altairprime 3 years ago

OP misconstrues an iOS tracking dialog to support their complaint:

> The strange thing is that Apple introduced strict measures in iOS 14.5 to prevent developers from fingerprinting users.

The dialog text in their screenshot reads:

> Allow “App” to track your activity across other companies’ apps and sites?

Users refusing this permission are not prohibiting tracking by the company that issued the dialog. They are prohibiting the company from tracking users beyond the boundary of their corporation. Apple’s App Store app is within the boundary of Apple Corporation, and so the tracking dialog shown is not relevant to their complaint.

(I have no viewpoint to offer on OP’s argument beyond the logical reasoning error described above.)

  • tinus_hn 3 years ago

    Also Apple doesn’t have any incentive to ‘fingerprint’ App Store users because they are either logged in or using a unique identifier.

    • 2OEH8eoCRo0 3 years ago

      Sure they do. What if they switch accounts, usernames, phones, etc. More data is better.

      • tinus_hn 3 years ago

        If you do that, you lose all your apps and settings. Ergo, nobody does that. If you switch phones, you transfer the account. Also, Apple tracking what you do in their App Store is perhaps not very nice but doesn’t affect anyone in any detectable way so no normal person is going to go through the effort to avoid it, if they even know it is happening.

        • altairprime 3 years ago

          This argument’s logical error is declaring that an inconvenience takes higher precedence than the desired outcome.

          For example, I am seriously considering doing exactly what you describe as “nobody does that” — having to repurchase all my apps and redo all my settings — in order to complete my transgender name change. Apple refuses to purge my old deadname’s iCloud email address, and so if I want to remove it, I’ll need to start a new Apple account and re-purchase all of my apps and content.

          • judge2020 3 years ago

            It's extremely easy to disregard and disable any mention of your iCloud email address. You can set an apple id's email itself in settings -> user -> "name, phone numbers, email" which changes what nearly every part of the OS refers to. I forgot I even had one until I read this comment.

          • tinus_hn 3 years ago

            You are an extreme outlier, Apple is not going to risk their reputation fingerprinting users just so they can track you.

            If you truly have a request like this, send an email to the person in the executive team responsible for Apple accounts, they’ll probably have executive relations fix it for you.

      • altairprime 3 years ago

        This argument’s logical error is presenting unprovable beliefs as if they were facts.

        Apple may or may not care if users switch accounts. Only Apple confidential knowledge can prove or disprove this argument with certainty. In the absence of certainty, a best-faith effort must be made to determine whether their actions support or contradict these assertions.

        The claim “Sure they do” is unsupported both by available evidence and by a good faith interpretation of their material actions. Apple’s public statements and app store policies do not support the assertion “More data is better”. There is no indication that Apple is performing enrichment of accounts using third-party data.

        • Eisenstein 3 years ago

          This argument’s logical error is approaching a response to a statements as if it exists in isolation.

          The person you are replying to was merely offering an example to contradict a blanket statement without a factual basis, essentially that Apple does not track users because the user is already logged in. The respondent presented a situation in which that reason would not apply.

          Also, your way of engaging people in this way is annoying -- specifically starting every reply with 'This argument’s logical error' and then coming up with a seems-right-at-a-glance breakdown of their argument's faults. Are you doing it on purpose to annoy people?

        • blowski 3 years ago

          Starting every comment with “this argument’s logical error is…” is nauseating and hinders good conversation. Your point would sound better without it.

          • altairprime 3 years ago

            Everyone’s using my comment about the OP post as a launching point for their own discussions and arguments about Apple, that would have earned their own standing as top-level threads — and ideally, some would have displaced mine. So I certainly didn’t expect to wake up and see my comment earning so much attention. Hooray, I suppose. Anyways, I stand by my original point and the reiteration of it demonstrated in that chain of replies:

            Unsupported arguments based on misconstrued statements and logical fallacies waste all our time here at HN. Do better, please.

      • s3p 3 years ago

        What? If they switch devices and accounts, it doesn't matter WHAT is being "fingerprinted'... there's no way a unique identifier will persist across that type of change. Points for the theory though.

        • Dylan16807 3 years ago

          The context here is "fingerprinting" you based on what your fingers do.

          So that will persist across devices and accounts.

          And before you say that's crazy, location information can mean they only need to distinguish a handful of people at a time.

      • threeseed 3 years ago

        I remember credit cards being only usable by one AppleID.

        So switching accounts would not only mean you lose all of your App Store purchases, iCloud data etc. It would mean having to get a new credit card.

        That would make the likelihood of this scenario happening being pretty slim.

    • altairprime 3 years ago

      This argument’s logical reasoning error is to claim the absence of all incentive due to the absence of one incentive.

      Apple has access to the logged-in account’s properties, as you assert, but this does not rule out Apple having other incentives for tracking.

    • m463 3 years ago

      you can use an apple device without logging into icloud

  • helsinkiandrew 3 years ago

    > I have no viewpoint to offer on OP’s argument.

    This doesn't look like tracking or fingerprinting at all to me - they're logging user interaction (that many apps and websites have done for decades).

    Even if they didn't do this just about every click you make in the App Store results in a query to their backend for more information, presumably with the account id (so family, regional, parental control works).

  • amelius 3 years ago

    Whatever Apple is doing, it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again. Otherwise you bought a service, not a product.

    Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.

    • _Algernon_ 3 years ago

      That exists. It's called a dumbphone

    • coldtea 3 years ago

      The line is blurry with smartphones, as all kinds of "smart" functionality IS a service, and depends on contacting the vendor.

      >Also, I recall a case where MacOS was asking Apple permission whenever the user wished to start an executable. This is nuts.

      Not that nuts. It's intended to be able to blacklist malware and such and retroactively disable it, through notarization (basically, registering apps to Apple and them getting a kind of fingerprint).

      They could have done it with a local cache (and they probably do in some capacity), but it would still need to ask/sync every now and then.

      • amelius 3 years ago

        > The line is blurry with smartphones, as all kinds of "smart" functionality IS a service, and depends on contacting the vendor.

        No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.

        > It's intended to be able to blacklist malware

        Choice of blacklists, content filters etc. is also orthogonal to the vendor.

        • simonh 3 years ago

          And if you want a phone that works that way, they do exist. Personally I'm happy to offload most of that to one service provider, so I'm happy to use an iPhone. If that changes, I'll look elsewhere. Your mileage may vary.

        • coldtea 3 years ago

          >No, because you can make your phone work with other service providers. The dependence on the original hardware vendor is artificial.

          Yes. But then it wouldn't be a commercial commodity product, it would be more of a build-your-own DIY kit. Would it be as succesful?

          >Choice of blacklists, content filters etc. is also orthogonal to the vendor.

          Everything is orthogonal to the vendor, even choice of screen or disk.

          But most people don't like choice, want something that mostly works as is. And even for those that do the optionally increases the product complexity, maintainance, and error condition space (integrated vs mix-and-match).

          Plus, a few modular laptop and mobile phone designs never sold well.

    • simondotau 3 years ago

      The merits of your arguments aside, Apple is not obliged to sell you a device that satisfies your personal requirements.

      Apple most definitely sells you a service, which is a managed computing platform. Alternatives exist. (And if they don’t, that’s not Apple’s problem.)

      • amelius 3 years ago

        It's a different discussion but I don't buy the "alternatives exists" argument. There are huge network effects. Some governments even make apps only for the duopoly. Banks also. Yes, sometimes you can use websites instead of apps, but it is not the same thing. Alternatives exist only in theory. Companies should not have absolute freedom if this means that the freedom of the consumer is restricted in any way.

        "Alternatives exists" sounds a lot like this fallacy: https://en.wikipedia.org/wiki/Ergo_decedo

        The world isn't as simple as: there are companies and they can sell whatever they like, and there are consumers and they can buy whatever they like, because that would end very badly for the consumers.

        • endisneigh 3 years ago

          What do you mean in theory? You can buy a Pinephone today. If your government isn’t making web sites it seems like you should take that up with them.

          • amelius 3 years ago

            What you are proposing is entirely unrealistic. That's what I mean by "in theory".

            • endisneigh 3 years ago

              Why is it unrealistic? There are people who function fine without a phone at all.

        • simonh 3 years ago

          I agree there should be basic standards of service, disclosure, quality and safety that products should have to meet in order to be marketable. Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.

          Personally analytics don't bother me, I don't think they're a significant privacy issue. The service provider already knows almost everything you do with the service anyway, just as a requirement to provide the service. I don't believe that invasive regulation on the detailed behaviour and functions of a phone by governments is genuinely in the interests of users. I suspect that the detrimental effects would far outweigh the benefits, which would only be useful to a tiny fraction of users anyway.

          • amelius 3 years ago

            > Basically, purchasers should be able to have confidence in the products they purchase, so the question is what are the appropriate minimum standards.

            But what confidence do you have if the product you bought is tethered to the original vendor? What if they decide to do something that makes you unable to use the product?

            • simonh 3 years ago

              I don't have a problem with the original vendor. If the vast majority of users don't have a problem with a relationship like this, and think it's acceptable, then I don't see a strong argument for making it illegal.

              As for making the product unusable, they can do that anyway through OTA updates, which are applied at the user's discretion. If you think that's a problem then you should regulate that, not some other technical issues that may or may not be related.

          • chiefalchemist 3 years ago

            > The service provider already knows almost everything you do with the service anyway

            Knowing is not the issue. The issue is they use that understanding to their advantage, not yours. Their duty is to maximize shareholder value, not your health, happiness, and well being.

            I'm not saying don't use them. I am saying it's naive to trust so blindly.

        • simondotau 3 years ago

          > "Alternatives exists" sounds a lot like this fallacy

          The fact that an argument is superficially similar to an informal fallacy doesn't make the argument inherently fallacious. You can easily construct a variation of the same conversation which is structurally identical but is obviously not fallacious—

            Critic: "I want a banana, but I don't like the texture."
            Respondent: "If you don't like them, don't eat them."
          

          What the respondent said is only a fallacy if the purpose was to counter the criticism. But the criticism wasn't rejected. What was rejected was the unstated but implied assertion that the critic was entitled to a banana which satisfies them.

          Now let's turn that into an "alternatives exist" argument and replay—

            Critic: "I demand a banana that I do like."
            Respondent: "I understand your desire for a banana which suits you. However nobody is obligated to supply you with such a banana. Thankfully, alternatives do exist, such as the nectarine."
          

          That's not a fallacy. And it's not a fallacy to say that Apple is not obligated to make an iPhone which satisfies you. Especially because it's a statement of fact.

          If you don't like that you can't buy an Apple branded dumbphone, and you have failed to convince Apple to make it for you, perhaps try lobbying your government? They could pass a law which requires smartphone makers to also sell dumbphones.

          • happymellon 3 years ago

            I would like to access my bank, or my investment account, pay my tax.

            However in many cases I can only do that via an app, and apps are only available on iOS or Android. Your argument a based upon me being able to buy something from an alternative manufacturer, yet here we are. And I have to purchase Apple or Android to be able to function in society.

            If Apple isn't going to follow open standards yet be the largest phone manufacturer then we are going to have to regulate them. You don't have to be the only company to be a monopoly.

            • simondotau 3 years ago

              Did you reply to the right thread?

              If you did, what has any of that got to do with anything I wrote? How does your complaint relate to what I’m talking about? Which open standard, specifically relevant to your ability to access your bank account and do your taxes, is Apple not following? And how is that relevant to concerns over privacy?

              (Seriously, I’d like to engage with your argument but it seems like you’re confusing a discussion about the choice to buy a zero-tracking device with a unspecific complaint about standards.)

    • kmlx 3 years ago

      > it should be possible to buy a phone and not have it phone home without permission. And you should be able to use the phone without ever contacting the vendor again.

      don't connect it to the internet.

    • rplnt 3 years ago

      Apple doesn't even allow users to turn off Bluetooth or GPS (easily in a straight-forward way, it prevents you to make it easy). And while some of it is to provide a better experience to you, major reason is to provide service to other Apple customers.

      • hazz99 3 years ago

        Can’t you just swipe down from the top of the screen and press the Bluetooth icon, or am I missing something?

        • StockHuman 3 years ago

          That does not do what you think it does: that’s the button to disconnect from currently connected devices, not to turn off radios. Similarly, the airplane mode button above it will maintain Bluetooth.

          • 4ggr0 3 years ago

            I created a Shortcut for that, essentially a button on my homescreen I can press which actually disables bluetooth and wifi. And when my phone is connected to wifi, mobile data gets disabled.

            It's not perfect, but at least I don't have to open the settings app each time.

            • 2fast4you 3 years ago

              Why do you do that though?

              • 4ggr0 3 years ago

                If I turn off bluetooth and wifi I want them to be off.

          • rafram 3 years ago

            Turning Airplane Mode on and then tapping the Bluetooth icon will fully disable Bluetooth (gray background, not white). You can also just disable it in Settings. Apple’s argument, as I understand it, is that Bluetooth and WiFi don’t actually consume much battery, but non-technical users would habitually disable them to save battery and then complain that Location Services didn’t work well. Hiding the setting but keeping an essentially useless toggle prevented those non-technical users from making their device function worse while still letting them feel like they were saving battery life.

            • graftak 3 years ago

              Yeah but they forget about users who simple want to disable yet another tracking vector on their device.

              To add insult to injury, when you automate WiFi and Bluetooth to turn off when you leave your home you need to manually affirm this action via a notification every time.

              Super annoying.

sprite 3 years ago

This is nothing new. Apple has been tracking searches in the App Store, which apps you scroll past and which ones you tap on very far back, maybe even since the initial App Store, that's how they figure out how to rank various apps for various search terms (I don't know the exact formula but one of the components is CTR for a particular search term, others appears to be rating score, number of ratings, number of written review, number of total downloads, download velocity, given keywords, title, company name, trademark, update frequency, etc).

If you search multiple times for the same term you will see a slight variation in search results, that's how they give apps a chance to move up or down. IE they move you down one slot but you still outperform the app above in CTR, you probably should remain in your current spot, or move up. Another app gets moved in front of their current ranking and the app that got moved down outperforms it in CTR, keep things as they are.

beders 3 years ago

We use LogRocket to record all interactions with our front-ends and it's awesome for trouble shooting and also invaluable for our product managers.

They can see where users are struggling with the app and where extra-guidance is necessary.

I'm assuming many many many other apps and web pages are doing the same thing.

Nothing to see here.

  • yjftsjthsd-h 3 years ago

    That you find it useful doesn't make it not an invasion of privacy.

    • iLoveOncall 3 years ago

      That it's on your own app where you anyway know exactly which backend endpoint has been called by the user does.

      I really don't get the outrage about that, it's something that has existed for 15 or 20 years at least and is used a lot on most websites you go on.

      What private information do you think is sent to the vendor that would not be otherwise?

      • yjftsjthsd-h 3 years ago

        > That it's on your own app where you anyway know exactly which backend endpoint has been called by the user does.

        If it only exposed information the user was already sending, the vendor wouldn't bother with the spyware.

        > What private information do you think is sent to the vendor that would not be otherwise?

        Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.

        • adrr 3 years ago

          No one is modeling your state of mind because it doesn’t work. We do look at click stream data and try to push down the number clicks/swipes/etc to purchase. Everything is done on a cohort basis, there is no value at an individual scale.

        • dkdbejwi383 3 years ago

          > Depends on the app; I expect, for instance, market apps (Amazon, Walmart, etc.) to watch the user's every move to try and better model the user's mental state in an effort to get them to buy stuff that they wouldn't have done otherwise.

          Not being funny but I think you’re vastly overestimating the capabilities of most engineering teams.

          • Eisenstein 3 years ago

            > in an effort to

            Just because they may be bad at something doesn't mean they don't attempt it.

      • tyfon 3 years ago

        This attitude is why I hardly have any native apps on my phone and use a browser with ublock origin for it.

        You can see how valuable this tracking is by the amount of websites begging you to install their native apps. No thanks!

        • recursive 3 years ago

          Websites can still track everywhere you're tapping though. Wasn't that the original scare?

          • tyfon 3 years ago

            Yeah I know they do, but websites can collect much less data than native apps.

            I just try to minimize it.

            • scarface74 3 years ago

              What data can apps collect without you giving them permission that websites can’t?

              • wasmitnetzen 3 years ago

                A unique identifier which is 100% stable over multiple sessions for once. Which makes the rest of the data so much more useful.

                • scarface74 3 years ago

                  There are plenty of ways to uniquely enough identify a user on the web.

                • alickz 3 years ago

                  Why is that possible in native apps but not websites?

                  • wasmitnetzen 3 years ago

                    In the end, this is because the browser works for you, and the app works for the company.

                    • scarface74 3 years ago

                      You mean the browser developed by a adTech company, the browser developed by the company who gets $18B a year from an adTech company to be the default search engine or the browser created by a company who only survives because of the adTech company?

                • deafpolygon 3 years ago

                  My guess? They don't only get a unique identifier, but they get to know and link you to other more useful data using your Apple/Android device ID and so on, that they can use to track you across multiple user accounts. Something that browser fingerprinting can't guarantee 100% (but getting very accurate these days)

                  • scarface74 3 years ago

                    Apple specifically limits apps ability to get a unique identifier that can be used across apps. And the percentage of people who use multiple accounts is not even worth optimizing for.

            • tyfon 3 years ago

              I don't seem to be able to reply to your post, but to the sibling;

              I'm not an app developer so I don't know specific, but by the amount of websites begging you to use their native apps it is quite obvious that there is something they get from the native apps they can't get from the website that they are very interested in.

              Just try to go to the reddit website on a mobile (not old.) and see how fast they spam you with the app prompt.

        • scarface74 3 years ago

          So you don’t use native apps because they can track everything you do in the app so you use websites that can track everything you do on their site?

          • dibt 3 years ago

            They said "...a browser with ublock origin.." uBlock Origin is a content blocker that would help prevent tracking.

            • ehutch79 3 years ago

              But wouldn't they be able to infer what you clicked by the data loaded?

              If you block that data, most webapps, especially things like an app store, will be useless.

          • jesterson 3 years ago

            Cutting the shit out of website is much easier compared to app. I am doing it by default.

            • scarface74 3 years ago

              What extension allows you to block “hover” tracking and not “click” tracking?

              If the website is not using a third party site for tracking, you can’t block the owner from tracking and storing your interactions.

              • jesterson 3 years ago

                hover tracking is done by js, hence any js stopping would do.

                I personally use that + VPN that cuts the rest that sneaks in

  • KingOfCoders 3 years ago

    Hopefully you have declared that in your privacy statement if you sell in the EU.

  • croes 3 years ago

    We use cameras to record all interactions with our cupboards and it's awesome for trouble shooting and also invaluable for our product managers.

    They can see where users are struggling with the furniture and where extra-guidance is necessary.

    • dkdbejwi383 3 years ago

      I don’t think that’s a fair comparison. Screen tracking is essentially logging which UI elements users interact with and some metadata like the time, their device config, etc.

      It doesn’t necessarily require capturing video of the user.

      A better analogy would be hooking up a door open/closed sensor to the cupboard, and capacitive sensors that log the location of touches, so that you can analyse what % of users struggle to find the door handle.

      • yreg 3 years ago

        It's still a stretch since a cupboard can work offline while performing basically any action in App Store requires an API call anyway.

      • croes 3 years ago

        Yes, it's not fair. My phone keeps more privat data than my cupboard and I use and need my far less than my phone.

        Tracking invades one of my most used tools, and what's worse I can't see all the tracking that happens.

      • vorpalhex 3 years ago

        The user scrolled past "cancer patient therapy" and selected "cancer survivors forum". Then they uninstalled that and searched for "colon cancer support"

        Still think this isn't invasive?

  • jeroenhd 3 years ago

    This is exactly why I distrust all the apps on my phone and desktop unless I've grabbed them from some reliable open source repository. The disgusting entitlement to stalk me at every step and use me as a lab rat is exactly what's wrong with modern software.

    • roguesherlock 3 years ago

      Tbh I don’t see it as a huge problem as long as a. The data is anonymous, and b. they aren’t trying to sell the data.

      I mean if you choose to use someone’s service, you’d want it to get better. And one of the reasons they get better is by collecting feedback of what’s working, what isn’t.

      It’s very hard to nail down a good ux without feedback.

      • willis936 3 years ago

        Point B requires trust, which users shouldn't give to developers who collect as much analytics as possible. If you can't trust a company to respect a reasonable expectation of privacy then why would you expect them to not profit off of it? It's just all very quiet and down in the Ts & Cs, but that doesn't mean it isn't the logical conclusion if given exposure.

  • onion2k 3 years ago

    Now imagine what LogRocket could do with that data when they blended it with data from their other users, or if they augmented it with data they bought in from other services. Or perhaps LogRocket could sell the data to a broker, and then on to [Meta|Google|me].

    That's what you're doing to your users.

    I'd consider that something to see.

    (I don't have any evidence to believe LogRocket are doing this; LogRocket is just the example. Other tracking services exist, and they sure as hell do do this sort of thing.)

throwaway888abc 3 years ago

I believe Amazon, Airbnb, airlines and many others are doing / were doing same on their web pages too. It allow to provide better personalized (TM) experience and significantly increase ROI.

There is good book how it works in offline world. https://www.npr.org/2017/02/13/514322899/aisles-have-eyes-wa...

  • Tepix 3 years ago

    Just don't read it on a Kindle, another device which monitors everything you do (how long you remain on a page etc).

    • derwiki 3 years ago

      I think of all the tech I use that could track me, I’m most OK with the Kindle. All my books come from Libby so the Library Industrial Complex also knows.

      • Tepix 3 years ago

        I consider the books i read to be quite private information. Just think about medical or psychological books.

  • csommers 3 years ago

    Lots of companies use Glassbox to this degree.

  • cornedor 3 years ago

    There are so many sites that use Hotjar.

booleandilemma 3 years ago

I'm seeing a lot of comments saying things like "seems reasonable" and "of course", but I thought Apple was supposed to be for the privacy conscious? Why is HN not bothered by this?

  • bakugo 3 years ago

    HN is full of not-so-subtle Apple marketers. Every other day I see a post about how privacy-first Apple is, but when the truth actually comes out the narrative instantly shifts to "well who cares, everyone else does that, stop noticing things"

  • 2fast4you 3 years ago

    My view on it, Apple is the least of all the evils. Even if they seem to be getting worse advertising wise

jjallen 3 years ago

I don't know about you, but I basically assume every app is doing this. Is this really a surprise? Were not all apps doing this for a long time?

  • SCLeo 3 years ago

    Instagram? Facebook? Maybe.

    I certainly did not think Apple would do this.

    • maronato 3 years ago

      Apple isn’t the savior of privacy. Their privacy features will only go as far as they can market it, and only for as long as they can profit from it.

    • nisegami 3 years ago

      >I certainly did not think Apple would do this.

      Their PR department certainly earns their keep.

    • deafpolygon 3 years ago

      To be fair, they said they'd protect your data, not that THEY wouldn't collect it. They want to be the gatekeeper of it.

makz 3 years ago

Well at this point I expect this to happen for any input on any web page or app.

CharlesW 3 years ago

It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple or third parties.

I also wish they would've tried Lockdown Mode, at least.

  • HomePhone 3 years ago

    Per the article, other vendors do just that: “He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.”

  • gruez 3 years ago

    >It's interesting that the researchers assumed turning off the transmission of device analytics would also turn off the transmission of all app analytics, whether from Apple

    Given that the app store comes installed by default and can't be uninstalled, it seems fairly reasonable to assume that it's part of the OS. Therefore it's not unreasonable to assume that disabling "device analytics" would also disable app store analytics.

  • s3p 3 years ago

    Lockdown mode didn't exist on iOS 14 sadly

  • ThePowerOfFuet 3 years ago

    Lockdown Mode has absolutely nothing to do with any of this.

    • CharlesW 3 years ago

      Your assumption is that Lockdown Mode doesn't change the scope of telemetry data sent back to Apple, but we don't know this, which is why testing it would be interesting.

      • ThePowerOfFuet 3 years ago

        Your comment shows that you have misunderstood the purpose of Lockdown Mode.

vagabund 3 years ago

Seems reasonable enough

  • filoleg 3 years ago

    I was about to say, this is about as unsurprising and reasonable as Google Search listening to what you type into the search bar and which links on the search results page you click.

    • tinus_hn 3 years ago

      Many sites, probably including Google Search, also monitor where you move your mouse cursor, even if you’re not clicking. A lot less reasonable and more surprising.

      • filoleg 3 years ago

        Maybe on Windows, idk, but I am not sure how Google Search could do it on either iOS or macOS.

        On iOS, there is no mouse cursor, so there is nothing to track in the first place.

        On macOS, you have to give permissions on a per-app and per-domain basis. For example, if I want to let Google Maps use my current location, first I will get a prompt to give that permission to the browser I am using in the OS settings, and then I have to give that permission again from within the browser specifically for Google Maps. Also, the web browser shows which specific permissions a page I am on has, and I can revoke them at any given time. Same thing for tracking mouse cursor movements, except it is governed by the macOS accessibility permissions iirc, rather than location permissions, and I don't remember Google Search ever requesting that. Just checked, and the only app that has those permissions on my machine is Discord, and it requested those only when I attempted screensharing.

        Maybe I am mistaken, and there is some trick around needing permissions to track mouse cursor movements in a browser on macOS (especially given how complex in-browser JS execution behaviors have gotten over time). In which case, someone please correct me.

        I agree though, tracking mouse cursor movements is definitely a bit more surprising and unexpected than tracking what you type in the website's search bar. Which I would be way more surprised by it not being tracked. It's like expecting Amazon or Steam or Twitter to not track what queries you search for in their search bars (which all of them definitely do, as evident by you being able to look at your search history from within the website).

        • Someone 3 years ago

          AFAIK, all web pages can track mouse position, as long as the mouse is inside the page’s window, and they don’t need special permission to do so. See https://developer.mozilla.org/en-US/docs/Web/API/Element/mou... or https://stackoverflow.com/questions/7790725/javascript-track...

          • filoleg 3 years ago

            Ah, thanks for the links. I guess it makes sense, given that mouse-tracking within a specific web page is pretty much impossible to ban on technical level, since you can just place a ton of invisible pixels covering the entire page, and track the mouse hover events over them. And it would be impossible to block by browser too, unless the browser prohibits mouse hover interactions with components present on the page entirely.

        • tinus_hn 3 years ago

          Obviously Amazon knows what you search for on Amazon. But they probably also track what you type into the search field, even if you then delete it and never actually perform the search and even if you turn off the suggestions.

          Just like when you chat with a company through one of those web chat apps, they see everything you type, even if you delete it before you press enter to send it. That is tracking on the modern web.

      • phendrenad2 3 years ago

        It's still entirely reasonable. People often hover over things and get confused about animations, and so seeing where the cursor goes is essential to notice this.

      • worthless-trash 3 years ago

        Ah, this may explain why i get asked "if I'm a robot so frequently", I very rarely use moues for navigation and mainly use keynav.

lizardactivist 3 years ago

What else do they do, record your facial expressions and every sound you make while using the phone?

Talk about feeling like a lab-rat.

  • jmole 3 years ago

    They could, if battery life impact weren’t a thing. This is going to be the biggest “gotcha” with VR as well.

yrgulation 3 years ago

Every webapp with typeahead functionality does it. How is this any different?

  • speedgoose 3 years ago

    Apple is supposed to be good for privacy.

    • yrgulation 3 years ago

      Indeed. Asking the question not because i am defending apple, but just pointing out that this common practice. If you want typeahead there is no way around sending all keystrokes. Poor phrasing on my end.

      • yjftsjthsd-h 3 years ago

        So then it seems like the clear difference there is whether the user is getting meaningfully useful functionality by having their information given to the vendor. Although I'm not particularly impressed with the privacy implications of type ahead, it is at least an obviously useful feature in exchange for the user's information. What do we think Apple is giving the user in exchange for this information?

dangus 3 years ago

Unless this person shows us Settings > Privacy & Security > Analytics & Improvements, the only thing I can conclude is that they left the setting on and they’re confusing third party app tracking controls with Apple’s analytics setting.

  • Nullabillity 3 years ago

    Doesn't that just say more about how obtuse these settings are designed to be though?

    • dangus 3 years ago

      No. The settings pane has multiple sentence explanations for what the privacy settings do.

      You're asked whether you want to send analytics to Apple as soon as you set up any device.

  • smoldesu 3 years ago

    They literally say in the body of the first post, verbatim "(data usage & personalized ads are off)"

    If the "only thing" you can conlcude is user error, you must be unfamiliar with the insane amount of ambient telemetry iOS/MacOS collects even when disabling analytics (OCSP ring a bell?)

    • dangus 3 years ago

      "Data usage & personalized ads" is not the setting I'm talking about.

      Personalized Ads is a different setting than the one I described, located in the "Apple Advertising" section, not the "Analytics & Improvements" section that I think the relevant setting lives in.

      "Data usage" isn't the name of any setting on iOS, that phrase is too vague to be sure what they mean.

      This is why I say that I'd like to see a screenshot of the relevant settings panes. How do I know this person didn't accidentally flip them back on during an update?

      OCSP isn't relevant to this issue. It's not "analytics," it does not seem to collect personal data, anonymized or not.

      OCSP is used to verify/revoke certificates, essentially for the purpose of removing malware and spam, which is a basic function consumer-friendly OS: https://apple.stackexchange.com/a/420002

      To me that's a really legitimate use of a "phone home" when we're talking about commercial consumer operating systems.

mensetmanusman 3 years ago

After iOS 16 Apple asks for ‘analytics’ to improve iOS.

It is disingenuous of them to use the word ‘Tracking’ for everyone else and ‘experience improving’ for themselves.

  • comboy 3 years ago

    I mean, tracking lets companies identify you across different events. Apple doesn't need to ask for that when you are using iphone. I don't even mean it in a malicious way, just the fact that it will keep doing authenticated requests to their servers. They are not able not to track you while providing their services.

    (this is regarding your comment not the article itself)

  • yesBut00 3 years ago

    I bought an Apple device. Did not sign up to be anyone else’s payday. I want Apple to improve their devices. Don’t care if anyone else benefits from it.

    Really frustrating to live in a country that wants forced socialization if their is opportunity to make money off me, but otherwise I’m just a cost center.

    In no way does my use of an Apple device act as an open door for anyone else.

    I’m not interested in technology to help some coder feed himself but because tech is fun and intellectually interesting.

    • smoldesu 3 years ago

      > In no way does my use of an Apple device act as an open door for anyone else.

      Sure, as long as your definition of "anyone else" excludes the NSA, FIVE EYES, China, anyone distributing Pegasus, Akamai and the rest of Apple's contractors.

      • b0ngw4t3r 3 years ago

        Are you making a moral claim?

        You see a handful of corrupt government agents. I see a world where billions do not kill thousands of government agents.

        The public has made its choice. Some vain apes on HN who see deluded masses in need of rescue may in fact be the deluded fools.

  • dwaite 3 years ago

    You are still allowed to log into a google account. You are still allowed to set session cookies.

    The text of the prompt people are talking about is "Allow MyApp to track your activity across other companies' apps and websites".

    Third party tracking mandates permission. First party tracking and data sharing mandate disclosure.

  • interpol_p 3 years ago

    This is not what they are doing, though. As far as I can tell, Apple never does the kind of "Tracking" that is reserved for that popup — namely, using a unique identifier to track a user across apps & sites not owned by Apple

    The Tracking popup requests that the user allows an application to send a unique identifier which can be correlated by other apps, advertising networks, social media platforms (eg. like buttons, embeds, etc), in order to correlate a user's identity between different properties on the web in order to personalise advertising. AFAIK Apple does not participate in this form of tracking

    Apple does ask users if they want to opt-in to analytics (for Apple) and separately for third-party developers. This refers to allowing an application to submit analytics data purely for that application or for the operating system and not in a way which tracks the user between apps owned by different companies

    In this case Apple is violating their own opt-in analytics policy with regards to the App Store application. It appears to be collecting analytics data even when a user has opted out of submitting analytics

dncornholio 3 years ago

And this is news, why?

  • justapassenger 3 years ago

    Because Apple spends billions of dollars, for them fighting for user privacy and keeping all your data on the phone being a news.

s3p 3 years ago

Why are they looking at software from 18 months ago and not iOS 16?

seydor 3 years ago

It's for their own good

TheLoafOfBread 3 years ago

Apple iOS is turning into an Android, but without a headphone jack.

  • sphars 3 years ago

    Unfortunately, even most Android phones also are being made without a headphone jack nowadays

    • TheLoafOfBread 3 years ago

      But I can still find a phone with headphone jack. Can't do that with Apple.

  • tinus_hn 3 years ago

    Hate to break it to you but a few years after Apple made this daring move, almost all Android manufacturers have followed suit.

    • smoldesu 3 years ago

      Android manufacturers also started beveling their phone corners after Apple made it popular, not that it made the phones easier to hold or easier to manufacture. It might be hard to imagine, I know, but sometimes Apple makes the wrong decision.

jojobas 3 years ago

One doesn't become a near-monopoly to play nice, you should assume everybody does everything they can get away with.

harry8 3 years ago

Apple: Proof you can pay and still be the product.

It's like someone breaking into your house and rummaging through your desk taking photos because that suits them and there is fine print. One day as a society having a networked cpu involved in someone doing something won't make nearly every lawmaker, lawyer, judge and customer have their brain fall out of their ear and they'll actually be able to think critically about it and respond.

"But facebrick/goog/the stasi are a little bit worse so..."

  • coffeeling 3 years ago

    A much easier example: TV manufacturers. High end TVs cost a couple arms and a leg and the UI is still infested with trackers and ads.

    • harry8 3 years ago

      Sure but the apple enthusiasts tend not to accept that because they're all companies where the managment is in Asia with those making decisions raised in the various and quite different to each other Asian cultures, (Japan, China, Korea etc.) Obviously this distinction is garbage. Surveillance capitialism is an american innovation.

      Apple is as american as apple-pie. "If you don't pay for it you're the product." Comes up whenever Apple create yet another problem for which the "best" solution is to pay apple even more money.

      Apple customers are an Apple product they sell. Paying Apple does not remove you from that. No matter who is your provider you are the product right up until the point someone can go to jail for it. Fines are merely a business expense and treated as such.

      CEO can do time for breaking the rules. Whole different approach ensues.

      What rules? How to enforce? How to interpret? How to ensure the courts don't just have a mental breakdown, throw up their hands and pass because a cpu attached to a network is on the critical path of what was done that would be clearly, wholly and totally illegal if it were replaced with an army of workers and a mountain of paper and filing cabinets.

Vt71fcAqt7 3 years ago

I don't understand people still hanging on to the fiction that Apple is some sort of bastion of privacy. Do they know that google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches? If that's not "selling your data" I don't know what is.

[0]https://www.nytimes.com/2020/10/25/technology/apple-google-s...

  • phendrenad2 3 years ago

    This is like complaining that your soundproof apartment isn't giving you the right level of privacy because when you stand on a soapbox in the town square and shout "I wear pink underwear" everyone knows what color your underwear are. If you want privacy, why not, you know, use the privacy features? (Like chat messages, which are NOT sent to Google).

    • Vt71fcAqt7 3 years ago

      I'm not sure you thought this through... Apple does not care about your privacy if they are willing to sell it for $12 Billion. I don't have an iPhone, and I never complained about them. To be honest, it's not clear that you even read my message at all. For context, I wrote that comment in a different thread and it got moved here: see https://news.ycombinator.com/item?id=33527500

      • phendrenad2 3 years ago

        Who is Apple selling your data to for $12 billion?

  • derwiki 3 years ago

    I have an iPhone and don’t use Google search (I’m not logged in to any Google services actually, unless Apple Mail loading Gmail counts) so I’m pretty sure Google is not tracking _all_ users’ searches.

    • Vt71fcAqt7 3 years ago

      Yes, you are right. Additionaly, chinese users are not using google, although they are certainly being tracked. I've added the word "almost" into my comment. So it now reads:

      >google pays Apple "an estimated $8-12 billion"[0] to be default search and as a result track almost all iPhone users' searches

      • derwiki 3 years ago

        Appreciate the update!

  • heywoodlh 3 years ago

    Disclaimer: happy iOS and Android user -- I like both platforms and think both have strengths and weaknesses. Mostly a Linux user on desktop.

    > Do they know that google pays Apple... to be default search

    This statement comes off a bit ironic in the fact that you are pointing out a deal that Apple has with Google -- the current steward over Android -- as a reason that Apple isn't a bastion for privacy. This irony highlights the fact that one is often worse-off from a privacy perspective in using Android -- the main competitor to iOS -- because it is built with Google as a first party.

    I absolutely agree that there is an exaggeration of privacy with Apple. But in most cases, iOS does actually do privacy better than Android. Private Relay, App Tracking Transparency and Google not being a first-party in the development in the Operating System are things that come to mind. Additionally, according to a research paper done in 2021, Google collects around 20x more data (around 1+ TB every 12 hours) on Android compared to iOS (around 6 GB)[0]. Even if the methodology behind the paper wasn't perfect (which Google claims) I don't think anyone would be surprised that Google collects more information than Apple.

    My opinion is that the sweet spot for privacy on a mobile device is to buy a Pixel (for the great hardware security benefits) and go with a custom, de-Googled ROM like CalyxOS and try to use F-Droid for all your apps. For those who are even more hardcore, GrapheneOS is awesome.

    In my opinion, stock Android is far worse for privacy than iOS simply because of Google's first-party influence. And then if you go with a vendor like Samsung you not only have Google as a first party on your mobile device but also Samsung.

    The only option left if you want more privacy on mobile than an iPhone is to either flash a de-Googled ROM, like I said earlier, or to go with some sort of Linux distribution on mobile -- both of those alternatives come with huge downsides.

    (Sorry for the rant, I always find this topic interesting)

    [0] https://www.scss.tcd.ie/doug.leith/apple_google.pdf

    • Vt71fcAqt7 3 years ago

      I never said Google or android protect users privacy. Android violating users privacy is not to the exclusion of Apple doing the same even if to a lesser extent. Everyone knows how bad android is this respect. Yet there is this idea that Apple does care about users' privacy, and won't sell users' data, with apple themselves saying things like:

      >Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms.[0]

      and

      >In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s.

      This second statement, even if technically true, is incredibly disingenuous and misleading in light of the fact that typing anything that is not a URL into the safari search bar will by default cause tracking. _That's_ the issue here. "We don't sell your data, we just sell you to somone else that does"

      [0]https://www.apple.com/ge/privacy/approach-to-privacy/

      • heywoodlh 3 years ago

        Ah, yeah, I can see what you mean. Apple is definitely hypocritical, and it bugs me how they handle certain aspects of privacy. And the overzealous Apple crowd often behaves as though privacy is achieved just because they're using Apple products.

        iMessage is perhaps the most annoying offender to me because it's not end-to-end encrypted if iCloud backups are enabled -- meaning that my iMessage conversations have a high chance of not being E2EE on the other person's end.

        Hopefully it made sense why I compared to Android. Apple does seem like a bastion of privacy when compared to Android -- just because Android and iOS are the only mainstream options on mobile. I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).

        • Vt71fcAqt7 3 years ago

          If we define bastion to be that way then sure. I was using this definition:

          >an institution, place, or person strongly defending or upholding particular principles, attitudes, or activities.

          >I would love to see Linux become more mainstream in the mobile space but I don't think it ever will, unfortunately (even though Android runs a Linux kernel, I don't really consider it Linux).

          You may be interested in Nestbox[0] (not affiliated) which makes use of the madatory kvm in android 13 assuming latest kernel to run Linux in a vm with no root on android on pixel 6 and 7

          [0]https://www.patreon.com/posts/74333551

          https://twitter.com/kdrag0n/status/1589542963629395970

midislack 3 years ago

As Apple's in PRISM, I just assume everything on the device is sent to the NSA.

piyush_soni 3 years ago

Repeat after me, "You are the product" only when you buy an Android phone.