To use the internet is to constantly slam into locked doors. Want to watch a video? Please sign in. Care to comment? You’ll need to remember your password. Want to keep reading an article? Create an account. Many of us manage these password requests by using our login credentials from Google and Facebook to register with other websites. Clicking on “Sign in with Facebook” and “Sign in with Google” isn’t exactly frictionless, but it’s close.
That convenience came with a bargain: Users had to trust Google and Facebook to keep their personal details safe in exchange for the information those companies got to glean about all the websites and services we use. It was good for third-party apps too, which were able to dull their users’ annoyance at creating yet more new accounts by simply porting over their Google or Facebook info. Airbnb, Spotify, Tinder, Venmo—they all allow you to log in with Facebook or Google or both. The problem with this bargain is that when it comes to protecting user privacy, Facebook and Google haven’t always kept up their end of the deal—and they also use all that user information to power targeted-advertising businesses that more and more users find super creepy. Increasingly, those enticing buttons feel less like they’re worth the convenience.
Enter Apple. At its annual developer conference on Monday, the company unveiled a new “Sign in with Apple” button for Apple device users to create new logins on websites and apps. It’s the same idea as those Google and Facebook buttons but from a company that’s known to be far more trustworthy with customer data—and that has been emphasizing its privacy bona fides as the other tech companies have come under scrutiny. But Apple isn’t just offering a third option. Users who opt to create new accounts with Apple can also choose to use a randomly generated email address that forwards messages to their actual inbox, preserving customer privacy even further by allowing users to keep their email addresses to themselves without sharing them with another company. It’s a smart innovation, and it’s no surprise that it comes from Apple—a company that went head to head with the FBI when it refused to help unlock the encrypted iPhone used by a shooter in the 2015 San Bernardino attack for fear that doing so would create a dangerous privacy precedent for the rest of its users.
If you’ve already paid the big bucks for an iPhone, you should definitely use Apple’s new privacy-enhancing login feature. And if you’re not an Apple customer, well, you can’t. That’s one rub that comes with all of Apple’s privacy enhancements: They do nothing for the majority of internet and smartphone users who don’t buy expensive Apple products. If we see more of this trend—in which the best privacy protections come as bonuses for high-end device owners—privacy will be more like a luxury for some rather than a right for all. That’s because digital privacy in the U.S. is barely regulated. There’s currently no broad federal policy that requires tech companies not to give our personal information to third parties without direct consent. As long as the terms of service we clicked through when signing up say that our data might end up elsewhere, tech companies are largely free to do as they please.
Take what’s happening to Facebook after mishandling the millions of users’ data that ended up in the hands of the political-data firm Cambridge Analytica, which improperly scraped the Facebook profiles of not only those who downloaded a personality quiz app but everyone they were friends with too. Facebook faces steep penalties now, but only because it allegedly didn’t follow a rule that was custom-made for Facebook after mishandling user data years earlier. When the company messes up in other ways, like by storing hundreds of millions of user passwords in plain text for years in a format viewable by thousands of employees, Facebook isn’t breaking a law. And when Google allows third-party apps for Gmail to read user emails in ways that aren’t clear to Gmail users, as the Wall Street Journal exposed last year, that’s fine too—again, as long as the small print in its user agreement says that might happen. There’s not even a rule that forces companies to share what they’ve shared about us. It’s hard to know how many third-party apps to which Google has granted permission to read its users’ emails. And once your data is out there, there’s no putting the toothpaste back in the tube. It can be copied and shared over and over again.
Apple pulling in the reins on what apps can access about users is just the latest example of Apple regulating other companies. Earlier this year, Apple booted Facebook’s developer apps from its app store after Facebook wrongfully allowed non-employees to download a privacy-invasive app that wasn’t supposed to be available to the public. It also helps burnish Apple’s pro-consumer image at a time when the company is beginning to attract scrutiny for some of its practices—particularly whether aspects of its app store are anti-competitive.
And it’s not a win for all users. It’s a win for iPhone users and a win for Apple PR—though there’s no guarantee that Apple won’t change its policy in the future. So props to Apple for leading the industry here. But this is a business decision. It might cause some people to switch to an iPhone. It won’t protect those who don’t.