Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
aeontech 2 hours ago

Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).

Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).

Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.

This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.

necovek 2 hours ago | parent | next [-]

I am not sure this is as much of a tension as you make it sound: where is the obligation that a marketplace administrator will be blamed for any and all breaches of data privacy trust from a participating (likely malicious) third party?

According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).

So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.

macintux an hour ago | parent | next [-]

Apple certainly is held responsible for such breaches by the public. And, believe it or not, I think they feel responsible for protecting their users.

MBCook an hour ago | parent | prev [-]

But this isn’t a normal app. Apple is the one handing over all the data to the AI service.

Couldn’t someone argue that they “knowingly participated“? Do you think they want that risk?

microtonal 30 minutes ago | parent [-]

Like they now hand over all your contacts, your location, calendar entries, microphone access, camera access. If you choose to do so.

Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.

yungookim 2 hours ago | parent | prev [-]

This is the smartest summary in the post