Apple talks a big game when it comes to security. Its stance on user privacy has been one of the dominant themes of Apple’s marketing, especially in the past few years. In a world awash with data leaks and cybercriminals, that’s reassuring.
But when it comes to the Mac and its comparisons against Windows, are the assumptions true? Is MacOS actually better at protecting your privacy? After all, a recent survey found that more Americans trust Microsoft than Apple with their private data, at a rate of 75% to 69%. Could it be correct?
We decided to ask the experts, from tech analysts and privacy advocates to antivirus specialists. We also went to Microsoft and Apple themselves to find out what their desktop operating systems do to keep your data safe. Here’s what we found out.
Does MacOS go far enough?
MacOS and Windows are both desktop operating systems, but they have different philosophies when it comes to security and privacy. MacOS is for Macs only. Windows 10, on the other hand, runs on hardware from dozens of manufacturers, all offering different systems and configurations. The assumption is that Apple’s closed system has a positive impact on security and privacy.
To find out how much truth is in that assumption, we spoke to Ray Walsh of the advocacy group ProPrivacy. The organization conducts research and reviews from purely a privacy standpoint.
“Apple can be credited with an advantage due to its tighter control over the hardware that runs MacOS,” Walsh told Digital Trends. “This does make MacOS more secure, which improves data privacy by decreasing the chances of hardware-based vulnerabilities that lead to hacking or surveillance.”
So far, so good. However, Walsh does sound a word of caution: “Despite a popular perception that Apple is a security and privacy-conscious developer, the reality is that MacOS is a closed source platform,” he said. “This means that Mac users are ultimately at the whim of the tech giant, and it is hard to state with any confidence exactly what kind of telemetry Apple might (or might not) be acquiring via its operating system.”
“Apple has more control over its platform than any other manufacturer, and it could set much tighter restrictions on app developers.”
Walsh has a point. A closed system means the public doesn’t always have a great idea of what Apple is actually doing to prove its promises. This tight control is exasperating because Apple could do more with it to keep your data truly private. Walsh notes that Apple shares personal data with fewer third-party companies, which allows Tim Cook to make some bold claims about its user privacy stances. But for Walsh, being better than the competition isn’t good enough.
“Many firms profit from data by turning it into a direct revenue stream, selling consumer data to any third party that is willing to pay,” he said. “Apple does this less than some of its biggest competitors. However, it does still allow app developers to collect data from users directly.”
In other words, if it’s going to hold tighter reins on its devices, it should also be held to a higher standard for privacy and security. Walsh notes that Apple is still collecting a lot of data from users. It still allows apps within the App Store to harvest sensitive information, in some cases, even as they sleep.
“This is frustrating because Apple has more control over its platform than any other manufacturer, and it could set much tighter restrictions on app developers to improve privacy for its users. The ugly reality is that, despite all the talk, it is not opting to do those things.”
Privacy remains an opt-in choice for Windows 10
Ray Walsh may have been critical of Mac, but when it came to Windows, he held no punches.
“Windows 10 is recognized by privacy experts as being invasive due to the widespread collection of telemetry data that is enabled by default,” he told us. “The tracking performed is comprehensive and includes things like your search history in Bing, your browsing history and a transcript of the things you say to Cortana, your location history, and health data acquired via HealthVault and Microsoft Band.”
In the early days of Windows 10, it was roundly criticized for the amount of data it collected by default. Microsoft quickly made changes, but even these weren’t enough to placate regulatory bodies like the European Union. Five years on from the launch, is Windows 10 any better at keeping your data private?
“Gaining total privacy when using Windows 10 is ultimately impossible.”
Walsh still thinks Windows 10 collects too much telemetry data, even with all its privacy settings enabled. “Gaining total privacy when using Windows 10 is ultimately impossible,” as he put it. Most of the experts we interviewed agreed with Walsh, but Microsoft says it’s taken big steps toward transparency and privacy controls.
We spoke to Marisa Rogers, Privacy Officer of Windows, Browsers, & Devices at Microsoft, to see what she says the Redmond giant does for your privacy.
“We have been sharing our Windows privacy journey for the last several years as we addressed concerns from customers and the marketplace,” she explained. “Most recently we announced plans to increase transparency and control for our customers by categorizing all data we collect as either required or optional for all our major products.”
Rogers says Microsoft categorizes some data as “required” for sharing, such as basic diagnostics. This kind of user data is used to keep Windows up-to-date and working properly, as well as aiding the delivery of the latest security updates. Information like what device people are using Windows on falls into this category. This can’t be turned off, regardless of the settings you choose.
It’s the data that falls into the “optional” category that Windows lets you control.
“Data in the optional category (such as Full diagnostic data), like how the specific apps in use when an error occurs or data about a download start/finish to address download issues, helps us provide a better experience to customers,” Rogers told us. “Users can change their privacy settings with regard to optional data collection at any time.”
Sounds fair, right? Well, not so fast. Ryan O’Leary, a Senior Research Analyst at IDC, told us there’s a catch in opt-in data collection.
“Windows certainly gives their users the ability to make choice around what they are providing to Microsoft,” said O’Leary, who specializes in the legal side of tech, including risk management and regulation. “However, we have seen in the EU the concept of privacy by default. Microsoft allows a significant level of customization but to my knowledge that is all opt-in by the user. It creates headwinds for unsophisticated users who aren’t hyper-focused on privacy to enforce their privacy when it should be the default choice.”
There’s little transparency about where this data goes or how exactly it is used. There’s a reason regulatory bodies are moving toward privacy by default: Few people spend the time to dig into their privacy controls. Even if Microsoft isn’t doing anything nefarious with the data, it gets into trouble leaving so many privacy concerns turned on by default.
As it turns out, there’s a better alternative.
Making use of differential privacy
Is MacOS any better in this regard? When we spoke to people at Apple, they told us that the company’s Mac privacy stance is built on five pillars: Data minimization, on-device processing, transparency and control, protecting a user’s identity, and data security.
Of those pillars, one of the most important for privacy is on-device processing. If your Mac can do everything you need it to without sending your data to a third-party server, the chances of someone intercepting that data or hacking the server are greatly reduced.
This is one area where Ray Walsh says Apple is doing well. “If and when Apple does encrypt data and store it locally — so that it is never accessible to Apple or the third parties it works with — this is without a doubt a win for digital privacy on the platform.”
When your Mac does send your data to Apple’s servers, Apple often takes steps to keep that data private. In MacOS, your Siri requests are sent to Apple, but are given a random identifier instead of your Apple ID so they can’t be tied back to you. In Windows, if you’ve signed in to a Microsoft account then your Cortana requests will be sent to Microsoft along with your account details.
Another expert we consulted for this piece was Thomas Reed, Director of Mac & Mobile at Malwarebytes. We’ve spoken to him before when we investigated whether Macs need antivirus software. What does he think of the privacy provisions in MacOS?
“When it comes to Apple, I’d have to say they set a very high bar on privacy,” he explained. “Folks love to hate on Apple and like to say that privacy is just a PR claim for Apple every time they have a privacy stumble. However, from my observations of Apple over the years, my perception is that Apple is taking privacy extremely seriously.”
Reed claimed that Apple has done things for the sake of privacy that could have been compromised in the name of saving money or improving the user experience. One example is Apple Maps. The app has long been criticized for being inferior to Google Maps, but Reed inferred that it was Apple’s stringent privacy stance that held it back.
“For example, for years Maps was inferior because Apple didn’t want to collect user data, and when they did finally start collecting data, they did it in such a way that it should not be possible to identify specific users. They broke up the data into little bits, so they can see general traffic patterns, but can’t see that any user went from point A to point B.”
This is known as “differential privacy.” As Reed notes, it gives Maps a privacy advantage. “[This is] unlike other maps, where data is anonymized but easy to deanonymize by simply looking at the routes taken by a specific ‘anonymized’ user.”
As Reed noted, this is something the average user would never know if Apple didn’t market it.
Mac really is more secure
So, what’s the final verdict? Which desktop operating system is best for your privacy, Windows or MacOS?
The consensus seems to be with Apple. Pieter Arntz, Thomas Reed’s colleague and Lead Intelligence Reporter at Malwarebytes, put it this way. “Windows privacy has improved going from Windows 7 and 8 to 10, but it’s far from the level Apple is providing.”
Walsh, meanwhile, stated that while the survey placing Microsoft ahead of Apple in terms of trust was interesting, “this popular perception is generally incorrect and there is little reason to trust Microsoft over Apple.”
Still, the extent to which MacOS is best depends on who you ask. Many of the experts we spoke to felt that while Apple wasn’t perfect in this regard, it was doing more than most.
Here’s what Ryan O’Leary had to say about it. “We are entering an era where trusted enterprises will separate themselves from the pack. IDC views trust in five pillars: Security, Risk, Compliance, Privacy, and Ethics & Social Responsibility. Enterprises need to invest in those five things to foster trust within their enterprise. Privacy currently is an extremely low bar for doing more than the minimum and Apple is one of the few enterprises currently selling their company based on privacy. So, while those features may not be the most private way to conduct business, they are doing more than many of their peers.”
There were other experts, such as Ray Walsh, who cautioned that, while MacOS had taken some positive steps regarding privacy, users still must trust that Apple is true to its word in its privacy promises. “Both Microsoft and Apple Mac could do more to provide privacy for their users,” he explained. “It is important to remember that true privacy would be to disable tracking and data harvesting data altogether. This is possible, but it is not in the best interest of those platforms to do this because of the vast revenue sums they can generate by doing the opposite.”
Neither company is doing enough to please cybersecurity experts. But with few alternatives, we’re still left having to decide between the two, and almost everyone agreed: Your data is likely safer and more private on MacOS than on Windows.
As Microsoft continues to make gains in this department and user sensitivity to the issue changes, the situation will continue to evolve. For now, the assumption about the Mac’s superior security stands.