I would highly recommend you go through their security compliance documentation before saying its not auditable. The systems are very thorough for auditing.
None of these articles are proof of anything and again you’re just taking their word for it. None of this is apple open sourcing the software for audit and none of these certifications makes them special. This is like saying a Microsoft Surface device passed all of these certifications and checks so it can’t get malware.
It literally describes their entire security process, which is vetted by NIST (a government agency of the United States of America who create standards), NASA (a government agency of the US that focuses on civil space programs, aeronautics research and space research), DISA (a DoD combat support agency that provides IT and communications support to the president, VP, Secretary of Defense, DoD, and any individual or system contributing to the defense of the US), and LANL (one of sixteen research and development laboratories of the DoE who conduct multidisciplinary research in fields such as national security, space exploration, nuclear fusion, renewable energy, medicine nanotechnology, and supercomputing).
Those guys are always looking at Apple’s security. Always.
Its vetted, tested, and hardened based on scientific research by many organizations. Its not just apple whipping this shit up willy nilly.
You are still insisting that these stop apple from writing software to harvest user data. The chips can work and the software can still be flawed or malicious. You seem to think that these certifications make it impossible to write malicious software for this hardware. You fundamentals don’t understand what you’re implying.
With services that are end-to-end encrypted, such as iMessage, the service operator cannot access the data that transits through the system. One of the key reasons such designs can assure privacy is specifically because they prevent the service from performing computations on user data. Since Private Cloud Compute needs to be able to access the data in the user’s request to allow a large foundation model to fulfill it, complete end-to-end encryption is not an option. Instead, the PCC compute node must have technical enforcement for the privacy of user data during processing, and must be incapable of retaining user data after its duty cycle is complete.
We designed Private Cloud Compute to make several guarantees about the way it handles user data:
A user’s device sends data to PCC for the sole, exclusive purpose of fulfilling the user’s inference request. PCC uses that data only to perform the operations requested by the user.
User data stays on the PCC nodes that are processing the request only until the response is returned. PCC deletes the user’s data after fulfilling the request, and no user data is retained in any form after the response is returned.
User data is never available to Apple — even to staff with administrative access to the production service or hardware.
So we are back to Apples promises of privacy and security being meaningless because you can’t verify that any of these claims are valid. The hardware may be secure but that doesn’t mean much in this case.
I never left the topic of Apple’s promises of privacy and security. The article you linked initially is completely about third party apps and their tracking. Using their App Store policies, Apple have steered apps into stating if they track you or not. It doesn’t eliminate tracking. It simply lets the user know how much data will be harvested.
You can see how it shook up a lot of the big harvesters when they were EXTREMELY slow to update their apps following this policy going into affect. Each app had to determine what was being harvested and figure out a way to let the user know. You’ll notice the big apps like any Google apps, Facebook (Meta), IG, etc waited a looooong time before releasing any of that data.
Apple themselves post this data in each and everyone of their apps. You can find it in the app store. Its transparent, and they let you know what they do with it.
There is no secret tracking, if thats what you are implying. The article you linked focuses on third party apps anyways, not Apple’s own apps.
Apple above all has more access than any 3rd party app. You simply have no way of knowing what apple is doing behind the scenes without the source code. You are merely taking their word for it.
I would highly recommend you go through their security compliance documentation before saying its not auditable. The systems are very thorough for auditing.
Start here:
https://support.apple.com/guide/certifications/intro-to-apple-security-assurance-apc3cea61877b/web
Extra reading here:
https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
https://support.apple.com/guide/certifications/ios-and-ipados-security-compliance-project-apcb2892d3b0/web
https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web
https://github.com/usnistgov/macos_security/wiki
https://support.apple.com/guide/certifications/national-regulations-security-certifications-apc37dae516c6/web
https://support.apple.com/guide/certifications/apple-pay-security-certifications-apc3a0db329f/web
https://support.apple.com/guide/certifications/apple-internet-services-security-apc34d2c0468b/web
https://support.apple.com/guide/certifications/apple-app-security-certifications-apc392d0e98c3/web
https://support.apple.com/guide/certifications/visionos-security-certifications-apcf57bea62a/web
https://support.apple.com/guide/certifications/watchos-security-certifications-apc3dc9d68d91/web
https://support.apple.com/guide/certifications/tvos-security-certifications-apc3c0bb26e2b/web
https://support.apple.com/guide/certifications/macos-security-certifications-apc35eb3dc4fa/web
https://support.apple.com/guide/certifications/ipados-security-certifications-apc38ef52880f/web
https://support.apple.com/guide/certifications/ios-security-certifications-apc3fa917cb49/web
https://support.apple.com/guide/certifications/apple-t2-security-chip-certifications-apc3225ccbd21/web
https://support.apple.com/guide/certifications/secure-enclave-processor-security-apc3a7433eb89/web
https://support.apple.com/guide/certifications/common-criteria-cc-certification-status-apc3eff7b4ca/web
https://support.apple.com/guide/certifications/cryptographic-module-validation-status-apc33ea4bd77/web
https://support.apple.com/guide/certifications/about-apple-security-certifications-apc30d0ed034/web
None of these articles are proof of anything and again you’re just taking their word for it. None of this is apple open sourcing the software for audit and none of these certifications makes them special. This is like saying a Microsoft Surface device passed all of these certifications and checks so it can’t get malware.
It literally describes their entire security process, which is vetted by NIST (a government agency of the United States of America who create standards), NASA (a government agency of the US that focuses on civil space programs, aeronautics research and space research), DISA (a DoD combat support agency that provides IT and communications support to the president, VP, Secretary of Defense, DoD, and any individual or system contributing to the defense of the US), and LANL (one of sixteen research and development laboratories of the DoE who conduct multidisciplinary research in fields such as national security, space exploration, nuclear fusion, renewable energy, medicine nanotechnology, and supercomputing).
Those guys are always looking at Apple’s security. Always.
Its vetted, tested, and hardened based on scientific research by many organizations. Its not just apple whipping this shit up willy nilly.
You are still insisting that these stop apple from writing software to harvest user data. The chips can work and the software can still be flawed or malicious. You seem to think that these certifications make it impossible to write malicious software for this hardware. You fundamentals don’t understand what you’re implying.
https://security.apple.com/blog/private-cloud-compute/
What fundamentals am I missing?
https://support.google.com/pixelphone/answer/11062200?hl=en#zippy=%2Cnist-fips----cmvp-cavp
Pixel devices have the same certificates. Does this mean Google can’t harvest my data?
Correct. It will not harvest data until you log into a Google service and agree to their ToS.
So we are back to Apples promises of privacy and security being meaningless because you can’t verify that any of these claims are valid. The hardware may be secure but that doesn’t mean much in this case.
I never left the topic of Apple’s promises of privacy and security. The article you linked initially is completely about third party apps and their tracking. Using their App Store policies, Apple have steered apps into stating if they track you or not. It doesn’t eliminate tracking. It simply lets the user know how much data will be harvested.
You can see how it shook up a lot of the big harvesters when they were EXTREMELY slow to update their apps following this policy going into affect. Each app had to determine what was being harvested and figure out a way to let the user know. You’ll notice the big apps like any Google apps, Facebook (Meta), IG, etc waited a looooong time before releasing any of that data.
Apple themselves post this data in each and everyone of their apps. You can find it in the app store. Its transparent, and they let you know what they do with it.
There is no secret tracking, if thats what you are implying. The article you linked focuses on third party apps anyways, not Apple’s own apps.
Apple above all has more access than any 3rd party app. You simply have no way of knowing what apple is doing behind the scenes without the source code. You are merely taking their word for it.
I’d love to have the source code, yes, but there are literally zero ads on my apple devices until I open the app store.
What data are they harvesting? and again, can you provide a source that they are harvesting data on users?