Craig Federighi on the Many Privacy Features Introduced at WWDC

After a bit of a bummer post — sorry — I wanted to highlight a few things that impressed me after today’s WWDC opener, beginning with privacy features.

Shoshana Wodinsky, Gizmodo:

First up is Mail Privacy Protection, which is a new tab in Apple’s Mail app that’s meant to do what the name implies: letting users decide what data the program shares. Under this new tab, users can choose to hide their IP address and location details from email senders, not unlike the recent iOS 14 updates that keep apps from slurping up details like precise location and a phone’s mobile ad ID. As an added benefit, Apple says its new mailbox settings will keep people from tracking whether you opened the email they sent you and when that email was opened.

This is an interesting twist on the tracker blocking features of some other email apps. But instead of trying to block them, the Mail app in iOS 15, iPadOS 15, and MacOS Monterey will download everything in every message, even when you do not open a message. And it will do so indirectly, “routed through multiple proxy servers”, in Apple’s words. It appears that marketers will still get a very approximate idea of your location — Apple says that it is at a “region” level — but will not know if you did or did not open a message.

This is pretty clever. Any image can theoretically be used as a tracker, so it is a constant cat-and-mouse game for apps like Hey to find and block while still displaying relevant pictures. This is the “I am Spartacus” gambit: instead of fighting the trackers, this technique embraces them all, rendering them useless for understanding open rates or tracking any user.

Marketers, take note.


On top of the inbox updates, the company also announced new “app privacy reports,” which will surface more detailed intel about how non-Apple apps are tracking your activity across your device. Similar to Safari privacy reports, these will break down which apps on your device are accessing what kind of data, and how much of that data gets sent to specific third-party trackers. As part of that report, users will also get an overview of how often a given app accessed your microphone, camera, or precise location over the past week. Think of it as a quick list to shame the worst privacy offenders on your phone.

In a preemptive counterstrike, Facebook announced today that it would begin showing creators a breakdown of how much of their earnings from in-app purchases are going to Apple and Google. Tag, you’re it.


Apple introduced a slew of new features for iCloud on the privacy front. First, the company announced Private Relay, a new VPN service built into iCloud that will let users browsing on Safari completely encrypt their traffic. Apple says this setting ensures that “no one between the user and the website they are visiting can access and read” any data sent over Private Relay, not even Apple or the user’s network provider. […]

This comes with iCloud Plus, which is Apple’s new name for all of its paid iCloud plans. iCloud Private Relay does not allow you to pick a different country and only works in Safari; you should not think of it as a replacement for a VPN in many circumstances. As such, it should play nicely with personal and corporate VPNs.

iCloud Private Relay will not be available in several countries, including Belarus, China, the Philippines, and Saudi Arabia.

Michael Grothaus of Fast Company was briefed on these features before today’s keynote, and spoke with Craig Federighi about them:

Federighi explains that governments are often reactive when it comes to technology – and there’s no way for them to get around that. At least on the consumer front, companies do most of the innovating. They’re also the ones who find new ways to exploit data. So governments can put rules around technologies or processes only after they’ve become a problem. Those rules often lag far behind the speed of such innovations. That’s why even if governments were more proactive, it would still fall on companies such as Apple to develop new privacy-enhancing technologies.

That being said, Federighi believes that “there’s absolutely a role where government can look at what companies like Apple are doing and say, ‘You know, that thing is such a universal good – such an important recognition of customer rights – and Apple has proven it’s possible. So maybe it should be something that becomes a more of a requirement.’ But that may tend to lag [Apple’s privacy] innovation and creation of some new thing that they can evaluate and decide to make essentially the law.”

I am sure regulation will not preemptively correct every privacy ill, but surely there are good reasons that the data broker industry is uniquely capable and creepy in the United States compared to other developed countries. Privacy problems are not a U.S.-only problem, but they are a U.S.-mostly problem — and, because so much personal information of users worldwide is stored on servers controlled by U.S. entities under U.S. laws, we are all sucked into the failure of the U.S. to legislate.