Apple’s Privacy Officer Jane Horvath Uses CES Appearance to Defend Company Stance on Encryption and Software Backdoors

Apple's chief privacy officer attended a discussion panel at the Consumer Electronics Show in Las Vegas on Tuesday to debate the state of consumer privacy, marking the first time in 28 years that Apple has been at CES in an official capacity.

Apple's privacy officer at CES 2020 panel (Image: Parker Ortolani)

Jane Horvath, Apple's senior director for global privacy, joined an all-female panel consisting of representatives from Facebook, Procter & Gamble and the Federal Trade Commission. During the discussion, Horvath defended Apple's use of encryption to protect customer data on mobile devices.
"Our phones are relatively small and they get lost and stolen," Horvath said. "If we're going to be able to rely on our health data and finance data on our devices, we need to make sure that if you misplace that device, you're not losing your sensitive data."
Apple has held a consistent position regarding its use of encryption, even if that means it has limited ability to help law enforcement access data on devices involved in criminal investigations.

Just this week, the FBI asked Apple to help unlock two iPhones that investigators believe were owned by Mohammed Saeed Alshamrani, who carried out a mass shooting at a Naval Air Station in Florida last month. Apple said that it had already given the FBI all of the data in its possession.

Apple's response suggests it will maintain the same stance it took in 2016, when the FBI demanded that Apple provide a so-called "backdoor" into iPhones, following the December 2015 shooter incidents in San Bernardino. Apple refused, and the FBI eventually backed down after it found an alternate way to access the data on the iPhone.

Horvath took the same tack by saying that Apple has a team working around the clock to respond to requests from law enforcement, but that building backdoors into software to give law enforcement access to private data is something she doesn't support.
"Building backdoors into encryption is not the way we are going to solve those issues," Horvath said.
Horvath went on to talk up Apple's "privacy by design" technologies like differential privacy, user randomization in native apps and services, the on-device facial recognition in the Photos app, and minimal data retrieval for Siri. Horvath also confirmed that Apple scans for child sexual abuse content uploaded to iCloud. "We are utilizing some technologies to help screen for child sexual abuse material," she said.

Horvath became Apple's chief privacy officer in September 2011. Prior to her work at Apple, Horvath was global privacy counsel at Google and chief privacy counsel at the Department of Justice.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Apple's Privacy Officer Jane Horvath Uses CES Appearance to Defend Company Stance on Encryption and Software Backdoors" first appeared on MacRumors.com

Discuss this article in our forums

NYT Investigation Reveals How Easily Smartphone Location Data Can Be Used to Identify and Track Individuals

The New York Times today claimed that it has obtained a file with the precise location of over 12 million smartphones over a period of several months in 2016 and 2017. While this data is technically anonymized, the report details how easy it is to associate specific data points with specific individuals.


With the help of publicly available information, like home addresses, The New York Times said it easily identified and then tracked military officials, law enforcement officers, lawyers, tech employees, and others:
In one case, we observed a change in the regular movements of a Microsoft engineer. He made a visit one Tuesday afternoon to the main Seattle campus of a Microsoft competitor, Amazon. The following month, he started a new job at Amazon. It took minutes to identify him as Ben Broili, a manager now for Amazon Prime Air, a drone delivery service.
The report explains that location data is collected from third-party smartphone apps that have integrated SDKs from location data companies like Gimbal, NinthDecimal, Reveal Mobile, Skyhook, PlaceIQ, and others, adding that it is currently legal to collect and sell all this information in the United States.

Apple continues to take steps to protect the privacy of its users. In iOS 13, for example, there is no more "always allow" option when third-party apps request to access your location. If a user wants to grant an app continuous access to location data, they must do so in Settings > Privacy > Location Services.

Apple also requires that apps provide users with a detailed explanation as to how location data is being used when prompted.

iPhone users who are concerned about their privacy can better protect themselves by navigating to Settings > Privacy > Location Services and disabling access to location data for unessential apps, or choosing the "while using the app" option at a minimum. We also recommend reviewing the privacy policies of apps.

A spokesperson said Apple had no comment on The New York Times report when contacted by MacRumors.


This article, "NYT Investigation Reveals How Easily Smartphone Location Data Can Be Used to Identify and Track Individuals" first appeared on MacRumors.com

Discuss this article in our forums

DuckDuckGo’s Safari Privacy Browser Extension Now Available for macOS Catalina

Privacy oriented search engine DuckDuckGo today released an updated version of its browser extension for desktop Safari users running macOS Catalina.


The launch comes after DuckDuckGo Privacy Essentials had to be removed from the Safari extensions gallery following major changes introduced in Safari 12 that made the extension incompatible. From the DuckDuckGo website:
As you may be aware, major structural changes in Safari 12 meant that we had to remove DuckDuckGo Privacy Essentials from the Safari extensions gallery. With Safari 13, new functionality was thankfully added that enabled us to put it back. Consequently, you'll need Safari 13+ on macOS 10.15 (Catalina) or newer to install the updated version.
DuckDuckGo Privacy Essentials blocks hidden third-party trackers on websites and features a Privacy Dashboard, which generates a Privacy Grade rating (A-F) information card whenever a user visits a site. The rating aims to let them see at a glance how protected they are, while providing additional options to dig deeper into the details of blocked tracking attempts.

While the extension doesn't include private search, DuckDuckGo Search is built into Safari as a default search option, and they work together to help users search and browse privately.

DuckDuckGo Privacy Essentials is only available for desktop browsers, however DuckDuckGo Privacy Browser is available for iOS and uses the same privacy protection technology.


This article, "DuckDuckGo's Safari Privacy Browser Extension Now Available for macOS Catalina" first appeared on MacRumors.com

Discuss this article in our forums

Apple’s Revamped Privacy Site Highlights ‘Everyday Apps, Designed for Your Privacy’

Apple today announced an update to its privacy website that touches on various new privacy benefits found in iOS 13, iPadOS 13, watchOS 6, and more. Apple's updated website includes white papers on how the company approaches privacy in Safari, Sign in with Apple, Location Services, and Photos, providing visitors with a deeper insight into the company's privacy mission.


The website reinforces Apple's four core privacy principles: minimizing the data collected from users, processing the data on the device when possible, transparency when collecting data and how it's used, and strong device encryption. You can visit the website for yourself at Apple.com/privacy, which is now highlighting iOS apps like Maps, ‌Photos‌, and Messages, and how they each enhance iPhone users' privacy.

According to Apple, there are multiple recent privacy and security innovations that it has accomplished with its latest software updates:
  • Contacts: Any notes stored in the notes section of the Contacts app will not be shared with third party applications when they are granted access to the Contacts app.
  • Find My: Apple uses end-to-end encryption to communicate with other Apple devices nearby in order to find lost iPhones and Macs, ensuring that it doesn't know the location of the device or the identity of the device that discovered it.
  • Arcade: No advertising or third-party tracking is ever permitted.
  • Background tracking notifications: iPhone owners now get notifications when apps are using their location in the background, providing them with a chance to turn this feature off.
You can click on different tabs on the website to view the new white papers for services like Safari, Face ID, Location Services, and more. While the website itself remains a straightforward look at how Apple handles user data, each white paper offers a more nuanced dive into specific programs and services at Apple, and how the company is aiming to enhance privacy with every new update.

The site also includes a tab for its transparency reports, showcasing how Apple is committed to being transparent about responding to government requests for user data around the world. Here you can scroll through each region to see how often Apple has shared user data with the local government, beginning as far back as 2013 and stretching to 2018.

Tag: privacy

This article, "Apple's Revamped Privacy Site Highlights 'Everyday Apps, Designed for Your Privacy'" first appeared on MacRumors.com

Discuss this article in our forums

How to Delete Siri Audio History and Opt Out of Siri Audio Sharing on HomePod

This article explains how to delete your Siri audio interaction history and opt out of sharing audio recordings with Apple on iPhone, iPad, and iPod touch.

Earlier this year, it was discovered that Apple hired contractors to listen to a small percentage of anonymized ‌Siri‌ recordings to evaluate the virtual assistant's responses with the purpose of improving accuracy and reliability.

The Guardian revealed that Apple employees working on ‌Siri‌ often heard confidential details while listening to the audio recordings. Apple was subsequently criticized for not making it clear to customers that some of their ‌Siri‌ recordings were being used to improve the service.

Soon after the report, Apple suspended its ‌Siri‌ grading practices and promised users that it would introduce tools in a forthcoming update that would allow them to opt out of sharing their audio recordings.

With the release of iOS 13.2 in October, those new tools arrived on iPhone and ‌iPad‌, allowing users to delete their ‌Siri‌ and Dictation history and opt out of sharing audio recordings. With the release of the 13.2.1 software update for HomePod, the same tools are also available for Apple's smart speaker.

It's important to note that ‌HomePod‌'s ‌Siri‌ settings are independent from your iOS device's ‌Siri‌ settings, so if you want to opt out of ‌Siri‌ Audio Sharing and delete your ‌Siri‌ audio history completely, you'll have to disable them separately.

The following steps show you how to access these settings on ‌HomePod‌. To learn how to disable them on iPhone, ‌iPad‌, and ‌iPod touch‌, click here.

How to Opt Out of ‌Siri‌ Audio Sharing on ‌HomePod‌


  1. Launch the Home app on your iPhone, ‌iPad‌, or ‌iPod touch‌.

  2. Press and hold the ‌HomePod‌ button in your Favorite Accessories. If it's not in your Favorites, tap the Rooms icon at the bottom of the screen and select the Room where your ‌HomePod‌ is located using the room selector in the top-left corner of the screen.
    home
  3. Tap the cog icon in the bottom-right corner of the ‌HomePod‌ card to take you to the device's settings.

  4. Tap Analytics & Improvements.

  5. If you don't want to let Apple review your recordings, toggle off the switch next to Improve ‌Siri‌ & Dictation.
    home
Note that you can tap the link under the toggle for more information relating to Apple's ‌Siri‌ analytics policy.

How to Delete Your ‌Siri‌ Audio History on ‌HomePod‌


  1. Launch the Home app on your iPhone, ‌iPad‌, or ‌iPod touch‌.

  2. Press and hold the ‌HomePod‌ button in your Favorite Accessories. If it's not in your Favorites, tap the Rooms icon at the bottom of the screen and select the Room where your ‌HomePod‌ is located using the room selector in the top-left corner of the screen.
    home
  3. Tap the cog icon in the bottom-right corner of the ‌HomePod‌ card to take you to the device's settings.

  4. Tap ‌Siri‌ History.
    home
  5. Tap Delete ‌Siri‌ History.
Apple will inform you that your request was received and that your ‌Siri‌ and dictation history will be deleted. That's all there is to it.

In addition to these new ‌Siri‌ and Dictation-related privacy features, Apple also says it is making further changes to its human grading process that will minimize the amount of data that reviewers have access to.

Related Roundup: HomePod
Tags: Siri, privacy
Buyer's Guide: HomePod (Neutral)

This article, "How to Delete Siri Audio History and Opt Out of Siri Audio Sharing on HomePod" first appeared on MacRumors.com

Discuss this article in our forums

U.K. Court Reinstates Lawsuit Accusing Google of Bypassing Safari’s Privacy Settings to Track iPhone Users

An appeals court in London has reinstated a lawsuit filed against Google that accuses the company of unlawfully gathering personal information by circumventing the iPhone's default privacy settings, according to Bloomberg.


The collective action, equivalent to a class action lawsuit in the United States, alleged that Google illegally tracked and gathered the personal data of over four million iPhone users in the U.K. between 2011 and 2012. The case was first brought in November 2017 and had been dismissed in October 2018.

"This case, quite properly if the allegations are proved, seeks to call Google to account for its allegedly wholesale and deliberate misuse of personal data without consent, undertaken with a view to a commercial profit," wrote Judge Geoffrey Vos in a ruling today, per the report.

A similar lawsuit was filed in the United States in 2012, when Google was discovered to be circumventing privacy protections in Safari on iOS in order to track users through ads on numerous popular websites.

Specifically, Google took advantage of a Safari loophole that made the browser think that the user was interacting with a given ad, thus allowing a tracking cookie to be installed. With that cookie installed, it became easy for Google to add additional cookies and to track users across the web.

At the time, Safari blocked several types of tracking, but made an exception for websites where a person interacted in some way — by filling out a form, for example. Google added code to some of its ads that made Safari think that a person was submitting an invisible form to Google, thus creating a temporary cookie.

Google stopped this practice after it was reported by The Wall Street Journal, and refuted many details of the report, while Apple closed the loophole in a Safari update shortly after. Google also paid a then-record $22.5 million fine to the Federal Trade Commission over its practices back in 2012.

"Protecting the privacy and security of our users has always been our No. 1 priority," a Google spokeswoman told Bloomberg. "This case relates to events that took place nearly a decade ago and that we addressed at the time."


This article, "U.K. Court Reinstates Lawsuit Accusing Google of Bypassing Safari's Privacy Settings to Track iPhone Users" first appeared on MacRumors.com

Discuss this article in our forums

How to Use Firefox Private Network to Encrypt Your Web Traffic

Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away.

Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers.

In that respect, it won't protect any internet traffic outside of your web browser, but it's a good option if you want to use an encrypted connection on the fly when you're using Firefox on a public Wi-Fi network, for example.


As a time-limited beta, the Firefox Private Network is currently free to try, although this does suggest it may become a paid service in the future. You also need to be a U.S. resident logged into your Firefox account using Firefox desktop browser.

If you can fulfill those pre-requisites, you can install the private network by navigating to this page, clicking the blue + Add to Firefox button, then granting permission for the network to be added to the browser.


Click the door hanger icon that appears at the top-right corner of the toolbar, and you'll see a switch that you can use to toggle the VPN on and off. A green tick in the icon indicates the secure network is active and your browsing activity is being encrypted.

Opera browser offers a similar free VPN service that cloaks your web browsing, but with the added benefit that it lets you choose the continent that you want your connection to reside. So if you're looking to access a location-restricted service (Netflix, say) from abroad, you might have better luck using it instead.


This article, "How to Use Firefox Private Network to Encrypt Your Web Traffic" first appeared on MacRumors.com

Discuss this article in our forums

Apple WebKit Team Publishes Website Tracking Prevention Policy

Apple's WebKit team has published a "WebKit Tracking Prevention Policy" that details a range of anti-tracking measures it has developed and the types of tracking practices it believes are harmful to users.


Inspired by Mozilla's anti-tracking policy, the document posted to the WebKit blog provides an insight into the anti-tracking features built into Apple's Safari browser that the team hopes to see in all browsers one day.
This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them.
Apple introduced Intelligent Tracking Prevention in iOS 11 and in Safari 11 in macOS High Sierra 10.13 and has been working to develop ITP ever since. For example, in February Apple released iOS 12.2 and Safari 12.1 for macOS, both of which included ITP 2.1 featuring enhancements that block cross-site tracking.

The new WebKit policy highlights Apple's continuing efforts to target all forms of cross-site tracking behavior, even if it's in plain view.
WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.

If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.
In addition to cross-site tracking, the document outlines several other tracking practices it deems harmful to users, and says WebKit will treat circumvention of its anti-tracking measures "with the same seriousness as exploitation of security vulnerabilities."
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
For more on tracking definitions, the unintended impact of anti-tracking measures, and exceptions to the rules, check out the full WebKit Tracking Prevention Policy on the WebKit blog.


This article, "Apple WebKit Team Publishes Website Tracking Prevention Policy" first appeared on MacRumors.com

Discuss this article in our forums

Apple Takes iPhone Privacy Marketing Campaign to Germany

Apple started underlining its privacy stance earlier this year with a billboard marketing campaign that began in Las Vegas and later came to Canada, and this week the company has extended it to Europe.


Brought to our attention by Macerkopf.de, the new billboards in both Hamberg and Berlin play on their location, while emphasizing how much importance Apple attaches to user privacy and data protection.

Draped across the Port of Hamburg is a long banner-style poster with a picture of an iPhone and an accompanying slogan which translates into English as "The gate to the world. Not to your information."


Elsewhere in Hamberg, an iPhone billboard on the side of a property reads, "Betrays as little about Hamburgers as Hamburger."

Meanwhile, in Berlin, a tower block billboard with the same recognizable iPhone image runs with the phrase, "Welcome to the safe sector."


All of the posters in Germany round out with the slogan, "Privacy. This is iPhone."

Apple's Las Vegas billboard, which was put up ahead of CES 2019, played on the well-known tourism saying: "What happens in Vegas, stays in Vegas." The sign read, "What happens on your iPhone, stays on your iPhone."


Apple has also made privacy-focused iPhone ads that have been aired on various TV markets around the world. The embedded video above is Apple's German privacy ad.

Apple has long said it believes privacy is a "fundamental human right," and as part of that, it aims to minimize its collection of customer data and disassociate it from an individual user when it does. The tech company also has a dedicated privacy website.


This article, "Apple Takes iPhone Privacy Marketing Campaign to Germany" first appeared on MacRumors.com

Discuss this article in our forums

How to Restrict an App’s Location Access in iOS 13

Apple has doubled down on its privacy features in iOS 13, giving iPhone and iPad users a more granular view of how apps access their location information.

On Apple devices, the location services that apps can tap into use GPS, Bluetooth, and crowd-sourced Wi-Fi hotspot and cellular mast locations to determine your approximate location. The good news is that iOS 13 makes you more aware of how often apps are tracking you, as well as their motivation for doing so, and importantly it makes sure you're in control of your data.

If an app grabs your location data, iOS may display a popup notification showing you a map with the data that the app has tracked, as well as the specific reason why the app is tracking you, along with the question "Do you want to continue allowing this?"

Armed with this information, you'll usually be given three options: Allow While Using App, Allow Once, and Don't Allow. The first option limits the app's access to your location data to when the app is actively being used, the second allows it to track your location just this once, while the third disables location tracking completely.


You can expect to see the "Just Once" option appear when you first launch a just-installed app. Otherwise, you can check out how apps on your device are using location services anytime you like by opening the Settings app and tapping through to Privacy -> Location Services.


From here, you can change each app's permissions (Never / Ask Next Time /While Using the App / Always) and you'll also learn the reason why an app wants to access your location, allowing you to enable or disable location services on an ad-hoc basis.

The options you choose will depend on the app in question – some apps may have just cause to track your whereabouts in the background, while others may not. The point is Apple wants you to be in control of this behavior, so you can expect similar periodic notifications about what an app is up to with your location information.

Related Roundups: iOS 13, iPadOS
Tag: privacy

This article, "How to Restrict an App's Location Access in iOS 13" first appeared on MacRumors.com

Discuss this article in our forums