Connect with us

Biz & IT

Apple’s increasingly tricky international trade-offs

Published

on

Far from Apple’s troubles in emerging markets and China, the company is attracting the ire of what should really be a core supporter demographic naturally aligned with the pro-privacy stance CEO Tim Cook has made into his public soapbox in recent years — but which is instead crying foul over perceived hypocrisy.

The problem for this subset of otherwise loyal European iPhone users is that Apple isn’t offering enough privacy.

These users want more choice over key elements such as the search engine that can be set as the default in Safari on iOS (Apple currently offers four choices: Google, Yahoo, Bing and DuckDuckGo, all U.S. search engines; and with ad tech giant Google set as the default).

It is also being called out over other default settings that undermine its claims to follow a privacy by design philosophy. Such as the iOS location services setting which, once enabled, non-transparently flip an associated sub-menu of settings — including location-based Apple ads. Yet bundled consent is never the same as informed consent…

As the saying goes you can’t please all of the people all of the time. But the new normal of a saturated smartphone market is imposing new pressures that will require a reconfiguration of approach.

Certainly the challenges of revenue growth and user retention are only going to step up from here on in. So keeping an otherwise loyal base of users happy and — crucially — feeling listened to and well served is going to be more and more important for the tech giant as the back and forth business of services becomes, well, essential to its fortunes going forward.

(At least barring some miracle new piece of Apple hardware — yet to be unboxed but which somehow rekindles smartphone-level demand afresh. That’s highly unlikely in any medium term timeframe given how versatile and capable the smartphone remains; ergo Apple’s greatest success is now Apple’s biggest challenge.)

With smartphone hardware replacement cycles slowing, the pressure on Cook to accelerate services revenue naturally steps up — which could in turn increase pressure on the core principles Cupertino likes to flash around.

Yet without principles there can be no brand premium for Apple to command. So that way ruin absolutely lies.

Control shift

It’s true that controlling the iOS experience by applying certain limits to deliver mainstream consumer friendly hardware served Apple well for years. But it’s also true iOS has grown in complexity over time having dropped some of its control freakery.

Elements that were previously locked down have been opened up — like the keyboard, for instance, allowing for third party keyboard apps to be installed by users that wish to rethink how they type.

This shift means the imposed limit on which search engines users can choose to set as an iOS default looks increasingly hard for Apple to justify from a user experience point of view.

Though of course from a business PoV Apple benefits by being able to charge Google a large sum of money to remain in the plum search default spot. (Reportedly a very large sum, though claims that the 2018 figure was $9BN have not been confirmed. Unsurprisingly neither party wants to talk about the terms of the transaction.)

The problem for Apple is that indirectly benefiting from Google eroding the user privacy it claims to champion — by letting the ad tech giant pay it to suck up iOS users’ search queries by default — is hardly consistent messaging.

Not when privacy is increasingly central to the premium the Apple brand commands.

Cook has also made a point of strongly and publicly attacking the ‘data industrial complex‘. Yet without mentioning the inconvenient side-note that Apple also engages in trading user data for profit in some instances, albeit indirectly.

In 2017 Apple switched from using Bing to Google for Siri web search results. So even as it has stepped up its rhetoric around user privacy it has deepened its business relationship with one of the Western Internet’s primary data suckers.

All of which makes for a very easy charge of hypocrisy.

Of course Apple offers iOS users a non-tracking search engine choice, DuckDuckGo, as an alternative choice — and has done so since 2014’s iOS 8.

Its support for a growing but still very niche product in what are mainstream consumer devices is an example of Apple being true to its word and actively championing privacy.

The presence of the DDG startup alongside three data-mining tech giants has allowed those ‘in the know’ iOS users to flip the bird at Google for years, meaning Apple has kept privacy conscious consumers buying its products (if not fully on side with all its business choices).

But that sort of compromise position looks increasingly difficult for Apple to defend.

Not if it wants privacy to be the clear blue water that differentiates its brand in an era of increasingly cut-throat and cut-price Android -powered smartphone competition that’s serving up much the same features at a lower up-front price thanks to all the embedded data-suckers.

There is also the not-so-small matter of the inflating $1,000+ price-tags on Apple’s top-of-the-range iPhones. $1,000+ for a smartphone that isn’t selling your data by default might still sound very pricy but at least you’d be getting something more than just shiny glass for all those extra dollars. But the iPhone isn’t actually that phone. Not by default.

Apple may be taking a view that the most privacy sensitive iPhone users are effectively a captive market with little option but to buy iOS hardware, given the Google-flavored Android competition. Which is true but also wouldn’t bode well for the chances of Apple upselling more services to these people to drive replacement revenue in a saturated smartphone market.

Offending those consumers who otherwise could be your very best, most committed and bought in users seems short-sighted and short-termist to say the least.

Although removing Google as the default search provider in markets where it dominates would obviously go massively against the mainstream grain that Apple’s business exists to serve.

This logic says Google is in the default position because, for most Internet users, Google search remains their default.

Indeed, Cook rolled out this exact line late last year when asked to defend the arrangement in an interview with Axios on HBO — saying: “I think their search engine is the best.”

He also flagged various pro-privacy features Apple has baked into its software in recent years, such as private browsing mode and smart tracker prevention, which he said work against the data suckers.

Albeit, that’s a bit like saying you’ve scattered a few garlic cloves around the house after inviting the thirsty vampire inside. And Cook readily admitted the arrangement isn’t “perfect”.

Clearly it’s a trade off. But Apple benefitting financially is what makes this particular trade-off whiff.

It implies Apple does indeed have an eye on quarterly balance sheets, and the increasingly important services line item specifically, in continuing this imperfect but lucrative arrangement — rather than taking a longer term view as the company purports to, per Cook’s letter to shareholders this week; in which he wrote: “We manage Apple for the long term, and Apple has always used periods of adversity to re-examine our approach, to take advantage of our culture of flexibility, adaptability and creativity, and to emerge better as a result.”

If Google’s search product is the best and Apple wants to take the moral high ground over privacy by decrying the surveillance industrial complex it could maintain the default arrangement in service to its mainstream base but donate Google’s billions to consumer and digital rights groups that fight to uphold and strengthen the privacy laws that people-profiling ad tech giants are butting hard against.

Apple’s shareholders might not like that medicine, though.

More palatable for investors would be for Apple to offer a broader choice of alternative search engines, thereby widening the playing field and opening up to more pro-privacy Google alternatives.

It could also design this choice in a way that flags up the trade-off to its millions of users. Such as, during device set-up, proactively asking users whether they want to keep their Internet searches private by default or use Google?

When put like that rather more people than you imagine might choose not to opt for Google to be their search default.

Non-tracking search engine DDG has been growing steadily for years, for example, hitting 30M daily searches last fall — with year-on-year growth of ~50%.

Given the terms of the Apple-Google arrangement sit under an NDA (as indeed all these arrangements do; DDG told us it couldn’t share any details about its own arrangement with Apple, for e.g.) it’s not clear whether one of Google’s conditions requires there be a limit on how many other search engines iOS users can pick from.

But it’s at least a possibility that Google is paying Apple to limit how many rivals sit in the list of competitors iOS users can pick out an alternative default. (It has, after all, recently been spanked in Europe for anti-competitive contractual limits imposed on Android OEMs to limit their ability to use alternatives to Google products, including search. So you could say Google has history where search is concerned.)

Equally, should Google actually relaunch a search product in China — as it’s controversially been toying with doing — it’s likely the company would push Apple to give it the default slot there too.

Though Apple would have more reason to push back, given Google would likely remain a minnow in that market. (Apple currently defaults to local search giant Baidu for iOS users in China.)

So even the current picture around search on iOS is a little more fuzzy than Cook likes to make out.

Local flavor

China is an interesting case, because if you look at Apple’s growth challenges in that market you could come to a very different conclusion vis-a-vis the power of privacy as a brand premium.

In China it’s convenience, via the do-it-all ‘Swiss army knife’ WeChat platform, that’s apparently the driving consumer force — and now also a headwind for Apple’s business there.

At the same time, the idea of users in the market having any kind of privacy online — when Internet surveillance has been imposed and ‘normalized’ by the state — is essentially impossible to imagine.

Yet Apple continues doing business in China, netting it further charges of hypocrisy.

Its revised guidance this week merely spotlights how important China and emerging markets are to its business fortunes. A principled pull-out hardly looks to be on the cards.

All of which underscores growing emerging market pressures on Apple that might push harder against its stated principles. What price privacy indeed?

It’s clear that carving out growth in a saturated smartphone market is going to be an increasingly tricky business for all players, with the risk of fresh trade-offs and pitfalls looming especially for Apple.

Negotiating this terrain certainly demands a fresh approach, as Cook implies is on his mind, per the shareholder letter.

Arguably the new normal may also call for an increasingly localized approach as a way to differentiate in a saturated and samey smartphone market.

The old Apple ‘one-sized fits all’ philosophy is already very outdated for some users and risks being caught flat-footed on a growing number of fronts — be that if your measure is software ‘innovation’ or a principled position on privacy.

An arbitrary limit on the choice of search engine your users can pick seems a telling example. Why not offer iOS users a free choice?

Or are Google’s billions really standing in the way of that?

It’s certainly an odd situation that iPhone owners in France, say, can pick from a wide range of keyboard apps — from mainstream names to superficial bling-focused glitter and/or neon LED keyboard skins or indeed emoji and GIF-obsessed keyboards — but if they want to use locally developed pro-privacy search engine Qwant on their phone’s native browser they have to tediously surf to the company’s webpage every time they want to look something up.

Google search might be the best for a median average ‘global’ (excluding China) iOS user but in an age of increasingly self-focused and self-centred technology, with ever more demanding consumers, there’s really no argument against letting people who want to choose for themselves.

In Europe there’s also the updated data protection framework, GDPR, to consider. Which may yet rework some mainstream ad tech business models.

On this front Qwant questions how even non-tracking rival DDG can protect users’ searches from government surveillance given its use of AWS cloud hosting and the U.S. Cloud Act. (Though, responding to a discussion thread about the issue on Github two years ago, DDG’s founder noted it has servers around the world, writing: “If you are in Europe you will be connected to our European servers.” He also reiterated that DDG does not collect any personal data from users — thereby limiting what could be extracted from AWS via the Act.)

Asked what reception it’s had when asking about getting its search engine on the Safari iOS list, Qwant told us the line that’s been (indirectly) fed back to it is “we are too European according to Apple”. (Apple declined to comment on the search choices it offers iOS users.)

“I have to work a lot to be more American,” Qwant co-founder and CEO Eric Leandri told us, summing up the smoke signals coming out of Cupertino.

“I understand that Apple wants to give the same kind of experience to their customers… but I would say that if I was Apple now, based on the politics that I want to follow — about protecting the privacy of customers — I think it would be great to start thinking about Europe as a market where people have a different point of view on their data,” he continued.

“Apple has done a lot of work to, for example, not let applications give data to each by a very strict [anti-tracking policy]; Apple has done a lot of work to guarantee that cookies and tracking is super difficult on iOS; and now the last problem of Apple is Google search.”

“So I hope that Apple will look at our proposal in a different way — not just one-fits-all. Because we don’t think that one-fits-all today,” he added.

Qwant too, then, is hoping for a better Apple to emerge as a result of a little market adversity.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Amazon to roll out tools to monitor factory workers and machines

Published

on

Amazon is rolling out cheap new tools that will allow factories everywhere to monitor their workers and machines, as the tech giant looks to boost its presence in the industrial sector.

Launched by Amazon’s cloud arm AWS, the new machine-learning-based services include hardware to monitor the health of heavy machinery and computer vision capable of detecting whether workers are complying with social distancing.

Amazon said it had created a two-inch, low-cost sensor—Monitron—that can be attached to equipment to monitor abnormal vibrations or temperatures and predict future faults.

AWS Panorama, meanwhile, is a service that uses computer vision to analyze footage gathered by cameras within facilities, automatically detecting safety and compliance issues such as workers not wearing PPE or vehicles being driven in unauthorized areas.

The new services, announced on Tuesday during the company’s annual cloud computing conference, represent a step up in the tech giant’s efforts to gather and crunch real-world data in areas it currently feels are underserved.

“If you look at manufacturing and industrial generally, it’s a space that has seen some innovations, but there’s a lot of pieces that haven’t been digitized and modernized,” said Matt Garman, AWS’s head of sales and marketing, speaking to the FT.

“Locked up in machines”

“There’s a ton of data in a factory, or manufacturing facility, or a supply chain. It’s just locked up in sensors, locked up in machines that a lot of companies could get a lot of value from.”

Amazon said it had installed 1,000 Monitron sensors at its fulfillment centers near the German city of Mönchengladbach, where they are used to monitor conveyor belts handling packages.

If successful, said analyst Brent Thill from Jefferies, the move would help Amazon cement its position as the dominant player in cloud computing, in the face of growing competition from Microsoft’s Azure and Google Cloud as well as a prolonged run of slowed segment growth.

“This idea of predictive analytics can go beyond a factory floor,” Mr. Thill said. “It can go into a car, on to a bridge, or on to an oil rig. It can cross fertilize a lot of different industries.”

A number of companies are already trialling AWS Panorama. Siemens Mobility said it would use the tech to monitor traffic flow in cities, though would not specify which. Deloitte said it was working with a major North America seaport to use the tool to monitor the movement of shipments.

“Easy for us to get worried”

However, Amazon’s own use of tools to monitor the productivity of employees has raised concerns among critics. Throughout the pandemic, the company has used computer vision to ensure employee compliance with social distancing guidelines.

Swami Sivasubramanian, AWS’s head of machine learning and AI, said none of the services announced would include “pre-packaged” facial recognition capabilities, and he said AWS would block clients who abused its terms of service on data privacy and surveillance.

“When you look at this technology, sometimes it’s very easy for us to get worried about how they can be abused,” he told the FT.

“But the same technology can be used to ensure worker safety. Are people walking in spaces where they shouldn’t be? Is there an oil spill? Are they not wearing hard hats? These are real-world problems.”

© 2020 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Biz & IT

Oracle vulnerability that executes malicious code is under active attack

Published

on

Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of their choice, including malware that makes servers part of a botnet that steals passwords and other sensitive information.

WebLogic is a Java enterprise application that supports a variety of databases. WebLogic servers are a coveted prize for hackers, who often use them to mine cryptocurrency, install ransomware, or as an inroad to access other parts of a corporate network. Shodan, a service that scans the Internet for various hardware or software platforms, found about 3,000 servers running the middleware application.

CVE-2020-14882, as the vulnerability is tracked, is a critical vulnerability that Oracle patched in October. It allows attackers to execute malicious code over the Internet with little effort or skill and no authentication. Working exploit code became publicly available eight days after Oracle issued the patch.

According to Paul Kimayong, a researcher at Juniper Networks, hackers are actively using five different attack variations to exploit servers that remain vulnerable to CVE-2020-14882. Among the variations is one that installs the DarkIRC bot. Once infected, servers become part of a botnet that can install malware of its choice, mine cryptocurrency, steal passwords, and perform denial-of-service attacks. DarkIRC malware was available for purchase in underground markets for $75 in October, and it is likely still being sold now.

Other exploit variants install the following other payloads:

  • Cobalt Strike
  • Perlbot
  • Meterpreter
  • Mirai

The attacks are only the latest to target this easy-to-exploit vulnerability. A day after the exploit code was posted online, researchers from Sans and Rapid 7 said they were seeing hackers attempting to opportunistically exploit CVE-2020-14882. At the time, however, the attackers weren’t actually trying to exploit the vulnerability to install malware but instead only to test if a server was vulnerable.

CVE-2020-14882 affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Anyone using one of these versions should immediately install the patch Oracle issued in October. People should also patch CVE-2020-14750, a separate but related vulnerability that Oracle fixed in an emergency update two weeks after issuing a patch for CVE-2020-14882.

Continue Reading

Biz & IT

Does Tor provide more benefit or harm? New paper says it depends

Published

on

The Tor anonymity network has generated controversy almost constantly since its inception almost two decades ago. Supporters say it’s a vital service for protecting online privacy and circumventing censorship, particularly in countries with poor human rights records. Critics, meanwhile, argue that Tor shields criminals distributing child-abuse images, trafficking in illegal drugs, and engaging in other illicit activities.

Researchers on Monday unveiled new estimates that attempt to measure the potential harms and benefits of Tor. They found that, worldwide, almost 7 percent of Tor users connect to hidden services, which the researchers contend are disproportionately more likely to offer illicit services or content compared with normal Internet sites. Connections to hidden services were significantly higher in countries rated as more politically “free” relative to those that are “partially free” or “not free.”

Licit versus illicit

Specifically, the fraction of Tor users globally accessing hidden sites is 6.7, a relatively small proportion. Those users, however, aren’t evenly distributed geographically. In countries with regimes rated “not free” by this scoring from an organization called Freedom House, access to hidden services was just 4.8 percent. In “free” countries, the proportion jumped to 7.8 percent.

Here’s a graph of the breakdown:

More politically “free” countries have higher proportions of Hidden Services traffic than is present in either “partially free” or “not free” nations. Each point indicates the average daily percentage of anonymous services accessed in a given country. The white regions represent the kernel density distributions for each ordinal category of political freedom (“free,” “partially free,” and “not free”
Enlarge / More politically “free” countries have higher proportions of Hidden Services traffic than is present in either “partially free” or “not free” nations. Each point indicates the average daily percentage of anonymous services accessed in a given country. The white regions represent the kernel density distributions for each ordinal category of political freedom (“free,” “partially free,” and “not free”

In a paper, the researchers wrote:

The Tor anonymity network can be used for both licit and illicit purposes. Our results provide a clear, if probabilistic, estimation of the extent to which users of Tor engage in either form of activity. Generally, users of Tor in politically “free” countries are significantly more likely to be using the network in likely illicit ways. A host of additional questions remain, given the anonymous nature of Tor and other similar systems such as I2P and Freenet. Our results narrowly suggest, however, users of Tor in more repressive “not free” regimes tend to be far more likely to venture via the Tor network to Clear Web content and so are comparatively less likely to be engaged in activities that would be widely deemed malicious.

The estimates are based on a sample comprising 1 percent of Tor entry nodes, which the researchers monitored from December 31, 2018, to August 18, 2019, with an interruption to data collection from May 4 to May 13. By analyzing directory lookups and other unique signatures in the traffic, the researchers distinguished when a Tor client was visiting normal Internet websites or anonymous (or Dark Web) services.

The researchers—from Virginia Tech in Blacksburg, Virginia; Skidmore College in Saratoga Springs, New York; and Cyber Espion in Portsmouth, United Kingdom—acknowledged that the estimates aren’t perfect, In part, that’s because the estimates are based on the unprovable assumption that the overwhelming majority of Dark Web sites provide illicit content or services.

The paper, however, argues that the findings can be useful for policymakers who are trying to gauge the benefits of Tor relative to the harms it creates. The researchers view the results through the lenses of the 2015 paper titled The Dark Web Dilemma: Tor, Anonymity and Online Policing and On Liberty, the essay published by English philosopher John Stuart Mill in 1859.

Dark Web dilemma

The researchers in Monday’s paper wrote:

These results have a number of consequences for research and policy. First, the results suggest that anonymity-granting technologies such as Tor present a clear public policy challenge and include clear political context and geographical components. This policy challenge is referred to in the literature as the “Dark Web dilemma.” At the root of the dilemma is the so-called “harm principle” proposed in On Liberty by John Stuart Mill. In this principle, it is morally permissible to undertake any action so long as it does not cause someone else harm.

The challenge of the Tor anonymity network, as intimated by its dual use nature, is that maximal policy solutions all promise to cause harm to some party. Leaving the Tor network up and free from law enforcement investigation is likely to lead to direct and indirect harms that result from the system being used by those engaged in child exploitation, drug exchange, and the sale of firearms, although these harms are of course highly heterogeneous in terms of their potential negative social impacts and some, such as personal drug use, might also have predominantly individual costs in some cases.

Conversely, simply working to shut down Tor would cause harm to dissidents and human rights activists, particularly, our results suggest, in more repressive, less politically free regimes where technological protections are often needed the most.

Our results showing the uneven distribution of likely licit and illicit users of Tor across countries also suggest that there may be a looming public policy conflagration on the horizon. The Tor network, for example, runs on ∼6,000–6,500 volunteer nodes. While these nodes are distributed across a number of countries, it is plausible that many of these infrastructural points cluster in politically free liberal democratic countries. Additionally, the Tor Project, which manages the code behind the network, is an incorporated not for profit in the United States and traces both its intellectual origins and a large portion of its financial resources to the US government.

In other words, much of the physical and protocol infrastructure of the Tor anonymity network is clustered disproportionately in free regimes, especially the United States. Linking this trend with a strict interpretation of our current results suggests that the harms from the Tor anonymity network cluster in free countries hosting the infrastructure of Tor and that the benefits cluster in disproportionately highly repressive regimes.

A “flawed” assumption

It didn’t take long for people behind the Tor Project to question the findings and the assumptions that led to them. In an email, Isabela Bagueros, executive director of the Tor Project, wrote:

The authors of this research paper have chosen to categorize all .onion sites and all traffic to these sites as “illicit” and all traffic on the “Clear Web” as ‘licit.’

This assumption is flawed. Many popular websites, tools, and services use onion services to offer privacy and censorship-circumvention benefits to their users. For example, Facebook offers an onion service. Global news organizations, including The New York Times, BBC, Deutsche Welle, Mada Masr, and Buzzfeed, offer onion services.

Whistleblowing platforms, filesharing tools, messaging apps, VPNs, browsers, email services, and free software projects also use onion services to offer privacy protections to their users, including Riseup, OnionShare, SecureDrop, GlobaLeaks, ProtonMail, Debian, Mullvad VPN, Ricochet Refresh, Briar, and Qubes OS.

(For even more examples, and quotes from website admins that use onion services on why they use Tor: https://blog.torproject.org/more-onions-end-of-campaign)

Writing off traffic to these widely-used sites and services as “illicit” is a generalization that demonizes people and organizations who choose technology that allows them to protect their privacy and circumvent censorship. In a world of increasing surveillance capitalism and internet censorship, online privacy is necessary for many of us to exercise our human rights to freely access information, share our ideas, and communicate with one another. Incorrectly identifying all onion service traffic as “illicit” harms the fight to protect encryption and benefits the powers that be that are trying to weaken or entirely outlaw strong privacy technology.

Secondly, we look forward to hearing the researchers describe their methodology in more detail, so the scientific community has the possibility to assess whether their approach is accurate and safe. The copy of the paper provided does not outline their methodology, so there is no way for the Tor Project or other researchers to assess the accuracy of their findings.

The paper is unlikely to convert Tor supporters to critics or vice versa. It does, however, provide a timely estimate of overall Tor usage and geographic breakdown that will be of interest to many policymakers.

Continue Reading

Trending