# Apple's iPhone <eta: and other smartphones?> tracks users every movement



## Kid_Eternity (Apr 20, 2011)

The Guardian reports on the shocking breach of privacy that only Apple does with its iPhone:



> Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.
> 
> The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program. For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.
> 
> ...


----------



## magneze (Apr 20, 2011)

Apple = Skynet


----------



## editor (Apr 20, 2011)

Fucking hell. If true, this *has* to breach privacy laws, surely?


----------



## Crispy (Apr 20, 2011)

Out-fucking-rageous.

But I do now want to dig this file out for Sparrows iphone and plot it on a map


----------



## editor (Apr 20, 2011)

*awaits enormous $$$$$ class action suit from some opportunist in the US.

Mind you, this really is very worrying stuff indeed. Why the fuck should a phone be storing precise records of all your movements?


----------



## kained&able (Apr 20, 2011)

Breaking news: 100,000 drug dealers have just thrown their iphones into a river.

dave


----------



## Crispy (Apr 20, 2011)

kained&able said:


> Breaking news: 100,000 drug dealers have just thrown their iphones into a river.
> 
> dave


 
god yes!


----------



## editor (Apr 20, 2011)

Probably nothing but this story appeared on Engadget and then promptly disappeared (so the links in the RSS feed don't work).


----------



## Kid_Eternity (Apr 20, 2011)

magneze said:


> Apple = Skynet



Lol tis the season, everything has been called that this week (even though I don't agree with the date as the original is August koff koff)! 



editor said:


> Fucking hell. If true, this *has* to breach privacy laws, surely?


 
Seems that way, it's interesting that Apple appear to be the ONLY smartphone maker doing this. Not good at all really, and I must admit this has seriously made me consider not getting another idevice with built in GPS again.


----------



## magneze (Apr 20, 2011)

I wonder if they'll try the Google "rogue employee" defence.


----------



## salem (Apr 20, 2011)

I'd be seriously pissed off if I had an iphone right now.

Now that this information is public and seemingly quite easy to get hold of I wonder how many people will be 'caught out' by their partners, employers etc off the back of it?

I'd say there are dodgy people in dodgy regimes rubbing their hands together with glee now.


----------



## Kanda (Apr 20, 2011)

I've got an iPhone, I'm not really pissed off. 

Is fucking bonkers though


----------



## FridgeMagnet (Apr 20, 2011)

salem said:


> I'd say there are dodgy people in dodgy regimes rubbing their hands together with glee now.


 
Mobile networks already record your location constantly regardless of what phone you use, and that information is available to governments. So not really. This is more of a personal data security concern vs other individuals who might want to see where you are and could jailbreak your phone or fiddle with your computer.


----------



## salem (Apr 20, 2011)

FridgeMagnet said:


> Mobile networks already record your location constantly regardless of what phone you use, and that information is available to governments. So not really. This is more of a personal data security concern vs other individuals who might want to see where you are and could jailbreak your phone or fiddle with your computer.


 
Actually that's a good point. I got a bit carried away with my indignation 

Other points still stand though.


----------



## editor (Apr 20, 2011)

FridgeMagnet said:


> Mobile networks already record your location constantly regardless of what phone you use, and that information is available to governments. So not really. This is more of a personal data security concern vs other individuals who might want to see where you are and could jailbreak your phone or fiddle with your computer.


Yes. But it's not available to _absolutely anyone _who can get access to your laptop or iPhone. They need a court order to gain access to your files.

If anyone steals your iPhone or laptop and downloads the free visualisation app, they'll know where and when you work and can schedule a burglary accordingly. It's a horrendous breach of privacy. Or stalk you. Or find out your whereabouts. 

What the fuck was Apple doing creating and storing a secret, unprotected log of timestamped location info?


----------



## Refused as fuck (Apr 20, 2011)

I refuse to comment on this before Sunray has posted to completely exhonerate Apple of any wrongdoing.


----------



## zenie (Apr 20, 2011)

Refused as fuck said:


> I refuse to comment on this before Sunray has posted to completely exhonerate Apple of any wrongdoing.


 


Cheating partners?


----------



## Kanda (Apr 20, 2011)

Only I have access to my Mac, I can remote wipe my iPhone.

Not justifying their behaviour, just saying why I'm not too bothered by this.


----------



## editor (Apr 20, 2011)

I wonder how many people are _right now_ downloading the app and uncovering their partner's/workmate's details. 

*can't hear himself think over the sound of divorce lawyers rubbing their hands together


----------



## editor (Apr 20, 2011)

Kanda said:


> Only I have access to my Mac, I can remote wipe my iPhone.


And if someone breaks into your house and steals your Mac?


----------



## Crispy (Apr 20, 2011)

Bear in mind that the app as offered on the site only has a 7-day resolution - ie, every reading in a 7-day window at one time. Of course, it's only a matter of time until there's a version with 1-second resolution.


----------



## Refused as fuck (Apr 20, 2011)

editor said:


> And if someone breaks into your house and steals your Mac?


 

Who breaks _in_ to a prison?


----------



## editor (Apr 20, 2011)

Crispy said:


> Bear in mind that the app as offered on the site only has a 7-day resolution - ie, every reading in a 7-day window at one time. Of course, it's only a matter of time until there's a version with 1-second resolution.


Well, indeed. Once the data is copied, ne'er do wells can examine your movements at their leisure and zoom into specifics.


----------



## Kanda (Apr 20, 2011)

editor said:


> And if someone breaks into your house and steals your Mac?


 
What? Like the CIA? A private detective? lol... 

Don't get me wrong, this is bonkers. But I don't really care, there's enough surveillance out there... meh.


----------



## zenie (Apr 20, 2011)

Kanda said:


> Only I have access to my Mac, I can remote wipe my iPhone.
> 
> Not justifying their behaviour, just saying why I'm not too bothered by this.


 
Yeh, that's what 'they' want you to think


----------



## Kid_Eternity (Apr 20, 2011)

editor said:


> What the fuck was Apple doing creating and storing a secret, unprotected log of timestamped location info?


 
It could be a valuable source of marketing info, knowing a highly sought after phone user (the idea being that iPhone owners tend to be a bit better off) movements cross referenced with buying habits? I could imagine electronic tube adverts which change when they know a high volume of iPhone users are trundling through at certain times of day...it's a bit minority report but what else would you want marketing data for if it wasn't targeted advertising?


----------



## magneze (Apr 20, 2011)

One could write a trojan horse to retrieve this info en-masse. It would then be possible to see when people usually leave their house and where they live.

Burglary. There's an app for that ...


----------



## Crispy (Apr 20, 2011)

People live in houses and aren't in them during the day - this won't tell burglars any more than they know already tbf


----------



## editor (Apr 20, 2011)

Kanda said:


> What? Like the CIA? A private detective? lol...
> 
> Don't get me wrong, this is bonkers. But I don't really care, there's enough surveillance out there... meh.


If they did a survey of smartphone users and asked: "would you be happy if your handset secretly stored an unprotected, easily accessible file containing timestamped location info for all your movements?" what percentage of users do you think would answer, " Sure, why not, it's all meh to me?"

I could be wrong, but I suspect you're in a real minority here.


----------



## Kanda (Apr 20, 2011)

editor said:


> If they did a survey of smartphone users and asked: "would you be happy if your handset secretly stored an unprotected, easily accessible file containing timestamped location info for all your movements?" what percentage of users do you think would answer, " Sure, why not, it's all meh to me?"
> 
> I could be wrong, but I suspect you're in a real minority here.


 
I didn't say it was alright, I just said I personaly am not that bothered. Of course I'm likely to be in a bloody minority


----------



## editor (Apr 20, 2011)

Crispy said:


> People live in houses and aren't in them during the day - this won't tell burglars any more than they know already tbf


What? Come on! Access to this info would tell someone precisely where you worked and what times you were out of the house. And if you worked nights, they'd know that your house was empty.

No matter what the source, I'd be deeply unhappy if someone got such info on my whereabouts. That's why I keep my Facebook profile set to private.


----------



## magneze (Apr 20, 2011)

Crispy said:


> People live in houses and aren't in them during the day - this won't tell burglars any more than they know already tbf


Quite. So being able to get their after-dark movement patterns is quite useful. When do they always go out, how far away are they and how long are they away.

I think this is unlikely tbh, but for all we know this might have happened already if someone unscrupulous had already found this file.


----------



## Kanda (Apr 20, 2011)

editor said:


> And if you worked nights, they'd know that your house was empty.


 
your partner might not work nights


----------



## editor (Apr 20, 2011)

Kanda said:


> your partner might not work nights


Or they might not have a partner.


----------



## magneze (Apr 20, 2011)

Relatively simple to cross reference this data and find out how many people live somewhere.


----------



## magneze (Apr 20, 2011)

I wonder how long it will take for Apple to put together an update to remote wipe this data on every iOS device.

I wonder how long it will take someone to stick a trojan horse app into the app store to retrieve this data.

1.. 2.. 3.. GO


----------



## editor (Apr 20, 2011)

magneze said:


> Quite. So being able to get their after-dark movement patterns is quite useful. When do they always go out, how far away are they and how long are they away.
> 
> I think this is unlikely tbh, but for all we know this might have happened already if someone unscrupulous had already found this file.


I don't think it's going to kick-start a spate of burglaries, but there is ample evidence of people being burgled after they posted up revealing information on Twitter and Facebook profiles, so I can see how some ne'er do wells will welcome access to the iPhone's stealth location file.

Personally, I think it's more likely to be looked up by suspicious husbands/wives, bosses and private investigators. Either way, there's no excuse for Apple storing and maintaining such a log file and if it was Android or anyone else keeping such a log of my whereabouts, I'd be just as mightily miffed.


----------



## magneze (Apr 20, 2011)

Actually, it's not clear if this data is available to apps, so the scenario I've outlined might not be possible. Still, this is a massive breach of trust.


----------



## editor (Apr 20, 2011)

Have any iPhone users given this a go yet?
http://petewarden.github.com/iPhoneTracker/

From their FAQ:


> What’s so bad about this?
> The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.
> 
> The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
> ...


----------



## Kid_Eternity (Apr 20, 2011)

editor said:


> If they did a survey of smartphone users and asked: "would you be happy if your handset secretly stored an unprotected, easily accessible file containing timestamped location info for all your movements?" what percentage of users do you think would answer, " Sure, why not, it's all meh to me?"
> 
> I could be wrong, but I suspect you're in a real minority here.


 
I raised this in the office, the response was nothing but real concern to outrage. Two people won't own an iPhone off this and one iPhone owner wasn't very happy at all.

I'm going to ask more non techy/geek iPhone owners I know to see what their reaction is...


----------



## metalguru (Apr 20, 2011)

I tried the iphone tracker. Main thing it told me is that I haven't been outside Central London since I got my iphone last August (correct).

Still not very happy that this information is being stored.


----------



## magneze (Apr 20, 2011)

As this info is stored on your PC/Mac then any malware could also access this information. Arguably this is a much greater risk than a rogue iOS app.


----------



## editor (Apr 20, 2011)

It may not even be legal: 


> Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, said it is possible Apple is violating the Wireless Communications and Public Safety Act, which allows telecom carriers to provide call information only in emergency situations.
> 
> “By asking for permission to collect location data, Apple may be trying to get around its legal obligations, by asking people to give up privacy rights they don’t even know they have,” Nissim said.
> 
> ...


----------



## FridgeMagnet (Apr 20, 2011)

These are data that are stored on individual devices and PCs and not sent anywhere. There's no legal issue there; it isn't data collection by a third party.

It is certainly a _personal security_ liability, in that the user would not (previously) be aware that those data were being stored so wouldn't be able to make informed security choices about encryption or not to use the device; it also just simply seems not to have had any real purpose anyway, and you don't store sensitive data you don't need, that's security first principles.


----------



## FridgeMagnet (Apr 20, 2011)

magneze said:


> Actually, it's not clear if this data is available to apps, so the scenario I've outlined might not be possible.


 
If it were accessible to apps we would have heard about this a long time ago! iOS apps are very sandboxed and have strict user-controlled access to location data.


----------



## magneze (Apr 20, 2011)

FridgeMagnet said:


> If it were accessible to apps we would have heard about this a long time ago! iOS apps are very sandboxed and have strict user-controlled access to location data.


Indeed, but your average PC is not - this is probably the greater danger.


----------



## elbows (Apr 20, 2011)

Wahey, I met Pete Warden once, computer visuals-related stuff, never dreamed Id find him in the news one day for helping to expose this Apple horror, especially as I met him just before he went off to work for Apple on some graphics stuff.

Have downloaded his app, off to try it now.


----------



## Refused as fuck (Apr 20, 2011)

I know all of this _looks_ bad but Sunray hasn't yet explained how it's actually all Google's fault and Apple are completely innocent of all charges. And I reserve judgement until s/he does.


----------



## Macabre (Apr 20, 2011)

I bet the News of the World journos would have loved for this sort of info.


----------



## editor (Apr 20, 2011)

FridgeMagnet said:


> These are data that are stored on individual devices and PCs and not sent anywhere. There's no legal issue there; it isn't data collection by a third party.
> 
> It is certainly a _personal security_ liability, in that the user would not (previously) be aware that those data were being stored so wouldn't be able to make informed security choices about encryption or not to use the device; it also just simply seems not to have had any real purpose anyway, and you don't store sensitive data you don't need, that's security first principles.


How ever you spin it, they should not have been secretly and insecurely storing this data - and transferring it over phone upgrades and desktop computers - without a user's explicit permission.



> Dr Ian Brown, a senior research fellow at the Oxford Internet Institute, said: “I certainly think it's something they should have brought much more to the attention of the user, and that it should only be switched on after an explicit user decision.”
> Daniel Hamilton, director of the privacy lobby group Big Brother Watch said: “iPhone users will rightly be concerned that their movements are being covertly monitored in this way.
> “Apple has a duty to immediately provide their customers with details about how to disable this invasive software."
> 
> http://www.telegraph.co.uk/technolo...one-tracks-users-location-in-hidden-file.html


----------



## FridgeMagnet (Apr 20, 2011)

That's twice now you've implied I'm posting "pro-Apple spin" and then said something practically identical to what I actually posted.


----------



## Bungle73 (Apr 20, 2011)

Surely this is only of concern if you leave location services on all time time? Doing so drains the battery so I leave mine off most of the time.



Kanda said:


> Only I have access to my Mac, I can remote wipe my iPhone.
> 
> Not justifying their behaviour, just saying why I'm not too bothered by this.


You don't need a Mac to do that, you can do it from any computer provide you sign up for it; shows you where your phone is too.


----------



## Bungle73 (Apr 20, 2011)

editor said:


> How ever you spin it, they should not have been secretly and insecurely storing this data - and transferring it over phone upgrades and desktop computers - without a user's explicit permission.


 
I'm pretty sure it's in their T&Cs which no one bothers to read (I'm guilty too).


----------



## editor (Apr 20, 2011)

FridgeMagnet said:


> That's twice now you've implied I'm posting "pro-Apple spin" and then said something practically identical to what I actually posted.


I haven't suggested you were "pro Apple" but I'm disagreeing with your firm insistence that there is "no legal issue" here. I suspect there _may_ be, no matter what the (generally unread) T&Cs say.


----------



## FridgeMagnet (Apr 20, 2011)

Bungle73 said:


> Surely this is only of concern if you leave location services on all time time? Doing so drains the battery so I leave mine off most of the time.


 
These aren't GPS data, it seems to be a log from the base stations used which is automatic when not in airplane mode, so it's not affected by location services. You could leave it in airplane mode all the time I suppose


----------



## Bungle73 (Apr 20, 2011)

FridgeMagnet said:


> These aren't GPS data, it seems to be a log from the base stations used which is automatic when not in airplane mode, so it's not affected by location services. You could leave it in airplane mode all the time I suppose


 
If it's not using GPS its not going to that accurate is it?


----------



## FridgeMagnet (Apr 20, 2011)

Bungle73 said:


> If it's not using GPS its not going to that accurate is it?


 
Accurate enough to form a general picture of movements, not to track you by satellite. It would certainly be very useful to a PI. (Intelligence services, as said before, can already theoretically get this location data from your mobile company if they're legit.)


----------



## FridgeMagnet (Apr 20, 2011)

editor said:


> I haven't suggested you were "pro Apple" but I'm disagreeing with your firm insistence that there is "no legal issue" here. I suspect there _may_ be, no matter what the (generally unread) T&Cs say.


 
I can't see what laws it contravenes to store personal data on a personal device which isn't then distributed, and I note that commentators (hotfooted by journos on a newly-breaking story) are hedging their bets and saying "well it might possibly be against X but in general it's very bad practice and shouldn't be done". It _is_ very bad practice and shouldn't be done but there will not be any lawsuits here.


----------



## Gromit (Apr 20, 2011)

kained&able said:


> Breaking news: 100,000 drug dealers have just thrown their iphones into a river.
> 
> dave


 
They all use burners. I seen it on the Wire so truedat.


----------



## editor (Apr 20, 2011)

I like Wired's headline: "iPhone Tracks Your Every Move, and There's a Map for That"


----------



## Winot (Apr 20, 2011)

It's covered by the T&Cs according to the Beeb.

This isn't a legal issue it's a marketing issue.  They've cocked up; people won't like it; those people are customers.  Bad form.


----------



## magneze (Apr 20, 2011)

Bungle73 said:


> If it's not using GPS its not going to that accurate is it?


In a city where there are lots of base stations it will be very accurate, similar to a GPS. Further out not as much.


----------



## Sunray (Apr 20, 2011)

Refused as fuck said:


> I know all of this _looks_ bad but Sunray hasn't yet explained how it's actually all Google's fault and Apple are completely innocent of all charges. And I reserve judgement until s/he does.



I resent the accusation,

Its in the T&C that nobody reads.  I knew this was happening because I signed up to the 'where is my phone' system which clearly has to track that sort of shit to answer the question.

Not a great idea to be doing this, or if your going to do it, do it strongly encrypted so nobody can tell.  

Simple fix is to buy another phone, there are plenty of other ones to choose.


----------



## magneze (Apr 20, 2011)

It shows up T&Cs tbh. Reading them in light of this, then you could read them in that way. However, would anyone predict this from reading the T&Cs? If so then it would have been published before.

Bloody lawyers.


----------



## Kid_Eternity (Apr 20, 2011)

Winot said:


> It's covered by the T&Cs according to the Beeb.
> 
> This isn't a legal issue it's a marketing issue.  They've cocked up; people won't like it; those people are customers.  Bad form.


 
Yup, there's already a great deal of paranoia out there about mobile phones being used to track people this will have a corrosive effect on Apple unless they get out in front of this story...the anti Apple brigade must be creaming their pants with joy!


----------



## FridgeMagnet (Apr 20, 2011)

Ts&Cs aren't that relevant here, and to be honest they're an area that needs looking at in law. The fact that people generally just click through Ts&Cs without paying any attention to them has been acknowledged in some cases already, and if there was a serious attempt to sue, it may well not count as consent to a practice to have ticked a box at the end of a fifty page document.


----------



## sim667 (Apr 20, 2011)

I bet this happens on other devices too, it's just not been leaked yet


----------



## Refused as fuck (Apr 20, 2011)

Sunray said:


> I resent the accusation,
> 
> Its in the T&C that nobody reads.  I knew this was happening because I signed up to the 'where is my phone' system which clearly has to track that sort of shit to answer the question.
> 
> ...


 
I agree with you, tbh. iPhones are shit. Your post reads as if you've just watched your champion take a pummeling and embarass himself by screaming for mercy. So have a hug.

(((Sunray)))


----------



## Kid_Eternity (Apr 20, 2011)

sim667 said:


> I bet this happens on other devices too, it's just not been leaked yet


 
Well the people that found this said they haven't found it on other phones although it may be possible that other phone OS makers just use a different system for logging this type of data?


----------



## sunnysidedown (Apr 20, 2011)

As someone who on most weekends drinks too much to remember their whereabouts, let me be the first to thank Apple for the ease they have given me to find out where I have been spending my time.


----------



## GarfieldLeChat (Apr 21, 2011)

intrestingly I've just plugged mine and there's an update for my Iphone...


----------



## GarfieldLeChat (Apr 21, 2011)

iOS 4.3.2 Software Update

This update contains improvements and other bug fixes, including:

- Fixes an issue that occasionally caused blank or frozen video during a FaceTime call
- Fixes an issue that prevented some international users from connecting to 3G networks on iPad with Wi-Fi + 3G
- The latest security updates

Products compatible with this software update:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad 2
• iPad
• iPod touch (4th generation)
• iPod touch (3rd generation)

For information on the security content of this update, please visit this website:
	<http://support.apple.com/kb/HT1222>

Interestingly if this is an update regarding this and the security issues are what this is talking about then they will need to make the older Iphones 3 2 and original updated to the latest Ios too as otherwise they'd still be in breech of any legislation relating to it.  

So it may actually be a bonus to those with older handsets this has been discovered.


----------



## FridgeMagnet (Apr 21, 2011)

That was released days ago.


----------



## GarfieldLeChat (Apr 21, 2011)

update t&c's said:
			
		

> (b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party's terms and privacy policy on use of location data by such third party applications or services.



Nothing in here about storing a log file of your locations tho...


----------



## GarfieldLeChat (Apr 21, 2011)

Wasn't for my phone plugged in last night... 

as it being plugged in daily I would have thought I'd have noticed you know using the pc and phone and all...


----------



## FridgeMagnet (Apr 21, 2011)

Well, I had it days ago. By default it only checks once a week iirc.


----------



## GarfieldLeChat (Apr 21, 2011)

whoop de fucking doo...


----------



## FridgeMagnet (Apr 21, 2011)




----------



## pengaleng (Apr 21, 2011)

people steal phones and computers to sell them on and make a quick buck, not to trawl through your info and find out where you are, if they were that intelligent they wouldn't be robbing computers, they'd be siphoning off bank accounts, and, I'd be more concerned about the pics of my vag, not that someone was finding out I do phonecalls at the morrisons down the road.


----------



## editor (Apr 21, 2011)

US Congress and FCC are now investigating the iPhone tracking:



> A hidden feature in the iPhone and iPad operating software that silently tracks consumers’ location has caught the attention of the FCC and Congress.
> 
> An FCC official told POLITICO the agency is looking into the matter. On Wednesday, a study was released that found Apple’s popular devices were periodically tracking and storing users’ longitude and latitude coordinates along with time stamps.
> 
> ...


----------



## Sunray (Apr 21, 2011)

Refused as fuck said:


> I agree with you, tbh. iPhones are shit. Your post reads as if you've just watched your champion take a pummeling and embarass himself by screaming for mercy. So have a hug.
> 
> (((Sunray)))



You seem to think I give a fuck about Apple?

I think the iPhone is the best there is,  long press droid is a poor fragmented crappy second. Nothing to touch the iPhone UX at the moment. You welcome to your opinion.  If you want second best that's fine. 

When/if something better comes along I will buy that instead.  I look forward to something better than the iPhone 4 because that is going to be an impressive device.

I like owning the best techy kit, thats why I own an iPhone 4, a Core-i7 cpu (over clocked to 4Ghz), SSD hard disk, Raptor hard disks, Razer mice etc.


----------



## ymu (Apr 21, 2011)

_<wonders how many IT departments are currently being instructed to retrieve the data before employees have a chance to wipe it>_


----------



## Obnoxiousness (Apr 21, 2011)

In this thread:
http://www.urban75.net/vbulletin/threads/346539-Monitoring

I told you all that you were being monitored, and now you're seeing the tip of the iceberg.

Wake UP!!!

Not even Winston Smith had a tracking device attached to him.  It may not be 1984, but it's cleverer than that; it's an entertainment limpet attached to you, so you can communicate, play games and be monitored. 

You will see I'm right, in the end.


----------



## Crispy (Apr 21, 2011)

You don't understand the technical details.

Phone companies are already able to track the location of phones and can provide that information to law enforcement when given a warrant. This tracking happens only on the phone and is not actually sent to anyone.


----------



## ymu (Apr 21, 2011)

If you were deeply paranoid, you _might_ ask if there were any trojans released in the last year or so that can grab this data.


----------



## editor (Apr 21, 2011)

Crispy said:


> YPhone companies are already able to track the location of phones and can provide that information to law enforcement when given a warrant. This tracking happens only on the phone and is not actually sent to anyone.


But now Apple have provided a way for *anyone* with access to the user's iPhone or home computer to track their movements. 

Oh, and anyone who has used the downloadable app please note: 





> To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. *The underlying database has no such constraints, unfortunately.*
> 
> http://petewarden.github.com/iPhoneTracker/


My female friend is Oz says that her file clearly shows her route to her gym and the places she regularly frequents. It's a stalker/jealous husband/private eye's dream!


----------



## Crispy (Apr 21, 2011)

editor said:


> But now Apple have provided a way for *anyone* with access to the user's iPhone or home computer to track their movements.


 
Yes, I know.


----------



## editor (Apr 21, 2011)

Apple should immediately - as in right now - offer a simple way for users to instantly opt out of this dodgy secret tracking system.


----------



## mwgdrwg (Apr 21, 2011)

Obnoxiousness said:


> In this thread:
> http://www.urban75.net/vbulletin/threads/346539-Monitoring
> 
> I told you all that you were being monitored, and now you're seeing the tip of the iceberg.
> ...


 
Entertainment limpet 

Would be an ace Doctor Who episode!


----------



## mauvais (Apr 21, 2011)

I read a comment earlier that suggested this isn't entirely true. They claimed it logs cell ID along with location* and a timestamp - this is used to quickly work out your location from your cell ID without having to do a lookup like Android does.  This is different to wholesale tracking of your movements because it only need do it once per cell, i.e. it will log that you have been somewhere once, and when, but not again. I guess the timestamp would be useful to determine when the information might count as out of date.

*I don't know how the iPhone works wrt actual GPS but cell locations typically have an accuracy of ~2000m.


----------



## Crispy (Apr 21, 2011)

With triangulation, the accuracy is much better than that. In cities, it's nearly as good as GPS.


----------



## editor (Apr 21, 2011)

mauvais said:


> *I don't know how the iPhone works wrt actual GPS but cell locations typically have an accuracy of ~2000m.


That's complete nonsense. I often don't even bother turning on GPS in London because the cell tower triangulation is so accurate.  It's clearly a different story out in the wilds, though.


----------



## ymu (Apr 21, 2011)

Crispy said:


> With triangulation, the accuracy is much better than that. In cities, it's nearly as good as GPS.


 
Google maps can nearly always get us within 200m of where we are on the canals, nowhere near a city. That's with no GPS, just a 3G internet connection. I'll test it when we get to some really isolated places and see how it does.


----------



## mauvais (Apr 21, 2011)

editor said:


> That's complete nonsense. I often don't even bother turning on GPS in London because the cell tower triangulation is so accurate.  It's clearly a different story out in the wilds, though.


Or anywhere that isn't London. I get a radius of over a mile at home in suburbia. I know that Google's location service doesn't use triangulation though - just CID and LAC.

It usually looks like this:







Not mine, I just googled 'complete nonsense'.


----------



## editor (Apr 21, 2011)

When I was in NYC I was getting *very* accurate figures without GPS, especially if you have Wi-Fi turned on.


----------



## mauvais (Apr 21, 2011)

Yes, but that's Wi-Fi - I believe there's also an iPhone database for that - which has a much lower range (Google assumes about 100m).


----------



## editor (Apr 21, 2011)

mauvais said:


> Yes, but that's Wi-Fi - I believe there's also an iPhone database for that - which has a much lower range (Google assumes about 100m).


Cell locations can be very accurate, down to just 50 metres or less. That is a simple fact.


----------



## mauvais (Apr 21, 2011)

The only way that'd be possible *from a cell* is with femtocell or environmentally limited cell stations, e.g. a repeater in a tunnel.


----------



## 2hats (Apr 21, 2011)

editor said:


> Cell locations can be very accurate, down to just 50 metres or less. That is a simple fact.


 
They can also be wildly inaccurate/misleading!


----------



## 2hats (Apr 21, 2011)

*Use the source Luke*

If you grab the provided application source code and modify it (the app grids the data every few hundred metres and only provides time resolution down to a week) then you can easily plot precise locations in both space and time.

However, just looking at my own 'map' the data are inaccurate. At best one can say subject X was in this area of a city around time T. My own map fails miserably to identify the locations where I'm most frequently to be found. Even looking at the data recorded in central London (with best cell tower triangulation conditions) a stalker is going to be very bored and/or confused hanging around locations I seldom if ever visit. Many of the datapoints are out by hundreds of metres, some by as much as tens of km (eg places I've never been). Some locations I know I've been on a given date are missed out entirely (eg entire countries or the fact I'm in a particular city, let alone at the resolution of a district/street/house).

For use in legal proceedings it should be straightforward to demonstrate it can't be trusted.

However, that doesn't excuse Apple for [A] surreptitiously collecting the data and not being up front about it, and as importantly * storing said data effectively in the clear so it can easily be harvested by malware/dodgy websites/etc from the mobile device and/or the computer it syncs to. They could easily have encrypted it both in the synced backup image and on the mobile device (with app access via a suitable API).

Apple moved the datafile to make it accessible to apps in iOS4 as they made other API changes at the time which would otherwise have prevented apps that really need this data from being able to access it. Unfortunately this had the effect of making the data both easily accessible on backups and to 'forensic' tools.

Interestingly there's an on going story about police in the US using commercial forensic devices to harvest this sort of data in warrant-less 'fishing trips' as part of 'random' driver stop and searches (they scan the driver's mobile phone or other personal electronic devices found in the car):

http://news.cnet.com/8301-17938_105-20055431-1.html?tag=mncol;txt

Similar devices are doubtless used 'randomly' at border control/security/customs.

I'm guessing the device concerned (and any other forensic device) snaffles this location file, plus wifi base station data (which is also cached over time) and GPS/time metadata from photos on the phone. All three sources together could be used to plot a more accurate map of where the phone has been...

Some solutions? Jailbreak your phone and symlink the datafile to /dev/null. Or wipe the phone frequently and don't restore it (bye bye paid apps). Or use a dumber phone. Or one for which you have access to the complete source code.*


----------



## sunnysidedown (Apr 21, 2011)

I did laugh at this comment on another forum: "I cant find the app in the Mac app store, has it been pulled?"


----------



## pengaleng (Apr 21, 2011)

everyone will be praising it when it's used to solve a murder or some shit, ott reactions from some.


----------



## ymu (Apr 21, 2011)

How could it be used to solve a murder? If the police need the data on someone, they can have it. This is of no use to officialdom*

But stalking? There's an app for that ...



*unless they're trying to circumvent the need for a court order via mass trojans
 /paranoid conspiracy.


----------



## 2hats (Apr 21, 2011)

tribal_princess said:


> everyone will be praising it when it's used to solve a murder or some shit, ott reactions from some.


 
That's what warrants (judicially reviewed) for the police to obtain cell tower positional data from telco's are for.

If you look at the raw, 'precise' data on an iphone (or backup), you'll soon realise that due to numerous spurious datapoints and lack of accuracy that the only potential use in a court of law for this data would be for a miscarriage of justice.


----------



## mauvais (Apr 21, 2011)

Good lurking!


----------



## editor (Apr 21, 2011)

The important bit:


> By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.
> 
> http://petewarden.github.com/iPhoneTracker/


----------



## Kanda (Apr 21, 2011)

If you give them access to your login. 

If you've got a jealous spouse, there's probably reason for it and you need to sort that out tbf...


----------



## editor (Apr 21, 2011)

Kanda said:


> If you've got a jealous spouse, there's probably reason for it and you need to sort that out tbf...




No, really,


----------



## Kanda (Apr 21, 2011)

editor said:


> No, really,


----------



## 2hats (Apr 21, 2011)

I try my best.


----------



## Kanda (Apr 21, 2011)

Encrypting your backups (simple checkbox in iTunes) gets over these worries though doesn't it?


----------



## TopCat (Apr 21, 2011)

Buy a Nokia phone!


----------



## Bernie Gunther (Apr 21, 2011)

It's a bit weird. If they were planning to data-mine it, surely it'd make more sense to collect it server-side the way everybody else does? 

Wondering if someone left some debugging code in the live build ...


----------



## 2hats (Apr 21, 2011)

Kanda said:


> Encrypting your backups (simple checkbox in iTunes) gets over these worries though doesn't it?


 
At the expense of a slower backup, yes, some. Doesn't touch the original, still clearly accessible file on the iphone itself, though. Of course if you share the computer with others and don't routinely use separate accounts, or leave those accounts logged in and add the password to your keychain (and unlock that at login) then others or malware can still access it. The most effective solution for the paranoid might well be to jailbreak the iphone and symlink the file to /dev/null.


----------



## Kid_Eternity (Apr 21, 2011)

Bernie Gunther said:


> It's a bit weird. If they were planning to data-mine it, surely it'd make more sense to collect it server-side the way everybody else does?
> 
> Wondering if someone left some debugging code in the live build ...


 
Yup that's why I don't see the burglar angle as that big a deal (in a practical sense not privacy sense that is), the chances of it happening are very very low. 

This data is a marketing dream, the chances of it being sold or commercially exploited are hugely bigger than coming home and finding your house ransacked due to it...


----------



## ymu (Apr 21, 2011)

Bernie Gunther said:


> It's a bit weird. If they were planning to data-mine it, surely it'd make more sense to collect it server-side the way everybody else does?
> 
> Wondering if someone left some debugging code in the live build ...


 
It would be illegal if they were storing it remotely.

It's not an error - the data is copied to a new iPhone automatically. It's there deliberately. (Link somewhere ^^ back there.)


----------



## Kid_Eternity (Apr 21, 2011)

*iPhone Tracking Is All A Big Mistake, Says Researcher*

Looks like Apple's counter PR drive is gearing up:



> The iPhone tracking issue that’s causing a big privacy stink isn’t new and isn’t really tracking users, says an iOS forensics researcher.
> 
> It’s actually a data file that is used internally by the iPhone to do things like geo-tag photos, and it’s been in iOS for a long time (in a different form).
> 
> What’s new is a nifty extraction tool called iPhoneTracker that pulls the data off your hard drive and makes a striking map out of it. iPhoneTracker was released this week at O’Reilly’s Where 2.0 conference, causing a huge outcry about privacy and prompting U.S. Senator Al Franken to write to Steve Jobs.


----------



## magneze (Apr 21, 2011)

Laughable.  At least we know who not to go to for forensics research.

It's not new - ok, not sure how that is good.

It's not _really_ tracking users - how is it not _really_ tracking users?



> Tracking:
> the act or process of following something or someone
> or even
> Precise and continuous position-finding of targets by radar, optical, or other means.


http://www.thefreedictionary.com/tracking


----------



## 2hats (Apr 21, 2011)

*Speculation*

Summary: Skyhook et al too expensive so Apple might be letting customer handsets do the scanning and help build their own wifi-geolocation database:

http://www.f-secure.com/weblog/archives/00002145.html

The phone certainly stores wifi geolocation data (estimated latitude, longitude and timestamps along with altitude, speed, confidence, horizontal accuracy and vertical accuracy) in a similarly accessible database:

http://www.freedom-to-tinker.com/blog/wclarkso/tracking-your-every-move-iphone-retains-extensive-location-history

and harvesting your lat/long/time from the JPEG EXIF metadata on your phone is trivial.

What fun the police could have with a device that does all three and profiles the movement of the phone. Fishing trips to catch speeding drivers? "Now if I can just borrow your phone a minute, Mr Clarkson", as someone hinted at elsewhere.


----------



## Bungle73 (Apr 21, 2011)

2hats said:


> h(bye bye paid apps)


Not really, just download them again. But the info would still be on your PC wouldn't it?


----------



## editor (Apr 21, 2011)

Kid_Eternity said:


> Looks like Apple's counter PR drive is gearing up:


The commentators on that article aren't exactly impressed by the spin, are they


----------



## Kid_Eternity (Apr 21, 2011)

editor said:


> The commentators on that article aren't exactly impressed by the spin, are they


 
Totally, looks like horseshit to me, be interesting to see how Apple attempts to spin this given the US senate investigation and negative coverage in the press and blogs...


----------



## mauvais (Apr 21, 2011)

magneze said:


> Laughable.  At least we know who not to go to for forensics research.
> 
> It's not new - ok, not sure how that is good.
> 
> ...


Cos it ain't continuous. It's like a big checklist of places and it ticks them off (with a time) as you go there - only once.

I'm no Apple fan by any means, and I'm not suggesting this approach is right, but there's a lot of FUD generated around it too.




			
				Apple database said:
			
		

> CREATE TABLE CellLocation (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, *PRIMARY KEY (MCC, MNC, LAC, CI)*)


My bold - if you are geeky enough to know what this means, it proves the point above. MCC = country code, MNC = network code, LAC = geographic area code, CI = cell tower ID.


----------



## TheHoodedClaw (Apr 21, 2011)

Android caches wifi connections and cell locations too, with latitude and longitude and timestamp:

https://github.com/packetlss/android-locdump#readme


----------



## magneze (Apr 21, 2011)

mauvais said:


> Cos it ain't continuous. It's like a big checklist of places and it ticks them off (with a time) as you go there - only once.
> 
> I'm no Apple fan by any means, and I'm not suggesting this approach is right, but there's a lot of FUD generated around it too.
> 
> My bold - if you are geeky enough to know what this means, it proves the point above. MCC = country code, MNC = network code, LAC = geographic area code, CI = cell tower ID.


Not sure of your point, can you expand on this?


----------



## Kid_Eternity (Apr 21, 2011)

Are Apple about to issue an update to remove this? Daring Fireball claims he's heard this was either a bug or an oversight to leave it in...



> The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.



Viral pr..?


----------



## mauvais (Apr 21, 2011)

magneze said:


> Not sure of your point, can you expand on this?


It might be tracking but it doesn't fit your stated definition of it. 

Suppose that tomorrow I embark a fictional affair thrice weekly with a fictional lady from the fictional but quintessentially English village of Yermamington. After a number of years of doing this my fictional wife gets suspicious after I keep coming home covered in bruises and smelling of bleach. She somehow gains an intermediate level understanding of SQL databases, steals my fictional iPhone and is able to determine -  - that I went to said village once, in April 2011. I claim that I went there to judge the local Boringshire In Bloom contest and never again returned. She poisons me a decade later and gets the last laugh after all.


----------



## magneze (Apr 21, 2011)

mauvais said:


> It might be tracking but it doesn't fit your stated definition of it.
> 
> Suppose that tomorrow I embark a fictional affair thrice weekly with a fictional lady from the fictional but quintessentially English village of Yermamington. After a number of years of doing this my fictional wife gets suspicious after I keep coming home covered in bruises and smelling of bleach. She somehow gains an intermediate level understanding of SQL databases, steals my fictional iPhone and is able to determine - ta da - that I went to said village once, in April 2011. I claim that I went there to judge the local Boringshire In Bloom contest and never again returned.


 I don't see how it doesn't fit at all. That's a bizarre assertion.

Of course a digital system takes snapshots of the location, because that's all it can ever do. By your logic no digital system could ever be described as tracking!


----------



## mauvais (Apr 21, 2011)

It's nothing to do with snapshots - it's that it can only record a location once. One cell tower, maximum one record. It shows that you went somewhere once, at a time. If you went there again, nothing.


----------



## magneze (Apr 21, 2011)

mauvais said:


> It's nothing to do with snapshots - it's that it can only record a location once. One cell tower, maximum one record. It shows that you went somewhere once, at a time. If you went there again, nothing.


Gotcha. That is marginally better, yes. Good spot.


----------



## magneze (Apr 21, 2011)

Looking into this further, a similar story appears to be true for the WifiLocation table - one entry per Wifi MAC address. However, there is no such primary key restriction on the WifiLocationHarvest table which contains pretty much the same thing. I wonder how often that table is populated. This could conceivably be more tracking type data, but without an iPhone handy I can't tell.


```
CREATE TABLE Wifi (Timestamp FLOAT, MAC TEXT, RSSI INTEGER, PRIMARY KEY (Timestamp, MAC));
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
CREATE TABLE WifiLocationCounts (Count INTEGER);
CREATE TABLE WifiLocationHarvest (MAC TEXT, Channel INTEGER, Hidden INTEGER, RSSI INTEGER, Age FLOAT, BundleId TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER);
CREATE TABLE WifiLocationHarvestCounts (Count INTEGER);
CREATE INDEX WifiLocationHarvestIndex ON WifiLocationHarvest (MAC);
```


----------



## 2hats (Apr 21, 2011)

A key question is - iOS4 introduced encryption for the data (activate your passcode and you should see a 'Data protection is enabled.' message at the bottom of the Settings>General>Passcode Lock screen). Apple document that Mail uses the appropriate API. Does the core iOS system though and thus offer some degree of protection of this data?

On older devices that shipped with iOS3 and were then upgraded to iOS4 one has to jump through a few hoops to enable this feature:

http://support.apple.com/kb/HT4175


----------



## fogbat (Apr 21, 2011)

I don't see what the big deal is.

Apple do this _because they care_.


----------



## editor (Apr 21, 2011)

TheHoodedClaw said:


> Android caches wifi connections and cell locations too, with latitude and longitude and timestamp:
> 
> https://github.com/packetlss/android-locdump#readme





> You will need root access to the device to read this directory..
> 
> Important note: looking at old android source (this code is no longer open from Google it seems) it seems to be limited heavily.
> 
> However, data is only pruned when new info is added. There is no time based pruning unless there is new data being added to the cache. This could lead to old data being if there is limited movement of the device.


It's hardly in the same league as the iPhone leaving an unprotected file on both the phone and the home computer tracking a user's movements for up to a year (even across upgrades) is it?


----------



## Johnny Canuck3 (Apr 21, 2011)

Kid_Eternity said:


> The Guardian reports on the shocking breach of privacy that only Apple does with its iPhone:


 
And this surprises you somehow?


----------



## TheHoodedClaw (Apr 22, 2011)

editor said:


> It's hardly in the same league as the iPhone leaving an unprotected file on both the phone and the home computer tracking a user's movements for up to a year (even across upgrades) is it?



The Apple thing looks like a bad implementation of a function that any smart device might want to do. There's no reason it should be in plain text, but I can understand why it is stored and can be shared between devices.


----------



## editor (Apr 22, 2011)

Google has made it clear that it doesn't follow Apple's behaviour regarding tracking: 



> “All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.”
> 
> But, even then, the WSJ article also refers to data that isn’t actually being anonymized by Google:
> 
> ...


----------



## FridgeMagnet (Apr 22, 2011)

If it stores a unique identifier, it's not anonymised. It's pseudonymised, and there is a large amount of difference between that and anonymised data.A "send anonymous info to Google" tickbox would not cover it.


----------



## moochedit (Apr 22, 2011)

Google are not squeaky clean either.



> If you've got a Wi-Fi network, chances are Google has used its top-selling Android mobile operating system to store your router's precise location and broadcast it for all the world to see.
> 
> Google has been compiling the publicly accessible database of router locations in its quest to build a service, a la Skyhook, that pinpoints the exact location of internet users who use its sites. Now, hobbyist hacker Samy Kamkar has developed a site that demonstrates just how comprehensive Google's catalog is.
> 
> Plug the MAC address of your router into Kamkar's website, and chances are it will pull up its precise location, courtesy of Google Maps.


----------



## UnderAnOpenSky (Apr 22, 2011)

So what's in this for Apple then?


----------



## editor (Apr 23, 2011)

moochedit said:


> Google are not squeaky clean either.


But still a _whole load better_ than Apple's fucking dodgy practices that leaves users with their precise, time-stamped  whereabouts -* for up to a year or more* - left easily accessible on any machine they've synced their iPhones/iPad with.



> Like iOS devices, Android phones do collect location information in a local file. But they seem to erase it relatively quickly instead of saving it forever. Swedish programer Magnus Eriksson has highlighted a portion of the Android source code suggesting a maximum of 50 cell tower locations are retained, which a source close to Google indicates is correct.
> 
> http://news.cnet.com/8301-31921_3-20056657-281.html


----------



## ymu (Apr 23, 2011)

Global Stoner said:


> So what's in this for Apple then?


 
It doesn't have to be anything sinister. It looks like it might be a simple programming error. That doesn't change the fact that it's storing the data in unencrypted form in a way that's accessible to anyone who can get control of your phone or computer, directly or via a trojan.


----------



## pk (Apr 24, 2011)

In Google's case an Android HTC phone tracked its location every few seconds and transmitted the data back to Google several times an hour, according to new research by security analyst Samy Kamkar for the Wall Street Journal.
It also transmitted the name, location and signal strength of any close Wi-Fi networks and the phone's unique identifier.
Both Google and Apple have previously admitted they are using location data to build massive databases of Wi-Fi hotspots.
This can then be used to pinpoint individual's locations via their mobile phones, which in turn could help the companies tap into the huge market for location-based services, currently worth $2.9billion.
This figure is expected to rise to a staggering $8.3billion in 2014, according to research company Gartner.
Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone's been, but also where they might be going — and what they might be inclined to buy when they get there.
A spokeswoman for the Office of the Privacy Commissioner of Canada told the Journal the office 'had concerns' about using mobile phones to collect Wi-Fi data and had expressed those concerns to Google itself.

Read more: http://www.dailymail.co.uk/sciencet...its-user-locations-company.html#ixzz1KTF3M1Lq


----------



## pk (Apr 24, 2011)

Looks like Google are even more ethically fucked than Apple then - at least the Apple location data doesn't get uploaded to Apple HQ unlike Google - who have already been slapped with fines for their Google car system that unlawfully accessed wifi networks...


----------



## editor (Apr 24, 2011)

pk said:


> In Google's case an Android HTC phone tracked its location every few seconds and transmitted the data back to Google several times an hour, according to new research by security analyst Samy Kamkar for the Wall Street Journal.


Does it leave an unprotected and detailed file of all your movements on any desktop you sync your phone with?

As for Apple's ethics: Apple named 'least green' tech company
http://www.guardian.co.uk/environment/2011/apr/21/apple-least-green-tech-company


----------



## FridgeMagnet (Apr 24, 2011)

Apple does sync location data with central servers every now and then, though not as frequently as Android does with Google, which is every few seconds apparently. Storing certain data on a phone and requiring physical access to it is an effectively insignificant security risk compared to a phone which actively sends your data to a central server. With a unique identifier. That's what people should be looking at.

eta: yes, Android does store a cached location file too, though it's supposed to have a lower retention time than the iPhone's.


----------



## Kid_Eternity (Apr 24, 2011)

Perhaps a mod can change the title of this thread to include Google's name along with Apple given recent news?


----------



## pk (Apr 24, 2011)

editor said:


> Does it leave an unprotected and detailed file of all your movements on any desktop you sync your phone with?



What does it matter? - it transmits said file to Google - that's private info about your personal life becoming property of Google.



> As for Apple's ethics: Apple named 'least green' tech company
> http://www.guardian.co.uk/environment/2011/apr/21/apple-least-green-tech-company


 
That's a bit misleading - the report estimated dependence on coal for Apple's data centres at 54.5%, followed by Facebook at 53.2%, IBM at 51.6%, HP at 49.4%, and Twitter at 42.5%.

It's more about the locations chosen for their data centres and the power supplies nearby, that the company directly polluting the planet.


----------



## Bungle73 (Apr 24, 2011)

editor said:


> Does it leave an unprotected and detailed file of all your movements on any desktop you sync your phone with?
> 
> As for Apple's ethics: Apple named 'least green' tech company
> http://www.guardian.co.uk/environment/2011/apr/21/apple-least-green-tech-company


Unless you're in the habit of syncing your iPhone with random public PCs that is a much lesser issue than some people are making it out to be.


----------



## editor (Apr 24, 2011)

pk said:


> It's more about the locations chosen for their data centres and the power supplies nearby, that the company directly polluting the planet.


Ah. It's "misleading" is it? So you think that one of the richest corporations on the planet have no choice over where they decide to locate their business? LOL.

Google seem to have managed a different way of thinking:


> Solar Energy
> 
> April 7th - Google agreed it's first clean-tech investment in Europe, pumping $5 million into a German solar power plant based in Brandenburg near Berlin.
> 
> ...



http://blog.searchenginewatch.com/110421-144800


----------



## Kid_Eternity (Apr 24, 2011)

editor said:


> Ah. It's "misleading" is it? So you think that one of the richest corporations on the planet have no choice over where they decide to locate their business? LOL.
> 
> Google seem to have managed a different way of thinking:
> 
> ...


 
Perhaps we could have that debate on a thread about that topic rather than polluting this one with it?


----------



## editor (Apr 24, 2011)

Bungle73 said:


> Unless you're in the habit of syncing your iPhone with random public PCs that is a much lesser issue than some people are making it out to be.


Let's try this again: given the choice, would you like your phone to automatically transfer over an easily accessible, detailed record of your timestamped movements to any machine you sync it with or not?


----------



## editor (Apr 24, 2011)

Kid_Eternity said:


> Perhaps we could have that debate on a thread about that topic rather than polluting this one with it?


"Polluting".... I see what you're doing there!  

Anyway, I'm done on this topic. I've never seen the reality distortion field in such full effect, so on that basis, there's very little to be gained in pursuing the point.


----------



## FridgeMagnet (Apr 24, 2011)

Kid_Eternity said:


> Perhaps a mod can change the title of this thread to include Google's name along with Apple given recent news?


 
I think that's reasonable.


----------



## editor (Apr 24, 2011)

FridgeMagnet said:


> I think that's reasonable.


Does Google store a searchable, non-deletable detailed file of all your movements on both Android phones and desktops then?

The thread title's just fine.


----------



## Kid_Eternity (Apr 24, 2011)

editor said:


> Does Google store a searchable, non-deletable detailed file of all your movements on both Android phones and desktops then?


 
The title of this thread doesn't state that, it states the fact that Apple tracks it's users, the story is now that both Google and Apple do this so it's misleading to not have the title corrected to reflect that.


----------



## Kid_Eternity (Apr 24, 2011)

editor said:


> "Polluting".... I see what you're doing there!
> 
> Anyway, I'm done on this topic. I've never seen the reality distortion field in such full effect, so on that basis, there's very little to be gained in pursuing the point.


 
Yeah have to say was a little proud of that.


----------



## Bungle73 (Apr 24, 2011)

editor said:


> Let's try this again: given the choice, would you like your phone to automatically transfer over an easily accessible, detailed record of your timestamped movements to any machine you sync it with or not?


 
If it's my personal PC why would I even care?

And it's not a "detailed record of my timestamped movements". It only records each location once, so its hardly detailing your every movement.


----------



## FridgeMagnet (Apr 24, 2011)

editor said:


> Does Google store a searchable, non-deletable detailed file of all your movements on both Android phones and desktops then?


 
I don't know whether it does on desktops, I suppose that depends on how you sync and whether you take backups. You don't have to take backups after all, on either of them. It does store one on the phone, and it sends the info to Google all the time.


----------



## Kid_Eternity (Apr 24, 2011)

The story is now Apple and Google, and people will be looking for info on both, in fact the Guardian headline may be a better one for this thread:

*iPhones and Android phones building vast databases for Google and Apple*
Italy, France and Germany to investigate smartphone tracking software amid privacy concerns


----------



## editor (Apr 24, 2011)

FridgeMagnet said:


> I don't know whether it does on desktops, I suppose that depends on how you sync and whether you take backups.


Answer is: *it doesn't *so this thread title change is fucking ridiculous. 

This thread is about the iPhone's recently documented dodginess and not vaguely, sort of similar things that Android may or may not be doing that's been brought up in the hope that it wont make Apple look so bad.

It's kind of pathetic, really. Start a new thread if you want to discuss Google's quite different issues.


----------



## editor (Apr 24, 2011)

Kid_Eternity said:


> The story is now Apple and Google, and people will be looking for info on both, in fact the Guardian headline may be a better one for this thread:
> 
> *iPhones and Android phones building vast databases for Google and Apple*
> Italy, France and Germany to investigate smartphone tracking software amid privacy concerns


And that link says:





> Google's list is limited to the most recent 50 cell masts and 200 wi-fi networks, while Apple's list is retained *for up to a year*. Sources close to Apple have suggested the long-term retention may be an error which it will correct in a future software update.
> 
> Privacy advocates fear that although the data is anonymised, *the Apple data is not encrypted and could be misused by law enforcement or others who wanted to capture information about someone's movements.*
> 
> One security researcher, Alex Levinson of Katana Forensics, said on Thursday *that US law enforcement had already made use of the location data recorded by the iPhone in investigations*.


Relevant points highlighted, none of which are applicable to Android.


----------



## Kid_Eternity (Apr 24, 2011)

Well take it up with the Guardian, US senators and a various European countries who disagree...the fact is that Google and Apple are tracking their users. This isn't about fanbois fighting over their favourite format, this is about our rights in the face of huge corporations who are attempting to profit from us.


----------



## sunnysidedown (Apr 25, 2011)

is there a name for those people who are a complete opposite of an Apple fan boy?


----------



## editor (Apr 25, 2011)

sunnysidedown said:


> is there a name for those people who are a complete opposite of an Apple fan boy?


Normal people.


----------



## elbows (Apr 25, 2011)

Its clearly a large issue that has been waiting to happen for some time, and affects numerous companies & systems.

The Apple example is especially bad & graphic due to the tools made available to look at the data, but the overall issue goes way beyond this and attempts to defend companies such as Google over this stuff are exceedingly misplaced.


----------



## editor (Apr 25, 2011)

elbows said:


> The Apple example is especially bad & graphic due to the tools made available to look at the data, but the overall issue goes way beyond this and attempts to defend companies such as Google over this stuff are exceedingly misplaced.


I'm not defending Google here at all - if I find out that they've been creating easily accessible files about my whereabouts on my desktop I'm going to very angry indeed - but what is happening is that Apple enthusiasts have either been making out that it's a lot of fuss over nothing or trying to divert the debate elsewhere.

If Google are up to similar - but not directly related -  dodginess, then that's have a thread on that too, but I'm not happy having this thread - which relates *directly* to Apple's _quite unique and specific dodgy goings on_ - suddenly being branched out for no good reason.


----------



## Bungle73 (Apr 25, 2011)

editor said:


> I'm not defending Google here at all - if I find out that they've been creating easily accessible files about my whereabouts on my desktop I'm going to very angry indeed - but what is happening is that Apple enthusiasts have either been making out that it's a lot of fuss over nothing or trying to divert the debate elsewhere.


That's because it is a fuss over nothing.  The info is only on your own PC so what's the big deal?



> If Google are up to similar - but not directly related -  dodginess, then that's have a thread on that too, but I'm not happy having this thread - which relates *directly* to Apple's _quite unique and specific dodgy goings on_ - suddenly being branched out.


 Why do we need a separate thread when it's more or less the same issue?


----------



## editor (Apr 25, 2011)

Bungle73 said:


> That's because it is a fuss over nothing.  The info is only on your own PC so what's the big deal?
> 
> 
> Why do we need a separate thread when it's more or less the same issue?


Android phones are not leaving a hidden, undeletable file containing all your movements across multiple phone upgrades and any computer you sync your phone to, and if you can't work out any reasons why having all this information in an easily accessible format might be problematic for a multitude of reasons, I rather despair.

Or, to put in another way: would you, by choice, elect to leave such detailed files on your phone and computers?


----------



## editor (Apr 25, 2011)

Perhaps this new article on Wired makes it clearer:



> *Why you should care about the iPhone location-tracking issue*
> Having a data file with over a year's worth of your location information stored on your iPhone is a security risk.
> So if a thief got his hands on your iPhone, he can figure out where you live and loot you there, too. Same goes for a hacker who gains remote access to the consolidated.db file.
> 
> ...


----------



## Bungle73 (Apr 25, 2011)

editor said:


> Android phones are not leaving a hidden, undeletable file containing all your movements across multiple phone upgrades and any computer you sync your phone to, and if you can't work out any reasons why having all this information in an easily accessible format might be problematic for a multitude of reasons, I rather despair.
> 
> Or, to put in another way: would you, by choice, elect to leave such detailed files on your phone and computers?


No, Android phones are collecting info about your movements and sending it back to HQ. Far worse IMHO, but like always you're far more interested in bashing Apple.

I've said this before and I'll say it again, unless you're in the habit of syncing your iPhone with random public PCs why does it matter? This is your own PC and yours alone. I don't know about you but I'm not in the habit of letting random strangers have access to my PC.

Also it's not all your movements; it only records each location once, so if you visit somewhere multiple times it doesn't log that.


----------



## editor (Apr 25, 2011)

It seems that the data keeps on being stored even if you turn off location services:



> Apple Inc.'s iPhone is collecting and storing location information even when location services are turned off, according to a test conducted by The Wall Street Journal.
> 
> The location data appear to be collected using cellphone towers and Wi-Fi access points near a user's phone and don't appear to be transmitted back to Apple. Apple didn't immediately respond to a request for comment.
> 
> ...


----------



## Bungle73 (Apr 25, 2011)

editor said:


> Perhaps this new article on Wired makes it clearer:


A load of sensationalist nonsense.  How exactly is a thief or hacker going to determine where you live out of all the locations you might have visited?  The second part is nonsense too seeing as, like I've already said, it only records each location once.


----------



## Bungle73 (Apr 25, 2011)

Also, even if some nefarious person could use this to find out where you live what use would that be to anyone?  Someone could find out where you live by looking you up in the phone book, or looking at the electoral roll.


----------



## editor (Apr 25, 2011)

Bungle73 said:


> A load of sensationalist nonsense.  How exactly is a thief or hacker going to determine where you live out of all the locations you might have visited?  The second part is nonsense too seeing as, like I've already said, it only records each location once.


There's seems to be ample evidence suggesting that your complacency might be a bit misplaced:



> *No, iPhone location tracking isn't harmless and here's why
> Secret Apple database already being tapped by cops*
> 
> Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple's iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.
> ...


----------



## mauvais (Apr 25, 2011)

editor said:


> Android phones are not leaving a hidden, undeletable file containing all your movements across multiple phone upgrades and any computer you sync your phone to


No, that's what Google Latitude is for.


----------



## Kid_Eternity (Apr 25, 2011)

Bungle73 said:


> That's because it is a fuss over nothing.  The info is only on your own PC so what's the big deal?
> 
> 
> Why do we need a separate thread when it's more or less the same issue?


 
We don't, it's about privacy and corporations collecting data on you. A mod has changed the thread title so this thread is good enough to discuss both Google and Apple's violation of privacy issues.


----------



## editor (Apr 25, 2011)

Bungle73 said:


> Also, even if some nefarious person could use this to find out where you live what use would that be to anyone?  Someone could find out where you live by looking you up in the phone book, or looking at the electoral roll.


So will that tell them where your work, where you like to go walking, where you drink or (as in the case of my female Australian friend) the exact location of your gym? Oh, and unlike Apple's compulsory tracking, you can elect not to be in the phone book.


----------



## editor (Apr 25, 2011)

mauvais said:


> No, that's what Google Latitude is for.


Wow. That's a mighty big serving of FUD. 

Unlike Apple's secret tracking, Latitude is *opt-in* and its user policy was, "created in consultation with the Electronic Frontier Foundation" and "puts Latitude on equal privacy footing with Loopt, a popular friend-finding service that predates Latitude. *Both services now overwrite your previous location with your new location, and don’t keep logs*."



> The EFF’s Kevin Bankston applauded this stance in his post announcing Google’s decision:
> 
> We are incredibly happy that Google has taken this rare step, not only by making the right decision about the privacy of its users’ data, but by making that policy public. When it comes to government surveillance, the legal interface between law enforcement and your phone and internet service providers is a shadowy place, and it’s often unclear what types of data companies are willing to provide to the government based on what types of legal process.



http://www.wired.com/epicenter/2009/03/googles-latitud/


----------



## mauvais (Apr 25, 2011)

If you were actually being investigated by the authorities, they'd have all this information - either from the telco or more likely from your bank.

If your phone fell into the hands of a criminal or some such - hello! they have your phone! - then there are so many vectors to choose from that you are in trouble aplenty.

Don't get me wrong: it's not ideal, it certainly shouldn't include fine grained timestamps, and it's great that people are uncovering this stuff - but in the end this isn't really a workable or novel privacy exploit.


----------



## editor (Apr 25, 2011)

mauvais said:


> If you were actually being investigated by the authorities, they'd have all this information - either from the telco or more likely from your bank.


But they would need a *court order* to gain access to that information. Apple's tracking file is available to absolutely ANYONE with momentary access to your phone or any of the computers you sync to.

There's already talk of US cops helping themselves to this info, no court order needed. Doesn't that concern you?


----------



## mauvais (Apr 25, 2011)

Latitude keeps logs. Admittedly I had to opt in. My Latitude dashboard tells me where I was in December, what flights I've taken, and how often I'm at work/home.


----------



## editor (Apr 25, 2011)

mauvais said:


> Latitude keeps logs. Admittedly I had to opt in. My Latitude dashboard tells me where I was in December, what flights I've taken, and how often I'm at work/home.


And that is the HUGE, MASSIVE difference. It was your _choice_ and it's protected.



> Will Google publicly commit to requiring a wiretap order before it will help law enforcement agents track a Latitude user? It’s probably fair to say that we pestered them on this point for several weeks.
> 
> Well, we‘ve now gotten word back from Google, and the news is good: Google has confirmed that its policy will be to require a wiretap order before tracking a Latitude user’s location for law enforcement.
> 
> http://www.eff.org/deeplinks/2009/03/exclusive-google-takes-stand-location-privacy-alon


----------



## Bernie Gunther (Apr 25, 2011)

Bear in mind also that mobile devices are a central terrain for various debates about universal identity credentials, see e.g. this discussion from Ross Anderson.



> If the world embraces the Apple vision of your mobile phone becoming your universal authentication device|so that your phone contains half-a dozen credit cards, a couple of gift cards, a dozen coupons and vouchers, your AA card, your student card and your driving license, how will we manage all this?



http://www.cl.cam.ac.uk/~rja14/Papers/sefa-pr11.pdf

So questions of trust and accountability around the way key vendors such as Apple and Google treat your data are pretty central to the broader privacy/security debates.


----------



## editor (Apr 25, 2011)

Bernie Gunther said:


> So questions of trust and accountability around the way key vendors such as Apple and Google treat your data are pretty central to the broader privacy/security debates.


Indeed and that is why this - which is no doubt one of the first of many such debates - is not something to be brushed under the carpet or dismissed, whether it's Google, Apple or whoever under the spotlight.


----------



## Bungle73 (Apr 25, 2011)

editor said:


> So will that tell them where your work, where you like to go walking, where you drink or (as in the case of my female Australian friend) the exact location of your gym? Oh, and unlike Apple's compulsory tracking, you can elect not to be in the phone book.


As I said, what use would that be to anyone?


----------



## editor (Apr 25, 2011)

Bungle73 said:


> As I said, what use would that be to anyone?


Why do you think privacy laws exist? Why do you think so many commentators are saying that this tracking is a bad thing? Any idea at all?


----------



## mauvais (Apr 25, 2011)

editor said:


> But they would need a *court order* to gain access to that information. Apple's tracking file is available to absolutely ANYONE with momentary access to your phone or any of the computers you sync to.
> 
> There's already talk of US cops helping themselves to this info, no court order needed. Doesn't that concern you?


Not particularly. I would imagine it's illegal or unlawful to search my phone without permission, if they did recover anything it would be circumstantial, and there are so many other ways to achieve the same goal, whatever that may be. If someone has access to my phone or computer then I am already compromised in all manner of ways.


----------



## editor (Apr 25, 2011)

mauvais said:


> Not particularly. I would imagine it's illegal or unlawful to search my phone without permission, if they did recover anything it would be circumstantial, and there are so many other ways to achieve the same goal, whatever that may be. If someone has access to my phone or computer then I am already compromised in all manner of ways.


Oh, that's alright then.


----------



## mauvais (Apr 25, 2011)

If you have my phone, you have access to my email (thus address in short order), Facebook (thus most of my friends), the texts I've sent, calls I've made, pretty much everything. That and the possibility to bug it. Being able to retrieve a cached store of cell sites I've encountered is neither here nor there at this point.


----------



## Kid_Eternity (Apr 25, 2011)

Bernie Gunther said:


> Bear in mind also that mobile devices are a central terrain for various debates about universal identity credentials, see e.g. this discussion from Ross Anderson.
> 
> 
> 
> ...


 
Indeed.


----------



## Bungle73 (Apr 25, 2011)

editor said:


> Why do you think privacy laws exist? Why do you think so many commentators are saying that this tracking is a bad thing? Any idea at all?


If this info were being broadcast around the internet they'd have a point, but it isn't.  This info is being stored on devices that only you have access to. As has been said by others there's probably far more sensitive info on your phone than that at some point point in time you visited Milton Keynes.


----------



## Kid_Eternity (Apr 25, 2011)

Bungle73 said:


> If this info were being broadcast around the internet they'd have a point, but it isn't.  This info is being stored on devices that only you have access to. As has been said by others there's probably far more sensitive info on your phone than that at some point point in time you visited Milton Keynes.


 
Didn't the guardian link above mention that Google upload this info every few hours? It's hardly just being left on our devices. And besides, even it was what's to stop Google or Apple making use of that data at a later date?


----------



## Bungle73 (Apr 25, 2011)

Kid_Eternity said:


> Didn't the guardian link above mention that Google upload this info every few hours? It's hardly just being left on our devices. And besides, even it was what's to stop Google or Apple making use of that data at a later date?


 I was talking about the Apple issue, which editor seems to want to concentrate on...


----------



## Bernie Gunther (Apr 25, 2011)

Kid_Eternity said:


> Didn't the guardian link above mention that Google upload this info every few hours? It's hardly just being left on our devices. And besides, even it was what's to stop Google or Apple making use of that data at a later date?


 
One of the issues here is data mining. Already a huge issue, particularly with Google given their unique market position. See e.g. the following Reg story about their decade-long fight with the EU over data retention 

http://www.theregister.co.uk/2010/0...still_do_not_comply_with_data_retention_laws/


----------



## editor (Apr 25, 2011)

Bungle73 said:


> If this info were being broadcast around the internet they'd have a point, but it isn't.  This info is being stored on devices that only you have access to. As has been said by others there's probably far more sensitive info on your phone than that at some point point in time you visited Milton Keynes.


So it's all a silly fuss about nothing and users are just being _sillly billys_ when they object to a secret file containing their whereabouts being stored on their phones, laptops and home computers, yes? 

In fact, if there was a "turn off this tracking now" button on your phone, you wouldn't even bother using it because there's not the slightest hint of any privacy concerns contained in the file at all. Is that about right?


----------



## Bungle73 (Apr 25, 2011)

editor said:


> So it's all a silly fuss about nothing and users are just being _sillly billys_ when they object to a secret file containing their whereabouts being stored on their phones, laptops and home computers, yes?
> 
> In fact, if there was a "turn off this tracking now" button on your phone, you wouldn't even bother using it because there's not the slightest hint of any privacy concerns contained in the file at all. Is that about right?


That's about the sum of it, yeah.


----------



## editor (Apr 25, 2011)

Bungle73 said:


> That's about the sum of it, yeah.


Thank fuck there's people who do give a shit about privacy and maintain a healthy distrust of corporations and the police. Still, enjoy your iBubble.


----------



## magneze (Apr 25, 2011)

This is the attitude that corporations such as Google, Facebook and Apple have been going for. Chip, chip, chip away until few people think or care about privacy. If you're not looking for it or not worried about it, suddenly it's gone too far but it's too late. Let's face it Google is more open because they are well aware that the full force of government is currently pointed at them. Apple will suddenly become more responsible as a result of this. However, no corporation will voluntarily protect anyone's privacy at the expense of shareholder value. It's only when that value is jeopardized (as of now, with Apple) that something will get done.

Fucked up. But true.


----------



## Bernie Gunther (Apr 25, 2011)

In fact they have a *duty* to their shareholders to violate and otherwise compromise your privacy wherever it's profitable to do so, until they've lost all the possible legal appeals against any attempts to stop them doing so or there is a such a clear case that the reputation damage to their brand outweighs the potential profits that no shareholder could conceivably argue in court that the benefits outweighed the cost (e.g. data mining the personal info of kids and selling it to pedos or something totally henious like that)


----------



## Kid_Eternity (Apr 25, 2011)

Bernie Gunther said:


> One of the issues here is data mining. Already a huge issue, particularly with Google given their unique market position. See e.g. the following Reg story about their decade-long fight with the EU over data retention
> 
> http://www.theregister.co.uk/2010/0...still_do_not_comply_with_data_retention_laws/


 
Yep, this reminds me of the controversy over them and wifi routers with their mapping operation too.


----------



## Kid_Eternity (Apr 25, 2011)

magneze said:


> This is the attitude that corporations such as Google, Facebook and Apple have been going for. Chip, chip, chip away until few people think or care about privacy. If you're not looking for it or not worried about it, suddenly it's gone too far but it's too late. Let's face it Google is more open because they are well aware that the full force of government is currently pointed at them. Apple will suddenly become more responsible as a result of this. However, no corporation will voluntarily protect anyone's privacy at the expense of shareholder value. It's only when that value is jeopardized (as of now, with Apple) that something will get done.
> 
> Fucked up. But true.


 
Yup. This is the point. It's not about format wars or fanbois it's about citizens and our rights in the face of huge corporations attempting to shape our behaviour to suit their profit margins.


----------



## Bernie Gunther (Apr 25, 2011)

Yeah, the big issue with Google vs say Apple is the amount of other information they can potentially tie this sort of stuff into when data-mining. Thanks to iTunes Apple have a lot of info on punters too, but nothing comparable on what Google have if they can tie your search history into your gmail account and both of those to your phone.


----------



## editor (Apr 26, 2011)

Updates!

Steve Jobs has apparently issued another of his huffy responses to a user:


> Q: Steve,
> 
> Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It's kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.
> 
> ...


And the inevitable US court case arrives!


> Apple Inc. (AAPL) was sued for alleged privacy invasion and computer fraud by two customers who claim the company is secretly recording and storing the location and movement of iPhone and iPad users, according to a federal complaint filed today in Tampa, Florida.
> http://www.bloomberg.com/news/2011-...r-location-data-storage-on-iphones-ipads.html


 Elsewhere,  it's been reported that government bodies in several countries including South Korea, France and Germany are investigating Apple’s location-tracking practices.

More here: http://news.cnet.com/8301-13579_3-20057175-37.html


----------



## Obnoxiousness (Apr 26, 2011)

I'm switching off my phone and leaving it in a drawer.

Just need a pocket of change and the location of any local telephone boxes, if they still exist!


----------



## Winot (Apr 26, 2011)

Obnoxiousness said:


> Just need a pocket of change and the location of any local telephone boxes, if they still exist!


 
I doubt that there's an app for that.


----------



## veracity (Apr 26, 2011)

Kid_Eternity said:


> Yep, this reminds me of the controversy over them and wifi routers with their mapping operation too.


And now it turns out you can query the Google database and see the exact location of your wifi router on the map. http://samy.pl/androidmap/ Found this link via the Guardian site yesterday. Considering that the photo Google has of my house on Google Maps is at least 18 months old, I was a little alarmed to see that they've been past my house and logged my router's MAC address in the last 8 months since I moved in.


----------



## editor (Apr 26, 2011)

veracity said:


> And now it turns out you can query the Google database and see the exact location of your wifi router on the map. http://samy.pl/androidmap/ Found this link via the Guardian site yesterday. Considering that the photo Google has of my house on Google Maps is at least 18 months old, I was a little alarmed to see that they've been past my house and logged my router's MAC address in the last 8 months since I moved in.


I'm honestly trying to think why I should find this alarming. I don't even know my Mac address, but I know that my router is broadcasting its approximate location to anyone who walks past my block. It's what wi-fi is supposed to do, so I'm struggling to see how it compromises my privacy in any way.


----------



## editor (Apr 26, 2011)

OK, here's how to find your MAC address. http://www.smallbusinesscomputing.c...hats-a-MAC-Address-and-How-Do-You-Find-It.htm
And here's my result|:


> Google has not exposed anything for 00:21:9B:2.........


----------



## veracity (Apr 26, 2011)

editor said:


> I'm honestly trying to think why I should find this alarming. I don't even know my Mac address, but I know that my router is broadcasting its approximate location to anyone who walks past my block. It's what wi-fi is supposed to do, so I'm struggling to see how it compromises my privacy in any way.


 
You're right in that anyone with a Wifi address can see if you are broadcasting your SSID, but how many people are going round compiling all this info in a database? The Guardian article suggests Google also using data from Android handsets " using them essentially as global wardriving machines" to compile this info - why?


----------



## Bernie Gunther (Apr 26, 2011)

Because the more thoroughly they violate your privacy, the more accurately they can target you with ads, so the more their ad-space is worth, which is their core business.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Because the more thoroughly they violate your privacy, the more accurately they can target you with ads, so the more their ad-space is worth, which is their core business.


As you know, I'm the first to start ranting when I feel my privacy is being comprised without my consent, but how is it being "violated" here? What privacy-compromising information might be contained within the approximate physical location of MAC address 00:21:9B:2...

(I say "might be" because Google returns zero results for my router anyway. Nothing. Nada, so this is all academic.)

Have you tried it on your router, btw?


----------



## veracity (Apr 26, 2011)

editor said:


> As you know, I'm the first to start ranting when I feel my privacy is being comprised without my consent, but is it being "violated" here? What privacy-compromising information might be contained within the approximate physical location of MAC address 00:21:9B:2...
> 
> (I say "might be" because Google returns zero results for my router anyway. Nothing. Nada.)
> 
> Have you tried it on your router, btw?


 Yes I have, and it's pinpointed my location very accurately.


----------



## editor (Apr 26, 2011)

veracity said:


> Yes I have, and it's pinpointed my location very accurately.


I wasn't asking you because you've already told us that.


----------



## Bernie Gunther (Apr 26, 2011)

editor said:


> As you know, I'm the first to start ranting when I feel my privacy is being comprised without my consent, but how is it being "violated" here? What privacy-compromising information might be contained within the approximate physical location of MAC address 00:21:9B:2...
> 
> (I say "might be" because Google returns zero results for my router anyway. Nothing. Nada, so this is all academic.)
> 
> Have you tried it on your router, btw?


 
There are a variety of potential threat models, depending who you are. 

The first thing I'd say is that when anyone starts collating information on individuals, you have to look at the _potential_ for malicious use of that info, not the best-case scenario. 

Google has 20,000 odd employees and while they may well have sensible security controls over the data that they compile, so do other organisations that have leaked sensitive data in the past (banks, cops etc) so our threat model has to take into account the possibility that any data they compile is accessible to sufficiently motivated criminals or to any cop with a warrant. 

Google (and Apple et al) also have an obligation to their shareholders to maximise profit and if a use of compiled data on customers isn't obviously criminal or so potentially damaging to their reputation that it'll hurt their profits via brand damage more than it yields in ad-sales or whatever, then they're going to do it whether you like it or not. So while they might not compile a list of sexually precocious children from search queries, tie that to personal information, phone and email, favourite chat-rooms, photos from Facebook etc, and sell the result to Gary Glitter, there's a line somewhere that they _will _cross and it probably won't be where most people would like it to be. 

Programming their phones to wardrive for MAC addresses has a couple of potentially worrying implications that I can see right off the top of my head.

First location information, like information culled off Facebook or wherever can be used to make phishing-type attacks far more plausible and effective. I've seen (and can probably dig out if necessary) some experimental data on this, but from memory the difference goes up from <10% effectiveness up into the >70% range depending on the quality of information used. If I know your street address and can tie it to all the other stuff Google knows about you, I can spoof you or your bank or whatever far more plausibly. 

Secondly, there are legal but dodgy things that info can be used for. An obvious example would be price discrimination based on street address such that you, living in a trendy area of London get charged more for certain goods or services than I would living in some shithole in the North. 

More interesting than private router MAC addresses are public ones here, a malicious node (or even better, cooperating multiple malicious nodes) can sniff or actively elicit further information from other nodes on such WLANs allowing someone controlling such a group of phones or other nodes to identify, locate and even trace the movements of individuals through areas containing a high density of accessible WLANs (such as any big city) In this way, you should be able to get a finer-grained trace on someone's movements than you get with mobile cells. Of course, if you're Google, you probably don't need to do all of that, because you already almost certainly recognise the ip address and may well have it tied to an identity, making it easy to follow it through a series of WLANs whose MAC addresses you can locate very precisely in space. 

It's pretty easy to come up with some very nasty, even deadly, threat scenarios for that kind of capability. Especially when you consider e.g. the situation of a human rights worker perhaps dealing with clandestine union organisers in Burma, gay activists in Iran or whatever. I'm sure our own dear police would also love to have the capability to trace the movements of known political activists in that way. The News of the World would also no doubt like to be able to tell which celebs were visiting the STD clinic when.


----------



## sim667 (Apr 26, 2011)

hm...... it pinpoints my location pretty dead on.

Is there anyway to avoid it, i like anonymity.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> First location information, like information culled off Facebook or wherever can be used to make phishing-type attacks far more plausible and effective. I've seen (and can probably dig out if necessary) some experimental data on this, but from memory the difference goes up from <10% effectiveness up into the >70% range depending on the quality of information used. If I know your street address and can tie it to all the other stuff Google knows about you, I can spoof you or your bank or whatever far more plausibly.


You can turn off location information on Android phones and Facebook phishing attacks are only made possible by people posting up detailed personal information about themselves and having an open profile. Mine is locked and I don't use my real name or date of birth.

I'm not the most trusting of f folks when it comes to corporations, but I really do feel that the rest of your post goes somewhat over the top, with no real UK precedents to support some of the rather wild scenarios expressed.

And I'm really not convinced by your suggestion about price discrimination being introduced by MAC address. That really makes no sense at all - it would cost companies far more to start fucking about with different, geographical-based tariffs and they'd soon come under the scrutiny of regulators for such actions.


----------



## Bernie Gunther (Apr 26, 2011)

Well, airlines do price discrimination all the time, based on demand for a flight. They don't see it as "fucking around", they see it as a way of maximising their profit. If you have the location data Google (or Apple) have, there's no reason not to try to turn it into a revenue stream that way that I can see, unless there's some applicable legislation that I'm unaware of. 

You can call the other threat scenarios I proposed 'wild' if you like, but it doesn't make them go away. Its just an argument about how probable they are in any given time and place, which in effect comes down to economics. 

How motivated is the actor in question relative to the difficulty of doing it? 

If there's a lot of money at stake, e.g. the ability of organised crime to skim bank accounts, then I suggest the motivation is high enough to try to subvert the security controls on that data. 

If it's relatively easy to do, e.g. Google/Apple/whoever using it commercially in a legal-but-anti-social way, or the cops getting a warrant to make them hand the info over, then again, it's fairly likely to happen.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Well, airlines do price discrimination all the time, based on demand for a flight. They don't see it as "fucking around", they see it as a way of maximising their profit. If you have the location data Google (or Apple) have, there's no reason not to try to turn it into a revenue stream that way that I can see, unless there's some applicable legislation that I'm unaware of.


Could you give some examples of variable, location-discriminating tariffs being applied to mainstream services in cities? I cant see any relevance in a comparison with flights, tbh.


----------



## Bernie Gunther (Apr 26, 2011)

Actually, there is one way in which Apple's retention of location data on their phones is more henious than Google sending it back to the mothership and then deleting it relatively quickly.

Currently the major area of interest for crimeware is mobile operating systems. There's been a huge explosion of attacks, although a lot of them look like proof-of-concept stuff compared to the mature web crimeware like Zeus/Spy-Eye.

By keeping that stuff on your phone for longer, Apple are facilitating location privacy attacks via subverted phones.


----------



## Bernie Gunther (Apr 26, 2011)

editor said:


> Could you give some examples of variable, location-discriminating tariffs being applied to mainstream services in cities? I cant see any relevance in a comparison with flights, tbh.


 
Obvious one is train fares. An international example is DVD prices, that's why they have that region encryption stuff, to stop people buying digital content in India and selling it in the US to arbitrage the price discrimination that's in place. 

I think that you meant *within* a city though, so I'd suggest comparing prices for similar meals between restaurants in W1 vs Colindale or someplace. There the location information is implicit in your willingness to go to that restaurant.


----------



## Kid_Eternity (Apr 26, 2011)

veracity said:


> And now it turns out you can query the Google database and see the exact location of your wifi router on the map. http://samy.pl/androidmap/ Found this link via the Guardian site yesterday. Considering that the photo Google has of my house on Google Maps is at least 18 months old, I was a little alarmed to see that they've been past my house and logged my router's MAC address in the last 8 months since I moved in.


 
Yup. Google likes to take then worry about your rights of privacy later...


----------



## sunnysidedown (Apr 26, 2011)

Location: a google maps dot


lol.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Obvious one is train fares.


Obvious how? How would Google's location information have any impact on my choice of train fares to, say, London to Edinburgh?


----------



## Bernie Gunther (Apr 26, 2011)

editor said:


> Obvious how? How would Google's location information have any impact on my choice of train fares to, say, London to Edinburgh?


 
It was an example of real-world price discrimination, which is what you appeared to be asking for. I was supporting the point that price discrimination is a real-world phenomenon, not some imaginary thing. 

If you look back to what I was actually saying, it was that Apple/Google et al collecting location information offers a *new* way to do price discrimination and this is one of several potential reasons we might not want them collecting location information on us. You appeared to be arguing that nobody would bother to do price discrimination or that it wouldn't be worth them bothering doing it based on location. 

I was showing: 

a) businesses of certain kinds regularly do price discrimination in the real world, 
b) some of them actually do it based on location,
c) that Apple/Google whoever collecting such data would offer a potentially attractive new way to do price discrimination, that many people might dislike.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> It was an example of real-world price discrimination, which is what you appeared to be asking for. I was supporting the point that price discrimination is a real-world phenomenon, not some imaginary thing.


 I was asking for some examples that bore some relevance to Google's wi-fi database and I still can't see any. 

And how am I "discriminated" against by virtue of my location when I'm booking train tickets online? I've *really* no idea what your point is here, sorry. Train tickets being priced by demand or availability is not "discrimination" and it's certainly got bugger all to do with your location, or if Google has your MAC address in its database or not.


----------



## Bernie Gunther (Apr 26, 2011)

Well the relevance to Google wasn't intended to be direct. 

It was kinda 

step 1 ... show that price discrimination based on location isn't just a figment of my imagination. That's where my examples were supposed to be helpful. 

step 2 ... show that, finding a new way to help businesses do it could be a potential revenue stream for someone who had that sort of data, e.g. Google.


----------



## Bernie Gunther (Apr 26, 2011)

Also, while your street address makes a reasonable proxy for your net worth that can be used for price discrimination and e.g. to identify people worth the effort of trying to scam in more elaborate ways, that's hardly the main concern here. 

The main concern is that your street address is a proxy for your _identity _and collating it with stuff like your search history and potentially a trace of your movements makes any number of far more nefarious things possible if Google's security controls are subverted.


----------



## elbows (Apr 26, 2011)

thought I was googling them
but they were googling me
sailing data seas
In search of privacy

location, location, location
facts of benefit to the nation
then sell it on, the price is right
and they wont put up much of a fight

Shiny and nice
tracking device
bugging device
recorder of vice

its a two way street
a double edged sword
freedom or slavery
risk or reward

Im not a poet and I dont need an iAnkletag to know it
but what hitler achieved with punchcards
makes me fear some future terror bytes


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> step 1 ... show that price discrimination based on location isn't just a figment of my imagination. That's where my examples were supposed to be helpful.
> 
> step 2 ... show that, finding a new way to help businesses do it could be a potential revenue stream for someone who had that sort of data, e.g. Google.


I still can't think of any real world applications for your curious location-based price discrimination theory, and the examples you've given thus far have been completely random and, as far as I can see, completely unrelated.

Still, elbows' poetry was nice.


----------



## grit (Apr 26, 2011)

Kinda a non story as your mobile provider can do all of this already.


----------



## newbie (Apr 26, 2011)

editor said:


> OK, here's how to find your MAC address. http://www.smallbusinesscomputing.c...hats-a-MAC-Address-and-How-Do-You-Find-It.htm
> And here's my result|:


 
no.  that tells you to type _ipconfig /all_ which will return the MAC address of the network adaptor(s) in your computer.  The Google database is of the MAC address of routers.  You need to ask your router what its physical address is.

fwiw neither of the two routers I've checked have been on the Google database.


----------



## Bernie Gunther (Apr 26, 2011)

grit said:


> Kinda a non story as your mobile provider can do all of this already.


 
Your mobile provider doesn't also have a database containing your search history to cross reference it with ...


----------



## grit (Apr 26, 2011)

Bernie Gunther said:


> Your mobile provider doesn't also have a database containing your search history to cross reference it with ...


 
No just all the sites I've visited on the phone along with all my SMS and calls, which can be debated is better information.


----------



## Bernie Gunther (Apr 26, 2011)

Depends what one is looking for, arguably your web search history is a better indicator of your sexual perversions and political affiations. 

Which if you're David Cameron and into scat-snuff-pedo-porn (as seems all too probable, given that he's both a tory and has a background in PR) it might just be newsworthy.


----------



## grit (Apr 26, 2011)

Bernie Gunther said:


> Depends what one is looking for, arguably your web search history is a better indicator of your sexual perversions and political affiations.


 
eh... what? How do you come to this conclusion.


----------



## Bernie Gunther (Apr 26, 2011)

herp/derp signifies a very stupid part of the internet. You really wanna go around wearing that like a badge?


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Which if you're David Cameron and into scat-snuff-pedo-porn (as seems all too probable, given that he's both a tory and has a background in PR) it might just be newsworthy.


So how will this all be suddenly reaching the press? Google have already stated that they would only release Latitude information on receipt of a court order.


----------



## FridgeMagnet (Apr 26, 2011)

newbie said:


> no.  that tells you to type _ipconfig /all_ which will return the MAC address of the network adaptor(s) in your computer.  The Google database is of the MAC address of routers.  You need to ask your router what its physical address is.
> 
> fwiw neither of the two routers I've checked have been on the Google database.


 
Mine was. I found it quite disturbing actually. I'd consider "abusive ex partner or PI recording the MAC address of your router and then using it to track you down after you move away" as much a threat as "partner or PI accessing your computer to find (some of) your movements".

Router MAC addresses are also generally considered meaningless and zero-threat data and ok to be passed on - after all, it's not like somebody is compiling a worldwide database of router MACs and tying them to their physical location or anything is it?


----------



## UnderAnOpenSky (Apr 26, 2011)

editor said:


> So how will this all be suddenly reaching the press? Google have already stated that they would only release Latitude information on receipt of a court order.



I've never heard of companies having information leaked or stolen, although that would be funny.


----------



## Kid_Eternity (Apr 26, 2011)

Global Stoner said:


> I've never heard of companies having information leaked or stolen, although that would be funny.


 
KoffSonyKoff.


----------



## UnderAnOpenSky (Apr 26, 2011)

Kid_Eternity said:


> KoffSonyKoff.


----------



## Bernie Gunther (Apr 26, 2011)

FridgeMagnet said:


> <snip> after all, it's not like somebody is compiling a worldwide database of router MACs and tying them to their physical location or anything is it?


 and tying them to your search history, gmail details etc.

No, it's all a figment of our paranoid imaginations. Shame on us ...

We should chill out and fap to midget porn or try to get someone whose personal details we hacked to kill themselves so we can laugh about it while fapping to midget porn .. herp/derp.


----------



## editor (Apr 26, 2011)

FridgeMagnet said:


> Mine was. I found it quite disturbing actually. I'd consider "abusive ex partner or PI recording the MAC address of your router and then using it to track you down after you move away" as much a threat as "partner or PI accessing your computer to find (some of) your movements".


I'm not entirely sure how your ex-partner would be able to search for your MAC address - could you explain this, please? - but if you were that bothered (and I really wouldn't be) then I'd simply buy another router - assuming that (a) I didn't leave the last one behind and (b) my new apartment didn't already come with one. Oh, and that's assuming that my ex-partner even knew the MAC address of the current one. 

I've no idea what mine is, and I imagine it's the same for 99.99% of online users.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> and tying them to your search history, gmail details etc.


Perhaps you'd better disconnect now. You know, just in case _they _ start tracking you.


----------



## Kid_Eternity (Apr 26, 2011)

Global Stoner said:


>


 
Yep Sony PS3 owners aren't exactly happy right now. Imagine if Google users or iPhones had something similar happen to them?


----------



## Bernie Gunther (Apr 26, 2011)

Pretty agressive stuff Ed. Why? I never conciously picked a fight with you, nor did Fridge as far as I know ... 

Here's Privacy International ... 

https://www.privacyinternational.org/article/race-bottom-privacy-ranking-internet-service-companies


----------



## UnderAnOpenSky (Apr 26, 2011)

Kid_Eternity said:


> Yep Sony PS3 owners aren't exactly happy right now. Imagine if Google users or iPhones had something similar happen to them?


 
Data theft could be far more subtle, you might never know it happened until you're spam became a lot more personalised.


----------



## grit (Apr 26, 2011)

Bernie Gunther said:


> herp/derp signifies a very stupid part of the internet. You really wanna go around wearing that like a badge?


 
Why do you think that?


----------



## FridgeMagnet (Apr 26, 2011)

editor said:


> I'm not entirely sure how your ex-partner would be able to search for your MAC address - could you explain this, please? - but if you were that bothered (and I really wouldn't be) then I'd simply buy another router - assuming that (a) I didn't leave the last one behind and (b) my new apartment didn't already come with one. Oh, and that's assuming that my ex-partner even knew the MAC address of the current one.
> 
> I've no idea what mine is, and I imagine it's the same for 99.99% of online users.


 
It's all just a fuss about nothing.


----------



## Bernie Gunther (Apr 26, 2011)

FridgeMagnet said:


> It's all just a fuss about nothing.


 
Sure it is ...


----------



## editor (Apr 26, 2011)

Kid_Eternity said:


> Yep Sony PS3 owners aren't exactly happy right now. Imagine if Google users or iPhones had something similar happen to them?


Imagine it probably will some time or another, but that's not going to turn me into a quivering wreck wondering if someone's managed to find the Wi-Fi address I'm broadcasting over Brixton.

Being online is a risk. Using a mobile is a risk. You make your choices and you choose which risks you're prepared to take, hopefully from the basis of a reasonably informed opinion. 

Right now, some people think it's fine for Apple to be keeping a secret file of their whereabouts over a year, and copying it over to any computer that their iPhone syncs with. For me, that would make me uncomfortable.  

Google also stores info but from everything I've read to date it doesn't make me as uncomfortable as what Apple is doing. The Electronic Frontier Federation's dealings with Google make me feel a little more trusting of them too. 

I don't feel concerned about my router ID mainly because it's not even in Google's database, so the threat of ex-partners hiring PIs to track me and my wandering router are very low indeed.


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Here's Privacy International ...
> 
> https://www.privacyinternational.org/article/race-bottom-privacy-ranking-internet-service-companies


That's FOUR years old. I know the risk is still there and growing in some quarters, but a four year od report is unlikely to be very illuminating.



Global Stoner said:


> Data theft could be far more subtle, you might never know it happened until you're spam became a lot more personalised.


I find the filters (incidentally, provided by Google themselves) do a very, very good job on spam. I hardly see any at all these days.


----------



## Bernie Gunther (Apr 26, 2011)

Here's Privacy International's ratings of Apple, Google and a bunch of other key internet firms

https://www.privacyinternational.org/article/race-bottom-privacy-ranking-internet-service-companies

They rate Google as most worrying, their reasons are well supported by evidence and argument, perhaps you might like to engage with the facts and logic they offer?


----------



## Bernie Gunther (Apr 26, 2011)

editor said:


> That's FOUR years old.<snip>


 What changed to make Google all fluffy and harmless?


----------



## Will2403 (Apr 26, 2011)

OK so its a shocking breach of privacy and blah blah blah...

but, is there an app for this yet?

I'd like to have a little video of my movements through the day.

The novelty would probably wear off, but it also might not.


----------



## FridgeMagnet (Apr 26, 2011)

I don't even have a bloody Android phone and my router's IP address has been scanned and tied to my geo location in the last few months (because I moved recently and got a new router).

When was it that I opted in to that?


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> What changed to make Google all fluffy and harmless?


Yeah, because that's _exactly what I've been saying _isn't it?


----------



## FridgeMagnet (Apr 26, 2011)

On the other hand, if I've got nothing to hide, what do I have to fear?


----------



## Bernie Gunther (Apr 26, 2011)

editor said:


> Yeah, because that's _exactly what I've been saying _isn't it?


 
Well, it's consistent with the standard of argument you've shown in this thread. You want to hold to a higher standard I'm game.


----------



## editor (Apr 26, 2011)

Here's a more up to date and relevant quote from Privacy International:


> Till now, the only company under the scanner for tracking users, was Google. But now, the 'oh-so-innovative' Apple's receiving the pressure. It now has to explain to its beloved users why their "cool" devices have been storing location data. The Privacy International Association has accused Apple of "astounding arrogance" over its "continued refusal to take part in any dialogue over privacy".
> 
> Eric King of Privacy International said, "Apple thinks it knows better than the rest of the industry when it comes to privacy. Other companies have faced heavy sanctions recently and now the finger is being pointed at Apple. They cannot continually refuse to engage."
> 
> Read more: http://technorati.com/technology/article/ispyapples-latest-technology/#ixzz1KfkDL1ke



Here's their open letter to Apple: https://www.privacyinternational.org/article/open-letter-steve-jobs-regarding-ios-location-file
I don't believe it's been answered.


----------



## Bernie Gunther (Apr 26, 2011)

Sure and that's totally fair enough, Apple apparently (talking to a colleague at Privacy International) don't even have someone whose job it is to worry about privacy, but why must people who want to hold Google to the same standards have to take a bunch of shit from you ed? (I mean, I accept that this is your board and you can do what the fuck you like, but it's rare for you to exercise that privilege and I'm wondering why you want to do it on behalf of scum like Google)


----------



## editor (Apr 26, 2011)

Bernie Gunther said:


> Well, it's consistent with the standard of argument you've shown in this thread. You want to hold to a higher standard I'm game.


 Your arguments earlier were confused and rambling. Your claims of Google-derived, location based, price discrimination for services made no sense at all, and I've still no idea why you were citing train tickets and airline tickets in the argument.  It's become very frustrating trying to make sense of what it is you're on about half the time, to be honest.


----------



## Bernie Gunther (Apr 26, 2011)

I'm happy to try to be clearer. Doesn't answer the question of why you want to give Google an easy ride on privacy issues though. I have no problems at all with any argument that Apple abuse privacy, but that's like saying Croatia were notably anti-semitic during WW2. Sure, it's true but there is another entity that might deserve closer scrutinty.


----------



## Bernie Gunther (Apr 27, 2011)

?


----------



## editor (Apr 27, 2011)

Bernie Gunther said:


> I'm happy to try to be clearer. Doesn't answer the question of why you want to give Google an easy ride on privacy issues though. I have no problems at all with any argument that Apple abuse privacy, but that's like saying Croatia were notably anti-semitic during WW2. Sure, it's true but there is another entity that might deserve closer scrutinty.


I'm not giving Google an "easy ride" at all - I'm simply discussing the issues as they come up.

I couldn't make any sense of your claims about Google's location based, price discrimination services stuff and so couldn't engage with them.


----------



## Kid_Eternity (Apr 27, 2011)

Bernie Gunther said:


> What changed to make Google all fluffy and harmless?


 
Well quite, Google, Apple any corporation should be treated the same when it comes to our civil rights...


----------



## Bernie Gunther (Apr 27, 2011)

Sure, and you dismissed Privacy International's analysis on the grounds that it was over a year old, but what's actually changed about Google's invasions of people's privacy since they wrote that? 

Not much that I'm aware of, other than Google finding new ways to invade people's privacy ... but perhaps you want to educate me here?

I'm all ears ...


----------



## editor (Apr 27, 2011)

Kid_Eternity said:


> Well quite, Google, Apple any corporation should be treated the same when it comes to our civil rights...


Is anyone saying any different?

What's difficult is that this thread starting discussing one particular thing and was then - against my wishes -given a title change and broadened out to include far wider and at time more fuzzy concerns. 

And as such it's become rather difficult to keep up, especially when I'm being accused of thinking that Google are all "fluffy and harmless" just because I didn't agree that the one specific scenario was a big enough personal risk to get me up in arms (not surprising, seeing as I'm not even in that database and I remain unconvinced of its PI/ex-partner attracting problems) .


----------



## editor (Apr 27, 2011)

Bernie Gunther said:


> Sure, and you dismissed Privacy International's analysis on the grounds that it was over a year old,


It was four years old._ FOUR years old._ Four years is a very very long time and things can change out of all recognition, to the point of being irrelvent (unless the same claims are supported by more modern reference material).


----------



## Bernie Gunther (Apr 27, 2011)

You appeared to be dismissing people's privacy concerns about Google Ed. Not obvious why, given that they were clearly legitimate  concerns ...


----------



## Bernie Gunther (Apr 27, 2011)

Not obvious what aspects of human nature changed over four years to make PI's analysis invalid. 

If you think you have a specific argument, by all means produce it and let us scrutinise it, but until you do, I'm inclined to assume that human nature didn't change in any philosophically significant way since 2007.


----------



## FridgeMagnet (Apr 27, 2011)

The original thread was titled "Apple's iPhone tasks users every movement and Android and others don't" (ono), which turned out to be incorrect because Android phones also track that information. The original thread starter asked that the title be changed to reflect that. In fact I didn't even go as far as requested and just removed the "and..." part and added a _questioning_ reference to other models, given that recent publicity would mean that people would be looking for "iPhone tracking" threads.


----------



## Bernie Gunther (Apr 27, 2011)

yeah but it's pretty obvious apple's main problem vs google was shit coding, they forgot to delete the cache before copying it to the mothership ...


----------



## Kid_Eternity (Apr 27, 2011)

editor said:


> Is anyone saying any different?
> 
> What's difficult is that this thread starting discussing one particular thing and was then - against my wishes -given a title change and broadened out to include far wider and at time more fuzzy concerns.
> 
> And as such it's become rather difficult to keep up, especially when I'm being accused of thinking that Google are all "fluffy and harmless" just because I didn't agree that the one specific scenario was a big enough personal risk to get me up in arms (not surprising, seeing as I'm not even in that database and I remain unconvinced of its PI/ex-partner attracting problems) .


 
Well if you don't like threads being changed by other mods without your permission I'd suggest you take it up with them. You're being overtly aggressive and displaying some disheartening levels of complacency and disregard to the notion of privacy.

The story is about a citizens rights in the face of huge transnational corporations. You appear to have been fine with that view until Google was implicated again in relation to privacy. If you don't like this thread or if it's getting too much for you simply take a break from it, no one is going to hold against you if you did!


----------



## editor (Apr 27, 2011)

Bernie Gunther said:


> You appeared to be dismissing people's privacy concerns about Google Ed. Not obvious why, given that they were clearly legitimate  concerns ...


It's a bit pointless even trying to make sense of what you're on about. 

I tried really hard with your gibberish about train tickets and Google routers and location-based discrimination but I'm afraid you just made no snese at all. 

And seeing as it's clear that you're not even reading what I've written and are just trying to misrepresent me, there's really not much point in carrying on.


----------



## Bernie Gunther (Apr 27, 2011)

editor said:


> <snip>And seeing as it's clear that you're not even reading what I've written and are just trying to misrepresent me, there's really not much point in carrying on.


 
The feeling is mutual, and it's your board, where I am a guest, so I guess I'll take this opinion elsewhere.


----------



## editor (Apr 27, 2011)

FridgeMagnet said:


> The original thread was titled "Apple's iPhone tasks users every movement and Android and others don't" (ono), which turned out to be incorrect because Android phones also track that information.


That's simply not true. The original thread was about Apple's practice of storing easily read, unprotected files for up to a year on both the iPhone and on any computer it synced to. That is NOT the same as the Android tracking. There are NO unprotected files left on computers. 



> Android devices keep a record of the locations and unique IDs of the last 50 mobile masts that it has communicated with, and the last 200 Wi-Fi networks that it has "seen". These are overwritten, oldest first, when the relevant list is full. It is not yet known whether the lists are sent to Google. That differs from Apple, where the data is stored for up to a year.
> 
> http://www.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations


----------



## editor (Apr 27, 2011)

Bernie Gunther said:


> The feeling is mutual, and it's your board, where I am a guest, so I guess I'll take this opinion elsewhere.


I'm not stopping you saying what you like, so the comment about it being "my" board is both inaccurate and spurious and, I suspect, rather loaded.


----------



## Bernie Gunther (Apr 27, 2011)

Yeah but Google have much more info to cross-reference with, e.g. your search history, so they are the greater threat no matter how horrible Apple are (and I agree that their atttitude to privacy is just appalling whereas Google at least have the courtesy to try to lie to you)


----------



## FridgeMagnet (Apr 27, 2011)

editor said:


> That's simply not true. The original thread was about Apple's practice of storing easily read, unprotected files for up to a year on both the iPhone and on any computer it synced to. That is NOT the same as the Android tracking. There are NO unprotected files left on computers.


 
"Apple's iPhone tracks users every movement". Android doesn't do exactly the same? Yes it does. You even posted that it does. Therefore the original thread title was incorrect. There is absolutely no tracking that iPhones do that Android phones don't. That was the thread title and that was why I amended it.


----------



## editor (Apr 27, 2011)

The reason why this thread has fallen apart into such a stroppy mess is because people are now trying to argue about ten not-necessarily-related things at once, and the whenever you try and make a point about one thing,  you'll get a question that involves something else that isn't necessarily-related, and of you donlt answer it then it's suggest that it's because you don't care about the issue.  It's exasperating.

As I suggested a long time ago, this thread should have stuck with the clearly defined iPhone issue and separate ones started for the sorta-similar-but-clearly-not-the-same issues.


----------



## editor (Apr 27, 2011)

FridgeMagnet said:


> There is absolutely no tracking that iPhones do that Android phones don't. That was the thread title and that was why I amended it.


And the easily searched time-stamped logs of up to a year installed onto users desktops without their knowledge? *That* was the big story and that's why just about every story about this was illustrated with a screen grab of that desktop data.

Android phones do not create such a file on desktops.


----------



## Kid_Eternity (Apr 27, 2011)

editor said:


> The reason why this thread has fallen apart into such a stroppy mess is because people are now trying to argue about ten not-necessarily-related things at once, and the whenever you try and make a point about one thing,  you'll get a question that involves something else that isn't necessarily-related, and of you donlt answer it then it's suggest that it's because you don't care about the issue.  It's exasperating.
> 
> As I suggested a long time ago, this thread should have stuck with the clearly defined iPhone issue and separate ones started for the sorta-similar-but-clearly-not-the-same issues.


 
This thread hasn't fallen apart, it's only you that doesn't seem to be able to 'keep up'.


----------



## Bernie Gunther (Apr 27, 2011)

FridgeMagnet said:


> "Apple's iPhone tracks users every movement". Android doesn't do exactly the same? Yes it does. You even posted that it does. Therefore the original thread title was incorrect. There is absolutely no tracking that iPhones do that Android phones don't. That was the thread title and that was why I amended it.


 
As far as I can tell ... 

Apple are slightly sloppier about cache handling and hence more vulnerable to crimeware, but there is more crimeware being developed for Android and Google have far more data that they can do appalling and/or sinister things with. 

Both firms are just breathtakingly, stunningly arrogant in their response to privacy concerns. 

Whatever fanboi inclinations people might have, let's take the privacy concerns seriously here, because neither firm can stand the slightest scrutiny and trying to pretend that Google can 'cos you have more emotional antipathy to Apple is just silly.


----------



## editor (Apr 27, 2011)

Kid_Eternity said:


> This thread hasn't fallen apart, it's only you that doesn't seem to be able to 'keep up'.


Perhaps you can explain the Google router/location discrimination/train tickets stuff then?


----------



## FridgeMagnet (Apr 27, 2011)

editor said:


> And the easily searched time-stamped logs of up to a year installed onto users desktops without their knowledge? *That* was the big story and that's why just about every story about this was illustrated with a screen grab of that desktop data.
> 
> Android phones do not create such a file on desktops.


 
What does that have to do with the thread title? Was any of that in the thread title? No. Hence editing the thread title.


----------



## editor (Apr 27, 2011)

FridgeMagnet said:


> What does that have to do with the thread title? Was any of that in the thread title? No. Hence editing the thread title.


The only story referred to in the opening post was: "iPhone keeps record of everywhere you go." It only mentioned Android in passing.
http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears

Anyway I can't be arsed with this.


----------



## Kid_Eternity (Apr 27, 2011)

Bernie Gunther said:


> As far as I can tell ...
> 
> Apple are slightly sloppier about cache handling and hence more vulnerable to crimeware, but there is more crimeware being developed for Android and Google have far more data that they can do appalling and/or sinister things with.
> 
> ...


 
Good post.


----------



## FridgeMagnet (Apr 27, 2011)

editor said:


> The only story referred to in the opening post was: "iPhone keeps record of everywhere you go." It only mentioned Android in passing.
> http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears
> 
> Anyway I can't be arsed with this.


 
Nothing to do with the thread title. The thing that was changed.


----------



## magneze (Apr 27, 2011)

I see where you're coming from ed, but I think that the real issue is the tracking, rather than the unencrypted file. The Sony security breach is a good example of what can happen - imagine all the data that Apple and Google have. One breach and the criminals could be selling this data to the highest bidder. Sure, people can take precautions, but many don't either through laziness or, more likely IMO, through a lack of technical know-how

The worst possible outcome for all of this is that Apple stop keeping the unencrypted data file, but still keep tracking and Google still keep their tracking too. Unfortunately, I believe that this outcome is probably the most likely scenario.


----------



## magneze (Apr 27, 2011)

http://www.theregister.co.uk/2011/04/27/windows_phone_location_tracking/

Microsoft do it too, with a unique ID to boot.


----------



## mauvais (Apr 27, 2011)

Does everyone understand the point of this, i.e. why it's collected?


----------



## Crispy (Apr 27, 2011)

mauvais said:


> Does everyone understand the point of this, i.e. why it's collected?


 
To improve location services by correlating wifi addresses, 3G cells and GPS data?


----------



## mauvais (Apr 27, 2011)

Yeah - fine grained location services without the need for GPS. Google did this at fairly high expense using the Street View cars - Skyhook did something similar. Apple & MS are out in the cold in this regard so they are having their customers do it for them for free. It's not tracking per se although it raises plenty of issues.

I ask because very few reports explain this.


----------



## Crispy (Apr 27, 2011)

http://www.apple.com/pr/library/2011/04/27location_qa.html

Some clarifications


----------



## Kid_Eternity (Apr 27, 2011)

Yep that's just breaking over the AP now...be interesting to see how this plays. Sony's huge breach of info due to hackers has added another dimension to the issue of privacy and user info that Google, Apple, Microsoft keep...


----------



## Kid_Eternity (Apr 27, 2011)

This bit stood out:



> *4. Is this crowd-sourced database stored on the iPhone? *
> The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. *We plan to cease backing up this cache in a software update coming soon (see Software Update section below).*



And this...the data centre plans hinted at?



> 8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
> Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.



Interesting that Apple are claiming such a strong privacy stance:



> 10. Does Apple believe that personal information security and privacy are important?
> Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.


----------



## editor (Apr 27, 2011)

Kid_Eternity said:


> This bit stood out:


It's Apple quaint way of saying, "shit we fucked up/got caught out! Let's stop doing it now without admitting any wrongdoing on our behalf at all,"


----------



## editor (Apr 27, 2011)

Here's another take on their announcement:


> Apple Finally Admits iPhone Tracking and Promises Software Fix
> 
> Sam Biddle — In a surprising move, Apple's broken their silence on the iPhone location tracking controversy with a Q&A press release. Most notable: they admit the massive data cache goes too far, and will be fixed in an impending software update.
> 
> ...


----------



## magneze (Apr 27, 2011)

But, as expected, it's just the local log that they are cleaning up, not the vast location database to which no-one realised they were populating.


----------



## Crispy (Apr 27, 2011)

But if the data in the larger database contains no user ID information, then the privacy concerns are reduced. And seeing as the local database contains entries not just for places you've been, but places in a wider area, so that location services work well in those places, the ability to tie your phone to any particular location is even harder than thought.


----------



## mauvais (Apr 27, 2011)

> These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple
> 
> ...
> 
> The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone


What they appear to be saying is that consolidated.db, with its timestamped locations, is *someone else's data*. Your own location is sent over the air separately in order to build the larger database. OK, the two might overlap (i.e. you might download your own submitted records), but for the most part it is only a cache of the wider area you've been in, which has _some_ privacy implication but a very weak one.

This (if true) leaves me feeling that the technical approach is not unreasonable, and the security research that supposedly revealed this is pretty poor.


----------



## Crispy (Apr 27, 2011)

mauvais said:


> This (if true) leaves me feeling that the technical approach is not unreasonable, and the security research that supposedly revealed this is pretty poor.


 
Ditto


----------



## editor (Apr 27, 2011)

Here's a real world analysis of how accurate the tracking was:


> Averaging entries with the same timestamp comes remarkably close to the phone’s actual location, but only if reception is good and cellular towers are dense. Averaging a random sample of consolidate.db entries with late-night timestamps yielded coordinates only 690 meters from the actual location of my apartment. The average of a block of entires on a Saturday gave me coordinates only 630 m from my girlfriend’s house. Both of these locations have great reception and are moderately-dense suburban neighbors. On the other hand, averaging entries during the week put me a full 8.1 km from the actual location of my office. We have terrible reception in my office, so this is not too surprising.
> 
> http://tomstokes.wordpress.com/2011/04/21/preliminary-analysis-of-the-iphone-location-log/


----------



## magneze (Apr 27, 2011)

I agree that technically it's a pretty clever approach, but maybe the engineers were too hung up on what they could do rather than what they should do.

Without this publicity would anyone have realised that either their phone was periodically sending location data to Apple servers or that they had apparently agreed to this? We can only now say that the security research is "poor" due to hindsight. The fact that the researcher has made Apple come clean on what they are doing and has motivated other researchers to check out both Google and Microsoft and found them both wanting means that to my eyes the research is not poor at all - objective achieved.


----------



## Crispy (Apr 27, 2011)

editor said:


> Here's a real world analysis of how accurate the tracking was:


 
That analysis was from 5 days ago, before we knew that the data was not just from your own phone but was a consolidated download of surrounding 3g cells and wifi networks. So while it does give a fair impresion of how accurate the non-GPS location services on the iphone are, it doesn't have anything to say about how much actual 'tracking' was going on.

I think it's good that apple has come clean about what exactly is going on, but I still criticise the the original research for announcing that effectively "apple tracks your every move" when this wasn't actually the case.


----------



## editor (Apr 27, 2011)

Crispy said:


> That analysis was from 5 days ago, before we knew that the data was not just from your own phone but was a consolidated download of surrounding 3g cells and wifi networks. .


How do you know for sure that this is what is actually happening?


----------



## Crispy (Apr 27, 2011)

editor said:


> How do you know for sure that this is what is actually happening?


 
It makes sense from the reporting on the subject I've read. The fact that each wifi/3g cell is only listed once each. Apple's explanation.


----------



## editor (Apr 27, 2011)

> It’s worth noting that although Apple claims the excessive location-data storage method is a bug, the company recently filed for a patent that describes a location-gathering method in which the iPhone’s database file does not remove location history entries until the location database becomes full.
> 
> http://www.wired.com/gadgetlab/2011/04/iphone-location-bug/


----------



## elbows (Apr 27, 2011)

Apples words certainly explains why the data from my iphone was very vague when I analysed it using that app (I dont live in a city).


----------



## editor (Apr 28, 2011)

Hmmm...



> Other handsets perform similar tasks, but Apple yesterday denied tracking users and claimed that only a bug in the system was causing the phone to store location data on handsets for up to a year. Even data detailing which cells and Wi-Fi hotspots were in range need only be kept for a week, the company said.
> 
> Yet this appears to contradict a patent application for “Location Histories for Location Aware Devices” that Apple filed with the US Patent and Trademark office in September 2009.
> 
> ...


----------



## editor (Apr 28, 2011)

South Park have got in on the act!

http://gawker.com/#!5796522/south-park-takes-on-apple-steve-jobs-in-season-premiere


----------



## Kid_Eternity (Apr 28, 2011)

You can watch the episode here: http://allsp.com/l.php?id=e210


----------



## sunnysidedown (Apr 29, 2011)

very good/detailed article here:

http://www.macworld.com/article/159528/2011/04/how_iphone_location_works.html

good reading for the less hysterical.


----------



## editor (Apr 29, 2011)

Some chancers are now trying to sue Google for $50m over Android 'tracking':



> The two Michigan-based HTC Inspire 4G-owners said in their complaint, which was filed on April 27th in Detroit, that they've been tracked "just as if by a tracking device for which a court-ordered warrant would ordinarily be required." Naturally, they're seeking $50 million in damages, along with a court order to force Google to stop tracking owners of their Android devices.
> 
> They're going to have a tough time over this one, unlike the iPhone owners, because Google actually asks users to opt-in to the "collection, sharing and use of location," according to Google, which said "any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.
> 
> http://gizmodo.com/#!5796968/google-sued-over-android-phone-tracking


----------



## Kid_Eternity (Apr 29, 2011)

sunnysidedown said:


> very good/detailed article here:
> 
> http://www.macworld.com/article/159528/2011/04/how_iphone_location_works.html
> 
> good reading for the less hysterical.


 
Interesting read...


----------



## r0bb0 (May 1, 2011)

http://articles.economictimes.indiatimes.com/2010-10-18/news/27588759_1_telcos-home-ministry-data-centresall operators to install advanced tracking devices on every cell tower in the country to pinpoint the location of any individual within 50 meters of accuracy.


----------



## Sunray (May 4, 2011)

They have just fixed it in the latest update, 4.3.3.


----------



## Kid_Eternity (May 11, 2011)

*Apple and Google scolded by US politicians over mobile data*

Looks like both of them have been grilled over this.



> "I believe that consumers have a fundamental right to know what data is being collected about them," said the Democratic senator Al Franken from Minnesota at a hearing of the new senate judiciary subcommittee on privacy, technology and the law. "I also believe that they have a right to decide whether they want to share that information, and with whom they want to share it and when."
> 
> Franken, chairman of the subcommittee, added: "I have serious doubts about whether those rights are being respected in law or in practice."
> 
> ...


----------



## magneze (May 12, 2011)

Nice to see politicians getting to grips with this properly - ie: not seeing it as fixed just because the location data is not stored locally. The bigger picture is what is sent to servers.


----------



## Kid_Eternity (May 12, 2011)

magneze said:


> Nice to see politicians getting to grips with this properly - ie: not seeing it as fixed just because the location data is not stored locally. The bigger picture is what is sent to servers.


 
Yep, interesting it's being taken this way too...


----------



## Kid_Eternity (May 19, 2011)

*European Union may place tougher privacy restrictions on Apple*

Looks like this issue isn't going away...



> A new statement from the European Union could lead to greater restrictions on the handling of location data on mobile devices for companies like Apple and Google.
> 
> EU privacy officials published a nonbinding opinion this week stating that users must be given "clear, comprehensive" information about location data, according to Bloomberg. The opinion comes as data protection officials in Europe continue to investigate the iPhone location services controversy that recently erupted.
> 
> The new EU opinion states that information collected through Wi-Fi and location services is considered "personal data." Such a classification would make the data subject to EU privacy rules.


----------

