[impulser_]

They are using Google Cloud.

https://security.apple.com/blog/expanding-pcc/?linkId=100000...

"Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud, extending our industry-leading PCC privacy commitments to third-party data centers for the first time."

[btown]

Per that link: I think there's an interesting question about whether a nefarious actor who's infiltrated a cloud provider with physical access to machines that are running signed operating systems, with signed binaries, with TDX remote attestation, and with hardware supply chain verification, has the ability to break the privacy guarantees of a tenant with Apple's sophistication.

Certainly, one could tamper with the hardware, but could one do it in a way that wouldn't get that machine immediately flagged, removed from the routing pool, and told to wipe its memory immediately, by a watchtower (perhaps even the routing layer itself) that runs in a separate secure Apple datacenter?

[Cassell]

Those datacentres would be in the same position of trust as a VPN provider in that the data must be unencrypted at points in the process.

They could be making it very safe, and the things apple says they are doing would make it as safe as possible, but as a user there is no way of verifying the claims.

[freedomben]

> as a user there is no way of verifying the claims

I think this sums up what it's like to be an Apple user pretty well. With their heavy proprietary and closed approach, all users can do is "trust" them.

[brookst]

Have you read the PCC whitepapers? Are you saying the user-facing verification methods in them are insufficient, or vulnerable, or just false?

[Cassell]

The previous argument was wrong and imprecise, as it could be used against any modern technology, none of which can be fully understood by a user, in the sense that any vulnerability would be completely invisible.

It’s clear they have made a very intelligent approach to this system.

[RobMurray]

Apple could simply be ordered to include a hardware backdoor, and legally be prevented from talking about it. Everything else in the architecture could work exactly the way they claim in the PCC paper.

[rasz]

>nefarious actor who's infiltrated a cloud provider

Google is buying that compute from xAI aka Musk

[zelon88]

Spoiler alert; Google is the nefarious actor.

[impulser_]

I think the last thing Google wants to do is get on the bad side of their largest partners.

[mrighele]

their largest partner is probably the US government.

[TeMPOraL]

Which is...

Wrong answer. Or at least, obvious and not particularly useful.

Truth is, none of those parties are "nefarious" - they're all just not on your side. And "security" is never an unqualified good thing to have (it's not an unqualified bad thing either). It's just a framework of coercion.

The most important questions to answer about any security system is, what is being protected, for who, and from who. People don't ask that much, not even in the industry - it's an implicit assumption that everyone themselves is a "good person" and is on the protected side of security systems. And then they're confused because it turns out end-users are more often seen as threat actors. All the players mention, but perhaps especially Apple, in its own special way, is protecting the computer from the user just as much as they're protecting the user/user's data from third parties.

[saagarjha]

It's not.

[SoftTalker]

Why bother with all that cloak and dagger stuff when they can just buy the data? You believe Apple and/or Google isn't selling it? I have some land in Florida I'd like to talk about.

[appplication]

Having worked at Apple, I will say I firmly believe they do not sell data. I worked in data science and we had the shittiest inference because we had essentially no access, even internally, to longitudinal or cross-app user data. Best we had was 15 minute rotating sessions for a single app. There are internal teams dedicated to deanonymizing data to try to narrow down users - if they can successfully do so, and relevant fields that lead to deanonymization get permanently purged from internal logging.

I can’t speak to the current architecture but Apple has shown a consistent willingness to sacrifice access to user data in the name of selling privacy instead at a premium price (you could argue precisely because no one of their competition have any meaningful posture on this). I do believe they are quite serious in their commitment to that, as they have found this strategy to be more valuable than the data itself.

[tjoff]

But sending sensitive private audio recordings to the lowest bidder is par for the course?

https://www.bbc.com/news/technology-49502292

[silvandeboer]

This comment makes it sound like they sold private recordings to whomever was willing to pay for them, but they paid third parties to evaluate Siri recordings.

[tjoff]

Don't really agree with that, that would have been highest bidder if anything.

And it wouldn't have been much worse compared to be as careless as they have been.

[wartywhoa23]

> Having worked at Apple, I will say I firmly believe they do not sell data.

Selling data is so shabby! Why sell when you can just give it away to letter-soup friends?

[fragmede]

Because that's not legal, so they sell it to third party data brokers and it gets resold to someone the TLAs can buy it legally from.

[wartywhoa23]

Illegal to share data with entities that are themselves law enforcement, and which they are known to be demanding, not just asking to share out of good will?

[boringg]

Apple's incentives don't align to sell private data as their whole thing is privacy. They do that they tank their business. If you have proof that they are doing it -- I'd love to see it. (*3rd party actors from an app re-selling data doesn't count)

Google is 100% doing that because thats their entire incentive for the business. They sell low cost software / subsidized hardware on the grounds that you pay with your sharing data. That's the implied cost.

Show me the incentives - I will show you the outcomes.

[cheriot]

Apple/Google make less money if they sell the data because their ad product would no longer have an advantage. So no, I don't think they do that.

[materielle]

That’s not so special, though? There’s a difference between Google infra running Google services.

Versus any F500 company running their services on GCP.

It’s a bit whacky to think about because Apple will operate Google owned software on GCP. But it should be sandboxed just the same.

I’m not making a normative privacy argument here. Just pointing out that this is cloud business as usual. Perhaps it’s interesting Apple is doing it, but basically everything else is already using either AWS or GCP at this point.

[airstrike]

I think the difference is scale. This is Apple, so it's an enormous amount of devices. And it's a seamless experience, to the user, going from local model to cloud models.

So the question about which model Apple was going to use and where has been highly anticipated, especially by the likes of OpenAI and Anthropic. Imagine if either one could say they have Apple as their customer?

Apple certainly has the cash to burn if they wanted to train their own model, but it also always seemed out of their core competency. This is a major win for Google.

So "business as usual" but with huge implications for the AI ecosystem in general.

[Someone]

Google Cloud, but, the way I read it, not Google’s AI offerings. They, basically, hire Google servers to run their software on it.

They also (claim to) ensure those servers run only software they have approved to run on it.

(Part of their software are models derived from Google Gemini, but that’s orthogonal to this)

[fauigerzigerk]

>(Part of their software are models derived from Google Gemini, but that’s orthogonal to this)

You're right that it is orthogonal to the privacy promises Apple makes to its own users.

The moralistic and righteous undertone in their marketing material is questionable though given that these Apple services might not exist if Google didn't exploit Gemini app user data on Android the way it does.

That's fine with me. Users have a choice here. In fact, it's a big improvement over the search deal with Google where Apple sends its own users directly to Google.

[huslage]

They are not _only_ using Google Cloud. They continue to build and invest in their own datacenters. It's not a binary choice.

[impulser_]

Yeah, but the models are running in Google Cloud which makes sense they are based on Gemini.

[huslage]

They appear to be running them on both GCP and in their datacenter.

[dofm]

That is news — I guess not very surprising that they'd need more data centres than before.

But again there is no Apple-to-Google transfer in the inference in the sense of the comment I was originally replying to (I am not suggesting you're implying otherwise, obviously)

But I stand happily corrected where I said they aren't in the picture at all.

That is an interesting press release because it outlines what they would have had to do with any data centre they were outsourcing to.

[impulser_]

This is probably why Google had to rent compute from SpaceX. They needed to free up NVIDIA GPUs for Apple so they probably moved internal workloads to SpaceX compute.

[didibus]

Google likely won't rent compute from SpaceX, they have a substantial share of SpaceX (they own 5% of it) and need the IPO to be valued highly, so to prop up the IPO stock, they made this announcement, but if you read the fine print, both SpaceX and Google are allowed to cancel it at any time, as-in, after they cash out from the IPO.

[ezfe]

iCloud already uses Google Cloud, so that still doesn't change the operational boundaries of where data goes

[LoganDark]

I hope they are still using PCC hardware rather than running private data through third-party servers.