from the THIS-BUTTON-DOES-NOTHING dept
For the last few years, Apple has worked overtime trying to market itself as a more privacy-focused company. 40-foot billboards of the iPhone with the slogan “Privacy. That’s iPhone” have been a key part of company marketing. The only problem: researchers keep highlighting how a lot of Apple’s well-hyped privacy changes are performative in nature.
The company’s “do not track” button received endless hype for being a privacy game changer, yet far less discussed have been revelations that the button doesn’t actually work, numerous apps have found ways to dodge the restrictions, and Apple does a generally shitty job holding those app makers to account.
The same thing has been found of Apple’s iPhone Analytics settings, which makes an explicit promise to users that if they flip a button, they’ll be able to “disable the sharing of Device Analytics altogether.” But researchers have now shown that’s really not true either, and the app store and other Apple apps collect oodles of personal and information data even when you ask them not to.
And now there’s another report emerging from app security researchers Tommy Mysk and Talal Haj Bakry showing that Apple’s iPhone Analytics setting also masks the use of a Directory Services Identifier, or DSID, to track and link user information/data despite specific claims by Apple that’s not happening:
Apple’s response to all of these reports has been to just not comment, which is certainly much easier in a tech media environment that generally prioritizes gadgets, money, and influencer unboxing videos over consumer welfare and overall market health.
Recall, Apple proclaims that “personal data is either not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.” Yet here, once again, you’ve got researchers showing this simply isn’t true and user control is an illusion:
“Knowing the DSID is like knowing your name. It’s one-to-one to your identity,” said Tommy Mysk, an app developer and security researcher, who ran the test along with his partner Talal Haj Bakry. “All these detailed analytics are going to be linked directly to you. And that’s a problem, because there’s no way to switch it off.”
These revelations see way less press coverage than Apple’s purported dedication to privacy, which has seen just endless waves of hype and adoration across the tech press. It was generally helped by Mark Zuckerberg’s hyperbolic claims that Apple’s modest privacy changes were directly responsible for Facebook/Meta’s cash problems, not say, Mark Zuckerberg.
The reality remains that regardless of what they say, none of the big app makers, telecoms, hardware giants, or data brokers making billions upon billions of dollars on the backs of the feebly unregulated data collection and monetization sector are going to implement meaningful changes that cost them billions in revenue, even if reform is essential to happy customers, working markets, and national security.
But the U.S. government is simply too corrupt to pass even a baseline privacy law for the Internet era that erects meaningful penalties for sloppy privacy and security practices. So what we get instead is kind of a dumb marketing performance that a tech press, that makes most of its money from gadget hype clicks and ads, doesn’t have a lot of financial incentive to meaningfully criticize.