Apple should provide an option to opt-out of Siri "learn from app" for ALL applications.
At present, this must be done individually for every app, https://www.imore.com/how-stop-siri-learning-how-you-use-app.... When you later install new apps after setting up the device, you have to remember to go into Settings and opt-out again, for every app, forever.
How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?
“Siri” (whatever it has morphed into) is a pervasive DWIM engine in iOS these days. When you do a search for an app Siri decides what to display (e.g. when I go to a certain location with a “smart” lock and pull down search, the app for that lock is always offered first, but never in other locations).
These days the voice part is just a UI mode. I use it on my watch and occasionally on my phone when I am wearing earbuds and my phone is in my pocket, but have it disabled on my Mac.
>How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?
Is there more on what Siri "learn from app" actually does? Does it scrape entire screen contents? Or just metadata? Or only what the app developer decides to send?
My understanding is that the "learn from app" setting relates to it watching out for NSUserActivity, which is something the app developer has to explicitly send out. The app developer is motivated to do so because NSUserActivity powers a lot of system-integration features.
The user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.
The problem is that 'Siri' is a pretty ill-defined term that Apple sprinkles onto a bunch of unrelated features if they have anything that sort of looks like 'learning' if you squint hard enough.
> You can just disable Siri if you're that concerned?
Apple fights you from disabling Siri as much as they can. I've tried to disable Siri multiple times, but it turns off other unrelated features/services, so it's basically impossible.
For example, if you're using CarPlay, it's required that Siri is enabled, even if you don't use the voice controls.
I remain shocked anyone trusts Meta, Google, or Apple marketing on privacy.
These companies are all fundamentally similar in that their proprietary software
collects an insane amount of data that will
end up in the hands of your enemies either by sale, court order, or security compromise.
It is relatively easy to opt out of all of these companies and take some actual control over your privacy.
They became as successful as they are by collecting massive amounts of data to learn to effectively psychologically manipulate people into buying their products, convincing them they are the most secure, fastest, most private option that will make people like them more for using.
Apple is above all else a data driven marketing and advertising firm just like Google and Meta. They are profitable because they are effective at using data to change user purchasing behavior.
Which one is the third one? All three operate advertising networks with significant revenue and run massive data collection services (e.g. find device networks, ad networks, personal health data collection, etc.)
There's no suggestion that I can see that Apple collects this for marketing. It's collected on-device for suggestions. The exceptions are adverts in the App Store and News
I have not carried a phone in 3+ years. In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.
Major mental health wins from being offline when you are away from your desk too.
Practically any Android phone from a reputable vendor. The default apps might share more data than you might like, but it does give you actual control to turn that off. You don't have to send your location to anybody any time an app requests it like iPhones send your location to Apple. You don't have to tell anyone you installed an app like iPhones tell Apple.
For privacy-conscious people, the authors certainly picked an outlet with plenty of cookies and trackers - this is what the popup shows me when I pick "customise":
The authors appear to be associated the university which hosts the site. I doubt they are responsible for the engineering decisions behind the site, or that they "picked the outlet" per se. Authors tend not to have carte blanche control over the platforms on which they publish.
I don't know why you would judge the content of the article based on that, rather than its own merits, particularly given that the subject of the article isn't the security of web pages or cookies. If anything, what the article does discuss has far more egregious security implications than website cookies.
The article also has a number of incorrect assumptions regarding how Siri works and what kind of data Apple collects. They do not mention Apple's differential privacy approach, for instance, nor do they seem aware of many iOS improvements in that regard over the past few years. So I don't really consider it a thoroughly researched piece...
> The requirement to offer a 'Reject All' button next to an 'Accept All' button follows indirectly from the consent requirements in the GDPR; consent must be as easy to revoke as it is to give.
I feel like you might want to consider the scale of data collection involved here purely from the perspective of Apple being one of the largest companies in the world, and this being a medium-sized university in Finland.
Who is "management?" The author of the article is listed as the university's communications manager so they wouldn't be totally without a voice in these decisions.
Come on, no one is running all their private data through the website. But I do agree that the web should not be browsed without ublock as is at the moment - there's something fundamentally wrong with the current approach
That article explains what it is, but doesn't explain why it is wrong.
If you're arguing for more privacy but you're participating in removing privacy, why isn't that hypocritical and makes the argument for privacy weaker from that person?
I agree that it's off-topic to the discussion as a whole, for this particular submission, as it doesn't argue against the content of the article but rather talks about how the content is hosted.
The point is that there are so many commentators who assert that Apple is great on privacy issues, so that many people (including me) automatically believed that buying (expensive) Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS. Attacking the article/website for have cookies, is a distraction from the actual point.
And anyway if you want to see tracking cookies with a browse you only have to use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux). Easy. It is much more difficult to see if you are being tracked and what data is being tracked and how it is being used on your mac or iphone.
I am as concerned about security as I am about privacy, and Apple has the best track record for long-lived devices that are still receiving security updates.
As for privacy I don't know any major vendor that is privacy-focused. Not only is it a hard technical problem to solve, it's also leaving money on the table. I don't see things changing any time soon.
> Apple products will automatically lead to improved privacy vs other vendors. This post is calling that BS.
Where does it do that? It explicitly doesn’t compare Apple’s products with other products:
“Lindqvist can’t comment directly on how Google's Android works in similar respects, as no one has yet done a similar mapping of its apps.”
Also, IMO the post is flame-bait in saying “Keeping your data from Apple is harder than expected”. AFAICT, the paper (https://acris.aalto.fi/ws/portalfiles/portal/141787684/Priva...) is not about Apple breaking privacy at all; it solely is about the difficulty of the UI for various privacy settings and of user understanding of what settings do.
They don’t claim, for example, that Apple makes these settings so convoluted to confuse or wear down users so that they close down less stuff (they may or may not, but the paper doesn’t discuss it)
This article is highly misleading, making it sound like Siri is collecting data from apps and sending it to Apple. This is not the case, Siri Suggestions are fully on-device, though they can sync accross devices with mandatory E2EE. Apple never gets access to any of this data.
But if this is your threat model - that you have no trust of the operating system or the vendor - then all of this is pointless because at any time they can just backdoor themselves. Apple could just never ask or collect this, but still they're one update away from starting to collect it.
Of course that's always a threat with any computer, but you must place some amount of trust somewhere.
Siri suggestions might more accurately be termed "Springboard suggestions". From what I recall, it essentially works as a fuzzy matcher for suggesting applications to launch in similar contexts (time window, previous app used, etc.). It's like a smart history feature, and no, I don't think it ever leaves the device at all or even syncs via iCloud, since I have completely different suggestions across my iPhone and two iPads.
This is a weird flowchart, calling things out weirdly, like “Touch ID or FacelD are stored locally and cannot be accessed by the operating system
or applications.” as if that's a negative?
Since they call it out in the article as well, I really want to understand the "fragility of the privacy protections" on TouchID.
I go through this annoying oscillating struggle every time I read news like this:
1. Realise the Apple hard- and software I'm using sucks privacy wise
2. Compare open source alternatives, maybe switch (I have an iPhone and a Fairphone 4 with /e/OS, also a MacBook and a homebrew Linux PC) with a file- and photo export through my NAS.
3. Use the FOSS ecosystem for a bit, be annoyed at some jank, slowly realise that while unquestionably better privacy wise, it's not necessarily better security wise.
4. Miss real life document management (I scan files, apply OCR). MacOS/Spotlight makes it possible to treat my collection as a database rather than a file cabinet that way, Continuity makes it easy to scan.
5. Switch back, rinse and repeat.
I'm driving myself insane. It's always either feeling great about my privacy and sacrifice convenience (I mean, FOSS can probably host that same workflow, it's just that it's a lot more work up front and I'm the one responsible if it breaks) or feeling great about how my stuff works but feeling creeped out about being spied on.
I’m confused by the diagram. A and B appear to be early in the process but looking more carefully they’re actually pointing to steps 11 and 12. Seems a little misleading at first glance.
Readit News
At present, this must be done individually for every app, https://www.imore.com/how-stop-siri-learning-how-you-use-app.... When you later install new apps after setting up the device, you have to remember to go into Settings and opt-out again, for every app, forever.
How many people know that iOS devices will default to Siri reading plaintext for all apps, including E2EE messengers?
These days the voice part is just a UI mode. I use it on my watch and occasionally on my phone when I am wearing earbuds and my phone is in my pocket, but have it disabled on my Mac.
"It's not the customer's job to know what they want" -- Steve Jobs
I just don't turn it on and so never use it.
You can.
Use the free Apple Configurator tool to generate a profile that has:
Apple Configuratior is great. You can disable all sorts of things, e.g. iCloud access.If your iPhone is on $org MDM, you can do the same on MDM.
Is there more on what Siri "learn from app" actually does? Does it scrape entire screen contents? Or just metadata? Or only what the app developer decides to send?
https://developer.apple.com/documentation/foundation/nsusera...
Dead Comment
Edit: Turns out — you can't! See the reply below.
Apple fights you from disabling Siri as much as they can. I've tried to disable Siri multiple times, but it turns off other unrelated features/services, so it's basically impossible.
For example, if you're using CarPlay, it's required that Siri is enabled, even if you don't use the voice controls.
These companies are all fundamentally similar in that their proprietary software collects an insane amount of data that will end up in the hands of your enemies either by sale, court order, or security compromise.
It is relatively easy to opt out of all of these companies and take some actual control over your privacy.
* by-and-large
Apple is above all else a data driven marketing and advertising firm just like Google and Meta. They are profitable because they are effective at using data to change user purchasing behavior.
it wouldn't surprise me if Apple started ramping up their data revenue in the near future to compensate
Deleted Comment
I have not carried a phone in 3+ years. In spite of what some would have you believe, it is actually relatively easy to live an active and socially engaged life in the modern world without a phone.
Major mental health wins from being offline when you are away from your desk too.
I don't know why you would judge the content of the article based on that, rather than its own merits, particularly given that the subject of the article isn't the security of web pages or cookies. If anything, what the article does discuss has far more egregious security implications than website cookies.
> The requirement to offer a 'Reject All' button next to an 'Accept All' button follows indirectly from the consent requirements in the GDPR; consent must be as easy to revoke as it is to give.
https://www.dataguidance.com/opinion/eu-cookie-banners-and-u...
https://en.wikipedia.org/wiki/Tu_quoque
If you're arguing for more privacy but you're participating in removing privacy, why isn't that hypocritical and makes the argument for privacy weaker from that person?
I agree that it's off-topic to the discussion as a whole, for this particular submission, as it doesn't argue against the content of the article but rather talks about how the content is hosted.
And anyway if you want to see tracking cookies with a browse you only have to use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux). Easy. It is much more difficult to see if you are being tracked and what data is being tracked and how it is being used on your mac or iphone.
As for privacy I don't know any major vendor that is privacy-focused. Not only is it a hard technical problem to solve, it's also leaving money on the table. I don't see things changing any time soon.
Where does it do that? It explicitly doesn’t compare Apple’s products with other products:
“Lindqvist can’t comment directly on how Google's Android works in similar respects, as no one has yet done a similar mapping of its apps.”
Also, IMO the post is flame-bait in saying “Keeping your data from Apple is harder than expected”. AFAICT, the paper (https://acris.aalto.fi/ws/portalfiles/portal/141787684/Priva...) is not about Apple breaking privacy at all; it solely is about the difficulty of the UI for various privacy settings and of user understanding of what settings do.
They don’t claim, for example, that Apple makes these settings so convoluted to confuse or wear down users so that they close down less stuff (they may or may not, but the paper doesn’t discuss it)
It is only a matter of time before courts realize this.
The CCP controls the Apple software signing HSMs in China for a reason.
Of course that's always a threat with any computer, but you must place some amount of trust somewhere.
Dead Comment
Since they call it out in the article as well, I really want to understand the "fragility of the privacy protections" on TouchID.
1. Realise the Apple hard- and software I'm using sucks privacy wise
2. Compare open source alternatives, maybe switch (I have an iPhone and a Fairphone 4 with /e/OS, also a MacBook and a homebrew Linux PC) with a file- and photo export through my NAS.
3. Use the FOSS ecosystem for a bit, be annoyed at some jank, slowly realise that while unquestionably better privacy wise, it's not necessarily better security wise.
4. Miss real life document management (I scan files, apply OCR). MacOS/Spotlight makes it possible to treat my collection as a database rather than a file cabinet that way, Continuity makes it easy to scan.
5. Switch back, rinse and repeat.
I'm driving myself insane. It's always either feeling great about my privacy and sacrifice convenience (I mean, FOSS can probably host that same workflow, it's just that it's a lot more work up front and I'm the one responsible if it breaks) or feeling great about how my stuff works but feeling creeped out about being spied on.
Sigh. People who live in glass houses, etc.