[talldayo]

It's not about being clever, it's about being perceptive. Apple's cloud commitment has a history of being sketchy, whether it's their government alliance in China, the FIVE-EYES/PRISM membership in America, or their obsession with creating "private" experiences that rely on the benefit of the doubt.

Apple doesn't care about you, the individual. Your value as a singular customer is worthless. They do care about the whole; a whole that governments can threaten to exclude them from if they don't cooperate with domestic surveillance demands. How far off do you really think American iCloud is from China? If Apple is willing to backdoor one server, what's stopping them from backdooring them all? If they're willing to lie about notification security, what's stopping them from lying about server integrity too?

And worst off, Apple markets security. That's it; you can't go verify their veracity outside the dinky little whitepapers they publish. You can't know for sure if they have privacy violation baked-in to their system because you can't actually verify anything. You simply have to guess, and the best guess you can make gets based off whatever Apple markets as "true" to you. In reality, we can do better with security and should probably expect more from one of the largest consumer technology brands in the world. Simply assuming that they aren't violating user privacy is an absurd thing to gamble your security on.

[39896880]

If you are the target of a nation state level actor, you are already fucked. Most of us just don’t want our behavior sold to our insurance companies or whatever. Apple doesn’t do that because it would kill their brand for very little return.

[whynotminot]

This is the part that’s always so humorous to me about the super tinfoil hat security crowd. They think they’re in the plot of Mr Robot or something. When for the most part, no one actually cares about them at all.

My dad fits into this category. So worried about being “tracked by the government.” He’s not a dissident. He’s not a journalist. Not a freedom fighter. Just deeply inconveniencing his kids with some of his tech choices.

But if these people were the targets of APTs, all the massive technology lifestyle changes they’ve made to supposedly protect themselves wouldn’t really matter.

[snaeker58]

I really also don’t bother about security, but I hate that any argument against people caring about privacy is along the lines of „I have nothing to hide“. Especially on the note of Apple, I remember when a dad was flagged as a pedophile because Apple found photos of his kid in his iCloud and their algorithm decided to get him raided. It’s about control, when you hand your data over to 3rd parties of any kind you are giving up control and one day that will bite you in the ass in some way. I am will to take that risk, you too, but I still think not wanting that is totally valid. A type of angst which I find much more stupid is people being scared of AI taking over the world HAL x Terminator style…

[talldayo]

So this whole thing is about you being angry that your dad doesn't use iMessage?

Sounds like your dad is the cool dude, and you're the tech-obsessed weirdo. Do you visit him often?

[whynotminot]

Nah he uses iMessage. He’s not that obstinate.

He’s otherwise a good dude. Just makes some tech choices here and there as if he’s a former CIA agent on the run that sort of just make you chuckle and shake your head.

[talldayo]

That's the convenient line of blind apathy they rely on, to sell iPhones. If people cared, they would object to owning an iPhone just from the material and labor cost of it... but they don't. It's a running joke that nobody cares what next year's iPhone looks like as long as the trade-in value is good. Apple couldn't kill their brand if they tried, past this point. People don't pay attention anyways.

Which is why it's good for us to demand more from capable companies. Apple looks good when they're scared, and the market wins when they're forced to compete in novel and interesting ways. Success breeds complacency, the rest is distant history.

[blackqueeriroh]

> And worst off, Apple markets security. That's it; you can't go verify their veracity outside the dinky little whitepapers they publish. You can't know for sure if they have privacy violation baked-in to their system because you can't actually verify anything.

Oh, boy, but this is deeply false. Apple literally provides security researchers models of their devices to verify their security claims on their most important cash cow, the iPhone.

This is just an incredibly bold and verifiably false claim.

Wow.

[talldayo]

Apple has tried suing researchers, before: https://www.theverge.com/2021/8/11/22620014/apple-corellium-...

On top of that, they fail to commit to iOS security on the level of AOSP and don't let researchers create hardened variants or custom patches. With actively-distributed exploits like Pegasus still being used, that's the sort of behavior that turns your userbase into a stationary target. Giving researchers iPhones is insultingly usel

Apple vehemently opposes the concept of anyone securing their iPhone except them. They have a well-documented habit of ignoring vulnerabilities and offering zero compensation for the discovery of zero-days. Apple's ambivalence towards the security research sector is like one of the only things they're known for, among hacker communities. It is "verifiably false" in the sense that Apple spends quite a lot of money marketing the opposite of what they actually do in reality (not that you should be surprised by that).

[saagarjha]

Can you explain to me how I might use such a device to verify the security properties of iBoot?

[Spooky23]

You lose all credibility when you start yakking about FIVE EYES, etc. If you're the target of intelligence services, the advice you need is eloquently delivered in the movie "Goodfellas". That is: "Don't talk on the fucking phone."

American companies are subject to US law, full stop. Global technology companies have to balance interests to operate globally. China requires a local partner to operate services in the PRC, thus Apple and Microsoft (and others) operate with a business partner in that market.

From a business perspective, there's little or no incentive for Apple to take measures to collect information on you systematically - they do not monetize it and won't devote resources to its collection. However, not being responsive to government requests, demands, or order for information will result in punitive action. So they comply.

No company cares about you. They don't love or hate you. There's no moral purity - the competitive platform is owned by a company that owns the advertising market and has a long history of extracting every sinew of data to create profiles that allow for maximally efficient ad delivery. Engaging in whataboutism isn't productive.