[HN Gopher] Apple requires account deletion within apps in AppSt... ___________________________________________________________________ Apple requires account deletion within apps in AppStore starting January 31 Author : ezhik_ Score : 488 points Date : 2021-10-06 19:06 UTC (3 hours ago) (HTM) web link (developer.apple.com) (TXT) w3m dump (developer.apple.com) | bgro wrote: | Can't wait for developers to implement "Mark your account as | deleted, so you can't log in and actually delete your data such | as photos later." | paxys wrote: | Wonder if this applies to Apple itself. There is no way to delete | your Apple ID (or other info Apple knows about you) using the | device. | slownews45 wrote: | "Apple gives you the ability to permanently delete your Apple | ID account at any time and for any reason." | | That said, it's a pretty massive wipe. | | Photos, videos, documents, and other content that you stored in | iCloud are permanently deleted; you can't receive any messages | or calls sent to your account via iMessage, FaceTime, or iCloud | Mail; and you can't sign in to or use services such as iCloud, | the App Store, iTunes Store, Apple Books, Apple Pay, iMessage, | FaceTime, and Find My iPhone. In addition, any Apple Store | appointments and AppleCare support cases are canceled. | | Deleting your Apple ID is permanent. After your account is | deleted, Apple can't reopen or reactivate your account or | restore your data. | | You lose all your credits with apple (if any) app updates will | stop working even for apps already downloaded and more. | | "Manage Your Data and Privacy." On the following page, select | "Get started" under "Delete your account." | paxys wrote: | The point is they enforce that third parties have to allow it | from within the app itself rather than a website. But Apple's | account deletion process is only available on their website. | zsmi wrote: | That's an interesting corner case. Even if turnabout is fair | play I wonder if it's even a good idea. If you have two | devices, and you delete your Apple ID from one of them, do you | brick the second device? I think there are dragons there. | anarchogeek wrote: | What about inmutable systems? My app (using scuttlebutt) creates | an 'account' but it's located as crypto keys only within the app | and apple keychain. So far the apple reviewers refused to believe | that it works like. It's open source, they've got the code... but | still.... | | Same is true for anything crypto. The account as it were exists | on many devices, but it's not something you as the app creator | can manage. | | I think apple protecting privacy is good, but the effect on | actually private systems is complicated. | vmception wrote: | Change your data model. That's the answer. Add setters to the | smart contract to change variables. It's not that hard. | detaro wrote: | Scuttlebutt isn't a blockchain and doesn't have a concept of | "smart contracts" | jedahan wrote: | Defining account will be interesting. One definition might be: | | The 'account' consists of the credentials required to add or | modify data associated with a human. | | In that case, the person deleting their private key would | suffice for deleting an account. | | There are plenty of things this doesn't cover, or even | backfires. Just interested in what other perspectives people | may have. | | --- | | Scuttlebutt actually could allow for 'deletion' in the sense | that a 'compliant' scuttlebutt client could choose to interpret | a 'delete this account' message as a filter for any messages | that match said public key. Many client's UX understand that | the state of messages may be incomplete due to the P2P nature, | so thats kinda nice too. | ChrisMarshallNY wrote: | I'm writing an app that has an account on a server. A user | with no account can send a POST form (through the app), | requesting that we create an account for them. We do so, | through an admin dashboard. It's easy to completely delete | the account through the same dashboard, and I don't think we | have any legal obligations to retain the account. | | I'm planning to add a "delete my account" POST form, in the | logged-in app. | | I assume this will be fine. | [deleted] | floatingatoll wrote: | Your app is incompatible with the Apple App Store. | | There's a lot of arguments that people will make about whether | this is justified or not, but from a plain rules standpoint, | that's not a permissible data management strategy if you want | to publish an iOS app through Apple's store. | Hermel wrote: | Blockchain wallets are an interesting case. I would argue that | for example an Ethereum wallet that generates an address for | you in the Ethereum system is _not_ required to provide a way | to delete that account again. Similarly, the Chrome app is not | required to allow you to delete your hackernews account even | though you created it using the Chrome app. Generally, if an | app enables you to create an account in a system controlled by | someone else, the account deletion rule shouldn't be | applicable. | vineyardmike wrote: | Can you just delete the key and local data? Is the requirement | to push that deletion to all other SSB instances? | | Seems like a case where in 2021 this rule is good, but blocks | the creation of new business/product/tools that don't confirm | with the 2020 way of thinking... which is good for apple. | arkh wrote: | > Is the requirement to push that deletion to all other SSB | instances? | | Well if you follow the GDPR: yes. Article 17.2 | | > Where the controller has made the personal data public and | is obliged pursuant to paragraph 1 to erase the personal | data, the controller, taking account of available technology | and the cost of implementation, shall take reasonable steps, | including technical measures, to inform controllers which are | processing the personal data that the data subject has | requested the erasure by such controllers of any links to, or | copy or replication of, those personal data. | jaywalk wrote: | If the personal data is encrypted and you destroy the only | key that can be used to decrypt it, is it still personal | data? Or is it now simply some random bytes? | arthur_sav wrote: | What's funny is that all these laws and (appstore) rules | are not very well thought. | | It comes down to the individual to interpret and enforce | a solution that may or may not be in compliance. | | It's like doing taxes in the US. You may or may not doing | it correctly and you'll only find out if they start | knocking. | cygned wrote: | We built a system that creates backups of PII using that | mechanism; throw away the key after data is supposed to | be deleted. That is legal under EU GDPR. | [deleted] | mike_d wrote: | I had this exact question for our privacy legal team and | the answer I got was that deleting the keys to encrypted | data is legally equivalent to deleting the data itself. | jeroenhd wrote: | This is why using the blockchain got user data is such a stupid | idea. The immutability makes it impossible to redact or remove | information, even if that information is encrypted. The same is | true foor P2P services where there is no central accounting | system. | | Deleting the account shouldn't be a problem if all the | "account" info is stored on the device itself, so if your | reviewers aren't completely incompetent I don't see why this | would be a problem. | judge2020 wrote: | > even if that information is encrypted. | | Assuming that information is only visible to the owner of the | key anyways, then disposing of the key effectively renders | that encrypted data as garbage. Not being able to delete it | only enables some unknown future attack that can decrypt any | data without the key. | rapind wrote: | But it doesn't though right? If there's a database breach | 10 years from now and I'm able to crack pki with like a | quantum computer or something then I have that data... I | think. | jacobr1 wrote: | You don't need the breach, the DB is already public (in | encrypted form). | | So yeah, all you need is either a currently unknown | mathematic weakness in the encryption scheme, or bug in | implementation, or as you suggest some future quantum or | other technical advance that defeats the encryption. | vorpalhex wrote: | For now. | | If the blockchain survives long enough, that info will | become public in time. | jimmaswell wrote: | We invade the privacy of people from a few hundred years | ago all the time and it's considered fine. Do you think | there will be a breakthrough in encryprion breaking soon | enough for it to matter? | xg15 wrote: | Assuming this will take a few hundred years. | | Browsers have to frequently deprecate cryptosystems that | have become insecure. That's not possible with data | frozen inside the blockchain. | | Also, we're at a point where quantom computers are just | starting to become practically usable. So yes, I think | the point of a "cryptographic breakthrough" that will | crack _some_ configurations is quite likely. | barsonme wrote: | If AES is broken in your lifetime, you're going to have | _way_ bigger problems than somebody decrypting your | blockchain ciphertext. | | And if you're not encrypting data with AES (or one of a | handful of other algorithms), then you should be worried | _now_. | olah_1 wrote: | You can have decentralized p2p systems that respect users | (allow deletes). One example would be Gun which allows you to | "tombstone" your data. Just overwrite it with a blank. | | A new version of Scuttlebutt allows tombstoning too. | | I think mutable should be the default. Make it all ephemeral | with optional permanence. | [deleted] | tibiahurried wrote: | In event sourced systems, where the state of an application | is stored as a sequence of immutable events, one way of | solving the "delete" problem (e.g: GDPR) is to have all the | events encrypted to begin with. The deletion (without | performing a rewriting of the events) can be considered | executed by simply "deleting" the key used to decrypt the | events. | | The information is not deleted per se, but it is not usable | anymore. Now, if you have access to new means that allow you | to break the encryption, then yeah it could be a problem. | nightski wrote: | Hate to break it to you but banks are not deleting your | account immediately when you close it. They legally can't. | xg15 wrote: | Your point being? Not deleting data for legal reasons is | still better than the data being physically impossible to | delete. | fuddle wrote: | Can confirm, I worked at a fintech company previously with | a large number of users. They had a "deleted_at" column on | the user table in the database. It's not actually deleted. | nawgz wrote: | Isn't this almost necessarily true for any system which | needs an auditable history? | | Just thinking out loud, of course cascading deletes will | fail, so I guess you could avoid using true foreign keys | to the user table for things which are truly related, and | then you'd know what the user did but presumably no | PII... Seems insanely sketchy though. Way cleaner to soft | delete if you ever need to recover history, which the | fintech context amongs many obviously requires | codedokode wrote: | You don't need to delete the rows from the database. Just | replace user's name, address and phone with random data. | xxs wrote: | The company needs 7 to 10 years of audit info. Of course | they cannot 'delete' any account. | datavirtue wrote: | It's simple. Don't offer account deletion. You comply with | both in that case. | bpodgursky wrote: | > all apps that allow for account creation must also | allow users to initiate deletion of their account from | within the app | | No, that doesn't seem true. | wizzwizz4 wrote: | What bank lets you create an account just from the app? | | ... Okay, the digital-only ones, maybe. But virtually all | other banks I've used make you go to a branch. | zerkten wrote: | Revolut and many other apps allow creation of accounts | from the app per local regulations. It may require SSN in | the US to complete sign-up, but it's all done through the | app and is immediate. | | The account falls under all the regular retention and | reporting requirements, although these companies mitigate | some classes of issues with stricter limits, not paying | any interest (even though that'd be miniscule), etc. | asdf3243245q wrote: | I think most major brick and mortar banks allow you to | open account fully online. | | Try going to random bank websites and click on "open | account". | SilasX wrote: | I signed up for Schwab (and numerous other financial | institutions that were not "banks" per se) without having | to go to a branch in person. You usually just submit | photos of documents and, in some cases, have your picture | taken at your computer. | wizzwizz4 wrote: | Ah, yeah, that was the issue; I didn't have documents. I | now remember that I could've signed up entirely online, | had I had them. | mritzmann wrote: | I know at least two swiss banks. | EastOfTruth wrote: | Does that apply if you automatically create an "account"? | TedDoesntTalk wrote: | It doesn't actually say the account must be deleted. It | says: | | "...must also allow users to INITIATE deletion of their | account" | | Capitals mine. So I can allow the initiation of deletion | but never actually completely delete the account... and | my app complies. | imchillyb wrote: | > So I can allow the initiation of deletion but never | actually completely delete the account... and my app | complies. @TedDoesntTalk | | If the users that are requesting account deletions see | that your app is purposely not complying, I don't imagine | your app will be available for long in the app store. | | Your response is why Apple is implementing this change in | the first place. | | Screw AOL and all of the rest of you making things | impossible to delete, cancel, or otherwise NOT have an | account. | | I sincerely hope you change your tune, and if you don't | then I hope you receive a permanent ban from Apple's App | Store. | | Seriously. This kind of bullshit shouldn't exist. If I | can make an account easily, then I should be able to | delete an account easily. If I cannot, then your business | model should collapse around your fuckin' ears. | runj__ wrote: | It can just go through a manual review and delete the | parts that they're are legally required to delete. While | I don't agree with a lot of the money laundering/terror | financing laws banks shouldn't have to delete your data | if you're trying to avoid taxes or whatever. | | INITIATION is the important part, if they fail to delete | the parts they're required to delete, F them: get them | off the app store. | filoleg wrote: | > If I can make an account easily, then I should be able | to delete an account easily. | | Sure, if you can open an account easily, then you should | be able to delete an account easily. So if we make | opening an account difficult, then it is fine that | deleting one would also be difficult. | | Sounds like an invitation to make opening an account at a | bank or a bunch of other services much more difficult aka | impossible from the app. | oaiey wrote: | And not only banks. Everything which has audit or | signatures as part of their requirements will have legally | required user data after a user leaves. | dogma1138 wrote: | Banks are under a completely different set of regulations | so are many other financial companies as well as other | sectors like insurance and medical. | | They have specific regulation regarding record retention. | unityByFreedom wrote: | A deleted bank account is not publicly accessible. | xxs wrote: | Yes, pretty much anything that has anything to do with | anti-money laundering takes 7 to 10 years to even consider | forgetting your account. | barneysversion wrote: | Key management is how many comply with GDPR today. They | encrypt the PII and associate it with the user. Then, when | someone requests their info to be "deleted", they zero out | the encryption key. | EastOfTruth wrote: | > This is why using the blockchain got user data is such a | stupid idea. | | maybe for you, but there are use cases... | wizzwizz4 wrote: | There _are_ use-cases for blockchain.1 However, storing | user data is not one of them. | | 1: All of them are silly, or could be done better with | something else, but that's not relevant to the point I'm | trying to make. | EastOfTruth wrote: | It probably could be fine for public user data that you | want to spread out and be somewhat resistant to censor | from governments. | | > but that's not relevant to the point I'm trying to | make. | | why do you talk about it if it isn't relevant? | wizzwizz4 wrote: | > _It probably could be fine for public user data that | you want to spread out and be somewhat resistant to | censor from governments._ | | Can you give an example? "spread out and be somewhat | resistant to censorship from governments" is just a | description of blockchain's strengths1. | | > _why do you talk about it if it isn 't relevant?_ | | If I didn't mention it, I'd be lying by omission. In | order for this discussion to make sense, I have to make | the implicit assumption that blockchain is good for | _anything_. I have never, in my life, encountered a | situation where blockchain is better than alternatives. | Heck, I 'm half-convinced that Bitcoin would've been | better off with a block-graph (like Git); it models the | dependencies better, and means attempted double-spend | attacks have a lower impact on the rest of the ledger. | (51% attacks would be a little easier, but only for very | recent transactions, assuming even distribution of | wealth2 and a free market economy3.) | | 1: though it isn't particularly good at either of those | things in practice | | 2: this is a bad assumption, but it would only affect | wealth hoarders so I don't care | | 3: this is a really bad assumption, but it wouldn't take | much improvement to the world to make it a _sufficiently_ | reasonable assumption | TrueDuality wrote: | Maybe a tombstone record in your immutable system? It is | technically marking the account as deleted and the data is | unrecoverable if the only encryption keys have been safely | purged... | dogma1138 wrote: | It's the same as trying adhering to RTBF/GDPR with a blockchain | or any other immutable data store... Your design decisions need | to match the regulatory or other commercial / situational | requirements. | | But in your case I'm not sure what exactly is the problem other | than Apple doesn't believe you... you can still delete the | account it's just deleted locally. | | And you may be required to delete any server side identifiers | if such exist. | Zamicol wrote: | I'm working on an application where a digest replaces the data | on delete. The digest is immutable, which represents the data, | not the data itself. | wayneftw wrote: | Honest question because I don't know: Can you delete your Apple | ID from within one of the iOS system apps? | philip1209 wrote: | Let's say you're building a product like Slack where you have to | balance company vs. individual account deletion rights. For | instance, if I join an open Slack such as Kubernetes developers | vs. a company slack as an employee vs. a company slack as a guest | - I believe Slack doesn't differentiate and requires the company | to manage data deletion requests. How are they able to do this? | drewwwwww wrote: | this is one case where slack's insane identity model might be | beneficial, as membership to any given team is its own | "account" | excerionsforte wrote: | Great, I detest when I can't delete accounts within apps. | MarketWatch is one place where you cannot delete your account. | knightofmars wrote: | "Confirm that any third party with whom an app shares user data | (in compliance with these Guidelines)--such as analytics tools, | advertising networks and third-party SDKs, as well as any parent, | subsidiary or other related entities that will have access to | user data--will provide the same or equal protection of user data | as stated in the app's privacy policy and required by these | Guidelines." | | I call to all smart knowing license people of Hacker News. Is | this a copy-left license attached to a person's data? | dmitriid wrote: | This is basically GDPR. You, as the creator of an app or | service is the sole entity responsible for people's data. It's | on _you_ to make sure to not spill that data to third-party | services. | pilsetnieks wrote: | It could have been lifted verbatim from the GDPR. | ManBlanket wrote: | This policy seems purposefully vague. | | "Explain its data retention/deletion policies and describe how a | user can revoke consent and/or request deletion of the user's | data." | | My first question before looking into it was, "What an auth | tenant or some other service that stores user data?" or, "what | about like a banking or healthcare app that is just a portal for | another system?" And, "What does deleted even mean? IsDeleted=1?" | | It would appear Apple's stance on those answers is a shrug emoji. | I'm no appstore developer but I got a kick out of reading a lot | this for the first time. This rule bearing no exception to a | trend that for most part seems intended to give Apple the license | to eliminate bad actors. | | I got a new one for Apple. "Like, do what you gotta do but don't | be a jerk." | floatingatoll wrote: | It sounds like you'd like to work at Apple and help them | improve their guidelines process. They don't offer what-if | examples, and they note that it's by design that the guidelines | are not detailed to the level you're asking, so that they have | the flexibility to make judgment calls and prevent rules- | lawyering problems that crop up with the more detailed approach | you seek. | | 1. Auth tenant. Common sense says that if the auth provider is | operated by you, it's your problem to handle deletions | appropriately, either by removing their account or by warning | the user that you're only deleting the specific site account | and providing a link to delete the SSO account at your website | or whatever. If you do not operate the identity provider, such | as Facebook, then you need do nothing about it at deletion | time. Apple would likely approve any of those paths without | comment, but to defend against rules lawyering and loophole | seeking, there's no way to be perfectly certain until it's | approved. | | 2. Banking or healthcare app. If you can sign up in-app, you'll | need to let people close/delete in-app, except where prohibited | by contract or law. For corporate healthcare, you would pop a | dialog that says "This account can only be closed through your | employer", which would be absolutely sufficient. Ditto for a | banking account with non-zero balances or a safety deposit box | or whatever. It seems likely Apple will not have cause to | enforce the deletion clause against brick and mortar banks, | since they all have help/faqs on how to close accounts already. | App-only banks will be held to the more strict standard of | having some way to initiate deletion, being app-only, though of | course they'll retain financial audit records as required by | law. | | 3. Deleted means that all information not essential to | compliance with financial and other auditing laws has been | removed from your systems. Exceptions are understood to exist | for recording that someone requested deletion, but you can't | use those records for marketing or training AI or any other | purpose beyond managing your deletions. If you can't explain in | plain simple English how you handle deletions, they're likely | to reject your submission until you can. | | All of this is obvious. It isn't comfortable to consider that | you're at the mercy of human beings to evaluate your compliance | -- human beings that see a thousand scams a minute trying to | hack loopholes in the guidelines. But that's how it is today. | debaserab2 wrote: | When did "deleted" become a vague term? | | Deleted means removing as much PII as you reasonably have | authority to do so. It means purging all that data from all | databases with a guarantee that you will be removed completely | from all snapshots in a reasonable amount of time. | | This should be the default, normal understanding of what it | means to delete your account. | | It doesn't mean set a flag in a database so when your company | gets acquired in a few years your new owner has a nice little | trove of data to mine of people that explicitly opted out. | itake wrote: | One thing that is confusing about the concept of "deleted" is | how do you minimize fraud on a social platform without | retaining PII (indefinitely?) of your users. | | If there is a known fraudster and you have their selfie | image, email address, and ML face vectors, the fraudster | requests their account to be deleted. What should the company | delete? Maybe the company can keep a one-way hashed email and | face vectors, but what about hash-collisions or false | positives? | | If there is a user that wants their account deleted, but then | they come back to the platform (maybe abusing a referral | bonus or first-time-only coupon), how do you stop this fraud? | greysphere wrote: | I mean... There are a zillion reasons this isn't trivial. | Imagine I have an app that pays you, and it has to report | taxes on it. It can't just delete your info. Imagine an app | that sells alcohol, maybe it needs to make sure it has | confirmation of your age/info in case of legal action. | Imagine a chat application, if you chatted with someone and | they deleted their account, would you lose the chat | information (or even the name/record of who you chatted | with?), no, that's 'your' information too, somehow. | tediousdemise wrote: | The right to be forgotten is just that - the right to be | forgotten. _Your_ issues or needs, whatever they may be | (tax info retention, age info retention, etc), take a | backseat to the user 's rights. | | In other words: the right of one person's data to be | forgotten supersedes the right of another person's data to | be remembered. | robmaceachern wrote: | The press release sounds more flexible than the actual | guidelines: | | Press release (emphasis mine): "all apps that allow for account | creation must also allow users to _initiate_ deletion of their | account from within the app." | | Guidelines: "If your app supports account creation, you must also | offer account deletion within the app." | | Has anyone seen any clarification on what options might be | acceptable? e.g. I'm wondering about something simple, like | opening an email composer with the app support email address and | a pre-filled message body requesting account deletion which would | be performed async. | zerkten wrote: | Why would you want to make manual work for someone who just | wants their account deleted? You're possibly better off | offering an option in the delete flow for them to "talk with | you to see if you can work something out" versus manually | processing deletion requests. | | Effort on those requests might recover some users which may be | especially valuable if you are a subscription business. If you | can't benefit from interaction then immediately imitating | deletion from an API seems the only thing that would pass | muster. | robmaceachern wrote: | I think different use cases will call for different | solutions. My use case is a relatively tiny number of users | and any manual work they would generate for account deletion | would be nil, or very close to it. | | It's not necessarily about recovering users who want to leave | but rather minimizing the effort required to implement a more | complex deletion flow that has a high probability of never | being used by real users (in my case). | newfonewhodis wrote: | I wonder if it'll finally get me off nasty SV companies that | treat my data like their kid's prom photos that need to be saved | forever. | ddoolin wrote: | I was trying to delete my Instagram account just yesterday and | didn't even get around to it since I needed to do it from their | website. | gumby wrote: | Wonder if this can be used to unsubscribe from The NY Times? | javagram wrote: | Subscribing through the NY Times iOS app already solves that | problem I think, there's no need to delete your account, just | go to the Apple subscriptions management page and end the | subscription. | filoleg wrote: | Yep, can confirm, did that myself earlier this year. | Canceling the subscription for NYT that I had originally | subscribed to through iOS was painless and took all 10 | seconds that it took me to open the "my subscriptions" panel | in the App Store and clicking "cancel" on the NYT one. | tylerrobinson wrote: | I am not in California, and was able to unsubscribe recently | using a simple UI and I did not have to chat with anyone. | dfrankow wrote: | Where was the UI? Help us! | PontiacParade wrote: | I had the same experience. Very simple with only one | retention step of offering a discount. Once declined I could | cancel. | rpeden wrote: | Same here. Perhaps they've updated the unsubscribe process? | | I was expecting a painful process based on what I'd read on | HN and Reddit but it was just a couple of clicks. | tgsovlerkhgsel wrote: | People need to learn to just use registered mail. Yes, it's | ridiculous that it's necessary, but the postage and hassle is | probably less than dealing with those intentional hurdles. | | Alternatively, if the US legal system allows it and you can | find a number: Fax. This has the advantage that it can be | automated on your end so it's not much more hassle than a quick | e-mail, and the delivery receipt (yes, trivially spoofable in | theory, but I would assume it's widely accepted in practice) | also shows what the content of the message was. | jb1991 wrote: | This raises one notable benefit of going through Apple for all | payments -- as a customer, it buffers me from dark billing | patterns of any random company. Companies like 37signals don't | like it and claim it hampered their relationship with | customers, and that might be true in some cases, but overall it | seems like a benefit for customers to have a consistency | process of buying, refunding, cancelling everything they use | digitally. | widowlark wrote: | it buffers you from dark billing patterns of all companies | except apple | enos_feedler wrote: | I'd be interested to hear what dark billing patterns you | are seeing rn with Apple? | gumby wrote: | Here's one: they advertise "family" accounts: you buy an | app and your purchase also covers your spouse. | | But your spouse has to know you (or which family member) | bought it and click on their name in "family sharing" to | get it for free. Else spouse will pay for it again. | Zelizz wrote: | > Else spouse will pay for it again | | It doesn't quite work like that. When someone in your | family goes to hit the purchase button, it pops up a | window saying that someone else has already purchased it. | I'm not sure why you have to hit the button first, maybe | for some measure of privacy from your family members? | heartbreak wrote: | That's simply not true. My spouse and I buy apps all the | time from the App Store and when you try to pay for it, | it pops up a message that a family member already has and | proceeds to the download. | 8note wrote: | I'm not sure I see that as a benefit so much a government | doing a poor job on regulations for subscription services and | online payments | r00fus wrote: | Yes, to both. Gov could do better, and in the meantime | until if/when that happens, may be worth it to use a | trusted source (Apple) to manage that for you. | | Likelihood of Gov doing better seems tied to how much they | can get away from Wall St. funding/defunding their re- | election campaigns. | not2b wrote: | But if the price of that benefit is 30% off the top for Apple | for all payments, it's a high price to pay. Perhaps better | consumer protection laws would be a better way to fight the | dark patterns. | Arcsech wrote: | As a consumer, I have effectively no control over laws. I | do have control over which payment system I use. So if you | as an app developer don't want to give a 30% cut to Apple, | maybe push for better consumer protection laws so IAP | doesn't have that incredible benefit for me. | mithr wrote: | You can believe that dark billing patterns are bad and this | change is good, while at the same time also believing Apple | should charge developers less -- these are not mutually | exclusive. | [deleted] | arthur_sav wrote: | [Unsubscribe Now Button] -> _click_ - > Popup -> "Call us <3 | and we'll reply in 10 business days xxx" | madars wrote: | I heard you can change your address to California, which then | gives the option to cancel online (due to state law). It is | absolutely ridiculous that NYT will happily take your card info | online, but require you to be on hold to speak with their | "customer care" to cancel. Maybe it is time to use virtual CC's | a la privacy.com. | ceejayoz wrote: | Even better, when I had to cancel my NYT subscription, it | said there weren't enough cancellation reps to connect me; | "try again later". | | I went in via the normal support chat, said I wanted to | cancel, and was immediately redirected to one. It was an | outright lie. | slownews45 wrote: | Yep - and these are the SAME places posting LONG articles | about how terrible Apple's store policies are. Uh, folks | spend a lot on the apple store for a reason. | gbear605 wrote: | The problem is how Apple both profits from the app store | and sets rules on the app store. It's incentivized to | create rules that make it money without helping users. | Apple needs to either stop making money from the app | store or to create a separate body that can set rules | without being incentivized by profit. | | Laws are good, but the lawmakers shouldn't profit from | them. | slownews45 wrote: | Walmart profits from their store and sets the rules from | their store. The incentive is to make the store a place | people want to spend money. This is the same as almost | any other store isn't it? | | You do that by making it safe and comfortable for users | (or in androids case maybe by doing deals with phone | companies to pre-load their apps and make money off users | there ). | | Apple is only partly successful, they have 15% market | share in phones or so. But one area they've been good at | is trust - users on an iphone probably spend a lot more | (it's also harder to pirate, so what developers give up | in profits they make back in lack of pirating). | ManBlanket wrote: | Your boy at darkpatterns.org would love that gem. I don't | know if you can give it a more succinct name other than, | you know, lying. | tshaddox wrote: | In California the New York Times still requires you to chat | with a customer support person on their website. You still | have to wait in queue, then wait for the person (or maybe | it's a bot at this point) paste in several attempts at | retaining your subscription. | | The law needs to be that you can cancel all recurring | payments through a standard interface. It's ludicrous that my | online banking account doesn't just show me all subscriptions | and allow me to cancel all future payments of any of them. | 8note wrote: | I should be able to tell my credit card company that I'm | ending a subscription, and have them be in charge of | notifying the provider that the subscription has been | terminated | lttlrck wrote: | Yes for recurring subscriptions the control should be | firmly under the consumers control. Perhaps there should | be a special recurring transaction type on credit cards | akin to those in PayPal. | asdff wrote: | you can do that already. just issue a chargeback and | poof. | ceejayoz wrote: | Do that to a gym and they'll sue you for not paying out | your contract. | tshaddox wrote: | And your bank will probably get upset at you too. | sergiotapia wrote: | Any banks that offer this service? I would switch my | primary banking service for this. | ilikepi wrote: | You can kind of get close to this using merchant-specific | card numbers from privacy.com (not affiliated). If you | want to cancel a subscription, you just deactivate the | number associated with that subscription. | asdff wrote: | All of them. if you don't like a subscription and don't | care about burning a bridge, issue a chargeback. | tshaddox wrote: | Or just reject the payment the next time they try, that | would be fine by me. | jackson1442 wrote: | I think my bank does this, when I called for another | reason this week there was an option on the phone menu to | stop a recurring payment. | 6nf wrote: | I've done this using my credit card company (not the | bank) and they were very helpful. I explained why I | wanted them to stop the recurring payment and they asked | if I wanted to dispute any of the older charges, took | less than 5 minutes. I call the 'fraud/disputes' phone | number on the back of my card for this and I think that | is not the bank, I think it's Visa / Mastercard | themselves. | core-utility wrote: | That's my biggest use case for Privacy.com. I care less about | the privacy aspect and more about the convenience. I've | already had once instance where a single-use card I created | for 1 specific vendor started getting fraudulent hits | (declines) and all I had to do was delete that card. | tlogan wrote: | Be careful. You are still on the hook. And in many cases | companies will sell you debt to collection agencies. | JumpCrisscross wrote: | > _all I had to do was delete that card_ | | Careful. If you didn't properly terminate the contract, you | still owe that money. I have a friend whose credit got hit | because a service sold his debt to a collector. | core-utility wrote: | Thanks, good to note. In this case, they were declined | transactions (nothing that went through) so it was only a | tip-off to something fishy. | arecurrence wrote: | The Globe and Mail operates similarly. I spent some time | while cancelling a few years ago informing them that making | me call them to cancel is a crime in California. The person | on the line cancelling my account was genuinely surprised. | | Canada was the first to require simple unsubscribe for email | lists... I'm surprised it still does not have a law to | require online unsubscribe for media subscriptions. | murphyslab wrote: | > I'm surprised it still does not have a law to require | online unsubscribe for media subscriptions. | | Newspaper editorial endorsements are still a big thing in | Canada. | | > The Globe and Mail operates similarly. | | But this is good to know. I was considering swapping | another newspaper subscription for a Globe and Mail | subscription, but after looking into it, the eventual | unsubscribe hassle isn't worth it. | SllX wrote: | I dunno. I cancelled the other day now that I no longer care | about the pandemic data and it was basically just three | minutes of politely stonewalling in a chat box saying "No | Thanks, please cancel my subscription." a couple of times. | | I live in California and would have tried cancelling online | but actually couldn't find the option. I can't say it was | difficult to cancel though once I picked a process and | initiated it. Maybe that was the online option now that I | think about it? I was expecting a button or link. | gmadsen wrote: | I did the same a few years ago and it was relatively | painless, however there are many people that do not like | confrontation and "stonewalling" is not an easy task. NY | Times understands this and preys on a specific segment of | the population. | SllX wrote: | I don't know. It's 6 words and you don't even have to be | rude about it or get annoyed at the offers they throw at | you. Then you get the confirmation email and you're set. | kelnos wrote: | I hate talking in the phone to people I don't know so | intensely that I have wasted hundreds of dollars on | various things because I procrastinated calling to | cancel. | | This effect is real, and companies know it, and design | their cancellation processes to extract extra money from | people. | vageli wrote: | They don't have the right to my attention. If they were | to cancel my service due to lack of payment (for | example), do you think they would engage me in a dialogue | to discuss it or just send me a notice in the mail? | ribosometronome wrote: | Do any banks do a good job offering this feature for debit? | | Back in one of the days, the PayPal TOOLBAR used to offer | this feature, it was really convenient since you were | essentially direct drawing from your bank account with it. | electroly wrote: | If you use PayPal to pay for NYT, you can cancel via PayPal | and never speak to anyone. | hashmymustache wrote: | That's every newspaper online. And gym memberships. And many | others. Easy to get, pain in the ass to end. | ahefner wrote: | I had no difficulty unsubscribing from The Washington Post. | st3ve445678 wrote: | I was going to say the same thing! They are the WORST. I had to | cancel my subscription and the process was like a legal battle | with the customer representative. He fought me so hard and it | took so long. I lost all respect for the times after that. | philwelch wrote: | I had the same experience with The Economist. And they've | been harassing me for months trying to get me to subscribe | again. | rapind wrote: | Nevermind NYT, what about your gym subscription! | ajb wrote: | That's been so bad that there are now gyms which have 'easy | cancel' as a selling point. Pure Gym (UK) allows you to | cancel by just stopping the payment (they call this "No | contract" which is legally illiterate, but whatever). | Ironically my bank was suspicious about me when I did it. | yohannparis wrote: | This is mostly an internet meme, I subscribed and cancelled | from the NYT many times without an issue with their online | chat. | thechao wrote: | I canceled by clicking a button. NYT very much knows I'm in | Texas, not California. It was so easy I almost signed back | up... | st3ve445678 wrote: | Not a meme, I had the experience first hand. It's very much | real. | gumby wrote: | Are you in California? | xu_ituairo wrote: | Isn't having to have an online chat an unnecessary artificial | barrier? Why not a button like most other sites. | Karunamon wrote: | I think the problem is that it requires chatting live with | someone who's job it is to prevent you from cancelling in the | first place. If you can sign up in two clicks you should be | able to cancel in two clicks. | bshep wrote: | SiriusXM is like this as well, you subscribe/upgrade online but | you have to argue with a support person for 30-40mins to | cancel, at least you can do it on a chat on their website. | | Honestly if you can subscribe with a button you should be able | to unsubscribe with a button. | CamperBob2 wrote: | It's outrageous that you can't cancel online as easily as you | signed up, and we do need legislation to correct that. But | when you have to talk to them on the phone, just say, "I sold | the car." End of conversation. What are you telling them that | gives them the hook needed for a 30-40 minute conversation? | | If all else fails, "I was just diagnosed with a terminal | illness" or "I am required to report to the state | penitentiary on Monday" will work. | bshep wrote: | They say "well we have the online streaming you can use" or | "we can txfer it to your new car" they're just stubborn and | incitvized to try to keep you. Whats worked the best for me | is "i haven't used it in 6months and dont want it". theres | nothing they can say to that. | jp57 wrote: | If you buy your subscription as an in-app purchase, you can | cancel it easily from your phone. Say what you will about the | app store and in-app purchases, but when it comes to cancelling | subscriptions they've eliminated the dark patterns. | Jtsummers wrote: | And they'll notify you of the subscription's upcoming renewal | (about a month in advance). Which is very nice when you have | a subscription that you forgot about or for an app/service | you realize (with the reminder) you no longer need or use. | aledalgrande wrote: | Same as WSJ | marstall wrote: | from the Guide ... > If your app supports account creation, you | must also offer account deletion within the app. | | big sigh of relief for me with a service companion app that | delegates account creation to a web admin interface ... | emkoemko wrote: | can i buy a bunch of stuff and then charge back my credit card? | then when they ban me can i then ask them to delete my account? | so that i can make a new one and do it again? | _fat_santa wrote: | How is this supposed to work for insurance or banking apps? I | would think those companies separate your "online account" from | your actual account with them or something like that. I guess | more generally how will this affect apps where "deleting your | account" is a complicated affair (insurance, banking, mobile | service, utilities, etc). | floatingatoll wrote: | How does it work today? | | All mobile banking apps that allow signup seem to also allow | account closure, so there isn't exactly a problem there. | | If I sign up for insurance in an app, I expect (and Apple will | enforce) that I can cancel it in an app. Setting aside certain | health insurance scenarios where I have no legal authority to | terminate my insurance, I expect that Apple will absolutely | start enforcing that insurance account management apps need to | have a way to terminate coverage. But I think this isn't the | kind of business they're concerned about, so they might focus | on other business categories first. | nightfly wrote: | > If your app supports account creation, you must also offer | account deletion within the app. | | Insurance and banks probably aren't affected, since your | account is created outside of the app | greysphere wrote: | "Paid functionality must not be dependent on or require a user to | grant access to this data" | | This almost forces all software that does anything on the | internet to be subscription based (or free). | asimpletune wrote: | Couldn't you have a signed token for ever capability that | they've purchased? The app could easily check the signature | without exposing the private key. | greysphere wrote: | That puts the burden on the user/client to maintain and | transfer their key to new devices, which, well I can't even | do that... | BoysenberryPi wrote: | I feel like this is an objectively good thing. On Android, there | are many times I signed up for something just to try it out only | to decide it wasn't for me and have no way to delete my account. | Currently the only thing you can do is just throw in some dummy | information and leave it in the wind. | vrc wrote: | In that regard, SIWA with relay emails is already saving folks | a big headache. | SV_BubbleTime wrote: | Does directing you to go their website to create the account then | count as the app offering account creation? | | I guess the precedent would be that they didn't used to allow | redirecting to a website with the purpose of avoid in-app | charges. Although I think that's over with now. | Andrew_nenakhov wrote: | I wonder how many email clients will suffer from this policy | because they won't be able to delete email accounts from third | party servers? | tcit wrote: | Those email clients don't allow for account creation, so they | shouldn't be concerned. | codetrotter wrote: | For the most part a very good thing. | | Wonder what that means for third-party HN client apps though, | since HN accounts cannot be deleted. | spinax wrote: | Not sure which reply to post this under, so I'll just reply | under GP - it took me about 3 minutes to locate a popular HN | client which specifically advertises account creation in the | overview. https://apps.apple.com/us/app/octal/id1308885491 | | (Android user, can't test it) | psychometry wrote: | Let's hope it's a wake-up call to HN admins that they need to | rescind this unjustifiable and user-hostile policy. | lacker wrote: | It only applies to apps that let you create an account from | within the app, so third-party client apps like this could just | not handle the account signup. (I think they already tend not | to handle it.) | wvenable wrote: | From the article: "...all apps that allow for account | creation..." | colpabar wrote: | Great point! It's definitely a step in the right direction, but | my immediate thought was "what about all the sites that don't | actually delete anything?" | | Hopefully apple makes a more user-friendly announcement about | this that will introduce people of the concept of data | retention and how "deleting" an account isn't really deleting | anything. | vineyardmike wrote: | > my immediate thought was "what about all the sites that | don't actually delete anything?" | | Thats the whole point :) Apple is saying they need to or no | iphone app. | colpabar wrote: | My point was that not all "delete account" buttons are | created equal. Some sites just have an "is_deleted" column | in their user table, and will continue to use your data | after you "delete" your account. I don't think apple has | any way to check for this, but hopefully they at least | touch on this topic in their announcement of the new | requirement to the non-developer public. | TedDoesntTalk wrote: | It doesn't actually say the account must be deleted. It says: | "...must also allow users to INITIATE deletion of their | account" | | Capitals mine. So I can allow the initiation of deletion but | never actually completely delete the account... and my app | complies. | jmull wrote: | From the message: | | > ...all apps that allow for account creation must also allow | users to initiate deletion... | | So any third-party client that allows creating an HN account | would need to stop. (Are there any?) | ASalazarMX wrote: | I hope third-party clients are not forced to, because making | the delete API private would be a great opportunity to | indirectly ban them. | | Edit: it's only for apps that allow account creation. If you | expose the API for account management to third-parties, it | would make sense to include account deletion. | stevepdp wrote: | Beyond issues of privacy, this is a nice quality of life fix for | folks pursuing digital minimalism. | murgindrag wrote: | As much as I like the change, the 3-month window seems | unreasonable. I don't currently have AppStore apps, and these | kinds of whiplash changes are part of the reason. | | Microsoft, for all its faults, is much better than Apple or | Google here. | | Businesses take planning and strategy, and these things lead to | drop-everything fires. | | Economies rely on stability. | wbobeirne wrote: | To be fair, it's closer to 4 months, and it would appear that | they won't yank you immediately. It's only for new submissions: | | > This requirement applies to all app submissions starting | January 31, 2022. | | Unsure if this means new apps, or includes updates to existing | apps. But I bet there'll be a bit more of a grace period if you | don't have a new update to push. | ryantgtg wrote: | Plus, "initiate deletion of their account from within the | app" sounds like the app can simply link to whatever account | deletion functionality you have on your website. | dhritzkiv wrote: | This language in the past has come to mean all submissions: | new apps and those being updated. | alex_c wrote: | This change was noticed and discussed in June, when Apple | (quietly) added a clause to the App Store guidelines. We | notified our clients back then. | | Details were very vague at the time and now we know when it | will actually start being enforced, but overall it's more like | half a year notice. | bilbo0s wrote: | I remember that change. I wondered at the time why people | were not more concerned about what that change meant. I guess | people either didn't fully apprehend the implications, or | maybe they thought Apple wouldn't follow through? | [deleted] | floatingatoll wrote: | Apple considers 3 months their standard level of advance | notice, with WWDC serving as your warning and the release of | iOS in September as the go-live date. | | However, in this case, they have ended up giving you 6 months | and a courtesy reminder. | | If you aren't interested in maintaining your app annually, | don't publish apps on Apple's store. | | Whether or not their level of notice is enough, they've been | consistent for years in this practice of 3 months notice for | significant and breaking changes, and they seem comfortable | compelling annual updates from developers. I would not expect | them to care that 3 months is difficult in your circumstances, | as they assume you're prepared to maintain your app and | proactively keep up with policy changes over time. It sounds | like you did not attend to this year's policy updates and may | well have been out of compliance for months now. Fortunately, | they offered a grace period rather than just refusing your next | bugfix update. Lucky you! | | (I am not sympathetic to your situation, because as a user of | apps, I am exhausted of crappy apps and bottom-of-the-barrel | behaviors from developers. I understand that others may feel | otherwise, and that's fine too, just as long as those feelings | do not get in the way of being a responsive app developer.) | oauea wrote: | Yet another developer-hostile apple policy. Amazing. You have | to be crazy to stake your company on apple's goodwill at this | point. | jstsch wrote: | This is great news, and again evidence of Apple pushing the | privacy envelope forward for their customers. For many users, | deleting an account by visiting an obscure flow on a web property | is simply a bridge too far (assuming the service even offers an | automated way of account deletion, which often is not the case). | dathinab wrote: | From the guidelines: | | > (v) Account Sign-In: If your app doesn't include significant | account-based features, let people use it without a login. If | your app supports account creation, you must also offer account | deletion within the app. Apps may not require users to enter | personal information to function, except when directly relevant | to the core functionality of the app or required by law. If your | core app functionality is not related to a specific social | network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must | provide access without a login or via another mechanism. Pulling | basic profile information, sharing to the social network, or | inviting friends to use the app are not considered core app | functionality. The app must also include a mechanism to revoke | social network credentials and disable data access between the | app and social network from within the app. An app may not store | credentials or tokens to social networks off of the device and | may only use such credentials or tokens to directly connect to | the social network from the app itself while the app is in use. | | Also interesting: | | > (viii) Apps that compile personal information from any source | that is not directly from the user or without the user's explicit | consent, even public databases, are not permitted on the App | Store. | | So why is Facebook still allowed? It still creates shadow | profiles without permissions as far as I know. | oauea wrote: | Because apple applies one set of policies to you and me, and | another set of policies to the bigcorps. See the leaked | messages from the epic lawsuit where apple execs talk about | netflix's iap cut. | LegitShady wrote: | >So why is Facebook still allowed? It still creates shadow | profiles without permissions as far as I know. | | Maybe because the app itself isn't doing it? I'm not sure what | "apps that" vs using the information the app gives you are | really different but in technical detail it might be. | CheezeIt wrote: | Apple shouldn't be interfering with other businesses and their | users like this. It's sad to see people here celebrating their | inability to run unapproved software. | nerdjon wrote: | This is the cost of gaining access to users in iPhone. | | This also has nothing to do with unapproved software. The idea | that a user can actually delete their data from your servers | should not be a controversial topic. But of course it is for | businesses and developers, which is why Apple has to make a | policy like this. | | As a user I am very happy with this. | echelon wrote: | > This is the cost of gaining access to users in iPhone. | | 50+% of Americans for everything they do, say, buy, etc. | | This is a monopoly by sheer volume and scale of their reach. | nerdjon wrote: | Maybe it's time to realize that consumers continue to | choose a more locked down platform for policies like this? | | Businesses will continue to complain but this protects the | user. | echelon wrote: | Call and email your representatives like I do. | | You're not going to find support in a forum with 60+% Apple | users. A lot of these people work for or have stock in this | company. | | They don't see how this is a roadblock to competition and that | this device is now in the critical path of 50+% of commerce. | (Maybe they'll care more when they have to compete.) | detaro wrote: | Meh. I don't own Apple devices, am always arguing they | shouldn't force apps to go through the app store and at the | same time find this a very reasonable restriction for the app | store to have. | staunch wrote: | The problem is that Apple has absolutely no way to enforce the | deletion. An app can say "your account is deleted" but not | actually delete any data off their servers. | | What would really give users the control they deserve is the | ability to restrict what data can be sent off the device by an | app in the first place. | | Apple should make it possible to deny internet access to an app | entirely, and they should provide an API that allows apps to | upload very specific kinds of data that a user has approved of, | but nothing else. Of course, some apps need to be able to request | unrestricted internet access. | | Permitting apps to collect private data _and_ have unrestricted | internet access, by default, was always a terrible decision in | terms of user privacy. Apple owes it to their users to fix the | problem they created. | Karunamon wrote: | The test for that problem will be seeing what happens when one | of these apps get breached. Unless Apple is willing to | terminate developer accounts when it comes out that app makers | are not actually deleting anything, this is completely | toothless. | joebob42 wrote: | If you want to delete your account, and your primary goal is to | prevent future data going to the owner of the app from your | device, why not just delete the app? | staunch wrote: | My goal would be to keep my data on my device and in my | control. It's crazy that giving an app access to your Photos | or Health data means it can just start randomly uploading to | anywhere on the internet without asking you. | | People in the future will be amazed we lived like this... | jmull wrote: | > Permitting apps to collect private data and have unrestricted | internet access | | What apps are left if this is forbidden? | | "private data" can mean pretty much any user input. | "unrestricted internet access" means pretty much any internet | access. | | We're left with apps that either cannot accept user input or | cannot access the internet at all. | staunch wrote: | A good system would probably have tiered permissions, | something like: | | 1. No internet apps: store data locally on the device only, | no upload or download. | | 2. Partial internet apps: store data locally, and only | download data through an Apple proxy service that hides the | user's IP address and any identifying info. | | 3. Full internet apps: store in the cloud, | uploaded/downloaded through an Apple proxy that logs/filters | everything. Or even stored in Apple's cloud. | | 4. Unrestricted internet apps: VPNs and web browsers, and | whatever else actually needs arbitrary access to the | internet. | | There's no reason my bluetooth scale app needs #4 (which it | has today) when I would much prefer it have #1. | jmull wrote: | I don't believe "only download data through an Apple proxy | service" does much for user privacy/control of data. | | A seemingly benign request that appears to simply request | information can encode a user's private, sensitive data in | the request URL, e.g. | | I think there's no real distinction between your 2. 3. and | 4. | | There's a place for no internet access at all. It would be | good if they had a permission for that. | otterley wrote: | Do you really think it's a good idea to lie to Apple and to the | public about your data deletion policies? Do you really think | bad actors won't be found out eventually? Is it worth the risk | to your business? | twobitshifter wrote: | I think there is a point there. "Soft" deletions are | relatively common in relational databases. Do we know that | Apple means a "hard" deletion of data? Apple says to include | your retention and deletion policies in the App description, | so maybe that's where people would need to come clean on soft | deletions? | winternett wrote: | Apple... Now protecting people's privacy much faster than the | government... 0-60 real quick. | | But on the other hand, I think they should also carefully | disclose the info they collect at their OS level... | | Just another case of that old CYA. | jackson1442 wrote: | When setting up your phone or accessing any apple apps for the | first time, there's a (labeled) data collection icon at the | bottom of the screen that you can touch for information about | what data is collected by each app/process. For the apps, this | information is also available in the App Store (just like any | other app). | | You can also view any collected system analytics in Settings -> | Privacy- > Analytics & Improvements. Seems relatively fair to | me. | nielsbot wrote: | I think they do? Although it may be buried in several settings | screens... | jon-wood wrote: | One of the first steps in setting up an iOS device is a great | big screen telling you what data is collected and allowing opt- | out. There's several of them for each feature you're setting | up. There's then another of those for each first party Apple | app on the device. I'm really not sure how much clearer they | could be. | judge2020 wrote: | It's definitely carefully (not prominently) disclosed, you just | gotta go to this privacy page: | https://www.apple.com/legal/privacy/en-ww/ | winternett wrote: | Let me get my reading glasses... Ahh... OK, they limit it | only to accessing everything... lol. | tediousdemise wrote: | I think the right to be forgotten is spelled out in plain terms. | If you have my data, and I don't want you to have it, that's the | line in the sand. With a few exceptions (such as data | decentralization), data is trivial to delete. The problem is that | businesses and governments don't _want_ to delete data, because | data is knowledge, and knowledge is power. | | Example: You are a typical business. A fire completely destroys | all of your data, including financial data. If the IRS comes | knocking for financial records, you have an excellent reason for | why you cannot provide it - force majeure. A law protecting the | right of a human to be forgotten should be treated the same as a | fire. You do not question it, and should forcefully comply. | spicybright wrote: | They have a lot of good will to make up for the image detection | they tried to push. | turbinerneiter wrote: | I remember that roughly 5 or 6 years ago, when I wanted them to | delete my apple id, I had to call them. On the phone. And the guy | told me, "if we delete your apple id, you will not be able to | sign up with this mail again". | | I only realized after hanging up how little sense this makes. | dmart wrote: | It makes perfect sense, in order to prevent someone else from | registering your old @icloud.com email address and | impersonating you or performing password resets. | turbinerneiter wrote: | That does make sense, but I remember him talking about my | gmail address. Not even sure I had an icloud email. But I | could very well remember that wrong. | programzeta wrote: | You can have an iCloud account with any e-mail, including a | gmail address - might have been the case there? | bobbylarrybobby wrote: | The point is that you don't want someone re-registering on | iCloud with that gmail address because then they could | impersonate you when interacting with Apple. | asdff wrote: | I still don't get it. You cancel the account, it should | be gone like it never happened. Poof. If you make a new | account with the same email, it should be a new account | with no relation at all to the old account since that one | has been deleted and is gone forever and there would be | nothing to impersonate here. | MattGaiser wrote: | Presumably to prevent someone from hijacking accounts. | wil421 wrote: | I've had people try do use credential stuffing on my accounts | after major breaches. It happened on a deleted instagram | account and I'm glad they blocked it. | | I'd rather it work the way Apple does it than have someone try | to recreate a deleted account. | slownews45 wrote: | This makes total sense, and good of them to warn you. | | MANY people tie things like password resets to your email, not | to you and may not have a retail store presence you can get to | for a password reset. | | He's telling you - once this email is gone, it is gone and no | one, including you will get it again. That is good in the sense | that no one can impersonate you, but bad if you have an "ooops" | moment and want to do a password reset that needs that email. | jackdeansmith wrote: | Feels to me like public pressure is on Apple to actually justify | their argument that their App Store policies are for the benefit | of their customers. If that results in more policies like this | that really do improve customer experiences, that's not the worst | outcome. | [deleted] | duxup wrote: | I feel like a lot of policies were always there for that | reason. I don't consider this anything but just another policy | like that. | Despegar wrote: | The App Store policies were always for the benefit of customers | (and Apple). These policies will keep happening because the | basic incentive of Apple's business model has been unchanged | since 2008. | gm wrote: | I would rephrase it as "The App Store policies were always | for the benefit of Apple (and customers)." | | The priorities have shown very clearly over time. | mehrdada wrote: | Indeed many people do not remember that Android ecosystem at | the beginning deliberately was on the side of the _developer_ | (and Google) as opposed to the user with its lax permissions | and liberal access to the system and took its leisurely time | to add more useful permission controls for years (location | access was _install time_ and you could not opt out of that | specific permission unless you chose not to install the app | at all). | | Priorities matter. | | P.S. I do see Apple business model changing to services | bringing in some bad behavior associated with that: for | instance, push notifications now are used as a spam/marketing | mechanism for Apple services similar to Android; iCloud | Storage nag is another example. | slownews45 wrote: | 100% this, folks do not remember that it was really apple | leading on a TON of this stuff. | | The storage and other nags I hate, it's a real ethos | breaker for me. Get that crap off my iphone. That's why I | pay extra - for less crap (I like that they somehow can | also block the carriers from installing unremovable apps, | for some reason android phones sometimes come with weird | apps from your carrier when you get them). | hawski wrote: | How does the app store searching and filtering work now? I | had last contact with Apple devices around iPhone 4S. What I | remember from that time (maybe wrongly) is that the | experience was practically limited to a name search (as on | Android). You can't filter for example for open source apps. | I know that the example is not useful at its face value even | if power users could show their less technical peers "this | one simple trick". But it is just an example. From what I | remember searching things in app stores is a lesson in | frustration, because it is mainly there to input a well known | brand or app name and quickly install it instead of helping | with app discovery. | | Nowadays on Android I try to search for apps on F-Droid first | or search on Github as a shortcut to find open source apps. | Why open source? They are often a barebones version, that | will probably not sell me out and will not use dark patterns | (I know it can still happen). I have nothing against paying | for apps, I do have a couple I bought, but sometimes I have | simple itch, that I know for sure someone else already | scratched for everyone else and I do donate sometimes. This | lousy state of app stores leads me often to search for some | simple web apps on github.io. At the same time I sold whole | open source category to Microsoft. In the end it seems that | all I want is a smartphone shell scripting equivalent, but | that is a totally different point. | dwaite wrote: | > You can't filter for example for open source apps. | | There isn't metadata for this, as it is not part of Apple's | relationship. | | They are a seller of software, and the creator of the | software is responsible for making sure the software can be | compatible with the licensing and copyright terms of both | Apple and any dependencies. | | A semantic link to grab the source code for an app would be | neat, but a pretty niche feature. That Apple can't verify | that it is the same code (or that the separately hosted | build process doesn't have malicious logic within it) | probably quickly pushed them over the edge in terms of not | supporting such a feature. | Andrew_nenakhov wrote: | Yeah, like the inability for the user to install an app after | an authoritarian government decided that their subjects | should not be using it, and Apple subserviently obeyed and | removed said app from the Appstore. | | An extremely beneficial policy for the customers, right. | simonklitj wrote: | You're talking about something else. Do we expect money- | making companies to be the ones to war against | authoritarian regimes? Do we not also expect companies to | obey the laws of the lands in which they conduct business? | You can't just say screw it to GDPR and expect to continue | to be able to conduct business in the EU. | MrStonedOne wrote: | Apple didn't have to lock users out of installing | "unapproved" apps on their own. That isn't for the user's | benefit and isn't necessary for apple to have a curated | app store. | dwaite wrote: | What would the alternative be - the method of | installation is the App Store, and Apple's compliance was | removing the public and private presence from the App | Store within that country. | oauea wrote: | Just allow sideloading. It's not hard to not block that. | But apple is hell-bent on collecting every cent they can, | so of course all app installations must go through their | walled garden where they can take their 30%. Anti- | consumer behavior at its finest. | Andrew_nenakhov wrote: | I do expect the company that sells hardware to their | users to allow users to decide which apps to run on sold | devices. Currently, Apple is behaving as if still owns | those devices and decides which apps to run. Precisely | this lock-in created by apple is actively exploited by | authoritarian regimes. | | If Apple will allow third-party app stores or direct | installation of applications on devices, dictatorships | will lose this capability to harm Apple's customers. | | But of course we all know that this policy was never | intended to protect users, it was to protect Apple and | their appstore monopoly, which also allows Apple to | extort developers of 30% of all of their revenues by | forcing them into Apple's payment services. Finally, the | world has had enough of this and starts to fight back | against it. | lovich wrote: | > If Apple will allow third-party app stores or direct | installation of applications on devices, dictatorships | will lose this capability to harm Apple's customers. | | As someone who switched from the Samsung note line to | iPhone, the only freedom I felt from the ability to | install other apps was the freedom to deal with all the | unrecoverable crap ware. | | There's other phones out there with greater freedom than | the iPhone, people are aware of them, and are still | choosing the iPhone. | | The curation is a benefit in that I have a corporation | with thousands of employees working to prevent the other | corporations from making my user experience worse. If the | curation goes away I'd probably switch to a cheaper phone | next upgrade and I'm sure apples aware of that | slownews45 wrote: | Most of their policies are ones CONSUMERS have liked but | BUSINESSES have hated. | | The litigation / cases / govt intervention has been on behalf | of businesses not consumers. A lot of folks in the "alliance | for app fairness" have just horrible billing practices. | Understandably, if they can get out of the app store, they can | stop you from being able to do things like delete your account | or unsubscribe with a few clicks. | | A lot of the newspapers make it easy to sign up, but then you | have to call to cancel, the same papers that go on and on about | how terrible the app store is. There is a REASON people spend | fortunes, particularly in the apple app store - it's damn safe | to do so in most cases. | forty wrote: | Honestly I'm more on the business side, but I fail to see how | the fact that we cannot refund our customers is a benefit for | them. | Hammershaft wrote: | Apple killed valve's steam link app because they couldn't get | a cut of games consumers had purchased on a different | platform. Hardly pro consumer behavior. | dwaite wrote: | They _temporarily removed_ steam link because the app | allowed you to enter credit card information and purchase | directly within the app. | | Once that was removed, Steam Link went right back up | skunkworker wrote: | Steam Link? It's on the App Store right now. Same with Xbox | and PS remote play. | | They don't allow a native app for GeForce now, but it works | with a browser. | MrStonedOne wrote: | Don't you think that is something apple should have thought | of before doing what they did to cause outcry? | | Apple wanted to be the gatekeeper blocking out harmful apps, | fine by me. | | Apple then wanting to use that gatekeeper status to steal | money from app developers, block apps that compete with apple | internal apps, and enforce moral choices on what kinds of | apps you can install on your phone, evil by me. | | They could have done the former without doing the latter, but | they fucked it up, and have to pay the piper. | harles wrote: | So the case for this practice is that Apple is the only | corporation that can be trusted with billing - consumers are | just being protected from all those evil corporations that | aren't Apple. Seems like a straw man. | zamadatix wrote: | > Most of their policies are ones CONSUMERS have liked but | BUSINESSES have hated. | | I'd agree here, the majority of the policies are likable by | consumers. | | > The litigation / cases / govt intervention has been on | behalf of businesses not consumers. | | Consumers don't have millions to throw around on litigation | against Apple so it's no surprise the litigation is focused | around business cases. On the government intervention side I | disagree though, of the very little intervention there has | been it has been consumer focused IMO. | | In either case there is also some overlap of "business | interest" and "consumer interest" even if the vast majority | of the time there isn't so blanketing that all litigation has | been on behalf of businesses does not imply all litigation is | about policies not in consumer interest. And I think the | courts have been very conservative on which points are | actually acted upon even if there is a bit of a "throw it at | the wall and see what sticks" approach to many of the cases. | | > A lot of the newspapers make it easy to sign up, but then | you have to call to cancel, the same papers that go on and on | about how terrible the app store is. There is a REASON people | spend fortunes, particularly in the apple app store - it's | damn safe to do so in most cases. | | If people are truly buying Apple devices because they only | want to purchase things from the controlled app store then | the availability of alternative app stores wouldn't be a | concern, they would simply go unused. The truth is most | people don't actually buy the devices for this reason which | is why Apple is so afraid to give that singular point of | control up. | bogwog wrote: | Bad billing practices like the NYT's impossible-to- | unsubscribe bullshit is not Apple's responsibility to fix: | it's the market's first, the government's second. A | corporation having the power to control/regulate society to | such an extent is like textbook dystopian hell-hole stuff. | syshum wrote: | I am a consumer... I hate their policies which is why I do | not consume their products | blendergeek wrote: | > The litigation / cases / govt intervention has been on | behalf of businesses not consumers. | | There is actually a class action suit against Apple regarding | anti-trust brought by consumers. Unfortunately, while the | suit was filed in 2011, it wasn't until 2019 that the Supreme | Court ruled that consumers even do business with Apple in the | App Store [0]. So, a lawsuit filed in 2011 was allowed to go | forward in 2019. I don't know what methods Apple had used to | hold up the case since then. | | [0] https://en.m.wikipedia.org/wiki/Apple_Inc._v._Pepper | echelon wrote: | Feels like a celebration of "Apple sticks it to the stupid app | developers, hooray!" | | Except app developers are mostly small shops and startups. One- | person operations. | | How would we like it if the web were forced to behave according | to some governing body? It feels like some North Korean 1984 | dystopia and we've all got explosive collars around our necks. | | It's anti-freedom, anti-American, anti-ownership, anti- | Stallman. And I own five iPhones and an iMac. | | I just want my stupid software on the stupid fucking software | execution device. No tap dancing bear rules. No praise to Apple | or forced induction to the Church of Jobs. | | Steve Jobs made this artificial, ceremonious bullshit to make | money. There is no other reason. | | I curse history that his authoritarianism won. It's become | pervasive throughout the industry now. It should be illegal. | | I'll gladly charge 3x the price to Apple users for having to | put up with this malarky. | wruza wrote: | Why don't you just use pro-everything devices. Even top | quality ones exist now, which can be reprogrammed to function | as you wish. Apple is not the only option anyone has. | echelon wrote: | Because it's impossible to ignore 50% of the market using | iPhones. To do so would be to doom your company. | [deleted] | cientifico wrote: | Is it only in Europe that this is already by law for every entity | that stores personal data? | kmetan wrote: | So this will also apply to all banks with online onboarding? | | E.g. 1) Download an app (N26, Revolut, etc...) 2) Create an | account 3) After login, the option to delete the account should | be there... | | (Of course the bank should respect all data retention policies) | sharmin123 wrote: | Having troubles logging into your email? Get it hacked | efficiently: https://www.hackerslist.co/having-troubles-logging- | into-your... | codingclaws wrote: | Wow. I wonder how many apps this will take down due to not ready. | nathanyz wrote: | Is this now perhaps the easiest way to remove your Facebook | account? | | Future guides will be like: 1) Buy an Apple | device 2) Download and sign in to Facebook app 3) | Click delete account button | envy2 wrote: | Deleting a FB account is already trivial. | | Instructions here (essentially, press "Permanently Delete | Account" in settings and put in your password to confirm): | https://www.facebook.com/help/224562897555674 | chaircher wrote: | I am under the impression this varies wildly from country to | conutry but am unsure - maybe someone else can chime in to | confirm/deny? | zenmaster10665 wrote: | huh? you can deactivate and delete your FB account through | Facebook...why would this be easier? | nathanyz wrote: | Don't they maintain shadow accounts and not actually delete | the account in the background. That was my understanding from | prior discussions around it. Basically they hide the account, | not actually delete the account and all data associated with | your use. | | Could be totally wrong here though... ___________________________________________________________________ (page generated 2021-10-06 23:00 UTC)