from the color-me-surprised dept.
...or so the researchers claim:
A new analysis has claimed that Apple's device analytics contain information that can directly link information about how a device is used, its performance, features, and more, directly to a specific user, despite Apple's claims otherwise.
On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple's device analytics data includes an ID called "dsId," which stands for Directory Services Identifier. The analysis found that the dsId identifier is unique to every iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.
[...] Apple has historically taken a hard stance on user privacy, repeatedly claiming it believes privacy is a "fundamental human right." Apple's privacy claims have been under increasing scrutiny in recent months, with the company now facing a class action lawsuit accusing it of tracking users without their consent.
Originally spotted on Schneier on Security.
Related:
- Apple vs. Feds: Is iPhone Privacy a Basic Human Right?
- Your iCloud Data is "Phenomenal" to Law Enforcement Agencies
- Apple Plans to Scan US iPhones for Child Abuse Imagery
Related Stories
Apple plans to scan US iPhones for child abuse imagery:
Apple intends to install software on American iPhones to scan for child abuse imagery, according to people briefed on its plans, raising alarm among security researchers who warn that it could open the door to surveillance of millions of people's personal devices.
Apple detailed its proposed system—known as "neuralMatch"—to some US academics earlier this week, according to two security researchers briefed on the virtual meeting. The plans could be publicized more widely as soon as this week, they said.
The automated system would proactively alert a team of human reviewers if it believes illegal imagery is detected, who would then contact law enforcement if the material can be verified. The scheme will initially roll out only in the US.
[...] Security researchers, while supportive of efforts to combat child abuse, are concerned that Apple risks enabling governments around the world to seek access to their citizens' personal data, potentially far beyond its original intent.
"It is an absolutely appalling idea, because it is going to lead to distributed bulk surveillance of . . . our phones and laptops," said Ross Anderson, professor of security engineering at the University of Cambridge.
I've found this story on CodePre.com:
A secret recording of a presentation by a surveillance company has revealed how Apple has aided law enforcement agencies and state-sponsored surveillance programs by providing iCloud data. The presentation also revealed that with data from the likes of Facebook and Google, unsuspecting targets could be tracked within a three-foot radius.
The revealing presentation in question was delivered by PenLink's Scott Tuma at the National Sheriffs Association winter conference and was recorded by Tech Inquiry founder Jack Poulson. Organizations like PenLink are nondescript service providers that work behind the scenes to help the US government track criminals. PenLink is based in Nebraska and earns $20 million each year for the services it provides. He gained notoriety as a wiretapper in the 2000s when his services helped convict Scott Peterson of gruesome murders. Serves federal authorities such as the FBI, DEA, Immigration and Customs Enforcement (ICE), and local and state police.
Forbes reports that Tuma called Apple's assistance (when required by court order) through iCloud backups and data "phenomenal." "If you did something wrong, I bet I could find it in that backup," he said. Meanwhile, the iPhone maker claims that it allows users to encrypt their backups. He also says that he responds to law enforcement agencies directly upon request and not through private companies like PenLink. The company has also publicly refused to unlock iPhones in the past for the privacy and security of users.
Other surprising revelations in Tuma's presentation suggest that PenLink can exploit activity on almost any social media platform, including those that advertise foolproof end-to-end encryption. Facebook, Instagram, LinkedIn, Snapchat, and Google.
Leaders today must be ready to take a stand on thorny social and political issues. A case study by Nien-hê Hsieh and Henry McGee examines how Apple CEO Tim Cook turned calls for data access into a rallying cry for privacy, and the complexities that followed:
Apple CEO Tim Cook didn't come to his post with an activist agenda, yet when law enforcement officials began pressuring the company to hand over iPhone users' data without their permission, Cook took what he believed was a moral stance to protect consumers' privacy.
[...] "We believe that a company that has values and acts on them can really change the world," Cook said in 2015, a year after Apple debuted new privacy measures that blocked law enforcement from accessing its customers' data. "There is an opportunity to do work that is infused with moral purpose." He said shareholders who were only looking for a return on investment "should get out of the stock."
A Harvard Business School case study and its revision, Apple: Privacy vs. Safety (A) and (B), illustrates the complex ramifications that companies should consider when putting their stake in the ground on challenging societal issues like privacy. The authors of the case offer a suggestion for CEOs: Few corporations can expect to steer clear of the lightning-rod issues of the day, so perhaps it's best to meet them head on as part of the job.
(Score: 1) by Runaway1956 on Friday November 25, @12:20PM
ain't
"no more than 8 bullets in a round" - Joe Biden
(Score: 2) by Rosco P. Coltrane on Friday November 25, @12:50PM
Hmm no: Apple has done a lot of posturing and promised a lot of promises that anybody with common sense, and the realization that there's just too much money in data monetization for Apple to resist the urge to gather and exploit it, would never have believed. Believing Apple on privacy is like believe a crackhead who promises you he'll never touch the stuff again: you know they just can't resist it, but they don't want you to know.
Now their "hard stance" is revealed for what it truly is: a ploy to attract privacy-minded customers and exploit their data just the same as all the other sumbitches.