Are you aware of harmful practices by companies under the Digital Services Act and Digital Markets Act?
We've launched whistleblower tools to report violations of obligations by Very Large Online Platforms, Search Engines and gatekeepers under the #DSA and #DMA.
You have to analyse every Apple announcement through the lens of how it will use it to maintain its market power and attack regulation. So, will Apple’s promised Rich Communication Services (RCS) support make iMessage fully interoperable at least with Google’s Messages? What would the most grudging compliance with Chinese 5G regulations look like?
Google apparently makes RCS support ubiquitous regardless of carrier support (via IP), as well as using a specific telco gateway. Will Apple do the same, or push individual telcos to enable RCS support on their networks? (Many already do.)
Apple won’t support Google’s end-to-end encryption extension but instead work to standardise it in RCS. How long will that take?
Trade body GSMA is responsible for the RCS standard. Telcos in the past, unlike Internet developers, have been most open to developing backdoored encryption standards for mobile communications. Will Google and Apple be able to override this here?
I haven’t tried digging out a good translation of the relevant Chinese 5G regulations, but they are allegedly the source of Apple’s change of mind on RCS support. Supporting it within a single country of course does not mean support anywhere else in the world. Many (most?) of the DMA gatekeepers are trying to limit DMA benefits to their EU users (and in Apple’s case withdrawing them once a user leaves the EU for 30 days!)
I was excited by the #Europe#DMA news back in March, when will we finally be able to communicate with #WhatsApp users from other platforms like #Matrix ?
The Commission said both business and end users are “locked-in” to #Apple’s #iPadOS ecosystem due to its size and user base, which it said the company leverages to disincentivize users from switching to competitors, giving Apple six months to ensure full compliance. #DMA
🔴 We designated Apple’s iPadOS as a gatekeeper under the Digital Markets Act.
Our investigation shows that its tablet operating system is an important gateway for businesses to reach consumers due to its large and commercially attractive user base and its importance for specific use cases.
We also discovered that Apple leverages its large ecosystem to disincentivise end users from switching to other tablet operating systems.
We will keep monitoring #DMA compliance very closely.
Wczoraj dowiedzieliśmy się, że Spotify zdecydowało się zrezygnować z nowych warunków UE wprowadzonych, a wcześniej zinterpretowanych, przez Apple. Te pozwoliłyby Spotify na korzystanie z alternatywnych metod płatności ze względu na Core Technology Fee. Zamiast firma przesłała aktualizację aplikacji z informacjami o cenach i szczegółami dotyczącymi subskrypcji poza App Store, bez podawania użytkownikom linku. Apple zareagowało momentalnie.
Spotify twierdzi, że Apple niesłusznie zablokowało aktualizację i ponownie „sprzeciwiło się Komisji Europejskiej”.
Apple udzieliło komentarza serwisowi 9to5Mac, pisząc, że Spotify musi korzystać z uprawnień EOG do usług strumieniowego przesyłania muzyki, aby uwzględnić tzw. CTA (wezwanie do działania) w celu zakupu poza App Store.
Spotify powtórzyło wczoraj swoje przekonanie, że Apple dąży do „ukarania deweloperów nowymi opłatami” w ramach swoich zasad korzystania z alternatywnej metody płatności w UE. Dlatego gigant muzyczny zdecydował się przesłać aktualizację i pozostać przy starszym systemie App Store.
Apple nie zatwierdziło aktualizacji ze względu na to, że Spotify zawierało informacje o cenie i instrukcje, jak zarejestrować się poza App Store i twierdząc, że będzie musiało zażądać uprawnienia i zapłacić Apple 27% prowizji.
Rzecznik Spotify także podzielił się tym oświadczeniem z 9to5Mac:
Apple po raz kolejny sprzeciwiło się decyzji Komisji Europejskiej, odrzucając naszą aktualizację za próbę komunikowania się z klientami na temat naszych cen, chyba że zapłacimy Apple nowy podatek. Ich lekceważeniu konsumentów i deweloperów dorównuje jedynie pogarda dla prawa.
Dla przypomnienia, w zeszłym miesiącu Apple zostało ukarane grzywną w wysokości 2 mld USD „nadużywanie” zasad App Store dla usług MOD (Music on demand). Wraz z grzywną Komisja Europejska stwierdziła również, że Apple musi złagodzić swoje zasady przeciwdziałania sterowaniu. Apple odrzuciło jednak to orzeczenie i odwołuje się od niego.
Nice! @brave for iOS just got updated to support the new "marketplace-kit" scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.
Now users in the EU can use Brave to safely install alternative marketplaces. We would like to thank Brave for considering our advice about potential #tracking.
Prof. David Erdos has shared his latest (excellent) research “showing i) little UK GDPR enforcement, ii) worrying gap with formal law expectations & iii) limited accountability for this.”
A less polite version would be: the 🇬🇧 government has demonstrated how a law on the books it dislikes (the General Data Protection Regulation) can be undermined by the appointment of supine or actively hostile Information Commissioners. (As prime minister, Margaret Thatcher was against its predecessor Data Protection Directive from the start; not much has changed.)
I hope the European Commission is not going down the same route with the Digital Markets Act’s Art. 7 (on NIICS interoperability), which it was hostile to from start (early 2020) to finish (enforcement). Legislators learned from the GDPR that it is too easy for national regulators to be deliberately undermined by governments looking to attract technology firm investment (see also: Ireland and Luxembourg). The Commission therefore has a central enforcement role. So I’m especially disappointed by the flimsiness of its finally-published decision not to designate iMessage as a DMA gatekeeper NIICS. It hardly justifies the “exceptional” non-designation decision (Art. 3(5)), or “manifestly call[s] into question” the quantitative tests it meets [1]. I wonder if Meta now feels slightly foolish to have obeyed that provision in (somewhat) good faith 🫠
I still remember the jaw-dropping moment the new 🇬🇧 Information Commissioner in 2009 told a law conference (just about his first public appearance) he didn’t think data protection law should apply to the private sector. (He previously ran the advertising “self-regulatory” Advertising Standards Authority.) It’s fortunate indeed for GDPR enforcement it contains rights of private action, so effectively taken up by Max Schrems. Meanwhile, the Commission’s lack of legal action to force some member states to properly implement the legislation, enchantment with mass surveillance/data retention, and some of its adequacy decisions, are much less impressive than the Court of Justice’s judgments on Schrems’ two cases.
I was reminded last week talking to a BigTech competitor these much smaller firms have to be extremely cautious about upsetting a company they may rely on for key resources, and the Commission has spent most of its time preparing for DMA enforcement talking to those two groups. So perhaps Schrems’ None of Your Business, or something similar, will have to take up the rights of the individuals the legislation is ultimately supposed to help 🤷🏻♂️ Fortunately the DMA also contains rights of private action, as well as the ability of organisations to take representative actions (thanks to campaigning by consumer and digital rights groups in its final stages). As with the Schrems I and II cases, these apparently small issues can ultimately have enormous global impact [2].
[1] Where does the DMA talk about the relative intensity of use of one core platform service versus another? This provides two of three reasons for the decision! Who cares if iMessage for Business is lightly used, given it’s likely iMessage itself is used by many microbusinesses, very few of whom I imagine were part of the “corporate users of iPhone to whom the Commission reached out during the market investigation”? Really, the EC didn’t even bother with a large-scale survey, and/or demand data from Apple?
I also heard from an impeccable source Apple threatened to withdraw iMessage from the EU if it had been DMA-designated. The EC should not be rewarding such blackmail, even if it was highly likely to be a bluff.
[2] For now, we might have to rely on technology and philanthropy to improve messenger interoperability, such as this great project: a cross-platform, memory-safe OpenMLS library to enable interoperable, end-to-end encrypted messaging (E2EE) in multiple clients, combining “Matrix’s decentralized and federated infrastructure with Signal’s low metadata footprint.” 🎯
What’s happening with TikTok in the US is a strong reminder about the vulnerability of centralized platforms to censorship and surveillance. The Open Technology Fund notes Signal “provides a high level of metadata protection, but is centralized and thus easily censored. In addition, Signal cannot efficiently provide E2EE for large-group communications.” I hope Signal will move in this direction over time, as well as towards interoperability with other platforms implementing its own protocol (with metadata guarantees) as well as the IETF’s open Messaging Layer Security standard.
The "marketplace-kit" scheme won't hand off the call to the MarketplaceKit process unless it is triggered from a button's onclick event. This seems to be a "security measure" to prevent automatic invocation. But the call can easily be hidden in a search button, for example.
This whole thing is caused by Apple insisting on inserting themselves between the 3rd-party app marketplaces and users.
I will be giving a lecture at the Brussels Summer Academy @BrusselsPrivacyHub "The Future of Data Protection: Navigating Between Data Regulations, Data Spaces, and Data Dogmas".
As expected, Safari handles the "marketplace-kit" scheme in the background without user interaction. The scheme triggers an internal process that sends a unique clientID to the alternative marketplace server.
The clientID is unique per marketplace, device, and account combination. Surprisingly, any website can trigger sending the unique clientID to the alternative marketplace server.
(2/3)
In theory, websites coordinating with an approved alternative marketplace can use the clientID to track users across websites. All a website needs to do is add a call to the "marketplace-kit" URI Scheme, supply the required parameters, and attach it to an HTML button. We were able to verify this theory in a proof-of-concept website. After obtaining the clientID, we made the remote server terminate the communication. #iOS didn't show any error or alert. #DMA#Apple#EU#privacy#infosec
It's pretty unsavory how everybody talks about #MarketPlaces when it comes to platforms for distributing apps. I guess because of #DMA. But it's important to take a step back and appreciate that like many other #FOSS platforms #FDroid is not a maket place, it's a #commons.
Zum meinen Empfehlungen für E-Mail Provider gehört auch Tuta. Das deutsche Unternehmen ist weltweit der zweitgrößte Provider für sicher verschlüsselte E-Mail - und wird von Google unterdrückt. In den Ergebnissen einer Google-Suche, die man ja au
Sztuczna inteligencja to nie tylko zagrożenie dla prywatności, ale i dla zdrowia i życia np. przez błędy rozpoznawania obrazu czy autonomiczne pojazdy. Apple uchyla drzwi rynku alternatywnych aplikacji na swoje urządzenia pod naciskiem UE, a Google poprawia prywatność w swoich usługach.
📱AltStore PAL is the first "Apple-approved" third-party app store for iOS (in Europe-only)
—Liliputing
「 In addition to free apps, Testut expects the AltStore PAL to offer paid apps. But rather than billing users through the store, the app store features Patreon integration, allowing developers to restrict downloads of some or all apps to patrons or control which Patreon pledge-levels grant access to specific apps on a per-app basis 」
"The early results come after the EU's sweeping Digital Markets Act, which aims to remove unfair competition, took effect on March 7, forcing #bigtech companies to offer mobile users the ability to select from a list of available web #browsers from a #choicescreen."
@nextcloud hat in Namen einer Koalition von Dutzenden europäischer Cloud-Anbieter im Novemver 2021 eine Beschwerde gegen #Microsoft beim Kartellamt eingereicht. Angesichts der enorme Marktmacht des Produkts #Microsoft365 ist es ein Skandal, dass Microsoft 365 aktuell nicht unter der #DMA fällt. Dort sind nur zwei Gatekeeper aufgelistet, nämlich #LinkedIn und #Windows.
So apparently Apple approved a knock-off of GBA4iOS — the predecessor to @delta I made in high school — in the App Store. I did not give anyone permission to do this, yet it’s now sitting at the top of the charts (despite being filled with ads + tracking)
I’ve bit my tongue a bunch in the past month…but this really frustrates me. So glad App Review exists to protect consumers from scams and rip-offs like this 🙄