You make some good points. Unfortunately, trust isn’t binary. Security and privacy have a lot of parallels to what happens with medicine/vaccines and such in the scientific community. You release some code/product the community vets it, finds flaws etc. and then it is eventually released as a better product/method. This can’t happen without some level of transparency or accountability. Hopefully this continues to get better…
This looks quite transparent to me (note additional information on privacy protections added on 11/16):
https://support.apple.com/en-us/HT202491
(Title of above-linked support article: “Safely open apps on your Mac”)
1 Like
I disagree. Transparency is being clear about what’s happening up front. Take their approach to differential privacy and on device intelligence versus the cloud. They reached out to the academic community for feedback before putting it into production. That’s transparency.
This doesn’t
2 Likes
Another POV on the OCSP issue from Scott Helme who’s been digging into this kind of thing for a long time.
1 Like
This approach presumes that we clients are to be treated as co-equals in policy decisions. No company is obligated to grant us such liberty.
So the best we have left is that we debate whether one or the other company was nicer to afford us some measure of input to their policies.
Or we simply stop buying the product and go elsewhere.
—
JJW
1 Like
Or, this approach is just best practice related to cryptography and many INFOSEC related technologies.
Apple can do whatever they want, but some of the moves that they’re making make little to no business sense.
1 Like
“I disagree with their approach” becomes “They don’t know what they’re doing”
6 Likes
You don’t think that’s a bit of a stretch? It’s not me disagreeing. There seems to be broad consensus in the security community that this is bad practice. I’ve heard first hand from a CXO at a large organization on this. But hey, it’s all about ME. Carry on…
The distinction is that, Apple is free to make decisions without the input from anyone else but themselves, they have the liberty to succeed or fail accordingly, and they can only be held accountable for the consequences of their decisions, not raked over the coals for not giving notices of them.
The moves may make no business sense to you and others. Time will tell whether they make business sense within Apple’s long term goals.
—
JJW
4 Likes
Not really, no. It’s perhaps a bit simplified, but I think it’s generally fair.
For context, I also disagree with Apple’s approach, but I don’t think that “it makes little or no business sense”. I’m more aligned with @DrJJWMac
1 Like
They are absolutely free to make those choices for themselves. Philosophical merits aside, when it comes to securing systems the real world works differently. You know, the whole “security through obscurity” thing?
At any rate this has spun away from the premise of the original argument. Simply put, transparency when dealing with matters of security and privacy makes good business sense and has proven over time to make sense technically as well. There are numerous examples of this over the years.
1 Like
Your closing paragraph is respectable and should be well-respected. The disconnect was perhaps to suggest that, to be fully complete, transparency must include being given a voice upfront in planning policy. Transparency is perhaps better taken as a metric for how far back or deeply in we get to see along all the threads that led to the path that was taken after it has already been taken.
—
JJW
1 Like
Please make Mr. Zuckerberg aware of this.
1 Like
He is. He’s very transparent about the fact that his platform supports his company’s and his customers’ privacy and security - just not his users’ privacy and security
1 Like
I’m not sure I agree with your comment but it’s one possibility, another being that he is just clueless.
1 Like
Possibly, but I don’t think so. I think he knows exactly what he’s doing.
Maybe it’s both, somehow 
That’s definitely possible. Zack wouldn’t be the first to be both clever and stupid 
2 Likes