[jandrewrogers]

I understand Apple's position on this one. This is essentially a backdoor into all of your data. It is also a very useful feature. The EU regulators are disallowing guardrails without which this backdoor will be used to strip-mine people's personal data. The privacy implications are not legible to most people.

If I was more cynical I would suggest that this is being used as an end-run around encryption, since the encryption doesn't have backdoors for the government but this gives you access to all the same data.

When this backdoor is inevitably exploited in some very public fashion, it won't be the EU regulators that required the backdoor to exist who will be blamed.

[simjnd]

It would only be a backdoor if it's implemented as a backdoor.

The way Apple Health exchanges data with 3rd-party trackers (Fitbit, Garmin, etc.) is very well built and a good model of how other components in iOS could allow data exchange with very granular permissions.

Apple touts the "Private Cloud Compute". If they found a way to share your personal context to process on their cloud in a private and anonymized way, there is no reason the same process couldn't be used to handoff data to a 3rd party AI provider.

[jandrewrogers]

The technical problem is nothing like exchanging data with fitness trackers.

One of the issues here is that there are many people with strong opinions that don't understand the thing they have strong opinions about. Which is the normal state of human affairs.

[simjnd]

Indeed but you ignore my second paragraph: they have developed (and 3rd-party audited) a way to handoff all the data (parts of your Personal Context, etc.) to their cloud servers in a privacy preserving way on-device. Why couldn't the same process could be used to handoff the data to a 3rd-party AI provider? (genuine why, if you have an understanding of the thing you have a strong opinion about I'd genuinely appreciate the answer)

It looks like Apple is framing this as a privacy issue as a marketing tactic so that consumers will blame the EU when Apple COULD implement it without endangering privacy.

[theshrike79]

Apple PCC is using completely mad and paranoid amounts of security down to hardware and firmware level making sure nobody at any point of the supply chain can access the data.

EU can’t and won’t enforce the same rigour for 3rd party cloud AI. Which is the problem for Apple.

If said 3rd party service leaks private data, guess which company is going to be in the BIG HEADLINE and which one will hardly be mentioned in the news?

[simjnd]

Ah, I see. I overestimated the amount of stripping / anonymization that was being done on device. Thought the server-side could be quite generic. Thanks!

[theshrike79]

Naturally the server needs to know things.

If you want it to, for example, summarise your HRV or menstrual cycle you can't anonymise it or you don't have any data to analyse. It'd be just "wink wink nudge nudge" with zero context.

[benoau]

They've just announced PCC for Google Cloud using Nvidia GPUs and Intel CPUs so it would probably run on just about anything -

https://security.apple.com/blog/expanding-pcc/

[theshrike79]

Of course Google has the capacity to run PCC. This isn't about whitelabel PCC being run by FAANG.

This is about Super Private Benoau AI being available for any user to install. How can they know whether it respects their privacy or not? The home page says that they're the best and mostest private ever of course, has animations generated by Claude and everything.

But actually it runs on servers bought from Hetzner's server auction and stores all logs in plain text in open S3 buckets and the owner actively sells the user data to the highest bidder.

This is what Apple is worried about and EU either doesn't care or doesn't understand the issue.

[bigyabai]

> EU can’t and won’t enforce the same rigour for 3rd party cloud AI. Which is the problem for Apple.

Why should they? If the user decides to trust a third party, Apple shouldn't retain veto power for the customer's choice.

This is how macOS treats apps like OpenClaw. It can absolutely work for iOS too.

[theshrike79]

But how many users are legitimately capable of evaluating how privacy preserving a random Cloud AI provider is?

Let's remember that a tiny company called Meta had a "VPN" they provided for users that just happened to spy on them: https://news.ycombinator.com/item?id=39881962

And that went on for a long while before it was noticed.

Now imagine the same situation but an infinite whack-a-mole of alternative AI providers and just regular folk who will install mobile games from a frozen baby ad...

[jnwatson]

In Apple's press release[1], they mention proposing something similar to what you're talking about.

"Given the serious risks to users, Apple designed a solution called Trusted System Agent — an intermediary that would allow virtual assistants to safely access the same features and capabilities as Siri AI for devices in the EU."

The European Commission rejected it.

1 https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...

[JumpCrisscross]

> Why couldn't the same process could be used to handoff the data to a 3rd-party AI provider?

You have more safeguards if it’s running on your own metal. It’s reasonable to want to understand that better, perhaps with your own red team, before opening up customer data to actual potential hostiles.

[simjnd]

Yeah I overestimated the amount of stripping / anonymization that was being done on device and didn't realize how much plumbing was required server-side too to have good enough privacy guarantees

[spullara]

The 3rd party firm is the one that wants the data. No need for someone to steal it from them.

[throw1234567891]

Well, it seems they couldn’t do it that way, and that’s why we don’t get it in the EU. You’re talking about every app on the phone sharing pii with third parties. Yours, and those who share data with you. This is a completely different situation than health data of a single individual. You use that “COULD” as you were certain it can be done. Tell us how.

[mike_d]

> It would only be a backdoor if it's implemented as a backdoor.

You don't seem to know how backdoors work.

Oppressive regimes mandate that tech companies pre-install apps to protect people from spam calls, or install specific root certificates so they can intercept your traffic and insert a helpful banner into your browsing session to remind you when to pray.

The EU isn't going to ask Apple to add DataCollectionBackdoor(). They are going to demand that in the spirit of freedom and happiness EU companies must have access to Apple users private data.

[Petersipoi]

What?

You want Apple to anonymize a users data, then hand that users data to a third party who knows who the user is? I don't think PCC is doing what you think it's doing.

[flaunf221]

> This is essentially a backdoor into all of your data.

This is the rhetoric used against right to repair. "What if enemies get access to our citizens' data if we allow anyone but us to repair your car?"

[HappyPanacea]

I have never seen this argument against (admittedly I'm not big into such debates) right to repair, did it came up somewhere?

[shimman]

Yes, it's what the opposition literally does. Go read some press pieces from these neoliberal moderates:

https://www.progressivepolicy.org/weighing-the-risks-of-righ...

[superxpro12]

The hypocrisy is easily explained by the overall attack on ownership... you dont own your own data. you dont own your car, your phone, your pc. Everyone wants to own all your stuff...

[t-sauer]

> I understand Apple's position on this one

Well then explain me this: There are absolutely no restriction on MacOS where I can give Claude free access to everything. If you are a Mac and iPhone user that essentially gives it access to the exact same data. Why is the data only protect worthy when accessed on the phone directly?

[hyperpape]

The Mac is a pre-existing platform that is both more capable than iOS, and had an existing user base that used apps that had much greater access. Apple’s attempts to lock down the Mac have met with poor adoption.

In exchange, it also less secure, less user friendly, and less popular.

[xlii]

There's SIP. Claude can't install kernel extension and you can. (... and it just hit me why Apple requires specific reboot procedure to disable it)

[iAMkenough]

SIP doesn’t protect user data, and I’m not sure why a Siri AI alternative would need kernel access.

[throwaway329847]

There is no one-click way to install an AI model on macOS like potentially iOS could have. I can easily imagine some grandma install on their iPhone some random AI model they saw in an AI-generated Facebook post with just one tap.

[Gigachad]

Laptops are a low security environment and already massively compromised. Thats why banks make you authorise transactions by approving them on your phone when you started them on the web.

Apple has been working for a while to secure MacOS but it’s hard without breaking compatibility with old processes.

[flumpcakes]

iPhones have pretty good privacy controls. I don’t see how they can’t extend those to cover AI apps. I imagine the settings menu will get bonkers though. User education about apps slurping up all your data is needed regardless. People just trust apple with their talk of private cloud computing.

[wmf]

It would either lead to Vista-style constant UAC prompts or having to give blanket access upfront (which would be abused).

[aucisson_masque]

We have been able to choose our default app for 'assistant' on Android for a decade. It's fine. You can even revoke permissions if you want to.

And guess what ? Because you're allowed to choose something else than Siri, it doesn't mean you have to. You can still use Siri if you think it's better for your privacy.

[Gigachad]

What level of system access do they have? You can use 3rd party AI apps on iOS, they just can’t read app data or make actions on the system outside of the APIs that currently exist.

The new Siri has much deeper access to personal data and absolutely can not be trusted being siphoned off to a 3rd party server.

[yxhuvud]

It is not prohibiting guard rails. It is prohibiting Siri getting preferred treatment to bypass said guard rails

[iAMkenough]

Why do you use the phrase backdoor?

Is Apple incapable of designing a permissions system that allows a user to grant access to email and messages to an app of their choice?

We already download apps and grant them permissions to subsections of personal data on our devices.

I don’t believe Apple is incapable of designing a system that respects a user’s choices and granted permissions.

[jwitthuhn]

It is not a backdoor if I authorize some other app to use that data, it is a front door.

Apple thinks users should not be able to make the decision about who can access their data. It is not more complicated that that.

[Gigachad]

It’s a back door around normal app sandboxing and permissions systems. The security design of iOS was not meant to allow 3rd party apps to reach in and read any data from any app.

There is a 100% chance this would be used maliciously immediately. Meta would pressure users to install their meta AI agent, which would then go and read the users DMs, and create profiles on all the users who don’t even use Facebook by reading their data from everyone they talk to who did.

Personally I'd much prefer no siri access to app data than allowing evil companies like Meta/TikTok/Etc this level of access.

[andix]

> This is essentially a backdoor into all of your data.

No. Only if you would consider the Linux/macos/windows filesystem API a backdoor too. On your desktop any app with sufficient permissions can read all your data. Would you call that a backdoor?

[InsideOutSanta]

How is it a backdoor if I, as my data's actual owner, intentionally provide access to my data?