Hacker News new | ask | show | jobs
by thebean11 1854 days ago
> That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.

No I'm not, I'm comparing against a world where Apple allows sideloading, and this privacy issue exists in both.

> because they have told us in public that they would.

Source? Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is. It would still work if the Facebook app was sideloaded from what I understand.
1 comments
zepto 1854 days ago
> Source?

You can trivially check this yourself.

> Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is.

This is a complete misunderstanding of how it works. Apple provides a mechanism for apps to use to identify users who opt-in.

The only thing preventing developers from just ignoring this and using fingerprinting or other identifiers is the App Store rules. A whole bunch of apps have been banned or otherwise forced to stop doing this.

€ It would still work if the Facebook app was sideloaded from what I understand.

No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.

link
thebean11 1854 days ago
> You can trivially check this yourself.

I could not find any quote like this..not sure why you think it's so trivial to find.

> No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.

You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?

Or the one a few years back about playing silent audio tracks to stay open in the background?

link
zepto 1854 days ago
> I could not find any quote like this..not sure why you think it's so trivial to find.

You won’t find a ‘quote’, but it it’s trivial to educate yourself on this mechanism. E.g. Apple’s documentation. Various articles about ad tracking transparency, etc.

If you haven’t read the technical materials about the subject, why do you claim to understand it?

> You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?

There is no rule against reading the metadata. Yes it’s malicious, but Apple doesn’t currently have grounds for removing the app. The correct solution is to stop leaving the metadata in the file.

> Or the one a few years back about playing silent audio tracks to stay open in the background?

That one was indeed solved by a rule change.

But why do you mention these?

Presumably to support your claim that sideloading would be no different from the App Store when it comes to privacy.

If you understood the mechanisms, you’d know this was false.

link
fsociety 1854 days ago
You come off as making an ad hominem attack, saying that this information is trivial and if the replier can’t find it then they shouldn’t be commenting on the subject. If it is true that iOS’s permission model is done on the App Store level and not the OS level, which I doubt by the way, then that is a flaw on Apple’s part and should be fixed. Otherwise we are relying on arbitrary App Store rules to protect our privacy and security, instead of baked in constructs in the OS. I’m skeptical that Apple would do something so shortsighted.
link
zepto 1854 days ago
> You come off as making an ad hominem attack, saying that this information is trivial and if the replier can’t find it then they shouldn’t be commenting on the subject.

It’s not an ad hominem. The commenter made a false assertion about how the mechanism works, which is easily checked.

I’ve pointed to where they can check it. The App Store rules, and apples tech docs. There are also other articles with background.

> If it is true that iOS’s permission model is done on the App Store level and not the OS level, which I doubt by the way,

So you don’t know how this works.

> then that is a flaw on Apple’s part and should be fixed. Otherwise we are relying on arbitrary App Store rules to protect our privacy and security,

That’s exactly what many of the App Store rules are for.

> instead of baked in constructs in the OS.

They don’t rely on the App Store rules ‘instead’. They rely on them in conjunction.

It’s not as easy as you think to rely on baked in constructs in the OS.

A trivial example is that such constructs cannot detect text that lies to the user about why a permission is granted.

Another example is that such constructs can’t prevent an app from communicating with a fingerprinting service or using a

These have to be done by policy.

> I’m skeptical that Apple would do something so shortsighted.

Not really sure what to make of this comment, since you don’t present an accurate model of what Apple is actually ‘doing’.

link
thebean11 1854 days ago
So we agree that Facebook never actually said this? Not sure why you're referencing Apples docs for Facebooks supposed comment..
link
zepto 1854 days ago
> So we agree that Facebook never actually said this?

Why would you think that?

Anyone following this would know that Facebook said this. They took out a full page ad in the New York Times.

>Not sure why you're referencing Apples docs for Facebooks supposed comment..

The reference to Apple’s docs is about the tracking mechanism which you wrongly claimed worked like location tracking.

It doesn’t, and you can check this in Apple’s docs.

link
thebean11 1854 days ago
> because they (Facebook) have told us in public that they would

> You can trivially check this yourself.

> You won’t find a ‘quote’

You're backpedalling and it's really unclear what you're talking about, leading me to assume you're making it up or misrepresenting something.

If it's so trivial to find why can't you produce it?

link