Apple, the privacy investigation goes on: analytical data not so anonymous


There are developments on the investigation that security researcher Tommy Mysk is carrying out into Apple and its privacy practices: apparently among the data collected (even if the user withholds consent) there is a code that uniquely identifies a usercontrary to what the Apple itself promises.

Last time Mysk posted a video on YouTube; this time he limited himself to a six-message thread on Twitter. Before updating you with the news, a very brief recap of what had previously emerged: Mysk actually accused the App Store (and several other pre-installed apps, such as Stocks, Maps, Books, Music and TV) of collect a lot of data, probably for analytical purposes, even if during the initial setup of a device the user expressly chose not to share it. This seems to be in clear contrast with what has been said not only at an advertising level over and over again (and, more generally, with the image of privacy champion on which the company has been pushing a lot for some years now), but also as a disclaimer and official legal notices.

The new information that has emerged seems to further aggravate Apple’s position, because Mysk has discovered that among the information sent to Apple by the App Store there is also a code that is called DSID. According to Mysk, this DSID (“Directory Services Identifier) is uniquely associated with an iCloud account, so it is technically possible that Apple is able to identify the individual from this data.

Here too, it is observed that the official privacy policies (see screenshot immediately above, by way of example) seem to suggest anything but. The composition of screenshots below shows how, effectively, the DSID is shown in a record together with clearly personal information such as the full name and email address of your Apple ID. Mysk says that all analytical reports sent from devices to Apple (also, we repeat, when the user has chosen not to activate sharing) always contain a DSID.

As we know, a class action has already been filed in the United States, however it is a fact that in itself is worth little – class action is a practice widespread over there, so to speak. The reality is that at the moment it is very early to draw definitive conclusions; having said that, Mysk also observes that Apple’s actions appear not only to be a violation of the promises made to its users, but also of the European privacy law (or GDPR) according to which users must always have the possibility to Not share any data, not even analytical.

It will be interesting understand if Apple will respond publicly and what it will say, and if other parties intending to see more clearly will be mobilized; we know, for example, that EU Competition Commissioner Margrethe Vestager is certainly not afraid to take on the big tech giants – including Apple itself. At the moment, another big question also remains: we don’t know what happens to the data once it arrives at Apple.

Previous articleCOP27: EU left ‘disappointed’ by lack of ambition in final deal, calling it a ‘small step forward’
Next articleEZVIZ H8c WIFI Camera with Night Vision 360 Degree Flip Auto Tracking 1080p
Expert tech and gaming writer, blending computer science expertise