The most persuasive argument for Apple as trustworthy on privacy was weak: that because they didn’t monetize data as rapaciously as Google or Meta, there was less incentive for them to spy on users.
But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.” But placing trust in a company on privacy due to the relative lack of financial incentive seems hopelessly naive.
Yeah this one has pissed me off generally. I'm slowly working out how the hell I get out of the ecosystem but I realise I'm heavily locked in and it's difficult so I'm going to have to do it very slowly and methodically.
Edit: just bought a desktop PC off ebay which I will install Ubuntu on and see how I get on.
I sympathize. It is probably the most difficult ecosystem to get out of. Nextcloud was one of the most important pieces of software for some I know who got off of Apple. You can setup your own private cloud or use a community server you trust to replace pretty much everything on Icloud: Files, photos, music, notes, tasks, contacts, calendar, passwords, bookmarks, facetime, and many more. Migrate everything there, and then you can switch to any operating systems you want.
At least when I de-appled in 2016, the local info database was accessible for things like MP3 ID info, but it required mapping w/ Python. Moving over to local PC storage was simple through USB (Ubuntu or Fedora as OS at that point, no doubt).
I don't know if it is as simple or if they have data checkout options. Good luck with it!
Oh I'm screwed. I'm fully in on Apple Photos, Music, Calendars, Notes, the lot. I will pull things out carefully one service at a time over the space of a few months or I'll get pissed off and give up.
One thing I am looking forward to is a keyboard that isn't shit.
I have a 14" M1 MacBook Pro. The keyboard is "ok" but not great. It occasionally misses keypresses when I'm typing fast or hit the edge of a key.
Also I never really got on with the keyboard layout. Some things are just better on other platforms like position of hash, usage of meta-keys and discoverability. I find, despite rarely using it, that I can navigate around windows 10 better on a keyboard than I can on a mac.
I mostly use my mac in "desktop mode" with an Apple studio display (that's the most difficult thing to give up) and a TKL Durgod K320 cherry MX red mechanical keyboard so I will reuse the keyboard for "the other platform"
Build quality on non-Apple machines have been rough for me. I burned through both an XPS 15 (caseflex causes restarts with keyboard use) and a Framework (random restarts, never could pin down the hardware issue even with mainboard replacement). The I've settled on a good ThinkPad and, honestly, I set the power settings simple and just keep it in a docked state. Never even think about it!
Yeah I have owned a few thinkpads. I went for a desktop because I am totally fucking done with owning laptops now. I don't need one so I'm not bothering any more.
I've been passively looking for a means to get my Notes in some offline format. So far I've just been exporting them to PDF which isn't ideal for me, but at least captures the note more or less.
You should be able to download the music you bought from iTunes DRM free. For the movies/etc, just pirate them. You already "bought" them so morally you're in the clear. For the software/etc, walk away from it. Sunk costs.
The hard part is if you have a lot of content on icloud. Ive yet to find a reliable way to pull content from icloud locally. Apples first party download service doesnt really work for large icloud accounts, the downloads just fail to complete and you have tens or hundreds of gb to download. Ive tried third party command line tools and they silently crash after a couple dozen files, as in they will just hang until I notice they have failed so I cant just automate something to restart the script after fail. I’m actually at a loss here how to migrate from icloud.
I have little software investment (mostly pixelmator) but I am using Apple Music subscription. I've paid for it for over 3 years so I think I've paid enough anyway...
not trying to start a distro war, but I would advise against using ubuntu for the time being as their custodian has been somewhat incompetent in recent years, and they have been forcing users to use their "snap" system. It may give you a bad first experience.
I haven't tried it, but I've heard Pop_OS! is a pretty popular distro these days. If you want something really lean and unobtrusive (though you may need more up front setup), you may want to look at an XFCE based distro (my personal favorite).
Just remember, most distros have live usb stick distros so you can always try out a bunch before you decide on the right one for yourself.
Thanks. Pop_OS! is a candidate for testing here already if Ubuntu doesn't work out. I picked Ubuntu as a first point because I grabbed a Lenovo Neo 50s desktop and that supports it out of the box. That will set expectation for hardware compatibility and issues for other distributions or variants.
I like Fedora and Pop_OS! I'd recommend Pop_OS! first for newcomers but Fedora is great for a work desktop if you're reasonably technical and don't mind upgrading at least once a year. Pop_OS! offers an LTS edition so you can stay with a release for several years.
I'd second mint for anyone who wants a "it just werks (TM)" experience with minimal configuration to throw on anything except a server.
For servers, these days I'd recommend Alpine on ARM architecture for a very good mix of high performance and having sane defaults set up so you can easily set up a reverse proxy, web server, etc.
OpenSUSE is nice. It has btrfs/snapper configured by default, which makes upgrades low-stress (if anything ever goes wrong, just reboot into the snapshot automatically created before every upgrade.) It also has a decent GUI (YaST) for system administration tasks.
I love OpenSUSE (esp. Tumbleweed), but every time I see a tutorial about ML stuff, they are using Ubuntu. I wonder if there's any inherent advantage to Ubuntu that other distros don't have (e.g., having some libraries preinstalled, sane default configs, etc.)
> I wonder if there's any inherent advantage to Ubuntu
No advantage, but Ubuntu is the most popular distro for regular users / tutorial customers. Ubuntu also has the widest availability of support resources, even though the information is often not Ubuntu-specific.
If you use a non-Ubuntu (or non-Debian-derived) distro, you'll need to do a little bit of package-name mapping to get the prerequisites installed. This is annoying but only has to be done once (take notes!).
The bigger problem I've had with ML libs is that they're very picky about version compatibilities. Once you settle on a set of working/compatible versions (libs, python, python pkgs), make some effort to preserve your sources. Package versions can get deleted from the official repos, be prepared to build from source, etc.
Controversial statement - with the amount of scrutiny, hate and FTC oversight over companies like Facebook I have more trust in their privacy than Apple. Apple weaponized privacy to be able to enter their competitors market, all while very openly lying it’s all about the user.
How is Apple lying that it's all about the user? Their support documents clearly outline what is E2E encrypted and their explicit justification for not locking iCloud backups is specifically because of situations where users are locked out of all their information because of a forgotten password.
Unless there's evidence that Apple has sustained a security breach as a result of this posture, it seems to me that they actually are caring about the user. The only incidents that I'm aware of with regard to Apple are social engineering and brute-forcing due to weak user passwords. Is there a situation or evidence that Apple is lying here?
1. It seems to me that they do care about user privacy. I haven't seen any evidence yet to suggest that they don't. Tim Cook, of all people, has every reason for this to be a priority and a truthful statement.
2. The privacy tracking controls only restrict tracking across apps and websites. Individual apps are allowed to collect data and it would be impossible for Apple to guarantee that an app couldn't collect data since they clearly can't be aware of every since implementation within the app. Notice what the terms for end-users explicitly state since a company like Meta can't get info from Apple about users across FB and Insta, for example, but may have ways to tie users together based on data they're collecting on the platform itself. Apple can't really stop that. They can only make it more difficult (which they have, as evidence by FB's reaction to the new privacy controls).
3. Where do you get the idea that they're not subject to the same restrictions? I don't see any evidence that this is the case.
> It seems to me that they do care about user privacy. I haven't seen any evidence yet to suggest that they don't.
I think it's about priorities. The way you can tell when a company cares about something is when you see them give up something else they want to have it. In the case of privacy, they could show that they care by not collecting gobs of telemetry about every time a user plugs in their laptop, every time an executable is run, and exactly what a user looks at in their app store, and for how long. But they do collect all this data because it helps them both with advertising and with "improving" the product (using scare quotes because it's not clear to me what metrics are used to gauge "improvement"). I don't see _any_ effort made to protect Apple's users from Apple itself, and that's the core privacy problem: the mere existence of a massive store of all this data presents a very real risk to users.
> Where do you get the idea that they're not subject to the same restrictions?
The lawsuit alleges that Apple is not subject to the same restrictions it imposes on others. From the article:
> Apple’s iPhones and other devices contain settings that purport to disable all tracking and sharing of app information, but the tech giant continues to collect, track, and monetize their data even after consumers have chosen to disable sharing, it said.
Logically, this suggests that iOS will restrict other apps from tracking behavior across apps/sites, but Apple is leveraging its privileged position as the device and OS manufacturer to remain immune to those exact restrictions.
>the mere existence of a massive store of all this data presents a very real risk to users
You're assuming this massive store exists with no evidence for it. One of Apple's central tenets with regard to privacy is that all the telemetry is done on device and never leaves the device except in an anonymized form. Based on what's been shown, this is still accurate. Apple is able to still collect data about how its users behave without any data that's tied to an individual.
>The lawsuit alleges that Apple is not subject to the same restrictions it imposes on others.
That is not evidence that this is true. From the lawsuit itself, they seem to be misunderstanding both how that info is used and how users have consented to it. I don't have enough information to say for certain but, based on the way the article and others are talking about the data and the video that's been presented that shows what data is being sent, there seems to be a misunderstanding between the settings that Apple provides that are meant to prevent cross-application and cross-site data collection with data collection from a single source. Additionally, I think they're making an assumption that the IDs being sent to Apple are shared across applications because I haven't seen any evidence to suggest that that's the case. That means that, unless some evidence is presented that proves it is being shared across apps, Apple is being truthful in what it's saying. It's collecting anonymized data that is then aggregated.
>to remain immune to those exact restrictions.
Again, that's not what has been shown so far. Until it's actually shown, rather than assumed, that Apple is using this tracking information across apps or across sites, Apple is doing what they say they're doing in their privacy policies.
3. Every other app has to ask user to "opt in", default is "opt out" while for apples own prompt the user has to "opt out", default is "opt in". This alone is evidence they are not subject to the same restrictions.
Not quite. Apps subject to ATT rules have to ask permission to permit tracking across apps and/or websites. All apps have to declare what personal information that they’re interested in. Here’s a link to Numbers: https://apps.apple.com/ca/app/numbers/id409203825?mt=12
It declares:
Data Linked to You
The following data, which may be collected and linked to your identity, may be used for the following purposes:
Analytics
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Diagnostics
Performance Data
Other Diagnostic Data
App Functionality
Contact Info
Email Address
Name
Phone Number
User Content
Photos or Videos
Audio Data
Other User Content
Identifiers
User ID
My bet is that the Stocks app says the same thing, and that people are confusing OS data collection permissions with app data collection permissions.
It is meaningful in that people generally have separate expectations from the OS itself than from apps. That is, IMO the current hullabaloo about the Apple stock app (which can be uninstalled), etc. is nonsensical as it would fall under the privacy declaration of the app, not under the OS itself—but it’s presented as an iOS problem.
It may be an Apple problem regardless, but OS settings about data collection do not control app settings about data collection. Should the apps have those data collection settings? Certainly. But now you’re getting into something that Apple would be building that you can guaran-damn-tee that they will force other applications to implement (because it’s good for the user).
You're being disengenous, Apple's own apps request location data the same as any other. I know this because of having denied the permission when prompted.
Yeah I just setup a new phone and the prompt is "would you like to enable location services?" then it lists the reasons it will use it, including weather, find my, etc. I typically hit disable there, and then manually enable it for the things I do want to give access to.
Do you have any evidence of this? Setting up an iPhone or iPad asks the user to opt-in to Apple's tracking. The only reason it would be opt-out is if you opted in previously and a software update has revised the permissions/tracking for that app. If you've previously opted-in, then the default is not opt-in. You're just seeing it that way because of your previous allowance.
Maybe youre right, that its remembering previous opt in setting and defaulting to opt when setting up new iphone, but I am 100% sure its not the same behavior for other 3rd party apps, they always default opt out regardless what option you chose the previous time you installed the app.
Could you be specific about what tracking restrictions Apple imposes on others which they don’t follow themselves?
My understanding was that Apple asks for user consent before letting ad networks track users across many apps run by different companies. Apple doesn’t do that themselves as far as I know?
> Unless there's evidence that Apple has sustained a security breach
I don't think thats a strong argument. FB's security was never actually breeched during cambridge analyitica. It was information given to a study by paid subjects, plus scraping of their friends graph, plus a fucktonne of PR to say how great their data was. Sure they had information on n million people. But they didn't have _detailed_ information.
With apple, they have unrestricted access to the location of you, your laptop and tags. With that you can work out friendship graphs. Not only that but all the information that every app collects plus a boat load more metadata.
If they cared about the user, they wouldn't be collecting this information, instead they seem to be wanting to muscle into FB and google's advert game.
But, dont get this as me saying meta/google are good. No, they are just as bad as apple, but with varying levels of PR.
This would only make sense if abusing personal data were actually illegal. As it stands, the FTC maybe has the power to create a slight inconvenience for the legal department, and only if something goes really bad to the point of creating widespread demonstrable harm.
The process for working with user data today at Facebook is super rigorous. Accessing anything requires requesting permissions which are auto expired. Any analysis build on user data is auto deleted without 24 hours etc.
I doubt many companies that haven't been hit as hard as Meta have the same sort of systems set up.
Apple always wanted to get into ads business, but the contenders were too strong and Apple doesn't have an edge for competition unlike Google Search, Amazon Marketplace, Facebook's user tracking etc... So instead of directly jumping into the business they decided to first level the ground with IDFA and ITP. The natural next step would be to monopolize user tracking data within the Apple ecosystem. I'm almost sure that this is "Manifest destiny" for Apple, but the question is "when".
Imo incentives-based reasoning is the only way of thinking about corporate behavior that isn't naive. What's happened here is that the incentives changed, which- maybe you could call it naive to assume they wouldn't
But there's also a bias, when presented with only two real options, of telling yourself that the less-bad option isn't just less-bad, it's actually good. Because it helps you sleep better at night and because there's nothing you could really do about it anyway. Same thing happens with two-party politics
> which- maybe you could call it naive to assume they wouldn't
Definitely. I think the correct way to think about public corporate behavior is as if they're psychopaths. I don't mean that necessarily with the negative popular culture connotations, but just that they will always behave in what they see as the optimal personal benefit regardless of what it does to others.
That's just what a large and for the most part anonymous ownership that expects growth coupled with a set of people to steer operations that is mandated to work in the best interest of those owners results in.
So, think about your relationship with companies as you would with a friend you suspect is a psychopath but is amiable and somewhat beneficial to associate with at the moment. Just because they don't have an incentive to spread all your private info around at the moment doesn't mean they won't have reason to later, so be careful what you expose, and trust them only as far as it makes sense to. They aren't a real friend, you're just using each other for mutual benefit, and that doesn't generally last forever.
> But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
This might about as clear-cut a case of unfair trade practices as there ever was.
FWIW the slight of hand mentioned here isn’t in the article. I presume it means the fact iCloud backups aren’t end to end encrypted with your iCloud Keychain passphrase, which was reportedly either:
A) because apple wanted to be sure you could restore a device to which you lost the key (not implausible user experience story, but one you could imagine folks opting into)
B) the FBI complained and they caved
C) both A and B
Note that iCloud backups include the keys needed to decode your ostensibly end-to-end encrypted iMessage history. Effectively key escrow, but they don't market it like that.
That seems like a bad way to think about security threats. The fact that the door is open at all is severely problematic, regardless of how many people have walked through it.
That wasn't my point. The OP suggested that Apple was being deceitful about its position that this posture is "for users". To me, the fact that a user can potentially (and accidentally) lock themselves out of their own data with no recourse is a justification for a more relaxed security posture that completely lines up with being "for users". If there is no evidence of a security breach as a result of this lowered posture, then the lowered posture is both "for users" and also worth it. I, personally, would rather have the higher security posture but I can't see any way for Apple to implement that that wouldn't result in someone's grandparent unintentionally locking themselves out of years worth of data. I already see it when people don't backup their phones (to iCloud, since it's so easy) and then lose all their data when they drop their phone and it gets run over by a car. Apple must see the trade-off as worthwhile to be able to offer users the ability to gain access to their data after an extensive verification process vs. having the strongest security posture possible.
I think you're missing a key difference here, though: Apple is not selling that data to their advertisers. The key difference between Apple's privacy argument and others is that your data in the latter case is being sold to those advertisers along with the targeting. Apple, on the other hand, is using your data to personalize what you see but none of that information is sent to Apple and none of it is sold to third parties. All the personalization is being done on your devices and you can turn it off if you choose to so that you just see generic advertisements that everyone else sees.
All together, I don't see how that makes Apple's trustworthiness weak in this space. In the current state of the internet, advertisement runs everything so they're still delivering on ads to their customers without selling your data or even giving those third parties a way to track you as an individual. That, to me, still equals privacy, at least as far as what Apple is saying.
If this is true I'd be genuinely surprised. Are you saying Apple's model is "Advertise through us. You'll get absolutely no feedback on the users who respond to your advertising. We will just send you a bill, 'x clicks * y cents/click'."
Without arguing about whether it should or shouldn't be and the other deeper considerations, I can't see that as a compelling use of marketing dollars.
No, I'm saying that Apple is promising advertisers aggregated data about their ad performance and people reached without ever handing over individualized data. Apple, like they do with all of their third-party services, is acting as the gatekeeper between users and advertisers/third parties. They're leveraging user trust in their brand/company to say "we'll provide you with data" to advertisers while being able to tell users "we don't share your individual data with third parties". It's the same reason they insist on Apple Pay being the only method of payment for apps within the app store. They don't want to lose user trust by allowing apps to collect payment information from users. Some people think they're doing it to take advantage of their position as the device manufacturer (not a stretch, in my opinion) but I think their consistency across all devices and platforms makes the argument that they are actually doing what they're claiming for the reasons they're stating.
I've responded elsewhere but the big difference is that Apple has always operated this way while FB and Google have changed their positions. Since they have had prior data breaches, it's not difficult for a malicious actor to use old data combined with new data to restore data models. The only situation where this wouldn't apply would be for users whose accounts were created after the policy changes.
They do now but only because they leaked a bunch of individual user data models in the past. Apple has always operated this way so there's nothing for someone to tie together. Facebook's position is basically useless when someone can recreate user data models for anyone that was on FB before the policy change.
Google is currently in a lawsuit brought by several states in the US for tracking users without their consent because they continued to track users after people explicitly denied/disabled that tracking. While I did say "leak" in my original response related to Facebook, I think arguing that is a little pedantic since my point was that Google/Meta have a history that Apple does not. Google's history wasn't necessarily with leaking data but moreso collecting and selling data that they told users they weren't collecting/selling.
There’s probably something to be said for targeting simply the group of people who are on apple devices, given they as a group tend to have higher disposable income. Marketers did their work without direct metrics for a long time, it’s not impossible.
Apple would undoubtably not be able to charge as much as they could if they had those sorts of metrics to give, but there is a value proposition there.
Meta is also not selling data to advertisers. Advertisers buy ads and Meta decides who sees them. Advertisers only find out who sees their ads once they click on them.
Now. This is a policy change that was a direct result of the Cambridge Analytica leak. Cambridge explicitly used the cross-site and cross-app tracking to build the models that they sold to people/companies/governments.
Facebook was not selling data then either. Users gave their explicit consent to Cambridge Analytica to use the data in the surveys. The mistake Facebook made was giving Cambridge Analytica access to those users' friends data, which qualifies it as a data breach. Again, Facebook never sold data to third parties.
That's not accurate. Facebook sold the data to Cambridge Analytica. You're right that users gave consent for their data to be used but the data bundle sold to Cambridge Analytica included data that was not collected in the surveys. The entire issue wasn't just that FB gave CA access to those users' friends data. It's that they sold it to CA insomuch that CA was paying FB for that additional data.
>"We have to seriously challenge the claim by Facebook that they are not selling user data," commented Damian Collins MP, chair of the UK Parliament's Digital, Culture, Media and Sport Committee.
>"They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together. This is just another form of selling."
Did Cambridge Analytica pay for access though? IIRC they just created an app that utilized the "Login with Facebook" feature which then gives the developer some metadata. I've looked around but couldn't find any sources on whether or not Cambridge Analytica actually paid for this access.
This is not true at all. It matters from both a principle standpoint and also a data availability standpoint. If I tell you that I won't sell your location info to people starting today but I was selling it in the past, how difficult do you think it would be for someone to use that past information along with current information to figure out what your favorite restaurant is or where you work?
It matters very much that a company only stops selling or tracking your info because they got caught or had a data breach. Look at Google right now. They're being sued by several states for tracking location info for people and then selling it to advertisers without those users' consent. It matters very much to me if Google is suddenly claiming that they're privacy conscious because their actions explicitly speak to the fact that they're not.
Meta has swung hard in the other direction. Now privacy reviews are so comprehensive that development speed is significantly hampered. Some teams say they're half as productive as they were before the privacy-first changes. Meta seriously does not want to make the same mistake again. Source: I'm an engineer at Meta.
That's good to hear but it doesn't undo the reputational damage from the past. Even if Meta says they're privacy-conscious, I already don't trust them because they were willing to exploit it for gain and recently at that.
There has been some weird misunderstanding on the business models of ads network. They have zero incentive to sell user data to advertisers or whoever else. That data and model is the only meaningful difference between ad networks, advertisers and their potential competitors, beside of established infrastructures. You don't sell your strategic weapons to your enemy right? They may provides some targeting and contextual information for bidding, but given that many ad networks are moving to automated bidding systems I think this also will be gone eventually.
Microsoft has also never sold your data to advertisers. And yet I despise them for collecting my data and not giving me the option to turn that off. Apple is now doing exactly the same thing. So I despise both Apple and Microsoft equally.
But hey, at least I can game on my Windows PCs, so...
> App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.”
I don't get why these are automatically considered sinister. Measuring how people actually behave is an excellent way to improve your product. If this is done with sufficient care and anonymity, with no financial incentive to betray the user, I don't see the issue at all.
People don't like being watched. There's additional cognitive load in having to decide all the ways you might later regret giving that information away.
Once the information is out the door, it's out. You can't recall it. Apple or whatever company can have a change of leadership, mission or strategy that's incompatible with your values. But they still have your data and likely still can claim they have permission to use it.
For those of us who are older, it's also just discomfiting. We had at least a plausible illusion of privacy in our homes and our comings and goings. Now you have to take drastic and active steps to preserve privacy.
That's not to say I am fully against telemetry, but you asked why they're considered sinister. I think companies or organizations have a lot of work to do in order to comfort users.
> Measuring how people actually behave is an excellent way to improve your product.
It might be if done correctly but often telemetry is only used to justify existing wants. A typical example is removing a feature that isn't use a lot even though a) users might want the feature but don't even know about it because it is too hidden (which might even have been done intentionally as a first step preceding the telemetry-based removal) or b) might not be needed often but is absolutely essential in some cases. Like other statistics, telemetry can be used to justify almost any choice.
Meanwhile the same people using telemetry will happily ignore users trying to talk to them directly, including those users that make it clear that they don't want telemetry. So if you aren't going to listen to users why should anyone believe that your use of telemetry is going to be in those user's interest.
> If this is done with sufficient care and anonymity
And as a user you have no way of knowing that it is.
> with no financial incentive to betray the user
When is there not a financial incentive to betray the user? Any use where telemetry even makes sense is already a few to many relationship where users are at least somewhat replaceable. Data breaches are common but usually there are no real consequences for those that collected the leaked data even though they didn't really need it. Even intentional acts like selling the data will be forgotten soon enough, that is if they even come to light in the first place.
To me it's an issue of consent. And not the "agree to us collecting everything or GTFO" kind of consent that companies love to stick in their EULAs. Telemetry is fine as long as I have the option to disable it completely. If that option does not exist, my assumption is that there is a revenue-generating reason why this stuff is being collected and it's not just being used to "improve user experience".
I'm confused about this entire thread and the lawsuit considering that, as far as I can see, Apple's privacy statement explicitly says "across apps or websites". There's nothing about the privacy policy that states that they can't track you within a single app. I don't see any evidence, in the video or otherwise, that what's going on and what's shown is going against that policy. Maybe I'm naive to think that Apple doesn't cross-pollinate this data but I don't see any evidence to suggest that that's not the case or that any of this is malicious.
> If this is done with sufficient care and anonymity, with no financial incentive to betray the user, I don't see the issue at all.
Even if a public company somehow managed to pass all of those caveats today the moment their leadership changed it would all go back out the window. And even a private company might go public or change leadership.
Facebook was one of the first big companies to implement https in a non-payment / checkout page. They also have not suffered a data breach as far as I can remember.
So your data is safe with Facebook too.
The only difference that I see between Apple and Facebook is that Apple is doing the labeling of its users on device, while Facebook does it on the cloud.
At the end the result is the same: targeted ads to specific classes of users.
“In the 2010s, personal data belonging to millions of Facebook users was collected without their consent by British consulting firm Cambridge Analytica, predominantly to be used for political advertising.
The data was collected through an app called "This Is Your Digital Life", developed by data scientist Aleksandr Kogan and his company Global Science Research in 2013. The app consisted of a series of questions to build psychological profiles on users, and collected the personal data of the users’ Facebook friends via Facebook's Open Graph platform. The app harvested the data of up to 87 million Facebook profiles.
[…]
Aleksandr Kogan, a data scientist at the University of Cambridge, was hired by Cambridge Analytica, an offshoot of SCL Group, to develop an app called "This Is Your Digital Life" (sometimes stylized as "thisisyourdigitallife"). Cambridge Analytica then arranged an informed consent process for research in which several hundred thousand Facebook users would agree to complete a survey for payment that was only for academic use. However, Facebook allowed this app not only to collect personal information from survey respondents but also from respondents’ Facebook friends. In this way, Cambridge Analytica acquired data from millions of Facebook users.”
Here's Zynga doing it in 2010 [0]. Obama campaign crawling the social graph hoovering up 10s of millions of users [1].
"We ingested the entire U.S. social graph," Carol Davidsen, director of data integration and media analytics for Obama for America, told The Washington Post this week. "We would ask permission to basically scrape your profile, and also scrape your friends, basically anything that was available to scrape. We scraped it all." [2]
Facebook has had several high profile data breaches, 530 million users' data in an unsecured database in 2019, and several issues surrounding data sharing with third party apps on their platform.
> At the end the result is the same: targeted ads to specific classes of users.
Is there any evidence that Apple is using the unique identifier for advertising? Also isn’t the unique identifier necessary for users who actually opt-in to tracking?
What Apple does with all the data they collect may be one of the best guarded secrets in the world. Assuming they invest heavily to collect the valuable data and do not use it for financial or power gain does not make any sense.
I just opened Apple News, it has a for you page and it shows me articles that are interesting to me (tech and cars), and a nice ad below them for cheap car loans.
How did the Apple server know what articles to serve me? I never asked for them explicitly.
So I was labeled as a user that likes tech news and cars, and the server automatically sends me stuff relevant (articles & ads) to these labels.
But once they introduced new privacy controls, they seemed to suddenly start investing more seriously in their own advertising network. That, and the encryption slight-of-hand with iCloud, makes the cynic’s case for them.
App telemetry, metrics, etc might get handwaved away with a sinister phrase, like “essential for improving user experience.” But placing trust in a company on privacy due to the relative lack of financial incentive seems hopelessly naive.