Craig Federighi Shares Apple's Four Privacy Principles in Conference Keynote

[MacRumors]

Apple software engineering chief Craig Federighi today spoke at the virtual European Data Protection & Privacy Conference, where he highlighted Apple's approach to privacy and commitment to keeping customer data safe.

Federighi's keynote speech is available through the YouTube embed above, but make sure to skip to the 49 minute mark. Apple executives often speak about privacy, so much of what Federighi had to say at the event wasn't new. He focused on the four key privacy principles that guide Apple.

1. Not collecting unnecessary data through data minimization.
2. Processing as much data on device as possible.
3. Making it clear to customers what data is collected and giving them tools to control how that data is used.
4. Keeping data safe through security, including Apple's unique integration of hardware and software. Security is the foundation of privacy.

Federighi said that other companies "gather, sell, and hoard" as much personal data from customers as possible, which Apple finds "unacceptable."

Now, others take the opposite approach. They gather, sell, and hoard as much of your personal information as they can. The result is a data-industrial complex, where shadowy actors work to infiltrate the most intimate parts of your life and exploit whatever they can find--whether to sell you something, to radicalize your views, or worse.

Federighi reiterated that Apple believes privacy is a "fundamental human right," which is something that Apple executives often say, and he shared details on how Apple works on privacy behind the scenes. Apple's privacy engineers, for example, evaluate new features to collect as little data as possible.

Federighi also pointed out Apple's lead in the privacy field, such as end-to-end encryption, which inspired other companies to adopt better encryption after it was added to Apple's products. "As Tim Cook says, we want to be the ripple in the pond that creates larger changes."

He highlighted some of the new privacy-focused features in iOS, including the iOS 14 feature that will require apps to disclose when they're using tracking functionality to follow your movements across apps and websites. The App Tracking Transparency feature is set to be enabled in early 2021, and it has some developers and advertising companies up in arms.

Of course, some advertisers and tech companies would prefer that ATT is never implemented at all. When invasive tracking is your business model, you tend not to welcome transparency and customer choice.

Just as with ITP, some in the ad industry are lobbying against these efforts--claiming that ATT will dramatically hurt ad-supported businesses. But we expect that the industry will adapt as it did before--providing effective advertising, but this time without invasive tracking.

Getting this right will take time, collaboration, listening--and true partnership across the entire technology ecosystem. But we believe the result will be transformative.

Federighi said that Apple would love to see competition among companies for the "best, the strongest, and the most empowering privacy features."

In other words, we don't define success as standing alone. When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from.

Federighi went on to conclude that he hopes Apple will be remembered not just for its devices, but for "helping humanity enjoy the benefits of this great technology... without requiring that they give up their privacy to do it."

"It's in our power today to end that false tradeoff... to build, for the long term, not just a foundation of technology, but a foundation of trust," he said.

Article Link: Craig Federighi Shares Apple's Four Privacy Principles in Conference Keynote

 

[TheYayAreaLiving 🎗️]

Outstanding Presentation!

Craig for CEO of Apple.

 

[contacos]

Why haven’t I head of this conference on any of my European tech sites today 🤔

 

[rk-apple]

Apple's commitment to privacy is the major reason I allow myself (and my family) to get so sucked into the Apple ecosystem. I trust Apple way more than the Amazon or Google ecosystems.

 

[yyy]

Too bad it translates to harassing their developers with ever-changing security policies which make it even harder to release new apps. They expect developers to provide way more data than most users even care about. Let's face it, we all just click the "Next" button as soon as we see it...

 

[ozzymo]

If you really think Apple cares about privacy and security then read this article. They left loopholes in Big Sur so that their apps and processes can get around firewalls and VPNs. You have to ask yourself why would Apple leave holes in their OS so their apps can get around firewalls if they care so much about privacy.
This translates to Apple saying we care about your privacy as much as we don't want other companies to track you, but we will make sure our apps can send all the data we want back to us. Since we made the devices it's ok for us to track you, just not anybody else.

Apple's own programs bypass firewalls and VPNs in Big Sur

Apple has made strange choice in macOS 11 that pose risks to both security and privacy - and protecting yourself is not easy

www.macworld.co.uk

 

[MauiPa]

Too bad it translates to harassing their developers with ever-changing security policies which make it even harder to release new apps. They expect developers to provide way more data than most users even care about. Let's face it, we all just click the "Next" button as soon as we see it...

Now, if the app developers instituted their own policies that were at a minimum the Apple standard, would not be a problem, and the consumers would be way better off. I have no tolerance for a whiny developer that complains when having to institute stricter and stricter privacy protections, because, well, they have been violating my privacy as a course of business, and I would prefer it stop.

 

[MauiPa]

If you really think Apple cares about privacy and security then read this article. They left loopholes in Big Sur so that their apps and processes can get around firewalls and VPNs. You have to ask yourself why would Apple leave holes in their OS so their apps can get around firewalls if they care so much about privacy.
This translates to Apple saying we care about your privacy as much as we don't want other companies to track you, but we will make sure our apps can send all the data we want back to us. Since we made the devices it's ok for us to track you, just not anybody else.

Apple's own programs bypass firewalls and VPNs in Big Sur

Apple has made strange choice in macOS 11 that pose risks to both security and privacy - and protecting yourself is not easy

www.macworld.co.uk

I think you didn't think this one out very well. The uses are not being made to track you, simple as that

 

[Dave-Z]

Making it clear to customers what data is collected and giving them tools to control how that data is used.

Probably their weakest area. Apple really needs to go into more detail about the data that is collected and how to control that.

For example, iOS/iPadOS system-wide Spotlight searches phones home to Apple. Even when looking up local information. You can turn off the "Siri"-type suggestions in Settings (about 4-6 toggles at the top of Settings > Siri at the time of writing this), but it still phones home. In fact, you have to go through every application in that Settings > Siri section and disable 3-5 toggles (again, per app) to get Spotlight search to truly be local. This is not documented anywhere that I can find and I only figured it out through proxying a device's requests along with trial and error.

There are other instances of this type of behavior, too.

Then there's the inability to opt out of certain analytics at all. For example, why can't I turn off Books and Podcasts analytics? I get that it's allegedly anonymized, but perhaps I don't want data reported at all? Not an option, apparently.

Apple does well and better than many other companies, but if people think they are the poster-child of privacy they are mistaken.

 

[ozzymo]

Now, if the app developers instituted their own policies that were at a minimum the Apple standard, would not be a problem, and the consumers would be way better off. I have no tolerance for a whiny developer that complains when having to institute stricter and stricter privacy protections, because, well, they have been violating my privacy as a course of business, and I would prefer it stop.

The "Apple Standard". So now all industries have to follow an "Apple Standard". No one has violated your privacy against your will. You can easily stop using websites or services that "violate" the "Apple Standard". If you continue to use said services, then you are agreeing to it and are complicit.

 

[ozzymo]

I think you didn't think this one out very well. The uses are not being made to track you, simple as that

Did you read the article? Apple has exempted 56 of their processes from firewalls. Malware developers have already figured out a trivial way to get malware through now. Remember Apple's reason why they wouldn't work with the FBI to help them. They said if they put a backdoor in their system then anyone can take advantage of it. That is just what has happened here. Apple left a backdoor in Big Sur so there processes can not be blocked at all and malware will start using those exemptions now.

 

[bigboy29]

Apple's commitment to privacy is the major reason I allow myself (and my family) to get so sucked into the Apple ecosystem. I trust Apple way more than the Amazon or Google ecosystems.

So much this!

One could argue that while they too are not perfect (nobody is) - the fact that their revenue does not depend on selling of data is where it's at.

 

[Appleman3546]

He said that competitors can copy Apple ... So Apple will be willing to open up the nfc chip so that competitors of Apple Pay can copy Apple’s work? What about Apple opening up to other app stores so that competitors can copy Apples work? This speech had some fundamental flaws: privacy is good, but our standard is the floor and often the ceiling too

 

[BWhaler]

Thank you Apple. Your leadership on protecting privacy will be highly regarded for the ages.

 

[RedTheReader]

Probably their weakest area. Apple really needs to go into more detail about the data that is collected and how to control that.

For example, iOS/iPadOS system-wide Spotlight searches phones home to Apple. Even when looking up local information. You can turn off the "Siri"-type suggestions in Settings (about 4-6 toggles at the top of Settings > Siri at the time of writing this), but it still phones home. In fact, you have to go through every application in that Settings > Siri section and disable 3-5 toggles (again, per app) to get Spotlight search to truly be local. This is not documented anywhere that I can find and I only figured it out through proxying a device's requests along with trial and error.

There are other instances of this type of behavior, too.

Then there's the inability to opt out of certain analytics at all. For example, why can't I turn off Books and Podcasts analytics? I get that it's allegedly anonymized, but perhaps I don't want data reported at all? Not an option, apparently.

Apple does well and better than many other companies, but if people think they are the poster-child of privacy they are mistaken.

I do have to admit, the recent gatekeeper incident (on Big Sur launch day) left me irritated that Apple wasn't being more transparent about what the OS is doing. They acted like it was some arbitrary information that wasn't relevant and that no one should ever have to see… even if the users in question have software on their computers that shows everything that comes in/out.

Well, as I'm sure we all learned the hard way, it's not arbitrary. So many users couldn't get their work done on that day and they had no idea what was going on, much less how to get around it. I'm glad it led to Apple vowing to be more transparent with gatekeeper in the future, but why so secretive in the first place?

 

[ozzymo]

Probably their weakest area. Apple really needs to go into more detail about the data that is collected and how to control that.

For example, iOS/iPadOS system-wide Spotlight searches phones home to Apple. Even when looking up local information. You can turn off the "Siri"-type suggestions in Settings (about 4-6 toggles at the top of Settings > Siri at the time of writing this), but it still phones home. In fact, you have to go through every application in that Settings > Siri section and disable 3-5 toggles (again, per app) to get Spotlight search to truly be local. This is not documented anywhere that I can find and I only figured it out through proxying a device's requests along with trial and error.

There are other instances of this type of behavior, too.

Then there's the inability to opt out of certain analytics at all. For example, why can't I turn off Books and Podcasts analytics? I get that it's allegedly anonymized, but perhaps I don't want data reported at all? Not an option, apparently.

Apple does well and better than many other companies, but if people think they are the poster-child of privacy they are mistaken.

Yes exactly this. Apple loves to trot out about how they care about privacy and they block other companies from tracking you. But very conveniently they leave out the facts that you can't opt out of Apple various tracking methods.

 

[bigboy29]

So now all industries have to follow an "Apple Standard". No one has violated your privacy against your will. You can easily stop using websites or services that "violate" the "Apple Standard".

That is actually not true; for example - one could have no Facebook account and yet, Facebook has trackers in many unrelated apps and most websites, and is collecting information. Same for Google ad network etc. The amount of tracking that goes on that is not exposed to end users is staggering, actually.

 

[Dave-Z]

Did you read the article? Apple has exempted 56 of their processes from firewalls. Malware developers have already figured out a trivial way to get malware through now. Remember Apple's reason why they wouldn't work with the FBI to help them. They said if they put a backdoor in their system then anyone can take advantage of it. That is just what has happened here. Apple left a backdoor in Big Sur so there processes can not be blocked at all and malware will start using those exemptions now.

Not sure how you can be down-voted on this comment when, in fact, what you are stating is true: Apple exempts its own services and third-parties have indeed found a way to exploit that. 🤷‍♂️

Edit: Citing source:

https://twitter.com/x/status/1327726496203476992

 

[ozzymo]

Not sure how you can be down-voted on this comment when, in fact, what you are stating is true: Apple exempts its own services and third-parties have indeed found a way to exploit that. 🤷‍♂️

Apple fanboys! They will downvote anyone and any comment that brings light to anything Apple is doing.

 

[ozzymo]

That is actually not true; for example - one could have no Facebook account and yet, Facebook has trackers in many unrelated apps and most websites, and is collecting information. Same for Google ad network etc. The amount of tracking that goes on that is not exposed to end users is staggering, actually.

Remember to include Apple in that group. You can't opt out of tracking in Apple's apps. They say they anonymize all data they collect, but if they are so privacy minded they would let you opt out completely.

 

[Dave-Z]

They say they anonymize all data they collect, but if they are so privacy minded they would let you opt out completely.

This. I contribute logs, etc. to developers when I have a legitimate issue (repeated crashing, etc.). Otherwise I want no logs or analytics delivered anywhere, which is not an option with Apple.

 

[ozzymo]

This. I contribute logs, etc. to developers when I have a legitimate issue (repeated crashing, etc.). Otherwise I want no logs or analytics delivered anywhere, which is not an option with Apple.

Exactly me too. This just shows that once again everything Apple does is about control. They hate that other companies track you and they have no control over it. But they love to control the situation and take away the ability to block their apps. Tracking is ok as long as they can control it. If not its bad and they will protect everyone from all tracking except Apple tracking.

 

[iamgalt]

Anytime I see Google's name next to anything involving privacy, I have to laugh. Their "privacy policy" is basically, collect all they can so they can sell it. Same with Facebook, but I don't see their logo in the group of others.

 

[ChromeAce]

It’s hard to take Craig seriously when he has yet to flip the switch on iCloud Backup encryption. What good is locking down your phone in kryptonite if iOS simply decrypts the whole thing and stores it in the cloud?

 

[ozzymo]

It’s hard to take Craig seriously when he has yet to flip the switch on iCloud Backup encryption. What good is locking down your phone in kryptonite if iOS simply decrypts the whole thing and stores it in the cloud?

And what is the most probable reason for Apple to not do that? You have millions upon millions of iCloud backups unencrypted on their servers. I'm not saying Apple is doing anything nefarious with the data, but it is a wealth of data for them to mine and grab whatever relevant user info they can use.