paste.gg/p/anonymous/b7c95d3967514e78a652840b5b666d5...
[+] [-] AJRF|5 years ago|reply
Is the source code of these apps something that could be FOI requested from NHSx seeing as it is publicly funded by the tax payer?
Also they've already started moving the goal posts; https://www.theregister.co.uk/2020/05/04/uk_covid_app_human_...
This* came from NCSC - that image about the NHS version worries me greatly.
* https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contac...
[+] [-] lazyeye|5 years ago|reply
[+] [-] three_seagrass|5 years ago|reply
i.e. A crappy mobile app that spams notifications when you're around someone who was in contact with Covid infected. One which doesn't have any oversight and motivation other than mobile ad views.
[+] [-] jimmaswell|5 years ago|reply
[+] [-] xkyscore|5 years ago|reply
[+] [-] ramshorns|5 years ago|reply
[+] [-] Spivak|5 years ago|reply
[+] [-] fooey|5 years ago|reply
The most important thing is to get absolutely as many people possible using the technology.
Besides, for their own selfish reasons, neither Google or Apple want to be so blatantly attached to something that could be so easily abused.
[+] [-] fancyfredbot|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] cja|5 years ago|reply
I'd quite like my government to decide how contact tracing should work in my country, instead of two companies making that decision. I cannot vote against Apple or Google if I don't like what they do.
Also, I'd like to leave my home without worrying about catching a dangerous and possible fatal disease, and if I have to sacrifice some privacy to do this then that's ok.
Privacy is important, and it's lovely that IT people care so much about it, but all the people on zero-hour contracts and with underlying health conditions would probably rather that we prioritise the most effective approach to eliminating the virus.
[+] [-] flipgimble|5 years ago|reply
I think these restrictions are meant to win confidence with a somewhat skeptical public. This will also confine the apps to be single purpose for contact tracing only.
[+] [-] jb775|5 years ago|reply
[+] [-] tinus_hn|5 years ago|reply
If you disagree, could you please list ways you think this can be done?
[+] [-] crowbahr|5 years ago|reply
[+] [-] aaron695|5 years ago|reply
Why isn't HN talking about the technical side at all?
We know Bluetooth on phones can't do what the governments says it can.
We've all gone through the stage of, what if we used Bluetooth to track people indoors and do cool stuff! Then we realise you can't. The best we see is advertising maybe doing low quality beacons.
It like we think C19 makes the impossible possible.
[+] [-] skybrian|5 years ago|reply
Nothing prevents anyone from using their phone's location history to remember what to tell the contact tracing people.
[+] [-] buboard|5 years ago|reply
So, it's good that apple+google are banning those apps because they would be useless and a damn spying vector.
[+] [-] tobylane|5 years ago|reply
[+] [-] azinman2|5 years ago|reply
Perfect is the enemy of progress.
[+] [-] artursapek|5 years ago|reply
[+] [-] crushthecurve|5 years ago|reply
It seems the sensible order of questions is:
1) Do we have a contact tracing problem?
2) Does digital contact tracing generally solve it?
3) Is the specific app / implementation useful / safe / privacy-respecting?
It appears the national conversation almost entirely skips thinking about 1) and 2) and gets lost in the limited analysis of 3).
We had a deeper look at 2) in this recent piece:
https://blog.crushthecurve.today/why-should-you-install-the-...
[+] [-] viraptor|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] spicyramen|5 years ago|reply
[+] [-] ghuntley|5 years ago|reply
[+] [-] frankzen|5 years ago|reply