It’s no secret that I’m a big Apple fan. I’ve bought Apple computers for literally decades. (Okay, I did once have a cheap, sordid affair with a Power Computer Mac clone, but I swear it was meaningless.) That said, I’ve used Windows and Linux machines professionally over those same years. While each systems has its pros and cons, I’ve always preferred the stunning elegance and fanatical attention to detail that comes with Apple products. However, as we have entered the Golden Age of Surveillance, I now have a completely different reason for loving Apple: their focus on user privacy.
Follow the Money
Now let’s be clear here: Apple absolutely collects user data. However, I firmly believe that they are committed to only collecting data they need to better serve me as a customer and (crucially) strictly limit with whom they share it.
When people ask me who to trust with their data, I usually tell them to follow the money. In other words, check their business model. If that model depends on monetizing you and your data, then you need to be highly suspect. (As I love to say: if the product is free, then you are probably the product.) Apple makes money on their devices (computers, phones, accessories), media sales commissions (music, movies and books) and services (AppleCare). Google, Facebook, Twitter and other “free” services make money on advertising. In order to maximize ad effectiveness, they want to target the ads. That means they want to know as much about you as humanly possible. This rule isn’t hard a fast – some companies charge you for services and monetize your data (like your ISP). But Apple mas managed to become the most profitable company on the planet without having to sell out their customers.
Tim Cook Pleads for Privacy Protections
Apple’s stance on privacy was front and center at last week’s keynote address to the International Conference of Data Protection & Privacy Commissioners. Tim Cook explained how the wealth of data we generate on a daily basis can be used for good, but is too often used for ill. He spoke not just about how we’re losing our privacy but how this data can be used to undermine civil society and democracy. He outlined four key principles for tech companies:
- Companies should challenge themselves to de-identify customer data or not collect that data in the first place.
- Users should always know what data is being collected from them and what it’s being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham.
- Companies should recognize that data belongs to users and we should make it easy for people to get a copy of their personal data, as well as correct and delete it.
- Everyone has a right to the security of their data. Security is at the heart of all data privacy and privacy rights.
Download Your Apple Data
You don’t have to take Tim Cook’s word for it, though. Apple has a privacy website where you can download all the data Apple has on you. Like I’ve encouraged you to do with Facebook and Google, you should really know what Apple knows.
- Go to http://privacy.apple.com/
- Under “Get a copy of your data”, click “Get started”.
- There are two sections of data here:
- The top section is really what you want – it’s all the little stuff you’re probably not thinking of.
- The bottom list is all your Apple email, docs and photos – which you should already have.
- Select the info you want and click “Continue” at the bottom.
- You may have to go through some account verification steps. When done, Apple says they will email you a link when your data is ready for download.
I’ve requested all my data from that top section and it took a few days. The download was only about 10MB, but it was a bunch of zipped files. Opening them all and sorting through them will take a LONG time. But you should at least skim through it to see the types of info Apple has. I honestly wish Apple (and all of these companies) would present this data in a more useful way… but at least we can look at it.
Good, but Not Perfect
There’s still a ways to go here, even for Apple. I think they can still take more steps to reduce the information they collect, for example. But for me, the big glaring issue is iCloud data. The iCloud service (including iCloud Drive) is undeniably convenient. It allows you to synchronize your settings, documents, calendars and so on across your iPhone, iPad and Mac computers. And while all of that data is encrypted, Apple holds the key. That means that they could look at it whenever they want – which also means they could provide it to someone else. While Apple would probably only do this for law enforcement purposes, it’s possible it could be abused or stolen.
This is a classic trade-off between privacy and convenience. Apple doesn’t want customers to have to worry about generating and saving encryption keys. Apple also doesn’t want to field calls from customers who have lost those keys only to tell them their data is now irretrievably lost. I get that. But users still need to have that option, if they want it. Apple already does this for disk encryption keys and should do it for iCloud, too.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!