Apple's commitment to privacy and security is really cool to see. It's also an amazing strategic play that they are uniquely in the position to take advantage of. Google and Meta can't commit to privacy because they need to show you ads, whereas Apple feels more like a hardware company to me.
1. Google defaults to encrypted backups of messages, as well as e2e encryption of messages.
2. Apple defaults only to e2ee of messages, leaving a massive backdoor.
3. Closing that backdoor is possible for the consumer, by enabling ADP (advanced data protection) on your device. However, this makes no difference, since 99.9% of the people you communicate will not close the backdoor. Thus, the only way to live is to assume that all the messages you send via iMessage will always be accessible to Apple, no matter what you do.
It's not like overall I think Google is better for privacy than Apple, but this choice by Apple is really at odds with their supposed emphasis on privacy.
Enabling ADP breaks all kinds of things in Apple’s ecosystem subtly with incredibly arcane errors.
I was unable to use Apple Fitness+ on my TV due to it telling me my Watch couldn’t pair with the TV.
The problem went away when turning off ADP.
To turn off ADP required opening a support case with Apple which took three weeks to resolve, before this an attempt to turn off would just fail with no detailed error.
Other things like iCloud on the web were disabled with ADP on.
That chimes roughly with my experience, but to be fair ADP is designed not just for encrypted backups, but to harden the ecosystem for people who may be under the greatest threat. Worth noting that it has been outlawed in the UK and cannot be enabled, which makes me think it's pretty decent
That’s all fine, but then show the sender whether their connection is actually end to end encrypted, or whether all their messages end up in Apple’s effective control.
One might consider differently colored chat message bubbles… :)
ADP isn’t the default, and almost nobody who isn’t a journalist/activist/potential target turns it on, because of the serious (potentially destructive) consequences.
How does Google manage this, such every normie on earth isn’t freaking out?
> Apple’s solution affects your whole digital life
I don’t know if that’s generally true. I could lose my apple account and not really give a a damn. Not that I see how such a thing would happen, save for apple burning down all their datacenters. I’m running ADP
People don't always have enough Apple devices to justify confidence that they couldn't lose them all at the same time, which with ADP is a permanent death sentence if you don't have your recovery key.
(Apple says you can also use a device passcode; I'm not sure if this works if the device is lost. Maybe it does?)
I have 2 or 3 yubikeys associated with my account. I think apple does a decent job at communicating the importance of having recovery keys to the point where they deter those who can’t be bothered.
I'm always put off by the incredibly low limits on yubikeys. What's the point of having a security key if you can only have 25 accounts in its lifetime? What are you supposed to do, buy tons of keys and then figure out a system to remember which key each account is? Like fucking hell just let me use passkeys in iCloud Keychain. My bank's mobile app specifically supports only security keys and explicitly not passkeys for literally no reason because passkeys are practically just as secure as any security key. It's actually harder to specifically exclude passkeys and allow only security keys than it is to just use passkeys which automatically include security keys.
I still like to encourage people to watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details (from Apple’s head of Security Engineering and Architecture) about how iCloud is protected by HSMs, rate limits, etc. but especially the timelinked section. :)
That article (written in 2016) says that Apple will build unbreakable phones in the future. Now is the future. So it seems to imply that Apple phones today are unbreakable.
Also, where does the article discuss "all of these protections"? (HSMs, rate limits, etc.)
> So it seems to imply that Apple phones today are unbreakable.
Indeed. If you don't control the "unbreakable" security though, then the lock is not for your benefit.
> where does the article discuss "all of these protections"?
You could read the danged article, it's pretty clear about the vulnerability of proprietary mitigations. I hate quoting spoilers verbatim but here you go:
The sharper you get, the more important the work. But the more valuable the work, the craftier — and more determined — your adversaries. Every attack is more novel than the last. [...] By the time you land an engineering gig at Apple, you are a twitchy, tinfoily mess.
And it is in this spirit that you develop one of the most secure systems the world has ever known. [...] So adversaries be damned: You finally win on the merits. But who said anything about meritocracy? During the champagne toast, Mr. Fart steps from behind the curtain and pulls the pistol of last resort:
“Don’t ship this. Or else.”
Can someone explain what the real difference is to a consumer user between an iPhone and a Pixel or a Samsung device? Across all services, push notifications, and device backups.
Both promise security, Apple promises some degree of privacy. Google stores your encryption keys, and so does Apple unless you opt in for ADP.
Is it similar to Facebook Messenger (encrypted in transit and at rest but Meta can read it) and Telegram (keys owned by Telegram unless you start a private chat)?
There are things Pixels do that iPhones don’t, e.g., you get notified when a local cell tower picks your IMEI. I mean it’s meaningless since they all do it, but you can also enable a higher level of security to avoid 2G. Not sure it’s meaningful but it’s a nice to have.
Some of these companies don't make money from you, the end user, but by selling ads and data to more effectively deliver said ads.
Differences in capabilities, experience and implementation are all downstream from that. In other words, everyone pays lip service to privacy and security, but it's very difficult to believe that parties like Meta or Google are actually being honest with you. The incentives just aren't there.
With Apple, you get to fork over your wallet, but at least you seem the be primarily the user they've got to provide services to.
I think there’s also a topology chasm at play. Apple controls most of its hardware stack, with Qualcomm modems and Samsung displays, but the SoC is now Apple’s own. Google relies on rotating third parties to assemble the Pixels, hence poor QC. Samsung makes its own Exynos modems which they don’t dog-food and like Apple rely on Qualcomm instead, while Google still depends on Exynos.
Then there’s a big disparity across all Android hardware vendors. Google must cater to that more or less federated topology of Android devices. It’s much harder.
Yet I don’t see any technical blocker for an opt-in for an Apple-grade ADP in Pixels and Galaxies.
It’s all quite weird. Even with Google Passwords, how do I know that it’s E2EE if I can unlock it from a browser with just a device PIN? Lots of loopholes.
Addendum: this just in. Apple has much more to lose if they pull something like this; for meta, news like this... barely registers? At least I'm not surprised at all
I wonder how exactly Apple Intelligence works with ChatGPT and soon with Gemini. If I remember correctly, there’s no privacy there? If so, where’s the privacy boundary in Apple Intelligence?
Google pushes Gemini everywhere and wants to keep on to your interactions, with human reviews. While I applaud the transparency, having Gemini scrape my screen makes me uneasy. My frog’s not warm enough for that, yet.
And Gemini in Sheets and Docs is just a toy. Microsoft 365 Copilot is a step ahead but is wrong more often than not, at least from my interactions with them. Both very disappointing. No way to justify access to my personal or my company’s or clients’ information.
Apple promises something they call Secure Compute or so, don’t remember the exact name, which appears to be encrypted and randomized in their cloud compute, which is off-device. With iPhone being the most powerful to date (per GeekBench), Tensor Pixels will have to offload most of the edge compute to GCP, and Snapdragon Samsungs while being powerful (I have no idea but would assume) must follow the Pixel Android approach.
So AI features will exfiltrate even more personal information, occasionally, accidentally, or purposefully, and the user would have consented to that and the human reviews just to get access to the smart features.
> Can someone explain what the real difference is to a consumer user between an iPhone and a Pixel or a Samsung device? Across all services, push notifications, and device backups.
By default, Apple offers you at no charge: email aliases, private relay, Ask No Track barrier. These are just the ones I can think of right now. I am sure there are more. A big thing with Apple is not that they offer different privacy services but they make it EASY and SEAMLESS to use. No other company comes close.
Aren’t they part of iCloud+ only? Ask no-track can arguably compromise your privacy by fingerprinting.
I agree that the privacy controls on Apple systems are well-organized.
Still, it’s more important to have confidence that the privacy services are not smoke and mirrors with carefully carved-out loopholes. It’s one thing to provide something and hold the competitor as the litmus test, the other to sustainably live up to your promises, like the now pejorative “do no evil” slogan, with retroactive ramifications. There’s really little users can effectively validate about Apple’s privacy promises.
