←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
295 points djoldman | 2 comments | 06 Nov 24 13:48 UTC | HN request time: 0s | source
Show context
solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #
tw04 ◴[06 Nov 24 15:59 UTC] No.42064286[source]
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

replies(8): >>42065378 #>>42065849 #>>42065988 #>>42066649 #>>42067097 #>>42067858 #>>42068698 #>>42069588 #
ferbivore ◴[06 Nov 24 17:39 UTC] No.42065988[source]
Apple have name/address/credit-card/IMEI/IMSI tuples stored for every single Apple device. iMessage and FaceTime leak numbers, so they know who you talk to. They have real-time location data. They get constant pings when you do anything on your device. Their applications bypass firewalls and VPNs. If you don't opt out, they have full unencrypted device backups, chat logs, photos and files. They made a big fuss about protecting you from Facebook and Google, then built their own targeted ad network. Opting out of all tracking doesn't really do that. And even if you trust them despite all of this, they've repeatedly failed to protect users even from external threats. The endless parade of iMessage zero-click exploits was ridiculous and preventable, CKV only shipped this year and isn't even on by default, and so on.

Apple have never been punished by the market for any of these things. The idea that they will "lose credibility" if they livestream your AI interactions to the NSA is ridiculous.

replies(4): >>42069201 #>>42069206 #>>42069568 #>>42070213 #
lurking_swe ◴[06 Nov 24 20:53 UTC] No.42069201[source]
> They made a big fuss about protecting you from Facebook and Google, then built their own targeted ad network.

What kind of targeting advertising am i getting from apple as a user of their products? Genuinely curious. I’ll wait.

The rest of your comment may be factually accurate but it isn’t relevant for “normal” users, only those hyper aware of their privacy. Don’t get me wrong, i appreciate knowing this detail but you need to also realize that there are degrees to privacy.

replies(1): >>42070119 #
1. talldayo ◴[06 Nov 24 21:58 UTC] No.42070119[source]
> What kind of targeting advertising am i getting from apple as a user of their products?

https://searchads.apple.com/

https://support.apple.com/guide/iphone/control-how-apple-del...

  In the App Store and Apple News, your search and download history may be used to serve you relevant search ads. In Apple News and Stocks, ads are served based partly on what you read or follow. This includes publishers you’ve enabled notifications for and the type of publishing subscription you have.
replies(1): >>42072261 #
2. luqtas ◴[07 Nov 24 01:27 UTC] No.42072261[source]
so just stocks, apps and news? their hardware quality unsnarl me with their performance per watt every time i need to flee from civilization and program Java on Nepalese caves for _THREE_ days without plugging into a power outlet. i accept the compromise and their word on my data!

/s