How Facebook, Google, and Apple are doing privacy

13 min read

Georgia Iacovou

30 Jul 2019

Facebook started in a Harvard dorm room, Apple is just a fruit, and Google isn’t even a word. So how are they going to handle privacy?

In March, Mark Zuckerberg wrote this painfully long blog post on how Facebook are pivoting to privacy. Let me just get one thing out of the way: a company would never have to announce a pivot to privacy if they were already operating with privacy in mind. The announcement itself should not inspire new levels of trust — it’s the actions that Facebook will take from now on that we will judge them on.

Apple also announced a privacy pivot via a much more palatable tweet thread by Tim Cook back in October. Then they went about releasing cool products and features. Such as this credit card, and Apple sign-in, where you can create a random temporary email address to sign into things instead of using your own email address.

Google have done something similar by insisting that privacy is simply something that you should just have, no matter what services you use. This is important because Google services are everywhere. You don’t have to buy an iPhone but you probably do have to send an email, collaborate on a document, or even gather site statistics for your small business. In his piece for the Privacy Project, Sundar Pinchai made it clear that all these things should be private by default.

For us, that means privacy cannot be a luxury good offered only to people who can afford to buy premium products and services. Privacy must be equally available to everyone in the world. Sundar Pinchai, CEO of Google

So, three tech giants, three different approaches to privacy. Jump to:

Facebook’s approach

What we’ve had so far is Zuckerberg’s love-letter to privacy (the blog post announcing their privacy pivot) and F8, where new ‘more private’ products were showcased. It’s really hard for me, and the cynical masses, to see all of this as anything but superficial, especially given Facebook’s track record.

Celebrating private interactions is not the same as maintaining the privacy of your users

One of the issues isn’t really Mark Zuckerberg’s fault — he is essentially a public figure now, and cannot talk about his own company with as much candour as Chris Hughs did in his confessional piece in the New York Times. People love to hate Mark Zuckerberg, so he has to fight against that while convincing people that “likes” and “life updates” are still important and cool. Oh and… he also needs to get people to trust him (the hardest part).

Facebook's updated news feed Facebook’s new look. But what does it have to do with privacy?

Baring all that in mind, at F8 this year and many times in before and since, Facebook have highlighted some key new approaches to privacy. The most repeated line is that they will now put “emphasis on groups and private interactions”. This is a great idea, but it’s all about how they execute. And remember: celebrating private interactions is not the same as maintaining the privacy of your users.

Group enhancements

It’s unclear how these will look, but enhancements for specific groups such as gamers, merchants, and other professionals will be rolling out soon. This is a cool idea but will it be better than Discord or Slack or dev.to or really specific subreddits? Back in 2006, Facebook was the hip cool place where you could grow communities. There are so many other places to do that now — these so called group enhancements have a lot of competition.

Facebook's updated group tab The new Facebook Groups tab

Posting to groups will also be easier, with it’s own dedicated tab and timeline. With the new Facebook, you could solely spend your time on a newsfeed that only shows posts from groups that you are in. This is indeed an emphasis on that ‘living room’ feel as opposed to the ‘town square’, but what does it actually have to do with privacy?

New Messenger features

Messenger is about to change a whole bunch. It will now have:

Showing off about end-to-end encryption in 2019 is not only a weird flex, but an unnecessary one. We all know end-to-end encryption should have been there from the very beginning, or at least before now. Bragging about it to this degree is a bit of a concern.

There's nothing tangible here that reassures users that the data they produce by using this service won't be somehow exploited for ad revenue

The other three features, again, don’t exactly scream privacy. There’s nothing tangible here that reassures users that the data they produce by using this service won’t be somehow exploited for ad revenue.

Stories and Events

Okay, we all know stories are an unnecessary cosmetic add-on outside of Instagram, but Facebook really need this one. They are short, impermanent interactions. That’s 👏 more 👏 like 👏 it. They should spend as much energy as possible capitalising on communications which only exist online for a day if they ever want anyone to really trust them as a company again.

A few months ago they also announced that they would be testing out sharing Events via Stories. As The Verge put it, this is an actual good use for Facebook Stories because it’s genuinely much more useful than receiving incessant notifications about how Jessica Davis “might” go to a neo-folk music festival in a pub on the other side of London. Those notifications are also somewhat an invasion of privacy — it’s very possible that Jessica Davis does not want her whereabouts advertised to people she probably doesn’t even hang out with anymore. Putting this stuff in Stories is indeed more private.

Apple’s approach

From where I’m standing, Apple have been very smart about this. They have starting talking about privacy in a very considered way — this is evident from Tim Cook’s tweet thread from October last year.

The reasons behind this are actually pretty clear: for one, the main competitor to the iPhone is the Google Pixel. Therefore, Apple are now working to demonstrate how they’re phone is different. It’s like this: Apple are not an ad network like Google and Facebook. Apple simply make hardware. Privacy is now their differentiator.

Apple are not an ad network like Google and Facebook. Apple simply make hardware. Privacy is now their differentiator.

Secondly, as we can see from the Apple Card and the Apple Watch, they want to move into finance and healthcare. These are two spaces you cannot exist in if you are not seen to take privacy seriously. However, Apple being Apple, their products are expensive. Which sort of means you have to pay to maintain your own privacy 🤔

The Apple credit card

Yikes, this one is exciting, I must say. The Apple card is so sleek and cool that it’s made out of metal, and the only piece of information about you on it is your name. To quote myself from another article: what future magic is this??

Photo of Apple Card from conference The Apple card and companion app — I want one

Here’s how it works:

Apple, you deserve a taco 🌮.

Apple sign-in and more

There are two extremely valuable parts to this. One is an alternative to signing into things with Facebook or Google (very convenient, but also very scary). The other is a single-use auto-generated email to sign up to something that you will definitely never use again. That’s somehow both convenient and private — a marriage of my two favourite things.

Apple products are expensive — which sort of means you have to pay to maintain your own privacy.

Coming soon, if Apple developers use those single tap sign-ins for social accounts that we all know and begrudgingly use, they also must include a button for Apple too. Signing in with Apple simply means using TouchID or FaceID instead of handing over piles of data for the sake of using an app you might delete anyway. Personally, I’d much rather sign in to anything with just my fingerprint instead of a Facebook profile which contains over a decade of data about me.

Photo of what Apple relay address Auto-generated relay address from Apple — so needed that I can’t believe no one else thought of this first

Another part of Apple sign-in is auto-generated relay addresses. Countless times I’ve downloaded an app and signed up to their services with my email knowing full well it was going to be a one-time thing. This is where relay addresses come in handy; they are used to sign you up, and everything is forwarded to your real address. If you start getting spam, you simply remove the relay. It’s smart and it’s private and it stops your email from being spread around the digital sphere like thick swathes of moreish mushroom paté.

Restrictions on what apps can do

Apple are already notorious for pestering developers with all their strict guidelines. These are strict for a reason: so that the apps we use are good. And yes, private does fall under the umbrella of ‘good’. They recently made some very valuable changes in the Kids category:

Apps in the Kids Category may not include third-party advertising or analytics. You should also pay particular attention to privacy laws around the world relating to the collection of data from children online. Be sure to review the Privacy section of these guidelines for more information. Apple app store guidelines

I mean, this is pretty simple. Keeping targeted ads away from children is extremely important if we do actually want to clean up the internet…

Google’s approach

Google sit in a weird grey area for me; on the one hand they provide really useful services for free. On the other hand… free means they get my data. But on the other other hand (yes I have three hands), that data is genuinely used to make their products better. Because of this, Google’s approaches to privacy recently have been interesting.

Data that simply deletes itself

Like Facebook with Stories, Google have understood the value in temporal data — your digital footprint need not follow you around for your entire life. It’s also about having more control. Being able to have your location, web, and app activity wipe itself away at regular intervals just feels cleaner and safer.

Gif of Google's Web and App Activity feature

I used to work as a search engine evaluator for Google and what I learned from that job is that Google really are all about giving the best and most accurate results, all without judgement. Anyone should be able to search for anything and get a good answer — bare in mind Google is a tool that people use when they are too embarrassed to ask certain questions out loud. There’s comfort in knowing your search history is not permanent.

Bare in mind Google is a tool that people use when they are too embarrassed to ask certain questions out loud

Incognito for Google Maps

Just like in your browser, now anything you do with a map can be totally private. In incognito, it won’t remember your searches or where you’ve been. As I’ve said before, I’m not exactly fizzing with gratitude over this because while it was possible to restrict location tracking before, it was never this easy or comprehensive, and it really should have been. However, it is a tangible step towards more privacy.

Doing more with less data

Google products work well because they are full of data. Google Photos ‘knows’ what a tree looks like because it has been trained on photos of trees that all of us have taken. Before we start shuddering with fear over machine learning, please read my recent piece on how AI is actually great.

Pinchai himself has announced that they are now questioning if this is the best way, and has started talking about federated learning.

We’re also working hard to challenge the assumption that products need more data to be more helpful. Data minimization is an important privacy principle for us, and we’re encouraged by advances developed by Google A.I. researchers called “federated learning.” It allows Google’s products to work better for everyone without collecting raw data from your device. Sundar Pinchai, CEO of Google

While this is just an idea and has not (yet) been solidified into a product or feature, the fact that they’re talking and thinking about this is very encouraging. Google do provide genuinely useful products, so wouldn’t it be great if they could keep improving them without it feeling like an invasion of privacy?

TL;DR: who’s future looks the most private?

Ultimately this is an exercise in trust; sure Facebook can say they care about privacy, but do they? I’m very much inclined to say no. All their new products and features smack of virtue-signalling: ‘emphasising private interactions’ by making Facebook Groups less painful to use does not actually do anything to improve the privacy of it’s users.

I could very easily say the same for Google; a lot of their privacy moves this year have been just talk, or too late (e.g. incognito mode for Maps should have been a no-brainer). However: the ‘talk’ is promising. Google are putting resources into new ideas such as federated learning, which could actually have a meaningful impact on how they handle data: using less of it, while still keeping their products free. This underpins Pinchai’s recent writings on how privacy should not be a privilege.

That leads us perfectly to Apple: absolutely amazing approach to privacy, but they will only really work for you if you actually buy Apple hardware, which, as we know, is not affordable. That Apple Card though. That product alone is enough to convince me they are truly making considered efforts to protect people’s privacy. Apple’s ideas and products are great; it’s just a shame that not everyone can afford them.

the author

Georgia Iacovou

Content Writer