Hacker News new | ask | show | jobs
by smoldesu 820 days ago
They don't need to. I'm not sure if you're aware, but it's actually possible to encrypt traffic using things other than TLS. A regular app on non-jailbroken iOS can completely circumvent TLS decryption. First-party Apple Apps will bypass your profile and custom CA.
1 comments
throwaway290 819 days ago
Ah. You are saying they would encrypt on top. Sounds inefficient but I guess reasonable if you think about people like Kazakh government or Korean institutions requiring everyone to add a CA just to live a life. So without extra encryption they could snoop on that too. We can't have nice things...

(It's still possible to compare how much a blank device phones home but perhaps we wouldn't know all the details of what it talks about)

link
smoldesu 819 days ago
> So without extra encryption they could snoop on that too.

This is basically the crux of your argument. I mostly agree with you - neither Apple nor Google do enough to protect user traffic in the big-picture. You can Wireshark a lot of data off both OSes, the throughput is even scarier when you track radio emissions.

That being said, a lot of people have taken notes from Apple's "protect user privacy" shtick. Many logging libraries contain the app-equivalent of screen-recording baked in to the app framework, enabling a pipeline where PII gets ingested as a part of the logging process. Startups that incorporate these processes then brag about their self-imposed security compliance as a result of their own ass-backwards philosophy. And these aren't even the bad guys!

Companies like TikTok and Facebook collect lord knows how much information, and use the same "security" tautology as their scrappy startup peers. They consciously stretch the limits of their API capabilities, and then turn around and make puppy-eyes whenever regulators act concerned. Meanwhile, the actual users of these smartphones aren't empowered to regulate their own device's security. They can't turn off their phone because the modem is still on. They can't firewall Facebook analytics when the app is closed. They can't even stop their notifications from being snooped on without disabling the feature altogether. Where's Apple or Google when that's under scrutiny?

It's a bit tangential, but this is why I think Apple made an enormous mistake attempting to commodity privacy. Privacy is idealistic - there will always be perennial exploits on the iPhone to prove them wrong. Because Apple commits to imperfect, conditional privacy, scummier-and-scummier companies can follow their imperfect lead and make the same claims. And because none of them are as big as Apple, they rarely take flak when their systems fail. Apple's attempts to market security is like watching a leading F1 driver start turning into a tailspin, and taking the rest of the racers with them in a firey crash.

link
throwaway290 816 days ago
I'm not sure marketing privacy is the same as commodifying it, if anything commodifying something makes it less marketable...

Most marketing hinges on non commodities, take coca-cola for example, it's sugar water with a bit of caffeine, if they marketed that they'd be nothing, all of their marketing is about other stuff, intangibles

Kind of like Netflix's proverbial "chill"

Comparatively I'd say privacy is among better things to market

link