upvote

points

by btown19 hours ago |
comments
upvoteby Cassell13 hours ago|
next
[-]
Those datacentres would be in the same position of trust as a VPN provider in that the data must be unencrypted at points in the process.

They could be making it very safe, and the things apple says they are doing would make it as safe as possible, but as a user there is no way of verifying the claims.

reply
upvoteby freedomben8 hours ago|
parent|
next
[-]
> as a user there is no way of verifying the claims

I think this sums up what it's like to be an Apple user pretty well. With their heavy proprietary and closed approach, all users can do is "trust" them.

reply
upvoteby brookst7 hours ago|
parent|
prev|
[-]
Have you read the PCC whitepapers? Are you saying the user-facing verification methods in them are insufficient, or vulnerable, or just false?
reply
upvoteby RobMurray6 hours ago|
prev|
next
[-]
Apple could simply be ordered to include a hardware backdoor, and legally be prevented from talking about it. Everything else in the architecture could work exactly the way they claim in the PCC paper.
reply
upvoteby rasz8 hours ago|
prev|
next
[-]
>nefarious actor who's infiltrated a cloud provider

Google is buying that compute from xAI aka Musk

reply
upvoteby zelon8818 hours ago|
prev|
next
[-]
Spoiler alert; Google is the nefarious actor.
reply
upvoteby impulser_17 hours ago|
parent|
[-]
I think the last thing Google wants to do is get on the bad side of their largest partners.
reply
upvoteby mrighele13 hours ago|
parent|
[-]
their largest partner is probably the US government.
reply
upvoteby TeMPOraL13 hours ago|
parent|
next
[-]
Which is...

Wrong answer. Or at least, obvious and not particularly useful.

Truth is, none of those parties are "nefarious" - they're all just not on your side. And "security" is never an unqualified good thing to have (it's not an unqualified bad thing either). It's just a framework of coercion.

The most important questions to answer about any security system is, what is being protected, for who, and from who. People don't ask that much, not even in the industry - it's an implicit assumption that everyone themselves is a "good person" and is on the protected side of security systems. And then they're confused because it turns out end-users are more often seen as threat actors. All the players mention, but perhaps especially Apple, in its own special way, is protecting the computer from the user just as much as they're protecting the user/user's data from third parties.

reply
upvoteby saagarjha8 hours ago|
parent|
prev|
[-]
It's not.
reply
upvoteby SoftTalker18 hours ago|
prev|
[-]
Why bother with all that cloak and dagger stuff when they can just buy the data? You believe Apple and/or Google isn't selling it? I have some land in Florida I'd like to talk about.
reply
upvoteby appplication17 hours ago|
parent|
next
[-]
Having worked at Apple, I will say I firmly believe they do not sell data. I worked in data science and we had the shittiest inference because we had essentially no access, even internally, to longitudinal or cross-app user data. Best we had was 15 minute rotating sessions for a single app. There are internal teams dedicated to deanonymizing data to try to narrow down users - if they can successfully do so, and relevant fields that lead to deanonymization get permanently purged from internal logging.

I can’t speak to the current architecture but Apple has shown a consistent willingness to sacrifice access to user data in the name of selling privacy instead at a premium price (you could argue precisely because no one of their competition have any meaningful posture on this). I do believe they are quite serious in their commitment to that, as they have found this strategy to be more valuable than the data itself.

reply
upvoteby tjoff15 hours ago|
parent|
next
[-]
But sending sensitive private audio recordings to the lowest bidder is par for the course?

https://www.bbc.com/news/technology-49502292

reply
upvoteby silvandeboer14 hours ago|
parent|
[-]
This comment makes it sound like they sold private recordings to whomever was willing to pay for them, but they paid third parties to evaluate Siri recordings.
reply
upvoteby tjoff12 hours ago|
parent|
[-]
Don't really agree with that, that would have been highest bidder if anything.

And it wouldn't have been much worse compared to be as careless as they have been.

reply
upvoteby wartywhoa2314 hours ago|
parent|
prev|
[-]
> Having worked at Apple, I will say I firmly believe they do not sell data.

Selling data is so shabby! Why sell when you can just give it away to letter-soup friends?

reply
upvoteby fragmede11 hours ago|
parent|
[-]
Because that's not legal, so they sell it to third party data brokers and it gets resold to someone the TLAs can buy it legally from.
reply
upvoteby wartywhoa2310 hours ago|
parent|
[-]
Illegal to share data with entities that are themselves law enforcement, and which they are known to be demanding, not just asking to share out of good will?
reply
upvoteby boringg7 hours ago|
parent|
prev|
next
[-]
Apple's incentives don't align to sell private data as their whole thing is privacy. They do that they tank their business. If you have proof that they are doing it -- I'd love to see it. (*3rd party actors from an app re-selling data doesn't count)

Google is 100% doing that because thats their entire incentive for the business. They sell low cost software / subsidized hardware on the grounds that you pay with your sharing data. That's the implied cost.

Show me the incentives - I will show you the outcomes.

reply
upvoteby cheriot14 hours ago|
parent|
prev|
[-]
Apple/Google make less money if they sell the data because their ad product would no longer have an advantage. So no, I don't think they do that.
reply