Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Apple Your Rights Online

Apple Hits Back at European Activist Complaints Against Tracking Tool (reuters.com) 29

An Austrian privacy advocacy group drew a strongly critical response from Apple on Monday after it said an online tracking tool used in its devices breached European law. From a report: The group, led by campaigner Max Schrems, filed complaints with data protection watchdogs in Germany and Spain alleging that the tracking tool illegally enabled the $2 trillion U.S. tech giant to store users' data without their consent. Apple directly rebutted the claims filed by Noyb, the digital rights group founded by Schrems, saying they were "factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint." Schrems is a prominent figure in Europe's digital rights movement that has resisted intrusive data-gathering by Silicon Valley's tech platforms. He has fought two cases against Facebook, winning landmark judgments that forced the social network to change how it handles user data. Noyb's complaints were brought against Apple's use of a tracking code, known as the Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.
This discussion has been archived. No new comments can be posted.

Apple Hits Back at European Activist Complaints Against Tracking Tool

Comments Filter:
  • And not every time the app was run. They only need to check when the apps hash changes. They do it more frequently for a reason. That isnâ(TM)t the worst issue. The worst issue is this circumvents OS VPNs
    • by Entrope ( 68843 ) on Tuesday November 17, 2020 @11:09AM (#60734466) Homepage

      This article is about the IDFA, not about app checking at launch.

      Yes, a computer could validate a developer's certificate one time, but certificate revocation lists exist for a reason. Apple certainly overdid it by checking each time an app is launched, but it's not clear what is the best frequency to check CRLs. (I would argue "what the user picks", but Apple's philosophy mostly opposes that kind of control by users. They're holding it wrong!)

      • by dgatwood ( 11270 )

        There's certainly a time factor, though. If it hasn't been revoked within... let's say a month after the app was signed (as validated with a timestamping service), it almost certainly won't ever be, or at least not in a way that would affect whether that particular app should be trusted.

        More to the point, if it is revoked after that time, it is more likely to be a malicious revocation (e.g. a company trying to force upgrading, or hackers trying to screw over a company they don't like, or a malevolent gover

        • Something akin to this, but again... Signing the software tells you who wrote it. It does not tell you that it is non-malicious. The idea being you can go after (legally) the developer for damages as well as never trust them again. There is a false sense of security that comes with signed software. Hopefully if you get it from a moderated source (App Store?) then someone else has done this for you, otherwise security researchers analyse it as well. The first run is to validate the certificate is still trust
          • by dgatwood ( 11270 )

            Of course, there's a separate mechanism for Gatekeeper blocking the launch of apps that are known to be malicious. That's entirely separate from the OCSP checks of the app's signature, which probably only need to be done on first launch, but certainly not every launch forever and ever.

  • Scooby-Doo (Score:4, Funny)

    by ytene ( 4376651 ) on Tuesday November 17, 2020 @10:53AM (#60734410)
    And they would have gotten away with it, too, if it wasn't for you pesky kids!
  • Hash is literally the most important data when I need to lookup what exploit works against your exact version.

    Guessing means failed attempts and the target knowing that something is up. Getting the hash and using one *exact* working exploit that silently succeeds is far more deadly.

    Also would identify who has created any software deemed "bad". The hash of it's creator running it during development and before release would show who needs beaten or disappeared.

    Has anyone figured out how to spam the service w

  • You pay top dollar and what do you get? A device people can track you with. It just works!
    • by jellomizer ( 103300 ) on Tuesday November 17, 2020 @11:43AM (#60734630)

      I have recently moved from an iPhone to an Android Phone (a Samsung)
      Sense I switched over, I am getting so many more targeted ads than I did with my Apple device, and the Apps that I got even the ones with Ads seem less intrusive and never had it lock up my App.

      I am not saying Apple is innocent. However they seem to be a much better custodian to the data they collect vs what Google does.

      • by vyvepe ( 809573 )
        Get a web browser with an adblocker a and get a firewall for your phone.
        • by guruevi ( 827432 )

          Google can avoid all those things. Get a phone with an OS that isn't built by a company whose sole purpose is tracking and advertising.

      • by Misagon ( 1135 ) on Tuesday November 17, 2020 @01:38PM (#60735070)

        Ad-targeting is part of Google's Android ... because Google is an ad-company. You can disable targeted ads from Google in the settings: Settings -> Google -> Ads -> Ads -> "Opt out of Ads Personalization".

        That's just one tracker though. Lots of other apps do it in other ways for ads in those apps, and those won't be disabled this way.

    • You'll be amazed how easy it is for governments to track those!

  • Not the OCSP check (Score:5, Informative)

    by EvilSS ( 557649 ) on Tuesday November 17, 2020 @12:15PM (#60734748)
    The complaint is about the IDFA, not the OCSP checks in the news this week.

    Noyb’s complaints were brought against Apple’s use of a tracking code, known as the Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.

    Man, I'd hate to be Google if this makes any headway.

  • The EU has made it quite clear it's able and willing to enforce its citizens' right to privacy.

    If only the so-called land of the free would show the same teeth, these parasitic tech companies would be forced to start treating user data with the respect it deserves. I'm hopeful that the incoming administration will make some strong moves in this direction, but not holding my breath.
    • The EU has made it quite clear it's able and willing to enforce its citizens' right to privacy. If only the so-called land of the free would show the same teeth, these parasitic tech companies would be forced to start treating user data with the respect it deserves. I'm hopeful that the incoming administration will make some strong moves in this direction, but not holding my breath.

      That European article is a simple case of "Open mouth. Insert foot."

      In other words, they jumped to a conclusion before thoroughly checking out what was going on...mm-kay

    • If only the so-called land of the free would show the same teeth, these parasitic tech companies would be forced to start treating user data with the respect it deserves.

      Yeah but land of the free means “free to steal user’s data so long as you bury a clause somewhere in an adhesion contract”.

      They had to abbreviated it for the national anthem.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...