But why would you even think apple, google or facebook would be a good bet to defend your privacy in the first place ? They got the most terrible track record of not caring about.
If you have things that you need to be private, don't put it on a smartphone.
I wish people would stop lumping Apple with Google/Facebook with regards to privacy.
Apple has implicitly for a long time, and lately much more vocally, cared about privacy. They don't have the same data-driven business model that Google and FB do.
> Apple has implicitly for a long time, and lately much more vocally, cared about privacy.
They say that. But with closed source software we can't verify that it's true. I'm not saying they don't care about privacy, only that we don't really know if they do or not.
With open source software, it doesn't appear that people can verify things are safe either given the long-term security issues with things like OpenSSL et al.
We found the bug in OpenSSL BECAUSE it was opensource. If it weren't, nobody would have seen it.
Plus, with open source you can verify intent, which you can't with apple.
Which provide a device getting your finger prints, all your phone numbers, internet search, bank details, some paiements, network communication, voice communications, text communications, localisation using GPS and wifi + hotspot + phone towers and soon ihealth device collection body metrics.
And they are profit oriented, not people oriented.
> We found the bug in OpenSSL BECAUSE it was opensource.
Sure but they were there for years before anyone noticed. Same with PHP's Mersenne Twister code. Same with multiple other long-standing bugs. It's disingenuous to toss out "Oh, if only it was open source!" because reality tells us that people just plain -don't- read and verify open source code even when it's critical stuff like OpenSSL.
Actions speak louder than words. The most revealing test of the strength of a company's commitment to privacy is how it handles situations when privacy can conflict with profits. Privacy on the internet relies critically on browsers only trusting trustworthy certificate authorities. When CNNIC breached its trust as a certificate authority last year, Apple sat tight waiting for the furor to subside (https://threatpost.com/apple-leaves-cnnic-root-in-ios-osx-ce...).
I would argue that handling security problems in general has not been Apple's strength historically.
I agree that failing to fix a problem like this in a timely fashion is bad, but sins of omission are generally judged differently than sins of commission, for better or worse. Apple failing to apply proper prioritization to security holes isn't the same as Apple collecting data to be sold to the highest bidder.
So, again, Apple should not be treated as equivalent to Google and Facebook. Feel free to judge them harshly, but don't paint them with the same brush.
If you have things that you need to be private, don't put it on a smartphone.