I see a disconnect here. Let me get out a thesaurus and see if I can put to words what I'm feeling.
In western societies, where the internet originated, this act (a company handing over user data to the government without user consent) is considered absolutely scandalous for more than one reason.
Internet/popular culture there in general has revolved around rebellion, specifically in the form of disagreement and disparagement with their own government.
The government has always been the 'enemy' of the people. In this sentiment are reasons ranging from outright greed to insidious eugenics, and many examples in between.
In their societies, a technology/internet based company that has a user base is/was considered to be a safe haven for voicing this dissent and outrage.
So for a company to collude with the government, cooperate with government — nevermind how/why, there's very little merit to whether it was voluntary (like Ring) or coerced (like Apple) — is unacceptable and shocking to western society.
That is the reason why the headline is worded the way that it is.
Here though, where we pretty much live under an authoritative government cosplaying as a democracy, we just assume none of our data is private and the government has overreaching powers to know anything about everyone and everything. We're a more docile and passive population when it comes to privacy. So for us, the headline isn't shocking at all, in fact it's more of a 'how did anyone not know this?' type reaction.
Some of us might consider the outrageousness of the headline as clickbait, because 'of course Apple will hand over user data to government under legal direction.' While, I'm restating here for emphasis, this is a foreign concept to westerners.
Especially with a company as well known and widely used as Apple. The same Apple that refused to unlock iPhones for their own government. The same Apple that worked against third party vendors that sold exploits. Apple has a history of protecting user data and so the revelation of Apple quietly admitting they've shared notification data of their users is almost unbelievable. The headline is directed at Apple specifically because of Apple's history of noncooperation.
Breaking down the headline:
- Apple did give notification data without informing the user (secretly)
- Apple gave it to governments (how/why is irrelevant)
I don't understand how any of that is clickbait?
Title and how they worded it in a way that blame lies with Apple and Google.
In western societies, the blame
is with Apple and Google more than the government. People there have a different perspective about privacy rights. Maybe I'm old and wizened but the sentiment of the internet for this kind of situation is usually 'Apple should've shut down their entire business before revealing user data' because that is what other companies have done in the past (Lavabit). Nevermind that its entirely unrealistic on Apple's scale. They expect Apple to fight tooth and nail and endure enormous financial penalties before ever complying.
But Apple today does not have the same values as it did ten or fifteen years ago. It's global, it's experienced this kind of invasion of privacy by other governments, it's battered. So when its own government, the US government, asks for US user data, they comply in a way they wouldn't have ten or fifteen years ago. And that is the outrage, people of the internets in west probably knew about Apple cooperating with foreign authoritarian governments but never expected their own data to be shared with their own government.
(edited to acknowledge: Apple does provide guidelines to developers for protecting user privacy — usually in a way that bypasses legislation)
There's often less bananas in the comment section at Ars so I wanted to share some select comments (first one is grouped by replies):
I guess end to end encrypted messaging isn't worth much if you're leaving "show preview" on.
It’s highly likely the server side push has relevant data no matter the local display setting.
Only a timestamp and sender/recipient info, but yeah.
As an iOS developer: You send the absolute minimum in a push notification. Like “there are new messages”. Maybe “There are five new messages”. And that’s what the phone receives. You wouldn’t include any preview.
If you see a preview then it is because the app reacts to the notification and downloads messages.
And Apple didn’t “admit” anything. They were prohibited from releasing any information. But someone in the government has messed up, talked about it, and now apple is free to release this information.
If the message is E2E encrypted then the preview isn't going to be in the push notification because the push side server doesn't have access to it to include it. This isn't about message contents so much as metadata.
It's also going to be about all the stuff we do that isn't E2EE - dating apps, exercise apps and god knows what else all use push notifications that could leak private data.
It's entirely up to the app. The system I work on makes use of push notifications - in our case, we only pass a reference ID in the notification, there's nothing useful in it if it were intercepted by a third party. The app uses that to look up the data it needs and creates the notification contents itself.
But you could just include contents in your notification too. It's a general concept, not a rigid format that all apps must conform to.
And a heavily downvoted comment putting to words the sentiment I described above:
JFC, Apple! I switched to you after Microsoft and Google decided to go all-in on their ad-tracking privacy invading monetizing plans, and were taking increasingly user hostile steps to default ownership of your device, you paid for, to them. I was even evangelizing Apple to friends and family as the last bastion of (nominal) control over your device, and (decent) privacy. What happed to the Apple who flipped the bird to the NSA and FBI when they demanded a backdoor into a terrorist's iPhone? I realize Google is listed in this story too --- but I already didn't trust them. Apple being listed as one of the culprits in this, even if it was a FISA order, is a gut blow.
I don't want to live on this planet anymore
arstechnica.com
. I also went through reddit threads and it was mostly about how Government is finding ways to invade privacy, how to get better at masking data, how nothing is secure if Government decides to sneak in.
