MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security
While the implication above is that Siri is doing only local, on-device processing, the language doesn't say that. Even if all the processing is local (Apple outsourcing its AI load to users' devices?), the result is Apple gets the results to, among others, target Apple News stories at individuals. Whether that news is "cats vs. dogs" or "right vs. left" focus, it is personal.
Per the transcribed quote above, Apple says it is doing exactly that kind of harvesting, and from more than emails.
The result is that Siri on your device has access to on-device information. Not Apple.

And, Apple absolutely is using on-device AI processing instead of processing in the cloud. But that doesn't mean that Apple is using your device to do other people's processing.
 


Given that Apple has removed the headphone jack, meaning iPhone users who want to listen to music or connect to car systems pretty much need Bluetooth, the Apple Watch depends on Bluetooth, as will the recently announced "Find My" service, who's going to turn Bluetooth off?
Depends on your car. With Apple CarPlay, I connect with Lightning cable and have access to a lot of apps on the phone (Maps, Podcasts, Radio.com streaming, etc.). It keeps the phone charged and provides the connection to the phone. And it actually disconnects the Bluetooth between the car and the phone.
 


The result is that Siri on your device has access to on-device information. Not Apple.
So Siri can somehow trigger Apple News to send me stories why puppies are better pets than kittens without sending conclusions about my preferences it has gleaned from my emails, messages, and more up to Apple?
And, Apple absolutely is using on-device AI processing instead of processing in the cloud. But that doesn't mean that Apple is using your device to do other people's processing
I didn't suggest Apple was sending other people's photos to my devices for photoanalysisd to identify strangers' faces, possessions, and pets. I do suggest that while Google and others are (mostly) using their own processors for AI analysis, Apple seems to be passing at least some of that load to customer devices and (per the quoted disclosure transcribed from my iPad), harvesting the results.
 


Ric Ford

MacInTouch
I didn't suggest Apple was sending other people's photos to my devices for photoanalysisd to identify strangers' faces, possessions, and pets. I do suggest that while Google and others are (mostly) using their own processors for AI analysis, Apple seems to be passing at least some of that load to customer devices and (per the quoted disclosure transcribed from my iPad), harvesting the results.
It's a big can of worms, but as I understand it (barely), Apple says it isn't pulling back so much individually identifiable personal information as "anonymized" data - more of a "pull" onto our devices than a "push" back up to the mothership and its partners.

In other words, if Apple can tag you as xyz123 and determine that xyz123 likes puppies more than kittens, then it can deliver ads for puppy apps, videos and tunes via App Store and Game Store and iTunes Store and Apple News and even Stocks to xyz123 and count xyz123 as one of 992,231,457 puppy lovers in its big-data analytics, but it supposedly won't tell Facebook that George likes puppies or supply your facial recognition data or give Promise Technologies your email address.

On the other hand, macOS and all Apple's other OSs and apps and data centers and software may, behind the scenes without permission or notification, analyze anything and everything you happen to open or do or photograph or capture or have in storage, in order to... identify faces and places and, um, automatically "curate" your "Memories" and do incredible things that you didn't know you wanted Apple to invisibly and magically do "for" you with all the power of "machine learning" and "AI" and... every last tidbit of your personal data and interactions and associations from moment to moment....
 


Apple says it isn't pulling back so much individually identifiable personal information as "anonymized" data . . .
Back in days of innocence, I "anonymized" information I supplied Apple when I created my first Apple ID. I saw no reason that my real name, physical address, date of birth, etc., should be stored in Apple's databases and associated with my Apple email and the iTunes purchases I had started making, using iTunes pre-paid gift cards.

Time passes, and Apple blocks my Apple ID, because its computer system has identified the address I gave is fake. To regain access to my Apple ID and email, I have to give Apple a real address and phone number that Apple's computer system can verify is associated with the address. Hard to credit Apple's privacy and anonymization promises after that experience.

In early 2019 I created a new set of Apple IDs for some iPads we're using at work. Same questions. As I entered a real address and phone number, I've not been bothered by Apple's big brother in the sky. "Yes, Mr. Hilton is at home, but he's not taking calls."
envatotuts+ said:
Everything You Wanted to Know About Apple ID but Were Too Afraid to Ask
If you have ever been to an Apple store to purchase something you are most likely to have had a receipt emailed to you. This is made possible by virtue of your Apple ID. In fact, you don’t even need to tell Apple your email address since when you pay with a credit or debit card associated with your Apple ID they will automatically know where to send your receipt.
wikiHow said:
How to Get an Apple ID
5. Enter your name and address. Apple needs this information for any purchases that you may make with this Apple ID. Your mailing address lets them know where people are using their products.
Jobs at Apple said:
Senior Big Data Engineer
The SWE Data Analytics team at Apple collects, processes, and analyzes diagnostics and usage data from Apple devices across the world.
Are you your iPhone? Or is your iPhone you?
 


Time passes, and Apple blocks my Apple ID, because its computer system has identified the address I gave is fake. To regain access to my Apple ID and email, I have to give Apple a real address and phone number that Apple's computer system can verify is associated with the address. Hard to credit Apple's privacy and anonymization promises after that experience.
Apple doesn't just anonymize data, it uses algorithms to scrub uniquely identifying information. Otherwise the scope of your searches, etc. could be used to uniquely identify you. This includes sampling, anonymizing and randomizing some data.

iCloud sign-up isn't considered part of the data they use. They want valid info to combat spammers and others who sign-up for throw-away accounts and use them for illicit/illegal activities.
 





From a well respected security guy who actually attended WWDC19 sessions, unlike most of us here:
Rich Mogull said:
Apple Flexes Its Privacy Muscles
This year I sat in the WWDC keynote, reading the undertones, and realized that Apple was upping their privacy game to levels never before seen from a major technology company. That beyond improving privacy in their own products, the company is starting to use its market strength to pulse privacy throughout the tendrils that touch the Apple ecosystem.
 


From a well respected security guy who actually attended WWDC19 sessions, unlike most of us here...
Mogull at least recognizes that Apple's "privacy focus" may be motivated by a "shrewd business strategy" then continues, "Apple has clearly explained that they consider privacy a fundamental human right." Well, maybe not for the Chinese.

Mogull:
Apple’s privacy extension efforts started at least a couple years before WWDC14, when Apple first started requiring privacy protections to participate in HomeKit and HealthKit.
That's worked out well.
The Outline said:
If your Apple Watch knows you’ll get diabetes, who can it tell?
Cardiogram is run by a private Silicon Valley start-up. Information it collects can be used to identify and locate users because it isn’t anonymized and is kept indefinitely, while Cardiogram’s own privacy policy states it does not give out personally-identifying information to third parties, it does say it may disclose personal information in the event of a “corporate re-organization” or “a sale of all or a substantial portion of our assets”.

Practices for data storage for apps using the HealthKit API — meaning how long information is kept, or exactly what software and hardware is used to store the data — are regulated by a set of App Store recommendations, not rules.
Mogull writes: "The most important privacy push from WWDC19 is Sign In with Apple."

Business strategy behind "Sign on With Apple?"
  • Leverage control of iOS Apps to instantly put Apple everywhere in a field where it wasn't.
  • Reduce potential use of competitors' services, denying them signals.
  • Improve marketing opportunities for Apple services, e.g., new Apple Credit Card.
  • Capture users' signals for Apple analytics.
Here's a real-world example where Apple will be able to capture signals from third-party sites that now are available to Google and Facebook through log-ins:
New York Times said:
Privacy Policy
When you connect your NYT Services account with your social media account, you will share information with your friends associated with your social media account, with other users, and with your social media account provider.
 


Back in days of innocence, I "anonymized" information I supplied Apple when I created my first Apple ID. I saw no reason that my real name, physical address, date of birth, etc., should be stored in Apple's databases and associated with my Apple email and the iTunes purchases I had started making, using iTunes pre-paid gift cards.
Once people get into the realm of using Apple ID for making purchases, Apple can reasonably argue that they need legitimate information on the Apple ID for security. Unfortunately, it's a very slippery slope from that point to using that same information for advertising and marketing.
 


Ric Ford

MacInTouch
Apple has posted Gatekeeper and MRT updates:
Howard Oakley said:
Apple has pushed an update to MRT
Just after pushing its earlier update to Gatekeeper’s data, Apple has just pushed an update to its malware removal tool, MRT, for macOS, bringing its version number to 1.42.

... I maintain lists of the current versions of security data files for Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.
 



DFG

While Apple carefully cultivates an image of privacy protection, it apparently also does this:
Jeff Johnson said:
Mac app notarization and customer privacy
... Mac app notarization raises privacy issues for Mojave users. On first launch of every app you download, Mojave phones home. At the very least, Apple sees your IP address, the exact app version that you downloaded, and the exact time that you first launched the app. It's unlikely that there's much more information than that, because Gatekeeper only sends a limited amount of data to Apple, less than 1 KB. However, given all of the information that Apple already has on you, they could probably associate your IP address with your Apple ID. It's likely that Apple keeps logs of these Gatekeeper notarization checks, because if customers are launching malware, Apple would want to know how widespread the malware was.

It's important to note that no explicit consent has been given for this information to be transmitted to Apple. In System Preferences, I had disabled all of the Analytics in Security & Privacy and all of the automatic checks in Software Update, so as far as Mojave was concerned, Apple had no permission. I'm not aware of any official Apple privacy policy with regard to Gatekeeper. I have no reason to believe that Apple will use this data for competitive or marketing purposes, but… who knows? It would certainly be a gold mine of information about Mac consumer usage of third-party apps. Apple has announced that app notarization will be required for all apps in an upcoming version of macOS, so in effect Apple is forcing developers and end users to give Apple valuable business data. In any case, more transparency here from Apple would be welcome.

Addendum

I forgot to mention that I also tested macOS 10.13.6 with yesterday's security update installed, and zero packets are sent on first launch of downloaded apps, so it's definitely a new behavior of 10.14 Mojave.

I also forgot to mention that any logs of customer activity would surely be subject to warrants from police and other authorities.
 


While Apple carefully cultivates an image of privacy protection, it apparently also does this:
Yet another reason to use a VPN client: making it much less likely for Apple to associate your VPN's IP address with your Apple ID.
 


While Apple carefully cultivates an image of privacy protection, it apparently also does this:
You might want to take a look at Apple's explanation of how they handle these kinds of privacy issues in their data gathering. Yes, they cannot avoid getting an IP address (how else would they communicate back the results of the query). But stripping sensitive data is the first thing they do when they store data for analytics. They don't need to receive or store all queries from everyone. They just need a representative sample. Given their enormous user base and the methods they employ, they can get usable information without exposing private data.

They could build a massive marketing database of course and force developers to go through them to get any kind of end user statistics. But I trust, at this moment, with the current leadership and the current vision and strategy for Apple, that they don't need to, don't want to and don't do so.
 


Yet another reason to use a VPN client: making it much less likely for Apple to associate your VPN's IP address with your Apple ID.
The irony is that using a VPN to increase privacy of Gatekeeper processing would increase the vulnerability of the machine that is doing the Gatekeeper checks.

The reason is that the VPN tunnels through your router. Typically a home router does NAT to allow one public IPv4 address to work with multiple client devices. NAT by its nature blocks intrusions, and many home routers now have built-in stateful packet inspection firewalls to give more protection. So, using the home router acts as a perimeter firewall.

When you use a VPN client, there usually is no NAT going on. The VPN's external address tunnels straight into your Mac, bypassing all protections in the home router. It is just as if your Mac was plugged directly into the public Internet. You're at risk of any network attack that scans for open ports.

(The moral is that if you use a VPN, you really need to have the macOS firewall on.)
 


You might want to take a look at Apple's explanation of how they handle these kinds of privacy issues in their data gathering.
[But see:]
Wired said:
How One of Apple's Key Privacy Safeguards Falls Short
By taking apart Apple's software to determine the epsilon the company chose, the researchers found that MacOS uploads significantly more specific data than the typical differential privacy researcher might consider private. iOS 10 uploads even more. And perhaps most troubling, according to the study's authors, is that Apple keeps both its code and epsilon values secret, allowing the company to potentially change those critical variables and erode their privacy protections with little oversight.

In response to the study, Apple points out that its data collection is purely opt-in. (Apple prompts users to share "diagnostics and usage" information with the company when its operating systems first load.) And it fundamentally disputes many of the study's findings ...
My own and personal experience is that even with sharing of diagnostics and usage information turned off in System Preferences, Little Snitch reported my Mac attempted to phone home via radarsubmissions.apple.com
 


DFG

You might want to take a look at Apple's explanation of how they handle these kinds of privacy issues in their data gathering.
Arthur, you quote a paper that doesn't even have the authors' names as the definitive explanation of what Apple does with the data it collects. Please excuse my skepticism.

My point is not what Apple is going to do with these data, my point is, why does Apple collect these data in the first place?
 


Arthur, you quote a paper that doesn't even have the authors' names as the definitive explanation of what Apple does with the data it collects. Please excuse my skepticism.

My point is not what Apple is going to do with these data, my point is, why does Apple collect these data in the first place?
Did you read past the author line? A little paranoia never hurt anyone, but now you're putting words into my mouth. I did not offer it as a definitive explanation. I merely pointed out that there is a paper that contains a description of the process of de-personalising metrics that Apple uses. I do not care whether the authors are identified by name or not.

Apple have a legitimate interest in obtaining information in how people use their products. They use it to see how people actually use them, what actually happens during use and what patterns emerge. There's nothing nefarious in that. For those purposes they don't need much of the data that they could collect and they even don't need much of the data that they cannot help but getting, like IP addresses. As said, the paper describes how Apple rid themselves of that data.

You're absolutely right that "Amagooglebook" might try and build a massive customer fingerprint database from all kinds of data that they can get their grubby little digits on. That is where their interests lie. Apple's interests lie elsewhere. In nearly every instance that I have seen where Apple was pointed out to gather more personal data than they needed, they took steps to prevent or minimise the amount. Not cosmetic changes, but material changes. So I have no reason to doubt that they are actually, actively guarding privacy while obtaining the data that they need to improve their products. But you're free to believe otherwise, of course.
 



The irony is that using a VPN to increase privacy of Gatekeeper processing would increase the vulnerability of the machine that is doing the Gatekeeper checks.
The reason is that the VPN tunnels through your router. Typically a home router does NAT to allow one public IPv4 address to work with multiple client devices. NAT by its nature blocks intrusions, and many home routers now have built-in stateful packet inspection firewalls to give more protection. So, using the home router acts as a perimeter firewall.
When you use a VPN client, there usually is no NAT going on. The VPN's external address tunnels straight into your Mac, bypassing all protections in the home router. It is just as if your Mac was plugged directly into the public Internet. You're at risk of any network attack that scans for open ports.
(The moral is that if you use a VPN, you really need to have the macOS firewall on.)
This is all very true but there is one major "feature" of VPN that you're missing: IP packets over VPN are encrypted. Firewall or not, without VPN your traffic is not encrypted.
 


My point is not what Apple is going to do with these data, my point is, why does Apple collect these data in the first place?
"Big data." Example in the full PDF linked from web annotations says when Apple's local AI on your device alerts Apple you're using a "new" word, Apple's more sophisticated corporate systems can track that word's usage to decide if it should be added to Apple's "dictionaries."

Same kind of information might reveal "too many" users figured out how to tune "internet radio" on their Apple gear. That lets Apple know to make that even more difficult, to the intended benefit of Apple's paid streaming.
 


Ric Ford

MacInTouch
You're absolutely right that "Amagooglebook" might try and build a massive customer fingerprint database from all kinds of data that they can get their grubby little digits on. That is where their interests lie. Apple's interests lie elsewhere.
Apple collects astounding amounts of intensely detailed and personal data on more than a billion customers. That's a fact. It presumably feeds this data into its A.I. development systems, though I don't know of much public information about that process. And, as previously documented, Apple uses this information to sell advertising to the tune of billions of dollars. Of course, Apple uses all this information to fine-tune its systems and products to maximize revenue, profit and stock price, which is the company's purpose and goal. (It's not a charity or non-profit of any sort.)

What seems to be overlooked is the incredible power of social mapping, which is part of Apple's systems and processes. Apple knows who you communicate with, and when, and where you and your contacts are located from moment to moment, as well as your personal preferences (e.g. in music and video). When you're designing and marketing products and services to maximize profits, is there anything better than having a map of social networks and who the influencers and purchasers are?

Meanwhile, Apple is using A.I. to analyze your photos and videos without permission or control, and "Siri learns your routines across your apps."

Yes, some of Apple's most personal and detailed data collection (e.g. Health data) is supposedly "anonymized." But in so very many instances, it is not. Apple's defaults have Apple handling your unencrypted email (icloud.com), and I assume your iCloud bookmarks are also open fodder for Apple analysis, but, of course, there's much more taken directly by Apple and potentially leaked by Apple.
Apple said:
When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and to process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”). ... If you have Location Services turned on, the location of your iOS Device at the time you make a request to Siri may also be sent to Apple...
The Hacker News said:
Apple Can Still Read Your End-to-End Encrypted iMessages
It turns out that Apple forgets to offer its so-called privacy benefits to users with iCloud Backup enabled. If you have enabled iCloud Backup on your Apple devices, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by the company, and not you. This allows Apple, and hence anyone who breaks into your account, to see your personal and confidential data.
 


This is all very true but there is one major "feature" of VPN that you're missing: IP packets over VPN are encrypted. Firewall or not, without VPN your traffic is not encrypted.
I don't think that's right. OpenVPN uses SSL and most websites and services are now encrypted over https - VPNs encrypted with SSL/TLS use the same technology.
How HTTPS Works said:
The Differences Between HTTPS, SSL, asnd TLS
HTTPS is just the HTTP protocol but with data encryption using SSL/TLS
Gmail was the leader in implementing default https connections.

What's not commonly encrypted are DNS lookups, though that is possible.
 




I'm willing to believe that Apple is trying its best to anonymize/de-indentify user data, but it's quite difficult to do in practice. In some cases, anonymized data is surprisingly easy to associate with specific individuals, especially if the data can be combined with independent, overlapping data sets. Even if a particular company doesn't undertake such activities, breaches do occur. In other words, even if you believe Apple, you shouldn't necessarily trust them.
Fast Company said:
 


This is all very true but there is one major "feature" of VPN that you're missing: IP packets over VPN are encrypted.
But only to the VPN server. From there to the destination, all traffic has been decrypted. That's fine if the destination is your home or business but actually gives a determined, capable interception agent fewer places to look for traffic by focusing on VPN exit points.
 


Ric Ford

MacInTouch
There's a lot to consider in this report from Dan Goodin:
Ars Technica said:
Potent Firefox 0-day used to install undetected backdoors on Macs
... On Thursday, macOS security expert Patrick Wardle published an analysis of Mac malware that came from someone who claimed it infected his fully up-to-date Mac through a zero-day vulnerability in Firefox. The person claimed to have been "involved with a cryptocurrency exchange until fairly recently." The hash of the malware matched one of the hashes provided by Martin.

Among the things Wardle noticed early on was that the VirusTotal service showed that the malware was detected by only one of what at the time was 53 available malware detectors (at the time this Ars post went live, five out of 57 engines flagged it). That was strange, because XProtect, the barebones malware detector built into macOS, had been detecting the NetWire sample since 2016. It's surprising malware detectors hadn't obtained a detection signature from Apple. Wardle also noticed that the malware sample wasn't digitally signed by its developer.

Normally, an app that's blacklisted by XProtect and unsigned should have posed no threat to most Mac users, since the software would have been blocked by default by both the built-in malware detector and Gatekeeper. This is a protection that, by default, requires apps to be signed by a known developer before they can be installed. But because NetWire was installed through a privileged process tied to Firefox, the exploit was able to bypass both protections. The reason: the file lacked a "quarantine" bit that's only set when a user downloads the file from the Internet.
 


DFG

Did you read past the author line?
Yes, I did.
I did not offer it as a definitive explanation. I merely pointed out that there is a paper that contains a description of the process of de-personalising metrics that Apple uses.
Taking a publication and thinking that this is the actual process that Apple uses to de-personalize data, with all due respect, is a long stretch.
I do not care whether the authors are identified by name or not.
I kind of do.
Apple have a legitimate interest in obtaining information in how people use their products. They use it to see how people actually use them, what actually happens during use and what patterns emerge. There's nothing nefarious in that.
I strongly disagree. This is not their products. These are third-party programs that one merely runs on Apple computers. Apple has no business collecting such kinds of data. It's as if Ford would collect location data on every trip you take on their cars. Do you think that they have the right to do so?

There are plenty of nefarious things in collecting a huge amount of information. Think of DNA databases. in my opinion, there is no reason that such databases should be allowed to even exist, whether they belong to governments or private entities. Nothing good can come from such projects.
 


Firmware update 7.8.1 for all Apple 802.11n Wi-Fi base stations including AirPort Express, AirPort Extreme and AirPort Time Capsule was released today. Airport Utility doesn't show the update until the base station is restarted.
After repeated restarts, my 802.11n Time Capsule is still not recognizing the update. Guess I hurt its feelings last night when I copied everything off it, planning to retire it.
 


What seems to be overlooked is the incredible power of social mapping, which is part of Apple's systems and processes. Apple knows who you communicate with, and when, and where you and your contacts are located from moment to moment, as well as your personal preferences (e.g. in music and video). When you're designing and marketing products and services to maximize profits, is there anything better than having a map of social networks and who the influencers and purchasers are?
Well, it depends. In many cases, one doesn't care about individuals. One cares about characteristics, about correlations. It is interesting that 99.1% of people who like both Rush and Marillion will also like Porcupine Tree. But to get that insight, it isn't necessary to know that Arthur van der Harg likes these bands - the tuple (Rush, Marillion, Porcupine Tree) is the interesting bit. And that can be stored and processed without a direct link to me. Then, when I download Rush and Marillion songs from iTunes, it might suggest Porcupine Tree.

It is a very fine line that one has to tread, I completely agree with you on that. It makes a difference whether one looks at who the influencers and purchasers are, or whether there are influencers and what their characteristics are. The first needs information tied to me, the other can use information that I provide without storing it or tying it to me as an individual.
Meanwhile, Apple is using A.I. to analyze your photos and videos without permission or control, and "Siri learns your routines across your apps."
Yes, that all sounds very threatening, and maybe they should provide an option to turn that off. But, in reality, that analysing and learning is done on-device. Your MacBook or iPhone is fine-tuning models that were trained on massive datasets. Apple Photos has been taught how to recognise faces in representative iPhone images. It needs an extra bit of training to recognise the particular people I know. My iPhone can do that, it doesn't have to send the data to Apple to be processed. It's not like suddenly everyone will recognise my mother in their photographs. And that is a difference with Facebook, because they train their overall face recognition. If I tag my mother in a Facebook photo, Facebook will know who my mother is and could identify her to other people.
Yes, some of Apple's most personal and detailed data collection (e.g. Health data) is supposedly "anonymized." But in so very many instances, it is not. Apple's defaults have Apple handling your unencrypted email (icloud.com), and I assume your iCloud bookmarks are also open fodder for Apple analysis, but, of course, there's much more taken directly by Apple and potentially leaked by Apple.
Sure, and Apple are analysing your mail for spam control. But, given the premise that Apple want to make it easy for people to start using a Mac or iPhone once they buy one, and that email is necessary in today's digital world, it is natural to offer an email service that can be set up by Apple. Most of today's email isn't encrypted, so Apple must process unencrypted email. They couldn't deliver mail otherwise. I wouldn't be so sure about iCloud bookmarks being analysed by Apple without customers' consent. They are personal data and EU privacy regulations require grounds for processing them. Storing them is OK, because that is necessary to provide a service to the data owner, but I think Apple would have a more difficult time to indicate what use analysing bookmarks would have.

Privacy, big data and AI are difficult subjects, I think that's what it boils down to. Some things that seem benign turn out not to be, and things that seem scary are much less so when one knows how the techniques work. The main problem is that much depends on the approach that companies take. It is possible to employ AI and big data pretty safely if one starts with privacy in mind. It is also possible to bigbrotherise functionality if one starts out with gathering data that can be monetised in mind.
 


It's as if Ford would collect location data on every trip you take on their cars. Do you think that they have the right to do so?
That depends very much on exactly what they do and how they do it. If Ford were to record my location and tie that to my person or to my license plate, I would most definitely have a problem with that. If, on the other hand, they record temperatures, precipitation, road conditions, traffic congestion, engine temperatures, vehicle speed and the like, having a plausible process to depersonalise the data, then I would have no problem with that at all, because that is data on the types and succession of operating conditions that their cars deal with, not data on my movements.
 



Mine shows there's an update waiting to be installed, and I haven't restarted the Time Capsule yet.
For purposes of comparison: my AirPort Extreme is model A1354, i.e., 4th generation. The update did not show in AirPort Utility v. 6.3.9 until after I restarted the router. The installation was surprisingly fast and without incident.

(P.S. I had to do a hard reset of the router about three years ago after it had been turned off for several days while I was away.)
 


Ric Ford

MacInTouch
The result is that Siri on your device has access to on-device information. Not Apple. And, Apple absolutely is using on-device AI processing instead of processing in the cloud.
That's not consistent with what Apple said previously:
Apple said:
https://www.apple.com/legal/sla/docs/iOS81.pdf
(c) Siri and Dictation. If your iOS Device supports Siri and Dictation, these features may allow you to make requests, give commands and dictate text to your device using your voice. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and to process your requests. Your device will also send Apple other information, such as your name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; song names in your collection, and HomeKit-enabled devices in your home (e.g., “living room lights”) (collectively, your “User Data”). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and dictation functionality in other Apple products and services.

If you have Location Services turned on, the location of your iOS Device at the time you make a request to Siri may also be sent to Apple to help Siri improve the accuracy of its response to your location-based requests.
(Apple may have changed its stance since then.)
 


Ric Ford

MacInTouch
Apple's generic privacy policy:
Apple said:
Privacy Policy
The Apple Privacy Policy was updated on May 9, 2019.

...When you create an Apple ID, apply for commercial credit, purchase a product, download a software update, register for a class at an Apple Retail Store, connect to our services, contact us including by social media or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information, credit card information and profile information where the contact is via social media.

When you share your content with family and friends using Apple products, send gift certificates and products, or invite others to participate in Apple services or forums, Apple may collect the information you provide about those people such as name, mailing address, email address, and phone number. Apple will use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes.

In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law.

... We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising...

... For research and development purposes, we may use datasets such as those that contain images, voices or other data that could be associated with an identifiable person.

... At times Apple may provide third parties with certain personal information to provide or improve our products and services, including to deliver products at your request, or to help Apple market to consumers.

... Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys.

... It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Apple to disclose your personal information.

... Apple and our partners and licensees, such as maps data providers, may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location. Unless you provide consent, this location data is collected anonymously... Some location-based services offered by Apple, such as the “Find My” feature, require your personal information...
It can be difficult to find other details, and Apple hides parts of its privacy policy until you enable certain features:
Apple said:
https://www.apple.com/legal/sla/docs/macOS1013.pdf
When you use the various communication features of the Apple Software, such as iMessage and FaceTime, with your computer, the Apple ID information you provide, your email address(es), certain unique identifiers for your computer and your iPhone’s telephone number are sent to Apple... Certain features like Analytics, Location Services, Siri, Dictation and Spotlight may require information from your computer to provide their respective functions.
 


That's not consistent with what Apple said previously:
(Apple may have changed its stance since then.)
I was not trying to say that Siri only uses on-device processing for speech recognition and answering questions.

The original poster was talking about the privacy implications of Siri Suggestions, e.g. where your iPhone knows things about how you use it. And, the original poster also implied that perhaps Apple was using the iPhones as a distributed computing network.

It has been well-reported that Apple is doing more on-device machine learning than the competition. For example, while Apple may have the phone do image classification processing, an Android phone may send the data up to Google to be processed. Many of the articles argue that this puts Apple at a disadvantage, because Google can throw more cloud computing power at the tasks than an iPhone.

So I was trying to say that a) just because Siri Suggestions knows about your phone usage, it doesn't mean that Apple knows, and b) while the original poster's point that Apple is doing on-device processing is true, it doesn't mean that Apple is using your phone for other people's processing.

While I'd be the first to admit that Apple does a lot of things I don't like, what I don't understand is why so many people ascribe evil motives for their actions. Take the Bloomberg reports of purported hardware hacks on server motherboards: Apple says that the reporting is absolutely wrong and they've never seen anything like this. But 50% of the comments I see are that of course Apple is lying. Likewise, when Apple says that their business model isn't based on selling customer's personal data, why shouldn't we believe that?
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts