The Google apps will still probably work but will harass you till you can't take it anymore and just allow it access. Just now I updated to Android 10 and Google play prompted me 3 seperate times with pretty serious warning that it needed acces to my SMS to work properly. I turned it down everytime and it still works, though I expect to receive more prompts. I knew there is a notification settings somewhere to turn these off.
I find it really troublesome that Google is allowed to blatantly lie to their consumers about the required permission by implying the app is utterly broken while it actually still works. Next year I'm going for an iPhone but as I can see it's not the promise Land yet.
Disabling SMS permission for Play Services will silently break transparent SMS autofill API for any app on your phone, so the message is more than warranted. It actually breaks a core component of you phone.
It's not a "blatant lie" if it actually breaks APIs.
Well the thing that actually changes is that you now need to manually fill in the verification code. This creates an extra step in the process but nothing is broken like the prompt states. I find this a blatant lie. It would be more truthful if they actually told you the service you're missing out on by withdrawing this permission.
> It would be more truthful if they actually told you the service you're missing out on by withdrawing this permission.
Lack of this is one of those recurring struggles how you know the software isn't written any more for the benefit of the end user. There is no reason for this adversarial position (well, there is, but it has to do with you as a product, not a user).
One use is when you have to verify your phone number for something like WhatsApp, they send you a text and Google Play will detect receiving it and skip the step where you enter the code in the app.
So it's a very minor inconvenience that you now have to type a few digits from an SMS instead of that happening automatically.
But if you think about it, WhatsApp needing your sms is a dark anti pattern anyway: the only time it needs sms is to uniquely identify you /provide you with an account. A username/pwd combo does that too. WhatsApp doesn't (or didn't, last time I used it a few years back) need sms access, let alone your phone number.
It hangles SMS-based OTP authentication automatically - it grabs the OTP token and passes it to an app so the app doesn't have to require SMS access or ask user to retype the code. It also verifies the source of the SMS.
I wonder whether smartphone software "helpfully" suggests to adjust privacy settings when it's unable to access information, as some websites do with ad blockers and JS, or desktop and server software does with root access. If so, they'd probably fix that quickly.
Funnily, I wasn't able to read the linked post easily with my web browser privacy features (well, noscript) enabled.
I think generally it's a bad idea to impose whatever one perceives as "good" on others. And if a user doesn't care and understand what's going on, merely restricting some of the spyware they currently have on an Internet-connected device with private information on it wouldn't even protect privacy much: I think (based on a couple of times I've observed the process on Android smartphones) they had to allow all that access on installation in the first place.
I’m not sure if this was meant in jest, but ~“congrats, I broke your apps but don’t worry, you didn’t want those apps anyways because they’re bad for you” is unlikely to be an effective pitch.
The much more likely outcome is that you’ll be marked as the odd duck in the family, and they’ll make a mental note to not let you handle their devices in the future.
If the goal is to make people care more about privacy (or really anything), an approach that breaks existing workflows and shrugs off that breakage as being a good thing isn’t really a winning approach.
If you go in and expect to fight a losing battle ... or even just any battle. It's your family.
My family already cares about privacy, they just find it incredibly hard to navigate the maze of settings and figure out what you can disable and what is hiding somewhere doing nasty useless shit.
When I disable a setting for them, I ask if they use the feature, explain what it does. Or in many cases, we look it up together, because DAMN they made that shit hard to understand.
I also ask what apps they use, and if I know any, suggest alternatives.
Usually they're happy to get rid of a couple of useless apps that were giving notifications and other screen spam.
In general they're happy that I help them. It's ridiculous that I have to, because my family is not dumb and they want to figure it out, it's just that if you don't deal with this shit every day, it's just a swamp and you tend to throw your hands in the air and give up.
A lot of the data collected can't easily be counterfeited. We're talking mobile numbers (including those of friends you contact), IP addresses, usage patterns like when you use the devices and on which networks, etc.
Unless you have access to an infinite pool of IPs and mobile numbers and rotate at frequent but random interval (and get your friends to do so as well especially with their numbers) it's basically impossible.
Better just not use scummy apps and services. If they can't be bothered to respect your privacy then find something else which can. You might need to pay for it but at least your privacy is safer.
When I go on youtube, my front page is full of the normiest things of my country. Makes me think... either I'm really good at blocking, or they don't care enough to actually try harder to track me. Or they do actually track me hard enough and they are pretending not to by showing me normie stuff, which gives me false hope about how good I am at hiding my tracks. How far does the rabbit hole go??
Even when I let youtube track me, I find that they often like to recommend "normiest" things despite nothing in my view history suggesting I'm into the things they're advertising. Particularly I mean clips from late night TV shows, ads for super hero movies, that sort of thing. Very mainstream corporate content. They know I don't watch that kind of stuff but they keep on trying.
I don't really get it. I don't think their recommender is that broken, so it seems to me like they're deliberately injecting those recommendations contrary to their expectations of what I like. I suspect those videos represent the content youtube wants me to watch, rather than the content they think I want to watch. Probably those videos are more profitable for youtube.
I've had an ad blocker on my computer from day one on my work computer. From watching exclusively programming conference talks on my work computer their algorithm has seemed to guess I'm a guy so I get recommendations for programming videos, action movies, and things featuring large breasted women. Its pretty annoying for that to constantly show up when I go to the youtube homepage on my work computer when I've only ever watched conference talks.
I worked for a content provider who used to market their search as better than Netflix. Behind the scenes the execs would provide a daily list of what must be the top X results for specific phrases. Sometimes it was make sure some title exists as #1 in any relevant searches.
What I’m trying to say is maybe YouTube’s recommendations are very loosely based off your viewing habits, but they would rather you watch Doug demuro’s highly monetized channel over randomjoeschmoe’s excellent non-ad enabled review of a 10 year old car
The recommender used to work, before they decided it was more important to show you what they want you to watch, as well as not to show you what they don’t want you to watch. Whether you call that “broken” or not is a matter of taste.
You get it perfectly. They'll try to make any connection they can between what you want and what they want to show you, but they'll just throw it in randomly if they can't.
Do you like watching normie stuff? Like 90% of what I watch on YouTube is recommendations for my weird tastes, and I feel like without a recommendation algorithm the site would be largely useless?
I never go to YouTube looking for a recommendation of something to watch. The recommendations algorithm is entirely useless for me. YouTube without a recommendation algorithm is just fine.
I go there either because I'm linked to a specific video, I'm searching for something specific (too specific for the recommendation algorithm), or to check if any of the few channels I follow have posted anything new.
I don't watch popular youtubers, I don't listen to (currently) popular music, I don't watch the television, I don't watch sports. I even get make-up tutorials, and I'm a male! That's all the front page of youtube has to offer to me: things that I'm unlikely to ever click on.
>I feel like without a recommendation algorithm the site would be largely useless?
That's because for you and many other people youtube is an activity, like turning on the telly. You open youtube and you expect to be entertained, and that's what the recommendation algorithm is for. For me, youtube is a tool: I open it, search for something, watch it, then close it.
I get that on Youtube too, without blocking anything—just use Google’s privacy dashboard. The dashboard is overly complicated for sure, but they actually do respect your choices, at least in terms of what’s user-visible.
There was a time when I used a South Asian VPN service for YouTube, and I saw a lot of "single woman in your neighborhood" ads. I guess either that was the norm in South Asia, or that's what VPNs are for...
Are they actually that useful to combine? The things I do on google and the things I watch on youtube are almost completely unrelated. Combining them would probably just make both google and youtube worse for me.
They don't silo them at all. The whole pitch of their Google Marketing Platform and DoubleClick DV360 products to entreprise clients is that all data is in one set and they can target consumers everywhere.
Yep, Google handles the most search queries of any site. Youtube is #2. Google has well over 50% of the market and over 50% of what's left over through Youtube too.
I forget YouTube has ads sometimes. I pay for it so I don’t get them.
I also have a lot of niches I like to learn about and travel monthly to Asia where I have 18 hours each way to watch videos. YouTube let’s me download videos onto my phone.
Don't know about iOS, on Firefox (Linux and Android) uBlock Origin works. On Android you can also use Newpipe [1] for an ad-free Youtube experience. There is another app called Musicpiped [2] which plays ad-free audio-only versions of Youtube content, as the name implies this is mostly meant for music but it can also be used for lectures etc.
Obviously the advertising engine is divining your true wants and desires.
More seriously, if a person was known to be a privacy nut, I would serve them randomized yet diametrically opposed "advertisements" (say barbie dolls). Periodically when their guard was down I would throw in an ad for a firewall or rfid blocking wallet.
This is exactly what I've been doing last few days. Both phones and laptops.
Switch the default browser to Firefox and change the default search engine too. Firefox will protect them from all the third-party, cross-site tracking. It's faster too.
And if this causes an issue for something in the next day or two, you're still there to help them out plus the previous default browser is still there too.
My sister has 18 year old twins. They got MacBook Pros as graduation presents. They both got ones with 128GB drives which has turned into massive frustration. But we will ignore that for now.
But they both used Chrome. Today I switched them over to Firefox with uBlock Origin. And with some wankery you can make firefox look like a reasonable Macintosh application.
But so far so good. And, as I have commented in the past about the pihole and when people leave the wifi at home they worried their phones were compromised because ad people have lost their fucking minds.
So now the twins can can have a reasonable internet on their computers.
Will your family members know how to deal with sites that break because of ublock? I've learned to not "help" people in this fashion, even people I care about, because unless they understand the software it turns out that this kind of help just makes using a computer more frustrating for them and they probably don't even care about these things you're trying to help them with. I'd ask yourself if you're doing this more for your own sake than for theirs.
If some sites or features are broken with tracking blocked, maybe it's a good thing? Why should malicious sites/services get a free pass siphoning off and/or infecting devices? This way they are directed towards more respecting services.
On the other hand, too much frustration is just too much, so you definitely need to balance.
They could be sites for work, for government business, a school website, or their doctor's website that is broken when they needed to schedule surgery or something and they wont have any idea it was ublock that broke it and wont think to ask you.
Ublock has broken all kinds of sites for me, and I don't know if it's because these sites used a third party JavaScript library or some video provider or what, but I know to turn off all the privacy tracking things I have in my browser when a webpage looks broken, and often that fixes it.
Though, he doesn’t seem to know that literally all settings for a particular app can be seen in a single place too.
Also, the default behavior is to first ask the user, and with iOS 13 you get again several notifications from the OS that a particular app used your location multiple times over the last X days, with a scary map showing where the app requested the location too, and that’s yet another chance to change the setting with a single tap. Happened to me with Waze.
Bottom line, his complaints are baseless. And no offense, but if he cares so much about the privacy of his family, why is he not encouraging them to quit using FB?
Edit: moved to root, was initially a subcomment by accident.
> Also, the default behavior is to first ask the user, and with iOS 13 you get again several notifications from the OS that a particular app used your location multiple times over the last X days, with a scary map showing where the app requested the location too
I'm an android user right now, but having the option to see when/where app take advantage of their permissions sounds amazing.
What is this iOS feature called?
Does anyone know of a simple way to do this on Android?
Why do so many services request to know my location when it is irrelevant to the main usecase? Also, many time privacy settings screens are opt out instead of opt in. Why do companies need to know all this stuff about me, when it has nothing to do with their product that I use? Are they harvesting all this data to sell to third parties without my knowledge?
> Are they harvesting all this data to sell to third parties without my knowledge?
Yes. It's a secondary revenue stream. Even if they don't sell it now, if it turns out they have a reasonable good dataset they can sell it later on, especially as the revenue starts dropping.
Also make sure to enable automatic data deletion under https://myactivity.google.com/myactivity and Location History if for some reason you want to keep those on.
This is fine if you want to protect against people cracking your Google account and looking at that data, but it's very naive to think Google themselves would actually stop collecting the data.
Their business relies on it. They'd still be collecting it and using it as a signal for ad-targeting among similar nasty things in a plausibly deniable, not immediately obvious way.
This is going into tinfoil hat territory - Google keeping data after promising deletion would be a massive breach of GDPR and US contract law and would trivially result in massive fines.
Sure, you don't have to believe what they say; but then again you should also probably stop using Apple, Microsoft and any other closed software as well. After all, they collect data too and they could also lie to your face about what their devices send to the server. It's not a useful way of thinking.
Besides that - explicitly telling Google you don't want data collected is strictly better (even as a grounds for class action lawsuit) than not telling them that.
Google is already not GDPR compliant, and they've proven they're acting in bad faith by all the dark patterns they use to get people to surrender their privacy.
Regarding Apple, Microsoft, etc, their business is based on selling hardware, software & services. Ads make a insignificant part of their revenue, so there's less incentive to be malicious and put the rest of the business at risk for a tiny share of the profits anyway.
Google? Their entire business is based on ads, there is no other way for them to stay afloat given their current expenses. So there's much more incentive there to be malicious, and they've got both the lack of morals (cf dark patterns) and the engineering talent needed to do the bad thing in a covert, undetectable manner.
I think you're vastly oversimplifying the mix of incentives and resulting code that drives all those corporations. You're letting your bias against Google blind you against things that Microsoft and even Apple did when they saw profit. You're also hugely overvaluing the incentive of large corporations to go directly against the law.
At our family gathering for our white elephant gift exchange my present was a Google Home Hub/picture frame (bought it last year yet no longer want any type of listening device in my house minus Siri on my phone).
I was sorta surprised that wasnt the most coveted prize of the exchange that the majority wanted to steal. About half said they didnt want any creepy listening device in their house.
"And even if you turn off location services for an app, the app may still get this data by examining the metadata from your photos. (I’m not sure if iOS13 fixes this.)"
I cannot answer your question (yet), but I have a question of my own: do people actually think the location stored in a picture is more important from the privacy perspective than the content of the picture?
I mean, people upload pictures of themselves, their family members, their homes, offices, places they visit, to a third party, such as FB. Is really the location stored in EXIF headers the biggest issue here? Think how much can be automatically extracted from content these days.
I don’t mean to diminish the importance of the location leak, I just find it odd what our collective priorities seem to be, even among the tech literate.
There is the wife/husband of your relative who will go and reset those settings back to enabled for logging/geotracking only because they want to see where the other is going throughout the day... So even if you disable all this tracking, sometimes its beyond their control... Short of changing their password to block the other person from changing the settings.... One of my friends switched back to a flip phone because he was sick of arguing about it.
Spouses who mess with their spouses phone settings, use their spouses' phones to find out where their spouses have been, and who argue back and forth about these settings, have fundamental relationship problems that have nothing to do with phone settings.
Making sure their gadgets have the latest software updates is more important. My mom’s iPhone was stuck on 12.3.1 even though automatic updates was on!
I can see how this whole subject is very difficult for non-technical people. I think phones should get more of a universal, easy to understand set of privacy choices that you can simply apply to all apps and only override on a case-by-case basis temporarily, instead of making it this kind of regular housekeeping chore.
That said, I'm also surprised a cryptography expert can't figure this all out:
> It’s sort of amazing to me how hard this has gotten, even on iOS, which advertises itself as the “privacy” OS.
And what percentage of Android users have Android P or above as we approach 2020? 30%? Less?
In the past, granular permissions did not exist in Android. You were simply given a list of permissions that any given app would simply use at any time and you either downloaded the app or you didn't.
Final example: Android lets apps simply write and read to/from the file system anywhere they want, until very recently (Android 10?). If I'm not mistaken, that means that any app that's granted permissions to the file system could just read common storage locations like your Facebook cache directory to gather personal information.
> My wife asked me how Facebook knew she walked by a particular store yesterday, so I dove into the Settings. What a mess.
iOS does not give these permissions away. The answer is obvious: his wife gave Facebook location access.
> First, there’s this “Privacy” tab in iOS settings, but under it you’ve got this ridiculous and ever-growing list of crap. Every app appears multiple times, and you have to know where to look.
On the one side of the ring, people ask Apple to make things simpler, and on the other side of the ring people ask Apple to expose more granular control. There's no winning here.
And anyway, the organization is quite logical. It's organized by permission category.
> Browsing the “Location Services” tab alone is a nightmare. There’s no way to sort by “Always”, which is usually the particularly bad permission you care about. (Although “While Using” is a bit ambiguous too.)
How many apps do you have where sorting is an issue here?
Also, "While Using" is not ambiguous. It means "While Using." The text on the original dialog was "While Using the App." What else could it mean?
This is an interesting criticism because it's another piece of granular location control that Android either doesn't have or gained very recently.
> And don’t get me started on this “Bluetooth” tab. Why do any of these apps need direct access to my Bluetooth other than crappy tracking?
Both iOS and Android basically gave away Bluetooth access because it was never assumed that it could be used for anything serious. We all know better now and Android 10 and iOS 13 both added this piece of granular permission in. I can tell you that my Sony Headphones app and Apple Music most definitely need access to Bluetooth.
> And even if you turn off location services for an app, the app may still get this data by examining the metadata from your photos. (I’m not sure if iOS13 fixes this.)
This is not necessarily something "to be fixed," this is simply the fact that granting access to your Photos grants access to your Photos. If you gave your photos metadata in the first place, that metadata will be there. I do admit that I'd love some more fine-grained control over this (although you may notice that the iOS share sheet does add some control over whether to include location data in iOS 13 - I wonder if any other popular smartphone operating systems have this built in and installed on >50% of their install base?)
"while using" IS ambiguous. what does that mean when apps can run in the background? what is preventing them from accessing the location service then? i can interact with apps through notifications bubbles, does that count as using them?
having a set of permission for each app is not sustainable and annoying. anything annoying is not going to get done. last time i had to go through all my apps to make sure they all have the correct permissions for notifications. i do not want to have to do it again. but i will if i ever factory reset or get a new phone. why aren't there global sensible options?
some apps won't work if you don't grant access to photos or camera. they claim to be "camera" or "photo" apps.
are we going to pretend there is nothing to fix here and shift the blame on OP or his wife? seriously?!
> And what percentage of Android users have Android P or above as we approach 2020? 30%? Less?
At more than 50% for US and rising.
> Final example: Android lets apps simply write and read to/from the file system anywhere they want, until very recently (Android 10?). If I'm not mistaken, that means that any app that's granted permissions to the file system could just read common storage locations like your Facebook cache directory to gather personal information.
This is not true at all since cache directories and other private storage is and have been isolated since the start.
Can you please not spread misleading information about things you're not informed about? It just fuels dumb brand fanboyism.
Is 50% supposed to be good? 50% of Android users on the United States can just have apps run the camera in the background. And that number is going to be lower for less affluent countries.
Even if you’re stuck on iOS 10 with an iPhone 5 your security situation is better.
I may be wrong about the particulars of Android isolated file storage but that doesn’t mean I intended to spread misinformation. In fact apps are allowed to carelessly write private data anywhere they want if they aren’t designed well [1]. Apple’s idea to completely disallow apps from accessing common storage and rely on the share sheet was, from a security perspective, the right call.
And I’m not a fanboy. I use Linux at home. I’m not into Apple’s brand beyond their phones being the only viable option for someone who wants a phone that lasts longer than three years. You cannot buy an Android phone that will get 5 years of security updates, and I don’t think a shelf life of 2 or 3 years is acceptable for a piece of hardware. 5 really isn’t even enough: we wouldn’t accept that for our personal computers.
> If I'm not mistaken, that means that any app that's granted permissions to the file system could just read common storage locations like your Facebook cache directory to gather personal information.
That's only true for the "shared" storage locations (SD card, and internal emulated SD card). Unless facebook is braindead they should be keeping private data in app storage, which is only accessible to the app itself (each app has its own Unix uid, and app storage is mode 600).
You’re right, I misunderstood the isolated storage functionality. However, I think that offering any way to interact with shared storage was also something of a design mistake on Android, but I could see someone disagreeing with that.
Facebook is probably doing it right but someone else might not be. I’d rather the operating system prevent the bad action in the first place.
Not sure I can agree that shared storage shouldn't exist, just because it could be misused by any given app. Some things simply must be shared: your camera and gallery apps both need access to your photos.
It's like, if a Unix program made private files world-readable by default, you wouldn't blame Unix for providing permissions in the first place.
I think one of the reasons the subject is difficult to understand actually lies beyond tech.
For someone not familiar with "move fast and break things" and the huge toxic part of the tech industry, it would be reasonable for them to expect that a high-profile company such as Facebook or Google is complying with all local laws & regulations and isn't acting in bad faith otherwise they would've be fined out of existence long ago. After all, we have regulations for things like food safety that mean you can buy any food item from a mainstream supermarket and be confident it's safe to eat, and there are severe penalties to ensure that remains the case and deter potential offenders.
It's totally reasonable for these people to not be suspicious when they're downloading a popular app that's been around for decades and used by everyone and not suspect bad faith or malice when the app asks for contacts or photos, because regulation is supposed to crack down on fraud and lies (which dark patterns are).
The problem is, of course, that the law hasn't caught up with tech and with all the corruption... I mean lobbying - around I don't think we'll even get there. If an individual lies and gets access to something they're not supposed to it's called fraud and there are real penalties for that, even more so if the fraud happens on a computer (and the definition of that is so loose even implied legitimate access to a web server could be argued to be "unauthorised access"). When Facebook lies to you regarding their usages of the data however, it's no longer fraud nor hacking, even though it fits the bill perfectly, including the "on a computer" part. This is the real problem.
So the music app might work fine without bluetooth access, but his point on the Sony app is valid. If you need to set up a new pair of headphones, Sony needs bluetooth permissions to handle device pairing. I presume you may pair outside of the app and re-launch the app once connected, though.
OS cannot account for all the possible functionality a Bluetooth device can provide. There are thousands of very useful BT devices that come with apps that need to talk to BT directly.
You're advocating permanently crippling this hardware over privacy theatre. If you don't want apps to have this access, deny the permission as a user. But stop advocating crippling the most powerful pocket computers we have for everyone else please.
It's very difficult for everyone, regardless of how "technical" they happen to be. It takes time to read through the options and actually understand the implications. These things change too, sometimes dramatically. There's a lot of settings.
It is right for people to feel a certain level of anxiety about this stuff and to be a bit angry. I am more concerned with folks that uncritically put their trust in the apps they download and their phones.
Sadly, it will take quite a few more high-profile "privacy disasters" for the masses to truly get wise to the risks.
I agree with most of what you're saying, but I can't swallow that "iOS is the Privacy OS" UNTIL they make it way easier to control "Background App Refresh" and also turn it off by default. I've always been concerned about apps that have this turned on and also access to my Media on iPhones.
There’s an option to toggle between Off / Wi-Fi / Wi-Fi & Mobile Data for all apps, and there’s a list of every app that uses background app refresh with a toggle button next to each one if you want finer-grained control.
Sorry, "way easier" was perhaps the wrong term, I meant to say it should be easier to discover the fact that this impacts Privacy in a major way - and hence it should be in Settings -> Privacy along with Photos and everything else.
I just feel like, iOS gives this great sense of control and so it's easy to become complacent without realising there is this backdoor of sorts to a lot of info (you can infer location based on IP collected from Background App Refresh for example).
Thank you for responding with logic and sense here-- it seems this Twitter user does not understand the history or context behind these privacy choices. Perhaps he should be complaining about his wife, since she was the original perpetrator of bad privacy choices?
That's an interesting point, I think you caught him complaining about his wife publicly. I bet he wouldn't have posted this rant if it was his own phone.
He's upset that he had to spend time as IT Support with his family, not that Apple or anyone else did something wrong with the OS.
Do they have access to your photos when you go to the photo picker when you want to send a picture or do they have all the time access to your photos once you gave them permission ?
1. UIImagePickerController - This opens the system image picker and ONLY returns the user selected image to the application.
2. "Access Camera Roll" Permission - This is what WhatsApp, Facebook, etc. use so that they can show their own image picker UI. It just gives the app permanent access to APIs that can retrieve photos.
Both leak EXIF information to the app, but the first one only leaks the information for a specific picture.
Yes. Not sure how that's mitigated on iOS, but Android started mitigating this with Android 10, where Location access is needed to read EXIF from photos.
"Mozilla makes browsers, apps, code and tools that put people before profit." - people are using Chromium, Firefox usage is dropping, so Mozilla should do the right thing - fork and de-google Chromium and save the web.
Also, I am donating each year real money to Mozilla, without using its browser. Call it FUD, call it I don't know what, but on desktop I am using Chrome, with the usual ad-blocking plugins, on Mobile I am using Brave.
There are many attempts to fork Android, some by big companies (Amazon still sells Fire devices with their Android fork I think?)
Bottom line is that Android without Google Play services and Google Play Store doesn't work well: most apps are only on Google's store and use Google specific APIs all over the place (after all they are treated mostly like normal Android APIs). And of course Google doesn't let you ship those in an Android fork.
The last thing I want my tax money to go to: develop android/chromium fork. If some company is collecting data they don't require - they are already breaking the law
The comment about the privacy settings location[0] is a little weird. You can access the settings by type there or you can just access all the privacy settings for a single app from the first level of the Settings app by clicking the app name. Both locations are useful and seem pretty clear and easy to navigate.
Exactly. And he complains about not being able to search for apps that have location set to "Always" or "While Using", but it is hardly a bother to scroll through the list of installed apps and do a once-over to check their location settings.
He also complains about the "Bluetooth tab" in privacy settings, saying that companies would only need this permission for "crappy tracking". In essence, he makes it sound like Apple is in the wrong for having this setting configurable at all. But has he ever used a phone before? Apps didn't even need to request permission to use Bluetooth radios in older iOS versions. Besides, disabling them completely would break functionality for apps that need to search for bluetooth devices (Smart devices, namely).
>He also complains about the "Bluetooth tab" in privacy settings, saying that companies would only need this permission for "crappy tracking". [...] Besides, disabling them completely would break functionality for apps that need to search for bluetooth devices (Smart devices, namely).
His statement about it being used for tracking isn't too far off. Of the apps in the screenshot:
Alexa: ok sure, maybe you need it to setup Amazon Echo devices
both Bluetooth and wifi need the be more locked down imo
wifi should require a whitelist of sites an app can access by default. any app that has WiFi access should not be allowed the scan my network for vulnerable devices etc.
same for Bluetooth. most apps dont need this at all for anything legit. those few that do should default to some whitelist of devices they are allowed to access
Apple/Google/Microsoft should be working to make this happen
Really? That would be a major pain if you had to whitelist sites that an app could access. Besides, that would be easy to get around. If you only allowed Foo app to access Foo.com, there is nothing stopping the app maker from proxying to other sites from the backend.
There is something stopping them, cost. I doubt most apps want to pay for me watching videos that they spawn in an embedded webview so they could spy on my activity.
What's the pain? Why does every app need access to all of the internet. I know of no apps I use that need that access accept my browsers and I'm fine if Apple/Google/Microsoft added a new permission
(a) no internet access
(b) access only these sites
(c) full access
I'd only give my browsers full access. You'd be free to give all your apps full access.
Also power-cycle everything. Including routers and cable boxes.
True, some systems may not come up cleanly, but at least after patching and rebooting, they'll fail in the "clean" direction.
This is one way to volunteer yourself to help them with any and all IT needs on their devices moving forward.
I'm all about helping out on privacy related topics but unless they want to learn about the how and why you're turning on xyz they won't care in the long run.
I wrote a privacy settings page, that for every turned off option generates a new privacy setting, making your task truely infinite.
Actually, i added a way to see privacy options as bits, making your turning it off turing complete.
You can admit defeat at the bottom of the page.
A way that we technologists can help people understand the ming-boggling degree to which Surveillance Capitalism™ [1] is running things is to use code to pull back the veil. Some are trying to help you to see what's really going on [2]. Also, I'm thinking of things like automated NLP on terms of use/service. Phone settings will not fix anything. The genie got out when Larry and Sergey, in the wake of the bubble burst, said "fuck it, we're an ad company".
>TL;DR If Apple’s going to advertise itself as the “private” phone, they need to do a much better job than this. “At least we’re aren’t Google!” is pretty much the best they can say.
It's times like this HN needs to allow the fire emoji.
He's absolutely right and the fact we pretend otherwise is a total fucking lie that lets everyone feel a bit better about about the wretched state of our industry.
What does Jumbo get out of all this? I couldn't find much info on 2121 Atelier Inc. (marked as the company I'm agreeing terms with in the ToS). It doesn't seem like a paid app either... can't trust without this being transparent.
