#information security
So y’all wanted morerants about information security & data privacy? Let’s talk about the two main privacy paradigms that are currently competing for dominance in Big Tech. For the sake of not writing a full goddamn thesis I’m going to only talk about models that actually address user privacy (so NOT Facebook’s “privacy is no longer a social norm” bullshit), and only in the context of the USA with a light dip into GDPR.
Very broadly speaking, Big Tech in the US is coalescing into two camps regarding privacy: “opt-out privacy” and “opt-in privacy”. Apple is the flagship and main driver for the concept of “opt-out privacy”. Over the last few years, they’ve leaned heavily into the idea that data should be kept private by default, and only shared under limited circumstances at the user’s request. In other words, the user has privacy by default, and must opt out of that default for data to be shared.
Google is likewise the flagship and main driver for “opt-in privacy”: the idea that data should be shared broadly for the benefit of both the user and the service provider, and sharing is restricted on a case-by-case basis at the user’s request. In other words, the user shares data by default, and must opt in to privacy where desired.
It’s not a coincidence that Apple and Google are the leading drivers for Big Tech’s privacy models. Mobile phones are the most personal devices most people own: your phone goes with you everywhere, and on average, most people check their phones 344 times(!) per day. If you’re like roughly half of US mobile users, you have at least one personal health app on your phone. And until very recently, nobody was stopping shady advertising companies from harvesting every drop of user data they could from people’s phones. All this has made mobile phones one of the primary battlegrounds for digital privacy.
Let’s look at Apple’s model first.
(cut because this is 2k words and I don’t want to murder anyone’s dashes)
