That Apple Card may not be as private as you think

When it came time to pay for dinner with my friend and his wife the other night, he said, "No, let us get this."

It was a kind gesture. When you don't have to pay for a meal out in San Francisco, the feeling of relief is similar to narrowly avoiding getting hit by a self-driving car in the crosswalk. My friend is generous. He used to work in Apple security and now does security for a different Big Tech entity.

Anyway. With a flourish, my friend presented his Apple Card. It seemed to glow faintly, but I knew that was just my poor eyesight. Or maybe just how poor people see it. I watched how my friend handled the white titanium, laser-etched card. Kind of avoiding skin contact.

I wanted to hold it badly, but only because I'd read it was as scratchable as your favorite album and as porous as Silly Putty. Would my approaching touch of zero net worth trigger an alarm? Burning with curiosity, I kept my arms at my sides.

While teasing Apple for making another product too pretty for the real world is deserved, it says a lot that one of the friends I respect the most in cybersecurity was first in line to apply for the card. And Apple's recent statements and actions about consumer privacy are pretty exciting. However, it's important to point out that the barrier to Apple's level of privacy and security for shopping requires a pricey new iPhone -- a cost that's out of reach for many people, myself included.

At the same time, I started to hear warnings from adult-industry professionals that Apple Card's privacy assurances were not to be trusted. It's a good question: With Apple's aggressively conservative stance on sex in the past, will it behave like banking's war on sex and close out entire classes of "edgy" businesses, like the adult industry, marijuana-related companies and cryptocurrency?

When reached for comment, an Apple spokesperson was not willing to speak on the record.

Concerns from people in sex-related businesses about Apple's morally policed, gated community make sense. Anyone who's been paying attention knows that while the company leads in LGBTQ positivity, it has a reputation of being so extremely sex-negative that it rivals Facebook's conservative prudery. Which, to be clear, disproportionately affects women and LGBTQ people, who are the primary populations in sex ed, sex work, sex culture and art, and sex tech. Apple says no apps for you, keep your podcasts censored. Celebrity status is the exception, of course, always.

Apple Card isn't a user-generated marketplace, but with the swift and sudden action Apple took to wipe out the livelihoods of 5,000 app makers in 2010 (based on Apple's hatred of sex), we'd be wise to remember that the company has a history of taking action on a capricious whim. And when adult-industry publications warn businesses and professionals in that sector to "beware," it behooves us to find out why.

The "why" lies in the fact that while Apple Card states it cannot see your purchases, which we believe, that doesn't hold true when it comes to everyone else involved in your transactions. Namely, the chain involving Mastercard and Goldman Sachs. Like the banks and payment processors routinely discriminating against anyone involved in sex, they are beholden to the same masters: the Office of the Comptroller of the Currency (OCC), which interprets laws and polices the banks.

"At Apple, we firmly believe in your right to privacy," the Apple Card's security and privacy page states. "That's why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone." We can trust that this is encrypted and tight: Again, Apple's security team has a badass reputation for a reason.

Still, how it'll stand up to police forcing suspects to unlock phones with Face ID or future Cellebrite attacks will be interesting to see. If you jailbreak it, that's all on you, pal.

It's important to note here just how much sex workers (and writers and educators and artists) are the canary in the coal mine for your security and privacy. To be clear: If sex workers start getting their Apple Pay and Apple Card accounts categorically denied, frozen or taken away, we'll find out whether or not anyone is spying on your transactions and making actionable decisions.

Like security, privacy promises are only as good as the links in the chain.

With Apple Pay, the company states it doesn't keep transaction information "that can be tied back to you." Apple Card tells us, "Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising." The Apple Card-Goldman Sachs operating agreement is here if you want to check it out.

The good news is that Goldman isn't giving your data to miners or sharing it with siblings. Yet while Apple says it's not looking at your transactions, Goldman surely is and will terminate you for transactions considered "illegal goods or services" or on illegal gambling sites.

For an article this week in The Washington Post, "The spy in your wallet: Credit cards have a privacy problem," Geoffrey A. Fowler bought "two bananas, one purchased with the popular Chase Amazon Prime Rewards Visa and the other with Apple's Mastercard." He then tried everything he could to follow the data to see what happened with privacy around these transactions.

It wasn't good news. He said six different types of companies "sold me out" over a couple of bananas, including the card network. Fowler explains that while Apple got Goldman Sachs to agree not to share your data with marketers (which is great), "the Apple Card, which runs on the Mastercard network, doesn't introduce much new technology to protect you from a lot of other hands grabbing at the till."

So that's one thing to keep in mind.

But our worries are not only about who knows what we buy but also what their reaction to it will be. We fear that people might be punished for buying the wrong thing or being in the wrong line of work, all while trying to do a perfectly normal thing: have a credit card. All it could take is one righteously conservative bank to trigger Apple's reflexive prudishness.

Back in 2012, PayPal went on a purge of writers and editors of erotica in a ban on "obscene" content: Companies included BookStrand, All Romance Ebooks, Excessica and Smashwords. PayPal blamed Visa and Mastercard for the payment processor's discriminatory censorship. Mastercard responded saying that no, this was all on PayPal. "To be clear, Mastercard had no involvement in the decision made by PayPal to refuse to process payments for certain books," the company said. "In this particular scenario, Mastercard would not take action regarding the use of its cards and systems for the sale of lawful materials that seek to explore erotica content of this nature." Interestingly, Visa's response was similar.

After that, PayPal got an attitude adjustment when the FDIC clarified its rules around "high risk" to edge out sex, and a federal judge strengthened First Amendment protections for websites by ruling speech can be irreparably harmed by withdrawal of payment processing.

But that was before FOSTA, and the war on sex online gave sites and businesses a license to discriminate about anything sexual, anytime, with only reputational consequences. Banks and payment services like PayPal have resumed weblining and sexual discrimination, and so we'd be remiss not to be very, very concerned about who can see our transactions.

Apple Card may keep its mitts off of our transaction history within its very white and easily stained gates, but it can only promise what it can control. Banks have renewed an insidious war against sex online.

A few days after my first sighting of an Apple Card in the wild, I ran into a friend at my local corner store. We made small talk, then he settled into a quiet, closed-mouth smile.

"What?!" I said. I knew he wanted to tell me something. "What did you do?"

He grinned, blushed. I expected an engagement announcement. "I got an Apple Card," he told me.

"Let me see it!" Did the card really glow with privilege? I wanted a closer look.

My friend shook his head. "I keep it at home," he said. Over my merciless laughter he said, "You know why!"

Images: Koren Shadmi (Apple Card Illustration); Chris Velazco/Engadget (Apple Card announcement); Getty Creative (PayPal headquarters)