I've asked similar questions before and am usually told that this is how Apple does things and it's what makes their users happy. It's in fact why they love and choose Apple. They trust Apple to make the right decisions, and this is in fact a big part of the value add of their products. This is much related to the walled garden approach. For example, ask about why sideloading should remain not an option at all, rather than something like Android where you can enable it if you want to but "Grandma" isn't going to accidentally do it. Apple users actively don't want that capability. It doesn't make sense to me, but that's because "I'm not their target market."
I have to agree with this sentiment, I read it here on HN 'power' users more than once. Although most Apple users have no clue about what we discuss here, the part about actively wanting it is simply not true en masse.
Needless to say that's not for me and I will probably keep sporting Androids (in my case I am happy with Samsung's top ultra offerings) since I actually use those added features, ie saving 500 bucks on proper expensive variometer for paragliding and instead hooking it up via OTG cable with basic one with good sensor but without display, for 10% of the price... needless to say relevant app isn't on play store neither. And so on.
But we certainly have choice on the market. I just wish Apple would properly focus on user security and shielding them from the worst of internet, and less on milking advertising, what I see so far didn't convince me it isn't just sophisticated marketing and not much more. You already pay premium on the device, its a proper spit in the face to be so visibly milked more and more, thats pure corporate greed.
What I mean - my wife with iphone pops up browser, I pop up mine with firefox and ublock origin. Internet is utterly useless and horrible place on her phone, while completely fine on mine (plus I get youtube ads blocking as a bonus)
> my wife with iphone pops up browser, I pop up mine with firefox and ublock origin. Internet is utterly useless and horrible place on her phone, while completely fine on mine (plus I get youtube ads blocking as a bonus)
I recently set up NextDNS on my iPhone and browsing the web has become much more usable (previously, I would get webpage crashes!). Something to look into in addition to or instead of Wipr.
That's a self-fulfilling property, with cause and effect going as much in the other direction: people who want that capability don't become Apple users. If you want openness, you don't pick Apple.
It’s not that I trust Apple, it’s that I trust Apple infinitely more than I trust the largest spy network on earth and existing without a smartphone today is difficult.
If you need a smartphone, you can choose between a company that has some missteps, or a demonstrably evil spy network. I know who I am choosing.
Thanks, your position certainly makes sense to me regarding a Pixel phone with the stock software on it, but much less so when considering options like GrapheneOS or any of the Androids made by other non-Google companies (like OnePlus, etc). That's the point at which usually "user experience" or "I'm already in the Apple ecosystem" usually come to fore-front as the reason.
I don't really trust of those big companies, which is where GrapheneOS really shines. Open source, lots of enhanced privacy controls, but also as much of the Google ecosystem as the user wants. If you maximally distrust everyone, you can roll with pure FOSS. If you're somewhere in the middle like most people, you can pick and choose the pieces that are worth it to you (Google's Pixel Camera app is a common one for example). Graphene OS is also trivial to install now thanks to the web installer, so pretty much anybody who can load a web page, plug in a USB cable, and follow the explicit instructions to unlock the bootloader (which is stuff like, "open settings" -> "click about", etc) can do it.
Where do I buy a GrapheneOS phone from a manufacturer that tests the entire package and releases updates?
I’ve done the “just buy unlocked hardware and install this or that” in the past. My phone ended up taking up way more of my time than I’m willing to let it and my life has only gotten busier since.
This mentality is fascinating to me. In a sense, nobody owns an Apple device. It's more like renting: the landlord keeps a bunch of doors locked and has strict rules, but the place comes pre-furnished and includes millennial-grade amenities.
I can see the appeal if you don't particularly care about owning a device, but it blows my mind that people become so dedicated to this way of living.
Not to get too philosophical, but the entire concept of ownership per se is always a social contract that's being renegotiated continuously by society. Almost every country in the world has limits on the things you can own, to give just one example.
I do see the value of having autonomy over the devices I conduct my digital life on (whether owned or rented, for that matter!), but I'm not sure if the concept of physical ownership is the right model here.
How my personal data is being processed in other people's and the government's systems is just as relevant to me, and conversely, I'm fine with some opaque blobs of other people running on my hardware, as long as they're properly sandboxed (i.e. can't phone home freely or access any of my data that's none of their business), and I see the mutual benefit in them.
I think the renting analogy is a decent one and I’m on the other side of this, so let me give you my perspective.
When you own a home, you are 100% liable and responsible. If anything breaks, it’s an unexpected demand on my time and/or an unexpected expense. When you rent, you just call the landlord and say “shit’s broke” and it’s no longer your responsibility. I don’t have the mental bandwidth these days for the unexpected demands the house places on me.
This is _exactly_ the experience I had with Android versus iPhone.
I bought the original Android Dev Phone 1. Still have it somewhere. Moved to a Galaxy Nexus, Nexus 4, couple of OnePlus phones, etc. Used the stock Android, Cyanogenmod, LineageOS, and others. Did all sorts of fun stuff.
Then my life got busier and busier and busier and I found myself sitting up late one night dicking with fixing something on my phone again and just was like nope, this is not how I need or want to be spending my time. My life has only gotten busier since. I don’t have time for suddenly finding out one day that the last update that I installed broke the microphone on my phone and I can no longer use it as a phone.
Using the iPhone is having a landlord. If it breaks, it’s just broken. Not only do I not need to feel responsible for fixing it, I couldn’t if I wanted to. It takes up no space in my head.
So the fact that Apple (1) generally doesn’t release terribly broken software; (2) supports their devices with updates for a long time; and (3) is vaguely respectful of privacy and security makes the iPhone an obvious winner for me.
Even just making sideloading _available_ is going to shift the space my phone sits in my head. It’s no longer going to be “it works or it doesn’t, if it works and you don’t like how it works that sucks nothing to do about it so you may as well forget about it”. It’s going to be a constant “this is vaguely annoying I bet I could find a replacement dialer that _does_ allow you to search your call history…”. I’ll literally pay a premium for someone to take options away from me rather than have yet another place I need to exercise my self control.
I already spend all day with needy computers fixing and improving and such. Having a dumb appliance that lets me not do that is what I _want_.
> I’ll literally pay a premium for someone to take options away from me rather than have yet another place I need to exercise my self control.
Thank you, this makes a lot of sense to me! I'm still on the other side of it personally, but I can genuinely understand this position. So many times these sorts of discussions are so pointless as they go back and forth with things like "you don't have to enable that option if you don't want to" and people saying "somehow I'll have to" with these weird hypotheticals that seems ludicrous, but yours is a solid argument.
Yeah just start with the assumption that “this is an appliance” in my world and most of the rest probably makes sense.
From my point of view and use case, right now the market has two options:
1. A smart toaster with WiFi and Bluetooth that runs modified Linux and uses this functionality to both offer you automatic bread ordering and also spy on your daily toasting habits. But if you don’t like being spied on you can also run aftermarket ToastOS which works on most toasters (though it’s maintained by volunteers and sometimes you update and try and make toast but it never pops and lights a fire in your kitchen). Or…
2. A relatively dumb toaster with a lever and thermocouple. It cannot run custom toast programs. It always makes toast to the exact same darkness regardless of if you want it lighter or darker. If it stops working you throw it out and get a new one because the whole case is glued shut and it’s unrepairable.
Also in this not-so-hypothetical-hypothetical I have literally zero hours in a day to spend on things but a whole big pile of dollarbucks. Also I’m a techie with ADHD and if there’s a piece of broken or annoying technology in front of me I _can_ fix, I will fix.
I’ll pay you extra to solve my toasting problem for me with your dumb appliance so I can get back to migrating workloads off of my EKS cluster on to the bare metal k3s cluster that’s heating up my utility room or rebuilding my garage doors or whatever it is I need to be doing today.
I love that your analogy hit me so hard that I came to question my iPhone SE. I think the main issue for me is that I have not found a better alternative elsewhere. There are some interesting locked down and privacy focused variants of Android, but I am not sure I could use them with the banking and personal ID apps that are almost "required" unless I have to jump through additional hoops daily.
But thought provoking analogy - and thanks for that!
It doesn't work for everything, but many banks will have a website you can use just fine from the phone's browser. If you're trying to do full payments with the phone that won't work of course, but if you get a physical credit card/debit card you can (usually) do everything else with the mobile site. This is what I do for my Graphene OS phone
I think you greatly overestimate how big of a deal this lack of user choice is to most people.
Nobody needs to be dedicated to a lack of choice/freedom for Apple's business model to work.
Being begrudgingly ok with it works just as well, just like they don’t price their products at “oh wow, that’s a steal, I’ll take one as a spare”, but rather somewhere close to “oh wow, but I guess I don’t buy this every day, and maybe with an installment plan…”
You’re missing a probably sizable fraction of Apple users that don’t love this, but also don’t hate it enough to switch to something else for that reason alone.
It’s very similar to political parties: I have yet to find one that I 100% align with in all things, yet I still vote.
Oh I do want this functionality from them and I already actually do get it on MacOS, where grandma or my mom can use the App Store while I can still get an installer dmg with „this app was downloaded from internet do you trust it yadda yadda” warning. They’ret capable of doing it, they just don’t because AppStore makes a lot of nasty monopoly $.
FWIW I used WeChat a few years ago and at that point it definitely asked for local network access (which is what this article is about; a mechanism for collecting SSIDs which can then later be correlated to locations).
If there is an entitlement, it is as of yet unclear whether it means a consent dialog/privacy toggle or not. IIRC an entitlement only means you can ask for this sort of access, not get it automatically, but I may be wrong (I’ve never gotten far in iOS dev).
We can argue that this feature is misnamed, regular users will not understand what it is and would not be giving informed consent, and I can get behind that, but “automatic access to my private data on my device” looks like jumping to conclusions.
That’s not what that permission does. As mentioned in TFA, SSID scanning access requires an entitlement (granted by Apple), not a permission (granted by the user).
You are misunderstanding what entitlements are. An entitlement does not imply no consent from the user, in many cases all it gives is the ability to ask for that consent.
> FWIW I used WeChat a few years ago and at that point it definitely asked for local network access (which is what this article is about; a mechanism for collecting SSIDs which can then later be correlated to locations).
Is that what "local network access" means? I thought that was for controlling network connections to LAN ips and/or to send multicast packets (eg. mdns).
> there was a VPN app I used that didn't have the "local network access" permission, but was still inexplicably able to get a list of wifi networks I connected to
It is different from continuously getting a list of all SSIDs within your Wi-Fi range, even those you never connected to. This is what allows shady apps infer location (this, and massive databases of SSID matched to coordinates).
What you described is also a feature of WireGuard iOS, and it needed no permission.
As far as I can tell, Wireguard does it the other way around (i.e. you provide it with a list of SSIDs you want to always enable VPN for, it provides that to the OS, and the OS then only tells the VPN that it needs to get connected).
But according to this [1] post (by an Apple employee?), having an enabled VPN profile seems to indeed be opting the app in to receiving the current SSID without the location permission, at least for some time and since iOS 14.
Hm, I assume any app can ask for whatever it wants, but that's just an assumption. I don't know if app developers need to apply to be able to request permissions, but I don't own an iPhone.
I was remembering when trying out iOS development years back that entitlements were needed for many things and the ones I tried involved a consent screen.
From looking at https://developer.apple.com/documentation/bundleresources/en... I would say there are many more entitlements than consent screens, the phrasing suggests there is no 1:1 mapping between them and is not clear on whether they reliably come with consent screens (I suspect not).
It is very unfortunate that there is little clarity on that in the docs, and that entitlements are not exposed anywhere in the GUI. Sure, they are too technical, but they could at least be shown in some advanced info pane. I am seriously considering if I can dejail an old iPhone and perhaps inspect some big name apps for what they have been entitled to.
It's so hard to prioritize non-profits these days. EFF is huge and super relevant, but so are aid programs to Ukraine or I/P, and reproductive health orgs. There's a lot going on I want to contribute to.
I just did my end of year matching gift donating through the portal at work.
I guess I left out Ukraine, which needs fixing. But did get FSF, EFF, the regional food bank, and a niche human rights org.
Let me tell you, causing my employer donate to the EFF in particular is always one of the high points of my year. Even better when there’s 2:1 matching, which they seem to not offer this year (I dig deep in my own pocket when they do have that because, hey, 2:1!). It’s hilarious and oh so satisfying.
I wonder if there is a service to automate small (or large) donations to multiple organizations on a regular basis similar to an investment service?
Edit: I can only find services marketed towards the nonprofit, not for the donor. A service that aggregated and automated all the nonprofits I want to regularly donate small amounts to would be great. I think it would be important to not require the nonprofits direct involvement in order to allow me to donate as diversely as I want.
Benevity is a company that basically administers company matching donations.
Database of approved nonprofits, can set up arbitrary amounts as recurring payments, and automatic matching if you do the donations through their site.
It’s not quite “I got $500 this month to give back, scatter it amongst my chosen charities” but you could definitely use a service like that to set up baseline donations.
I don’t do scheduled donations; prefer to spool it up and make a splash when employer offers 2:1 match. Don’t think I’ve seen that in all of ‘23, though, so settling for 1:1 now.
Thank you for this. I realize this suggestion fits the context of the thread, but I am currently self employed so I would love another suggestion that isn’t necessarily geared toward integrating with employer match programs.
If every big app had to interrupt users to ask for simple things like performing http calls, usability would take a little hit, the nice "UX flow" of apple is a major selling point, so a very small percentage would buy Android phones.
Because Apple fundamentally doesn't believe you own the device so the question makes no sense to them. They already own it why would they need to ask you?
Quite a few apps run tests to find out if they're running on a rooted device, and refuse to continue if they are.
Dunno if these apps do that or not, but I can easily imagine that using them is a Hobson's Choice even in OSS utopia: take the horse offered (app with tracking) or don't have a horse.
To the extent you could ever replace WeChat and Alipay with OSS, that's already a possibility today even with closed OSes and App Stores.
To the extent that you can't (network effects or legal obligations or whatever) you still won't be able to if the code of those apps is made available under any license of your choice.
I honestly don't see it like that anymore. You paid in to buy the object but you're still asking for permission to use their overall ecosystem.
I think it's more like a child buying a teams jersey so that he can play on the team, but he can still get kicked off the team if he doesnt follow the rules. You can't argue "but I paid for the uniform with your logo, you must let me play 1st base!"
Sure the child still owns the uniform, and maybe he can get some use out of it or sell it off for spares (parts) to other people, but him paying doesn't make him own the team.
Android requires the app to ask the user's permission to read WAP identification details. Previously, the app had to ask for location permission, and now there is a special permission just for this. https://developer.android.com/develop/connectivity/wifi/wifi...
This is exactly correct, though you don't want to admit it's the case it seems.
I mean, we just allowed Car Manufactures to pump as much contact data and location data as they can off your phones and sell it to whomever they'd like risk free and legally.
We have laws against physical trespassing, but when it comes to 'data' trespassing on applications that you install or come with your phone we're still in the wild west.
I think you're both right. the misunderstanding here is a difference between is and ought. pixl97 is describing the current state of things, not saying they ought be this way (please correct me if I'm wrong). stavros is describing the way things ought to be.
That article does not mention harvesting data from drivers' phones and selling it without consent.
"we just allowed Car Manufactures (sic) to pump as much contact data and location data as they can off your phones and sell it to whomever they'd like"
Is there any evidence anywhere of what you stated as fact?
