Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gpm 6 days ago

Every single piece of telemetry sent over the internet includes PII - the IP address of the sender - by virtue of how our internet protocols are designed.

nomel 6 days ago | parent | next [-]

> includes PII - the IP address of the sender

Apple provides telemetry services that strips the IP before providing it to the app owners. Routing like this requires trust (just as a VPN does), but it's feasible.

Capricorn2481 6 days ago | parent [-]

You said it's different from spying because there is no PII in the information. Now you're saying it's different because it's not given to app owners.

Why is it relevant whether they provide it to app owners directly? The issue people have is the information is logged now and abused later, in whatever form.

nomel 4 days ago | parent [-]

Which has clear logically consistency, at the app owner level, which is the context of my reply.

If the app owner can't obtain PII, I don't believe the app owner is spying.

Is Apple spying?

> Routing like this requires trust

It depends on if you trust them, and their privacy policy. If they're functioning as a PII stripping proxy, as they claim, then I would claim no, to the extent of what's technically possible. I would also claim that a trustworthy VPN is not spying on you. YOMV.

charcircuit 6 days ago | parent | prev | next [-]

This is like saying every physical business is collecting PII because employees can technically take a photo of a customer. It's hard to do business without the possibility of collecting PII.

gpm 6 days ago | parent [-]

No, it's like saying a business that has a CCTV camera recording customers, and sending that data off site to a central location, where they proceed to proceed to use the data for some non-PII-related purpose (maybe they're tracking where in stores people walk, on average), are in fact sending PII to that off site location.

Distinguishing factors from your example include

1. PII is actually encoded and handled by computer systems, not the mere capability for that to occur.

2. PII is actually sent off site, not merely able to be sent off site.

3. It doesn't assert that the PII is collected, which could imply storage, it merely asserts that it is sent as my original post does. We don't know whether or not it is stored after being received and processed.

charcircuit 6 days ago | parent [-]

I was giving a purely physical, analog example.

gpm 5 days ago | parent [-]

If you imagine the CCTV camera in my example is a film-video-camera and the processing happening off site is happening in a dark room and not on a computer... my more accurate version of your analogy is also analog.

aleph_minus_one 6 days ago | parent | prev [-]

At least spiritually not if the traffic is routed over a Tor circuit. :-)

rvnx 6 days ago | parent [-]

Unless you control most of the Tor nodes :-)

So many US universities running such nodes, without ever getting legal troubles. Such lucky boys