Apple’s manorial security

Works well, fails badly — think different?

While digital feudalism is practiced by many Big Tech companies, Apple pioneered it and is its standard-bearer. The company rightly points out that the world is full of bandits who will steal your data and money and ruin your life, and it holds itself out as your protector.

Apple is a warlord whose fortress has thick walls and battlements bristling with the most ferocious infosec mercs money can buy.

Surrender your autonomy by moving to Apple’s fortress — where they choose your which apps and where you get repairs — and they’ll defend you.

This arrangement (which should really be called “digital manorialism” because feudalism involved providing men-at-arms to the monarch) has the same problem as all benevolent dictatorships: it works well, but fails badly.

When Apple has the same interests as you — when they work against the bandits, rather than colluding with them — this is great. But when Apple sides with the bandits, the walls that once protected you now make you easy prey.

One place where Apple sides with the bandits is China. Access to Chinese sweatshop labor and the vast Chinese middle-class are key to Apple’s ongoing business interests. So when the Chinese state threatens to take these away unless Apple turns on its users, Apple folds.

It’s been four years since Apple colluded with the Chinese state to remove working VPNs from its App Store, exposing Chinese users to pervasive state surveillance.

The benefits of retaining access to China clearly outweighed the reputational damage from colluding with state oppression, because Apple did it again, backdooring the encryption for its Chinese cloud servers.

But the problems of benevolent dictatorship go beyond secret malevolence. A dictator can be benevolent, but incompetent.

This week, the Washington Post published an expose under the admirably self-explanatory headline, “ Apple’s tightly controlled App Store is teeming with scams.”

That hed really says it all: if you think that a “curated” app store is immune to fraudulent apps that steal your money and you’re data, you’re wrong.

Then there’s this equally well-chosen hed from Motherboard over Matthew Gault’s byline: “She Sent Her iPhone to Apple. Repair Techs Uploaded Her Nudes to Facebook.”

Again, this is pretty much exactly what it sounds like: two Apple service technicians — you know, those guys Apple says you should use instead of a third-party repairer who might steal your data — extracted a customer’s nudes and posted them to Facebook.

It’s not the only time this happened:

nor is it the second:

It might be rampant.

This only came to light because Apple paid the victim a multi-million-dollar settlement (that came with a gag order so other people wouldn’t learn that Apple’s safety claims were lies), and Apple’s insurer refused to pay, triggering a legal dispute.

An app store “teeming” with fraudware, service techs who go spelunking for nudes to download and share on devices submitted for repair — these illustrate the core problem with benevolent dictatorships, namely, that the dictator has to be infallible as well as benevolent.

Because Apple has spent millions defeating dozens of state Right to Repair bills that would let customers decide for themselves whether to trust Apple’s repair technicians.

Because Apple does everything it can to make it illegal to develop a third-party app store for Ios that would let users decide whether to trust Apple’s “curation.”

Any time this level of control is questioned — any time someone asks whether an Iphone owner should have the final say over whose apps they use and whose repairs they choose — the answer is that Apple can’t protect them if they get to treat its products as their property.

(I’m leaving aside for now the idiotic no-true-Scotsman argument that “real” Apple users all like deferring to Apple on these matters, because of the obvious rebuttal that Apple wouldn’t spend millions blocking these activities if its customers didn’t want to engage in them)

Lock in and switching costs don’t make companies better defenders of users’ interests — it assures them that they can sell users out, underinvest in oversight of their employees, tolerate a certain amount of predation — and their users will be stuck inside that fortress.

The deal in the warlord’s fortress, after all, is that you have to use a warlord-specified “ecosystem” of proprietary peripherals, media files, and apps for which the warlord is the sole vendor of runtimes. Leave the fortress and all this stuff becomes useless.

Business, after all, is business. Companies know that high switching costs allow them to treat their users worse, because users will weigh all they surrender when they defect to a rival against the costs imposed by staying in a corrupt warlord’s demesne.

There’s another way: technological self-determination, of the sort that comes with interoperability, right to repair, and an end to the laws protecting terms-of-service, DRM and other forms of lock in.

If warlords are forced to allow us to leave their fortresses without being able to punish us for our disloyalty, then we’ll truly learn whether the people who stay within the walls prefer the warlords, or merely endure them.

Cory Doctorow ( is a science fiction author, activist, and blogger. He has a podcast, a newsletter, a Twitter feed, a Mastodon feed, and a Tumblr feed. He was born in Canada, became a British citizen and now lives in Burbank, California. His latest nonfiction book is How to Destroy Surveillance Capitalism. His latest novel for adults is Attack Surface. His latest short story collection is Radicalized. His latest picture book is Poesy the Monster Slayer. His latest YA novel is Pirate Cinema. His latest graphic novel is In Real Life. His forthcoming books include The Shakedown (with Rebecca Giblin), a book about artistic labor market and excessive buyer power; Red Team Blues, a noir thriller about cryptocurrency, corruption and money-laundering; and The Lost Cause, a utopian post-GND novel about truth and reconciliation with white nationalist militias.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store