Follow

Things I will be doing if Apple goes ahead with its plans to violate the sanctity of your devices:

- Remove Better Blocker from the iOS and Mac app stores.

- Stop recommending Apple as a privacy-protecting alternative outside of China (already wasn’t in China)

- Stop using an iPhone and not buy another Apple phone/computer (had already moved my daily driver dev machine to Linux three years ago).

- Not write another line of code for their platforms.

ar.al/2021/08/08/apple-is-tryi

(Regarding the first note, there is no point attempting to protect you from web trackers if your phone or computer itself is violating your privacy. By keeping Better Blocker on the App Store if Apple goes ahead with its current plans to violate your privacy on your own devices, we’d be legitimising iPhones, iPads, and Macs as otherwise safe spaces which they won’t be if Apple doesn’t backtrack and make a firm commitment to not violating your privacy.)

Sales of Better Blocker bring in money every month that contributes to the survival of our tiny two-person not-for-profit but, if Apple goes ahead with these plans, we will happily sacrifice that income as we would no longer want to be in any way associated with Apple Inc., and lend our legitimacy in privacy to its platforms (in the same way we don’t associate with other surveillance capitalists like Google, Facebook, etc.)

Your security and privacy are only as strong as your root of trust. If you cannot trust your own device and its operating system to not violate your privacy and to only act as expressly instructed by you and, furthermore, only in your interests, then any “security” or “privacy” you layer on top of that broken root of trust is simply security/privacy theatre.

Either something is private by default or it is not private. Either your privacy is sacrosanct or it is not.

ar.al/2021/08/08/apple-is-tryi

@aral Hope all developers were brave enough and had moral principles same as your company we would had never had this privacy problem. For big guys it’s all rolling in money. 👍 #privacy #standup

@garow Perhaps because we’re not a commercial company. We don’t care about money beyond unfortunately having a need for it to survive within the shortsighted capitalistic system we find ourselves living under. First and foremost, we simply want to help create the kind of world we want to live in ourselves: one where everyone has the right to a good life without struggling just to survive. The kind of world we could have if we didn’t have billionaires and trillion-dollar corporations.

@aral I'm not sure if that is the right response. I'm not sure if there is a better one, mind you.

It brings to mind something that we've been going over at my part-time employer recently. We're also busy with securing IoT, which means providing means for secure booting and upgrading firmware (really services making that easier).

Secure boot is a fairly simple thing whereby each boot stage validates the next, so you can...

#apple #privacy #surveillanceCapitalism #humanRights

@aral make sure that the devices you ship run only specific software. So far, so good for appliances.

General purpose computers require some kind of sideloading, so secure boot can only verify the base software. For side loaded content, you can find similar code signing mechanisms.

But it introduces a new problem that Trusted Platform Module (TPM) attempts to address, and that is for side loaded apps to verify the OS.

The signing/verification stuff isn't really relevant to...

@aral ... this situation, but the mental model is:

Apps must treat the OS as (potentially) hostile.

IMHO that's the only way you can serve users in the long run.

If you deny the users of a hostile OS secure services, they're left to their own. If you can offer them secure services that help them combat the hostility of the OS, you've improved their lives.

Clearly that won't apply to all kinds of software. It's more of a thought that one can balance against boycott.

@jens I see and acknowledge your point. It’s one of the reasons we’ve been pragmatic about Apple’s platforms even through, for example, the proprietary nature of it goes against our principles. But if these plans go ahead, we will use our limited time and energy to inform people about private by default alternatives and not waste any time or effort legitimising or otherwise developing specifically for a hostile platform.

@jens (Folks can still protect themselves by, say, using the rules in Firefox on Mac if forced to use a Mac going forward. And if they can’t even do that on iOS, you have yet another reason to question and perhaps eventually leave the platform. What we will not do, however, is associate with, profit from, or legitimise such a platform if Apple goes ahead with its current plans. Just like we don’t with Google or Facebook.)

@aral And I'm not arguing with that attitude. I hope that's clear, too!

@aral @jens If we are not obliged (by f.e. employer) to use hostile OS just let's don't do it...
We should do everything to focus effort to use and support development only open source OS's.

@miklo @aral Yeah, that's ignoring the needs of everyone who doesn't have that choice. Can't find it in me to abandon them all.

@aral This is why I find developments like Apple's M1 and Googles Tensor SoCs concerning. Also TPMs that don't allow installation of user derived keys.
The manufacturer has complete vertical control and you can't guarantee what back doors are or are not present, possibly right down at the silicon level.

@aral I used to have code that I carried support for building and testing on MacOS. At one time we were given a mac to do testing and porting with. There are a few obscure link options for runtime plugins, build options to detect and use homebrew library paths such as for openssl, and to deal with other minor behavior changes. I am now systematically eliminating those from my codebase..

@aral one thing will be tricky, though: someone will upload an app under that exact name somewhere down the line. And people will think it's yours. I don't have a solution for that, though.

@aral Not all threat models involve nation states.

There may be people for whom web tracking is a threat because of the associations it can create, but nation state surveillance of their photos is not.

@bob While that is true, we will not lend our name to, legitimise, or otherwise support any platform that is not private by default. If Apple goes ahead with its current plans, there is no way I can justify supporting their platforms with our software or our name.

I applaud and support your commitment to the cause.

what I don't get is on what grounds you believed the apple platform was private before the recent announcement. yeah, there was propaganda, which makes you feel betrayed now, but was there any reason to believe any of it, when it was impossible to verify for oneself?

@aral 30+ years a customer, I just got rid of my iPhone (and last Apple device). Replaced it with e de-googled phone from the /e/ Foundation. e.foundation/

Whatever Apple decides to do next, trust is gone as far as I am concerned.

@yaglb @aral yep same attitude here, moved to a Pixel with GrapheneOS and won't be going back. Even if Apple did cancel their idiotic plans the damage is done. They've shown their hand. Trust is broken.

@drh @yaglb yes I use it as NY main messenger. It works without Google Play Services and runs perfectly in GrapheneOS.

@aspie4K @yaglb How’s the Pinephone tracking? That might have to be my next phone…

@drh @yaglb Pinephone is very promising but personally I don't think I could use one as a daily driver yet. It all depends on your personal preference though really. I can easily see myself using one in a couple years when the hardware is improved and there is more of a developed app ecosystem around mobile Linux.

@aspie4K @drh @yaglb Also, there is Molly, a hardened Signal fork, coming from the GrapheneOS community. They have a FOSS version and a F-Droid repo :blobcoffee:

@h3artbl33d @drh @yaglb ohh got a link? Is it compatible with Signal? How is it hardened compared to Signal?

@aspie4K @drh @yaglb molly.im - fully compatible with Signal. You can easily switch and retain your messages. All it requires is a (renamed) Signal backup.

@h3artbl33d @drh @yaglb thanks man, looks like an interesting project I'll do more reading into it, saved the link

@yaglb @aspie4K last time I tried running an Android phone without Google Play Services I had issues with Signal but it sounds like the app Molly discussed in the other thread may have sorted that.

@drh @yaglb Signal used to require Google Play Services for notifications but it falls back to its own notification polling service when there's no Google Play Services found in recent versions as of about a year ago

@yaglb how are you finding your Android phone on e.foundation? Any issues in day to day use?

@drh Nothing that bothering (poor dark mode support for some of their apps, though) but I never was a power user of the iPhone either: browsing, music (purchased, no sub), banking/passwords, SMS/phone and email, and stuff like that.

@yaglb @aral What did you do with your iPhone? Added it to the pile of e-waste? Sold it to someone with/without the big warning? Just curious here.

@elieuw @aral I offered it to someone *after* we discussed the reason I was getting rid of it. I am not the kind to force my decisions on anyone else, neither am I willing to add to the e-waste pile (still using a 10+ laptop as my daily driver) ;)

@yaglb @aral Ok, fair enough. Personally, iDevices are a long-term investment, both because of the price-tag and the long term support. It would be a waste to put it in a drawer or throw it out. Also, for me, it wouldn’t feel quite right to sell it to someone else. It’s a bit of a dilemma, actually. Conflicting principles…1st world problem probably.

@aral respect to you mate you have more principles in your left thumb than Tim Cook has ever had in his entire life.

I already moved to a Pixel with GrapheneOS and am very happy using it. I've always liked Android, only used Apple because I was naive enough to believe it was private. Now Apple has broken my trust I am happy to use Graphene on Pixel hardware.

@aral
I fully understand what you are saying. It also follows a “Practice what you preach” way of thinking.
I need to say that it is sad to observe that Apple current step feeds in to the line of arguments wherein people say “Privacy is dead anyway”. While I always try to say that individuals still can preserve privacy by making the right choices, when Apple indeed starts to snoop around* on local devices, well… privacy might be dead indeed. 1/..

@aral 2/.. (*yes ofcourse, via all kinds of ‘privacy preserving’ measures, but the principle stays the same… )
For my work I have to translate the complicated digital (internet) world into usable advice for far-from-technical inclined users.
Until the announcement of Apple’s plans it was safe to say that Apple/iOS was the better choice when there are privacy concerns. ...

@aral 3/3
The big question here:
Can we safely direct the regular user to the current alternatives? For me its interesting to find it out, but for regular users… it isn’t. I think.
So. What to recommend to them?

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!