'Sign in with Apple' may only limit tracking, not eliminate it

Posted:
in General Discussion
"Sign in with Apple," launching alongside this fall's iOS 13, will make it harder for advertisers and other parties to track people -- but data collection is possible, a report indicated on Thursday.

Sign in with Apple


Apple's use of one-off email addresses for each login is meant to limit how much data a company can collect, and allow people to sever ties at will. But, at present, it isn't clear how much it will slow down enterprise or data aggregators.

"With that type of solution, our match rate will be decreasing for sure," Arm Treasure Data CTO Kazuki Ota explained to TechRepublic.

That being said, companies like Treasure Data already have technology that can "clean" and unify multiple IDs under a single profile, Ota continued. This matters because people often interact with multiple brands under the same corporate umbrella, giving that parent business the ability to piece together information about location, demographics, and habits.

"It won't be perfect, to be honest, because 100% clean data is almost an imaginary situation," Ota remarked.

Apple has explicitly marketed Sign in with Apple as a privacy-minded alternative to login services by Facebook, Twitter, Google, and others. The company has come under fire for not only making it mandatory when those third-party services are offered, but even asking that its own button be placed above all others.

The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.

Comments

  • Reply 1 of 20
    rob53rob53 Posts: 3,289member
    Instead of Congress complaining about Apple they should go after all these data stealers aggregators. How is this even being allowed to be a business? This is just as bad as patent trolls. I'd like to see Apple include malware in "sign in with Apple" so every time a data aggregator grabs login information it starts building a massive malware bot that takes down all these companies. I see no problem with this since these companies will be grabbing information about me without my permission.
    racerhomie3applesnorangeslollivercat52jony0
  • Reply 2 of 20
    maestro64maestro64 Posts: 5,043member
    Yes companies can piece data together from various sources this is nothing new, they been doing it since at least 2000. I will give you a quick example, Bought a new 99 ford, graduated with MBA in 2002, got a mailing from Ford saying as new graduate I qualified for first time new car buyer loan and i could also trade in my 99 Ford which was financing through Ford. Ford knew I graduated from college and knew I owed a Ford but could not figure out I was not qualitied for first time new car buy since I already owned a new Ford the Ford loan of .99% was less than the first time buyer loan of 2.99%.

    All Apple is promising is that Apple will not share any information about what sites you are logging into using their ID. But those sites can still use other information about you they can pull from you when you access their website. Unlike Facebook and Google who will aggregate all this information and share with anyone winning to pay them.
    mike1jahblademacgui
  • Reply 3 of 20
    crowleycrowley Posts: 10,453member
    Great so I'll still get targetted ads, only some of them will be mis-targetted to my neighbour.
  • Reply 4 of 20
    The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
    Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
    Phobos7Solicat52
  • Reply 5 of 20
    mike1mike1 Posts: 3,409member
    crowley said:
    Great so I'll still get targetted ads, only some of them will be mis-targetted to my neighbour.
    The difference here is that Apple's business model is not about providing data or selling advertising. They're coming at it from a totally different angle.
    AppleExposedlollivercat52
  • Reply 6 of 20
    jogujogu Posts: 9member
    luxuriant said:
    The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
    Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
    Regardless of your views on the motives of the members, Apple apparently consider the OpenID Connect protocol (which was created by the OpenID Foundation) a good enough protocol that they copied 99% of it.

    Luckily the foundation published the full technical details of how they differ from the standard implementation here:

    https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

    You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.



    FileMakerFeller
  • Reply 7 of 20
    sergiozsergioz Posts: 338member
    Today you can use other tricks on top of that and opt out from most of the tracking. AdGuard for Mac does a great job of blocking ads enhance your security, protect your privacy plus many other like obfuscation of IP address and going in stealth mode. Even if smart enterprises collect your data it will be completely useless. Don’t believe me see for your self https://adguard.com/en/welcome.html
    edited July 2019
  • Reply 8 of 20
    mjtomlinmjtomlin Posts: 2,687member
    jogu said:
    luxuriant said:
    The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
    Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
    Regardless of your views on the motives of the members, Apple apparently consider the OpenID Connect protocol (which was created by the OpenID Foundation) a good enough protocol that they copied 99% of it.

    Luckily the foundation published the full technical details of how they differ from the standard implementation here:

    https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

    You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.




    Since no one outside of Apple knows exactly how "Sign in with Apple" works anything said or compared is purely conjecture. I seriously doubt Apple "copied" OpenID... They are very capable of coming up with their own implementation even if some of things happen to "appear" similar. Anyone who's every designed anything knows there's a huge difference between implementation and appearance.

    OpenID obviously has an issue with Apple (probably not joining their group), otherwise, what would they care? This reaction reminds me a lot of CurrentC.

    As long as we have an option that is NOT Google or Facebook, (or any group supported by either) count me in!


    flyingdpmacguiAppleExposedStrangeDayscat52
  • Reply 9 of 20
    NotsofastNotsofast Posts: 450member
    "Come under fire." LOL. Apple's hundreds of millions of customers love the idea. Most developers like it. But I guess a few complainers constitutes "come under fire" ????
    macguiAppleExposedlostkiwicat52jony0
  • Reply 10 of 20
    flydogflydog Posts: 1,138member
    Notsofast said:
    "Come under fire." LOL. Apple's hundreds of millions of customers love the idea. Most developers like it. But I guess a few complainers constitutes "come under fire" ????
    Exaggeration and incendiary remarks tend to generate more clicks and ad revenue. 
    AppleExposedlostkiwicat52jony0
  • Reply 11 of 20
    xyzzy-xxxxyzzy-xxx Posts: 193member
    I will continue to use a password manager to store and fill in secure passwords. I think a internet service - as good as might be - is not the right approach...
  • Reply 12 of 20
    rivertriprivertrip Posts: 143member
    crowley said:
    Great so I'll still get targetted ads, only some of them will be mis-targetted to my neighbour.
    Give companies accurate and complete personal information if you want "accurate" targeted ads.
    SoliAppleExposedcat52
  • Reply 13 of 20
    rivertriprivertrip Posts: 143member
    OpenID members include the companies that profit by selling or using personal information scraped from logins.

    https://openid.net/foundation/sponsoring-members/
    AppleExposedStrangeDayscat52
  • Reply 14 of 20
    tstumptstump Posts: 29member
    It really will merely spread it out a lot but make it far easier to maintain individualized-paired security with each entity you delegate your privacy to via their login. 
     There should be no surprise that they will still all get  aggregated  together in the long run.
    But the ease-of-use factor is much appreciated. 
    It is up to each of us users to prune our tree of security/privacy delegations to these entities or funnel them through bigger branches on the tree of shared login portals.
     Wrestling with somatic terminology here a bit… 
  • Reply 15 of 20
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    jogu said:
    luxuriant said:
    The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
    Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
    Regardless of your views on the motives of the members, Apple apparently consider the OpenID Connect protocol (which was created by the OpenID Foundation) a good enough protocol that they copied 99% of it.

    Luckily the foundation published the full technical details of how they differ from the standard implementation here:

    https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

    You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.




    If OpenID didn't exist you would have claimed Apple "copied" Googles/Facebooks spyware logins. You idiots are always in denial.

    Notsofast said:
    "Come under fire." LOL. Apple's hundreds of millions of customers love the idea. Most developers like it. But I guess a few complainers constitutes "come under fire" ????

    Meanwhile the industry will ignore Google/Facebook who openly hack/data mine user data.

    Even iKnockoff users are turning into anti-privacy advocates. Claiming we shouldn't care that Google is gathering personal data. lol
    cat52
  • Reply 16 of 20
    gatorguygatorguy Posts: 24,595member
    AppleExposed said:
    ..Meanwhile the industry will ignore Google/Facebook who openly hack/data mine user data.
    ??

    That would be news to any reader of a news outlet or internet blog including the one you're posting to. Hardly ignored.
    edited July 2019
  • Reply 17 of 20
    mjtomlin said:
    jogu said:
    luxuriant said:
    The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
    Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
    Regardless of your views on the motives of the members, Apple apparently consider the OpenID Connect protocol (which was created by the OpenID Foundation) a good enough protocol that they copied 99% of it.

    Luckily the foundation published the full technical details of how they differ from the standard implementation here:

    https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

    You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.

    Since no one outside of Apple knows exactly how "Sign in with Apple" works anything said or compared is purely conjecture. I seriously doubt Apple "copied" OpenID... They are very capable of coming up with their own implementation even if some of things happen to "appear" similar. Anyone who's every designed anything knows there's a huge difference between implementation and appearance.

    OpenID obviously has an issue with Apple (probably not joining their group), otherwise, what would they care? This reaction reminds me a lot of CurrentC.

    As long as we have an option that is NOT Google or Facebook, (or any group supported by either) count me in!
    Why do you have an opinion (never mind, publishing it) when you are so ignorant?

    I too like the sign in with Apple feature, and I plan on using it for some (many, probably) things. But if you'd taken three minutes to read the link provided by @jogu you'd see that the OIDF do know exactly how a large part of the sign in with Apple code works. And no wonder, since the API is published by Apple. And why shouldn't Apple have copied that? It makes things easier for everyone.

    In fact, while I haven't spent a lot of time looking at this, I know enough about security to know that some of their issues are significant enough to be addressed, and I expect Apple will in fact do that before the release of this service and the OSes with supporting code. This isn't at all like the CurrentC situation, which was entirely a money issue.
    FileMakerFellerjogu
  • Reply 18 of 20
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    gatorguy said:
    AppleExposed said:
    ..Meanwhile the industry will ignore Google/Facebook who openly hack/data mine user data.
    ??

    That would be news to any reader of a news outlet or internet blog including the one you're posting to. Hardly ignored.

    The media is always on Apples ass.

    I guess the ugly sister just isn't as "hot"......

    "the “Wi-Spy” case was particularly alarming to consumer advocates, because it raised the specter of Google’s “Street View” cars — which had already raised privacy concerns — roaming around major cities vacuuming up personal data, including snippets of browser activity, email traffic, and even medical and financial records, from the Wi-Fi networks of unsuspecting users."
    cat52
  • Reply 19 of 20
    geekmeegeekmee Posts: 646member
    rob53 said:
    Instead of Congress complaining about Apple they should go after all these data stealers aggregators. How is this even being allowed to be a business? This is just as bad as patent trolls. I'd like to see Apple include malware in "sign in with Apple" so every time a data aggregator grabs login information it starts building a massive malware bot that takes down all these companies. I see no problem with this since these companies will be grabbing information about me without my permission.
    Data aggregation has been around as long as there has been credit bureaus vacuuming up personal exhaust fumes with ‘investigations.’
    Good luck getting past the 3 largest credit bureau lobbyists.
    edited July 2019 gatorguy
  • Reply 20 of 20
    jogujogu Posts: 9member
    mjtomlin said:
    Since no one outside of Apple knows exactly how "Sign in with Apple" works anything said or compared is purely conjecture.
    It's literally documented on Apple's developer website how it works.
    I seriously doubt Apple "copied" OpenID...
    See the Apple documentation. Apple return an id_token that is exactly the same format as the one defined by the OpenID Connect standard, right down to the field names. There's no reason you'd do that unless you were basing your tech on OpenID Connect.
    They are very capable of coming up with their own implementation even if some of things happen to "appear" similar. Anyone who's every designed anything knows there's a huge difference between implementation and appearance.

    They are, but if they want it to be interoperable then they need to follow existing standards (and they do seem to want this, so that it's easy for third party website backends to support sign in with apple; otherwise as you say they would have invented something completely new).
    OpenID obviously has an issue with Apple (probably not joining their group), otherwise, what would they care? This reaction reminds me a lot of CurrentC.

    As long as we have an option that is NOT Google or Facebook, (or any group supported by either) count me in!
    OpenID's issue is with Apple's implementation being incomplete and not including the mitigations for some known security/privacy issues. This is because the very goal of the OpenID Foundation is to promote interoperable implementation. That's why they make testing tools available for free & open source, and why all the standards are 100% free to read / implement / use. I'm guessing you didn't read the link I shared, or had trouble understanding it. Here it is again: https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

     I 100% agree that it's brilliant Apple are doing SIWA - I'm massively looking forward to as many apps as possible supporting SIWA.
    gatorguyJustSomeGuy1
Sign In or Register to comment.