mardi 29 septembre 2015

Apple publishes praiseworthy, plain-speaking privacy policies

brown_paper_privacy

Perhaps inspired by the backlash Microsoft has faced over privacy concerns in Windows 10, Apple has published its own privacy policies on a new page that's designed to be easy to read. Written in plain English, the site sets out Apple's position regarding privacy in OS X and iOS. As well as touting the steps to which the company goes to protect its customers' privacy, Apple also uses the documents to trumpet numerous security features.

This is Apple riding the waves of interest concerning privacy, using it as an opportunity to get one over the likes of Microsoft and Google. There are promises of "telling you up front exactly what’s going to happen to your personal information and asking for your permission" as well as the offer that "if you change your mind later, we make it easy to stop sharing with us". Sounds great in theory, but does it stand up to scrutiny?

Apple does not have an untainted record when it comes to security, the Fappening breach of celebrity iCloud accounts being a case in point. Steps have been taken to tighten the locks after this problem, and although the company is pushing its new privacy policy, it uses it to push security features as well -- although they are referred to in the context of privacy. Few people would think of issues with Apple Pay to be a privacy issue rather than a security problem, but Apple makes reference to its payment system when it asserts "we build privacy into everything we make".

When it talks about encryption, the company says that it "refuse[s] to add a backdoor into any of our products because that undermines the protections we’ve built in", going on to explain that encryption is such that Apple itself is not able to decrypt data from individual devices. Returning to Apple Pay, the company admits that "approximate time and location" may be stored in relation to transactions, but assures users that encryption means that information cannot be connected to an individual in an identifiable way.

Apple takes a leaf out of Microsoft's Google-baiting when it talks about iMessage and FaceTime:

Unlike other companies’ messaging services, Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to.

Like Microsoft's Cortana, Apple's Siri makes use of real world data from real world users to help improve the service. For anyone concerned about the encryption and anonymizing Apple uses when transmitting this data, the company says:

Siri and Dictation do not associate this information with your Apple ID, but rather with your device through a random identifier. Apple Watch uses the Siri identifier from your iPhone. You can reset that identifier at any time by turning Siri and Dictation off and back on, effectively restarting your relationship with Siri and Dictation. When you turn Siri and Dictation off, Apple will delete the User Data associated with your Siri identifier, and the learning process will start all over again.

There's more prodding of Google when Apple talks about Maps:

Other companies try to build a profile about you using a complete history of everywhere you've been, usually because they're targeting you for advertisers. Since our business doesn’t depend on advertising, we have no interest in doing this -- and we couldn't even if we wanted to.

There is also an interesting revelation about how the data anonymization process works when using Maps for directions:

Maps is also engineered to separate the data about your trips -- including public transit directions -- into segments, to keep Apple or anyone else from putting together a complete picture of your travels. Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A's and Point B's doesn't.

Apple is refreshing open about pointing users to directing users to the setting they need to be aware of to adjust their privacy settings. There's an obligatory section that talks about government data requests:

Apple has never worked with any government agency from any country to create a 'backdoor' in any of our products or services. We have also never allowed any government access to our servers. And we never will.

We learn that just 6 percent of data requests seek personal information about users, and that overall, less than 0.00673 percent of users have actually been affected by data requests.

Apple may not be doing much that's very different to other companies, but the key difference is the openness. There is a welcome level of transparency and accessibility to the new privacy policy, and it is something from which others could learn a lot.

Take a look at the privacy policies and see what you think. They might not be perfect, but they are a step in the right direction.

Photo credit: Ivelin Radkov / Shutterstock



Aucun commentaire:

Enregistrer un commentaire