Privacy in tech is something I have always been incredibly passionate about, as so many companies blatantly abuse consumer privacy. And they get away with it by keeping consumers undereducated and misinformed.
Lately, that has started to change. Consumers are getting smarter about their privacy, and companies like Apple have started to invest in raising awareness about privacy abuse in tech.
Because of Apple’s marketing on this topic, it’s been forced to put its money where its mouth is! And to a large extent, they have. While it used to be a debate of whether or not Apple was as private as it claimed, today, there isn’t much comparison. Apple is lightyears ahead of its competitors when it comes to privacy, so much so that it’s warring over it with giants like Facebook.
In today’s post, I’m going to break down all of the new privacy features that were announced at WWDC21. And at the end, I’m going to touch upon privacy features that I would like to see Apple add in the future.
A lot of this stuff is pretty groundbreaking, so without further ado, let’s get into it!
All of the new Apple privacy features announced at WWDC21
Siri will do more processing on your device
The first WWDC21 Apple privacy feature I want to talk about has to do with Siri.
Siri and her peers (Alexa and Google Assistant) came under some fire over the last year. That was thanks to a controversy which revealed that all of these assistants are recording and storing samples of your requests. So these companies had employees listening to your “Hey Siri” requests.
Now to be fair, there was a (supposedly) non-nefarious reason for this. That was to improve the accuracy of these assistants by comparing what Siri heard to what the human employees heard.
However, everyone was already nervous about tech companies secretly listening to us. So having that confirmed, while important, was certainly not a good look. Especially for Apple.
Fortunately, Apple and others seemed to have changed their ways. And after the updates coming to Siri later this year take effect, it should become a lot harder for Apple to do this.
That’s because Apple will now be doing most of its Siri listening and processing on your device. Before, Siri would listen to your request, send it out to an Apple server, and then send the response back to your iPhone. That allowed Siri to work without needing to rely on your iPhone’s processing power.
Now, though, Siri should be doing most of its work on-device. This will be more private as well as more reliable. You won’t need to be connected to the internet to use Siri nearly as often, and that means fewer chances for Apple to listen to your Siri requests.
FaceTime between non-Apple devices will be end-to-end encrypted
Another WWDC21 privacy feature was an add-on to another new feature announced at WWDC21. For the first time, you will now be able to have FaceTime calls between someone with an Apple device and someone without an Apple device.
This will be made possible through FaceTime links. An Apple user will be able to create a FaceTime link on their device. They can then send that link to anyone on any device with an internet browser. Pretty great!
To keep this private (as Apple won’t have control over the non-Apple devices using FaceTime), Apple will be end-to-end encrypting your FaceTime calls.
That doesn’t mean the other person can’t still record your call. This won’t stop that at all. However, it should make it harder for someone to intercept the FaceTime call. So if the other person is using a compromised, unsecured device, your call should be protected from hackers and the like.
FindMy will make it easier to find AirPods after WWDC21 without compromising privacy
With the release of AirTags a few months ago, Apple showed off a major upgrade to the FindMy app. One component of this upgrade was the ability for AirTags to use nearby Apple devices to help users find their lost devices.
This works through Bluetooth. If you lose an AirTag, you can put it into Lost Mode. Once you’ve done that, it’ll send out a Bluetooth signal. If any nearby Apple devices catch that signal (they don’t have to be your Bluetooth devices) then the AirTag’s location will be updated on your FindMy app. This allows you to find devices without them being near you.
At WWDC21, Apple added this privacy feature to AirPods. Now, you’ll be able to find your AirPods, even when they’re out in the concrete wilderness. And, even though other Apple devices will be picking up and broadcasting the location of your AirPods to you, the device owners will never know or see any information about your AirPods location. So it’s private!
At WWDC21, Apple added privacy protection to Mail
Next is a move that I thought was one of the best privacy features announced at WWDC21. Apple will now be taking measures in the Mail app to reduce email tracking. Namely, this will be done by blocking the use of “invisible pixels”.
If you already know what an “invisible pixel” is, then you can go ahead and skip to the next section. All you need to know is that Apple is blocking these things for those who use the Mail client. If you use the Gmail, Outlook, or any other email clients, you’ll be relying on those clients to block this tracking method.
What are invisible pixels?
For everyone else, I figured I’d briefly describe what an invisible pixel is so that you have an idea of what this does. To be honest, I had no idea that this was a thing until Apple mentioned it, so we’re learning together!
An invisible pixel (also known as a “tracking pixel”) refers to an email tracking strategy. A hidden image (usually just 1-pixel by 1-pixel in size) is included in your email. Since emails are sent over the web, you have to download the images included in an email from a server on someone else’s computer.
Invisible pixels get lumped in with these downloads. The difference is, though, that these pixels report information back to the server. They tell the server things like whether or not you opened the email and where you are located. And since these things are virtually invisible to the eye, they go unnoticed by the recipient.
Using the built-in Mail client on iOS, iPadOS, and macOS should prevent these things from tracking you moving forward.
I’m not exactly sure how Apple will be blocking them. I was thinking at first that Apple might just scan the email for any 1px by 1px images and block them from downloading. But then I thought that someone could just make a 2px by 2px image instead, or 2px by 1px, or 3px by 3px, etc.
Maybe there’s some computer science wizardry going on here that I don’t understand, or maybe it’ll just block most invisible pixels that default to 1px by 1px. Apple didn’t elaborate on its method here, so I’m not sure how it’ll work!
Safari will hide your IP address from trackers
Yet another very cool privacy feature to come out of WWDC21 has to do with your IP address. After this update, Safari will hide your IP address from your trackers.
For those that don’t know, your IP address is kind of like your computer’s ID card that it uses to connect to the internet. Similar to how having a phone number allows you to receive and send calls, or a home address allows you to send and receive mail.
And just like your phone number and home address, you don’t want these things to be exposed online! But for the most part, your IP address is blatantly available for all to see. It’s why you get ads and information specific to where you’re located.
Your IP address contains information about the device you’re using and where you’re located. When combined, it gives trackers a pretty good idea of who you are and what websites you’re visiting.
Creepy to say the least! Luckily, Safari should start hiding your IP address from trackers after the next round of OS updates. No complaints here, this is a win for everyone. Well, except the trackers.
Apps will have privacy reports, just like Safari has
One of the best privacy features to come out in 2020 was privacy reports. Privacy reports are a feature in Safari that allows you to see how many trackers Safari has blocked for you over the last week. It’ll also show you how many trackers have been blocked on a particular webpage.
In a way, privacy reports are pointless, in that they don’t give you any extra control. Those trackers would have been blocked regardless. What it does give you, however, is transparency. It gives you an idea of how prevalent tracking is online and which sites are the worst offenders.
Ironically, I remember Apple’s website having one or two trackers that were blocked by this feature. Now, however, it looks like Apple has changed this so that it has no trackers on its homepage.
You’ll be able to share healthcare information between family members and professionals – privately
Closing out this section of WWDC21 privacy features is one related to your healthcare. The iPhone and Apple Watch have been working together for the past few years to build up a robust, unprecedented level of insight into your day-to-day health.
However, there haven’t been very many ways for healthcare providers to take advantage of that information. But that’s set to change with the upcoming updates to Apple’s hardware.
After these updates, you’ll be able to share deep insights into your Apple-collected health data with your healthcare provider. You’ll also be able to share some of this information with your iCloud family if you so choose.
Of course, confidentiality is incredibly important when discussing health-related data. Apple has kept this in mind with this set of features. No one except you and your healthcare provider will be able to see the data you share. It won’t be logged or viewed by any of Apple’s systems.
I think this will prove to be a milestone in the growing relationship between mobile devices and healthcare. The emphasis on privacy makes it that much better.
WWDC21 privacy features exclusive to iCloud+ users
That isn’t all there is to announce in the way of WWDC21 privacy features! There are a few more that I wanted to touch on.
What sets these features apart is that they aren’t going to be available to everyone. Apple is rebranding iCloud storage as iCloud+ (how original!). It will be nearly identical to the iCloud storage you currently pay for (the prices aren’t changing or anything like that).
The only difference is that now, those who pay for iCloud+ are going to get some exclusive privacy features from Apple. I imagine that most iCloud users already have paid iCloud storage, so this should be coming to you.
If you don’t have it, you should get it! It starts at $0.99/month and you can get 200GB for just $2.99/month. Totally worth it for things like backing up your photos and messages, backing up your iOS and iPadOS devices, and now, getting these great privacy features.
Private Relay will encrypt your Safari usage
First up is Private Relay. Private Relay is a new privacy feature announced at WWDC21 that works similarly to a VPN.
If you don’t know, a VPN is a thing that bounces your internet connection around so it’s harder to track. Your computer connects to the VPN, which scrambles aspects of your internet usage, and then the VPN connects you to the internet.
Or to put it more simply: Say you live near a highway where cameras record you the whole time you’re driving. So you talk to your friend about it, and they tell you that they know a shortcut that will help you avoid these cameras and dupe them in case they see you. That’s basically what a VPN does for you on the internet.
Private Relay uses very similar principles to a VPN. It has been confirmed that Apple is working with VPN providers like Cloudflare and Fastly to bring this feature to you. And there are rumors that they might also be working with Akamai. These partners are helping Apple make Private Relay possible.
This iCloud+ feature will take your internet usage and bounce it between different servers automatically. It’ll only do it between two servers, though. The Tor browser does three by default. That may sound more private, but Tor is certainly going to be less regulated than Private Relay, so the quality points will probably go to Private Relay.
In short, this will kind of be like having a built-in VPN on your Apple devices. Your internet usage will be very scrambled and private!
You’ll be able to hide your iCloud email without Sign In With Apple
In 2019, Apple announced a great new privacy feature for Apple users: Sign In With Apple. Like Sign In With Google or Facebook, this feature allows you to create an account with a website, app, or service without needing to come up with a username and password.
The new account will be linked to your iCloud account instead. This makes Sign In With Apple more secure and private than a traditional username and password.
It also included a feature that lets you hide your iCloud email address. When you choose this option, Sign In With Apple will generate a random email address to use that will automatically forward back to your email address. This allows you to make accounts with an even greater sense of privacy.
With iCloud+, this feature is about to become a lot more widespread.
This WWDC21 privacy feature will allow you to create a random email address whenever you want. In the same way that Keychain will suggest random passwords to you, it’ll now also suggest a random email address to use when creating a new account.
Not only that, but you can delete these random email addresses at will. So if one starts sending spam your way, you’ll be able to cut it off easily. And you’ll know which account sold your email off because all of your emails will be unique.
Using this feature will make it way easier to hide your email address from your accounts. It’s also an important step forward towards the password-less future it seems we’re all striving for.
HomeKit Secure Video support is expanding after WWDC21 privacy features roll out
This privacy feature didn’t debut at WWDC21, but it did get an upgrade. For those that don’t know, HomeKit Secure Video is an iCloud feature for those with security cameras connected to HomeKit.
With this feature, you can record and store footage from your home security cameras. Previously, this feature was pretty limited in terms of accessibility. You could only access it with the 200GB and up iCloud storage plans. And only with the largest 2TB iCloud storage plan could you get support for more than one camera. And that support capped at five cameras.
Once these new WWDC21 privacy features roll out, you’ll see that expand significantly.
For the basic iCloud+ 50GB plan, you’ll be able to have one connected HomeKit security camera.
The 200GB plan will give you access to five cameras.
The largest 2TB plan will support unlimited HomeKit security cameras
None of the footage recorded on these cameras will deplete the storage you have on that plan. You can record as much as you like. That isn’t new, though, I just figured it was worth mentioning!
Privacy features we’d like to see from Apple after WWDC21
And that’s it! That’s all of the new WWDC21 privacy features coming later this year.
Before wrapping up this article, I wanted to take a moment to cover the privacy features I’d still like to see from Apple moving forward. Each year this list depletes a bit, and sometimes I’m even surprised by the features Apple adds.
Still, I think some more progress can be made – and here’s how I envision that progress.
A privacy-centric search engine by default
To me, this is a major change that needs to happen. Google is growing more privacy-centric each year, that’s true. But it’s far from being anywhere near a privacy-friendly option.
Now, there is a privacy-first search engine available on all of Apple’s devices: DuckDuckGo. I’m a huge fan of DuckDuckGo and have been using it for years. It has lots of features that Google doesn’t. I never regret leaving Google.
But Google is still the default on Apple’s devices. And as long as it’s the default, it’s going to be the search engine most people use.
Of course, I understand that Apple making a search engine like DuckDuckGo the default doesn’t mean that everyone will automatically love it. I imagine that lots of people will just immediately switch back to Google.
But it would get a lot of people using DuckDuckGo and thinking about the privacy of their internet searches. As it stands now, I doubt most people even know that they can make a different search engine their default on their Apple device.
One way I can see Apple completely beating the popularity of Google on iOS and macOS is by making its own search engine. That might sound ridiculous, but there’s a lot of evidence to suggest Apple is working on this right now.
I covered the possibility of this being the case last September (read here) and you guys seemed to agree that it would be a good move by Apple. If Apple did come up with its own search engine, there is no doubt in my mind that it would be packed to the brim with unique privacy-centric features.
There’s been no official confirmation of anything like this being in the works, unfortunately. Only time will tell if we see it happen!
SMS forwarding to hide your phone number
Next on my WWDC21 privacy wishlist that didn’t come true is a pretty straightforward one. Just like how you’ll be able to create fake email addresses that forward back to your iCloud address, I’d like to be able to use fake phone numbers that forward back to my real phone number.
I probably don’t need to tell you that SMS and caller spam is at an unbearable level. It seems like every other day that I get some kind of spam group text with a malicious link in the messenger. And for some of my less tech-savvy friends, it’s multiple times every day.
Having the ability to use a random number would help you pinpoint which sites are leaking your number. And it would also help you reduce these incoming calls by being able to delete or change the phone number they’re being sent to. But so long as we have to keep handing over our real phone number over the internet, we’re going to keep getting these spam calls and texts.
To give Apple some credit, this would be an extremely expensive feature to implement. Buying phone numbers isn’t cheap, and it would be very complicated to figure out how this would work with all of the different mobile carriers out in the world.
Some ideas for how Apple could keep your phone number private
As someone who has written and been involved in the telecom industry for a few years now, I do have some ideas!
Apple could create a portal like Sign In With Apple that prevents businesses from being able to see your phone number. They could still call and text you, but it would be through Apple’s API so that they don’t see the number they’re contacting.
Apple could create some kind of decoy system whereby you could enter a randomized iCloud email as your phone number in the phone number slot. Whenever messages or calls are sent to this email address, Apple would redirect it to your iMessage phone number
Again, I’m not entirely sure how viable either of these features would be. I’m sure Apple has considered this from several angles and is possibly even working on something like this.
Ultimately, though, it may come down to mobile operators and regulating bodies to come up with a standardized solution. Or maybe, in the long run, it’ll be easiest to just block spam calls and texts from coming in, similar to how emails automatically filter out spam.
Expansion of Keychain and password randomization practices
A much simpler step that I think Apple could take towards privacy would be to expand on its Keychain features.
For those that don’t know, Keychain is a password manager built into most Apple devices. It runs through iCloud, syncing all of your passwords between all of your Apple devices.
When you go to create a new account online, Keychain will usually suggest a randomized password for you to use. It’ll keep that password stored for you, so you don’t have to remember it. You only need to remember the passcode to your device and your iCloud account password. Everything else can be randomized.
Despite how convenient and great this feature is, I am the only person I know who actively uses it. And all of my friends and family have exclusively Apple devices. But they keep reusing the same passwords for all of their accounts, not realizing or taking seriously the risks that come with doing so.
To me, this means that there is a problem with Keychain. Either it isn’t convenient enough, explained well enough by Apple, or integrated as neatly as it could be.
Here’s how I would change Keychain for the better
Start marketing Keychain more heavily. Make your users more aware of it, its necessity, and its ease of use. Educate everyone!
I would create a separate Keychain app so that it isn’t buried in the Settings app. Most people probably never visit it because it isn’t in plain sight.
I would make it available on non-Apple devices. Not everyone who has an iPhone uses a Mac computer. So make a Keychain app that’s available on Windows and Android. People aren’t going to use randomized passwords if they have to manually type them in on half of their devices.
For those that don’t know, there is a backdoor to your data through iCloud. That data can be accessed by Apple at any time. That includes your photos, iMessage texts, calendar events, reminders, notes, files – anything you have stored in iCloud, Apple can access.
To be fair, I certainly don’t think Apple is going through any of your iCloud content. But the fact that your storage is accessible to them means that it’s vulnerable to hacks or government seizing, should that ever be a concern.
Apple could resolve this by encrypting that data with a key they don’t have access to. This is similar to how the data stored locally on most of your Apple devices is. Without your passcode, Apple can’t access the data on your iPhone. Something similar for iCloud would be great!
Looking forward to the future of Apple privacy features
And that’s it! Those are all of the Apple privacy features that were announced at WWDC21. As usual, I’m pretty thrilled about all of these. I hope more keep coming in the future, as digital privacy is a huge concern at the moment!
If you want to learn more about guarding your digital privacy on Apple devices, you can read my previous post on it here.
I would like more, easier control over Cookies. I do delete my cookies for privacy.
But I always have to re- answer the bank security question and the auto log-in stop working on my favorite site.
I would like to protect these cookies.
It would be nice to have a white list or some sort of privacy control for internet site.
I don’t know how the cookies work, could this be done?
I would like more, easier control over Cookies. I do delete my cookies for privacy.
But I always have to re- answer the bank security question and the auto log-in stop working on my favorite site.
I would like to protect these cookies.
It would be nice to have a white list or some sort of privacy control for internet site.
I don’t know how the cookies work, could this be done?