'Sign in with Apple' may only limit tracking, not eliminate it
"Sign in with Apple," launching alongside this fall's iOS 13, will make it harder for advertisers and other parties to track people -- but data collection is possible, a report indicated on Thursday.
Apple's use of one-off email addresses for each login is meant to limit how much data a company can collect, and allow people to sever ties at will. But, at present, it isn't clear how much it will slow down enterprise or data aggregators.
"With that type of solution, our match rate will be decreasing for sure," Arm Treasure Data CTO Kazuki Ota explained to TechRepublic.
That being said, companies like Treasure Data already have technology that can "clean" and unify multiple IDs under a single profile, Ota continued. This matters because people often interact with multiple brands under the same corporate umbrella, giving that parent business the ability to piece together information about location, demographics, and habits.
"It won't be perfect, to be honest, because 100% clean data is almost an imaginary situation," Ota remarked.
Apple has explicitly marketed Sign in with Apple as a privacy-minded alternative to login services by Facebook, Twitter, Google, and others. The company has come under fire for not only making it mandatory when those third-party services are offered, but even asking that its own button be placed above all others.
The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
Apple's use of one-off email addresses for each login is meant to limit how much data a company can collect, and allow people to sever ties at will. But, at present, it isn't clear how much it will slow down enterprise or data aggregators.
"With that type of solution, our match rate will be decreasing for sure," Arm Treasure Data CTO Kazuki Ota explained to TechRepublic.
That being said, companies like Treasure Data already have technology that can "clean" and unify multiple IDs under a single profile, Ota continued. This matters because people often interact with multiple brands under the same corporate umbrella, giving that parent business the ability to piece together information about location, demographics, and habits.
"It won't be perfect, to be honest, because 100% clean data is almost an imaginary situation," Ota remarked.
Apple has explicitly marketed Sign in with Apple as a privacy-minded alternative to login services by Facebook, Twitter, Google, and others. The company has come under fire for not only making it mandatory when those third-party services are offered, but even asking that its own button be placed above all others.
The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
Comments
All Apple is promising is that Apple will not share any information about what sites you are logging into using their ID. But those sites can still use other information about you they can pull from you when you access their website. Unlike Facebook and Google who will aggregate all this information and share with anyone winning to pay them.
Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
Luckily the foundation published the full technical details of how they differ from the standard implementation here:
https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md
You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.
Since no one outside of Apple knows exactly how "Sign in with Apple" works anything said or compared is purely conjecture. I seriously doubt Apple "copied" OpenID... They are very capable of coming up with their own implementation even if some of things happen to "appear" similar. Anyone who's every designed anything knows there's a huge difference between implementation and appearance.
OpenID obviously has an issue with Apple (probably not joining their group), otherwise, what would they care? This reaction reminds me a lot of CurrentC.
As long as we have an option that is NOT Google or Facebook, (or any group supported by either) count me in!
https://openid.net/foundation/sponsoring-members/
It is up to each of us users to prune our tree of security/privacy delegations to these entities or funnel them through bigger branches on the tree of shared login portals.
Wrestling with somatic terminology here a bit…
If OpenID didn't exist you would have claimed Apple "copied" Googles/Facebooks spyware logins. You idiots are always in denial.
Meanwhile the industry will ignore Google/Facebook who openly hack/data mine user data.
Even iKnockoff users are turning into anti-privacy advocates. Claiming we shouldn't care that Google is gathering personal data. lol
That would be news to any reader of a news outlet or internet blog including the one you're posting to. Hardly ignored.
The media is always on Apples ass.
I guess the ugly sister just isn't as "hot"......
"the “Wi-Spy” case was particularly alarming to consumer advocates, because it raised the specter of Google’s “Street View” cars — which had already raised privacy concerns — roaming around major cities vacuuming up personal data, including snippets of browser activity, email traffic, and even medical and financial records, from the Wi-Fi networks of unsuspecting users."
Good luck getting past the 3 largest credit bureau lobbyists.
I 100% agree that it's brilliant Apple are doing SIWA - I'm massively looking forward to as many apps as possible supporting SIWA.