The EU already has robust digital privacy laws and is likely to continue passing laws to protect their citizens. I think it's much better to take control away from Apple and place it in the hands of regulators that represent the people directly.
I mostly agree with you but from the sounds of the news across the pond it seems like the EU government, as well as our own, wants to eliminate encryption, VPNs or add back doors into systems to some degree.
There are obvious reasons to do so to combat crime but at the expense of privacy, freedom, and anonymity.
And I've quite been happy to see Apple stand up against such government control but fear the trend this will set.
>the EU government, as well as our own, wants to eliminate encryption, VPNs or add back doors into systems to some degree.
This is a continuous concern - some sectors of the EU indeed want to do that. So far, they've been mostly unsuccessful in getting their agenda through, either because other politicians have more influence, or due to listening to public protest/complaints. Still, that's no different than other healthy democracies - the people must vote, both in national elections (EU heads of state propose the European Commission's president to the Parliament), and European elections (who elect said Parliament) in order to keep reasonable people at the helm as much as possible.
> And I've quite been happy to see Apple stand up against such government control
Where, exactly?
Apple complies readily with thousands of warrantless surveillance requests[0] from around the world, every year. They've been a cardholding PRISM program member for over a decade, and just a few months ago admit that push notifications are also government-monitored[1].
Outside of eagerly marketed examples like San Bernadino, Apple appears utterly compliant with government control.
I would say to you that aren’t those very regulators to which you refer doing their very best to weaken the users ability to maintain privacy and not be snooped on? I don’t know about the EU but here in the U.S. there are always pushes afoot to break users control of encryption and other protections.
EU représentatives are literally elected by the population under the same rules as national legislators. EU commissars are appointed directly by the elected governments of EU member states, similar to ministers/secretaries on the national level. Stop spreading misinformation.
"Commissioners are nominated by member states in consultation with the commission president, who then selects a team of commissioners. This team of nominees are then subject to hearings at the European Parliament, which questions them and then votes on their suitability as a whole. If members of the team are found to be inappropriate, the president must then reshuffle the team or request a new candidate from the member state or risk the whole commission being voted down." https://en.wikipedia.org/wiki/European_Commissioner
This is effectively the same procedure that ministers/secretaries are appointed by on the national level. The only difference is that it is not the national legislature, but the EU parliament approving the appointment. And again: the EU parliamentarians are directly (!) elected by EU citizens, according to their national election laws.
So please, please shut up about stuff you obviously don't know anything about.
> Commissioners are nominated by member states in consultation with the commission president, who then selects a team of commissioners.
let's break this down into levels of appointments
how are commissioners selected?
> with the commission president, who then selects a team of commissioners.
ok, so that's one level of appointment (TOTAL: 1)
how is the commission president selected?
they're appointed, by the council (TOTAL: 2)
how are the council members selected? (obviously e.g. the land mass "Germany" can't vote for itself)
who has the council vote? the German Chancellor
how is the German Chancellor selected?
they're appointed by the German Parliament (TOTAL: 3)
who select members of the German Parliament? the German people, so they are directly elected
so that's three levels, matching what I originally said:
> so EU commissioners are "appointed by someone (commission president) who is appointed by someone (head of government) who is appointed by someone (parliament) who is elected"
the statement is accurate
the fact bits of this are rubber stamped by the EU parliament is beside the point, the spitzenkandidat idea was completely killed off in 2019
> So please, please shut up about stuff you obviously don't know anything about.
Not sure why you insist on this, but you are counting wrong:
"Comissioners are nominated by member states". That's it. Yes, the commission president is the one that presents the list of commissioners to the EU parliament, but the member states (effectively the heads of national governments) are nominating the actual candidates.
*Exactly" the same as secretaries/ministers on the national level, who are also nominated by the heads of their respective national governments. Which is fitting, because the commissioners are more or less the EU ministers, i.e. the heads of executive agencies. They are no more or less removed from the voters than their national counterparts. I really don't get what your problem is.
Or you start from the other direction: Voters select their (EU) parliamentarians, parliamentarians appoint the commissioners. End of story.
The vote of the EU parliament is hardly a "rubber stamp". The list of commissioners is negotiated with the parliament and there have been various occasions where the list had to be reshuffled because the parliament would not accept a certain nomination.
Technically speaking no, because regulation is performed by national data protection authorities whereas the people you're speaking of are some members of the European parliament.
Using a cookie or sessions does not equate to spying. Is HN in the EU? Does it use cookies? Absolutely. As far as those useless messages go, I just use a plugin to remove them at this point because they're a waste of resource.
> The EU already has robust digital privacy laws and is likely to continue passing laws to protect their citizens. I think it's much better to take control away from Apple and place it in the hands of regulators that represent the people directly.
Laws don't protect privacy. What protects privacy is technical mechanisms for people to do so.
The very opposite is true. Technical means can't ever protect privacy from a determined attacker.
There is even a country that intercepts and MITMs all TLS traffic (one of the stans, forget which one). Of course, browsers don't recognize their certificate. So, you have a choice: you either trust the government MITM cert yourself, or you don't access the web. Laws trump technology every time.
My most charitable response would be that /both/ are required, but your example is one where law is taking away privacy, not one where law is granting privacy. The law cannot grant privacy, because the law is slow to act. We have recently had cases where the government and private actors/companies have violated privacy rights in western democracies and it took multiple years to see any semblance of justice done, and the victims were not made whole.
Laws that prevent technical mechanisms effectively prevent the enforcement of laws that protect privacy, because bad actors can still break the law. The law provides some means to get justice, in theory, after a bad actor has already violated your privacy. Technical means provide you a mechanism /you control/ to actually enforce that you have privacy. You need both, but the law alone is woefully insufficient.
Unless this user has never used a device running something other than iOS, they've already dealt with this.
But this concern requires a few things to be true:
- An alternative app store is created that does not employ any form of restriction to protect users from this
- Legitimate apps that an end user needs see value in publishing themselves on this alternative app store
- There is a critical mass of users that prefer the alternative app store, such that the legitimate app publisher no longer sees value in publishing to Apple's app store
- As a result, those users who would have preferred the privacy and safety that Apple provides are now forced to use the new app store
This is a possible doomsday scenario, but it's not clear to me that enforcing and protecting a market in which Apple is effectively guaranteed a profit on everyone else's apps is the right solution? If this were to happen, perhaps we address those apps through direct legislation that targets user privacy, akin to what the EU has started to move on? Or a solution similar to this.
I think you may be missing part of what the GP is saying: the concern isn't (primarily) that an alternative App Store will overall become more popular than Apple's. It's that specific apps like Facebook will create their own App Stores whose primary purpose is to distribute their one or small number of apps without the restrictions Apple places on privacy.
So the Facebook app (and Instagram, WhatsApp, and whatever else Facebook owns these days) would be able to collect as much data as the OS itself allows, without any kind of warnings before install.
It could potentially even use private APIs of some sort to bypass Apple's OS-level permissions dialogs and collect data without even asking the user first—it's unclear, at this point, to what extent Apple would be able to police this sort of behavior from motivated bad actors like Facebook when they're not being distributed through Apple's App Store.
iOS is sandboxed so they can’t do anything outside of the context of that app. To use any APIs that would require a permission dialogue you have to make a request to get a handle on them which only happens after a user grants permission, you can’t just reach into these. This is baked into the OS. Apps like the ones you’re talking about already hoover up is much data as possible in this context.
iOS itself is actually really good at this and can be improved and hardened further, Apple wants you to believe it’s somehow their review process and strict distribution channel that makes this possible.
Sandboxing insufficiently addresses this problem as permissions can be granted by the user for legitimate purposes and then once granted they could be abused to violate user privacy.
Yeah I understood that part. My argument is that Facebook would likely lose a lot of users if they forced all users to download Facebook via their App Store. There is still an incentive for them to use Apple’s.
But beside that point, Facebook has been able to force side loading on Android for years and still distributes via the Play Store, so that’s probably at least some evidence that they believe that distribution channel to be worthwhile.
> Unless this user has never used a device running something other than iOS, they've already dealt with this
Right, and they hate it. There's a reason why the iPhone and App Store were such a massive hit. People will choose convenience and security over freedom most of the time.
I hesitate to respond because the idea that Apple is a 3T marketing firm is moronic
Let’s not pretend Apple isn’t building the best consumer silicon in the world and the most secure and user-friendly consumer operating systems in the world. That’s not even considering their supply chain innovations.
Apple devices are superior to their competition in just about every objective measure.
Apple gained popularity long, long before they started developing their own silicon. Sure, they're doing nice things with their vast fortunes, but let's not pretend that's why they're perceived as a luxury product. It's all in the marketing.
You might want to let Jonny Ive know his design org never made a difference lol
Apple was in shambles before the iPod/iPhone. You think the iPhone succeeded because of marketing? You don’t think the fact that they made multi-touch displays easy to use was relevant to their success?
Apple products are so desired that people get resentful when they can’t afford them. Then they post moronic takes on HN from their Samsungs
Let’s be real most people don’t give a shit (unless they’re into emulators apparently), this is really about companies trying to slice up the pie between them.
The idea that Apple is on the side of privacy here is not really realistic. In fact Apple has designed AirDrop etc. to make it easy for countries like China to control AirDrop traffic, and they have put down technological safeguards to prevent actually private tools like Briar from functioning.
> My fear for end users is that once an alternative App Store opens or direct side loading is allowed it will reduce users options and harm the users ability to effectivly control privacy.
This is massively misinformed. The majority of privacy controls exist in iOS itself completely independently of the distribution method, and many more unimplemented potentially beneficial privacy controls can also be implemented at that level. This has been true for years.
Privacy controls are not a panacea against abuse by malicious developers. Permissions can be granted for legitimate purposes and then abused for nefarious purposes once granted.
Many of the App Store privacy rules relate to what you are allowed to do with the user data after access is granted by the user. In other words they relate to data retention rather than access in the first place.
For example they recently added a rule saying if a user can create an account inside your app you have to also give them an option to delete the account from the app as well. This is a behavior enforced by app review, not by operating system privacy controls.
> Privacy controls are not a panacea against abuse by malicious developers
Sure, I never claimed that they were a panacea - just that the majority of privacy controls implemented by iDevices are actually in iOS and not Apple's App Store review process.
Additionally, those privacy controls are more fundamental than those in the App Store. It's more important that the app not be able to toggle the microphone at will than for you to be able to control what it does with that audio after capture.
> Many of the App Store privacy rules relate to what you are allowed to do with the user data after access is granted by the user
That's not an iOS problem, and Apple fundamentally cannot regulate that, App Store or no - after your personal information goes to a third party's servers, Apple has zero visibility into what happens.
This is also not an Apple-specific issue - this happens with Android, Windows, Chrome, and random online websites. Apple cannot and should not be responsible for fixing this - we need a good set of government regulations designed to restrict how your personal data is collected or used. Otherwise, just like you said, an entity (e.g. a bank) can ask for your personal data, then store it, and it gets leaked.
> Additionally, those privacy controls are more fundamental than those in the App Store. It's more important that the app not be able to toggle the microphone at will than for you to be able to control what it does with that audio after capture.
I mean both are equally important really. I might want to grant you access to my microphone to run a voice command but that doesn't mean I want you to collect my voice recordings and sell them to someone else. I might want to grant you access to my contacts so I can message my friends but that doesn't mean I want you to scrape my contact list to data mine my social network.
> That's not an iOS problem, and Apple fundamentally cannot regulate that, App Store or no - after your personal information goes to a third party's servers, Apple has zero visibility into what happens.
Yes they can. Maybe not perfectly but the App Store Review Guidelines define specific restrictions on what you can do with personal information, with the threat of having your developer account terminated if you violate those restrictions.
> Apple cannot and should not be responsible for fixing this - we need a good set of government regulations designed to restrict how your personal data is collected or used.
Sure, specific privacy regulations would be great, but the government moves very slowly and the government itself isn't going to be able to enforce such regulations on a massive scale in the same way that the app review process currently does.
> I mean both are equally important really. I might want to grant you access to my microphone to run a voice command but that doesn't mean I want you to collect my voice recordings and sell them to someone else.
Throughout this thread you’ve demonstrated that you don’t understand how the OS itself works and assume App Store review is somehow protecting you from this, the OS already prevents this.
Even with controls on the device companies act in bad faith and take liberties with your privacy - I was going to the beach yesterday and my friend shared his location through messenger, to view it I had to share my precise location too - why? You can deny the permission all you want but that won’t stop them blocking features unless you tick the box, even if it is unrelated or not needed for the functionality.
That's a clear example of a bad technical control, whose fix can still be implemented in iOS without the App Store. It's pretty trivial to add a feature to iOS that allows you to fake your location - there was an Android fork that had that feature for a while a few years ago.
> You can deny the permission all you want but that won’t stop them blocking features unless you tick the box
Many permissions (camera, mic, location, etc.) are trivial for the OS to spoof and don't require app store vetting.
> My fear for end users is that once an alternative App Store opens or direct side loading is allowed it will reduce users options and harm the users ability to effectivly control privacy.
Two wrongs don't make a right. The thing protecting people from abusive behaviour should be the government, not a "benevolent" monopoly.
I buy Apple products because in my opinion, they work on my behalf to protect my interests better than the other options available to me.
I think they have been leading in this area and by virtue of competition have pushed other vendors to do the same. I can’t imagine Android based devices would be nearly as privacy focused today if it weren’t for users moving to the Apple ecosystem in search of better security.
That is likely true and I was in that game for awhile but tired of the effort required and the limited hardware that would be fully functional and reliable as a production device.
With Apple it’s just easier and I can focus on other areas of life and just use my phone as the tool it is rather than spending untold hours making everything work.
Truth be told there was a time in my life when I actually enjoyed fiddling with that but I got my fill and am on to other priorities. There is only so much time in the day.
Because by and large they’ve spent the last decade building features that have allowed me to preserve my privacy from companies who’ve spent the last decade trying to pry into my personal life.
Not OP, but Apple tends to be a lot more straightforward in how they make their money. Their products cost more for the same technology, but in return they try their best to provide me with a good experience (to keep me buying their overpriced products). I don't blame those who go with option of Android, but I personally prefer to just pay a set, known amount of money up front.
Only having to deal with Apple's BS is likely better than being at the whims of all the dominant players. The latter creates a race to the bottom with no hope of improving the ecosystem.
I think that's the main reason iOS is slowly eating Android's global market share, and why it remains the market leader in the US. As bad as iOS is for privacy and respecting user choice, Android is worse in practice. There's an argument that Android's openness benefits the end user, but it falls apart in practice: almost all third party apps (and certainly the ones that other people force you to use) depend on Play Services, which is a giant pile of surveillance capitalism and battery drain.
Having said that, I'd like to be able to toggle my iPhone into EU mode and sideload a few things.
I thought that until I tried to switch back to Android, and found that there simply aren't good alternatives to the preloaded iOS software. Try replacing Notes with an E2E-encrypted alternative that supports collaborative editing, for example. I hit a half dozen things like that.
> My fear for end users is that once an alternative App Store opens or direct side loading is allowed it will reduce users options and harm the users ability to effectively control privacy.
This is like some weird 1984 double-speak. How does letting users install Apps from more stores "reduce their options"? Would you have "more options" if I told you that you're only allowed to shop at Amazon.com and your browser will block any competing online retailers? Are you being harmed by the fact that you can buy products from more than one online store?
And the whole secondary argument is some kind of joke right, as 80% of every "free" app in the App Store requests data on your location, sensitive privileges, and all of them use coercive techniques to trick users into accepting. Whatever approval process Apple is is using with the App Store is far from protecting users.
Right now, you can choose between getting Facebook from Apple's App Store, where Facebook has to comply with fairly strict privacy rules to remain available. Or, you can use Facebook on a non-Apple platform where no such rules exist (browser, Google Play). This choice exists because the App Store is the only way for Facebook to practically deliver its product to iPhone users.
If Apple is forced to allow third-party stores, then yes, users have more choices on where to get their apps. But it would allow Facebook to take their app off the iOS App Store and put it somewhere without Apple's stricter privacy rules, taking away the users option to choose a version that doesn't have things like cross-app behavior tracking.
I view it very much as a "pick your poison" scenario, where Apple is merely the lesser of two evils. I would much rather live in a world where government regulation renders Facebook's shitty business practices obsolete, then Apple wouldn't be able to use basic rights like privacy as a product differentiator.
As soon as someone discovers the non-App store version of Facebook is somehow worse then there will be a thousand Facebook posts and articles telling you not to install it that way.
I have an Android phone and I almost always install apps from the store but I have a very important handful of apps that I've sideloaded (or gotten from F-droid). Some of those apps do more to ensure my privacy than "official" ones.
> As soon as someone discovers the non-App store version of Facebook is somehow worse then there will be a thousand Facebook posts and articles telling you not to install it that way.
The problem is, Facebook could easily take the iOS App Store option away and make the alt-store option mandatory. And they have the power to do so and get away with it. People are too entrenched in their ecosystem, and there's no viable path off of it. User protests like this on social media rarely end in favor of the users.
I'm one of the people that quit Facebook entirely, and it does actually hurt me IRL. Too many friends and family members coordinate events and share news exclusively through Facebook.
They could do that now on Android but they don't because the Play store is biggest distribution channel.
I feel like the argument falls a bit flat when sideloading exists on Android, Android has 70% of the global market share, and none of these supposed evils have happened.
As an example: Some EU government could force people to turn on side-loading to install an app that's needed if you want to access public services. The app could bypass your phone's privacy protections, and feed the data back to the local government.
In the US, if Android side-loading were more common, we'd already have this, except that companies would require it.
In the EU, they'd probably crack down on companies that tried to do this. However, although it's technically illegal for governments to do such things, apparently most governments routinely break the anti-mass-surveillance laws.
On iOS, Apple has banned many bad actors for such shenanigans (although they still allow spyware from large companies like meta and google).
Just don't give those entitlements to unvetted apps, then - or require that the user solve a tricky coding challenge before they unlock the ability to grant those. It's not hard.
I think that would be in violation of court order Apple needs to comply with. For instance, they could (probably correctly) say that overriding the default web browser breaks security properties.
The whole point is that the EU wants to take away Apple's ability to vet apps, since that's created an anti-competitive situation.
I guess that's a case of the EU's regulation having negative effects on security, then!
However, this doesn't have any bearing on the argument that user freedom doesn't significantly compromise security - this just shows that the EU made a bad law.
FWIW Huawei smart watches are quite popular in some EU countries, but the Huawei health app needs to be installed on newest Android by downloading an APK because Google kicked it out of Play Store.
Even for me, setting this up and giving necessary permissions was non-obvious.
I don't believe any sane big company (except maybe a few with extremely loyal userbase for whom it would make big financial difference) will pull down their app from official app store and force people to go via an alternative store if they can just stay in regular store.
> An example of this might be the Facebook app. Currently it's only available in the official App Store where by design Apple, on our behalf, defines and enforces policies that protect the users.
My counterargument to that is even the current status quo doesn't work for privacy. Facebook can still get less data from the browser version compared to the app and that's why they are pushing hard for an app install. What would work is tighter sandboxing similar to the web, not custom reviews.
