Apple has announced a swathe of upgrades for its tablet, phone and computer operating systems that could change the way millions of people’s data is transmitted over the internet – a boon for privacy enthusiasts, but a potential problem for advertisers, law enforcement agencies and governments.
At Apple’s Worldwide Developers Conference yesterday, the company announced that upcoming updates to its web browser will offer an anonymous browsing feature called Private Relay. This will disguise user details from website operators by using a series of intermediary servers. Software to do this, such as the Tor network, already exists, but Apple’s move will make this kind of obfuscation far more mainstream.
The voice-recognition assistant Siri will also process audio on the device, rather than sending it to Apple servers for analysis, and changes to Apple’s email app will stop senders tracking when a message has been read and the IP address from which it was accessed.
The changes have provoked frustration from people working in marketing who track users to build up a profile and better target them. Matt Taylor, a product manager at the Financial Times, said that it will weaken the ability to provide advertising-supported services. He pointed out that around 50 per cent of email marketing is opened on an iPhone using the Mail app, so half of the data on users that was previously collected will be lost. (New Scientist, like most online publications, collects a variety of information about its readers.)
Read more: Apple vs FBI: Who will win this struggle for power?
The new features are a continuation of Apple’s recent clampdown on invasive advertising habits. With iOS 14.5, the current version of its operating system, the company forced apps to tell users what they were doing to collect data on users and to seek their permission.
Alan Woodward at the University of Surrey, UK, says Apple is simply meeting demand from users growing increasingly concerned about privacy.
“There are very few things you pay for on the internet, but the trouble is the old adage: if you’re not paying for the product, you are the product,” he says. “I think it’s a way of differentiating themselves in the market by saying: ‘You’re paying us, we’ll protect you. We’ve sold you a vessel in which your life lives, we want you to feel that that is secure and private’.”
Woodward warns that the changes won’t be the end of the story, and will probably start a game of “whack-a-mole” with advertisers and marketers, where they try to find ways around the new features.
He also points out that the new features will be unavailable in several countries including China, Saudi Arabia, Uganda and Egypt, at the behest of those governments. China alone is the source of 15 per cent of Apple’s revenue.
Read more: Ransomware attacks are becoming more common – how do we stop them?
The features are unlikely to be popular with law enforcement even in countries that don’t ban them. The UK home secretary, Priti Patel, warned Facebook earlier this year that its plans to introduce end-to-end encryption on Facebook Messenger and Instagram were “unacceptable”. Many state security agencies have repeatedly requested “back doors” that allow them to bypass the encryption systems of big tech companies.
But security expert Lukasz Olejnik says that any security and privacy improvements are a good thing, and that people are rightly concerned about the exploitation of their data, although we will have to wait for more details before we know how secure the features will be. Apple has said the update will launch late this year.
“The effect may be felt by the various analytics services, and possibly also law enforcement,” he says. “If in the case of criminal activity, the IP address will be unreachable, then for sure law enforcement agencies will find it a problem. It would be like bringing anonymisation services to the masses.
“Today, when a user commits a crime, the IP address is often part of the evidence. If the IP address ceases to unambiguously point to the human user, then the user may well escape criminal proceedings. That would be controversial to policy-makers or law enforcement agencies. Of course, it is only a problem if, in the end, Apple or their partners are unable to map the IP addresses to the users.”
Apple didn’t respond to a request for comment.
More on these topics: