> seriously, anyone at this point advocating for any other phone/os/service out there besides apple is really going out of their way to swim up river.
This is a little hyperbolic. E2EE backups are fantastic; Apple seriously deserves a ton of praise for this. And iPhones have been getting a ton of security/privacy features that I really love, I am not going to dismiss their contributions to privacy. And while I wish some of their services like the Apple VPN/masked emails were better done, they are still fantastic features that I encourage iPhone users to enable, and that I am thrilled to see rolled out to a mass audience.
Alongside that praise, I am though going to point out that the adblocking on the iPhone is sub-par[0] because mobile Safari lacks Firefox's extension APIs, and I'll point out that their app store model blocks some privacy apps like Newpipe, which forces people into using more invasive alternatives that require stricter privacy controls. I'll point out that it is harder in some ways to get away from the default tracking that happens in Apple's apps than it is to root an Android phone and disable/swap Google services.
Threat model and personal expertise matters here; I like a lot of what iPhone do, but I also dislike a lot of what they do. Personally, I feel more confident in my ability to secure a rooted Android device than I do to secure an iPhone against the majority of privacy attacks I'm worried about. That doesn't mean that iPhones aren't the correct choice for a lot of people. I feel much less confident in a family member's ability to secure an Android phone if I can't give them advice or help them through the process.
And all of this is ignoring that privacy is one aspect of consumer freedom and rights. I think we can praise Apple for what is objectively a great move for privacy without being this over-the-top.
----
[0] Before someone complains, I'm not saying that iPhones don't have adblocking. They do have adblocking and I encourage you to use it, it's great. But that adblocking is objectively not as powerful or comprehensive as it would be to use a tool like Ublock Origin.
I think this might be the single strangest objection to using an adblocker I have ever heard. Are you implying that installing uBlock Origin in a browser raises your risk of being tracked online?
I don't think I've ever seen someone make the argument that Gorhill should be trusted less than the advertising industry, that's a new one for me.
Well seeing there is a proven alternative method with iOS that allows ad blocking without the extension being able to intercept your browsing history, you don’t have to make that choice.
I already explained this in my parent comment, but the Safari APIs for adblocking are factually, objectively less effective at blocking trackers than uBlock Origin is. It's not a matter of opinion, there are things that uBlock Origin can do that Safari adblockers can't do.
People get really offended when I bring this up. I'm not saying that Safari adblocking is useless (you should use an adblocker with Safari, and there are devs doing excellent work to get around Apple's limitations, I have a lot of respect for them), but you are making a tradeoff for that sandboxing/permissions in the form of a less effective adblocker. This isn't just me saying this, if you talk to people writing iOS adblockers, they will tell you the same thing.
If you are so scared of Gorhill that you need to make sure he isn't tracking you, then sure, make that tradeoff. Or more realistically, if there are other privacy features on iOS that you care about more than adblocking, then make that tradeoff. But it's not just silly to pretend that the browsers are equivalent, they aren't.
And it's even sillier to pretend that an Open Source standard in adblocking should be rated higher on someone's threat model than the actual websites that are tracking you when you use a browser.
Once again, it's OK for people to like iOS or to point out that it has some excellent privacy features that make it a good choice for privacy-conscious consumers. And I'll give Apple praise that on iOS, the default browser supports an adblocker at all -- it doesn't require you to install a separate browser to get access to one. But we don't need to get hyperbolic and start arguing that Apple is somehow leading the pack on literally every single privacy issue; they aren't. It's OK to say, "in this specific issue, it isn't possible on iOS to get the same anti-tracking behavior that we could get on Android or on a desktop PC/Mac."
This is specifically looking at (pre-manifest-V3) Chrome, so there are some other differences with Safari, but CNAME uncloaking is the most obvious example.
See also some of the previous comments I've made about this in the past (https://news.ycombinator.com/item?id=23622206). A few of these details might have changed (I vaguely think I remember Apple raising the rule limit), but I think the fundamentals are all still true.
> Did you personally vet the open source code? Did you compile it from scratch and install it on your phone or are you trusting it’s the same code?
I have read through parts of uBlock Origin's code, yes, but ultimately I'm trusting the broader Open Source community to say it doesn't have holes in it. And yes, I'm trusting Mozilla's vetting process for its "trusted extension" category. I think that's a reasonable thing for most people to do.
Of course, I could compile the extension myself, but I think to a certain degree that would be security theater.
----
Again, just really surprising to see an argument that boils down to "this Open Source application might potentially spy on me, and that's a greater danger than the websites that I know are actively spying on me right now." If Safari adblocking is good enough for you and your threat models, great. You don't need to justify that by pretending that uBlock Origin is insecure.
I will note, by the by, that Safari's limitations mean that (at least on desktop) the top-rated adblockers like AdGuard have shifted to running as external applications separate from the browser (https://adguard.com/en/welcome.html). This is not a dig at AdGuard, I think the AdGuard devs (as of last time I checked) are doing really great work. But if you're worried about sandboxing, running a desktop app is a lot more invasive than running a browser extension. I don't know if there are ways to do the same circumvention on iOS, so it's possible that AdGuard devs are staying in the browser sandbox there; I'd need to double-check.
Of course, you can use apps like AdGuard as pure extensions in their more limited form (I don't recommend a specific iOS app, but unless something has changed since the last time I checked, AdGuard is a solid choice) -- but you will get a more limited adblocker as a result. The performance might be good enough for you, and that's fine. But it's still correct to say that it will be more limited.
----
I will also add to this just to preempt anyone arguing otherwise that I am not saying that browser extensions shouldn't have better sandboxing. They should, extension sandboxing is awful and it needs to improve. What I am saying is that the specific sandboxing model that Safari uses (and that Chrome is moving towards) for adblocking limits their effectiveness.
This is a little hyperbolic. E2EE backups are fantastic; Apple seriously deserves a ton of praise for this. And iPhones have been getting a ton of security/privacy features that I really love, I am not going to dismiss their contributions to privacy. And while I wish some of their services like the Apple VPN/masked emails were better done, they are still fantastic features that I encourage iPhone users to enable, and that I am thrilled to see rolled out to a mass audience.
Alongside that praise, I am though going to point out that the adblocking on the iPhone is sub-par[0] because mobile Safari lacks Firefox's extension APIs, and I'll point out that their app store model blocks some privacy apps like Newpipe, which forces people into using more invasive alternatives that require stricter privacy controls. I'll point out that it is harder in some ways to get away from the default tracking that happens in Apple's apps than it is to root an Android phone and disable/swap Google services.
Threat model and personal expertise matters here; I like a lot of what iPhone do, but I also dislike a lot of what they do. Personally, I feel more confident in my ability to secure a rooted Android device than I do to secure an iPhone against the majority of privacy attacks I'm worried about. That doesn't mean that iPhones aren't the correct choice for a lot of people. I feel much less confident in a family member's ability to secure an Android phone if I can't give them advice or help them through the process.
And all of this is ignoring that privacy is one aspect of consumer freedom and rights. I think we can praise Apple for what is objectively a great move for privacy without being this over-the-top.
----
[0] Before someone complains, I'm not saying that iPhones don't have adblocking. They do have adblocking and I encourage you to use it, it's great. But that adblocking is objectively not as powerful or comprehensive as it would be to use a tool like Ublock Origin.