Apple's 'differential privacy' still collects too much specific data, study says
Apple's use of "differential privacy" -- a method that inserts random noise into data as it's collected en masse -- doesn't go far enough to protect personal information, a study suggested this week.
Apple's "privacy loss parameters" still allow too much specific data to slip through, according to the study (PDF link), highlighted by Wired and published by five researchers from the University of Southern California, Indiana University, and Tsinghua University. While both macOS and iOS 10 are said to have issues, the latter platform is believed to be the more problematic one.
Another concern is that Apple keeps its loss parameter -- also known as its epsilon -- secret, which means that the company could be changing it on the fly without any outside scrutiny.
"Apple's privacy loss parameters exceed the levels typically considered acceptable by the differential privacy research community," said USC professor Aleksandra Korolova.
macOS is said to have an epsilon of 6, while iOS 10 sits at 14. By comparison, Google claims the differential privacy system in Chrome has an epsilon of 2 in most cases, and a lifetime ceiling of 8 to 9. Google also open-sources related code, making it possible to doublecheck.
In response to the study, Apple said it disagrees with many points, such as to what degree it can correlate data with a particular person. The company insisted that it varies noise based on the type of data, and that the researchers simply combined epsilons for all types on the assumption it could be pieced together.
It also pointed to policies like time limits on data storage, the rejection of IP addresses, and the decision to make collection opt-in -- referring to installation and setup screens where people can choose whether or not to share usage and diagnostics information.
The study found that the iOS 11 beta had an epsilon of 43, but that's likely because of normal testing designed to weed out bugs before the software's Sept. 19 launch.
Apple's "privacy loss parameters" still allow too much specific data to slip through, according to the study (PDF link), highlighted by Wired and published by five researchers from the University of Southern California, Indiana University, and Tsinghua University. While both macOS and iOS 10 are said to have issues, the latter platform is believed to be the more problematic one.
Another concern is that Apple keeps its loss parameter -- also known as its epsilon -- secret, which means that the company could be changing it on the fly without any outside scrutiny.
"Apple's privacy loss parameters exceed the levels typically considered acceptable by the differential privacy research community," said USC professor Aleksandra Korolova.
macOS is said to have an epsilon of 6, while iOS 10 sits at 14. By comparison, Google claims the differential privacy system in Chrome has an epsilon of 2 in most cases, and a lifetime ceiling of 8 to 9. Google also open-sources related code, making it possible to doublecheck.
In response to the study, Apple said it disagrees with many points, such as to what degree it can correlate data with a particular person. The company insisted that it varies noise based on the type of data, and that the researchers simply combined epsilons for all types on the assumption it could be pieced together.
It also pointed to policies like time limits on data storage, the rejection of IP addresses, and the decision to make collection opt-in -- referring to installation and setup screens where people can choose whether or not to share usage and diagnostics information.
The study found that the iOS 11 beta had an epsilon of 43, but that's likely because of normal testing designed to weed out bugs before the software's Sept. 19 launch.
Comments
I’m curious how the study was able to reach its conclusion if the parameters are secret.
They don't give that to the entirety of Google - only to RAPPOR, a tiny subset of their data gathering.
Though many people like to throw around Google and differential privacy together to infer Google uses it in all their products/services.
it needs multiple parameters about you to "fuse"' your data... to be definitive about what you are up to.
will it use for its services business offerings!
Of course, it will and still claim privacy!!
it will push services based on you and your hbbots and friends circle..
Apple software will never know how to protect from cyber security hacks..
watch out!!!
Apple will know all about its users ...all my contacts, my calendar, Face ID, Fingerprint ID and all credit cards details
How can anyone take them seriously?!
You are making the same mistake of throwing differential privacy and Apple together as tho they are using it in all their products and services. They are not. DF is still an immature project at both companies, and both will eventually make more extensive use of it. Learning to walk before they run.
It's irrelevant where they are today, but where they are going.
Google makes its revenue off data collection which it then uses for its advertising business. It's not in their best interests to incorporate technology that would otherwise interfere with or limit their ability to target ads.
In the other thread there was a discussion about Google writing code to exploit a flaw in Safari to circumvent do not track. Is this the kind of company that has the privacy and interests of its users as its primary concern? Hardly. What it shows me is a company that's not to be trusted as they will always make decisions that benefit their primary revenue source (advertising).
Differential privacy and targeted advertising do not mix well.
At the moment the reports authors indicate Apple's version has some issues with it's effectiveness. I know you don't like it but Google does appear to be handling differential privacy better at least for now, and unlike Apple it's methods and results are independently verifiable. In the the bigger scheme of things neither company is making widespread use of it (yet) so these are simply the initial baby steps. Neither of us know where it will go.
By the way here's a paper on differential privacy and advertising if you have any interest in it. They don't necessarily have to be oil and water.
The article says Google claims that Chrome has an epsilon of 2 in most cases.
It seems to me that the researchers didn't actually look at Google, but the article dropped Google in at random to get a bit of chilli heat going on in the comments.
The other point is that the comparison is invalid. The article compares Apple's operating systems (iOS and MacOS) with Google's browser (Chrome). What are the figures like for Android? To be honest, I would expect an operating system to store A LOT of personal information and transmit it to iCloud. That's kinda the point. I know that MacOS has my personal information;I typed it in myself! The privacy issue is transmitting this personal information to third parties in a way that is fairly opaque to users.
You may not like what the researchers are saying, but I am pleased to see Apple engaging with them and arguing their points. Two years ago, Apple would have simply ignored them. This is what research and development is all about. It's all good.
The AI article is a soft-shoe version of the report, but if you read the Wired article it references it might be clearer why it would be to Apple's benefit to be more open about how they've designed and implemented DP and perhaps make some changes to their coding based on it's examination.
https://www.wired.com/story/apple-differential-privacy-shortcomings
But no one involved is saying Apple is doing anything underhanded nor devious. They're simply using differential privacy in a flawed manner and the end results aren't as effective as they should be. It can be fixed. Apple needs to be more open about it and TBH there's zero reason for "secrecy" around it as far as I read it so there's no reason not to. At least Apple and Google have tried to put it to use so kudos to them. Their big tech brethren, Facebook, Amazon, even Microsoft who came up with it originally, haven't made the effort.
Wow, yea, that's a whole other thing. I wonder, though, if Google would now have more info.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.