Your Privacy Matters

A blog dedicated to all things privacy

Apple is often perceived as a privacy white knight. A shining beacon of hope in the technology landscape. The one company that truly cares about your privacy. The one company that will go to great lengths to defend it from those who are eager to violate it. Through their flowery marketing and advertising campaigns, they have convinced the most gullible of us that they are different from their competitors. They have convinced us that, unlike other big tech companies, they have no interest in your data and that they have a business model to prove this. All of this is a lie.

Apple collects every piece of data that they are capable of about their users. This includes but is not limited to location, IP address, browsing records, search history, app data, product interaction, payment information, messaging metadata, music library, playlists, play and pause times, songs played, personal demographics, salary, income, assets and even health data. Not only is Apple willing to share your personal data with third parties, but they are willing to monetize it by tracking and targeting you with ads. To say that they are a privacy alternative to their competitors is laughable. Apple does not truly care about your privacy nor are they much different from other big tech companies. What they do care about is increasing shareholder value. One need only to refer to their privacy policy to confirm what Apple truly values. However, Apple tricks the public into believing that their true privacy policy is located at https://www.apple.com/privacy/ when in fact this is just more of their deceptive marketing material and is not only disingenuous, but an affront to those seeking information about Apple's practices. To find the actual legal document regarding Apple's privacy practices, users must navigate to https://www.apple.com/legal/privacy. However, even this does not afford the full scope of Apple's data collection when using their products. To know the extent of it, users must locate the individual data policies for each of Apple's products and services. None of these are easy to find for the average person. Often, they are linked in sub-pages in no apparent order.

You may have heard or read about the new privacy labels for apps featured in the iOS and Mac App Stores. If you have not, think of them as something that gives a rundown of an app's privacy policy. Apple's privacy labels are akin to nutrition facts for food, which tell us how many calories, how much fat, sodium, protein, fiber or nutrients foods contain. The privacy labels have three categories: Data Used to Track You, Data Linked to You, and Data Not Linked to You, with bullet points for each detailing what the app has going on under the surface. A label might reveal that an app wants to collect your location data, financial details, and contact information, and links all of that to an in-service account or identifiers like your device's ID number. The label might also show that the app goes a step farther and shares that information with other companies to track you across their websites and services as well. Sounds useful, no? But is it fair? Do these same privacy labels apply to Apple's own apps, specifically those that are installed by default on all iPhones? Sadly, the answer is “no.” You can only find the privacy labels for these on a web page that lists them. Even more inexcusable is that privacy labels are designed in a way that gives Apple's own apps special treatment because their data practices are defined as first party and do not constitute tracking according to Apple's definitions. For instance, Apple states that your personal data is not shared with third parties for their own marketing purposes. However, what comprises personal or non-personal data is not concrete. Apple considers their advertising ID to be non-personal, but third party developers use it to track and target you across the web and apps owned by other companies. Wouldn't you consider an Operating System level identifier like Apple's advertising ID to be quite personal?

Apple also allows third party developers to collect your precise location without disclosing it to you. Normally, developers would have to disclose this practice, but a loophole allows them to circumvent this. So long as they de-identify and coarsen your location, everything goes. As per Apple's own definition, coarse location is information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places. It is impossible, however, to de-identify your location info as your location, technically speaking, is your identity. The pattern of places you have been to at a given time is unique and numerous studies have proven that anonymous location databases are nothing more than a vain hope. Apple may not want third party developers augmenting their databases with personally identifiable data, but Apple certainly reserves that right for itself. It combines the non-personal data obtained through a variety of technologies with the personal data they already possess. In this sense, they are refusing to hold themselves to the same standards they set for others.

Another popular service that Apple touts as private and secure is iCloud. They flaunt it as being “built with industry-standard security technologies, employs strict policies to protect your information, and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data.” This is more lip service and this stance only applies if users don't back up their data to iCloud. Apple and others can, in fact, have full access to every bit of information you store in iCloud as a back up because Apple possesses the keys to decrypt that information. iCloud is not at all private from Apple, the government or law enforcement agencies. As many security experts have stated, iCloud is just someone else's computer. By definition and when referring to it in the technology sense, the cloud can be a single or multiple servers that can be accessed through the internet. My readers might be thinking, “but didn't Apple at one point plan to support end-to-end encryption (E2EE) for user data in iCloud?” They certainly did and this would have been fantastic for their users because it would have meant that their data would be kept secret (encrypted) until it reaches them. But Apple didn't execute their plan and reneged when the FBI complained that it would prevent them from accessing user data for investigative purposes. Not only that, but Apple willingly complies with government requests for user data. Apple's own transparency report from 2020 shows that they complied with 82 percent of US government data requests.

Despite what they would have you believe, Apple is not your friend. Apple does not care about your privacy. They are a publicly traded corporation that does care about one thing: profit. Do not trust them. Instead, choose and support those that prove they do respect your privacy rather than try to impress and deceive you with superfluous marketing and PR talk.

Other sources:

Developer Guidelines for Privacy Practices Apple Advertising App Store Apple Pay Apple Music iCloud

Signed – He Who Fights for the User

First, allow me to apologize for the delay in new content for this blog. As my fellow adults of society might appreciate, time is always against us and often life tends to get in the way of our favorite hobbies. I don't believe I have committed previously to a strict schedule of any sort in previous posts, so allow me to say now that my readers can expect new content on a bi-weekly schedule...time permitting, of course. Where this is not possible, my readers can expect a monthly post at the very least.

Now, let's get on to what you came here for and have likely been looking forward to, shall we? In my previous blog posts, I briefly touched on who would be considered our adversaries when it comes to us defending our rights to privacy. These adversaries can be anyone from an ex-significant other, your employer, your health care provider, a physical or digital retailer, a hacker or, perhaps of greater worry, a state-backed entity, world governments, big tech companies or data brokers. Of these, who would you say are the worst? If your first thought gravitated towards big tech companies and data brokers, you would be correct. Think about it. State-backed entities and world governments are not going to actively pursue you unless you are engaged in highly-suspect or criminal activities. Conversely, big tech companies and data brokers want to know and share everything about us even if we are innocent, non-threatening, average citizens of society who simply want to live our lives.

Which “Big Tech” Companies and Data Brokers?

Whenever you hear mention of “big tech” companies in the news or in a podcast, see the term in an article or hear it in casual conversation and wondered what it refers to, simply, it is a name given to the five largest and most dominant information technology companies of the United States. These consist of Apple, Google, Microsoft, Amazon and Facebook. Each are dominant players in where they compete most strongly. Apple in the consumer electronics space. Google in the online advertisement, search engine and cloud computing space. Microsoft in the Operating Systems, personal computer, gaming and Software as a Service space. Amazon in ecommerce and cloud computing. Facebook in the social networking space. Each of these companies own and provide us with some of the most common hardware and software that we use in our everyday lives, such as:

  • Apple – iPhones, iOS, Macbooks and iMacs, MacOS
  • Google – Android, Chrome OS and Google search
  • Microsoft – Windows 10, Microsoft Office and Xbox
  • Amazon – Amazon Prime, Prime Video and AWS
  • Facebook – Facebook, Instagram and WhatsApp

Scarily, in our use of the aforementioned hardware, software and services, a variety of data is collected on us. It can consist of everything from our contact information, people we may know or who may know us, the content of our messages to others, what we searched and when, time spent in certain applications, the things we type, locations we visit or have visited to interest in consumer products and purchase history. This can all be verified by visiting the privacy policy and terms of service pages of each of these companies. I must advise you, however, that reading through these can take quite some time. Therefore, I instead invite you to visit the following links which are from a website known as ToS;DR (short for Terms of Service; Didn't Read). ToS;DR presents the information from the privacy policies and terms of service, that some of us never actually read through, of these companies in a convenient, simplified manner. These companies are then provided a grade based on the severity of the concerns their respective privacy policies and terms of service raise. Strangely, I wasn't able to find a ToS;DR page for Microsoft or its services. As such, I will be linking directly to their Privacy Statement page instead.

Apple – ToS;DR Google – ToS;DR Microsoft – Privacy Statement Amazon -ToS;DR Facebook – ToS;DR

As for data brokers, these are individuals or companies who specialize in collecting personal data or data about other companies, mostly from public records but sometimes sourced privately. You may have heard mention of some these, namely Spokeo, PeekYou, WhitePages/YellowPages, Nuwber, BeenVerified and Houziz. Data brokers sell or license the information they gather to third parties for a variety of uses. Sources, usually Internet-based since the 1990s, may include census and electoral roll records, public phone books, social networking sites, court reports and purchase histories. Ready for an awful fright? Search for yourself on your favorite web search engine or at one of the data broker's websites and see what results are presented to you. How accurate are the results? Are we wearing a tin foil hat yet? While there are varying regulations around the world limiting the collection of information on individuals, privacy laws vary, and the United States has little protection for the consumer. In recent times, however, states such as California have enacted statutes such as the California Consumer Privacy Act intended to enhance privacy rights and consumer protection for residents of California. Arguably and rather unfortunately, this effort in protecting the privacy of residents of California is not as broad when compared to the General Data Protection Regulation of the European Union.

What Can we do to Protect our Privacy From Big Tech and Data Brokers?

Fortunately, I have found some easy to follow guides for my readers that wish to immediately dive into protecting their privacy from big tech and data brokers. Although I might argue that there are better options when it comes to protecting your privacy, I must keep in mind that my blog is geared towards the average person who simply wishes to regain some control over their privacy without having to completely sacrifice convenience and device usability.

Until next time, fellow users!

Signed – He Who Fights for the User

Throughout my browsing of various places on the web and interactions with people in real life as well as online, I have often come across a common reply when the topic of privacy is presented. This reply is usually communicated as “Why should I care about privacy if I have nothing to hide?” Sometimes, people say “I am not a criminal, nor do I participate in any criminal activities, track me all you like.” To me, there is no worse mentality than those of the crowd who espouse these replies. It brings to mind a quote from Edward Snowden, “Arguing that you don't care about privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” Never mind that there are dozens of things we do every day that are perfectly legal that we would prefer not to have other people know about.

I do understand that in most cases, the nothing-to-hide argument comes from a place of focus on the hiding aspect of privacy. Caring about privacy does not strictly mean that you have anything to hide, it's about being able to control how we present ourselves to the world. It is the right to keep things to yourself. It's about personal dignity. It's about personal agency or the feeling of being in control of our actions and the consequences they have on our lives. Privacy should be also be considered under the context of power dynamics between the individual, the state and the market. Additionally, as recent scandals have illustrated so vividly, privacy is also about the autonomy, dignity, and self-determination of people – and it's a necessary precondition for democracy. If all of the aforementioned isn't enough to persuade you, I invite you to consider the following:

  • Suppose you do some online searches about cancer, or diabetes, or alcoholism. Do you want that info popping up the next time you apply for health insurance or car insurance or a job even if you don't have cancer, diabetes, or an alcohol problem? It makes it easy for any company to just deny you the insurance or the job, rather than investigate or take a risk.

  • Suppose you're a woman with an abusive ex-husband, or a creepy ex-boyfriend? Do you want them to be able to track your location in real-time, or track you even if you move to another city? Or to know where your new job is, or who many of your friends are?

  • Are you really comfortable with a faceless corporation knowing what medical problems you have, who your contacts are and what you are discussing, tracking every website you visit, building up a remarkably accurate profile of who you are, what videos you watch or what topics you are interested in then selling that data to third parties?

  • What if the government mistakenly determines that based on your pattern of activities, you're likely to engage in a criminal act? What if it denies you the right to fly? What if the government thinks your financial transactions look odd – even if you've done nothing wrong – and freezes your accounts? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? Even if you have nothing to hide, the government can cause you a lot of harm.

The truth is we all segment privacy in our lives and there are a plethora of reasons for doing so. For instance, I share my social security number with my bank. That does not mean that I want to share it with you. They have a legitimate need for it. You do not. And if all of the aforesaid is still insufficient to persuade you into caring about your privacy, then I invite you to read the information at the following websites:

Signed – He Who Fights for the User

I started this blog heavily inspired by the revelations of Edward Snowden and on the premise that if one cares strongly enough about a topic to warrant calling him/herself an advocate for it, one should share what knowledge they have learned regarding it. I feel people may benefit from me sharing my experiences concerning certain lifestyle changes, how they relate to privacy practices and how my life has improved or been made more challenging. This blog will consist of all things related to privacy, in both the digital and physical realms, and will be targeted toward the average person. That is to say, one who is only vaguely familiar with privacy and what it truly means in these areas of their lives. Through my posts, I hope to persuade my readers to change their current stance on the topic or at least reconsider it, if that stance happens to consist of neutrality or indifference. Perhaps I can even inspire them to be more conscious of even the most ordinary decisions or actions taken in their lives that may negatively impact their privacy and rights to it.

But why is privacy so important to me and why should you feel the same?

Consider one of your most private spaces, your home. You might secure it with lock and key, you might have curtains or blinds to keep strangers from peering in to your home, you close the door to restroom or use privacy glass for your shower, you use disk encryption on your computer or password protect your email to keep specific information from being accessed by anyone, etc. We do these things because we need and appreciate a certain level of privacy. We want to keep unwelcome eyes away from the things we would rather keep to ourselves. We hold our personal spaces, physical and digital, sacred and wish to deter distrusted individuals from invading them. Everyone has things they don’t want certain people to know. Caring about privacy does not necessarily mean that you have something to hide, it can mean that you simply have nothing you wish to share. I firmly believe that privacy is a human right and it intersects with several other human rights. To name a few:

  • The right to freedom of expression

  • The right to seek, receive and impart information

  • The right to freedom of association and assembly

You may not realize it or had previously considered it, but your right to privacy prevents governments from spying on people (without cause), can keep groups from using personal data for their own goals, ensures we have control over our data and it protects freedom of speech and thought. Without privacy, everything you do could be monitored which could have horrific consequences. You could be tracked based on your personal opinions about anything. If privacy rights didn’t let you keep your work and home life separate, “thought crimes” or what you say off the clock could get you in trouble. In our modern times, it is a right that is constantly violated by physical and online retailers, internet service providers, healthcare providers, the government, data brokers and big tech companies. Often, these violations occur without us knowing. There are mounds of evidence that all of these companies and organizations are guilty of such atrocities. You don't have to take my word for it either, although I will always do my best to ensure that I include relevant citations and sources in future posts for verification purposes.

Privacy is about respecting individuals. If a person has a reasonable desire to keep something private, it is disrespectful to ignore that person’s wishes without a compelling reason to do so. It is about putting a limit on the power of governments and private companies because the more they know about us, the more power they have over us. It is about social boundaries. We all need places of solitude to retreat to, places where we are free of the gaze of others to relax and feel at ease. It enables people to manage their reputations. How we are judged by others affects our opportunities, friendships, and overall well-being. Although we can’t have complete control over our reputations, we must have some ability to protect our reputations from being unfairly harmed.

Who are you and why should I heed your advice?

I am a self-proclaimed privacy advocate and technology enthusiast with an educational background in Information Technology and Information Systems Security, but ultimately an average person, like you. Although, I would argue that who I am, my ethnicity, my nationality, my age, my gender, my religious beliefs or lack thereof, political leanings or lack thereof, etc. are irrelevant. Besides, when it comes to communication, does not the message matter more than the person behind it?

I have researched the topic of privacy extensively and intensely, have read article upon article, followed online discussions, watched the TED Talk by Glenn Greenwald and the interviews of Edward Snowden, as well as read a fantastic book by author Michael Bazzell, an individual who previously investigated cyber crimes on behalf of the government and served as a technical advisor for the first season of the television hacker drama Mr. Robot. What I have discovered in my research I found so appalling I felt compelled to share with the world why we should, nay, why we MUST fight to preserve our privacy. In closing, I believe that my privacy matters and I do what I must to protect it. In the words of Edward Snowden, I don't wish to live in a world where everything I do and say is recorded. That is not something that I am willing to support or live under. Neither should you.

Signed – He Who Fights for the User

Enter your email to subscribe to updates.