I don't want to live in a world where my parents and grandparents are expected to pull up Wireshark to figure out if the app they're using will record their front camera without consent.
Blaming Zoom and FB is entirely acceptable here, it is their responsibility to keep my data private.
Blaming Apple? Why, when Zoom is on the Play Store as well?
>As long as you're running binary blobs that can make whatever network connections they please, people are going to take your data and send it to places you don't know about.
Surely there are open source video chat solutions already? They haven't taken off for one simple reason: video hosting is expensive. It's quite literally one of the most intensive network activities you can partake in, rivaling torrenting.
It doesn't make sense economically to offer a video hosting platform without collecting income from it. Nor does it make sense to attempt a peer-to-peer solution knowing full well that one laggy peer wrecks the experience for everyone else.
> Blaming Apple? Why, when Zoom is on the Play Store as well?
Blame Apple because they constantly tout the iPhone as being "privacy respecting" and "what happens on your iPhone stays on your iPhone"[0], while they
A. Apple doesn't default to "limit tracking", or at least make "limit tracking" an option on setup/iOS upgrade
B. Apple doesn't penalize developers for using Facebook's SDK with auto data collection (ie. punishment by having text like "sends data to: facebook, google, hotjar" on an app's install page)
C. Apple doesn't do any software stuff to limit and track the trackers. Having a counter for # of total days a domain name was contacted would be an eye-opener for many, and being able to toggle a "block" on the domain would be a big step forward.
Facebook meets the standard for being included in apps (respects the user resetting the usage ID), but that standard isn't the standard privacy-conscious users want. Apple can do better, but whether it be industry pressure or monetary pressure [google paying to be the default search engine], they don't actually put privacy first.
> the Facebook SDK was collecting device information unnecessary for us to provide our services.
Sorry state of Apple App security and privacy - all your apps are swarms of data collection and privacy abuses.
Apple built this world - and Apple is to blame. Zoom is to blame too. And finally individual app developers should also alert everyone on what's truly happening in their apps.
I once had to integrate a third party tracking framework to an Android app. The PM wanted to track everything, even the apps that were installed on the device. Google immediately took our app down because of that.
And preventing this from happening with SSL pinning is not a barrier for Google or Apple because they can easily bypass that.
Since they have the means to inspect the traffic at scale then they should be able to filter out apps that are violating your privacy.
While I have zero love for any given hyper capitalistic business like Apple, Android is not any better on the whole in this space, and in some ways measurably worse (especially when you take into account what devices actually hold the largest market share)
This is true, but Apple touts how much better they are about Privacy, and charges a premium for it. Google is more up front that they make little money on the initial sale, and are dependent on advertising to make money.
> Privacy is built in from the beginning. Our products and features include innovative privacy technologies and techniques designed to minimize how much of your data we — or anyone else — can access
I agree. People who send this data externally are ultimately responsible. Hypothetically, If I use the internet to steal data from my employer it’s not the network teams fault for allowing it to happen. I’m just a thief in position of trust exploiting my capabilities.
However you have to be much more intrusive on developers if you are going to require semantic analysis of all data being sent to see if it was justified and whether it was mentioned in a (plain text, localized potentially into many languages) privacy policy.
Agreed. Apps on iOS (IMO) should have to declare what domains they'll access and otherwise get no other network access with special exceptions for browsers and network tools. I hope Apple will prevent apps from seeing SSIDs. I also hope Apple will come up with some similar solution for bluetooth so that apps can only see the devices the user selects and not just scan for all devices.
> declare what domains they'll access and otherwise get no other network access
So Facebook will just provide an SDK for app developers to integrate server-side that lets their app send the data to their own domain, and the server passes it on to FB. Developers will install it, because they want the analytics and ad conversion tracking. There probably isn't a great technical solution to this problem.
This would be leagues better than what we have now since we know that (at least a handful of) companies don't know or actively audit what their SDKs are doing - the Zoom situation here has plausible deniability. If they requires some server-site SDK to do this, some/many would do it, but that increases the cost of running the SDK and there wouldn't be any way to say "we didn't know FB used us as a privacy trojan".
Apple's browser is privacy respecting. The app universe is still the wild west. IDFA is terrifying because you can do out-of-band lookups with third parties and you'd NEVER KNOW. At least with cookies you can trace the information flows.
Not just that Apple has actually started to sell users' data to Goldman Sachs as well. The worst part is, this is opt-in. Not opt out. And opt out is incredibly so backward that you need to email some address instead of just clicking a button.
So I don't see how they're a "privacy respecting company" either. It's just marketing BS.
I'm not sure you read the article you linked to properly:
> Apple is changing the privacy policy for Apple Card with iOS to share a richer, but still anonymized set of data with Goldman Sachs in order to allow the creation of a new credit assignment model, which could expand the group of users that may be able to secure credit.
> There is also a beefed up fallback method in the works that will allow users to share more personal data on an opt-in basis with Goldman Sachs if you do not at first get approved
So anonymised by default.
Opt-in, IF you want to share more personal data.
Do you also understand it's Goldman Sachs that run the credit cards, accounts, etc, they're not just randomly sharing data with Goldman Sachs?
“You can opt out of this use or your Apple relationship information by emailing our privacy team at dpo@apple.com with the subject line ‘Apple Relationship Data and Apple Card.’”
It doesn't matter how anonymized they claim it to be, it should be opt-in, not opt-out. Of course virtually nobody would choose to opt-in, which is the point.
Sure, it would be nice if no company ever shared data with any other company, but that does not track in this case.
People signing up for an Apple branded Goldman Sachs credit card shouldn't be surprised or affronted by the fact Goldman Sachs gets anonymised data from Apple.
Why the hell anyone would sign up for this crap is beyond me. But it's not a reason to drag Apple into the context of a thread about a company guilty of basic privacy failures -- sending personal data to a 3rd party social network the user has no connection to.
Please also understand what 'anonymised' means, it means _not reversible_ i.e. you _cannot_ tell who the user is.
This whole Zoom revelation reminds me of the Cambridge Analytica scandal. This has been going on for a long time now, and it wasn't until one specific company did it that everyone is now concerned.
Mine shows nothing: "You have no available activity to show at this time."
I have been running Facebook in the special Firefox container pretty much since it was available. I took off the WhatsApp and Instagram apps from my phone months ago. For me, the number of ads (on Instagram) and integration into Facebook made them expendable.
I don't know if Facebook really has no information or they do but are not showing it to me.
I'd like to do the same with Google but the Google container wants to force all interactions with Google into one container. I've got dedicated containers for different Gmail identities - it was very handy to have a Gmail identity while I was president of the kids' soccer club and then turn the account over to someone else.
>Surely there are open source video chat solutions already? They haven't taken off for one simple reason: video hosting is expensive. It's quite literally one of the most intensive network activities you can partake in, rivaling torrenting.
There are, as you state OSS solutions [0]. But the video hosting is not akin to Torrenting. Most people are fine with 720p quality video as you're not "watching" the participants like a movie. And as you scale up the number of users the required bandwidth for each subsequent user goes down in a linear fashion due to reduced screen real estate. A conference with 8 users, from a video perspective doesn't reasonably take up more bandwidth than that of 2 given the smaller stream. I am on almost constant conference meetings with 4-12 users, many times with video and I have a full packet monitoring solution at home and can tell you it's not remotely as intensive as you've claimed here.
Just to take you up on possible FOSS solutions: If anyone is looking for a private and open source video chat platform self-hosting NextCloud [0] might be worth a try.
> I don't want to live in a world where my parents and grandparents are expected to pull up Wireshark to figure out if the app they're using will record their front camera without consent.
It's a "commons" issue. I don't necessarily trust FOSS software because I am going to login to the repo and check the code (though I have once or twice), I trust it because I know thousands of people motiviated by ethics and quality vs. money have peer reviewed the code for things like this.
The problem is the lack of notification/visibility into what hosts to which the app is connecting.
It’s possible that your solution might work for some small fraction of users, some of the time, for known spying hosts. Many people still want to access Facebook and Instagram, though.
Why not blame Facebook for being the most data hungry and privacy disrespecting for-profit entity ever known to man? (Google is tied for that spot, Microsoft close third)
It‘s a little bit like blaming the person making the deal with the devil. Of course on some level they deserve blame for engaging with evil but evil presenting itself in a slick interface should also get its fair share.
Yes, Facebook deserves blame for automatically sending all those things to them, even if an app only wants to provide optional Facebook login for users who opt in.
However every app vendor by now should know that Facebook is hungry for data and careless use of Facebook software is to blame in them.
As is Apple (and Google) to blame for providing no privacy measures for users.
Blaming Zoom and FB is entirely acceptable here, it is their responsibility to keep my data private.
Blaming Apple? Why, when Zoom is on the Play Store as well?
https://play.google.com/store/apps/details?id=us.zoom.videom...
>As long as you're running binary blobs that can make whatever network connections they please, people are going to take your data and send it to places you don't know about.
Surely there are open source video chat solutions already? They haven't taken off for one simple reason: video hosting is expensive. It's quite literally one of the most intensive network activities you can partake in, rivaling torrenting.
It doesn't make sense economically to offer a video hosting platform without collecting income from it. Nor does it make sense to attempt a peer-to-peer solution knowing full well that one laggy peer wrecks the experience for everyone else.
It's a very hard problem.