Linked by Thom Holwerda on Thu 8th Jun 2017 12:50 UTC
Apple

Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users' personal data.

Twenty-two people have been detained on suspicion of infringing individuals' privacy and illegally obtaining their digital personal information, according to a statement Wednesday from local police in southern Zhejiang province.

Of the 22 suspects, 20 were Apple employees who allegedly used the company's internal computer system to gather users' names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan (US$7.36 million).

Privacy isn't about words, it's about actions. Read into that what you will.

Order by: Score:
Comment by The123king
by The123king on Thu 8th Jun 2017 13:18 UTC
The123king
Member since:
2009-05-28

Privacy isn't about their actions, it's about your action. If you don't have a facebook account, or an Apple ID, you can't have your data sold off by other companies or individuals.

If it's not there, you can't steal it.

Reply Score: 5

RE: Comment by The123king
by Soulbender on Fri 9th Jun 2017 03:30 UTC in reply to "Comment by The123king"
Soulbender Member since:
2005-08-18

That's like saying theft isn't about stealing your stuff, it's about you owning stuff. If you don't own anything it can't be stolen. Problem solved!!
Also, if you're dead you can't be murdered!

Edited 2017-06-09 03:32 UTC

Reply Score: 4

RE[2]: Comment by The123king
by ilovebeer on Fri 9th Jun 2017 20:03 UTC in reply to "RE: Comment by The123king"
ilovebeer Member since:
2011-08-08

So you're opposing his point by coming up with (true) analogies that make it for him... Ok then.

Reply Score: 2

RE[3]: Comment by The123king
by Soulbender on Mon 12th Jun 2017 11:16 UTC in reply to "RE[2]: Comment by The123king"
Soulbender Member since:
2005-08-18

Yeah, they totally make it for him. Totally. For real.

Reply Score: 2

Interesting
by darknexus on Thu 8th Jun 2017 13:18 UTC
darknexus
Member since:
2008-07-15

It'll be interesting to see not only what Apple does, but whether Apple IDs with 2FA are also compromised. The right thing to do for Apple, of course, will be to first make sure these people really are guilty, then of course, summarily dismiss them if they are. The reason the 2FA question is interesting though is that, according to Apple's official stance on the issue, if your Apple ID is protected by 2FA, even Apple themselves cannot view it. If some of the sold IDs are 2FA-enabled, it will reveal more than almost anything else in this case.

Reply Score: 3

v Comment by Chupakabra
by Chupakabra on Thu 8th Jun 2017 13:44 UTC
RE: Comment by Chupakabra
by Kochise on Thu 8th Jun 2017 14:01 UTC in reply to "Comment by Chupakabra"
Kochise Member since:
2006-03-03

Just registered 1 week and a half back, already spiting venom.

Reply Score: 2

v RE[2]: Comment by Chupakabra
by Chupakabra on Thu 8th Jun 2017 14:39 UTC in reply to "RE: Comment by Chupakabra"
RE[3]: Comment by Chupakabra
by Kochise on Thu 8th Jun 2017 17:52 UTC in reply to "RE[2]: Comment by Chupakabra"
Kochise Member since:
2006-03-03

Reading Osnews for so long and not getting the mood of the place and/or any wiser yourself tells a lot.

Reply Score: 4

RE[4]: Comment by Chupakabra
by Chupakabra on Fri 9th Jun 2017 10:34 UTC in reply to "RE[3]: Comment by Chupakabra"
Chupakabra Member since:
2017-05-29

Not sure what you are calling "mood" here :-D One person's random flow of semi-conscious praising of himself is not a "mood" of the site.
Comments by visitors are the main and only asset making this site relevant, and Thom tries to provoke as many of those comments as possible by generating random crap (that probably looks like "insight" in his mind) under the links he copies from elsewhere.

If not for visitor comments, OSNews is nothing more than a glorified news aggregator.

I also come here for visitor discussions only, since I read 100% of OSNews headlines on other sites (most of them on Ars Technica, actually).

Reply Score: 1

RE[5]: Comment by Chupakabra
by Kochise on Fri 9th Jun 2017 15:15 UTC in reply to "RE[4]: Comment by Chupakabra"
Kochise Member since:
2006-03-03

Then if Thom's comments are to stir the fuss, provide a valuable input instead than random grumpy rants. Prove yourself wiser and knowledgeable. Be a man. Show me yours.

Reply Score: 2

The humble faith of individuals.
by dionicio on Thu 8th Jun 2017 13:46 UTC
dionicio
Member since:
2006-07-12

Turning faith to trust require actors on the size of an State. This being an exemplary case.

A social breach, not going to delve in technicalities.

Reply Score: 2

Data safety
by Alfman on Thu 8th Jun 2017 14:00 UTC
Alfman
Member since:
2011-01-28

On the one hand, many people will find such revelations alarming, but on the other hand it's kind of naive to think it doesn't happen, at apple or anywhere else:

https://www.wired.com/2010/09/google-spy/

Of course the employees have access, and some percentage of them will statistically seek to exploit their access. Some will be caught, others will not. The only real way to fix this is to develop & deploy technologies that don't send encrypted data to companies in the first place. When user data isn't being protected by cryptography, even from the company itself, "privacy" is just an illusion or buzzword.

At the turn of the century, I predicted (quite wrongly) that P2P services would beat out centralized services, but that's not what happened, companies were focusing on keeping our data in their silos where they could use it for data mining, and for the most part users implicitly accepted it.

Edited 2017-06-08 14:01 UTC

Reply Score: 6

RE: Data safety
by dionicio on Thu 8th Jun 2017 14:28 UTC in reply to "Data safety"
dionicio Member since:
2006-07-12

P2P a collective effort at the application layer. No guarantees below that. Also had hopes on P2P.

USA Adm made an open invitation to talk about this. [You can't leave Corporations as ultimate authority on privacy (and transparency).] Unfortunately political timing muddled this effort.

Short term privacy require external workaround. [Bad for transparency and oversight.]

Indeed, I believe future OPEN efforts on privacy should BUILD over two-steep P2P, or successors.

Reply Score: 4

RE: Data safety
by Alfman on Thu 8th Jun 2017 14:36 UTC in reply to "Data safety"
Alfman Member since:
2011-01-28

The only real way to fix this is to develop & deploy technologies that don't send encrypted data to companies in the first place.


...meant "unencrypted" in there ;)

The P2P approach to services would have a lot of merit, but alas companies don't invest in technology that they can't monetize easily. The business case for data-silos is much clearer. Facebook would be just as popular and viable as a P2P app, but their billion dollar fortune was entirely dependent on them becoming the gatekeepers of user data.

Reply Score: 3

RE: Data safety
by darknexus on Thu 8th Jun 2017 19:16 UTC in reply to "Data safety"
darknexus Member since:
2008-07-15

At the turn of the century, I predicted (quite wrongly) that P2P services would beat out centralized services, but that's not what happened

That was mostly because the central services were simple for most people to understand. Sign up, log in, done. Most of the p2p solutions, especially the early ones, were more complicated and designed by techies for techies. Take Jabber for example: the user had to pick a server on which to register or run their own. You've already lost the average 99%, right there. They didn't want to pick a server and try to register then find a client and put in all the details. They would want to go to jabber.com (just an example) sign up, and be done with it. They don't care about p2p vs centralized, nor do most of them care about their own privacy (most unfortunate, that). They care about being able to do what they want to do, not whether it's based on p2p technology or not.

Reply Score: 2

RE[2]: Data safety
by Alfman on Thu 8th Jun 2017 20:42 UTC in reply to "RE: Data safety"
Alfman Member since:
2011-01-28

darknexus,

That was mostly because the central services were simple for most people to understand. Sign up, log in, done. Most of the p2p solutions, especially the early ones, were more complicated and designed by techies for techies.


While legally questionable, I think that Napster proved that the tech was ready for the masses and it was not too difficult even for "noobs" to use. Unfortunately the modern internet is breaking the end-to-end principal and making P2P less viable over the years ;)


Take Jabber for example: the user had to pick a server on which to register or run their own. You've already lost the average 99%, right there. They didn't want to pick a server and try to register then find a client and put in all the details. They would want to go to jabber.com (just an example) sign up, and be done with it.


I'd call that an example of a federated protocol rather than P2P. Anyways, I understand what you are saying, however I think the level of difficulty has more to do with industry support over anything else. Federated services can be just as easy to use as centralized ones. Telephones and DNS service are some of the largest federated services that virtually everyone uses without even thinking about it because they're already bundled into our routers/computers/phones. These are highly sophisticated networks that just work out of the box because companies collectively decided to make it work that way.


They don't care about p2p vs centralized, nor do most of them care about their own privacy (most unfortunate, that). They care about being able to do what they want to do, not whether it's based on p2p technology or not.


I agree. The world could have evolved towards P2P/federated services rather than centralized silos, except that people didn't care. Companies took advantage of this and decided to invest in technology that gives them access to private user data.

Reply Score: 3

Entertaining
by Sauron on Fri 9th Jun 2017 06:12 UTC
Sauron
Member since:
2005-08-02

I don't know about anyone else, but I find it quite entertaining that China is now more trustworthy on privacy and surveillance than the USA, UK or virtually anywhere in Europe. Priceless! ;)

Reply Score: 3

RE: Entertaining
by Kochise on Fri 9th Jun 2017 09:26 UTC in reply to "Entertaining"
Kochise Member since:
2006-03-03

China, about privacy and surveillance, about human rights, etc. Some decades back, it was about who got the biggest nukes fest.

It's as much as in our western countries about PR communication. Don't drink the kool-aid.

Reply Score: 2

RE[2]: Entertaining
by Sauron on Fri 9th Jun 2017 11:37 UTC in reply to "RE: Entertaining"
Sauron Member since:
2005-08-02

Some nice cool lemonade would be nice on a day like this thank you. You may even get a tip for delivery. ;)

Reply Score: 2

RE[2]: Entertaining
by agentj on Fri 9th Jun 2017 13:19 UTC in reply to "RE: Entertaining"
agentj Member since:
2005-08-19

What are these "western" countries ? Countries full of Indians and cowboys ?

Reply Score: 2

RE[3]: Entertaining
by Kochise on Fri 9th Jun 2017 15:14 UTC in reply to "RE[2]: Entertaining"
Kochise Member since:
2006-03-03

No, occidental first world countries giving lessons to eastern and third world countries, like about "democracy" and "privacy", yet allowing the NSA to spy on citizens on a massive scale never seen before.

"Do what I say, not what I do" like.

Reply Score: 2

Comment by Sidux
by Sidux on Fri 9th Jun 2017 08:38 UTC
Sidux
Member since:
2015-03-10

This is the price of outsourcing (or what was made public sort of). The bigger you become the harder it is to control everything.
People should start understanding how much they are worth in the marketing business and start acting accordingly.

Reply Score: 1