Apple pollutes data about you to protect your privacy. But it might not be enough

People do care about privacy... don't they?

Comment At its WWDC developer event last week, Apple strongly emphasised the difference between data harvesters such as Google and Facebook, and its own privacy practices. It isn’t a new line, as Apple hasn’t been on reliant on digital advertising as these consumer data processing giants.

But with Microsoft joining Google and Facebook in maximising the personal data it extracts from you, Apple is now the only major platform left that makes privacy a USP.

Everyone else has leapt over the creepy line, to engage in what one critic calls “surveillance capitalism”.

Last year, researchers at MIT showed that only four receipts containing location information, each revealing a purchase, were required to re-identify an individual, with the researchers enjoying a rate of 90 per cent accuracy. The significance of this work was that both hitherto “anonymous” data, and supposedly anonymised metadata, were a means of “re-identifying” you.

The privacy assumptions of anonymity now had to be rethought, because if there’s enough “anonymous data”, anonymity ceases to exist. Modern data protection legislation which assumes that metadata is anonymous would need to be rewritten.

Why mention this now? Two reasons.

Last week, Facebook announced that store visits data would be added to the data trove that Facebook shares with advertisers. Your “anonymous” location information would be combined with your “anonymised” Facebook ID. But we now know anonymity doesn’t really exist. Google has been sharing this information with advertisers for some time: it’s one of the reasons Google invests so heavily in Android and wearables*: they’re voluntary electronic tags.

The second reason this is topical is buried in conclusions of the MIT study, and was little-noticed at the time. Because your identity can be inferred from “anonymous” data, the researchers recommended further work to explore “differential privacy”, which is cryptography’s umbrella term for trying to ensure anonymous data remains anonymous. There are several differential privacy approaches which involve injecting duff information into the dataset. Here’s a researcher’s overview (pdf)

Well, last week Apple announced that’s just what it would do. It would introduce differential privacy techniques. Apple would collect lots of data but not create IDs, said VP of software engineering Craig Federighi.

“Differential privacy is a research topic in the areas of statistics and data analytics that uses hashing, subsampling and noise injection to enable crowdsourced learning while keeping the data of individual users completely private. Apple has been doing some super-important work in this area to enable differential privacy to be deployed at scale,” he said.

Apple can afford not to engage in “surveillance capitalism” because it makes almost all of its money from high margin consumer electronics hardware. Android phones running Google’s data collection services are cheaper and better value, because people don’t care about privacy, or have made the calculated trade-off that their privacy is worth the difference between the Android phones’ margin, and Apple’s margin.

At least there’s now a choice. So if enough people care about their privacy, Apple could begin shift the market – or, at least, the part of the market Apple competes in. Apple doesn’t compete in the high volume budget market, or the burgeoning mid-market, where there’s really no viable alternative to Android.

I’m keen to hear whether you think it can.


To privacy advocates who continue to use Google Services, or carry a generic uncloaked Android: should we do as you say, or do as you do?

Biting the hand that feeds IT © 1998–2019