Connect with us

Biz & IT

Apple’s increasingly tricky international trade-offs

Published

on

Far from Apple’s troubles in emerging markets and China, the company is attracting the ire of what should really be a core supporter demographic naturally aligned with the pro-privacy stance CEO Tim Cook has made into his public soapbox in recent years — but which is instead crying foul over perceived hypocrisy.

The problem for this subset of otherwise loyal European iPhone users is that Apple isn’t offering enough privacy.

These users want more choice over key elements such as the search engine that can be set as the default in Safari on iOS (Apple currently offers four choices: Google, Yahoo, Bing and DuckDuckGo, all U.S. search engines; and with ad tech giant Google set as the default).

It is also being called out over other default settings that undermine its claims to follow a privacy by design philosophy. Such as the iOS location services setting which, once enabled, non-transparently flip an associated sub-menu of settings — including location-based Apple ads. Yet bundled consent is never the same as informed consent…

As the saying goes you can’t please all of the people all of the time. But the new normal of a saturated smartphone market is imposing new pressures that will require a reconfiguration of approach.

Certainly the challenges of revenue growth and user retention are only going to step up from here on in. So keeping an otherwise loyal base of users happy and — crucially — feeling listened to and well served is going to be more and more important for the tech giant as the back and forth business of services becomes, well, essential to its fortunes going forward.

(At least barring some miracle new piece of Apple hardware — yet to be unboxed but which somehow rekindles smartphone-level demand afresh. That’s highly unlikely in any medium term timeframe given how versatile and capable the smartphone remains; ergo Apple’s greatest success is now Apple’s biggest challenge.)

With smartphone hardware replacement cycles slowing, the pressure on Cook to accelerate services revenue naturally steps up — which could in turn increase pressure on the core principles Cupertino likes to flash around.

Yet without principles there can be no brand premium for Apple to command. So that way ruin absolutely lies.

Control shift

It’s true that controlling the iOS experience by applying certain limits to deliver mainstream consumer friendly hardware served Apple well for years. But it’s also true iOS has grown in complexity over time having dropped some of its control freakery.

Elements that were previously locked down have been opened up — like the keyboard, for instance, allowing for third party keyboard apps to be installed by users that wish to rethink how they type.

This shift means the imposed limit on which search engines users can choose to set as an iOS default looks increasingly hard for Apple to justify from a user experience point of view.

Though of course from a business PoV Apple benefits by being able to charge Google a large sum of money to remain in the plum search default spot. (Reportedly a very large sum, though claims that the 2018 figure was $9BN have not been confirmed. Unsurprisingly neither party wants to talk about the terms of the transaction.)

The problem for Apple is that indirectly benefiting from Google eroding the user privacy it claims to champion — by letting the ad tech giant pay it to suck up iOS users’ search queries by default — is hardly consistent messaging.

Not when privacy is increasingly central to the premium the Apple brand commands.

Cook has also made a point of strongly and publicly attacking the ‘data industrial complex‘. Yet without mentioning the inconvenient side-note that Apple also engages in trading user data for profit in some instances, albeit indirectly.

In 2017 Apple switched from using Bing to Google for Siri web search results. So even as it has stepped up its rhetoric around user privacy it has deepened its business relationship with one of the Western Internet’s primary data suckers.

All of which makes for a very easy charge of hypocrisy.

Of course Apple offers iOS users a non-tracking search engine choice, DuckDuckGo, as an alternative choice — and has done so since 2014’s iOS 8.

Its support for a growing but still very niche product in what are mainstream consumer devices is an example of Apple being true to its word and actively championing privacy.

The presence of the DDG startup alongside three data-mining tech giants has allowed those ‘in the know’ iOS users to flip the bird at Google for years, meaning Apple has kept privacy conscious consumers buying its products (if not fully on side with all its business choices).

But that sort of compromise position looks increasingly difficult for Apple to defend.

Not if it wants privacy to be the clear blue water that differentiates its brand in an era of increasingly cut-throat and cut-price Android -powered smartphone competition that’s serving up much the same features at a lower up-front price thanks to all the embedded data-suckers.

There is also the not-so-small matter of the inflating $1,000+ price-tags on Apple’s top-of-the-range iPhones. $1,000+ for a smartphone that isn’t selling your data by default might still sound very pricy but at least you’d be getting something more than just shiny glass for all those extra dollars. But the iPhone isn’t actually that phone. Not by default.

Apple may be taking a view that the most privacy sensitive iPhone users are effectively a captive market with little option but to buy iOS hardware, given the Google-flavored Android competition. Which is true but also wouldn’t bode well for the chances of Apple upselling more services to these people to drive replacement revenue in a saturated smartphone market.

Offending those consumers who otherwise could be your very best, most committed and bought in users seems short-sighted and short-termist to say the least.

Although removing Google as the default search provider in markets where it dominates would obviously go massively against the mainstream grain that Apple’s business exists to serve.

This logic says Google is in the default position because, for most Internet users, Google search remains their default.

Indeed, Cook rolled out this exact line late last year when asked to defend the arrangement in an interview with Axios on HBO — saying: “I think their search engine is the best.”

He also flagged various pro-privacy features Apple has baked into its software in recent years, such as private browsing mode and smart tracker prevention, which he said work against the data suckers.

Albeit, that’s a bit like saying you’ve scattered a few garlic cloves around the house after inviting the thirsty vampire inside. And Cook readily admitted the arrangement isn’t “perfect”.

Clearly it’s a trade off. But Apple benefitting financially is what makes this particular trade-off whiff.

It implies Apple does indeed have an eye on quarterly balance sheets, and the increasingly important services line item specifically, in continuing this imperfect but lucrative arrangement — rather than taking a longer term view as the company purports to, per Cook’s letter to shareholders this week; in which he wrote: “We manage Apple for the long term, and Apple has always used periods of adversity to re-examine our approach, to take advantage of our culture of flexibility, adaptability and creativity, and to emerge better as a result.”

If Google’s search product is the best and Apple wants to take the moral high ground over privacy by decrying the surveillance industrial complex it could maintain the default arrangement in service to its mainstream base but donate Google’s billions to consumer and digital rights groups that fight to uphold and strengthen the privacy laws that people-profiling ad tech giants are butting hard against.

Apple’s shareholders might not like that medicine, though.

More palatable for investors would be for Apple to offer a broader choice of alternative search engines, thereby widening the playing field and opening up to more pro-privacy Google alternatives.

It could also design this choice in a way that flags up the trade-off to its millions of users. Such as, during device set-up, proactively asking users whether they want to keep their Internet searches private by default or use Google?

When put like that rather more people than you imagine might choose not to opt for Google to be their search default.

Non-tracking search engine DDG has been growing steadily for years, for example, hitting 30M daily searches last fall — with year-on-year growth of ~50%.

Given the terms of the Apple-Google arrangement sit under an NDA (as indeed all these arrangements do; DDG told us it couldn’t share any details about its own arrangement with Apple, for e.g.) it’s not clear whether one of Google’s conditions requires there be a limit on how many other search engines iOS users can pick from.

But it’s at least a possibility that Google is paying Apple to limit how many rivals sit in the list of competitors iOS users can pick out an alternative default. (It has, after all, recently been spanked in Europe for anti-competitive contractual limits imposed on Android OEMs to limit their ability to use alternatives to Google products, including search. So you could say Google has history where search is concerned.)

Equally, should Google actually relaunch a search product in China — as it’s controversially been toying with doing — it’s likely the company would push Apple to give it the default slot there too.

Though Apple would have more reason to push back, given Google would likely remain a minnow in that market. (Apple currently defaults to local search giant Baidu for iOS users in China.)

So even the current picture around search on iOS is a little more fuzzy than Cook likes to make out.

Local flavor

China is an interesting case, because if you look at Apple’s growth challenges in that market you could come to a very different conclusion vis-a-vis the power of privacy as a brand premium.

In China it’s convenience, via the do-it-all ‘Swiss army knife’ WeChat platform, that’s apparently the driving consumer force — and now also a headwind for Apple’s business there.

At the same time, the idea of users in the market having any kind of privacy online — when Internet surveillance has been imposed and ‘normalized’ by the state — is essentially impossible to imagine.

Yet Apple continues doing business in China, netting it further charges of hypocrisy.

Its revised guidance this week merely spotlights how important China and emerging markets are to its business fortunes. A principled pull-out hardly looks to be on the cards.

All of which underscores growing emerging market pressures on Apple that might push harder against its stated principles. What price privacy indeed?

It’s clear that carving out growth in a saturated smartphone market is going to be an increasingly tricky business for all players, with the risk of fresh trade-offs and pitfalls looming especially for Apple.

Negotiating this terrain certainly demands a fresh approach, as Cook implies is on his mind, per the shareholder letter.

Arguably the new normal may also call for an increasingly localized approach as a way to differentiate in a saturated and samey smartphone market.

The old Apple ‘one-sized fits all’ philosophy is already very outdated for some users and risks being caught flat-footed on a growing number of fronts — be that if your measure is software ‘innovation’ or a principled position on privacy.

An arbitrary limit on the choice of search engine your users can pick seems a telling example. Why not offer iOS users a free choice?

Or are Google’s billions really standing in the way of that?

It’s certainly an odd situation that iPhone owners in France, say, can pick from a wide range of keyboard apps — from mainstream names to superficial bling-focused glitter and/or neon LED keyboard skins or indeed emoji and GIF-obsessed keyboards — but if they want to use locally developed pro-privacy search engine Qwant on their phone’s native browser they have to tediously surf to the company’s webpage every time they want to look something up.

Google search might be the best for a median average ‘global’ (excluding China) iOS user but in an age of increasingly self-focused and self-centred technology, with ever more demanding consumers, there’s really no argument against letting people who want to choose for themselves.

In Europe there’s also the updated data protection framework, GDPR, to consider. Which may yet rework some mainstream ad tech business models.

On this front Qwant questions how even non-tracking rival DDG can protect users’ searches from government surveillance given its use of AWS cloud hosting and the U.S. Cloud Act. (Though, responding to a discussion thread about the issue on Github two years ago, DDG’s founder noted it has servers around the world, writing: “If you are in Europe you will be connected to our European servers.” He also reiterated that DDG does not collect any personal data from users — thereby limiting what could be extracted from AWS via the Act.)

Asked what reception it’s had when asking about getting its search engine on the Safari iOS list, Qwant told us the line that’s been (indirectly) fed back to it is “we are too European according to Apple”. (Apple declined to comment on the search choices it offers iOS users.)

“I have to work a lot to be more American,” Qwant co-founder and CEO Eric Leandri told us, summing up the smoke signals coming out of Cupertino.

“I understand that Apple wants to give the same kind of experience to their customers… but I would say that if I was Apple now, based on the politics that I want to follow — about protecting the privacy of customers — I think it would be great to start thinking about Europe as a market where people have a different point of view on their data,” he continued.

“Apple has done a lot of work to, for example, not let applications give data to each by a very strict [anti-tracking policy]; Apple has done a lot of work to guarantee that cookies and tracking is super difficult on iOS; and now the last problem of Apple is Google search.”

“So I hope that Apple will look at our proposal in a different way — not just one-fits-all. Because we don’t think that one-fits-all today,” he added.

Qwant too, then, is hoping for a better Apple to emerge as a result of a little market adversity.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Kaseya gets master decryptor to help customers still suffering from REvil attack

Published

on

Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack.

Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services.

Finally, a universal decryptor

“We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers,” Dana Liedholm, senior VP of corporate marketing, wrote in an email on Thursday morning. “We are providing tech support to use the decryptor. We have a team reaching out to our customers and I don’t have more detail right now.”

In a private message, threat analyst Brett Callow of security firm Emsisoft said: “We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers.”

REvil had demanded as much as $70 million for a universal decryptor that would restore the data of all organizations compromised in the mass attack. Liedholm declined to say if Kaseya paid any sum in exchange for the decryption tool. Kaseya has since patched the zero-day used in the attack.

That means that, for the time being, it’s not publicly known if Kaseya paid the ransom or received it for free from either REvil, a law enforcement agency, or a private security company.

In the days following the attack, REvil’s site on the dark web, along with other infrastructure the group uses to provide technical support and process payments, suddenly went offline. The unexplained exit left victims and researchers worried that the data would remain locked up forever, since the only people with the ability to decrypt it had vanished.

Where did it come from?

REvil is one of several ransomware groups believed to operate out of Russia or another Eastern European country that was formerly part of Soviet Union. The group’s disappearance came a few days after President Joe Biden warned his Russian counterpart Vladimir Putin that, if Russia didn’t rein in those ransomware groups, the US might take unilateral action against them.

Observers have speculated since then that either Putin pressured the group to go quiet or the group, rattled by all the attention it received from the attack, decided to do so on its own.

Some of the companies victimized by the attack include Swedish grocery store chain COOP, Virginia Tech, two Maryland towns, New Zealand schools, and international textile company Miroglio Group.

REvil is also behind a crippling attack on JBS, the world’s biggest producer of meat. The breach caused JBS to temporarily close some plants.

Continue Reading

Biz & IT

AT&T nightmare: Woman had to wait 3+ months for broadband at new home

Published

on

Enlarge / Lovie Newman tells News 4 San Antonio about having to wait nearly four months for AT&T Internet service.

AT&T reportedly forced a San Antonio woman to wait nearly four months to get Internet service at her new home, and she didn’t get close to solving the problem until she asked a local news station for help.

“Lovie Newman planned for a smooth transition into her new home, including scheduling a transfer for her AT&T high-speed Internet service in advance,” according to a report Tuesday by News 4 San Antonio.

The house Newman moved into was apparently newly built and not yet connected to AT&T’s network, but it sounds like the months-long wait was due primarily to mistakes by AT&T technicians and customer-service problems. In what Newman called “a complete nightmare,” AT&T continually rebuffed her attempts to get Internet service.

Newman scheduled an installation appointment for April 1, but when the day came, AT&T called to say, “we need to reschedule,” she told the news station. Initially, Newman “was told there was a service outage in her new far East Side neighborhood,” News 4 journalist Darian Trotter reported. “Technicians were working on it, but she says they had no idea when service in the area would be restored.”

“I wasn’t hearing back, and I kept getting rescheduled and pushed around to different departments,” Newman said.

“You never came to my house”

Newman was able to schedule another installation appointment in May after the outage was fixed, but installers never came to her house. “For three and a half months, she says she made countless efforts to get connected, including the one time she got an appointment and eagerly waited for technicians to arrive,” News 4 said.

Newman was at home waiting for installers to arrive when she got a message from AT&T saying, “we missed you,” she told News 4. “I’m like, ‘you never came to my house. How did you miss me?'” AT&T installers had mistakenly gone to a different address in Alamo Heights, the report said.

“Out of desperation, she considered switching service providers,” but “an online search of at least three companies revealed service in her neighborhood wasn’t available.” The TV station’s video report shows that those three providers were Charter Spectrum, Grande Communications, and Google Fiber.

“I put in my address and it said, ‘not available,'” Newman said. Newman was afraid of losing her job because of the lack of AT&T Internet service, but News 4 said that “Newman’s employer was able to make special accommodations to keep her working.”

Even though AT&T has dragged its feet for months, its website says that service should be readily available to Newman. We entered Newman’s address into AT&T’s online availability checker, and it reports that fiber-to-the-home service is available where she lives:

AT&T gets moving after hearing from reporter

After months of waiting for AT&T to provide a broadband connection, Newman contacted Trotter at News 4 over two weeks ago. The station reached out to AT&T, and while the company initially did not reply to the media organization, the prospect of news coverage got AT&T’s attention.

The news video showed an email sent to Newman on July 8 from an employee in an AT&T executive office. “The AT&T Office of the President (OOP) received a communication from a local news media reporter,” the email said. “However, since you are our customer, I wanted to reach out to you directly.”

The week after that July 8 email, News 4 “received a statement from a spokeswoman saying, ‘our team has already begun looking into this and is in contact with Ms. Newman,'” Trotter said in the news report. Newman was still waiting for service to be installed this week when the News 4 report aired. “I want my Internet to be installed, up and running by this weekend,” she told the station.

Due to News 4 prodding AT&T into action, it seems that Newman is finally close to getting connected—nearly four months after AT&T abruptly canceled her first installation appointment. “After we got involved, Newman says techs have recently installed wiring, and an Internet box has been set up outside her home,” Trotter said at the end of his report. “Everything is ready, she just needs to schedule the installation.”

We contacted Newman and AT&T today about whether service has been or will soon be installed and will update this article if we get new information.

Newman’s AT&T nightmare unfortunately not unique

Newman’s ordeal is similar to one we wrote about in April. In that case, Comcast had an error in its coverage map and falsely told the customers that Internet service would be available at their new home. The couple, Edward Koll and Jo Narkon, then paid Comcast $5,000 for a network extension, but the project kept getting delayed. Comcast finally provided Internet service after Koll contacted Ars and we reached out to Comcast’s public relations department.

Koll and Narkon ended up waiting six months for cable Internet and had to use unreliable and data-capped cell service that entire time. We’ve written other stories over the years about Comcast falsely telling customers that they could get service. After our article about Koll and Narkon published a few months ago, we heard from a few more people in Comcast territory who were incorrectly told that Internet service would be available at their homes.

We also wrote about a frustrated AT&T-using family in Mississippi in November 2020. AT&T had falsely promised Kathie McNamee and her family U-verse Internet service of about 5Mbps, which is slow by today’s standards but still much faster than what they ended up getting. Ultimately, AT&T only provided the family speeds of up to 768kbps over its legacy DSL network and has not upgraded its network there or in many other areas where glacially slow AT&T speeds are the norm.

This kind of AT&T home-Internet problem is nothing new. Back in 2015, we wrote about a family in Georgia that couldn’t get AT&T Internet at a home they bought even though their neighbors and the home’s previous owners had service. AT&T said it didn’t have enough capacity to hook up additional customers.

Continue Reading

Biz & IT

Saudi Aramco confirms data leak after $50 million cyber ransom demand

Published

on

Enlarge / The Hawiyah Natural Gas Liquids Recovery Plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021.

Bloomberg | Getty Images

Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company files had been leaked via a contractor, after a cyber extortionist claimed to have seized troves of its data last month and demanded a $50 million ransom from the company.

Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” The oil company did not name the supplier or explain how the data were compromised.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cyber security posture,” Aramco added.

The statement came after a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco’s data, according to a post from June 23 seen by the Financial Times. The hacker said it had obtained information on the location of oil refineries, as well as payroll files and confidential client and employee data.

In another post, the perpetrator offered to delete the data if Aramco paid up $50 million in a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the chance to purchase the data for about $5 million.

The oil giant has the capacity to pump more than one in every 10 barrels of crude in the global market and any threats to its security or facilities are closely watched by oil traders and policymakers.

The security vulnerabilities of energy companies and pipelines in particular have fallen under the spotlight recently after the hack of the Colonial Pipeline in the US earlier this year resulted in fuel shortages across the east coast of the country.

It was unclear who was behind the Aramco incident. Cyber researchers noted that the attack did not appear to be part of a ransomware campaign, where hackers use malware to seize a users’ data or computer systems and only release it once a ransom has been paid. Nor did the hacker claim to be part of a known ransomware gang.

Instead, the hacker appeared to have seized a copy of the data without using malware, and set up dark web profiles to telegraph its activities.

Saudi Aramco’s facilities have been targeted in the past by both physical and cyber attacks.

In 2019 the Abqaiq processing facility in the eastern part of the country, which prepares the majority of the kingdom’s crude for export, was hit by a series of missile and drone strikes that the US blamed on Iran. Global oil prices soared until Saudi Arabia was able to reassure markets it could still export enough oil to keep customers well supplied.

In 2012 an alleged cyber attack on Saudi Aramco was also blamed on Iran. Cyber security experts have said this was probably a retaliation for the Stuxnet attack on Iran’s nuclear program, which has been widely attributed to the US and Israel.

The 2012 attack erased data on about three-quarters of Aramco’s computers, according to reports at the time, including files, spreadsheets and emails. They were replaced with an image of a burning US flag.

Saudi Aramco refineries, including the newly opened Jazan facility, which was listed in screenshots of the allegedly leaked data, have also been subject to physical attacks both from drones and missile strikes, which have been claimed by Iran-backed Houthi rebels in Yemen. The Jazan refinery is in Saudi Arabia’s southwest on the Red Sea, not far from the Yemen border.

The extortion attempt was first reported by the Associated Press.

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Trending