I'm curious: if Facebook did exactly what Apple describes in this document for its WhatsApp customers (at least for data beyond the minimum required to deliver their service), would their privacy statement be able to look like iMessage's? I'm guessing not, but I wonder if someone who is more knowledgeable could answer the question definitively.
Exactly. I've generally not been excited about the idea of industrial policy targeting OSes beyond App Store limitations, but at this point I feel pretty strongly about its need. The absurdity of this is getting a wee bit out of hand.
> iMessage has a privacy statement now, and it's much shorter than whatsapp's
Or there.
I wonder how effective these things really will be. Most people aren't going to scroll through these so the average person is going to ignore the everything below the fold. It's like the required disclaimers on medicines which people ignore. Once you get past the first few, nobody pays attention.
It doesn't have to have an effect to everyone, it's about taking responsibility and actually defining what they're doing.
Once we have everyone actually publishing what they're doing it's a lot simpler to file complaints to DPA's and to verify they're actually compliant with legislation.
It's really hard to tell with Facebook if they understand that their massive data collection is at least morally questionable, and they business plan is simply a calculated risk. Given that most people seem to care more about free services, than they do about privacy, Facebook may see privacy labelling is a pointless exercise that won't change anything anyway.
Or perhaps we are back at Upton Sinclair: "It is difficult to get a man to understand something, when his salary depends on his not understanding it." and Facebook as an organisation is simply unable to acknowledge the problem, because doing so would ruin them.
If Facebook charged 2$ a month for their services, would they not make more than their operational costs? They choose to exploit and straddle areas that are morally and legally dubious because they want more money.
They'd lose many users. $2 a month might not be a lot, but any non-zero amount of money is a barrier for users. On one side some users might not have an easy way to pay, others will still have to reconsider whether Facebook itself offers enough to be worth the $2 a month (even if it totally does).
Also, a more likely outcome would be Facebook charging $2 a month on top of their usual data collection practices.
That's really the scary part, most people wouldn't pay $2 per month for Facebook. Most wouldn't pay the $1 for WhatsApp. That shows you how little value these services actually provide to most people. The remaining users wouldn't pay for year two, because to many others would have left the platform.
Most wouldn't pay because there are alternative free services with a somewhat similar model. This analysis would be more interesting if all these 'free' alternatives go away.
>That shows you how little value these services actually provide to most people. The remaining users wouldn't pay for year two, because to many others would have left the platform.
No, I'm extremely critical of many aspects of Facebook (and implicitly Whatsapp as an FB property, especially now) but to say they provide so little value based on how few people would possibly pay these amounts uses flawed assumptions. If people didn't pay it wouldn't be because they don't gain at least 1 or 2 dollars in value (many people almost certainly do, I certainly do with my own use), it would be because the model of offering high value for free in exchange for massive amounts of saleable user data is so lucrative that alternatives with free versions would quickly take over market share. In absolute terms, the use value of FB or Whatsapp to a user is often much more than 1 dollar per month, but compared to the ease of switching to someone who in the existing market again offers the same for free, it could quickly descend to less than 1 dollar.
It's not just Facebook and WhatsApp, it's pretty much any service we've become accustomed to getting for 'nothing'. As a comparison, I run the domain my family uses for e-mail (not just my spouse/kids, but my brothers and parents and a few extended family members as well), and it's currently hosted on GSuite, grandfathered in from way back when you could get it free. I wanted to switch us away from Google to FastMail, but everyone balked at $5/month for e-mail. Even the ones making well into six figures didn't want to cough up $60/year for something they've been getting for free. So I could pay it out of pocket, or we stay on GSuite, or I kick everyone off that won't pay and deal with hurt feelings.
I think it was highly profitable business because before FB acquisition it was very small company (~100 people) compared to user base (hundreds of milions). but FB did acquisition not because of profits but because of userbase to collect more data. So to increase userbase even more, FB got rid of payment plans and made service for free.
Yep, first year free, then $1 payment, but if you wanted, you could just uninstall, reinstall and it would reset the entire schedule. Acton and Koum really wanted it to be something different than what it is now.
I think most people do manage to get at least a buck or two's worth (adjusted for local purchasing power) of use out of WhatsApp (if not facebook.com); surely, the ability to instantly contact people via text/call/video must be more useful than music streaming?
The problem seems to be that if competing services remain free, then users might start questioning the fee and eventually the base might migrate.
Really, while "free" internet services appear as if they are straight out of a post-work utopia, all they seem to be doing is trivializing the social cost of accurate and insidious targeting of groups jazzed up in sexy terms like "digital marketing" and "adtech".
Holding a cellphone is step 1; step 2 is having a tool that can facilitate frictionless communication to one or more people -- easy and cheap enough for pretty much any demographic to grasp. Contacting someone from what was essentially a portable landline is surely very different from using WhatsApp (or any chat application) on a modern smartphone?
Have you actually used cellphones? They're extremely expensive to actually communicate with, especially in the countries where WhatsApp is near ubiquitous (and we're talking within country, let's not even get into how horrendously expensive communicating with people internationally can be via regular cell service).
I really don't understand why so many people on HN are this adamant about trivialising the value that apps like Whatsapp provide.
WhatsApp adoption clearly demonstrates they are providing value to people. My point is people are looking at what the app does rather than why people use it. Phone conferences for example have been a thing for decades, but they weren’t free.
Most people wouldn’t pay but some would pay a lot, in the form of donations.
I can easily envision a world where Facebook was a nonprofit along the lines of Wikipedia. Ad-free and supported by donations, the site would serve to connect the world (Facebook’s ostensible mission) without resorting to dark patterns or A/B testing for addictive engagement. I think there are plenty of wealthy people out there who would love to support such a site, if it existed.
Technology-wise, such a site could be built today, no problem. I have no idea what to do about the network effects that comprise Facebook’s moat, however.
So a company that, in your own words, uses dark patterns and addictive engagement, could possibly be this [rose-tinted glasses conception of] Wikipedia? That’s ridiculous. That’s not even alternative history as you are reimagining the whole foundation of the company.
Really, this must come from some utopian idea that company-founders really want to make the world better above else, but then profit-seeking—the modus operandi of all for-profit companies—intervenes just because the world is not pure enough for their vision.
I would love this if I trusted any online service to maintain the paid option as truly ad-free over time but I've been burned by the TV industry too many times. Ad creep ruins every paid service and ultimately just drives the price up.
A family member recently relayed the story of his kid begging for $20 for a “bunny suit” Fortnight skin and how he, the adult, slowly came to understand that the skin didn’t even do anything; it just ever-so-slightly changed how the game looked (which I already knew, but his exasperation was amusing). We were like, huh. Kids today.
Anyway, for reasons I don’t totally understand, in my experience this dad’s bunny-suit exasperation is how most people feel about paying for software of any kind. It’s not just frugality but indignation at the very idea that they be asked to pay for software.
Yeah, these kids today wanting to pay for things that change their appearance in the world where they interact with their friends.
I really don't get this. Did you never buy a ringtone for your phone because you thought it was cool? Or some item of clothing that didn't serve a purely functional purpose. Do you not have any art or photos on your wall? I assume you still have your default desktop wallpaper and phone background.
Like I live my life surrounded by all sorts of random junk that brings me joy. How can you not?
I meant it to be an amusing anecdote about someone being confounded by something outside their realm of culture, not a critique of young people or Fortnight or even of digital bunny suits (though I admit $20 does seem expensive for a digital bunny suit). I meant no offense. Surely there's some cultural phenomena (truck nuts? Haunted dolls? Calvin peeing? Beanie Babies? VSCO girls?) that makes you think, huh, that's a thing that I don't quite get? That's all I meant to convey.
I think the feeling of something tangible (ie takes physical resources to create it) is a big driver of it. In a sense its own vs lease.
I have met people who refuse to pay for digital music but have zero qualms buying records. Arguably the records have less use cases but they are YOURS and tangible.
Facebook made approximately $30 (USD) per user in advertising revenue last year. I think the bigger issue (IMHO) is that the people who are prepared to pay to not be profiled are the people who are the most valuable to advertise to. i.e. they are worth way more than $30 in revenue per year.
Facebook is relatively immune to ad blockers as most Facebook, WhatsApp & Instagram usage is mobile (and why Instagram's web version is very bare-bones and lacks critical functionality).
Also, let's say I'm willing to pay $2 to use facebook and socialize with my friends. If 2 or 3 close(-ish) friends drop off because of that, facebook would no longer be worth $2, so I would also drop off
Well, you can't undelete data you didn't collect. So I think there's this natural tendency toward omnivorous data collection in every tech company.
Then we rationalize it by telling ourselves that we use it ethically. It's almost always true . . . except when it's not. If 99% of the time the data is used ethically, it's easy to write off that 1% even when the 1% is all that matters.
> Given that most people seem to care more about free services, than they do about privacy,
What a backwards analysis.
A social platform that is not already popular is worthless to most people. They have no use for it. Hence they are definitely unwilling to pay for it before it gets popular; there is absolutely no incentive to. And, of course, once a social media platform _already_ is popular, it must have gotten to that point by operating at a loss.
I am all for bashing Facebook, but comments like this don't help us come across as thoughtful in our criticism. The question is not if they could run their business with an ARPU of $1.00, but instead why would they do so if they are able to achieve an ARPU of $39.63 (Q3 2020).
Most companies in this world choose not to willingly leave money on the table, and Facebook is simply taking the same position as millions of other businesses. The only way to get them to earn less than they could is by forcing them to do so through market forces (eg: iOS 14) or regulation.
I would be happy to pay $39.63 to remove ads and allow me to browse FB without all my usage history and personal info getting sold to the highest bidder, but they don’t even give that option. So, I hardly ever use it.
Wikipedia is supported entirely by donations. I would hazard a guess that people who donate to Wikipedia consider it to be worth the money they choose to donate, and more.
So, mostly worthless to the overwhelming majority of people who don't donate, and even more who donate less than the equivalent of $1/user/month? I'm aware that Wikipedia is supported by donations, that doesn't change the fact that Wikipedia is immensely valuable to many people even though they apparently can't manage to charge $1 per user per month for their service. In many ways, Wikipedia is so valuable because they don't charge their users.
A lot of people in Canada don't pay anything for their health care and don't pay taxes either because they don't earn any income. I don't think it is reasonable to suggest these people think their health care is "worthless."
The mistake here is conflating price with value. The price people are willing to pay is relative to their means. The value, on the other hand, is relative to the utility they derive from it. Moreover, there is an additional external utility accrued to society from having a better educated, healthier population.
Sure, that's exactly my point, I don't think it's reasonable to suggest that Facebook is worthless because they won't or can't charge their users just like healthcare isn't worthless because many people don't directly pay for it.
Of the entire FAANG lineup, Facebook has the simplest chain of responsibility. Mark Zuckerberg is not only the CEO but owns a majority of voting shares. If he decided tomorrow that Facebook should prioritize user privacy, he could make it happen. Who's going to stop him? It's weird to describe this kind of corporate structure as one that has "little to no coordination".
iMessage seems to be a bit dishonest, because Apple, the owner, has way more information about you through iCloud and Apple ID - contacts, location, payment data, phone number, etc.
Forcing Facebook to clearly list all of this for the facebook account is great, but then failing to disclose this for their own account seems like double standard.
Just like having their own separate Ad Tracking switch which is on by default. (And even hidden under "System Services" on macOS!)
On iOS your location data, as far as Apple has it, is not associated with you or your device but with an identifier that is changed weekly.
If you choose to use iCloud to store your contacts (and you can choose any other service that implements the carddav standard) Apple declares the information is transmitted and stored encrypted and can’t be used for any other purpose.
If you read the document, it has a list of types of data protected by end-to-end encryption, which no one but yourself has access to. This list does not include iCloud backups.
If you do not want this to happen, do not turn on the optional iCloud backups.
But anyway, although Apple could decrypt the other data, they declare they don’t. Which is what the labels are about.
It also does not contain iCloud Photos. Nor iCloud Drive. For that matter, apple can intercept and MITM iMessage when requested by the government and don’t allow you to verify the key unlike, say, Signal or WhatsApp. I mean it’s available in China for a reason.
You never get to verify that they key you’re signing with matches the key on your correspondent’s device. You are trusting Apple with it, and they could be compelled to MITM your future conversations. This is in contrast with, say, Signal, where you do get to compare keys (and it’s open source with reproducible builds).
Of course and that's constantly being brought out as a huge negative when talking about Google, Facebook, Microsoft data storage. It also needs to be clearly said for Apple as well and not just swiped under the rug underneath corporate marketing.
Of course and that's constantly being brought out as a huge negative when talking about Google, Facebook, Microsoft data storage
No, what is constantly being brought out as a huge negative when talking about Google and Facebook is them using your data and data about you to make money.
Yes, it’s brought out as a negative because those companies are actively using that data to influence your behavior and serve you ads. Apple does not do this.
except apple has the tech to not be able to share it. they use this for some of your data. but intentionally not for icloud.
it’s probably nothing to do with USA law enforcement. my reasonable guess is they don’t care much and would go full private. i think the reason here is china. that way they don’t have to have a separate china policy which would draw undue attention to that point.
To the degree that's true, my guess is that, just like China, it's to manage public perception. That is, not "because of the US", ie some policy forced upon them.
If you ask around people feel like they have more privacy when using apple products, yet the truth is they all use iCloud backups, iCloud photos and iCloud drive, none of which are E2EE. Meanwhile, Google does allow for E2EE in cloud Android backups!
iMessage can be MITM’d by Apple when requested by the government and you, the user, will have no way of verifying your correspondent’s public key (unlike whatsapp, signal, keybase etc).
>iMessage seems to be a bit dishonest, because Apple, the owner, has way more information about you through iCloud and Apple ID - contacts, location, payment data, phone number, etc.
But do they bring all that data together, correlate it, and sell it?
No advertising agency sells your data. That would destroy all their competitive advantage. They sell access to the people they have data on. Regardless, it's irrelevant because the App Store labels aren't about selling the data, but about what is collected. (or supposed to be, as claimed by Apple)
They don't sell data, they sell access to fine grained slices of their users.
"You want to advertise to 65 year old white people[1] in QAnon so you can pedal a very specific kind of fear? No problem."
"You want to buy access to black women under 30? We gotcha!"
That is what Facebook does which Apple doesn't.
[1] I know FB doesn't actually allow targeting based on race anymore. They do allow targeting based on interests though which can easily amount to the same thing.
Can any app on AppStore avoid declaring those flags if they say in their marketing that they don't sell it? Or why does it matter for Apple and not for them?
It is debatable what that data includes but even if true it isn’t what these labels are about. The list shows purposes and types of data and Facebook declares they use all that data for the purposes of tracking, advertising and analytics.
To me, its not listing all the things that the company knows about you, its listing all the information that app reads about you.
In other terms, this is what Apple knows when I disable the iCloud and only use iMessage. And this is what Facebook knows when I only use it though that messenger and nothing else.
That’s not it at all. If you have iMessage in your phone it’s completely tied to Apple whole data gathering context because your phone is made by Apple.
I understand what you’re saying. If the App is only collecting certain amount of information on its own, then they should only list that right? ... But that’s unfair with the rest of the vendors because they are forced to list everything they track, while iMessage obscures it by saying “the app doesn’t collect anything”...yet the phone is and iMessage is the default messaging system for iOS.
I’m a loyal Apple user but this is anti-competitive behavior. As much as I love Apple’s privacy focus, it seems that they’re using it as a proxy to unfairly compete with other companies and claim that they only care about the end’s user privacy, which is clearly not true.
Apple does and will use your data to push Apple products. They should be transparent about that.
Apple's News+ advertising empire? App Store advertising? Is there any evidence at all that they cross pollinate data in either of these contexts? If so, it certainly isn't clear based on the advertising I see in News+
Much of the stuff you are complaining about is "collected" because it's needed by other services. The real question is whether the data is reasonably siloed and how easy it is for Apple or third party's (governments, etc) to access and abuse.
Claims that company x oversteps privacy boundaries is often met with oh yeah? But Apple isn’t perfect. I agree, and I think there is room to push Apple to be a bigger advocate for privacy. Currently I think they are arguably doing the best job of this, however and pointing the finger at other people doing the same or similar behavior is not really an excuse. Pointing out hypocrisy doesn’t excuse bad behavior.
Those have nothing to do with iMessage though. If they aded them to the iMessage list people would naturally think that if they didn't use iMessage those things would be disabled, which is not true, so what you're asking for would be highly misleading and disingenuous.
That's the point, it's not about iMessage but it is about Apple. So to include Facebook things that are not necessarily Facebook Messenger things makes the comparison oranges-apples misleading
You're misunderstanding the warning on WhatsApp, those are the actual information specifically exposed by WhatsApp itself. The one for iMessage lists all the information specifically exposed by iMessage, so they are equivalent.
Hmm, I'm being badgered to reenable iCloud on every single minor iOS update and rather commonly on macOS as well. Are you sure you were never asked about it?
I have iCloud turned on but it’s set to only sync Notes or something trivial like that that I don’t even use- I can’t recall ever having been badgered for more.
Maybe I got to that state because I was being badgered? It’s been long enough though I can’t recall.
Might be worth a shot if the risk is acceptable enough to you vs the badger.
The data listed for FB Messenger is taken directly from your phone and explicitly used for advertising and “other purposes”. If you added what Facebook has access to from your account it would cover two entire pages. Apples and.. blueberries?
I don't entirely agree with you here, but I do agree that Apple should be leading by example here and putting their privacy warnings exactly where they expect everyone else to. I want to be prompted for whether iMessage can be tied to data collected from other apps, or whether I should allow “Find my” to “continue accessing location in the background”.
For me, it would go a long way towards seeing Apple as not just trying to leverage their platform to be anti-competitive, but as a company who is honestly protecting my privacy.
I’m not an apologist or shill, but as a user I feel like I understand what I’m giving to Apple (or Microsoft/Google/$OS_VENDOR) when I am using their OS _AND_ enabling any kind of cloud sync. Maybe they’re taking more or less than I expected, but if I’m syncing my entire contact list I just have to assume now they have my contact list- and I accepted that when I enabled the functionality.
Some feature flags/settings across all the OSes get hidden, are non-obvious, on by default, or are flat out using dark patterns (looking at you Win10) but in general I assume the default state (for all OSes) is a combination of reducing support incidents, easiest on-boarding, and trying to push some corporate strategic objective summed up as keep the average user happy enough to stick around and possibly give us more money.
Any app I install on said OS, may want to access this information but without all the permissions explainers I have no idea what it’s going to want or why.
Again, I assume the OS has access to all of this because it’s the OS it either needs it or is the manager of the info and access broker.
To sum up my thought, I guess I agree that there’s a double standard but disagree that it’s necessarily bad or shady- but that’s because I already had a double standard in mind when I think about OS vs App.
Specific to ad-tracking and Apple: I have no proof for my belief but I believe Apple who primarily wants to sell me hardware and has made public acknowledgements of the importance of privacy, including making noticeable improvements to their OS, is significantly less likely to abuse my privacy than any other OS vendor out there.
I’m not saying this as a whataboutism, I just base it on my perceptions given all the things you just flat out can’t turn off in Win10 and that Google literally makes their money off of getting ads to your eyeballs and Android’s permissions are a dumpster fire nightmare for privacy.
I feel (again, no real proof) that the Apple eco-system is providing me the best _mainstream and low-effort_ steps to privacy protection vs the others, but I concede that it’s probably not good enough in many ways.
I am not a fan of FB. Lord knows they are arseholes.
I _do_ like these labels, I think they are good.
but
It is dishonest to say the least that imessenger only has access to just those details. To use imessenger, you need an icloud account.
Tie that to the location services and any payment information, Apple knows everything about you, even more than FB.
The issue is about trust. rightly people don't trust FB with their data. However I don't think we should be letting apple off so lightly, especially when they are pointing the blame at other people.
To be pedantic you need an Apple ID rather than a iCloud account to use iMessenger. So in theory payment information isn't included.
However once you've got someones email or phone number you can ultimately tie it to any other data when you've used it elsewhere - medical records, phone calls to prostitutes, hacker news posts etc.
I think the difference is that Apple don't (or claim to not) use that data to categorise you and serve ads like Facebook. Apple make lots of money from hardware sales, a few cents from aggregating data is a drop in the ocean and they can take 'the moral highground' towards privacy.
I think the difference is that you are paying Apple to not abuse your privacy. With Facebook, you know you are trading some amount of privacy, but these new labels make it clear just what that true cost is.
I agree with this take, and it's the same take I share with friends and colleagues. It's certainly better than FB.
However, are we sure that Apple, in 30 years, will be the same proponent of privacy that they are today? Even if there's a 10% risk that they won't, they'll have your same data then that they have now.
Strong encryption with user-owned keys is the only way you can mitigate against this scenario. I'm optimistic that we'll get there eventually, but we aren't there yet.
I am paying to trust apple with my data. Much more sensitive data than I share with Facebook.
I don't give facebook my health, location or payment details. Apple gets all of that and extracts a fee.
I don't give a shit about advertising, advertising is always about the aggregate.
What I care about is someone getting access to my data directly to do something with it. For me, my main fear is hackers and corrupt insiders.
Facebook is going to spend the next five years transforming from a naive company that is/was loosey goosey with peoples data, to I suspect a fee extracting privacy first AR platform. You might laugh, but look at microsoft, look how they have changed.
Granted I pay for an email service that could similarly abuse me.
I think the goal should be to create services/software that make it impossible for a company to abuse people, so we don't have to rely on their word, or have to worry about them changing their word later.
Intent matters, simply collecting data to support the features you are providing is not inherently bad. Collecting data for third party ad targeting on ther other hand...
I don't think intent matters as much as you think, because the government millitary complex can force you to give that info in the first place and then use it for very bad purposes, like china and USA has repeatedly. Gathering such info while being aware of such realities and very wealthy is pretty bad too.
If only Apple didn't have a monopoly on the App Store on the iPhone. Then we wouldn't have to know this information because we could get it from a different App Store where Facebook doesn't have to share this info!
App distribution can be totally different from API access to my device. No matter where i get the app from, when accessing certain APIs i would get notified about that, or would have to explicitly enable that functionality in OS settings.
Access control is not the same as logging - the first time an application tries to access the API the OS checks permissions, asks user to approve/deny, and then stores the user's choice. No need to log the actual API calls at all, no permanent records needs to be created.
It would be better to be explicit: if it were not for the Apple 800 lb gorilla holding the Facebook 800 lb gorilla's feet to the fire here due to its self-appointed role as gatekeeper of the iOS App Store then this information would remain hidden from general consumers.
And while they force this to be disclosed about Facebook Apple hide its own data harvesting since they can collect via sources Facebook cannot. This is pure PR and abuse of market share to better Apple's own ad service.
You have repeatedly made this claim and have yet to provide even the thinnest shred of evidence. Please supply some or stop making these unfounded assertions.
I've seen multiple people allude to Apple secretly collecting data before. I would really like a source because it's very plausible but I haven't seen any independent research showing that this is actually happening or what's being collected.
I'd argue that if apple didn't have a monopoly, we'd have stores that catered to privacy conscious people far earlier.
If apple didn't restrict the OS so much, you'd have people making their own Facebook clients, wouldn't have mattered if Facebook liked it or not. The monopolization of Facebook's control on personal connections is partially because of closed OS's. And Apple's iOS is one of the most responsible OS's that gave rise to Facebook's data monopoly.
Had it been like Windows, there wouldn't be a way that Facebook could've maintained their monopoly.
There are other OS with a larger percentage of devices installed with other app stores possible. How many privacy focused stores do we see with privacy focused Facebook clients? How many of the users exercise those privacy options and give informed consent to share their data?
Hypotheticals can be argued either way but it’s just one possible option, not the only one.
The answer is chrome web store/firefox store and adblock/tracker block.
They offer a hint into a more free future.
Imagine if adblock wasn't allowed on those stores. Today the equivalent is alternative clients to Facebook not being allowed on iOS and the App Store.
Look at YC startups like motion being built on top of the web. They are building on top of the network effects of gmail/google/facebook/slack etc. We aren't allowed any of that on mobile. Had they been allowed more access to the mobile OS's, they could be a very successful company. We haven't even touched the tip of cross OS productivity integrations.
> If apple didn't restrict the OS so much, you'd have people making their own Facebook clients, wouldn't have mattered if Facebook liked it or not.
You're totally wrong on this. In fact, the first alternative FB clients I remember using sprang up on the iPad, before FB bothered to put a native app out for it.
What killed alternative FB clients was FB itself -- they've slowly closed off the APIs you'd need to access to make an alternative client optional. FB has also closed off their own alternative clients as well (FB Paper), and have been forcing users into their official web or native clients for a while.
I'm not sure that it really workout that way, you wouldn't have Facebook clients on these privacy conscious stores because FB wouldn't provide an open API which they could use. Otherwise are there any reasons why these client can't be published on the App Store besides that there no way to make one?
Instead it's probably more likely that FB would host Messenger and Whatsapp clients on their own app store with all the details hidden somewhere in the user agreement.
That was a rhetorical question. AFAIK the closest thing you can get is wrapper around messenger web app which (which by default doesn't work on mobile browser because FB wants to force everyone to use their native apps).
While it wraps their web app, I use Frost for Facebook, which is an open source app that lets me access Facebook messages on mobile without using any of Facebook's apps.
The the answer is: a competitor could build their services on top of Facebook. They wouldn't have to start from scratch. Independent client's mean if the one user trusts you with their data, you can provide them a bigger value.
Today you cannot innovate on top of Facebook. Their network effects mean if your service is superior, you need to beat the network effects first.
And Facebook cannot reasonably offer independent access because: Cambridge Analytica.
Independent client's do what they want without Facebook taking a hit on their reputation. No one blames apple for the crimes committed using their phones/computers do they?
I think that building a competitor on top of facebook is against their terms of service. You wouldn't be able to build an 'alternative facebook client', legally at least.
Is there a single time in tech history where a monopoly was not totally abused ? You are asking Apple to take over the world because you buy their privacy propaganda but ICloud is not even end2end encrypted, employee are listening to Siri conversation, Apple knows all apps you run and when instead of just providing a blacklist you compare against locally... There's a scandal every month about Apple privacy.
How long before they ban ProtonMail because "You know what, we think our emails are "better for you". How long before they ban Signal because "You know what, IMessage has a better security than signal so it's "better for you".
Monopoly / tech dictatorship are the easy and tempting solution but nothing good ever came out of giving some dude total power over you. And even if you like those dude because you buy their propaganda, many other people might not share your view.
Ironic — the article shows up obscured by a full-page overlay and a banner with my favorite phrase "We value your privacy" (I read this as "your data has value to us"), that goes on to say:
"We and our store and/or access information [...] and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights [...]
With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing."
I can then click "MORE OPTIONS" to enter the deceptive dialog, where you think everything is off, but really everything is hidden under "LEGITIMATE INTEREST" (another one of my favorite sneaky phrases). I don't know how you can really turn the tracking off.
Doesn't iOS 14 have DNSoTLS? You could use that to block ads system-wide. I've been doing this on Android with my own sever for several years now, and it's so surprisingly effective that I forget internet ads are a thing.
Which are much less powerful than uBlock Origin and only work in the browser (which isn't an issue on desktop, but on mobile a lot of the tracking is also done by apps, so blockers need to be more than just browser-focused).
Have you tried clicking through those deceptive dialogs and have you seen the list of "trusted partners" that will receive and gather tracking data about you?
Do you at least know roughly what the number of those "trusted partners" is?
Well it's not entirely a fair comparison since iMessage doesn't support in-app services and purchasing like Facebook Marketplace, as WhatsApp does. For which naturally it has to gather additonal data.
Also until iMessage is available on other platforms, what it slurps or doesn't slurp is academic for most users of WhatsApp.
That doesn't follow, Apple provides 6 different purposes for collecting data linked to the user:
* Third-Party Advertising
* Developer’s Advertising or Marketing
* Analytics
* Product Personalization
* App Functionality
* Other Purposes
The features you mentioned would fall under "App Functionality" and as you imply it would be legitimate. The reservation with Facebook is all the data they collect for the five other purposes. In my own analysis of thousands apps[0] I explicitly excluded data collected for app functionality purposes because of this. FWIW most of Facebook's app collect 128 data types(by far the most of the ~5000 apps I've analysed) across those five purposes, WhatsApp collects only 18.
Why would I want in-app services and purchasing like Facebook Marketlplace in my chat messaging app? It should facilitate chat and messaging, and no more. This is how it used to be, until Facebook acquired and ruined WhatsApp.
I don’t think more features is the issue. It’s adding them at the cost of your personal data, especially when you need to pay the cost even when you don’t use those features.
It’s unclear that these data is collected if you don’t use these features.
Same as an app may need disclose it can use you mic, but it only does it if you use specific features. (The model for such permissions used to be before installation on Android and improved over time, and perhaps something similar can be done for data collection permissions as well)
Right now, more features, whether you use them or not, will have their data collection appear on this screen, without context. So while these labels are a welcome addition, they can also be scarier than reality.
You're saying that WhatsApp needs more data for additional features. But I don't use Facebook Marketplace, I just use messaging; it makes sense for me to compare WhatsApp with apps that act as communication tools only.
I think most WhatsApp users see WhatsApp like this and I'd guess article's authors assumed the same.
Maybe FB should have let WhatsApp be a messenger then and made the Marketplace its own app. But this way, the tracking functions can be pushed to everyone under the guise of the Marketplace functions, even if they only use the Messenger.
Facebook is persona non grata when it comes to trusting them to use information that they’d obviously need for a service only in the way they’d obviously need to use it while not adding it their advertising database.
We should understand Facabook was the best platform to advertise mobile game apps and etc, for almost 10 years. Apple took 30% of all that revenue without any objection.
Now Apple has its own ad infrastructure, and this is a perfect strategic move by Apple.
This is cute and all but so long as Android (and to a lesser extent Windows/Linux PCs) cannot run iMessage... what does any of this matter? Yeah iMessage is great between me and anyone I talk to with an iPhone, but it's still largely an Android world and in the best case scenario I can convince an Android user to install Signal, but usually not.
Well, that's the point from Apple's standpoint, right? It's marketing for them to convince you to convince your friends to buy iPhones. And in the mean time they'll keep blocking out apps like Signal from integrating in iOS the way they can in Android.
To be clear I wasn't trying to defend Apple here, it's more in the spirit of meaning they should just shut up about how great they think iMessage is so long as it's only available on Apple devices.
Like many other unpleasant facts it is one thing to know something is happening and another to have it proven to your face in an indisputable format.
However I have to ask, will this become another surgeon generals warning or calorie labeling of restaurant menu experience? By that I simply mean, people will not only click through it but also accept it as they don't see any real cost.
Eventually as with everything presented under dire warnings you drown your audience to the point they tune it all out and go right back their blissfully attitude of just accepting it under the guise of its not going to matter
YMMV, but I actually do look at the calories before ordering at a restaurant. There are times when I have ordered something else because of the number of calories was too high in what I wanted.
If it’s impossible/forbidden/very costly for the vendor to put poison in the food, then they won’t do it. Nobody will come and say „I would like to have this extra fatty extreme glucose meal, please“.
This is why we need opt-in instead of opt-out as default.
In the EU (and UK), it's some fairly minor changes to do with business messaging.
Outside of the EU, it is much more significant, merging your WhatsApp data with your Facebook data (including the phantom profiles FB create for users who don't have accounts). They can't do this in the EU (yet) due to privacy laws.
I am flabbergasted that this author attributed to 9to5 mac the privacy labels of different apps in the screenshot, when tracing the sources shows it was Zak Doffman at Forbes who created it. Poor journalism.
Expect more of this pushing competitors out as Apple transitions further into the 'services' business model by monetizing their vast trove of user data.
MSFT and GOOG have been doing this too for years ofcourse.
While GOOG has had to be content only with what they can read from emails/calendars, texts, web searches, calls/voicemail, maps/location data and anything else that they can scrape from an Android device.
MSFT has had all of that a much, much more since they own the whole OS for workstation/server class devices where actual work gets done. MSFT will claim that all that data is for quality control and now security services but ofcourse they are going to squeeze every last drop of money they can from it. To expect otherwise would be like asking an alcoholic to guard a brewery and never sample the product, completely ridiculous. The US has no serious legal repercussions for doing so. Probably because the US intelligence community depends on that data since IT is forbidden from collecting it from Americans on its own.
Problem is that most people already have WhatsApp installed and won’t be looking at that label anytime soon. Even if they had to reinstall it, they would likely never look past the download button
You do realize that this type data collection is almost always in service of displaying ads, in some way, to users, don’t you? There’s been reports about FB working to add ads to WhatsApp for a while now [0].
Fucking yes! This should be the default. The default should be pay, with a free option that requires you to dump truck all your data.
Tech giants have completely ruined the internet economy. You can’t even pay for these things now. It’s just hand over all your data and secrets, or fuck off.
And the worst is that new businesses can’t compete unless they do the same. You can’t compete with free.
IMO it would be perfectly reasonable for everyone to have an Internet connection(s), and much of the rest is handled by community efforts. That's how Bittorrent works, and it's very scalable and open. Emerging protocols can add privacy. Solid is another effort in this direction, where any third party could host your data. Finding ways back to that (since it's more or less how things worked pre tech giants) offers a lot of solutions. The tech giants could even pivot (or be forced to pivot) to this approach, which is simply about being less captive on particular ecosystems. It's not even the grand vision of rich interoperability that doesn't depend on backroom deals, which is what we should be talking about now.
imo, that's a very, very dangerous proposal. I agreed with you for a couple of seconds, but this sounds like yet another way to fuck poor people.
It should just be default to not collect unnecessary data, whatever that may be, while being free. Maybe make paid plans with premium features. Everything else will just mean that Big Tech can spy and manipulate poor people, because they can't afford to pay for every service they (have) to use. We should stop tying privilege to money.
Maybe I'm being too dramatical, but that's what came to my mind after reading your suggestion.
Access to internet services is not some fundamental human right. No one HAS to use these services. You can live a perfectly fine life without FB, WhatsApp, Instagram, Twitter, Google, etc. I don’t have accounts with any of these services. My life is better for it.
Moreover, paying for goods and services is how the economy works. Netflix does not have a free tier. Are they fucking over poor people?
1) It is not a fundamental right at this moment, but I think it should be in the following decades. More and more things are expected to work online, with offline alternatives existing. And you are mixing general internet access with individual platforms.
Sure, nobody has to use Twitter. There are situations where one is forced to use one of these platforms. And I know where you are coming from, the only account I have is from Google.
2) It's not wrong, not to have a free tier. It's not wrong to have paid plans. What I think is wrong, is defining that surveillance should be the default. Give me the option to disable analytics etc. completely. Tying this mechanic to money is wrong. You shouldn't have to pay to not be spied on.
That is wildly inaccurate. Apple should report for each of their apps the iOS data they are collecting on top of the application specific data. Apple has my location, my friend's location, my contact list, and stores all of my iMessages with the encryption key in iCloud.
"Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple"
- If you want to hold the keys to your backups and set up the system to be private, you have the option to do so, and are presented with that option at the time the device is set up (and you are also presented with the option to use a local backup to restore or set up a device). The implications of the choice to use a cloud backup should be made more clear, though.
- For the vast, vast majority of users who don't have good backup hygiene, having someone else manage backups and hold decryption keys is a good trade-off, considering that the alternative is total data loss.
I see this diagram posted everywhere on the internet, and whilst of course Facebook collects a lot of data, in this situation I believe they just selected every option available to them for display on their app listing. If they declare every single option that Apple presents then Apple cannot complain, and it is not going to deter end users one iota from downloading the Facebook app and the other Facebook owned properties.
Kind of stupid to compare against Imessage. It says Imessage can link to your device id. And once apple knows the device id, they basically know everything about you since they own the device (remember: you don't own your Iphone). It is admirable that signal is not using any identifiable data, though.
> It is admirable that signal is not using any identifiable data
They don't need to. You identify yourself within the app with your login.
> It says Imessage can link to your device id
While iMessage is vulnerable to (certain) MiTM attacks, and storing your message archive in iCloud is (was ?) unencrypted, iMessage is surprisingly resilient to attacks (on the protocol itself).
Every iOS/Mac device generates it's own key and uploads the public certificate to Apple's keyserver, this is why they need your device id.
When you send messages with iMessage, your device then contacts Apple's keyservers, gets ALL public certificates for the recipient, and encrypts the message once for every key, and sends an encrypted message per device.
Attachments are handled a bit different. Insted of encrypting the attachment n times, a new key is generated, which is then used to encrypt the attachement, the encrypted attachment is uploaded to Apple, and the key is sent using normal iMessage messages (encrypted)
Your private keys NEVER leave your device, so iMessage is end to end encrypted as long as you don't enable iMessage in iCloud.
I said that iMessage was vulnerable to MiTM attacks, which it is. There's nothing stopping Apple from adding a "shadow" device to your list of devices with it's own set of keys, which would then receive a copy of every message sent to you, and that's probably how iMessage in iCloud works, but they have no way of retrieving your message history from before the shadow device was added.
> They don't need to. You identify yourself within the app with your login.
By that logic even whatsapp/facebook don't need anything apart from login. So why do they collect all the other stuff? Signal is making an effort to make do with the minimum amount of data.
> While iMessage is vulnerable to (certain) MiTM attacks
Apple doesn't need to MITM Imessage. They own the app, service, and devices on both sides. That's why it's silly to compare it with whatsapp/facebook.
iMessage in iCloud is end-to-end. Probably you are confusing it with the iCloud Backup, which is not. iCloud Backup contains the Messages in iCloud keys anyway, so if you want the best security it's better to not use iCloud Backup.
Seems i was wrong, though backup is encrypted. The "issue" is that the encrypted backup contains a copy of your key used to decrypt the (encrypted) messages within the backup.
And at the same time Apple pretends not to do this themselves since they can harvest the data in other ways so iMessage doesn't have to show as many warnings. Very disingenuous and pure PR (that clearly is working as intended even on HN). With cloud, iMessage and a unique advertising id Apple knows way more about its users than Facebook does. Great that Facebook gets exposed, but naïve that people believe Apple collect less.
https://www.macrumors.com/2021/01/05/google-hasnt-updated-io...
I really wonder why :)
And apparently iMessage has a privacy statement now, and it's much shorter than whatsapp's:
https://www.forbes.com/sites/zakdoffman/2021/01/03/whatsapp-...
(This is posted on HN too).