I'm really tired of how much phone-home Apple products do these days. At this point I don't even put a SIM in my phones any longer, and only permit them access via a travel router (which does have a SIM, for LTE backhaul) which runs a VPN client and on which I have root to inspect/block traffic. My latest blog post shows the dozens of dozens of connections that a Mac running Big Sur will make just sitting idle at the desktop on a fresh install.
Apple's products are only private if you want privacy from their commercial competitors. If you want privacy from Apple or the US federal government to which they provide tons of user data (without warrants(!) or due process), you're in for a constant uphill battle.
Using everyday devices should not be creating hardware-serial-linked permanent records that the state can download at any time; to me that's stuff of a true dystopia.
Apple has not yet integrated this viewpoint, and seem to regard privacy as only important against companies that aren't Apple. Device backups (full message history and attachments), as well as Photos stored in iCloud, are not end to end encrypted permitting Apple (and by extension the state) to read and access all of it without your involvement.
It's a bummer they're extending this attitude to browser-related traffic too. There seems to be a new trend inside of Apple that they're still figuring out here (see also: the addition of ContentFilterExclusionList in 11.0, and then its quick removal in 11.2).
Did you know that if you entirely block access to all Apple hosts, you can't even add a Gmail account to an iPhone?
I wouldn't call it dystopia, it's just that as technology is eliminating these barriers to entry for such sort of thing, it's inevitable to have happened and will become more pervasive as the tech develops further. And you can't fight it either as long as you're in their ecosystem, as you'll be one man against an army of engineers working 9-5. Linux, open-source, opting out of personalized solutions - that's the only way, and it's still a battle you can't win, just delay the loss.
Very few of us want end-to-end encryption of everything. People say they do, but they really don't. For example, full e2e means that Apple can never access your content with having your password. This sounds great unless you've ever worked tech support. The first time someone loses their mind because they forget their phone's PIN and now can't access their wedding photos, which of course they've never backed up anywhere else, it becomes apparent that most people want Apple to be able to access their stuff as long as it's in service of doing something convenient for the person.
You and I want true e2e everything. We have our encryption keys backed up safely. We make ourselves enter our passwords regularly enough that we can't forget them. We willing and capable of taking full responsibility for protecting our data. You and I are not like most people. They don't want to be bothered with "all that nerd stuff". They just want all their photos to magically show up on all their devices, and to have a support person they can call to let them in when they've forgotten their password for the second time this year. That doesn't mean those people are less intelligent, or ignorant, or any of that. It means they have different priorities than you and I do, and their priorities are absolutely reasonable and appropriate for most people. They look at us and say "WTF, those guys don't work for the CIA. Why are they so obsessed with protecting their recipe collection and text messages, at the risk of losing all their data if they forget a password?" And frankly, that's a completely OK and normal mindset.
Apple's privacy stance is the correct one for the market they're trying to sell to. I personally think your and my privacy stance is better, but most people would reasonably say it's impractical given the threat model we actually face. I'm OK with that because I like doing these things for myself as a hobby, but I don't think Apple has made a bad or unjustified decision. They just different priorities than we do.
> The first time someone loses their mind because they forget their phone's PIN and now can't access their wedding photos, which of course they've never backed up anywhere else, it becomes apparent that most people want Apple to be able to access their stuff as long as it's in service of doing something convenient for the person.
This is a false dichotomy.
Apple had invested significantly in doing a form of key escrow with trusted other devices and other users, possibly involving secret sharing with trusted friends-and-family, that would permit users to have end-to-end encrypted data that could still be recovered without Apple having keys.
Apple employs tons of world class cryptography experts, and has designed several end-to-end cryptosystems, and is perhaps the foremost leading expert organization on what comprises good UX "for the rest of us". This is a solvable problem, and the "they can't do e2e because" excuses that people throw up (such as the one you provided) fall down when we see that they had a system ready to go that was ended on the initiative of those who would prefer surveillance.
Even Google figured out a way to do e2e device backups for Android in a privacy-preserving way. Apple is at least as competent as they are at designing cryptosystems, possibly more so.
The technical issue can be solved, but not as long as Apple doesn't want to upset the FBI.
Apple devices have been found to phone home much less frequently than the alternative.
>A new study has found that a stationary iPhone sends data 50 times less frequently to Google's servers than a stationary Android phone.
That's according to a 55-page report titled 'Google Data Collection', carried out by Professor Douglas C Schmidt, professor of computer science at Vanderbilt University.
The study comes as Google faces criticism and now a lawsuit over the revelation that turning off Location History does stop it tracking iPhone and Android users' location.
>According to a research paper published by Vanderbilt University's Professor Douglas Schmidt Aug. 15, Google’s Android phones are sucking information from your private life at a much higher rate than Apple’s iPhones — almost 10 times more, on average.
> to Apple at all times (to APNS, for the receipt of push notifications)
Push notifications can't be implemented otherwise... so you'll have to trust Apple for that one.
Mozilla Push Service is the Mozilla equivalent for example. Push notifications are an expected feature of every device nowadays, routed through a server owned by the OS/browser provider by design.
> This happens on a device with no apps installed, with no apps running. No Apple ID. Fresh install.
On a fresh install you have Software Update, News, Safari, iTunes Store, App Store, Stocks, etc. which are all going to be a part of polling for available push notifications. When a new device update releases you will get a notification about it, even without an Apple ID signed in.
Yes, locally running apps can trigger time-based notifications but all network-based notifications should be handled by Apple's push services as iOS doesn't allow long-term persistent background tasks due to battery drain and it doesn't make sense for every app to have its own individual polling occurring at random times.
It's yet another thing added to the long list of things that Apple devices phone home to Apple servers about, even if you don't want to use any Apple services and opt out of all of them (all that
you can; App Store/Apple ID is mandatory as there is no sideloading).
Does the specific feature mentioned in the article have to do with any of this? I fail to see how this proxy can be abused by Apple as you seem to be implying because they won't be able to see the contents of the queries, which is secured by TLS.
Really nice post there! Enjoyed reading it.
(Also agree with the bit regarding xps 13. I was given one at work and they expected me to have a 'wow' reaction to it and made remarks what a 'beast of a machine' I was getting. Lol.)
edit: typo.
Am I the only one who thinks that this is a neutral move with some pedestrian reason like "we'd like to be able to dynamically change our Safe Browsing endpoint in the future" or "let's not hardcode our API keys into Safari"?
Definitely not... because there's no need to proxy all the requests just to be able to dynamically change the endpoint (or other details about how/if it accesses the safe browsing endpoint).
In aggregate, that's not insignificant traffic, so you wouldn't want to use your own resources to process it without a worthwhile reason.
Apple servers are whitelisted in adblocking and firewall APIs, so this move makes sure Safe Browsing works when the user or some app messes up with those.
Why would apple's servers be whitelisted but not google's? Considering all the google devices/software out there (eg. android, chrome), not whitelisting google is probably going to cause more issues than not whitelisting apple.
Again, like I said previous comment google runs a bunch of other services that you can't just block the entire google ASN and not expect stuff to break. As for who's doing the blocking, there are basically two groups: enterprise sysadmins (or their vendors) and hobbyists running pi-hole at home. The former would certainly care about breakage, and likely isn't concerned about ads. Not to mention if they block safebrowsing (or google software updates) and they get hacked because of it, that'd look really bad on them. Hobbyists would care less about breakage and more about ads, but I suspect the same hobbyists don't care much for safebrowsing and probably has it disabled so whether it gets whitelisted or not is irrelevant.
I think that's Google's problem and very much a scenario they created for themselves. I'll give Google a lot of credit for serving the majority of their ad content off of intentionally distinct server groups but that line has been getting greyed and, if they make themselves untrustworthy, that's on them.
The point isn't that you must trust google or anything, but that if you are serving users other than yourself, blocking the entirety of google isn't a viable option. In the case that you're only doing it for yourself, you likely have safeblocking disabled or know how to whitelist the safebrowsing endpoint yourself (it's a separate domain) that it's a non-issue.
> if you are serving users other than yourself, blocking the entirety of google isn't a viable option
This is a fair assumption to challenge. Lots of developers co-mingling their traffic with an ad company doesn't mean everyone has to whitelist their servers. It's an impediment. But Apple has navigated those.
Why should we allow stuff just because “stuff breaks”? It’s totally fine to have “stuff break” if they don’t benefit the objective laid out. We “break” a lot of stuff in our society with our laws.
It is fine to break stuff even if it is popular as it doesn't achieve the overall objective. There's no compulsion to allow something just because it is popular.
Nope. Mother Nature doesn't have to care whether her rules are popular, the laws of thermodynamics are actually very unpopular, but they apply anyway.
However people can disobey our laws and so if they aren't popular enough they're worthless. The UK used to have laws controlling the ownership of dogs. Each dog required a license, licenses were taxed and you could be refused a license. But that law was very unpopular, and so it was abolished - not because licensing dog ownership wasn't a good idea, but because even if it was a great idea it was too unpopular to succeed.
The laws of thermodynamics are incredibly popular. The explanation they provide for the ticking of time, and how they enable us to produce incredibly efficient systems is fantastic.
Without the human invention of entropy, we'd have no clue why our perpetual motion machines aren't working.
For the mechanics those laws describe, they're great too. Pretty sure there would be constant unwanted explosions everywhere if energy could keep transforming in any way where it's conserved. I like that my table doesn't decide to be a bomb at random
And those laws have no effect on what should be whitelisted and what shouldn't. Let's not argue for the sake of arguing. The aim is to not debate but move the discussion forward. I don't see that happening.
In the context of this discussion (blocking at enterprises), I doubt any sysadmin is going to be able to convince the leadership that blocking all google services is an acceptable trade-off.
If you're doing the blocking yourself on your own network then sure whatever, you don't really care whether google stuff breaks, but you probably also have safebrowsing disabled, or know how to whitelist the safebrowsing endpoint yourself if you need it, so the whitelist argument isn't relevant in that context.
> In the context of this discussion (blocking at enterprises), I doubt any sysadmin is going to be able to convince the leadership that blocking all google services is an acceptable trade-off.
If that was the case, here was the original comment.
> Apple servers are whitelisted in adblocking and firewall APIs
It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services? I'm sure Apple pays Google for the service, and probably on a per request basis, so proxying and caching data will reduce their costs... In theory, I'm sure there's contractual obligations in place.
(from personal experience, we used a service in a project once to fetch stock market data. It was a good faith agreement, we had to maintain our own tallies of how often a stock price was fetched, tell them, and we'd be charged accordingly. This made sense because from them we just got a 20 mbit inbound pipeline of stock updates, which we fed into a Gemfire (which is now apparently called "VMware Tanzu™ GemFire®") cluster and exposed to end-users via a simple REST API. (It was a bank, of course we couldn't change firewall rules to allow websockets or whatever was available at the time).
> It smells like data mining to me; instead of building their own safe browsing service, why not just defer to Google's services?
I'm sure Apple doesn't need to build APIs to do data mining on their own users. It would be very un-apple to create an API like this and allow non-apple devices to use it. So where is the benefit on data mining?
Privacy (in a consumer and marketing sense) is a major market advantage. I think that Apple has determined that keeping data away from 3rd parties is a good way to capitalize on that market edge vs. giving up the edge and engaging in the same consumer exploitation as their competitors.
> Privacy (in a consumer and marketing sense) is a major market advantage. I think that Apple has determined that keeping data away from 3rd parties is a good way to capitalize on that market edge vs. giving up the edge and engaging in the same consumer exploitation as their competitors.
I agree, this seems like the simplest and most straight-forward explanation to me.
Yet it would be ridiculous to claim a privacy advantage by doing this move, since the only change here is sending your browsing activity to Apple instead of Google. And the Safe Browsing stuff is already kinda high in the "anonymized" scale anyway, up to the point Mozilla uses it.
If they wanted to claim privacy advantage, they could offer these lists for rsyncable download, like antivirus of more civilized eras used to do.
> I'm sure Apple pays Google for the service, and probably on a per request basis, so proxying and caching data will reduce their costs... In theory, I'm sure there's contractual obligations in place.
No such thing. A company like Apple doesn't just click through a Google developer agreement and generate some API keys and off they go. All integrations will have explicit agreements reviewed by an army of lawyers.
https://marketingland.com/apples-latest-itp-updates-what-mar... suggests that "When a user loads a web page with embedded content from another domain, as in a tracking pixel, the request header referrer for the tracking domain will no longer contain the full web address of the host page, only the domain name." This is the case when "Prevent cross-site tracking" is turned on.
Not the same thing as hiding your IP and the domain name, but we're getting closer to full privacy, slowly. The problem with proxying is that it would only work with a small list of third-party asset hosts, and it would break the ability for CDNs to work unless it was a distributed proxy... that sounds like more headache than its worth except maybe as a new type of browser extension, something similar to a content filter but instead loads cached or proxied copies.
But at that point it's worth considering VPN or compression proxy services for content compression as Chrome and Opera Mini might do, and MITM everything the browser loads so nobody gets your IP except Apple. I imagine folks might pay for an Apple VPN service, I'm just not sure Apple wants any headaches that might go along with it yet. :)
> the request header referrer for the tracking domain will no longer contain the full web address of the host page, only the domain name
Why not just remove referrer header for all 3rd party requests? Or remove it in Private browsing mode. VPNs nice, im using one, but other VPN companies are not, such a cutthroat business :) And you can not self-host VPN, it defeats the hide my IP feature.
I've seen some browser extensions that use local copies of the usual CDN scripts and such. I wonder how much better that could be if it was a proper browser feature coupled with some sort of a privacy proxy? Though I imagine that the same local cache fingerprinting issues might still apply here.
That it's the one this post is about. In general software should avoid using third party servers as much as possible, because they're outside of its control.
So Apples going to war with Facebook and Google citing privacy.
Google violates privacy, yes but so does Apple.
Real privacy on phones means removing google play services from your phone, using fdroid, not using any proprietary apps and self hosting services instead of relying on gsuite or ms365.
Not the fake privacy shit that Apple does, where they move the power from Google to themselves.
Your bar for privacy is very high and accessible only to nerds. That's great, but not helpful for average users.
Apple is not absolute, ironclad privacy. Don't rely on them for covert ops missions. But they ARE providing a very reasonable model of doing business that requires no special skills on the part of the user and does not engage in the unrelenting surveillance that other companies bake into every corner of their products.
Is it "privacy"? I'm not sure. But it is definitely "not surveillance". And that's a very reasonable place to start.
What Apple does is partly "privacy theatre" in my opinion.
They shame third party apps you have given background location permission for using your location in the background (eg. gps dog collar app) while never alerting you when the first party Apple apps do the same "Apple maps / friend finder / Siri / etc. used your location in the background"
I think many are defining privacy as “no one has even the possibility of accessing your data”. To me, surveillance is actively instrumenting and recording data from a user . Apple seems live in a middle zone where the do not engage in surveillance, but sometimes make technical choices where they could in theory access or intercept data from you, though they have they have promised not to.
Agreed. On the long-term, Apple is the one which might harm Privacy the most because they will kill the real Privacy alternatives by pretending they are one.
People use Google & Facebook because they are dependent on their services but some of them know they are unethical (for e.g the recent WhatsApp scandal shows that at least some people are kinda aware).
Apple on the other hand lies and does propaganda about their fake Privacy and people (even on HN) think they are the solution, and that's far more dangerous I think.
Many people think real Privacy solutions are not worth supporting because they have Safari, IOS & Icloud. Well guess what, ICloud is not even (end2end) encrypted, employees have been listening to your Siri conversation, HomeKit doorbells are doing nonconsenting facial recognition on you & your friends, Apple tracks every app you lunch & when (and no that's not necessary for security, you could just download a blacklist instead of sending Apple your history), and no, Apple does not audit or read any line of code of the apps on the store.
It's killing me that my friends think it's okay to install Facebook, Instagram & Snapchat or whatever on their phone because "No but it's okay, I have an IPhone so Apple has checked the app and everything". For them, Apple is magically going to protect them whatever they do.
That's where you see their lies & propaganda really worked.
Apple is like a polluting gas car that sells & market itself as a green clean ecological electrical car so that people can use without conscience issues
For all but the position aspect of that, switching to a trustworthy VPN provider (e.g. ProtonVPN or Mozilla VPN) and using Signal or another VOIP system can provide mitigation. For the position data, that is harder to mitigate but you have to consider your threat profile. The truly paranoid keep their phones with battery removed (when possible) and/or in a faraday bag unless they are actively using them.
You do, of course, pay for this privacy with significantly reduced convenience.
> Signal has received financing from the CIA so my trust level isn't high (even though I use it).
More like Signal once received funding from a fund that included funding from an organization that was once run by the CIA.
Still, I agree with your overall point. To be truly private, you need to disconnect. Other than that, you need to consider each trade off. Historically, this was difficult because companies barely disclosed what they did. Since GDPR and CCPA, a lot of the veil has been lifted.
> However, since Apple now proxies Google Safe Browsing traffic, it further safeguards users’ privacy while browsing using Safari.
It still shares the same amount of information, it's just being shared with Apple instead of Google. If it was a privacy problem before, it remains so.
If it's a simple proxy tunneling HTTPS traffic to Google, Apple probably doesn't know anything about the content of the queries, and Google doesn't know who sent them. If each kept records, they could get together and combine them to get the hashed URLs, but still a much better situation than directly querying a single endpoint.
Sure, but it’s got a considerably better privacy model than Google’s ads: https://searchads.apple.com/privacy/ . For a start, you can see what information they used to target you by pressing on the “Ad” button (which is my case is nothing because I’d previously flipped a single toggle switch in settings telling Apple not to use personal data to target ads to me).
Google have a whole website dedicated to that ( what it knows about you), and there are toggles if you want that to be used for ad targeting or shared with third parties.
It’s kind of disingenuous to compare Apple’s search ad feature for just promoting an app inside the App Store, with Google’s Adsense online advertising platform which is multi-platform with video, text, and image ads, even audio at one point in the past, on multiple device types being so ubiquitous it’s almost hard to get away from them.
Search Ads are for the App Store and are completely contextual - eg. you search "translate" and a random translate app shows above Google Translate as an Ad. They don't have ads that target the user, only the search term.
What are you basing this information on (besides a pinky swear of a corporation which happily forgets their values when it comes to repairability and labor force) ?
> "their values when it comes to repairability and labor force"
Apple obviously doesn't have any positive values about labour force and repairability, but both of those have about 0% to do with privacy, so they aren't relevant in this case I'd think.
I get that Apple seems more trust worthy in this setting but if one trusts others depends on everything they do. It would be better if they combined forces to create a separate entity. Safe browsing currently gives both companies the ability to block websites. They could do this when they feel like it but also when ordered to.
An online services firm that is 100% different in how it works compared to Google/Facebook's models. All of it's services are subscription based and tailored for people who bought their devices.
It would be better if it didn't talk to their servers, adding more on increases the surface area and impact.
In this particular case with Safe Browsing APIs, there wasn't a 'surface area' in the way that you mean, to begin with. The article, and commenters, are incorrectly making it appear that way.
The Safe Browsing protocol does have a theoretical vulnerability whereby a malicious provider could create hash buckets on demand with the intent of guessing user URLs. This change would protect users from this theoretical risk. Also, it prevents Google from getting free info about user IP addresses and other info visible via a direct network connection.
I'm guessing this information is next to useless. All they get is an IP address, and all it signals is someone is using a device. It is highly unlikely this is a useful signal for anything given the fact that they're getting much better user IP data from practically dozens of other services people use.
> It would be better if it didn't talk to their servers
As long as you have a 'smart' phone, it will talk to servers.
Messages, email, contact sync, online backups, tools to give you trace possibilitiies if your phone is stolen ... everything needs some kind of server. And if you use an iPhone, a lot of those will be located at apple. If you use an android phone, those servers will be located at google (and possibly also at the hardware vendor eg samsung etc)
Aside from the whole 'company A can be trusted more then company B' thing which is in my opinion a personal matter, this specific item where apple will route the traffic to a 3rd party through apple to hide the ip etc of their customers is a good thing.
Both are required in the US to turn over user data and logs to the US federal government without a warrant, pursuant to FISA orders.
Apple compromised over 30,000 of their customers in such a fashion in 2019, as documented in their own transparency report.
The F in FISA stands for foreign, but at least one person who worked on the program has told us that it is used to obtain the data of Americans without warrants as well.
Typically, people who are trying to defend themselves from nation state threat actors aren’t using iPhones or stock Android phones, and absolutely wouldn’t use safe browsing if they did.
I don't think it's about the FBI as much as the rest of the three-letter soup. NSA, CIA et al. most certainly are a threat to anyone outside the USA holding valuable secrets.
It always should have been. I'm not sure anyone would not class them as a nation state threat level. It's one of the most powerful government agencies in the most powerful nation in the world. If they don't fit that definition who would?
Ever heard of Edward Snowden? He exposed how three letter agencies were engaging in mass surveillance, even including American citizens in violation of their very own constitution they've sworn to protect.
Why not? Every system holding PII poses a potential threat, at the very least because every system can get hacked, and at worst because folks with “legitimate” access to that data can still abuse it.
No silver bullet. This is a counter against surveillance capitalism but not against surveillance states. In the long run the only sure way to prevent data misuse is to remove the data, but moving existing data to entities without the financial incentives to misuse it is still a step in the right direction.
There is no significant improvement - the data was already hashed/anon to begin with and posed no risk. IP addresses on their own aren't a problem, it's when it's available with additional data that you start to worry.
This is purely a move to further lock users in while being touted as being privacy friendly through persistent PR.
If you are an iOS user, then Apple is necessarily in your trust model. Google, not so much.
Google’s implementation of k-anonymity in Safe Browsing does not account for their own ability to correlate multiple queries and narrow down which specific website corresponds with the hash.
Not at all. IP addresses are not PII under any definition. Feel free to browse CCPA, GDPR, etc. Even without those regulations, it's still not PII as it takes just a few seconds to enumerable every IP address. If it actually were PII, you would have controls in place to prevent it leaving your device in the first place.
IP addresses are only when identifiable metadata is linked with it. I can only guess that you are being deliberately obtuse on this - I had momentarily forgotten that I was on HN so my comments weren't welcome sadly.
It still shares the same amount of information, it's just being shared with Apple instead of Google. If it was a privacy problem before, it remains so.
Apple’s business model is not based on exfiltration of personal data, in fact their business of selling hardware is only boosted by adding privacy features.
No, it’s segmenting which information goes to which company. Apple already has your IP address so why also give it to Google? Meanwhile the https traffic is only proxied through Apple, so they don’t see the content.
It is true, Apple handles it way worse. With Google you have access to a whole dashboard where they explain in very simple terms what they know about you (per service) and how they use that information. And of course you can opt-out with a few clicks.
A journalist requested their data from Apple, Google, and Facebook a few years ago[1],
> The zip file I eventually received from Apple was tiny, only 9 megabytes, compared to 243 MB from Google and 881 MB from Facebook. And there's not much there, because Apple says the information is primarily kept on your device, not its servers. The one sentence highlight: a list of my downloads, purchases and repairs, but not my search histories through the Siri personal assistant or the Safari browser.
Also curious how, if as you say Google is so transparent with this information, they abruptly stopped updating all of their iOS apps on December 8th, the day that Apple required them to publish the data that their apps collect[2,3].
It’s interesting that one using data as a selling point is worse than one that doesn’t. In any case, Apple gives you access to all information they have on you and you can opt-out with a click. I’m not sure that’s a differentiator in any case.
Except that if you’re using Safari, you’re already putting some trust in Apple to protect your privacy. Reducing the number of parties to your data is certainly a privacy win.
> If it was a privacy problem before, it remains so.
That is a very binary view. Yes, it is still a privacy problem; but now the privacy problem is with a company that is not abusing personal data on a massive scale.
Apple is going to extremes to get more power over users and force others to have less. Of course it can be painted as being "for privacy" but, really, anyone believe that coming from Apple?
EDIT:
Come-on HN. Google has nothing to do with how trustworthy Apple is. You can distrust both. This whole "for privacy" push from Apple is clearly more about hurting others than protecting users. I'm surprised HN'ers are buying into this marketing ploy.
It's not worth it on HN. Everyone here is completely pro-Apple anti-Google it's not even possible to have a good-faith discussion. I agree with you distrust both of these corporations, Apple's figured out that by pushing the "privacy" marketing ploy they can defeat Google strategically, that's all this is about. If it would benefit them to abuse user privacy, they would.
> Everyone here is completely pro-Apple anti-Google
Both extremes exist here, just like everywhere else. Anti-Apple articles/posts/discussions also get a ton of upvotes and frequently end up on the front page, and the discussions are filled with comments of people swearing off Apple forever.
Apple is a polarizing company in the tech world and that is just as true on HN as anywhere else.
Why not? It seems like a pretty clear cut move to increase privacy, drive up consumer satisfaction and loyalty, and increase sales. Yeah, they're doing it to sell more iPhones, sure, but I don't see how that's a bad thing.
Apple makes money selling devices; Google makes money selling targeted ads. Making devices more secure will benefit Apple's business, so is collecting more user data to Google's business.
Apple also makes significant money from services and app store. They might not have an incentive to violate your privacy but they absolutely have all the incentives to lock you into their walled garden as much as you'll take it, and then some. They will happily do it under the guise of protecting user privacy too.
So no, they shouldn't get a pass on everything they do in the name of privacy just because they aren't an ad company. Although in this case the proxy server is reasonable I think.
For the vast majority of people, the walled garden is irrelevant. They're going to run the same apps on either Android or iOS, but on Android those apps have more ability to invade your privacy and Google is doing whatever it is they do to make money off you. On the other hand, Apple has every incentive to respect their users privacy.
Exactly this. Apple has been sugar coating their initiative as privacy moves while they are actually strategic moves with every step towards crushing Google.
The problem starts they focus on services revenue. The old days Steve Jobs would built Services to sell more products. Now Apple are building services only to extract more profits and revenue.
And as the web include Apple ID for login, more users will forever be lock into Apple ecosystem even on the web. You no longer have users or customers direct relationship. Everything goes through Apple. And in the name of good and privacy Apple is standing in between every business and their customers. All while acting badly in the case against Epic when things dont go their way.
But their services revenue is from selling stuff (apps, in-app purchases, music/video/game subscriptions, cloud storage) to their users, it's just digital stuff instead of hardware. That doesn't change anything fundamental about the business model. They make money from selling stuff to their users. How is that at odds with the grandparent comment?
Is selling their search bar to Google (very significant part of services revenue) "selling stuff"? Seems like it's more like the "you're the product" line Apple likes to market.
Google's revenues are closing in on 200 billion a year. If the hardware business makes, say, 2 billion a year, it's safe to say that the hardware is a pretty insignificant part of the overall business. The data gathered from that hardware on the other hand...
> clearly more about hurting others than protecting users
How is that clear?
I don't have rosy feelings about Apple. But their primary business is designed around making the iPhone environment pleasant and unscary. While Google's is about optimally monetizing information about me.
I trust Apple and Google just the same... to both do their best to follow their business interests. It just happens that one happens to align more with my interests than the other.
If you think Apple and Google handle privacy essentially the same aside from superficial marketing, I think that means you don't understand what either of them want.
"So, these behemoths have now started to eat each other to satisfy their never ending appetite for money and control. What next? Remaining ones colluding together to prevent entrance of new competitors?"
"With mobile and social media platforms having finished their market expansion, and their product categories having settled, privacy-respecting open source alternatives catch up in functionality and usability. Anti-trust and regulation to enforce privacy and interoperability ensure these new entrants get a chance in the market, and consumers have a real chance to escape the clutches of the behemoths"
Tall order? Sure - but all progress starts with a dream.
I'm not sure social media platforms will ever settle. I have already seen one round of proprietary IM networks being toppled and replaced with Jabber. Only for some evil bastard to apply a EEE strategy to Jabber and actually succeed, so we end up in the current situation of yet another round of proprietary IM networks.
It is also not a matter of "catching up in functionality and usability". It will never catch up. Proprietary networks can build on top of free ones, but not viceversa. Also, every pseudo-feature introduced by a proprietary network soon becomes mission-critical (e.g. people will say free network X is not "up to the task" because one cannot easily send animated cat pictures with it, in the same way IRC suddenly became "not up to the task").
In summary, it is absurd to wait until free networks "catch up". They will never "catch up", for some users definition of "functionality and usability", and network effects will take care of the rest of users. The only way this works is if users are willing to actually prioritize free-ness and to actually trade off some features to gain it. Boycott closed networks, even.
The problem is they have enormous budgets for promotion and marketing, and they already own multiple direct channels. And the inertia effect is enormous - people simply don't like to change their habits without a very good reason. So the decisive factor is for people to understand they already have a good reason. I don't think this understanding is something mainstream yet though.
Android != linux anymore than iOS == BSD. Both have open source kernels but all the stuff that matters on both OS's is closed source. As long as there is money to be made on selling computing devices open source will ALWAYS be at a big enough disadvantage that it can't catch up. Simply because Apple, Google, Microsoft etc.... can take the ideas from open source and build it into it's OS's but Linux can't. I'd personally love if Open Source ruled the consumer market but that's not going to happen.
I am not speaking about Android. I also did not say "started" but "starting". Here are the GNU/Linux phones with constantly increasing number of sales (but still tiny of course):
I love Open Source but I can't ever see them competing with Apple or Google. Literally billions of devices out in the world tied to services that are critical to everyday live. I think this war is already lost.
Please stop spreading learned helplessness. I see a lot of people don't like both Apple and Google, so GNU/Linux phones will definitely spread significantly.
I'm not spreading anything, if you think a lot of people don't like Apple and Google enough to consider linux phones that are objectively less useful then you live in a tech bubble. The VAST majority of people just want their phone to text, show google maps, browse Facebook, and shop Amazon on the apps they know and are used to. It's unlikely in the Extreme that we will see mass migration to Linux. That's not helplessness, I can and have run linux as my main desktop at various times for the last 20 years. It's simply not as good as the commercial alternatives. It's just reality.
I'm just going to issue a prediction that as long as "recompiling components of the OS" remains a satisfactory answer to a technical problem on linux subreddits, this will never, ever happen.
Whenever a solution to a technical problem is "recompile components of the OS", this means the answer to the same problem in a "non-linux"/non-free system would be "piss and moan and bend over and take it up the tail pipe". aka: no solution whatsoever. The developer's way or the highway.
The point is: once your problem is complicated enough that your only resort is to edit the software, free software _at least_ gives you the chance to do that. It's no wonder people actually suggest doing it. Proprietary software does not. It's no wonder people _don't_ suggest doing it.
If it was supposed to be a complain, better rephrase it.
> Whenever a solution to a technical problem is "recompile components of the OS", this means the answer to the same problem in a "non-linux"/non-free system
The kicker being that such problems are so rare as to be functionally nonexistent, and even in such cases, usually contacting the vendor can at least give you some options. A few anecdotes from my own experiences:
1) Windows\MacOS have never simply refused to use a network card, for no apparent reason.
2) MacOS has never destroyed it's own bootloader because it was Tuesday and it was bored: Windows did it once, but it was repaired automatically by the recovery partition.
3) Windows\MacOS have never refused to play audio after resuming from standby until rebooted.
> The point is: once your problem is complicated enough that your only resort is to edit the software, free software _at least_ gives you the chance to do that
But conversely, I don't have to edit software I paid for that's built on a reliable, if imperfect, OS. A reboot fixes almost anything wrong with Windows, and sure, I'd appreciate it if it could be like linux and stretch it's uptime into years, but also, a reboot takes less time than a run for coffee.
That a solution technically exists is less important than the accessibility of the solution.
> That a solution technically exists is less important than the accessibility of the solution.
No, it's not, and I really want to emphasize that. If the alternative is _no solution_ then the accessibility of the solution is a rather moot point. That is the point I was trying to make.
What you want to say is that it does not matter if free software makes it _possible_ to solve your problems, because (you claim) you don't have these problems with proprietary software, or (you claim) you have a simpler solution available for those that is only applicable to the proprietary software.
I am not going to enter that particular discussion.
I just wanted to point out how it is absurd to simply claim that "as long as people keep recommending recompiling stuff open source won't work" when actually A) people recommend it _because you can actually do it_ , unlike alternatives B) being able to recompile stuff is actually a major if not the main strength of free software, so it is a strange argument to point it as a negative.
> I just wanted to point out how it is absurd to simply claim that "as long as people keep recommending recompiling stuff open source won't work" when actually A) people recommend it _because you can actually do it_ , unlike alternatives B) being able to recompile stuff is actually a major if not the main strength of free software, so it is a strange argument to point it as a negative.
And my reply to that is, in the context of mainstreaming Linux to the wider computer using audience, that's ridiculous. You might as well tell every person who owns a car to never pay for repairs again, because you can, via the proper hardware, reprogram the ECM. That "solution" applies only to an interested subculture of (awesome) people who hack shit.
To say to my aunt Doris that Ubuntu can be better for her to use than Windows and then require her to learn a fair bit of bash script and C# to complete that journey is ridiculous.
> You might as well tell every person who owns a car to never pay for repairs again, because you can, via the proper hardware, reprogram the ECM.
No one, absolutely no one is saying that (specially the part about "never pay for repairs again" -- another common nonsense).
What I am saying is that between a otherwise-identical non-reprogrammable ECM and a reprogrammable ECM, the objectively better choice is the reprogrammable ECM. Because even if you don't know how to do it, you at least have the choice to let someone else do it. It doesn't matter if you personally do or don't understand how to reprogram ECMs. The choice is still clear.
> my aunt Doris that Ubuntu can be better for her to use than Windows and then require her to learn a fair bit of bash script and C# to complete that journey is ridiculous.
Your aunt Doris doesn't have to learn C#. But she _has_ the option to, she has the option to follow the instructions from someone she apparently read on the Internet (what motivated this discussion, I thought), AND she has the option to convince/hire someone to do it for her. When your aunt Doris hits the same issue with Windows, .... she's stuck! Better luck with Apple!
I suggest that if you have any interest whatsoever in free software, spend some time to understand this aspect, because it can and does reframe the discussion. If you remove the free part from "free software", what remains is basically just software; the same as any other piece of software, a rotting bug-laden piece of shit. Why deny this feature?
>2) MacOS has never destroyed it's own bootloader because it was Tuesday and it was bored: Windows did it once, but it was repaired automatically by the recovery partition.
Must have been one hell of a hangover from that Mardi Gras ball.
Google has been paying Apple $8-12 billion per year to be the default iOS search engine. In more realistic terms, it's payment for Apple not to create their own search engine.
Which part of the quote do you think applies here? Are they eating each other or colluding? It seems to me like they're collaborating to make users safe and private. I don't see how this positively or negatively affects either company (don't think Google cares about the IP address of users querying safe browsing).
Well they’ve already done that, so this isn’t next it’s the past, which will continue to repeat itself. Big Tech companies will probably start behaving more and more like oil companies.
Here's an implication of your collusion comment. If a default spot is sold to an organisation with highest market share, it is collusion. Can you imagine scenarios in which this implication wouldn't be true?
It's not just an organization with the highest market share. It's an organization that has the only competing web browser and mobile platform. Apple and Google collude because it gives them 100% control over mobile and the web.
No it wasn't, that was Microsoft defaulting to it's own browser. Using it's market dominance to give another of it's products an unfair advantage. If Apple made a search engine and defaulted to that engine it would be the same. Exactly how Google does on Android. That should fall under the exact same area as IE did.
Why would you collude when you have shared incentives? Capital is perfectly capable of shutting out smaller competitors without it, and in fact we've seen this for decades now.
Only explicit collusion would be new there. The big tech companies have been strangling any particularly strong looking startup in the cradle through acquisition for years now.
What gives you the impression that Apple is trying to eat Google here? For all you know, it could've been a collaborative project between Apple and Google.
>For users with China mainland set as their region in Settings > General > Language and Region, Safari may also use Tencent Safe Browsing to do this check.
>> It's highly unlikely. It is required by CCP law to record user activities up to 90 (or 30? vague memories) days.
> Actually sounds pretty good. In Australia it is 730 days.
No, it doesn't. China requires the content of user activities to be saved, so your chat history is literally being sent to the local police in real time for scanning. The result is stuff like this: https://www.youtube.com/watch?v=MiMLVYK4hEc (Chinese police casually asserting their dominance by locking some poor guy in a tiger chair for badmouthing them on a private WeChat chat). A few years back someone found an analyzed an unsecured Mongo DB that was storing these messages: https://www.bleepingcomputer.com/news/security/open-mongodb-...
IIRC, Australia only has metadata retention requirements.
The Australian implementation is "metadata", but what that is and means is still rather ambiguous.
After a five year court case, the Federal Court decided in 2017 that the average citizen isn't allowed to access all data that may be about them, despite being allowed to do so under the Privacy Act. If that sounds ambiguous... It's because it is.
Without an ability to say with is metadata and what is not, everything may be getting stored, and some companies will be overly conservative in how much data they are storing.
Not to say that this is worse than the Chinese implementation which is far more explicit in its demands for privacy invasion, just that the Australian case is... Worse than it sounds.
Surveillance in China is completely ubiquitous to an extent that most westerners don't realize. There is an excellent book on the subject, "We Have Been Harmonized" by Kai Strittmatter that discusses it. As an example, if you jaywalk in Shenzen, facial recognition technology will trigger and have your face and name posted on a television screen before you have even finished crossing the road.
> I am sorry, but how do we know that youtube video is real? The channel it is uploaded to doesn't seem trustworthy at all.
The copy I linked is clearly a re-upload of a re-upload, it was just the first copy I found.
How do we know anything is real at all? I don't have a specific chain of custody for the video, but I judge that it's likely true because the practices shown are consistent with other reports (e.g. https://www.youtube.com/watch?v=M8PgCUap1Vg, https://www.hrw.org/report/2015/05/13/tiger-chairs-and-cell-...). It gets other details right, like the anti-motorcycle crackdown. Also, the low-level Chinese police that would create a video like that very likely do not understand how bad the optics of it are when seen by foreigners.
> Do you have a source for this? I find it hard to find information on this, I assume it's because I don't speak Chinese.
> This says nothing about the amount of days. Neither do the sources.
Is the amount of days really the most important aspect of this?
> Can be said about the US as well, companies can be forced to share their data with the government.
While the US is definitely not perfect, that's a false equivalency. One can only draw superficial parallels between the US and China on this topic. The key difference is actually in the area of political culture. For instance: both the US and China make a big deal about the "rule of law," but they're actually talking about very different things. The the US, it means the law is applied consistently and even constrains the government. In China, the government is in a very real sense above the law, and the phrase merely means that they demand you comply with their rule through the laws they make.
>Is the amount of days really the most important aspect of this?
No, but if people cannot get such a simple thing right, and find citations for that, I also don't trust they got the rest right. No one has linked me anything that says "all messages from everyone need to be stored for whatever amount of days".
If you are going to paint China as the bad guys, at least do it over stuff that can be supported by facts, or if it is supported by fact make sure you can show them if someone asks.
This breaks the site guidelines and we ban that sort of account. Please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here. Also, if you could please stop posting unsubstantive comments generally, we'd be grateful—we're trying for something a bit different on this site.
I didn't need to see more "CCP oppresses people" proof. I asked specifically for the linked video and the specific law. Just because other bad things happen doesn't mean all things are true. You are bringing unrelated topics into the conversation that are sure to start a nationalistic flamewar.
Thank you for standing up for yourself and asking for sources here. Asking for an original source is totally fair, and I think it’s extremely valuable to ask. I’d like to see them too. There’s nothing wrong with asking for proper citations.
For climate change, if someone links a fake study that comes to the right conclusion, you can still call them out for it. If they bring up some statistics you can still ask where they come from, and see if they are generated in a valid way. If someone asks you shouldn't link them other studies.
There is nothing wrong with asking how we can know some specific source is truthful or not. So far no one has answered my actual questions.
Are you seriously going to side with the person claiming my 100% CCP related comments aren't related to the CCP? Please don't give into the gaslighting dang.
Edit to add: actually, please point out where there's any anger in anything I said, or the other person said, flamewar - "angry or abusive messages." If you read the messages as perhaps intense, maybe you could define them as intense - as they are important topics. I'd really like clarification on how this qualifies as flamewars. Really curious who flagged this as well? Was the person involved in trying to suppress the conversation on the CCP one of them who flagged it?
When people start getting into meta-argument like "I never said $X" and "You're ignoring all my points", that's a clear marker of degeneration into flamewar, especially the tit-for-tat-spat variety. That, combined with the drift in the generic-nationalistic direction, is enough to count your comments as taking the thread further into flamewar. This is not a hard call. Just look at the number of generic hops it takes to get from "Apple redirects Google Safe Browsing traffic through proxy servers" all the way to "CCP doesn't allow United Nations inspectors". That is exactly how internet discussions become more repetitive, more predictable, and nastier. The basic principle of HN moderation is to try to nudge threads in the opposite direction to that. Lots more explanation about those things here if anyone cares:
"Gaslighting", "suppress the conversation", "CCP" are red herrings. We don't care which high-order bit you've got set on your views. We care about the conversation as a whole. It would be just the same if you were arguing the opposite side. Actually I don't even bother figuring out which side people are on any more—the flamewar comments are basically interchangeable either way.
Thanks for the response. I agree it was leading into a potential flamewar, however no anger or harassment was said by either side.
I'm not sure how the # of hops it takes matters if a conversation is still related, why there is gatekeeping - other than it makes it a quantitative decision for you vs. qualitative - cutting out moderation responsibility of actually determining if one party is speaking in good faith and the other is not, which it sounds like you admitted to not caring about. So if a pattern matches you flag/hide it. I can understand why a sole moderator may take that, however that's a terrible thing for holding space and helping people learn their behaviour isn't okay - in fact, you're teaching people to not hold the line for integrity.
Do you not care for people to learn, for lines to be held in regards to integrity and good faith conversation - just like how you responded to me, and I'm responding to you?
Also, those aren't red herrings at all from my understanding of that term; does me saying that mean this is degenerating into a flamewar and should be flagged/hidden too, or perhaps my previous paragraph is somehow considered a personal attack - when no malice was intended (and is valid conversation unless invalidating by gatekeeping to make moderation easier)?
I'm curious too - how does my reply getting flagged/hidden to others nudge conversation rather than censor/suppress it to others who may then add to the replies - on either side of the discussion - or maybe upvote/downvote lazily?
The more hops a thread takes in generic directions, the less related it becomes. Worse, the generic topics are predictable. They are like large planets that suck in all passing spacecraft. We want HN threads to meander in less predictable ways—this is literally the biggest issue with discussion quality on the forum, so it's a big deal. I'm not sure what else to tell you other than the links I mentioned above.
I certainly didn't say we didn't care about good faith. I said we didn't care about the 'high-order bit', meaning whether you're battle for left vs. right, $country1 vs. $country2, and so on. I'm not saying that for theoretical reasons, just empirical ones: it doesn't make a difference for discussion quality, and actually the comments of people on either side of the hard divides resemble each other (e.g. in being rigid, predictable, adversarial) more than they resemble anyone else's.
If there's still a question here that is super important to answer, I'm happy to try to answer it, but I need to know specifically what it is.
The less related it becomes to the original post but how is gatekeeping that relevant, other than using it as a quantitative metric to use to simplify moderation decisions?
And of course generic topics are predictable. If you don't think global security, a generic topic, as important - of whatever planet you're from, or whatever countries/nations - whomever happened to be the first one to excel at capitalism first, and then the other to benefit from capitalism + lower labour costs to accelerate themselves to a global power - then I don't know what to say. You're moderating repetitiveness which is strange, like you don't like boring conversation, another quantitative/pattern based moderation metric vs. qualitative - strange gatekeeping, though I understand how it simplifies it and it is then a narrative you can state as a justification that doesn't require you to actually engage or understand either side.
And I strongly disagree that my comments are interchangeable with the other person's in this case - however yes, if some person is arguing in bad faith and someone else puts the effort into holding people to integrity and good faith, then that conversation will be predictable - especially someone like you who all day long you're seeing patterns of conversation, and adversarial, by definition - there's friction at the point of bad vs. good; perhaps you're bored and/or overwhelmed, so you just pattern match and create quantity-based decisions instead of qualitative to hold the space in a more nuanced way.
There's no question, just perhaps some judgement on the "dumbed down"/simplified moderation practices - ideally there'd be 10 to 100 of you so you could afford the time to not condense things in such a way.
Gatekeeping that is relevant because moderation's job is to prevent the system from ending up
in the failure modes that it will otherwise default to. By "the system" I mean HN as a whole: community, software, moderation, etc. Someone needs to monitor the global state of the system and intervene to nudge it when it drifts off course. Moderation is like a small feedback control mechanism to regulate that, and little else.
What determines what counts as "failure modes", "off course", "on course", etc.? That sounds vague but it is actually easy to answer. We're trying to optimize for just one thing, namely intellectual curiosity [1]. Everything follows from that. For example, since curiosity fades under repetition, we try to avoid too much repetition [2]. Similar with nastiness. Repetition plus nastiness is sort of the essence of flamewars, so those are particularly a moderation concern. And so on. Actually the fact that HN has a clear definition of what it's going for, and it's possible to derive all sorts of interesting and counterintuitive consequences from that, is my favorite thing about the job. We're not claiming that any of these rules or judgments should be universal—simply that they're necessary for the kind of site HN is trying to be.
Those points are not related to this topic, and derail the conversation. This is not what HN is for. We can start this discussion but it would fully derail anything related to Apple redirecting Safe Browsing traffic. It also doesn't answer if a video is truthful, or a law that people talk about actually exists as described.
It's looking like your account is hovering on the edge of using HN primarily for political and/or nationalistic battle. That's a line at which we start considering banning an account, because it's not what this site is for, and it destroys the curious conversation that HN is supposed to exist for. Would you mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules when posting to HN? We'd appreciate it.
More explanation on how and why we moderate HN this way:
Can you tell me how to deal with people who bring up unsourced things that I feel aren't (fully) true, or are "fake news"? I agree that I can sometimes get stuck in a discussion, but I also feel like it's harmful to let unsourced claims spread. In this thread I mostly wanted people to source the claims they were making, and for that I got downvoted and called a shill. How should I approach this in the future?
Gatekeeping the conversation is another bad faith argument, and a control/suppression tactic, and I assume why others are downvoting you; your logic is incongruent as well, we did start the conversation - and then you keep trying to avoid it, you could just not respond if you didn't want to get into it - in fact you opened up the conversation asking a question in regards to the CCP.
IIRC a non-identifiable portion of the hash is given to the Google, then Google returns a bunch of potential matches with associated safety score, and then it’s up to the client to either block or not.
How many of human-kind's inventions been to thwart our own bad behaviours? I hate this kind of tech purely because the reason we have to do it at all is to thwart nefarious behaviour.
Google Safe Browsing exists because people are shit heads.
Apple proxy servers exist because Google is a shit head.
> According to Apple, before visiting a website, Safari may send hashed prefixes of the URL (Apple terms it “information calculated from the website address”) to Google Safe Browsing to check if there’s a match.
Does anyone have links to algorithms for such "hashed prefixes of an URL"?
I assume it's the same as when it was mentioned in 2019
"A 32-bit hash prefix like "ba7816bf" would represent the first eight characters of a 256-bit, 64-character SHA256 digest of a full URL.
Before it loads a requested website, Safari, like other browsers that implement a safe browsing lookup system, will hash the URL of the website to be visited and compare its hash prefix to the received hash segments of malicious sites."
"A 32-bit hash prefix like "ba7816bf" would represent the first eight characters of a 256-bit, 64-character SHA256 digest of a full URL."
Is this done for 'privacy'?
Pretty thinly veiled attempt, because they could easily create hashes for every url their crawlers come across, and do some statistical wizardry to try to find out which of the 1000 urls with that prefix you visited. Right?
Of course it's done for privacy. If Google created hashes for every single URL it crawled, the hash prefixes that are downloaded by clients would be enormously large, wasting multi gigabytes for on-device storage of these hash prefixes.
> Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit.
Can anyone explain how this works? It isn't making sense to me. If the hash is unique enough to match in a database identifying malicious websites (without false positives), isn't it also unique enough to identify the website the user is trying to visit? At least to anyone with the hashing algorithm? Doesn't it have to be, in order to work at it's intended effect, to match a list of malicious websites?
Occasionally, you download a list of hash prefixes. This local database is used to do a probabilistic match as to whether it might be a malicious website.
If it might be, you send that hash prefix to Google, who respond with a list of full hashes with that prefix, and then you can go through that list (locally) and determine whether the computed hash is in the malicious set or not (without false positives).
The important point is that the full hash is never sent over the wire from the end user: only a prefix (typically four ASCII-encoded hex bytes) is ever transmitted.
It's not about hiding the website you visit but about hiding the ip it was visited from. If Google can't tie your ip to the website request they can't use it to market to you. I'm not sure why the hash is made a big deal but hiding your ip is the real value here.
No it's the combination of the two. If they tie the ip to the domain and then tie that ip to non-safe browsing websites that were visted by that same ip and they can easily start to identify the "safe" sites you visited. If you stop that IP from being identified (also stopping most if not all browser fingerprinting techniques) than it's MUCH harder to identify you as the person that visited those sites. It's the relationship that really matters. Apples proxy breaks that relationship. So does a good VPN setup.
I would assume Google uses this data to optimise its blocklist and determine impact. By Apple blocking this data they are reducing the effectiveness of the Safe Browsing list.
This is one item I would not block, we already have huge issues with this list providing false positives. Giving Google even less data to make adjustments make this worse.
I don't think that's even correct, the article is somewhat contradictory:
> Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit. Up until iOS 14.5, Google could also see the IP address of where that request is coming from.
> And setting up a proxy server to filter Google Safe Browsing traffic just so Google cannot users’ browsing activity will be a welcome move for a lot of users.
> The Update API is designed for clients that require high frequency, low-latency verdicts. Several web browsers and software platforms use this API to protect large sets of users.
> If you are concerned about the privacy of the queried URLs or the latency induced by a network request, use the Update API.
If it is not open-source, and if it is not offline-functional, then it is not privacy-first design. Safe browsing updates can be served like software updates. Apple could demonstrate they serve software updates from servers that don't log any PII data. Only then they would have actually improved the situation.
Apple's products are only private if you want privacy from their commercial competitors. If you want privacy from Apple or the US federal government to which they provide tons of user data (without warrants(!) or due process), you're in for a constant uphill battle.
Using everyday devices should not be creating hardware-serial-linked permanent records that the state can download at any time; to me that's stuff of a true dystopia.
Apple has not yet integrated this viewpoint, and seem to regard privacy as only important against companies that aren't Apple. Device backups (full message history and attachments), as well as Photos stored in iCloud, are not end to end encrypted permitting Apple (and by extension the state) to read and access all of it without your involvement.
It's a bummer they're extending this attitude to browser-related traffic too. There seems to be a new trend inside of Apple that they're still figuring out here (see also: the addition of ContentFilterExclusionList in 11.0, and then its quick removal in 11.2).
Did you know that if you entirely block access to all Apple hosts, you can't even add a Gmail account to an iPhone?