Claims propounded by these researchers have proven-out as correct; to my knowledge none of them have been found to be false or even been credibly disputed by Apple. I could be wrong, if so then readers can please point me at Apple’s debunk. Apple itself could comment on the claims right on Twitter—but does not—why not?
Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you.
Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.
Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user's personal data:
MPG: appalling if true, which seems likely. Is this intentional or just the usual Apple Core Rot incompetence, all while making us endure self-serving Apple propaganda on privacy and human rights, while selling us products built by abused and exploited human being over in CCP China?
Seems to me grounds for a massive class-action lawsuit?
Granting Apple the best-case assumption of gross incompetence, the world’s most profitable company cannot afford a basic security audit?
Still, it does not matter what you use: assume whether it is Apple or any encrypted or secure app is not secure and has been compromised. Because it almost certainly is or will be and the other end is not you. One could wish for the old authentic legitimacy of PGP, which I helped engineer—it was the real deal.
As if that is not egregious enough, this claim is even more concerning for those living in oppressive countries:
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet. We used @ProtonVPN and #Wireshark. Details in the video: ...
Apple marketing propaganda and CED Tim Cook continue to claim security and privacy all while exhibiting incompetence at delivering it.
We are not talking about subtle flaws in code here, or obscure chip-design defects. We are talking about an obvious failure to exercise even the most rudimentary engineering safeguardds and the most minimal standards for quality assurance. In short, gross incompetence.