(Bear with me on this one...)
The Sateré-Mawé indigenous people who live deep in the Amazon have a ritual where boys as young as 12 years old must gather bullet ants from the forest which are then loaded into special gaunlets until full...thus the 'ant-laden gloves'. The boys wear the gloves for 10 minutes, and dance, while the ants sting them.
Just to put that into some kind of context from a pain perspective, a bullet ant’s sting is around 30 times stronger than a bee sting. And these boys receive multiple stings when wearing the ritual gloves. The ceremony is to teach the boys that a life lived without suffering or any kind of effort isn’t worth anything at all.
So the boys become men!
Now you are probably wondering how I, who is usually reporting about privacy here on the decentralize.today blog, have arrived at bullet ants? Well, it started when my 12 year old asked me why I don't use iOS but Linux and GrapheneOS as my daily drive. I explained that with Graphene, at this present time, there is literally nothing else that comes close to this kind of setup. No Google, top encryption, it's a one of a kind. Sadly, it only has one developer but let's hope it stays like it is even though it is that thinly resourced.
And for the desktop, I continued, I am on Linux because "well, I am a Linux guy!."
(Sidenote: I have also ordered a PinePhone which is Linux based and which hopefully takes the game up another level.
Whereupon, he chips in that "Mama, Oma (grandmother) and pretty much everyone else you and I know are using iOS, plus you can make it secure, plus with iOS 14 it really kicks ass!"
So I told him the story from the Amazon and concluded it by telling him that just because other kids do this, doesn't mean he has to! (I decided it was not the appropriate time to explain to him how a Masai warrior is considered to have reached manhood so for now ants and apples it is!).
But let's get real, if your entire family is using iOS devices and sharing pictures and texts with you, you are probably already somehow part of the iCloud anyway, shall we say at least 'somewhere in the Apple orchard/garden'?! (Well, it would be if they hadn't switched that feature off).
On top of this all, I've talked to people who don’t want to install COVID trackers and are totally against the new iOS/Android alliance sharing anonymously over Bluetooth if someone has COVID.
Nick Statt
They then head to a Facebook group and rant about how Apple goes against their privacy. Yeah, I know...Facebook groups for privacy rants!!! I prefer the stinging ants every time over Facebook.
Yet the people ranting on Facebook and my son have a point, so let's work on both of these.
The Facebook people have a point as no-one invited Apple or Google into their lives, let alone with Bluetooth nearby sharing everything...on the other hand, Apple did make it clear there is not really a name or an iCloud account attached, which does differntiate it from Facebook which has all your data. Overall, point taken, but maybe find somewhere more private and appropriate to rant about privacy?
Coming now to my son who believed that if everyone else is using iOS it would just be fine for me to do so too. Well, as I said, I close my bathroom door when I shower, so maybe I am kinda different when it comes to this kinda thing.
But let's work with this, iOS 14 claims and has shown in its' beta that they will display a little orange or red dot in the top right corner when someone is using your camera or microphone, which is freaking awesome! They also show when your location is being accessed! We've seen Instagram, YouTube, LinkedIn, Reddit and others actually trigger a mic, location or camera indicator, and hey, so does Facebook, for all the Privacy Ranting Facebook Freaks out there.
Moving on...making iOS 14 somewhat more palatable...
Let's start with built-in apps you can remove, Iet me be clear here, can does not mean you should remove them. Consider what you need and/or use and delete the rest, you can always reload them the Apple Store later:
Activity, Apple Books, Calculator, Calendar, Compass, Contacts, FaceTime, Files, Home, iTunes, Store, Mail, Maps, Measure, Music, News, Notes, Podcasts, Reminders, Stocks, Tips, TV, Videos, Voice Memos, Watch app, Weather, can all be fully removed.
Recording indicator
iOS displays an indicator whenever an app is using the mic or camera, both in the app and in the Control Center.
I'd like to add that Apple, unlike Google with Android, is not an advertising company who makes money out of your data. So before we go on to look at Samsung, Oppo or OnePlus phones which run the pre-installed Android version (without any modifications or OS replacment) understand that they are not as private as iOS.
I like this feature on iOS and if Apple wasn't in a closed garden and actually cared enough to share their source code then, hey maybe, I would be an Apple fanboy! Yet that’s not the world we live in.
Privacy is a fundamental human right and at the core of everything we do. That’s why with iOS 14, we’re giving you more control over the data you share and more transparency into how it’s used.
~Apple
Fingerprinting defense
Safari works to prevent advertisers and websites from using the unique combination of characteristics of your device to create a “fingerprint” to track you. These characteristics include the device and browser configuration, and fonts and plug-ins you have installed. To combat fingerprinting, Safari presents a simplified version of the system configuration so more devices look identical to trackers, making it harder to single yours out. This protection is on by default, so there are no extra steps for you to take.
So I made a test with two iPhones side by side using the settings that come with the phone setup on Safari and the fingerprint matching. This is great news considering how many people are using Safari on iOS worldwide. And it is worth taking the time to read the Safari whitepaper (here in PDF) for Apple:
https://www.apple.com/safari/docs/Safari_White_Paper_Nov_2019.pdf
With iOS 14 you get some new features for Safari such as if you use an insecure Password and the Privacy Report:
Face recognition and scene and object detection are done completely on your device rather than in the cloud. So Apple doesn’t know what’s in your photos. And apps can access your photos only with your permission.
Apple also covers all this in it's own whitepaper:
https://www.apple.com/ios/photos/pdf/Photos_Tech_Brief_Sept_2019.pdf
This may all sound good but I still strongly recommend switching the iCloud photo backup off!
Third-party apps
Apps can ask for access to a single photo instead of all your photos. In addition, apps that simply need to add a photo to your Photos library can ask only for that specific action — without being able to see your photos. You can still choose to grant an app general access to your photos if you like.
Siri
Siri is designed to do as much learning as possible offline, right on your device. Searches and requests are associated with a random identifier — a long string of letters and numbers — not your Apple ID.
Again, I am not a Siri user, but an assitant on hand is always helpful. Alexa might work better but vs Siri there are worlds between. Mycroft (which I will cover soon in an upcoming Privacy Cookbook chapter) would, of course, be way more privacy friendly. You can read more about Siri sent data or what data is being sent to Apple all over the interweb.
Again, I highly recommend not using Siri, but vs Alexa or Google it is surely a better choice when it comes to privacy. Well, shall we say the 'lesser of two evils!'.
Location Services
Location Services privacy controls are a powerful way to manage which apps have access to your location.
Read more in the whitepaper:
https://www.apple.com/privacy/docs/Location_Services_White_Paper_Nov_2019.pdf
Sign in with Apple
Sign in to apps and websites quickly and easily without having your activity tracked or profiled by Apple.
This, for most people, is a gold standard improvement. However, bear in mind that you signed up with Apple, which does mean you are now part of the Apple Garden, but I do recommend doing these kinda signups with AnonAddy, which I covered previously.
Privacy Advocate
However, if you are an Apple user and stay an Apple user you can use that feature as it's built-in. You can read more on how Apple Sign In works in this Apple whitepaper:
https://www.apple.com/privacy/docs/Sign_in_with_Apple_White_Paper_Nov_2019.pdf
App permissions
Once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. You can make changes to the permissions you’ve granted. And iOS 11 or later and iPadOS give you the control to provide your location to any app only while you’re using it. Apple also makes sure that there are certain types of data on your device that apps simply can’t access, and that there is no way for an app to ask for complete access to all your data.
Apple also battles ad trackers. Accordingly, before being tracked you will receive a notification saying:
“X Inc. would like permission to track you across apps and websites owned by other companies. Your data will be used to deliver personalized ads to you.”
Deny, deny, deny!
Approximate location
Share only your approximate location rather than your exact location — perfect for apps like local news or weather.
Additional to Approximate location iOS allows you to share that information once, always or never! There is also a popup every time an app tries to access your location and an indicator which shows you when an app has that permission.
An interesting background read is the Privacy - Features page:
This all sounds great and I will keep an eye on it and report back, I am dedicated to monitoring everything which comes in and out on an Apple device, all traffic, and reporting back.
As a value-add, here is a guide on some privacy tweaks and recommendations for iOS 13, which is still the version that your device would come with, that I published previously:
Privacy Advocate
If you are using an iOS device or planning on getting one, the first thing I would recommend is not using the iCloud, at all costs! You can and must download apps from the Apple Store, but you can sign out afterwards and stay signed out of the iCloud all together.
Alternatively use Nextcloud to sync your contacts and have a cloud in place.
Talking of the Apple Store, if you want to be more private consider using Bitcoin when purchasing from there. https://www.bitrefill.com This way you can use any name, and if you have setup your router on a VPN in another country you can even make it look legit as coming from that country. Apple might lock your IP address but not make it mandatory to be in the location you chose during signup. So even if you do not use a VPN on a router, you can still chose a country that suits you better.
Location
Settings -> Privacy -> Location Services -> System Services and switch everything off, except the last point that says Status Bar Icon.
This will ensure that you see if Apple or anyone else is still using the location services to pinpoint you. Now, jump back one step and switch Location Services Off!
Next, find Advertising (still on the Privacy Screen), chose Limit Ad Tracking, then click Reset Advertising Identifier (and do this every 14 days as it takes around 20-30 days to have you profiled on the ad tracking!).
Now find Calendar on the Settings Page and switch off Location Suggestions.
Find Safari on the Settings Page
Search Engine -> DuckDuckGoSearch Engine Suggestions (Off)
Safari Suggestions (Off)
Block Pop Ups (On)
Downloads -> on my iPad/iPhone
Prevent Cross-Site Tracking (On)
Siri & Search (on the settings page)
Listen for "Hey Siri" -> Off
Press Top Button for Siri -> Off (if you use Siri leave it on)
On this page you can/will see all your apps (chose carefully what Siri should be allowed to use or switch all off)
In General (Settings Page) find Background App Refresh
Chose here what you actually need and improve battery life that way, as a side benefit.
I like NextDNS and it's an easy setup, and you can block Apple and some other services straight 'out of the box'.
This won't block everything, but at least what is most intrusive, on top of which I recommend switching off Bluetooth services! There is no reason not to, except when you actually use Bluetooth, so switch it on only when needed.
Regardless of what you think of Apple, the iOS features coming up sound pretty promising and even as you use a more secure device you will see in forums and Reddit (the irony when you think they popped up with an red and orange indicator) what services are actually accessing your microphone or camera.
Interesting times and an even more pissed off suckaberg!
Eric Volkman
Android, on the other hand, is more Mark's kinda place, the honeypot for stinging ants.
Emma Sims
In conclusion, as you see, even Apple's might attracts stinging ants, the direction they are 'pretending' to go (and I say pretending as Apple is not open-source and we do not know what they do with your data) yet it's not an advertising company and iOS 14 allows the advertising ID to be switched off at all times, meaning Apple would send 0000-0000-0000 as the device ID to advertisers who want to give you ads.
That has already pissed off Facebook and I am sure Google is not dancing around a fire, singing songs, but has their own stinging ants ritual trying to find the 'men among the boys' and react to that fact that things are getting more private and that they need to determine how to react with Android.
Overall this will only be good for the end user. However, all points duly noted, Apple will delay this particularfeature until 2021. What I find personally saddening about this is that they had just enticed me to glimpse at them with a couple of things and then they take away one of the major new features (with a delay), giving Mark and all the other blood sucking parasides time to come up with new ways to continue to make money out of us all.
Nina GoetzenTo be continued, as I am sure iOS 14 will shake things up, it still won't be open-source or FOSS or even remotely as customizable and private as Linux, but it is a step in the right direction and forces Google to react on Android.
Lots to digest here but in my usual indefatigable manner I shall return next week with another update on 'fighting the good fight'!
