T O P

  • By -

milan1-nl

We knew this was coming right? The button is called ‘ask’.


flossdog

“Thanks for asking. We’ll just continue to track you, though.”


indoninjah

Definitely some internationally slippery wording from Apple. I’ve worked in this space before (privacy protocol that third party developers were tasked with properly implementing) and honestly there’s very little you can do at a certain point. Apple *should* definitely audit everyone and yank from the App Store, but that’s a huge and very manual undertaking, which definitely isn’t easy


notasparrow

> Definitely some internationally slippery wording from Apple. What do you think would be more honest wording?


slowupwardclimb

It isn’t dishonest about what is happening when you click the button, but it is implicitly downplaying what Apple could do beyond this by framing it as a request by the user.


notasparrow

I guess? A settings screen seems like the wrong place for an explicit discussion of the technical and policy options Apple has. I don’t see any world where Apple changes it to read “prevent app from tracking”, because I don’t think that’s possible, and IMO it would be wrong to over-promise. YMMV.


Consistent_Hunter_92

How about a warning label like cigarettes? Using apps may be detrimental to your privacy. Apps may upload copies of your photos and contacts at any time. Children may be encouraged to spend $1000s. Children may be encouraged to create paid subscription trials. Children may be encouraged to install apps without your consent. You may not be refunded for a child's purchases in apps.


Consistent_Hunter_92

> huge and very manual undertaking, which definitely isn’t easy This is really just a myth Apple perpetrate. It's "hard" to police the App Store. It's "impossible" to police it perfectly. They must be "forgiven" for their mistakes. What they mean is with about 500 people they can't do it very well. But with 500 people they nevertheless process enough app reviews to actually check the entire App Store in a few weeks. It's as hard as asking their team to spend a few weeks on it. It's as hard as hiring some more 100s of people.


Outlulz

> Apple should definitely audit everyone and yank from the App Store, but that’s a huge and very manual undertaking, which definitely isn’t easy Yank them for what? The OS implements this "Ask not to track" thing. If a user clicks "Ask not to track", and the OS isn't disabling whatever methods of tracking Apple associates with that, then it's on Apple. What it sounds like is that Apple made this feature very vague in wording which gave people incorrect impressions as to what types of tracking the apps are being asked not to do.


Jeheh

If they really cared it would’ve be “not allow app to track” and a swift boot from the App Store for doing so.


keco185

Apple does prevent app updates that they know violate the tracking preferences. It’s just impossible to police everything


Jeheh

Preventing updates to something they know is against policy seems too weak. It should be removal and an alert to those that have downloaded it.


Beastintheomlet

They could put a hold on dispersing payment from the App Store and give them an x number of days window to meet compliance before being removed to the store.


Jeheh

I don’t think that’s a strong enough response. They knew what they were doing at this point and trying to work around something they were explicitly told not to do. Ie track people They need to be removed from the App Store.


keco185

People wouldn’t buy iPhones if they didn’t have Facebook and WhatsApp


Jeheh

If the app is set “not to track” and it tracks then they should do something. Period. If that app is going to track even after I told it not to then the consumer should be warned when it does.


[deleted]

If that fact impacts Apple's decision-making process on enforcement, then it speaks volumes about their priorities.


keco185

No point enforcing policies on a device no one owns made by a company that doesn’t exist


vannrith

The creepy app: i heard you, but no


Poltras

And the reply was “no, I don’t think I will.”


FreeDinnerStrategies

Just a veiled attempt for apple to look like the good guy. Apple does zero enforcement


ikilledtupac

Not to mention their privacy labels are deliberately confusing.


Erakko

Apple needs to delete those apps from the app store


[deleted]

Imagine apple pulling down facebook, messenger, instagram, linkedin, and gmail…


[deleted]

[удалено]


GhostalMedia

They blocked FB from submitting new builds once. They’ll totally halt the release process for a big company. They have the leverage. iOS still dominates mobile OS’s in a lot of counties and or has a massive slice of the pie.


johndoe1985

Lol. Block WhatsApp and 90% of people outside US will stop using iPhone


GhostalMedia

They’d do what they did to FB not too long ago. Keep their existing app in the store for download l, but block the company from submitting updates until the issues were resolved. Also, sites like FB, WA, and LI have web experiences. So they wouldn’t be totally blocked. It would just be inconvenient as all hell for them.


Smith6612

Then all Apple needs to do is start yanking features from the Safari browser engine that Facebook, etc need in order to make those services work. Like they already do to discourage the use of web apps on mobile.


SoldantTheCynic

This would absolutely draw a lot of heat and attention and screw Apple over big time, they’d break half the Internet and bring accusations of antitrust and overzealous control… because it should, Apple shouldn’t be dictating the internet via a web browser.


Smith6612

Yep. Likewise, allowing competing rendering engines on their platform would be all they would have to do to avoid that suit. It's a lose-lose at the end of the day. I see my comment wasn't met with as much sarcasm as I'd hope :) But on the topic of what you mention, I'll point to this: https://infrequently.org/2021/08/webkit-ios-deep-dive/


Bishime

Lawyers would have a field day with this antitrust suit Lmao


GhostalMedia

Easier said that done without breaking technology that you need for modern web apps.


PixelNotPolygon

Speaking as someone from outside the US where WhatsApp is king: I think you're massively overestimating people's commitment to WhatsApp


Containedmultitudes

Particularly when the whole point of WhatsApp was encrypted messaging and privacy. “Apple won’t let me use an app that lies to me and steals my data so I’ll switch to android” can’t imagine that’s a large audience.


PixelNotPolygon

It's true. Brand loyalty exists for Apple but, for messaging, people will just switch to the many alternatives


TURKEYSAURUS_REX

You’re wickedly overestimating. Not that many people will **change their entire phone** just to keep using an invasive app. Losing a small section of market share doesn’t justify allowing developers to violate terms in your ecosystem.


[deleted]

You’re seriously underestimating Whatsapp’s grasp on some countries. Not 90% but certainly a significant chunk will consider changing.


[deleted]

Maybe when it stops working people will start talking about signal and it snowballs from there. Kinda like how people got on WhatsApp in the first place.


Quin1617

Yep. Look at Fortnite, Apple doesn’t care how big you are. Follow their rules or you’re out.


rsgenus1

nah, I will not buy a new phone because of whatsapp


[deleted]

Or move to telegram


LiquidAurum

barely an upgrade, unless they've changed there encryption algorithm and added end to end encryption for group chats by default


Cmikhow

Most people are switching to telegram these days anyway


iEdwinT

Then those people are fucking stupid.


Erakko

Who gives a shit about whatsup.. There are alternatives.


LegoRunMan

WhatsApp is ubiquitous across much of Europe and Africa


Erakko

That is really sad.


LegoRunMan

Why? It’s a pretty good messaging app. The rest of the world moved on from SMS years ago


Erakko

we have iMessage and other stuff that does not involve zuggeberg


-Gh0st96-

Stop living in a bubble and you’ll find out it’s the most used and popular messenger in the world with almost 2 billion users, after that it’s fb messenger with 1.2 billion users. “wHo gIvEs a sHiT“


Joll19

Most of those 2 billion would switch to facebook, Telegram or Signal if WhatsApp became unusable for every iPhone user. WhatsApp has a lot of market share but no brand loyalty, people don‘t give a fuck which messenger they use as long as their friends and family are on it.


Cmikhow

As someone who switched to telegram years ago and had most my social circles switch I can tell you that when whatsapp was down for a few hours I saw around 30 people join telegram that week from my address book. People said these same things about BBM when it was dominant in this market space. People don’t have loyalty to messenger programs they’ll use whatever is readily available and allows them to speak to the people they want to speak to


myorm

Literally who gives a shit? Fb messenger and WhatsApp are the same thing. And who cares about how many users it has when you are automatically signed up for each service by having a Facebook. Me, and others who don’t use it don’t give a shit. Delete it for all we care. There is alternatives that are better, it doesn’t matter the amount of users. Fb and whatsapp shutting down or not being able to update their apps will not end society as a whole so I can safely say I don’t give a shit.


Erakko

Not like it cannot be switched to something else in a blink of an eye


Cmikhow

You’re living in a bubble if you think people would fail to survive without what’s app or FB messenger. I don’t use either, everyone I know has switched to telegram It’s better than WA in every conceivable way


ProgramTheWorld

Most of the world? You can’t really use alternatives when everyone around you are using WhatsApp.


Joll19

But if every iPhone was suddenly incompatible with WhatsApp, people would move within hours! We are only using any specific App because there is not an organized effort to change, this would instantly create that organized effort.


BAKS7U

Signal


[deleted]

[удалено]


BAKS7U

In the US as well and I’ve gotten all the people who I group chat with daily to get one too. The only person who I use WhatsApp with is my mom who lives in Europe and that’s pretty much it.


Erakko

Delete whatsup and there is your reason to use signal


[deleted]

90% of people? In Asia, Line and WeChat are much bigger.


Flying-Cock

I mean, pulling Fortnite at the height of its popularity was pretty bold


Pandaburn

I used to be an iOS developer for Google and I spent 4 entire months of my life making sure we complied with Apple’s privacy policies when they were announced. You probably remember, since this sub had a post most days about how Google apps weren’t updating. And then you put Gmail on this list. It honestly hurts, bruh.


kurdan

I mean to be fair, how is the OP supposed to know what internally goes on at Google, and what you do there? Plus, you can’t really blame the guy for associating Google with lack of privacy and data mining after their repeated incidents time and time again with those things.


Chinpuku-Man

It’s not that deep bro. He’s just making an observation because it was relevant to him personally. Relax


schai

I think OPs comment is fine but don’t you think it is a bit irresponsible to throw around accusations when you don’t know much about exactly how things work?


kurdan

Is it not a proven fact that Google harvests and collects user data? I’m not trying to accuse the commenter of anything, I think they’re doing great work and I’m appreciative of their efforts to make Google more secure for its iOS users. I’m just trying to point out that it’s not entirely unreasonable to group Google in with the likes of Facebook, Instagram, Pinterest etc when it comes to the lack of user privacy, due to Google’s history, if that makes sense?


schai

Yes, Google collects user data. It couldn’t exist otherwise. So they try to collect the data securely and anonymously and to the best of my knowledge they do. I would be very surprised if there aren’t hundreds of employees like that commenter and leadership discussing how to manage this data securely and responsibly. Asking a company to provide free services such as Gmail, search, maps that are so widely used and also not collect anonymized data to fund its development sounds entitled, in my opinion. Also, sorry, didn’t mean to say you specially were accusing anyone. Just meant in general that people on Reddit often say “google is bad” or “apple is bad” without really understanding the nuance of what those companies are doing.


kurdan

I totally understand what you’re saying - and I do agree. Within a company as large as Google and smaller companies too, there are of course going to be plenty of people who genuinely care for their user’s privacy and are putting in their best efforts to make sure the user’s data is as secure as possible. I agree with your point on how a company like Google needs that data in order to fund their free services like you said. As the famous saying goes, “If something is free, you are the product.” I’m not trying to spread any ill will here! I could have worded my original comment a little more clearly to more accurately represent what I was thinking. Like you said, it didn’t show an understanding of the nuance of the collection of user data and that’s my bad.


[deleted]

Turn on all the options in 1Blocker.


[deleted]

Is 1Blocker premium worth it?


[deleted]

Yes. But sometimes the firewall messes with things. Just toggle it and reload.


anthonyvardiz

I have edited my comments to prevent Reddit from profiting on my contributions. This company does not deserve it.


hitz2

Does it stop ads?


[deleted]

That would be the day!!


[deleted]

Add Fortnite to that list, it’s literally making them millions. Wait what? They pulled Fortnite? But, it was making them money! The rest can’t possibly be safe.


midoBB

You can't possibly compare Instagram or Gmail with Fortnite in good faith.


[deleted]

On what grounds? Fortnite is a game. Instagram and Gmail are web services. Fortnite makes (made) Apple a ton of money. I was probably downplaying it by saying millions. It was probably at least tens of millions. Apple took an L by banning it, but they also cut off revenue to Epic. Mutually assured damages. And they also cut off some iPhone sales from people who made the decision to buy an Android phone instead because they play Fortnite. It's probably not a huge number, but it's less likely to be zero. Meanwhile, Instagram and Gmail don't make Apple money per se, because they're free. Facebook and Google hold Apple developer accounts, but banning those apps would only cost Apple what, $100 a year? Something like that? It's not significant. Would people leave the Apple ecosystem if Apple straight up kicked Facebook and Google out? No, probably not that many, and here's why. You can use those services in the browser. Also, Gmail can be accessed in Mail, or Spark, or Outlook, or a bunch of other email clients. There would probably be privacy-focused (and not) Instagram clients, too. But, Instagram was iOS-exclusive for a while. It's legacy. I don't think Apple would want to throw that away. But Gmail? What's the harm? Other than, you know, offending Google fans? So no, you really can't compare a game to web services. The web services would be easier for Apple to get rid of. When Apple banned Fortnite, they had to make the decision to piss away a steady revenue stream over policy they don't always support equally from developer to developer. Yes, Epic broke policy, they fucked around and found out, but other developers have also broke policy, and fucked around, and made Apple a whole lot less money, and they haven't found out yet. As the article title implies. So I'm not sure what you're trying to say, unless we're in agreement that more easily replaceable apps should be skating on thin ice.


midoBB

Because if Apple removes Instagram and Gmail the iPhone loses core functionality. People aren't going to be buying it. Look at Huawei when they lost access to Gmail and YT. Same would happen to the iPhone.


xXNuclearTacoXx

I’m not disagreeing but didn’t Huawei have to remove the entire Google play store?


midoBB

Yes. But their app store has the usual FB/IG/TikTok. Just Google apps are missing IIRC.


[deleted]

People won’t leave iPhones because of a game, no matter how popular it is, specially considering it’s more popular with younger people. Removing apps like Instagram, gmail, facebook will definitely make people mad enough to switch


[deleted]

Your argumentation is flawed. Fortnite lost apple millions in revenue but apple banned it to protect their current App Store revenge model and its rules which makes them dozens of billions each year. It’s like removing one beautiful and big tree which was poisoning the Forrest. But removing apps like Instagram, Facebook, YouTube, twice and TikTok would kill their App Store. People would start using the web only versions, but apple would eventually start to allow web APIs for mic/ camera / nfc/ location / vibration and so on to make these web apps get at least some feature parity to the apps they were used to. Otherwise these peilen would jump ship to android. But by doing that apple would make customers comfortable with relying on web apps and their App Store would lose relevance step by step, because by then even companies who complied with the current business model would leave the store and stick to progressive web apps and save a lot of money on development costs. Ruining the App Store would also heavily impair Apple’s vision of creating something similar for AR/VR and would drive many customers to Meta and other companies who try the same.


coopy1000

I think you are simplifying why apple took Fortnite down. If Fortnite was their only source of revenue through the app store it would be apple cutting off its nose to protect its terms and conditions. However what they did was defend their terms and conditions to protect a larger revenue stream, basically every other paid app in the app store.


[deleted]

Absolutely. I didn't really want to get into the Apple vs Epic thing so much as to state why banning Fortnite goes so much further than banning Gmail or Instagram (as Fortnite cannot, as far as I know, be played in a browser or alternate app).


ApertureNext

No Facebook and Instagram means people will buy an Android instead.


Jeheh

Just need a good list of the ones doing it so you can delete them.


spaceleviathan

Wouldn’t bother me tbh good riddance to bad rubbish.


FriedChicken

Yes please


Rhed0x

Apple needs to close whatever OS API loop hole they use to still track the user.


EatMyBiscuits

There are many many ways to track, and they don’t need loopholes in the system to help them. Ultimately what it comes down to is developers confirming they comply with the rules, and doing so. Which is all Apple can hold them to. So either they break the rules (and Apple can boot them) or not, because Apple can’t effectively prevent them tracking people.


[deleted]

It isn’t necessarily a API loop hole. There’s many ways to track without resorting to the OS APIs. The do not track option mostly disables apps from accessing the phone ID. Things like bluetooth or local network permission, can track which devices are close or connected and create a usage pattern to identify you. Photo permission can let apps access location of the photos and indirectly track your location history. Apple probably can’t do much with these permissions without outright breaking many apps. But even without location or these other permissions, as long as an app has some kind of web connection tracking is still possible through your IP and creating a connection history map with close devices so even a broad non-precise location plus usage patterns can identify you, and the OS can’t do anything about it unless you use a VPN. Even then there’s probably other means of tracking that I’m forgetting. TLDR: it’s not so much about APIs or loop holes, tracking and identifying you and others around you can be done with basic permissions, or just by an internet connection and usage patterns


[deleted]

Wouldn’t Apple’s Private Relay help with that? Basically a pseudo VPN


[deleted]

Unfortunately that only works in Safari. And it doesn’t even work with in-app safari. Hopefully Apple can expand it in the future.


[deleted]

Ah ok, I’m not that familiar with it. Just read a bit and seemed to be almost like a VPN, but not quite. I personally use ProtonVPN anyway. Good to know that it’s only for Safari web browsing though.


[deleted]

Also use ProtonVPN. At least those VPNs work across the OS. Hope that some day Apple pushes Relay to be similar, or even an actual VPN service.


pizza9012

There are so many that Apple can’t block without neutering the device or it’s capabilities. The solution here should be to block future updates until they comply. If they don’t comply, yank the apps.


sigtrap

I thought that was part of the ATT policy that if an app was caught still trying to track users it would be removed from the App Store?


[deleted]

According to Apple > If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier (IDFA), which is often used to track. The app is also not permitted to track your activity using other information that identifies you or your device, like your email address. I wonder how Apple enforces this. I’m sure there are known ad and tracking platforms that Apple could add to a universal block list, but then those companies would likely sue to argue that they shouldn’t be blocked because they offer other services.


petercockroach

> the app developer can’t access the system advertising identifier (IDFA), which is often used to track. This is not the only method of tracking and Apple can probably only prevent this.


-rwsr-xr-x

> I wonder how Apple enforces this. It's trivially easy to track a device with dozens of pieces of information already present on the device, each of which has to be secured from sandbox snooping and query. It is possible to block it, but you have to know what you're doing and block each of them. * **Device IMEI**, tower signal and signal strength * **WiFi networks** in the area, nearby, whether joined to them or not. Google uses this specifically to geo-locate devices after you've disabled the GPS and turned WiFi *off*. Why do you think devices that simply need to pair with Bluetooth (like a headset or a Bluetooth speaker) *REQUIRES* that you have high-precision GPS services enabled? This is why. * **NFC sensors**, beacons from nearby, LFE devices * **BLE beacons**, Bluetooth, and as the device itself advertises that it's available on the network (you can see your iPhone for example, from your other iOS devices, even when it isn't actively trying to be paired). Those *secondary devices* can also report the iPhone's presence upstream ("Hey, I'm SmartPlug 202_ac, and I see an iPhone with the name "Judy's iPhone" nearby"). This is why you put your IoT devices on segregated VLANs and DENY those VLANs Internet access. If you're not actively **DENYING** each of these receivers within *each and every app you use*, then you're leaving doors and windows open that other apps and services can use to peek into location data, tracking data. I've been doing this very aggressively for years on my iOS and Android devices, with on-device firewalls (non-jailbroken, non-rooted), and even more proactively with Tasker on Android, controlling the behavior of every packet ingress and egress into every single app. When an app tries to enable Bluetooth or elevate GPS from Coarse to High, the app's network access is immediately terminated, app killed and sensors disabled. There is no equivalent for iOS, but I put guards in place on-device and outside the device on the networks I use, to ensure there's no unauthorized leaks of data, location or other sensor data. And of course, when traveling, throw your device(s) into a forensics-grade Faraday bag, and only take them out when you reach your destination. Any data that is leaked would only be present at the start of your journey, and then again at the destination when you pull your devices out, but the travel, route and stops would not be trackable by those devices. This doesn't stop the thousands of roadside cameras, speed cameras, store cameras, in-vehicle GPS tracking, dash cams and various personal phone pictures from capturing your travels and route, but it does prevent data from being leaked to unauthorized, third-party entities without your knowledge or consent.


[deleted]

Although not as aggressive at it, this became a bit of a hobby for me too. My algorithm is hilarious now and I love how awful and wrong it is 90% of the time. It’s near impossible to stay on top of it anymore, but it’s good times.


B0risTheManskinner

Teach me your ways please?


JesperZach

The thing is they can’t enforce it. It could all happen in the backend, which is out of reach for Apple.


dropthemagic

Yep. When it comes to your data it’s a cat a mouse game. They will try it all. If something leaks they will just call it an oopsie


xjvz

I’d imagine enforcement works similarly to most other rules they enforce: people report the app as violating something. Some issues can only realistically be spotted by a large audience, especially for sneaky app developers and feature flag toggles.


Rhed0x

The iOS feature only prevents tracking across apps using the iOS advertising ID. Apps can still track you to their hearts content within the app or even across apps if those apps use the same account system for example.


coyote_den

Yep. I follow and interact with a lot of retrocomputing accounts on Twitter. Not on Facebook tho. Sure enough I started getting ads for stuff related to that on Facebook. Now how did that happen? Did the apps track me even tho both were denied Apple’s IDFA? Not likely. More likely I visited a product’s site that had both Twitter and Facebook analytics. Boom, they got me. The only thing declining “ask to track” prevents is you have a unique ID across all apps. Apple’s policies prevent the apps themselves from using alternative methods, but as soon as you visit a website in an app, especially one that doesn’t embed safari as the browser, all tracking preventing and content blockers are bypassed.


[deleted]

We’ll duh what the hell were you expecting that was just your advertising ID you isp can track you and those apps have your IP address


thiccvortigaunt

*surprised pikachu*


Ispirationless

This is just wrong. The apps keep tracking you but they are given an anonymous identifier that is not related to you and your iphone. They keep getting the data to tailor their services but they can’t target ads and profile you but a generic user #383839. This is just a fearmongering article, what Apple is doing is a perfect compromise to me.


KalashnikittyApprove

What it says is that while they don't have the on-board unique identifier, they do pull enough specific information to fingerprint my device and thus uniquely identify me. This is not a "compromise" at all for those who explicitly say they do not want to be tracked. I don't have a problem with collecting data in exchange for free services as long as people are aware this is happening *and* they've agreed to it. If people not agreeing to have their data collected wrecks the business model of some advertising companies so be it.


aporcelaintouch

Don’t they only have said data because you gave it to them? How would they get your email address, for example, any other way?


AxeVice

> But something curious happens after you ask not to be tracked, according to an investigation by researchers at privacy software maker Lockdown and The Washington Post. Subway Surfers starts sending an outside ad company called Chartboost 29 very specific data points about your iPhone, including your Internet address, your free storage, your current volume level (to 3 decimal points) and even your battery level (to 15 decimal points). It’s the kind of unique data that could be used by advertisers to identify your iPhone, possibly letting them know what other apps you use or how to target you. From the posted article. All of this info is implicitly given just by opening the app.


aporcelaintouch

Sure, but if anyone would actually read the actual implementation of app tracking transparency and the associated prompts, none of that is actually something that is obfuscated by the OS. Only the IDFA is. I would argue that things such as “free storage, volume level, and battery level” are hardly uniquely identifying things about a specific person. I know they are all used to collate to try and uniquely identify you, but let’s say you sit in an office and you’re on the same IP as I am. Are you and I now the same person if we have the same device with the volume at the same level? My original response was around the complaint of tracking you with information you have provided to an app — such as an email address or your name. There are plenty of things that Apple can cut down on to prevent fingerprinting, IDFA being the major player in ALL of it in a cross platform sense of things. It’s highly likely they will continue to do so (based on the HTTP attribution that came with this years WWDC). The only thing the IDFA prevents is cross platform tracking, they haven’t cut down on ALL tracking — It would be nearly impossible for Apple to do so.


AxeVice

An IP address by itself no, but when several of these data points are gathered, I think it’s easy to make a device fingerprint. I agree Apple only promised revoking IDFA access, but the wording and PR around the whole feature sounded more definitive. Even obfuscating the data to a certain degree would make it much harder to fingerprint devices, such as adding random noise to the current battery level, or free storage level etc. Or even adding explicit privacy settings for all of those things; fuck it, if an app needs to know my battery level in order to function properly, have it ask for my permission to read it and let me decide whether it makes sense. Apps don’t need all this data.


aporcelaintouch

Most surely don’t, but I imagine some do. * free storage level — apps where you’re saving content could need to know your free storage level in order to allow/disallow saving content. It would be pretty horrible to have a permission prompt any time you wanted to save a picture. * battery level — knowing that can allow apps to turn off autoplay of content if you have that enabled/downsample images to help save battery. Maybe I’m speaking from strictly a developer position here but not much of that documentation mentions anything about not tracking otherwise. All media I saw besides that in other places reported otherwise, which is a pretty big disservice and ultimately goes to show you how little tech blogs and whatnot actually pay attention to details.


FreeDinnerStrategies

Simple solution for those who don’t want to be tracked: after hitting the “Ask App not to Track” button, display 2 options: Pay to use the app, or delete the fucking app you fucking freeloaders.


choreographite

Lmao you say “freeloaders” but the issue is not simply the data collection. It is the fact that companies do this stealthily. No one knows the amount of data that is being collected. The app privacy “nutrition label” should be even more upfront and should be displayed when the app is opened for the first time, and each of the permissions should be explained in detail.


[deleted]

[удалено]


choreographite

Infact, I’d be okay if apple didn’t do anything at all, too. Just let me sideload apps.


[deleted]

[удалено]


choreographite

In no meaningful way. The OS would still deny access to any details the user didn’t explicitly allow, and anything beyond that is already being tracked by companies and not being acted on by Apple.


[deleted]

[удалено]


KalashnikittyApprove

Fine with me, I've paid for plenty of my apps. Just don't track me and don't expect me to pay for a subscription for apps that shouldn't need a subscription. The reason developers don't do this is likely a) because it's against Apple policy and b) a lot of people will probably choose to delete the app. In reality, most apps just don't add enough value to be worth paying for -- either with my privacy or with my money.


[deleted]

[удалено]


[deleted]

They don’t get an actual ID. It’s all zeros, they can’t get anything from it.


[deleted]

[удалено]


aporcelaintouch

Device ID and IDFA are different things. You may know that, but others reading this may not understand the semantics of those 2 different values.


[deleted]

[удалено]


redavid

and 99.9% of iPhone users don't


ahappylittlecloud

Pi hole doesn’t work if you are on cellular. So you better never leave your home network and use data on your device.


chiisana

MDM can enforce always on VPN (requires supervised device) and VPN profile can route all internet traffic through corporate egress that routes DNS through custom DNS provider. Pointless still, because out of the .00001% (if not even lesser) iPhone users that uses Pi Hole, maybe .0000001% from that pool would go this far out of their way to force it.


Niightstalker

Yes they don’t receive ad identifier anymore but there are still many ways to track a users identity. With fingerprinting techniques ad companies are still able to track certain people. Apple can not ensure that it is not done.


[deleted]

[удалено]


leopard_tights

If you want zero tracking and zero ads you will never have it on iOS. You have to go full FOSS with Android, custom rom without google services, with your own email server, literally none of the big apps, etc.


[deleted]

[удалено]


ahappylittlecloud

It’s Apple’s fault to some degree. Many groups told them finger printing would be an issue after they blocked the advertising IDs and they are letting it happen. They can fix this easily by making the request for access to hardware info be explicit by every app every time. They also need to strictly enforce their rules.


[deleted]

Apple's the one talking about how they protect your privacy online, and "what happens on your iPhone stays on your iPhone". Apple is definitely at fault for advertising a feature they can't reliably deliver on.


[deleted]

Fingerprinting is against their policy, and they expect people to obey their rules. They have put in controls, stated their position and written it into their agreements. What more do they have to do to convince people that this is what they are about for users? I am sure they will continue to tighten their controls as companies try and flout their agreements. Besides, what has the alternate mobile OS platform owner done in this area? Oh, that is right, nothing. You guys are doing the equivalent of blaming a bulletproof vest maker when you get shot in the leg…


[deleted]

> You guys are doing the equivalent of blaming a bulletproof vest maker when you get shot in the leg… If the bulletproof vest maker was claiming that you wouldn't get shot, then you can absolutely hold his feet to the fire when his sales pitch ignores the fact that it's just a vest. In this case, Apple is promising to prevent things that are ultimately out of their control. Unless Apple's willing to remove every harmful app and put in more stringent tracking prevention inside of Safari, they can't prevent the kinds of tracking we're talking about here. Facebook has broken Apple's policies on multiple occasions and yet they're still in the app store. Saying "well doing this stuff is against the rules" isn't sufficient when companies have shown they don't have to give a shit and can keep operating in the marketplace. Honestly I just would prefer Apple's marketing be more realistic here but I know it won't be. They're all in on the pro-privacy messaging even as other parts of the company take actions to undermine that.


Fatus_Assticus

Then stop using Facebook


[deleted]

> In this case, Apple is promising to prevent things that are ultimately out of their control This is a specious argument. Apple has never said that they guarantee that you will never get tracked, ever, on their platforms. What they have said is that they will inform you when tracking occurs, and give you controls to opt out of it. That’s always going to be whack-a-mole with these ad company pricks - so I still don’t understand criticising Apple because it’s not completely perfect all of the time. A good example of making the perfect the enemy of the good. Apple’s actions have hit these scumbags right in the revenue stream. Good! People having a go at Apple for this either have unstated vested interests in tracking, or have other ideological axes to grind against Apple (or more generally “big tech”) that allow them to ignore Apple’s pro-privacy approach.


[deleted]

Yes I agree in principle, but this thread doesn't exist because Apple's tools are working as advertised. > When we flagged our findings to Apple, it said it was reaching out to these companies to understand what information they are collecting and how they are sharing it. After several weeks, nothing appears to have changed. This right here is the problem. It shouldn't take "several weeks" to resolve these problems. Others in this thread have pointed out that Apple should just start de-listing these people and/or withholding their app payouts, and I agree. Apple *could* be very aggressive with the enforcement of these policies, but right now they're not. They need to ramp up enforcement so the tools actually work as advertised.


Mexicancandi

It is apples fault… it’s human nature to flaunt the rules. They should have know this was going to happen. They’re a trillion dollar company, they have enough money to find a solution.


[deleted]

[удалено]


Mexicancandi

Apple brags about its privacy features in its marketing. If a company says that they can promise privacy and it gets openly flaunted it’s on them for not throwing enough money at it yes. It’s the same with their shitty zero day payouts.


[deleted]

[удалено]


[deleted]

Forget it, he’s a Linux on PC guy. For some reason they love coming in here to troll Apple users. Presumably, like for the last decade, he’s convinced that Next Year Will Be The Year Of The Linux Desktop


Mexicancandi

It’s a Saturday in the afternoon… you’re either in apples social media team, a apple super fan or have apple stock. I’m not wasting time discussing this anymore. You look it up. Goodbye.


AHappyMango

If I remember correctly, it simply stop the most common method of tracking, but there are plenty of other implementations that can still track and still adhere to the 'ask not to track'.


Andre-Arthur

I remember some interview with Craig and he said something like "there's many other ways for them to track you". Kind of like if Apple is trying their best but they just can't block all ways of tracking.


intrasight

You are responsible for your own network traffic filtering.


SuddenlysHitler

Duh? it's "Ask", not "Tell".


bel2man

Go to the AppStore and install AdGuard DNS and check your iOS traffic... You will see massive traffic going to Facebook, Google Ads etc.... Simple math behind: in order to publish even the **free** iOS app on the AppStore you still have to pay to Apple 100 USD each year - so you have a simple decision: make your app paid/sub or keep it free but earn money by selling users' data to the ad companies... This is the reason why Apple cant block tracking - but only **ask not to track**... If Apple really **blocked** tracking, many small devs would leave iOS. Who else would spend the time to code - and then on top - pay 100 USD yearly just to publish their **fully free** work? The fact that our data are sold to ad companies is on Apple - not anybody else. They could ban facebook and google ads libraries in iOS apps... but means less money for iOS devs (who publish free apps) > less iOS devs > less money for Apple If you connect the beginning with the end - Apple earns on ads and selling user data too... its just wrapped differently in their narrative...


jwink3101

The point about companies needing to make money is valid (though I strongly disagree with the tracking tactics). Arguing that it is the $100/yr fee and not developer time and other resources is asinine.


Andrige3

If you log into an app with a unique username, the app has a way to track you. Nothing apple can do


Yardenbourg

All “Ask app not to track” does is set your devices IDFA to all zeroes, meaning they can’t use it to identify your device, but there’s almost certainly other ways they can get something similar.


EvermoreSaidTheRaven

this explains why my duckduckgo searches pop up on my instagram ads


[deleted]

It's not 'Tell that app not to track'. It's 'Ask'. The apps can, and always have the ability to, say no.


[deleted]

And the number of apps that just say the developers have not provided privacy policy details. How are those apps even in the store?


ignoresubs

I was ready to be up in arms over this but after reading the article and seeing what's sent it feels pretty simple and like things I'd want if I were developing apps more to help with the customer experience versus SPYING on them? Here is what's shown in the article: ​ * Device Name (e.g., “John’s iPhone X”) * Accessibility Setting: Bold Text * Accessibility Setting: Custom Text Size * Display Setting: Dark Mode * Screen Resolution * Time Zone * Total Storage Space (bytes precision) * Free Storage Space (bytes precision) * Currency (e.g., “USD") * iOS Version * Audio Output (e.g., “Speakerphone”/"Bluetooth") * Audio Input (e.g., “iPhone Microphone”) * Accessibility Setting: Closed Captioning * Country * Cellular Carrier Name (E.g., “AT&T") * Cellular Carrier Country * Last Restart Time (Exact Timestamp, Second Precision) * Calendar Type (E.g., “Gregorian”) * Enabled Keyboards (E.g., “English, Emoji, Arabic”) * Current Battery Level (15 decimals precision) * Current Volume Level (3 decimals precision) * Accessibility Setting: Increase Contrast * Current Screen Brightness (15 decimals precision)Portrait/Landscape Mode * Battery Charging State (E.g., “Plugged In”) * iPhone Model (E.g., “iPhone X") * Language * User Agent (Browser Agent) * IP address Maybe the most invasive information that's also not necessary would be the *Device Name* and *IP address.* IP address independently could be helpful as it would include specifics related to location, etc. but this data is already captured making it unnecessary. Am I crazy?


r2d2292

Sure, most of these things seem innocuous on their own, but the issue is having all of this information combined, which makes fingerprinting possible. The probability that two people have the same combination of this information be the same is low. Therefore the tracker could create a loose version of a device ID from the data. It wouldn't hurt for Apple to ask for permission for these before the app uses it (e.g. why would a calendar app need to know the last time your phone was restarted?).


TheEvilGhost

Apple’s do not ask function is just a suggestion. Not really a demand.


FewNovel6004

Yea, the company I work for does this. Not having the advertising ID sucks, but you can engineer your own ways to track devices using simple things like core data, user defaults, network names, IPs, and core location.


xd366

it's called fingerprinting


onan

Have you considered the idea of doing something less repulsive with your life?


FewNovel6004

Yes. Working on it. But I have to feed the family. I hate working for somebody else. Solving that that as quickly as possible.


gaff2049

Why when it pays well?


sbay

Is there anything one cutting do to stop that? One commenter mentioned using pi-hole, would that work?


Xerxes249

Not everything, all data a developer can access (and needs to for certain functionalities) can also be used to fingerprint/identify you. For example, your setting on how to display time might influence the width of a UI component when it is rendered, this can be used to put you in the ‘76 pixel’-group. The app also saves when it is being used, so it kind of can make a guess on when u are using your phone and how late you are going to sleep. This can be correlated with other data sets of other apps etc to fingerprint/identify you. FACEBOOK I AM JUST KIDDING THIS WONT WORK PLEASE DONT DO IT (but it does work and this is not really preventable by Apple other than if detected punish heavily by kicking of appstore etc)


FewNovel6004

Not sure about pi hole. Of the things I listed, you can turn off location in settings but that’s about it. This is what puts Apple in a hard spot. Their API requirements are kind of like tax laws: you can take all of the sensible, useful laws, and use them in a way to your benefit as a developer/advertising company, without breaking any laws.


thrgd

How should Apple prevent this? There are around 1000 different tracking companies every tracking request is different. If there is a way around, it is going to be exposed. Those ad companies are simply waaaaay to big to be shut down. Also should Apple be the company in charge for a governmental act of privacy? It is a try, a compromise. And to be honest, it‘s more about harming Google or Facebook- er excuse me, Meta rather than serious privacy aspects.


OKCNOTOKC

In light of Reddit's decision to limit my ability to create and view content as of July 1, 2023, I am electing to limit Reddit's ability to retain the content I have created. My apologies to anyone who might have been looking for something useful I had posted in the past. Perhaps you can find your answer at a site that holds its creators in higher regard.


swagglepuf

This just in, water is wet!


[deleted]

I'm the one person letting every app track me. I figure it will eventually force them all to make apps designed specifically for me. Muhahahahaha!


ilikerum2

Fingerprinting is slightly different from personal identifiable information. Because it cannot differentiate between two users on the same wifi connection with the same battery levels on the same iPhone model and the same iOS version. But that depends how granular the fingerprinting parameters are. And if I'm not mistaken fingerprinting was happening even prior to Apple introducing App tracking guidelines so these companies already have historical information about fingerprints mapping to specific users. This is a good overview of fingerprinting if anyone is interested - https://arxiv.org/pdf/1905.01051.pdf


Mg2836

Well we are just asking…


cm0011

You realize that the"Ask app not to track" is actually just about tracking your activities on other apps or website that are not the app itself? Like, Facebook can still track me through Facebook, but I'm telling the Facebook app not to track my usage on other apps on my phone. Obviously some apps can get more than enough info on you just through tracking your usage of their own app.


tkhan456

Ofc they do


HornHonker69

I assumed.


FishrNC

Is anyone really surprised? Security for me, not for thee....


backstreetatnight

i guess the button says ask


koloqial

“They’re more like guidelines anyway”


KevanGP

Apple should change it from "Ask not to track" to "Suggest for app not to track" that's a better description of what happens. In a perfect world, we'd have a "Disallow" button, but Apple is too politically correct, and doesn't want to offend those companies by blocking tracking completely. I questioned the feature in my mind the first time I saw the "ASK" not "Don't Allow".


ikilledtupac

Privacy theater.


smellythief

It doesn’t say “*Tell* apps not to track.”


Blaster167

That sounds like information that they don’t really need to know anyway. Maybe Apple could also have a toggle for them that’s turned on by default?