Opt-out is not appropriate for privacy concerns, IMO, for two reasons.
1. Opt-out is not necessarily sticky. I don't have confidence that when I opt out, my preference will get rolled forward every time there's an update to the way the feature works. I have noticed this in the past with Facebook and Google.
2. What's good for the goose is good for the gander. If Apple needs to implement opt-out to placate sophisticated users who actually understand what the problem is, then what about the poor saps who don't really know why this is a bad thing in the first place?
If this is truly a "feature," let people decide for themselves at time of device setup whether they want to opt in.
> If this is truly a "feature," let people decide for themselves at time of device setup whether they want to opt in.
They may very well do this. On startup installation, macOS and iOS do have opt-in screens for certain things like analytics, improving Siri, stuff like that. With the introduction of this feature, I wouldn't be surprised if they add that as well.
It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature. Apple's philosophy, which is wildly successful for most users, is to choose sensible defaults about how the OS works. When those are challenged, they expose them more explicitly, as they have done in the past. No company can easily predict if their defaults are going to cause a divide, so sometimes they have to be reactive on some features. Apple generally has a great track record of responding to criticisms like this and making things clearer for users.
> It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature.
Privacy isn't "every conceivable feature" and the reason Apple is taking heat for this in the first place is that they buried it, and many people discovered it for themselves when the server slow-down happened. It takes some mental gymnastics to refer to that as "wildly successful."
My view is that Apple has no business knowing when and how frequently I run programs, nor circumventing my VPN. If these things are really a "wildly successful" "feature," then why bury them in the first place? Offer them to me as an option and let me bask in the glory of all that Mac OS has to offer.
...That is, unless this is just an intrusion into my privacy.
On startup installation, macOS and iOS do have opt-in screens for certain things like analytics, improving Siri, stuff like that.
And yet there is some data stored in my iCloud account, even though the first thing I did when I bought an iPhone was spend an hour turning off every setting that I could see that would permit uploading anything. How did that happen? Apple introduced some new settings in a subsequent iOS update, and defaulted them to being turned on.
It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature.
OK. Just provide a single, clearly marked option to enable or disable telemetry globally, and require that all Apple software and all apps in the App Store use APIs that are gated by that option for all relevant data uploads. That would be very clear about user intent, if you want to be seen to support user privacy as a genuine goal.
Apple generally has a great track record of responding to criticisms like this and making things clearer for users.
And yet huge amounts of data uploaded to iCloud still isn't end-to-end encrypted, even optionally. A lot of Apple users don't realise this, but plenty who do have called Apple out on it for a long time, and it hasn't been fixed. You can read whatever conspiracy theories and subjective arguments you like about why that might be, but the insecurity is an objective weakness in the system that hasn't been fixed.
Zoom, WhatsApp and other companies have recently been criticized for lacking proper end-to-end encryption as well. I don’t know much about that technology but it appears to be tough to do at scale, or at least, this is a more general flaw in the industry than specifically Apple’s problem.
The basic principles of end-to-end encryption aren't particularly difficult if there are only two communicating parties[1]. However, you do need an architecture that supports it.
I suspect a lot of online communications and data hosting services now have a barrier to implementing E2E simply because they already have established infrastructure and software architecture but everything was originally specified to support a centralised system. You can't just drop in a different library or edit a handy configuration file to turn one type of system into the other. Fundamentally, you need to build something new and with a different architecture to work on an E2E basis, which is a major investment and a significant risk if you already have an otherwise successful product operating on a large scale.
The main challenge with E2E, as far as I'm aware, is still how to scale up the basic principle effectively as the number of participants increases.
However, none of this affects the iCloud functionality I've been referring to, where essentially you're only storing data for one party anyway.
[1] This statement is made in the context that encryption in general is a field where you really want people who know what they're doing implementing everything and if you don't have experts in-house then you should probably use someone else's tried and tested implementation instead of attempting a home-grown version.
1. Opt-out is not necessarily sticky. I don't have confidence that when I opt out, my preference will get rolled forward every time there's an update to the way the feature works. I have noticed this in the past with Facebook and Google.
2. What's good for the goose is good for the gander. If Apple needs to implement opt-out to placate sophisticated users who actually understand what the problem is, then what about the poor saps who don't really know why this is a bad thing in the first place?
If this is truly a "feature," let people decide for themselves at time of device setup whether they want to opt in.