For a company that was started by 2 hackers in a garage, Apple did its best to distance itself from its origins. Everything is closed: their OS is not licensed, their devices can only be used in certain ways (the only reason I can't buy my parents an iPod is because I'll spend a lifetime to explain iTunes to them. Better to give them an off-the-shelf drag-music-into-it MP3 player), their SDKs carry an agreement license that requires an army of lawyers to decipher. Until this very day I hope I haven't signed away my first born to Steve Jobs when I joined the Apple Developers program. As for the real quality of their hardware - this deserves a separate post.
In short, Apple became Microsoft (or what Microsoft used to be). And last week, when the facts came out that Apple is collecting location data on everyone who uses an iDevice, Apple just became as evil as Google (remember the wifi tap fiasco?). I know, some people think this is not a big deal. Those people haven't yet used the free application that accesses that log file and draws all points on a map.
As in the Google case, Apple claimed it's a bug: they were supposed to keep just the last location (why?), and their algorithm just "forgot" to clean the history. And as in the Google case, I think the company means that the bug is the exposure and bad publicity they are receiving.
It has since came out that Google is also collecting location data on Android phones - and even transmits it back to HQ several times an hour. I wonder if there's a place for a class action, suing them for using my bandwidth without my permission. But this is just further proof that the equation Apple == Google holds.
At the time of this posting, there's still no way to stop the location tracking on either iDevice or Android phones. I assume it would come out with the next OS update (and let me hazard a guess: it will be buried deep in the settings screens, with the default turned to "on").
But Apple and Google are not alone. Even new start-ups play at being evil. Take for example one of my favorite products: Dropbox. I love this product and use it on a daily basis. One of the assurances they made, to entice people to trust them with their most secure data, was that the files are doubly encrypted: even Dropbox's developers cannot access their contents. Last week it came out that is not really the case. Not only are the files accessible, but have been shared with law enforcement agencies in the past. This means Dropbox's employees can access them - they are just told not to.
It is a known fact that a security chain is only as strong as it weakest link. If your company/bank/financial institute is maintaining unencrypted secure or personal data, all it takes for it to be abused is one disgruntled or underpaid employee. That's why we need double-blind encryption algorithms, access mechanisms and audit systems in place, and that's why banks vet their employees. With the new wave of start ups offering to maintain you most personal data, maybe we should demand encryption and employee vetting?
And finally, the last straw in this privacy and security infringement month: the Epsilon hack. It turns out many companies that I trust with my email (I'm talking to you Hilton and Best Buy) actually give it away to 3rd party companies to manage their marketing campaigns. And at the beginning of the month, that company was hacked big time (take a look at the list of companies affected). This prompted a torrent of emails from these companies warning their users not to trust any further emails from these companies, because they might be phishing scams (the irony is not lost).
The bottom line of this post is not "Trust no one" - that way leads to paranoia (although every fact I've seen so far suggests a bit of paranoia is justified when it comes to companies). No, I think what we should take away from all those stories is this:
comfort x security = k
In other words, to get more comfort (free services, immediate access) we have to give away some of our security and vice versa.
This still doesn't justify spying on your clients - that is pure evil.
A few days ago, people started talking about an outage on Sony's PlayStation Network. Sony at first claimed it was technical difficulties. As days passed, they were forced to admit their network was hacked. As I'm writing this update, the first credit card numbers of PSN users are being sold on hacker sites. Way to go with maintaining your network and encrypting your data, Sony. I sincerely hope some IT managers are performing Harikiri as I write this. Jerks.