Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
69,745
41,115



When Apple introduced iOS 10, macOS Sierra, watchOS 3, and tvOS 10 at the 2016 Worldwide Developers Conference, it also announced plans to implement a new technology called Differential Privacy, which helps the company gather data and usage patterns for a large number of users without compromising individual security.

At the time, Apple said Differential Privacy would be used in iOS 10 to collect data to improve QuickType and emoji suggestions, Spotlight deep link suggestions, and Lookup Hints in Notes, and said it would be used in macOS Sierra to improve autocorrect suggestions and Lookup Hints.

emojireplacer.jpg

There's been a lot of confusion about differential privacy and what it means for end users, leading Recode to write a piece that clarifies many of the details of differential privacy.

First and foremost, as with all of Apple's data collection, there is an option to opt out of sharing data with the company. Differential data collection is entirely opt in and users can decide whether or not to send data to Apple.

Apple will start collecting data starting in iOS 10, and has not been doing so already, and it also will not use the cloud-stored photos of iOS users to bolster image recognition capabilities in the Photos app.
As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes.

Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.
Apple's deep concern for user privacy has put its services like Siri behind competing services from other companies, but Differential Privacy gives the company a way to collect useful data without compromising the security of its customer base.

As Apple's VP of software engineering Craig Federighi explained at the WWDC keynote, Differential privacy uses hashing, subsampling, and noise injection to enable crowd-sourced learning without simultaneously gathering data on individual people.

Article Link: Apple's New Differential Privacy Feature is Opt-In
 
  • Like
Reactions: campyguy and 997440
Apple's focus on privacy is going to become increasingly important as Apple disrupts the health field and becomes itself a health company. Apple's hiring patterns, the importance of the Apple Watch to the company and the time dedicated to health in keynotes and on its websites shows that Tim Cook's Apple is about Health. Establishing itself as trustworthy with regards to privacy is critical to its future.
 
Last edited:
Differential privacy without compromising individual security.. hmm.. I know I've heard this promise before and then it was later discovered, that people could in fact derive info from all that "anonymous" data...
 
Last edited:
So.... Where is the opt in? In each individual app? Is there a universal setting? Not seeing anything specifically in beta 1
 
I'll be opting IN for this. Apple put forth a tremendous amount of effort to obfuscate this data, and I trust it will remain that way. This is a great method for improving the quality of their services without compromise. This is what makes Apple great and why I'm a customer. Apple is far from perfect, but privacy is what matters most to me. Luckily they're also pretty good at UX and industrial design.
 
So.... Where is the opt in? In each individual app? Is there a universal setting? Not seeing anything specifically in beta 1
They haven't collected any data yet, so arguably I doubt that in the current betas there's any option.

  1. Differential data is making its debut with iOS 10 and Apple says it has not yet been collecting such data.
Source: Recode Article

This article is worded in a confusing way. I think what you are saying is that data collection in general (which will use the differential obfuscation technology) will be opt in, correct? Not that using differential obfuscation will be opt in but the data collection will occur regardless?
Take an educated guess. *

Glassed Silver:mac

*Spoiler: yes, collection in general is opt-in
 
For those worried about the privacy stuff, there's a brief explanation about it in this video.
http://daringfireball.net/thetalkshow/2016/06/17/ep-158

They talk about how Differential Privacy works. Seems like it's impossible to retroactively identify someone. Also, the whole video is pretty interesting.
It's not a magic bullet. Basically, it allows you to choose a tradeoff between privacy and usefulness of the data. It's also still experimental. Here's a more in-depth discussion by Matt Green (who is a security researcher at John Hopkins):

http://blog.cryptographyengineering.com/2016/06/what-is-differential-privacy.html
 
looks like they're stepping into this lightly for now, which is fine, but i hope when they're comfortable with the results they don't need yearly updates to add domains and new types of data that they're searching for. SIRI is the feature, not the domains it knows - it's capabilities should be rolled out more aggressively.
 
Apple's focus on privacy is going to become increasingly important as Apple disrupts the health field and becomes itself a health company. Apple's hiring patterns, the importance of the Apple Watch to the company and the time dedicated to health in keynotes and on its websites shows that Tim Cook's Apple is about Health. Establishing itself as trustworthy with regards to privacy is critical to its future.
Amen!!
 
So.... Where is the opt in? In each individual app? Is there a universal setting? Not seeing anything specifically in beta 1
Same place it's always been, opting out of sharing data with Apple isn't new.
 

Attachments

  • IMG_2111.PNG
    IMG_2111.PNG
    95.2 KB · Views: 366
  • Like
Reactions: karthik2809
Differential privacy without compromising individual security.. hmm.. I know I've heard this promise before and then it was later discovered, that people could in fact derive info from all that "anonymous" data...
Could be, but you should take their track record into account: Apple has a longstanding consistent track record concerning user privacy which makes them more credible compared to some other companies.
 
  • Like
Reactions: EricTheHalfBee
Data collection with privacy and anonymity is such an interesting problem to solve.

I imagine once this matures it could do do amazing things for the healthcare industry as this is the direction they are heading.
 
This article is worded in a confusing way. I think what you are saying is that data collection in general (which will use the differential obfuscation technology) will be opt in, correct? Not that using differential obfuscation will be opt in but the data collection will occur regardless?

Yup. It was so perfectly unexplained that I felt I knew less about Differential Privacy after reading the article than before I started.
 
  • Like
Reactions: DCIFRTHS
Differential privacy without compromising individual security.. hmm.. I know I've heard this promise before and then it was later discovered, that people could in fact derive info from all that "anonymous" data...
You've heard of anonymizing data, which is NOT differential privacy. One can be proven mathematically to work (Apple's approach) one is just buzzwords with weak security features.
[doublepost=1466795157][/doublepost]
Apple's focus on privacy is going to become increasingly important as Apple disrupts the health field and becomes itself a health company. Apple's hiring patterns, the importance of the Apple Watch to the company and the time dedicated to health in keynotes and on its websites shows that Tim Cook's Apple is about Health. Establishing itself as trustworthy with regards to privacy is critical to its future.
I could tell they were heading this way from two WWDC's ago when they starting randomizing MAC addressing so places like malls couldn't scrape data from passerby's and the including on DuckDuckGo as a search engine. It's been fascinating to watch the roll out of privacy features ever since.
 
it cannot be done

At the end of the day, its still a company about trust.
 
Last edited:
The first thing I do with any new device or software is shut down all "share information with..." options. I run Little Snitch to open up the bare minimum number of talk back channels. I generally do my best to protect my anonymity where ever I can.

I will be opting in to Apple's new system.

It may not be perfect yet, but it's important that they're taking this step and making a concerted effort to do away with the tradeoff between convenience and privacy. If those of us concerned with privacy don't support their effort, then Apple and others will decide the effort isn't worth making and then the only options left will be complete lack of privacy or complete lack of networked intelligence.

Differential privacy is different than "user identifiable information has been removed" because it is statistically secure in the way that encryption is statistically secure. Just like most security measures, there will be occasional breaches, I'm sure, but for the same reason I bought a hybrid early-- to support development of a new technology-- I'll be turning on these services.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.