Apple’s new privacy pages are easier to read and look way better

Illustration by Alex Castro / The Verge
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Today, Apple refreshed apple.com/privacy, its webpages that explain what the company does to protect your privacy. They’re much easier to read, letting you skim through a list of individual Apple apps to see what each one does to protect your personal data.

Previously, if you looked at that URL, you’d find Apple’s generic statement about how it protected your personal information, followed by a bunch of info in a confusing order, with a hard-to-read two-column layout on any but the skinniest of window sizes. Apple’s new pages still lead with a generic statement about privacy, but it’s now much easier to understand what each app does to protect your privacy on an app-by-app basis.

Here are some screenshots of what the new privacy pages look like:

It doesn’t seem as though Apple made any policy changes on the new pages. Instead, this refresh does a good job of organizing information Apple has shared in the past into one place (including the privacy protections it added to iOS 13 and macOS Catalina). I was happy to see that Apple included clear information about its policies on listening to Siri recordings (and how you can delete that information), but I was disappointed that the company didn’t say anything new to clear up the recent controversy about how Safari checks URLs against blacklists from companies like Google and Tencent.

The new pages feel similar to Google’s Nest privacy page in breaking down information in a well-organized, visual format, though Google’s tone makes its pages read more like a list of commitments than Apple’s matter-of-fact style. Amazon also has a privacy page for Alexa and Echo devices with information on privacy features and settings as well as answers to common questions.

Even if there isn’t much new with Apple’s refreshed pages, they’re still a helpful way to see everything the company is doing for user privacy. And it makes sense that the company is so adamant about presenting the information well since it wants to be the only tech company you trust.

Update, November 6th, 1:43PM ET: Added a link to a different Amazon privacy page.

Comments

Greatest marketing team on earth. They’re full of shit, but man do they know how to cast a spell… true witchcraft, I tell ya.

But hey, when you support oppressive authoritarian governments and trample on fighting for freedom and democracy, who cares as long as the marketing collateral is really cool.

Can you give me an example of a tech company who is doing a better job in this regards?

Someone appears to be projecting…..

Quite honestly I don’t care about the HK incident because the folks over there have allowed themselves to get into this situation in the first place. They should have been protesting and should have been doing everything they can do to create a change in the government.

Apple’s has no part in that and your response is just another attempt at a strawman.

Woah, highly uninformed and ignorant opinion alert.

Quite honestly I don’t care about the HK incident because the folks over there have allowed themselves to get into this situation in the first place.

1. Lack of empathy, check.
2. Zero understanding of the socioeconomic, cultural, and historic factors at play, check.

They should have been protesting and should have been doing everything they can do to create a change in the government.

3. Head buried in the sand, check. This one is a doozy, since it really exposes how little you know about all the protests, efforts, and discussions that have taken place before this year. But of course, if it didn’t reach meme-level worthy attention, it didn’t happen.

While Apple has no part in that, they’ve been dragging in between. And when you’ve been dragged in between, you have no choice but to make a decision and take some action (whether it’s to do nothing or something, that still counts), which in turns mean you’re participating. So….
4. Zero understanding of how this world works. Check.

Please educate yourself before you say Hong Kong has gotten themselves in this situation and should’ve been protesting all along. As someone who grew up in Hong Kong, the protests started since I was a middle schooler and we were taking the streets to change the government. I hope you can get a better idea of what’s been happening in HK and find the heart to care because any kind of support would be appreciated by my fellow Hong Kongers fighting for their freedom everyday.

They should have been protesting and should have been doing everything they can do to create a change in the government.

You may want to look up the Pro-Democratic 2014 Hong Kong protests, the 2011Chinese Jasmine Revolution, the 1989 Tiananmen Square protests (dude stood for his rights and got rolled over by a ma’ fucking tank!). May I ask what you have done to fix your government?

What have I done to fix my government? First of all this is my anything because I did not vote for that man and I do not have his value system. What I will do vote and stump for those candidates I support as well as on not only a Nationwide scale but local and regional.

Versus expecting for someone to rescue me because guess what? No one is coming to rescue anyone and we have to save ourselves.

So what you are saying is that you are doing all that you can within the system you have provided to you, and change comes slowly — cool.

Versus expecting for someone to rescue me because guess what? No one is coming to rescue anyone and we have to save ourselves.

That’s what you glean from consistent protests and demonstrations? That they are waiting for someone else to do something for them? This current string of protests have been going on since the 15th of August, ending in over 2000 injuries, over 2300 arrests, and at least 10 dead. They aren’t waiting for anyone to save them, their battle is just much harder than anything we have going on.

Also, it’s unfortunate that this got roped into the article’s topic, my stance has nothing to do with Apple, just that the people of Hong Kong (and China as a whole) deserve more credit that what you were just affording them.

That’s not what I am saying at all. I’m saying expecting Apple to run to the rescue is not going to save them regardless of what some of you think.

No one but people who troll apple actually thinks that. The reality is that it is a Multi-National corporation that needs to obey the laws of whatever land they operate in. If they went counter to American laws it would be no different, so here they lobby.

I can’t tell because between The Verge and MacRumors it’s a bit of a mess. Especially the posts where there are folks bashing Tim Cook for mentioning anything LGBTQ or about POC’s for being too political yet deriding Apple for the HK incident.

It’s almost like folks expect for Apple to ignore any social and political issues in the US and only acknowledge those issues that effect other countries. Anyway I have realized trying to figure out the why in why folks think they way they do is insanity so screw it.

Fuck, ignore the MacRumors comment section. It’s 2/3 Samsung evangelists purposefully looking to troll.

It’s almost like folks expect for Apple to ignore any social and political issues in the US and only acknowledge those issues that effect other countries. Anyway I have realized trying to figure out the why in why folks think they way they do is insanity so screw it.

Then you are better for it.

Here also because folks do that all the time and the Verge writers drop that bait on purpose to create discord as opposed to a discord group. This comment will get me banned but I’m not worried. We choose the proverbial "Hills that we die on".

Some people can be — true — but it not quite as bad as it is there.

Tiananmen Square did not occur in HK get your facts correct.

You are right, they happened in Bejing while protesting the communist party of the "People’s Republic of China".

These protests are against the Hong Kong Government, or as they are formally known as "Government of the Hong Kong Special Administrative Region of the People’s Republic of China".

Different entities, altogether.

Apple conveniently words the iMessage statement "we can’t read your messages while being sent". What they don’t tell you is that they control the encryption keys and can access the content if required by legal authorities. Clever obfuscation.

No, they have A key, but not the only key:

To over simplify it: imagine you have a mail box. This box has two keys. One key lets you drop mail into the mail slot, and one key lets you take mail out. The input key and the pickup key are entirely different; one can never be used to replace the other. You can give away a million copies of your input key, and no one could use it to do anything but put mail in. Unless they find a copy of your pickup key or find a weakness in the way your mailbox was designed, your message is safe.

Source: Tech Crunch – Apple Explains Exactly How Secure iMessage Really Is

Also:

CloudKit end-to-end encryption
Many Apple services, listed in the Apple Support article "iCloud security overview" ( https://support.apple.com/HT202303 ), use end-to-end encryption with a CloudKit Service Key protected by iCloud Keychain syncing. For these CloudKit containers, the key hierarchy is rooted in iCloud Keychain and therefore shares the security characteristics of iCloud Keychain—the keys are available only on the user’s trusted devices, and not to Apple or any third party. If access to iCloud Keychain data is lost (see "Escrow security" section later in paper), the data in CloudKit is reset; and if data is available from the trusted local device, it is re-uploaded to CloudKit.
Messages in iCloud also uses CloudKit end-to-end encryption with a CloudKit Service Key protected by iCloud Keychain syncing. If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices. This iCloud Service Key is rolled whenever the user turns off iCloud Backup.

Source: iOS Security Guide, Page 64

What Apple CAN turn over are any conversations where the bubble is green, as it is not encrypted.

Check out this article. The topic has also been discussed on the Security Now podcast:

https://arstechnica.com/information-technology/2013/10/contrary-to-public-claims-apple-can-read-your-imessages/

Did you read it all? It says:

Contrary to public claims, Apple employees can read communications sent with its iMessage service, according to researchers who have reverse engineered it. (emphasis mine)

Cool, good so far, not a sensational line at all, then goes on to say:

"So yes, there is end-to-end encryption as Apple claims, but the key infrastructure is not trustworthy," the researchers wrote. "So Apple can decrypt your data, if they want, or more probably if they are ordered to."

Of course, they can — they created the whole system so "technically", they can do what they want with it or to it — they wrote it. But there is a massive difference between what you can do right now with the way something is set up, and what one can do if they alter it to behave differently. Further down into the comments, someone made a perfect analogy:

If I say I "can’t" drive to work because my car is broken, the fact that I could, theoretically, repair my car and drive to work does not mean that I’m lying.

Apple said that it can’t decrypt your iMessages. The researcher said that Apple was "lying" because Apple could, theoretically, rewrite its protocols so that it would be able to read your iMessages.

That’s not "lying" by any stretch of the word.

Now, this all boils down to one thing — as a customer, do you trust Apple to not change the system — and no one can tell you how you should feel, it’s a personal decision/preference. I have no reason to think they would change it considering how much value they have riding on this as a differentiator, as well as the fact they have gone toe to toe with law enforcement and not budged on changing how it all works. Could they be lying? Maybe, possibly — if you think that’s the case, start a class-action to make them show their work but, as is, there is a massive difference between what can currently be done, and what can be done is things are changed. One is how it works in practice, and one is what —in theory — can happen if it’s changed.

If your interpretation is correct, it makes you wonder why Apple doesn’t use stronger language in its marketing page. Why not simply say that Apple doesn’t ever decrypt your iMessage content, full stop?

I’m pretty sure I’ve read that Apple routinely decrypts and turns over iCloud backups to the authorities all the time whenever they are presented with a warrant or court order. These backups include iMessage content.

For example: https://www.theverge.com/2016/3/2/11144588/walt-mossberg-apple-vs-fbi-iphone-icloud-loophole

If your interpretation is correct, it makes you wonder why Apple doesn’t use stronger language in its marketing page. Why not simply say that Apple doesn’t ever decrypt your iMessage content, full stop?

I honestly don’t know, it’s probably a legal reason but your guess is as good as mine.

I’m pretty sure I’ve read that Apple routinely decrypts and turns over iCloud backups to the authorities all the time whenever they are presented with a warrant or court order. These backups include iMessage content.

But they aren’t — from your own article, Walt says:

I don’t want to give the impression that Apple turns over iCloud backup data to governments frequently or casually. Apple’s published explainer on government data requests says only 6 percent of them were related to account information, versus stolen phones. It adds that "Not only are a minuscule number of accounts actually affected by information requests, but our stringent review meant Apple only disclosed content in response to 27 percent of the total US account requests we received during the period from July 1st, 2014 to June 30th, 2015."

Great article, thanks for sharing. It gives a bit more insight and to be honest — muddies the water even more than it was before. The article states that the key is kept in Apple Keychain, and yet also says:

In a few other cases, information in iCloud backups is considered so sensitive that, like information on the phone itself, Apple includes it but can’t decrypt it. Such things include Wi-Fi passwords, Apple Keychains (encrypted collections of passwords) and passwords for third-party services.

I’m not trying to blindly defend apple, I don’t work for them nor do I have any intimate knowledge in iCloud’s encryption practices. I’m just saying I am just as interested as everyone else is and I am taking info at face value. I do know that the idea that Apple has your Key from Backup isn’t true as they would have needed the key (generated from your device) to get it. That doesn’t rule out them not needing the key at all, as they created the system in the first place. There are other items included in your iCloud backup that isn’t encrypted e2e so that could be part of the data that is given up, as well as any conversations with green bubbles. I’ll admit that’s kind of where my knowledge stops.

View All Comments
Back to top ↑