I can't tell if you're unintentionally talking past the points everyone else with, or if you just think that your personal preferences/thoughts/observations just supersede the reality everyone else lives in.
Like
> they are all making similarly dubious promises regarding policy (like, closed-source encryption, no data sent unless you ask for it, etc.).
I just listed multiple of the most common pieces of software where Google and Apple make claims to wildly differing levels of privacy! Does your decision that none of that matters because both companies mention privacy in marketing somehow override reality?
> First, none of the topics mentioned are the "most important aspects of how [to?] secure a modern platform".
You're not sure if "to" is the missing word?
And if you think the number of updated devices is not one of, if not the most important aspect of securing a modern platform, then your opinion on security doesn't matter. And contrary to your implications, privacy and security are not something you prefer over each other, privacy does not exist without security.
> Second, I distinguish privacy from security. i.e. it doesn't matter if it was the most secure platform in the world if I have to trust all the data to a distrustful entity to begin with.
It doesn't matter if you have the most private platform in the world if it's not secure? You can control all the servers you want, if they're not secure your privacy is even worse off than it'd be with a 3rd party at least trying to anonymize it for an ad platform...
> This is basically trying to answer "to whom I put my blind trust?", so it's subjective. But in my experience it is usually the most "privacy marketing" companies that are usually the worst regarding privacy. See most VPN resellers. Most privacy marketing is just bullshit.
Lol so your hunch based on VPNs is supposed to just supersede basic reasoning that if a company can profit off not selling your data wholesale, and is openly designing systems that do benefit your privacy... they're somehow less trustworthy than one that is openly selling your data and requires that they do to exist.
> I just listed multiple of the most common pieces of software where Google and Apple make claims to wildly differing levels of privacy!
Wildly different? Apple claims E2EE, Google claims E2EE, _Facebook_ of all companies claims E2EE! Did it really change it your opinion of Whatsapp the fact that they claim E2EE? Everyone just laughed and forgot. Whatsapp is going to E2EE your chats right until they moment they don't, and without warning, and you have no way to check! Why take Apple's word differently? They also lied multiple times already! (e.g. Jabber federation)
> And if you think the number of updated devices is not one of, if not the most important aspect of securing a modern platform, then your opinion on security doesn't matter.
I am not sure why my "opinion on security" would be relevant but I for sure think that _ability to verify the security claims_ ranks much higher than anything that has been mentioned so far, including "software updates" of unknown content.
> You can control all the servers you want, if they're not secure your privacy is even worse off than it'd be with a 3rd party
The example is just to show the difference between security and privacy. Your analogy is creating a false association since I can just keep my data offline.
> Lol
And you have the incorrect "hunch" that Apple is not a services company. And that they design systems that "benefit your privacy". They only design systems that tie you to _their_ systems. Wake me up when they design something that doesn't, which would start to look like real privacy.
Like, I spoke about some very specific features, and now you've literally reduced it to "E2EE"... like the entire honking app that it's built around doesn't matter.
If you won't accept that Android's carrier-dependent, 1:1 only RCS app isn't equivalent to iMessage, then there's nothing to talk about.
> The example is just to show the difference between security and privacy. Your analogy is creating a false association since I can just keep my data offline.
How do you keep a messaging app offline.
> And you have the incorrect "hunch" that Apple is not a services company. And that they design systems that "benefit your privacy". They only design systems that tie you to _their_ systems. Wake me up when they design something that doesn't, which would start to look like real privacy.
Do you even knows what you're talking about? Or Apple is 100% a services company that's the whole point. They're a public company, following the money is easy, they make a lot of money off selling people services and hardware.
Meanwhile Google makes most of it's money selling people's data.
It's not rocket science figuring out which is easier to trust, but you just seem hellbent on rationalizing your opinions with more opinions stated as fact and vague paranoia.
That's your right, but don't be surprised if people call you out on it!
> Like, I spoke about some very specific features, and now you've literally reduced it to "E2EE"... like the entire honking app that it's built around doesn't matter.
Okey, choose any other! What else did you mention? Location services? The same. * Local photo classification? The same. And so on and so forth.
* Both claim "Anonymous and encrypted", for whatever is worth, but we all know how "anonymous" and "encrypted" it must be since they are both using to build their beacon/SSID location database "to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.", wherever you want it or not (source: Apple's privacy policy).
> How do you keep a messaging app offline.
Or accessible to the relevant parties only.
> Meanwhile Google makes most of it's money selling people's data.
Google, Microsoft, Facebook, etc. also all are oficially _services_ companies....
> It's not rocket science figuring out which is easier to trust
It's not easy because you have practically nothing material to base your trust on, so you have to resort to fluffy marketing.
Claiming that Google is not that much worse than Apple is hardly "paranoia" material. Hitting a nerve there, I guess...
The only nerve you're hitting is the one that fires when I read poorly informed pseudo intellectual drivel
You're asking why someone would trust someone making a claim over someone not even making the claim.
I could ask a toddler "who is more likely not to eat your lollipop, the man who says he will eat it or the man who claims he won't" and they'd understand, yet you've managed to convince yourself that's a tough question.
Have a good one, good luck with your privately owned servers and home-brew OS. I'm sure your privacy is very well protected by giving the world a fingerprint on your identity.
... Since we are dropping the standards now, I will accuse you of being brainwashed. At one point you said:
> I have literally never seen Google claim Google Photos is using on device classification, I'd love a source for that since nothing about how it works implies that. Maybe you mean it does some very specific type of classification as a pre-processing step?
When Apple puts fluffy marketing claiming that now they are doing photo classification on-device, you immediately assume not only that it is true, but that they are _the first_ to do it, and that everyone else is doing photo classification on some fancy remote service. "Why, if Apple markets it, then everyone else would also have marketed it, otherwise it means they are not doing it!"
The thought that perhaps it was actually the opposite - that the majority of vendors were already doing photo classification on-device, and that it was _only Apple_ who was doing the stupid move of sending your photos to the cloud for tagging - never entered your mind.
This is the power of marketing.
And guess which one is rather likely to be true. I just took a couple of pictures of bananas in my 2018ish Android device with no network connectivity of any kind and after one minute they were tagged as "bananas" and "fruit".
This is precisely what I was complaining on my original post. Apple's privacy strategy is mostly marketing fluff at best, and yet it is having an unreasonable effect on people like you.
> I could ask a toddler "who is more likely not to eat your lollipop, the man who says he will eat it or the man who claims he won't" and they'd understand
A more correct analogy would be: who of the men from the shady vans is most likely to kidnap your children. The ones who claim to be "experts in not kidnapping children" or the ones who claim to be "experts in not kidnapping children, those guys at the other van are the real kidnappers".
> Have a good one, good luck with your privately owned servers and home-brew OS. I'm sure your privacy is very well protected by giving the world a fingerprint on your identity.
Again another ridiculous analogy that does not work.
You do not need a "home-brew OS", and I have in fact mentioned several alternatives during the above conversation (e.g. de-googling).
Like
> they are all making similarly dubious promises regarding policy (like, closed-source encryption, no data sent unless you ask for it, etc.).
I just listed multiple of the most common pieces of software where Google and Apple make claims to wildly differing levels of privacy! Does your decision that none of that matters because both companies mention privacy in marketing somehow override reality?
> First, none of the topics mentioned are the "most important aspects of how [to?] secure a modern platform".
You're not sure if "to" is the missing word?
And if you think the number of updated devices is not one of, if not the most important aspect of securing a modern platform, then your opinion on security doesn't matter. And contrary to your implications, privacy and security are not something you prefer over each other, privacy does not exist without security.
> Second, I distinguish privacy from security. i.e. it doesn't matter if it was the most secure platform in the world if I have to trust all the data to a distrustful entity to begin with.
It doesn't matter if you have the most private platform in the world if it's not secure? You can control all the servers you want, if they're not secure your privacy is even worse off than it'd be with a 3rd party at least trying to anonymize it for an ad platform...
> This is basically trying to answer "to whom I put my blind trust?", so it's subjective. But in my experience it is usually the most "privacy marketing" companies that are usually the worst regarding privacy. See most VPN resellers. Most privacy marketing is just bullshit.
Lol so your hunch based on VPNs is supposed to just supersede basic reasoning that if a company can profit off not selling your data wholesale, and is openly designing systems that do benefit your privacy... they're somehow less trustworthy than one that is openly selling your data and requires that they do to exist.