Soapbox

TL:DR Apple’s claims to being privacy-first are a marketing sham

Apple claims to hold privacy at its core, but it has been an advertising company for at least a decade, and now that smartphone and computer sales are plateauing and new products like the Apple Vision Pro have failed to set the world on fire, Services revenue (an euphemism for the 30% App Store tax on developers and advertising) is critical to maintaining the company’s stock price.

Recent behavior from Apple has confirmed Google or Meta’s take that Apple’s privacy claims are just that, clever marketing to obscure the fact the privacy measures they do have are mainly there to stymie its competitors:

• Apple forces app developers to ask permission to access the advertising tracking ID (IDFA), but exempts itself from that requirement by a truly Clintonesque redefinition of tracking as “sharing data with other companies, not with ourselves”—one rule for thee but not for me

• Apple’s notarizarion feature leaks information to Apple on what apps you have installed on your device. What’s worse, this is sent unencrypted so anyone with network access can also grab this info. Apple promised to give a way to disable this misfeature (which also has a noticeable performance impact for developers) but quietly reneged on this.

• Apple would upload recordings of Siri queries without your consent, and Apple employees and contractors had access to them

• Apple implemented a CSAM scanning feature, whereby your iPhone would rat you out before the government even asked them to do so. Even though they reversed themselves, they set a precedent authoritarian governments will certainly avail themselves of.

• When they introduced the Journal app, they gave them wide-ranging access to other apps’ data without consent.

• Apple silently opted you into “Privacy Preserving Ad Measurement”. This an Orwellian misrepresentation, as your browser is tracking you on behalf of advertisers, just as Google Chrome is doing with its Topics API. Firefox is equally guilty of this (PDF) and unrepentant. Even Google, the most voyeuristic of the surveillance-industrial complex, asked for permission before enabling this in Chrome, albeit with wildly misleading wording because no one does dark patterns quite as smugly as don’t do be evil Google.

• Apple silently opted you in to “Enhanced Visual Search”, where it uploads fingerprints of landmarks in your photos to its server. It claims to use differential privacy and homomorphic encryption to make this privacy compliant, but this still leaks information, even if Apple’s implementation were perfectly bug-free (given the abysmal track record of Apple QA of late, this would require heroic levels of credulity).

• They did it also for “Improve Search"—Seeing a pattern here yet?

Here are the settings you need to review and change from their privacy-invading defaults, in chronological order of when they were introduced. Apple also has the nasty habit of silently turning them back on, so you will need to check this list regularly. You will also need to set these on each device separately.

iOS and iPadOS

• Disable the IDFA altogether and do not allow apps to ask for it:
  • Settings / Privacy & Security / Tracking / Allow Apps to Request to Track / (turn off)
• Disable Apple’s own Ad network tracking:
  • Settings / Privacy & Security / Apple Advertising / Personalized Ads / (turn off)
• Disable Sharing of information with Apple, including Siri recordings:
  • Settings / Analytics & Improcements / (disable all of them)
• Private Click Measurement:
  • Settings / Apps / Safari / Advanced / Privacy Preserving Ad Measurement / (turn off)
• Improve Search:
  • Settings / Search / Help Apple Improve Search
  • Settings / Apps / Safari / Search / Search Engine Suggestions / (turn off)
  • Settings / Apps / Safari / Search / Safari Suggestions / (turn off)
• Visual Search:
  • Settings / Apps / Photos / Enhanced Visual Search / (turn off)
• Journal App:
  • Settings / Privacy & Security / Journaling Suggestions / (turn them all off)

macOS

• Disable analytics:
  • System Settings / Privacy & Security / Analytics & Improvements / (turn them all off)
  • Sign in to account.apple.com, then Privacy / iCloud Analytics / Share iCloud analytics / (turn off)
  • This might also be a good time to request export of all the data Apple holds on you
• Disable Apple’s Ad tracking:
  • System Settings / Privacy & Security / Apple Advertising / Personalized Ads / (turn off)
• Disable Siri:
  • System Settings / Apple Intelligence & Siri / Siri / (turn off)
  • System Settings / Apple Intelligence & Siri / Siri history / Delete Siri & Dictation History / (click on the button)
• Private Click Measurement:
  • Safari / Settings / Advanced / Allow privacy-preserving measurement of ad effectiveness / (turn off)
• Improve Search:
  • System Settings / Accessibility / Motor / Voice Control / Improve assistive voice features / (turn off)

Further actions

Ideally, change your default browser to something better, like Vivaldi or LibreWolf.

Stop iMessage from using insecure unencrypted SMS as a fallback (warning: this setting is buggy and often ignored):

• on iOS: Setting / Apps / Messages / Send as Text Message / (turn off)

Better yet, ditch both SMS and iMessage for Signal or WhatsApp, who do not have an unencrypted option to snare you.

Install Little Snitch, an outbound firewall you can use to control what sites apps can connect to.

Disable Apple Intelligence.

Ultimately, switch to Linux and GrapheneOS or LineageOS.

I have a work-issued computer that I keep rigorously separate from my personal stuff. It belongs to my employer and thus I do not keep personal files on it, or access personal email and certainly don’t save personal passwords on it. I even have it on a separate VLAN on my home network.

This is why I was horrified when I went to the LinkedIn website on my work computer (to look at a colleague’s posting) and it automatically started a single sign-on with my company’s GMail (my work address is of course linked to my LinkedIn profile).

This means a company with Google Apps can potentially access your LinkedIn account without your permission. Considering LinkedIn’s past record of egregious security failures¹, it shouldn’t be too surprising, but still…

I couldn’t find any setting to disable SSO, and it seems the only way to prevent this is to turn on two-factor authentication (where the only options are the grossly insecure phone SMS text message method or the equally phishable TOTP Authenticator app codes, not the actually secure Webauthn/FIDO U2F USB keys).

I never updated my home Mac Pro to El Capitan. To paraphrase Borges, each successive Apple OS release since Snow Leopard makes you long for the previous one. Unfortunately I have no choice but to run the latest OS X release on my work Macs as that is usually required to run the latest Xcode, itself required for the App Store.

I did not realize how bad El Capitan was until I upgraded my work iMac (27-inch 5K model) to Sierra last week. Previously, I would experience a mean time between crashes of around 3 days. I thought it was flaky hardware (the problems started from when I unboxed the computer), but couldn’t find the time to take it to the Genius Bar. I had also experienced the same problem with my old home 2009 Nehalem Mac Pro, which I had taken to the office, in fact that’s why I bought the iMac in the first place (and the first one I ordered had to go back because of defective pins in the RAM expansion slots). The Mac Pro had previously been rock-steady at home.

Since I upgraded to Sierra, I haven’t had a single crash. The only possible conclusion is that El Capitan bugs were to blame. The only thing unusual about this iMac is I upgraded the RAM from OWC, but the memory passes testing using Micromat’s TechTool.

I am not one to look at the Steve Jobs era with rosy-tinted glasses, OS X has never had the same level of stability as Solaris or even Linux, but Apple’s hardware and software quality has really gone to the dogs of late, something Lloyd Chambers dubs Apple Core Rot.

I am now starting to hedge my bets and am testing Ubuntu for my laptop computing needs, first by repurposing my 2008-vintage first-generation MacBook Air that is no longer supported by OS X anyway (works, but painfully slow) and soon with a shiny new HP Spectre on order.

I mentioned previously that I seldom shop for electronics on Amazon.com any more, preferring B&H Photo whenever possible. I now have another reason: avoiding counterfeit goods.

My company boardroom is in an electromagnetic war zone—dozens of competing WiFi access points combined with electronic interference from the US-101 highway just outside make WiFi reception tenuous at best, and unusable more often than not. To work around this, we set up a wired Ethernet switch, and since most of our staff use MacBook Airs, Apple USB Ethernet adapters purchased from Amazon. When I side-graded from my 15″ Retina MacBook Pro to a much more portable 12″ Retina MacBook, I wasn’t able to connect using the dongle, and the name of the device was interspersed with Chinese characters. At first I thought it was an issue with my Satechi USB-C hub, but I experienced the same problems via a genuine Apple USB-C multiport adapter as well.

Eventually I figured out the Ethernet dongles were counterfeit. The packaging, while very similar to Apple’s, was just a tiny bit off, like amateurish margins between the Apple logo and the edges of the card. On the dongles themselves, the side regulatory disclosures sticker was inset, not flush with the body of the adapter.

Counterfeiting is a major problem. By some accounts, one third of all Sandisk memory cards worldwide are counterfeits. In some cases like chargers or batteries, your equipment could be at risk, or even your very life. The counterfeit adapters we purchased from Amazon did not come from Amazon themselves but from a third-party merchant participating in the Amazon marketplace. To Amazon’s credit, we returned them for a prompt, no questions asked refund even though we bought them over six months ago, but it is hard to believe Amazon is unaware of the problem rather than willfully turning a blind eye to it.

My first reaction was to tell our Office Manager to make sure to buy only from Amazon rather than third-party merchants (pro tip: including “amazon” in your Amazon search terms will do that in most cases). Unfortunately, that may not be enough. Amazon has a “fulfilled by Amazon” program for merchants where you ship your goods to them, and they handle warehousing and fulfillment. These “fulfilled by Amazon” items are also more attractive to Prime members. One option Amazon offers is Stickerless, commingled inventory where the items you send are put into a common bin. Amazon still has the ability to trace the provenance of the item through its inventory management, but for purposes of order fulfillment they will be handled just like Amazon’s own stock. Some categories like groceries and beauty products are excluded, but electronics are not.

The implications are huge: even if the vendor is Amazon itself, you cannot be sure that the item is not counterfeit. All the more reason to buy only from trustworthy, single-vendor sites like B&H, even if shipping is a bit slower.

TL:DR Avoid them.

I seldom print photos any more. When I do, I prefer to make photobooks, as the format is way more convenient than loose prints, takes little space, and looks more polished than a traditional photo album.

Unfortunately, most photobooks are printed on HP Indigo digital presses, which use a technology somewhat similar to a laser printer, but capable of better quality photo reproduction. Indigo presses were originally designed to produce personalized junk-mail, not high-quality photo reproduction, and the quality, while decent, is not at the same level as that of true RA-4 photo paper exposed with a laser or LED light source as done by most digital minilabs (e.g. Fuji Frontier or Noritsu QSS) or higher-end imaging systems like the Océ/Cymbolic Lightjet or Durst Lambda.

There are higher-quality options. AdoramaPix has a good reputation for its albums, which are printed on RA-4 paper and bound in a lay-flat binding without a gutter, a technique that lends itself specially well to panoramic prints. They also have a “Hudson” line of premium albums where the photos are laminated on thick cardstock for a more luxurious feel. In researching this flush-mount process, I discovered a company called ArtisanState. It is based here in San Francisco (manufacturing is in China), their pricing seemed attractive, so I decided to give them a try.

I used a selection of my panoramic prints and ordered a 6×8 album bound in genuine leather. They offer two grades of paper, Fuji Crystal Archive Lustre and Fuji Crystal Archive Pearl Metallic, and I opted for the latter. Metallic paper, first introduced by Kodak under the Endura brand, has mica particles embedded in the RC paper base under the photographic emulsion. The photo looks as if it is painted on metal, which can be spectacular, specially with specular highlights (although I would not recommend it for portraiture such as a wedding album, the fashion industry seems to be quite fond of it). The Fuji lustre has a grainy finish that resists fingerprints, but I don’t find it attractive, and would much prefer a satin finish without an obvious texture like the one Moo uses in its business cards.

When I received my album after 2 weeks, I was impressed by the reproduction quality and the metallic effect, but there was also a very visible texture on the pages, similar to an orange peel. After some research, I found that mounting metallic papers seems to cause orange peel unless done very carefully using a low temperature on the mounting press, and they are the exception to the general rule of thumb that Fuji products are superior to Kodak’s (although true to form, Kodak’s bean counters degraded the quality of the product by cutting corners to shave costs).

At the price they charge ($104 list, but I got it at 40% promotional discount), you can rightfully expect perfection. I wrote to ArtisanState to complain, got the run-around, and reviews online suggest my experience with unresponsive support is far from unusual. I am going to try again with AdoramaPix: they may be more expensive, but the product won’t be made in China and in the end you get what you pay for.