It’s pretty clear that most people have very little understanding of privacy, falling victim to mainstream media’s depiction of it and the world in general—the very power system(s) they’re trying to combat. The belief in Apple as privacy-oriented is one such illusion. So before starting I highly suggest people educate themselves on media and propaganda (I’ll happily provide book recommendations) to develop a more critical framework. A good introduction is this documentary.
A rough summary is that mainstream media are huge corporations whose profit-making comes not from readers/viewers or paid subscribers, but advertisers. This means there’s two important institutional constraints on media ideology: that of their owners and of their buyers. Both inherently determine their values and the kind of content they make. Corporate media are businesses selling products (us, consumers) to other businesses. What kind of ideology and picture of the world do you think you’re getting from that?.
The rest of this post is written under the assumption that this sub is informed enough to view Apple as nothing more than “the lesser of evils”. A perspective I will argue is still misguided.
1. USER IDENTIFICATION:
Outside the ones shared by all competing products in the industry, there are additional ways to identify you in specifically Apple products.
- iOS subliminally and constantly collects sensitive data and links it to hardware identifiers almost guaranteed to link to a real identity.
- iOS forces users to activate devices which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple’s services.
- iOS and iOS-based coprocessors force the regular sending of incredibly sensitive metadata to Apple for the mere ability to use the device for questionable and unknown reasons.
2.1. PRIVACY POLICY IN PRACTICE IN REGARDS TO THE AUTHORITIES:
Apple is subject to the FISA Amendments Act of 2009, and PRISM is an example of that law in practice, which Apple is part of (amongst others).
As public disclosure of cooperation with authorities have been allowed in in limited degrees in recent years, we’ve seen examples like Apple admitting to complying with 90% of government requests of accessing thousands of user files every year. FBI openly praised them for providing “ample assistance”. It therefore came as no surprise when a recent leak revealed that the company purposefully kept their phones less secure to make access easier for the authorities. Despite all this, Apple is still most associated with the FBI encryption dispute in 2015, which has been a huge PR success for them.
The latter case, which was completely fraudulent, is still widely circulated and frequently brought up as demonstration of Apple’s integrity. In reality it was a demonstration, like the general theme of much else in this post, of successful media propaganda. Apple (or even FBI) aren’t able to fool professional and well-educated journalists of NYT, WP, etc. They also rely on the media’s conformity through misrepresentation of the available facts, as well as accessible and well-known critique.
Apple have outlined how they give virtually everything relevant on iCloud to the authorities. As the CEO of ElcomSot, a security company that revealed iCloud was uploading data to Apple servers without users knowing, said: “The takeaway really is don’t ever used iCloud”. Apple having the encryption keys to iCloud as well as other parts of your iPhone completely invalidates the point of E2EE, and might explain why/how NSA minesdata directly from their servers.
The company’s respect for privacy is no better outside the US. We know that they oblige and assist authoritarian governments like China in installing firewalls to block citizens’ access to encrypted tools, like social media apps. They’re actively undermining people’s security and privacy from violent regimes for the sake of profit.
2.2. PRIVACY POLICY IN PRACTICE IN REGARDS TO THE PRIVATE INDUSTRY.
Apple sellcertificates to third-party developers that allow them to track users within their own apps—third-party developers are allowed to collect data on iOS. Facebook’s privacy scandal (interestingly, Apple themselves were one of the main partners buying data from Facebook) involved iOS users as well due to the mentioned tracking. Apple reacted to the scandal with another publicity stunt by superficially punishing Facebook. A real response, like removing Facebook from the App Store or removing their ability to track you, did not happen.
The company attacks Google and Facebook’s intrusion on users’ privacy, yet are enabling them and other businesses in doing so on their products. They even use Google as Safari’s default search provider—making 12 billion USD in 2019 alone from this deal.
If they really cared about privacy they would deny the ability of privacy-invasive apps to collect any user date. They don’t because these apps’ importance in keeping their products’ platform popular and therefore profitable.
3. THE LACK OF OPEN SOURCE CODE.
Open source code, specifically those that have been audited, is for obvious reasons much safer than closed source ones. Even government agencies take it into account in choosing secure software for their members.
It is all the more important when the company in question surrenders data to state authorities, allows third-party developers to collect data, have weak security measures (sometimes on purpose) and have been discovered of numerous suspicious activities. No to mention the fact that Apple’s verification mechanism in designed in such a way that they have the ability to “silently send targeted malicious updates to devices matching specific unique ID criteria”. iOS is a textbook example of why closed source is bad.
Imagine if Huawei, on top of providing third-party developers the ability to track its users, admitted to giving the Chinese government access to user data (but only after it was caught doing so) and were continuously caught in suspicious activities (many involving Chinese authorities)—all on a completely closed source software platform. Would you take their claims of “security” and “privacy” seriously?
Many users (predominately Americans) already have a hard time trusting Huawei, despite 0 evidence of illegal data collection of users or claimed connections with the CCP. Users have bought into US government claims and mainstream media propaganda. At the same time they buy and congratulate Apple for their privacy-oriented approach. A perfect example of a system of indoctrination.
4. ALTERNATIVES.
Here are some reasonable steps with descending order in how effective they are, that provide you with Android-based alternatives superior to iOS in privacy and security:
1: Disable Google tracking and services in settings (the little that they make available to you) and use F-Droid instead of Play Store. Notwithstanding the lack of privacy in many ways, it’s a good starting point.
-At this point your privacy from private companies is a bit better than on iOS.
1.5: Some OEMs, like Huawei, simplify and help users uninstall Google apps and services. Huawei’s current products (like Mate Pro 30) also come without all that, due to the current trade war. The phones still come with Huawei bloat and their ad-based data mining, but it’s nowhere as bad as Google and easier to evade.
-At this point your privacy from private companies is better than on iOS.
2: Root your device (an easy task) and uninstall all Google apps and services, as well as anything else, completely.
-At this point your privacy from both government and private companies is better than on iOS.
3: Install Custom ROMs that allow the same as 2, have even more open software for examination and also include enhanced privacy features in the system (or you can get these as third-party apps). Some, like LineageOS, also provide UI, performance and update cycles superior to almost all the main Android OSes (One UI, MIUI, EMUI, LG UI, etc.)
-At this point your privacy from both government and private companies is significantly better than on iOS.
4: GrapheneOS. It provides an exceptional level of privacy and security that has been praised by Snowden himself. It runs a stock Android setup with the same pros as LOS above, making it very well from a non-privacy perspective as well. If you want a user-friendly and highly privacy-related platform without having to do a lot of tinkering and manual management, this is the ROM for you.
-At this point your privacy from both government and private companies is tremendously better than on iOS.
5. SUMMARY: IPHONES ARE NOT THE BEST ALTERNATIVE FOR DATA PRIVACY.
iPhones give no additional security and privacy from the government over Android phones. They only do in limited conditions that are inconsequential to this sub. The minute you want to improve your privacy and security beyond what you get out of the box, iOS is terrible. It is not the “lesser of evils”— a myth that needs to die.
Additionally, positioning themselves as a beacon of privacy make them even more dangerous, as they become a honeypot for people in severe need of privacy. This has profound consequences in authoritarian societies for journalists, demonstrators and other dissidents. COINTELPRO has shown how ugly it can get in free societies as well.
If Apple’s software and ecosystem is more important to you than increased security on even some of the best UX alternatives on Android (LOS, GrapheneOS, etc), then at least admit to this hard truth and move on. Spreading misinformation undermines the privacy of others, and doing that to serve your confirmation bias is disingenuous and honestly deplorable.
Note: None of this is to say that Google Android is necessarily a secure alternatives in general, only in relative terms – but at least it’s Open Source. Having said that, the hardware it runs on is not and some features they are building in only work on their devices. So if you have a Pixel and want all the features you are locked, essentially, into Close Source hardware due to chips like PVC,Titan, Soli, etc. Pixels with GOS make very little sense due to them being overpriced and having fairly mediocre flagship hardware. Their most fundamental strengths lie in software smoothness and image processing. Both of which are are lost when installing GOS.
It’s important to understand that while not ending government intrusion (though severely limiting it and its data mining), the available methods on Android, which include continuous development of new and better measures, tremendously improve on privacy from the private industry. All that is is simply impossible on iOS as a system; its security and privacy out of the box is also all you get. You have zero flexibility on the system and are completely locked in. This is really bad with their track record (covered in OP). All its important hardware being in-house and exclusive to them is even more troubling.
A good way to approach hardware security is to see what members of non-allied countries use. To give an example, Germany’ aerospace industry got rid of Cisco routers after discovering backdoors installed in their hardware. The issue in that case was industrial espionage, which The Five Eyes’ Project ECHELON, as a European Union report on the matter states, is “a global system for the interception of private and commercial communications”.
As for general surveillance, when Angela Merkel found out that her and other politicians’ Nokia 6260 Slides were tapped by US intelligence, she switched to a Blackberry fitted with an encryption chip by Secusmart. The latter company is a popular option for many government agencies.
Another thing to consider in a scenario where you need to choose between hardware backdoors of two rivalling countries, is to always go for the rival/enemy. It’s safer for a Chinese citizen to use phones with US-based hardware backdoors, and equally so for a US citizen to use phones with Chinese hardware backdoors. The reason being that the most immediate and relevant threats to you is your own government. They are the ones with sovereignty and monopoly of power over you and they are the ones who care. If surveillance is the only choice, it’s always better to choose a non-allied country.
Of course, the above hardware backdoor example is theoretical. In reality, governments often use dedicated security chips in phones unavailable to regular consumers. Furthermore, companies from non-allied countries cooperate with surveillance laws of local governments. Those relate to software and not hardware though (and this is why Android’s open source nature is extremely important).
Much of this is a repost from /r/Privacy.