This post is factually incorrect, it does not send a hash of the application (instead an identifier that can be shared across apps) and the server doesn't save any logs.
But a content-hash would have given them a release ID (i.e. which specific version of the app bundle you're running.)
A series of {release hash, launch timestamp} events could be used to build a much more precise profile of your computing habits than just {app ID, launch timestamp} events would.
Also, you're ignoring the power-law: while yes, the majority of software exists in a long-tail of ISVs, most of the apps that people use are made by big corps that make a lot of apps each. 80% of the apps on any computer (Windows or macOS) are Microsoft or Apple or Adobe apps. When you're using any of those, all Apple gets is {Apple, timestamp} or {Google, timestamp} or {Adobe, timestamp}. That's... not very useful for profiling. Especially the first two. Safari and iTunes are both just "Apple" through this system. Are you working? Relaxing? Who knows?
Those are fair points. The original report was much more serious before Apple changed policies to make the reports encrypted in transit and stopped logging IPs.
Apple telling you they don't log IPs means nothing. Facebook did this and nobody batted an eye. [1]
It's also incredibly unlikely. I'm just trying to picture what this server that does no kind of user identification at all looks like. What value would it possibly offer? Just to count how many times an application is opened? How can any kind of analytic application function without some kind of user profiling mechanism and a place to store that data for analysis?
It’s not an analytic application, its purpose is to benefit users not Apple, and Apple doesn’t actually have any profit incentive to collect user data from this service.
Facebook operates a free service that they use to collect data about you to sell for advertising purposes. Apple sells expensive personal electronics directly to consumers, and has made it a part of their core brand to be privacy-conscious. They’re certainly not perfect, and they’ve clearly made missteps along the way, but they’ve done more than virtually any other public company to further their customers’ privacy and demonstrably collect as little data as possible. When they have made mistakes, they’ve carefully explained what circumstances led to it and have generally gone above and beyond in ensuring that kind of mistake can’t happen again.
Your perspective is little different than the indefensible “both sides” mentality many people have toward politics. Apple is not Facebook, and there is a massive difference to anyone actually paying attention.
I too, used to think incentives were good enough to generally guard against bad behavior like this. The problem is that incentives can change quickly and unless data is explicitly (and with some guarantee) removed, there's always the chance for it to be accidentally exposed, nefariously exported, or repurposed as incentives change. The only safe amount of data to send out by default is what's essential to accomplish what you are trying to do.
Relying on Apple to do the right thing when they're sent a bunch of data which has some use to them, and to their users, if they keep it and run statistical analysis against it, is like relying on that handshake agreement to store some of your belonging in your kindly old neighbors shed. Sure, you trust him, but he's not going to be around forever, and who's to say what will happen to it if someone takes over his property after he's gone. And if that kind neighbor had a habit of cleaning up the stuff your kids left in your yard for you by putting the items in that shed of his... well it's nice that he allows your kids to get their stuff from there whenever they want, but still, that's just asking for problems down the line.
> Relying on Apple to do the right thing when they're sent a bunch of data which has some use to them, and to their users, if they keep it and run statistical analysis against it, is like relying on that handshake agreement to store some of your belonging in your kindly old neighbors shed.
No, it's relying on this being disaligned with their profit incentives. They've made a selling point of their products being privacy-focused, and actions that go against that directly impact the profitability of these products.
There have been several cases where data was mistakenly collected. Nobody's perfect! And in every one of those cases, they've gone above and beyond in explaining what went wrong and how they'll prevent those situations from occurring in the future. In several cases, they've even published white papers pushing forward the current state of the art on preserving privacy while collecting the minimal data necessary for services to function.
Apple is not Google and Facebook. The latter two have direct profit incentive to maximize data collection and analysis of you, personally. Apple wants to sell you consumer devices, and—outside of specific counterexamples like Siri—collecting your data rarely aligns with those profit incentives.