When Apple previewed the upcoming iOS 12 and MacOS Mojave at this week’s WWDC keynote, the killer new features that got both developers and users most excited were the ones you’d would expect: the visually stunning Dark Mode on MacOS, the insanely customizable Memojis on iOS, FaceTime group-calling features on both platforms, massive improvements to Siri, and Apple’s all-new Screen Time digital health tracking tools.
All those features deserved the applause they got from the crowd. But it was other updates–definitely less sexy and headline-grabbing–that set Apple apart from other technology giants. I’m talking about the new privacy features built into both iOS 12 and MacOS Mojave that make it so much harder for other parties to get at your personal information.
“We believe your private data should remain private,” declared Apple software senior VP Craig Federighi on stage when announcing some of the new privacy features coming to the company’s flagship platforms. “Not because you’ve done something wrong or have something to hide, but because there can be a lot of sensitive data on your devices and we think you should be in control of who sees it.”
Federighi’s statement may be noble—privacy advocates would certainly argue it’s the correct stance—but it also makes good business sense in this post-Facebook/Cambridge Analytica age. As we become more keenly aware of how our data is being accessed and manipulated, often without our knowledge, a technology company that emphasizes features that protect a user’s privacy stands out like a flower among the weeds. It’s a reason to considering buying devices from Apple instead of someone else.
But while end users and privacy advocates will likely cheer Apple’s new privacy features, others will be decidedly less excited about them, including . . .
Facebook and Google
It’s often said of Facebook and Google that you, the user, are their product. The saying originates in their primary business model–obtaining as much information as they can about you, so advertisers can target you with relevant ads.
Both of these tech giants gather some of their information about you from things you actively provide to them, like geotagged photos, messages and emails, and profile information. But Facebook, Google, and other tech companies can also assemble huge troves of data about you–what you like, what you read, the trips you are thinking of taking–by following you around the web.
They do this in a few ways, the first by using tracking cookies that follow you to other sites you visit. That’s why reading an online review of a Samsung TV can lead to you suddenly seeing ads for that same TV on every site you go to. Last year, Apple counteracted this by introducing intelligent tracking prevention in Safari on iOS and MacOS that reduced the ability of companies like Facebook and Google to track you across websites using cookies.
But that wasn’t the only way the two tech giants track you. They can also track where you go from web page to web page if those pages have Like and Share buttons on them–or even just comment fields. It doesn’t even matter if you interact with these buttons and comments or not.
And while neither Facebook nor Google has commented on these new privacy features, you can bet they aren’t happy about them, considering that there are over a billion iOS devices in use.
Advertisers and data companies
It’s not just the social media and search giants that use sneaky techniques to follow you around the web. Virtually every other online ad and data company uses another intrusive method known as fingerprinting.
Fingerprinting allows advertisers and data companies to identify you by identifying a unique set of characteristics of the device you are using, such as your 32GB iPhone 6s Plus or your 13-inch MacBook Pro with a 512GB SSD. These unique identifying characteristics include your device’s configuration (processor, RAM, display size and resolution, keyboard language, and much more), its installed fonts, and any plugins you have on the device. Data companies and advertisers use this set of unique characteristics to assign you a unique “fingerprint,” or ID tag, to track you and your device from site to site.
They may not know your name, but they know who you are. Until iOS 12 and macOS Mojave, that is.
Apple is fighting fingerprinting in macOS Mojave and iOS 12 by obfuscating your unique fingerprint. Advertisers and websites will only see a simplified system configuration of the device you are using and only other generic traits, such as the built-in fonts the device has.
What this all means is your Mac now looks like everyone else’s Mac–so advertisers and data companies can no longer individually identify your device as you move around the web. It’s as if every person on earth had roughly same set of actual biological fingerprints.
Nation-states, law enforcement, and bad actors
Now we come to the last group of people Apple has pissed off with its improved privacy and security measures: countries, cops, and crooks. Some background: Earlier this year, word began to spread about a device called GrayKey, created by a company named Grayshift. When a locked iPhone is plugged into the GrayKey box, the device can crack its passcode, even bypassing a security feature that wipes the iPhone when 10 incorrect passcodes are entered. The device competes with offerings from Israel’s Cellebrite.
Both Grayshift and Cellebrite cater to law-enforcement agencies. The use of such equipment is controversial, and Apple has taken a hard-line stance on scenarios involving cracking its security: In 2016, it refused to help the FBI break into an iPhone used by the San Bernardino shooter. Then there’s the potential for this sort of technology to fall into the hands of rogue nation-states or criminals.
Which is why, in iOS 12, Apple has implemented a “Disable USB Access” access feature that blocks the ability for the iPhone to transfer data to a USB device, like the GrayKey, if the correct passcode hasn’t been entered on the device in the last 60 minutes. That timeframe is way too short for the GrayKey to work its security-defeating magic. In other words, Apple is bricking the GrayKey and other devices like it. That’s bad news for Grayshift and the organizations that have shelled out up to $30,000 for its box. (Cellebrite reportedly charges even more for its unlocking technology.)
Again, whether this is a good thing or bad thing depends on your point of view. As for Apple’s perspective, it couldn’t be clearer. As Tim Cook recently told CNN: “To me, and we feel this very deeply, we think privacy is a fundamental human right. So that is the angle that we look at it. Privacy from an American point of view is one of these key civil liberties that define what it is to be American.”
With iOS 12 and MacOS Mojave, Apple will show it means what Cook said, in the most meaningful way possible.