Thanks for the link to the Macworld article; I just read it. It sounds fairly reassuring, but not totally… and I’m guessing that it’s just a restatement of Apple’s statements, not a summary of impartial 3rd-party research (like by a network engineer). Also… I’d just like to point out that it was published almost a year and a half ago. A lot can change in that time.

No, I don’t think I did that – or I certainly didn’t intend to. From my Apple Dictionary:
“postulate: a thing suggested or assumed as true…”

I phrased my original post as a question, for a reason. I meant it as a real question, not a rhetorical question. I included phrases like “…the claim is that…” and “If it’s true.” I might be arguing devil’s advocate a little in this thread, but I’d do that with any controversial issue, as a way to draw out more opinions and information.

Please don’t (implicitly) say that I accused Apple of something. The guys who filed the lawsuit are doing the accusing; I’m just wondering.

It’s not beside the point in the context of the linked EFF article I was responding to. All the examples of “de-anonymization” I’ve ever encountered involved a piece of data that shouldn’t have been considered anonymous in the first place.

There’s a difference between de-anonymizing data (i.e. identifying the specific person in question) and tracking an individual from anonymized data (i.e. knowing which data belongs all to the same individual without necessarily knowing their identity).

And the question of including birthdates in data isn’t irrelevant here. Any particular person has input their birthdate into a wide variety of sites and apps, because so many ask for it and only some allow you to leave it unstated. If you set up a Medical ID record on your iPhone, it asks for your birthdate, meaning that Apple theoretically has access to it.

I used a medical example because the EFF article that was linked opened with data released from “anonymized” medical records. In medicine, a field with some of the strictest privacy regulations in the US, name and birthdate are considered sufficient for verifying identity. Can you say how many and which web sites and apps you’ve given your name and birthdate to? Most people can’t. Many of those who think they can will probably miss some if they try to list them all.

So the question remains, what data is left intact when it is anonymized? That determines whether one should be concerned about the possibility of de-anonymizing.

Apple instituted its last major privacy overhaul in January 2021, and it is totally rattling the advertising industry:

It’s doing enormous damage to revenues of Facebook, etc.

https://www.axios.com/2022/11/10/meta-facebook-foundation-crumbling-advertising-revenue

Interestingly, Amazon is a retail shopping site, though they do have a very successful third party ad sales system. So they aren’t getting hit badly. But the mess Elon Musk created with advertisers is probably compounded by iOS 14.

I think we’re all aware of Apple’s track record on privacy. The question in the thread is whether Apple is saying one thing and doing another and that seems to me to be unresolved.

Force-Restart will not delete the data on my iPhone 12 Mini w/ 16.1.1. Tried basic Restart and Force Restart three times each. Data is still there.

Interesting. I tested this on an iPhone SE3 running iOS 15.7.1. I also tried it on a retired iPhone 5s running iOS 12.5.6 – which did not work. On the other hand, sync’ing that iPhone 5s with iTunes via USB cleared all the data. Maybe something changed in iOS 16?

I guess I’d have to say “considered by whom?” There’s the recent case of the priest outed as a Grindr user based on “anonymized locations” data.

There’s the Bitcoin blockchain, where none of the wallet addresses have personal identifying information. Researchers and law enforcement have been able to assign real-world identities to wallet holders (an excellent read, IMHO):

https://www.amazon.com/dp/0385548095?psc=1&ref=ppx_yo2ov_dt_b_product_details

Then there’s “Researchers … found that just four points of reference, with fairly low spatial and temporal resolution, was enough to uniquely identify 95 percent of [cell phone users].”

Anonymized health data, even (perhaps especially) from “HIPAA compliant” organizations in the US, turns out to be quite vulnerable to deanonymization:

https://onezero.medium.com/why-anonymized-data-isn-t-so-anonymous-535d2db75a2d

Deanonymization has proven to be such a fertile field that I believe that the burden of proof must be on the entity claiming anonymization. Anyone collecting data should be beholden to consumers to be completely transparent about what data is collected, how it is stored, where it goes, what steps are taken to assure that it remains anonymous, how long it is retained, and how its destruction post-retention is assured.

Is this related to the topic of Web back ends “fingerprinting” us? That seems to be a form of “deanonymization” (seems like a useful term that I can’t find in either the Apple Dictionary or the Free Dictionary online).

I realize we’re talking about macOS and iOS here, not a web server etc.… but it seems like the privacy issues are in the same ballpark. Not sure how much technical overlap there is, though.

We should invite Edward Snowden into this thread! Is he on TidBits Talk? /mostlyJoking

My understanding is that “deanonymization” and “fingerprinting” are related, but not the same thing.

“Fingerprinting” makes you trackable but doesn’t necessarily make you identifiable by name or other marker of identity. It just means that all the data associated with you can be positively claimed to be associated with the same person.

“Deanonymization”, on the other hand, is reverse engineering the “anonymized” data to match the data to an identifiable person.

It’s the difference between “all these purchases were made by the same person” and “all these purchases were made by John Q. Smith of Detroit”.

And yes, fingerprinting is used in more than just web sites. Ad providers are continually trying to find ways around Apple’s privacy and security constraints to fingerprint your iPhone.

You could try the recent discussion on MacBreak Weekly. Quite good.

Mmm, yup. Essentially correct. Valid concerns. Etc.

Windows is viable without the privacy violations. I do hope Apple don’t end up there, too. It would make me sad. But it’s not clear to me how they can plausibly avoid it, now they’re in the services business, with all the (inevitable) conflicts of interest that brings.

As discussed, it’s not just the (pseudo-)anonymity of the data itself. On the Internet, at least, the collection process implicitly relies on PII, in particular, the IP address of the submission, which could theoretically be a very strong identifier that is used to associate other related information to an individual. And where Apple is concerned, at least, we’ve learned that they’ve been logging requests when they shouldn’t. So I think guarantees about privacy are useless without the option of an opt-out, however stringently data sanitisation is claimed to be done.

Definitely worth reading:

Apple Platform Security

Services security overview

“Apple has built a robust set of services to help users get even more utility and productivity out of their devices. These services provide powerful capabilities for cloud storage, sync, password storage, authentication, payment, messaging, communications, and more, all while protecting users’ privacy and the security of their data.

This chapter covers security technologies used in iCloud, Sign in with Apple, Apple Pay, iMessage, Apple Messages for Business, FaceTime, Find My, and Continuity.”

Apple is committed to respecting human rights, including the right to privacy and freedom of information and expression. Our Human Rights Policy governs how we treat everyone — from our customers and teams to our business partners and people at every level of our supply chain.

Apple Customer Privacy Policy

https://www.apple.com/legal/privacy/

About privacy and security for Apple products in education

This is sourced from the same site (Gizmodo) that OP referenced, including referring to the same two “researchers” from the “software company” with no apparent home, Mysk. In other words, it’s just another site echoing the original, apparently uncorroborated story about Apple’s alleged wrongdoing.

“ Attorneys we spoke with on Friday evening believe that the filer has a tough hill to climb to win the suit. It’s unclear if the complainant or lawyers who filed the suit understand the distinction between server-side data collection, and how the settings at the core of the suit work.

It’s also likely that this data that is cited in the suit is collected server-side. For example, video streamer Netflix view history is stored server-side and tied to an account, and collected on the server, where the setting for the request not to track does not apply.

In the case of server-side data, “Allow Apps to Request to Track” and “Share Analytics” settings are irrelevant. The part about “Share Analytics” is also likely not relevant on its own, because app browsing history is user behavior, and is not tied to device analytics which are used to determine the state of a device and its internet service when a problem develops.

And there is prior precedent that “app developers” and an App Store hosting company, in this case, Apple, are not one and the same, despite the App Store being an app.

The research by Mysk that inspired the suit says under iOS 14.6 “detailed usage data is sent to Apple” from the App Store, Apple Music, Apple TV, and Books. Stocks sent less identifiable information than the other apps, the researchers claim.

The data sent is reportedly associated with an identifier that could identify a user. The behavior reportedly persists in iOS 16, but the researchers could not examine what data was sent because it was all sent encrypted.”

The researchers did say to Gizmodo that similar data was not sent from Health and Wallet with any combination of privacy settings. All data is sent to different servers than iCloud’s array.

The suit says there is a cash value to consumers’ personal information. The study cited in the suit is based on sales of data, some gathered by hacks and data thefts. Apple says it does not sell user data, and there is no evidence that it does.

Apple is also explicit about how it uses data in its advertising platforms. The company is on record saying that its ad platform does not connect user or device data with that data collected from third parties for targeted advertising. They also say they do not share user device or device identification with data collection firms.“

It’s worth reading the whole article.

At least AI seems to be taking a more rational approach than simply rubber stamping the original Gizmodo article and repeating it as gospel.

I still would like to know who these two “researchers” are, what their qualifications are, and what a “Mysk” is. I’d also like to know what independent, reputable organization has corroborated the “findings” of the “researchers.”

Until that corroboration occurs, it sure sounds like these guys (or at least the guy who filed the “class action” lawsuit) are/is chasing an Apple ambulance, hoping for at least a payoff in the form of a settlement by the world’s most valuable company.

On the other hand, if anybody has any actual evidence (as opposed to allegations) that Apple is lying in order to monetize its users’ data, we would all like to know that.

Which is why I lie (a little) about this for any web site that’s not important.

I use my actual birthday on forms for my banks, doctors and the government. But for things where it doesn’t matter (surveys, on-line retailers, etc.) I lie about it.

For surveys and shopping memberships (which often have special birthday offers), I usually pick a date within a week of my actual birthday. This won’t mess up any demographics they’re collecting (unless they’re being extremely picky), but it will cause someone trying to match it against official records to get incorrect data (or none at all).

For web sites where I really don’t care at all, I just make something up out of whole cloth. I just make sure to pick something in the 20th century, since an under-21 or under-18 age can sometimes result in not having full access to a site.

The article doesn’t go into a lot of detail, but if you can associate an anonymous identifier with a set of locations, that’s probably enough.

After all, if a person spends several hours in the middle of the night at a particular location every night, then that’s almost guaranteed to be his home, or the home of someone with whom he is very familiar. From there, identification should be easy for even the most newbie investigator.

If there is an impartial third party engineer, or engineers, who agrees with the premise of the article, they would have stuck their 2 cents in with evidence by now.

Do you keep any record of what date you report to which web site?

Not really. Most of the time, this is for sites where it doesn’t matter. I’ve never seen a site use this for some kind of authentication question (aside from credit reporting sites, and I use the real date for things like that).

For birthdays I give to survey companies, I use the same date, because I think they may use it to correlate old surveys with new ones and I don’t want to deliberately mess with their data. But that’s only three web sites, so I just remember what I used.