"Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud, extending our industry-leading PCC privacy commitments to third-party data centers for the first time."
Per that link: I think there's an interesting question about whether a nefarious actor who's infiltrated a cloud provider with physical access to machines that are running signed operating systems, with signed binaries, with TDX remote attestation, and with hardware supply chain verification, has the ability to break the privacy guarantees of a tenant with Apple's sophistication.
Certainly, one could tamper with the hardware, but could one do it in a way that wouldn't get that machine immediately flagged, removed from the routing pool, and told to wipe its memory immediately, by a watchtower (perhaps even the routing layer itself) that runs in a separate secure Apple datacenter?
Apple could simply be ordered to include a hardware backdoor, and legally be prevented from talking about it. Everything else in the architecture could work exactly the way they claim in the PCC paper.
Those datacentres would be in the same position of trust as a VPN provider in that the data must be unencrypted at points in the process.
They could be making it very safe, and the things apple says they are doing would make it as safe as possible, but as a user there is no way of verifying the claims.
> as a user there is no way of verifying the claims
I think this sums up what it's like to be an Apple user pretty well. With their heavy proprietary and closed approach, all users can do is "trust" them.
Wrong answer. Or at least, obvious and not particularly useful.
Truth is, none of those parties are "nefarious" - they're all just not on your side. And "security" is never an unqualified good thing to have (it's not an unqualified bad thing either). It's just a framework of coercion.
The most important questions to answer about any security system is, what is being protected, for who, and from who. People don't ask that much, not even in the industry - it's an implicit assumption that everyone themselves is a "good person" and is on the protected side of security systems. And then they're confused because it turns out end-users are more often seen as threat actors. All the players mention, but perhaps especially Apple, in its own special way, is protecting the computer from the user just as much as they're protecting the user/user's data from third parties.
Why bother with all that cloak and dagger stuff when they can just buy the data? You believe Apple and/or Google isn't selling it? I have some land in Florida I'd like to talk about.
Having worked at Apple, I will say I firmly believe they do not sell data. I worked in data science and we had the shittiest inference because we had essentially no access, even internally, to longitudinal or cross-app user data. Best we had was 15 minute rotating sessions for a single app. There are internal teams dedicated to deanonymizing data to try to narrow down users - if they can successfully do so, and relevant fields that lead to deanonymization get permanently purged from internal logging.
I can’t speak to the current architecture but Apple has shown a consistent willingness to sacrifice access to user data in the name of selling privacy instead at a premium price (you could argue precisely because no one of their competition have any meaningful posture on this). I do believe they are quite serious in their commitment to that, as they have found this strategy to be more valuable than the data itself.
This comment makes it sound like they sold private recordings to whomever was willing to pay for them, but they paid third parties to evaluate Siri recordings.
Illegal to share data with entities that are themselves law enforcement, and which they are known to be demanding, not just asking to share out of good will?
Apple's incentives don't align to sell private data as their whole thing is privacy. They do that they tank their business. If you have proof that they are doing it -- I'd love to see it. (*3rd party actors from an app re-selling data doesn't count)
Google is 100% doing that because thats their entire incentive for the business. They sell low cost software / subsidized hardware on the grounds that you pay with your sharing data. That's the implied cost.
Show me the incentives - I will show you the outcomes.
That’s not so special, though? There’s a difference between Google infra running Google services.
Versus any F500 company running their services on GCP.
It’s a bit whacky to think about because Apple will operate Google owned software on GCP. But it should be sandboxed just the same.
I’m not making a normative privacy argument here. Just pointing out that this is cloud business as usual. Perhaps it’s interesting Apple is doing it, but basically everything else is already using either AWS or GCP at this point.
I think the difference is scale. This is Apple, so it's an enormous amount of devices. And it's a seamless experience, to the user, going from local model to cloud models.
So the question about which model Apple was going to use and where has been highly anticipated, especially by the likes of OpenAI and Anthropic. Imagine if either one could say they have Apple as their customer?
Apple certainly has the cash to burn if they wanted to train their own model, but it also always seemed out of their core competency. This is a major win for Google.
So "business as usual" but with huge implications for the AI ecosystem in general.
>(Part of their software are models derived from Google Gemini, but that’s orthogonal to this)
You're right that it is orthogonal to the privacy promises Apple makes to its own users.
The moralistic and righteous undertone in their marketing material is questionable though given that these Apple services might not exist if Google didn't exploit Gemini app user data on Android the way it does.
That's fine with me. Users have a choice here. In fact, it's a big improvement over the search deal with Google where Apple sends its own users directly to Google.
That is news — I guess not very surprising that they'd need more data centres than before.
But again there is no Apple-to-Google transfer in the inference in the sense of the comment I was originally replying to (I am not suggesting you're implying otherwise, obviously)
But I stand happily corrected where I said they aren't in the picture at all.
That is an interesting press release because it outlines what they would have had to do with any data centre they were outsourcing to.
This is probably why Google had to rent compute from SpaceX. They needed to free up NVIDIA GPUs for Apple so they probably moved internal workloads to SpaceX compute.
Google likely won't rent compute from SpaceX, they have a substantial share of SpaceX (they own 5% of it) and need the IPO to be valued highly, so to prop up the IPO stock, they made this announcement, but if you read the fine print, both SpaceX and Google are allowed to cancel it at any time, as-in, after they cash out from the IPO.
https://security.apple.com/blog/expanding-pcc/?linkId=100000...
"Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud, extending our industry-leading PCC privacy commitments to third-party data centers for the first time."