Slashdot Mirror
Apple Lays Out Location Collection Policies
itwbennett writes "In a 13-page reply (PDF) to questions from Congressmen Ed Markey of Massachusetts and Joe Barton of Texas, Apple said iPhones running OS 3.2 or iOS 4 collect GPS data and encrypt it before sending it back to Apple every 12 hours via Wi-Fi. Attached to the GPS data is a random identification number generated by the phone every 24 hours. The information is not associated with a particular customer and Apple uses the data to analyze traffic patterns and density, it said. Apple collects such data from customers who have approved the use of location-based capabilities on the phone and who actually use an application that requires GPS."
Wow, a new ID every 24 hours, huh? Am I supposed to be impressed? What do you think, are they deliberately creating "anonymizing" measures they can circumvent, or are they just retarded?
Let's just assume it actually works as they say and there isn't some easy way to link the random ID the real phone. Say, by web server logs. Duh.
If I get 24 hours, I get where you woke up this morning and where you'll go to bed tonight. I almost certainly know where you live, and then I know where you were all day. The lat/long itself during stationary periods especially at night is an identifier.
If you guys are comfortable letting Apple or anyone else have this, it's just because your brain hasn't digested what it means yet. Don't worry, wait for the first few scandals. It will take a few years - maybe long enough for every asshole company to start doing this. But it will get easier to understand.
This response by apple is an intelligence test for Congress and for the American public. Sharpen your pencils, let's see if you pass...
Tired of Political Trolls? Opt Out!
Amen, Barton. Obfuscation through walls of text is a scummy way to slip clauses past consumers.
Too bad congress does it every day with Federal legislation.
Apple collects such data from customers who have approved the use of location-based capabilities on the phone and who actually use an application that requires GPS."
So basically there is a 13 page document that someone should read when prior to initially powering on the GPS?
Most folks and if I'm honest, myself included would not assume that my using and navigation program would have in any way constituted my intention to let Jobs know where I am and what I am doing.
What's interesting to me is how much this company lies to people and yet so many folks defend them. Take this situation for example, is it true that Apple has buried a "technically" accurate description of that they are doing in their T&C's? Most assuredly. It is also assuredly true that it's written in such a way that the laymen would be oblivious to the fact.
Based on that, there will be many out there who say, Jobs didn't then and fuck you if you ever call him a liar!" To these people I must ask, where do you come from?
I was raised to know that deliberately trying to deceive a person for group of people, whether I use technically accurate information or not, is still lying. I recon these are the same folks who discipline their children with a harsh time-out and no PS3 for 6 hours.
Still, it is indicative of our culture.
I just read a story about exactly why Apple would want to collect that data. Seems there's been a bit of a tug-of-war between Apple and AT&T on that very subject and it looks like iPhone customers are caught in the middle of it.
My blog
So what happens when stolen phone IDs are correlated with their GPS locations? Individually, they might not make much sense, but surely a concentration of stolen phones at a singular location could perhaps help solve issues identifying the thieves?
No. It transfers the data via WiFi. Don't tell me you didn't even read the summary?
My blog
Seems it would be hypocritical otherwise, had I not kept it short and simple. =)
But hey, here's your chance, the opportunity to issue a cutting remark of your own if you feel it's so necessary. Unless imamac beat you to it.
There's a spot in User Info for World of Warcraft account names? Really?
Amusingly enough this has been finally mentioned, but what I've been thinking the most is how many applications use my GPS data for something other than just pointing out my location? Nearly ever major app has this now--particularly restaurant locators and movie theater locators. But you gotta wonder how many of them are collecting that GPS data.
I don't really see much wrong with it, it's far more accurate than "zip code" location that are otherwise used in marketing
True enough, but Apple is in a market that is rapidly evolving and what is "absolutely necessary" is far from settled.
There is no way to verify what they're telling us, because the software is not free.
True enough, but Apple is in a market that is rapidly evolving and what is "absolutely necessary" is far from settled.
Sure- I work for a company which, whilst different, is in a very similar environment. I'd rather amend and update a policy / document, as needed, with the aim of maximising clarity and relevance for any given time, than bundling everything in upfront, on the basis that it might, one day, be relevant - I don't think a consumer / user benefits from this approach.
When did it become so fashionable to become so vehemently confused?
They know where you live, so they can correlate it with your GPS coordinates at night. Then they know every single step everyone takes all day long.
And yes, in case you read the book and were wondering, that actually is worse than anything Orwell imagined Big Brother could have in 1984.
Tired of Political Trolls? Opt Out!
My nephew recently tried my Android app called, "Speed Limit".
It wouldn't work on his phone because he didn't have GPS enabled.
I asked why?
He said, "Big Brother".
Who do I write to to DEMAND that jobs quits logging ANYTHING related to location?
This will ruin location apps!
Traffic patterns are studied by the Carriers. Whats next? HTC monitoring, Motorola monitoring, Opera monitoring?
After 5 years of reading slashdot, I am writing a letter on this one. jp
If the data sent is more than one packet, I'd be shocked.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Looks more like AT&T is pleading with Apple to be kind and Apple is telling AT&T to stuff it.
I also found this part particularly funny. Talk about a difference in corporate environment...
Remember when it was discovered that iTunes was sending anonymized playlist data back to Apple for market-research purposes? Everyone on /. (or nearly so) cried "Big Brother!". But, here we are five years later, and I defy you to find anyone who has had their ACTUAL privacy or identity compromised by that policy.
Apple has a pretty good track record of respecting users' privacy and identities. If no one can demonstrate that a EIN-type identifier or actual phone number can be extracted in less than a lifetime, then STFU.
BTW, the holy Google does a LOT worse things with your data, everytime you use Gmail, Google Docs, or simply do a frickin' SEARCH. I don't see people fleeing away from them.
Fry: "Since when is the internet all about robbing people of their privacy?" Bender: "August 6, 1991".
And please, no jokes about that episode being about the iPhone!
Clarity (or simplicity) leaves too much room for loopholes that are not in the corporation's favor.
That's a commonly-held view, for sure. Perhaps I am the only lawyer who believes otherwise - but I don't think so. In terms of a very simple example, I'm pleased to have stripped down a set of terms and conditions for registration for our developer portal to a few bullet points, rather than pages of text - to my mind, the increase is risk is very low, and the business agreed.
(Under English law, a lack of clarity is construed against the party seeking to rely on the lack of clarity - a rule known as "contra proferentem".)
Amending stuff after people bought it is worse than having a dense legal paper upfront. What if people don't agree with your amendments? Should you be allowed to force them? I don't think you should, they already bought it and you agreed to offer them the product with that policy.
Dilbert RSS feed
Um, they already know where I live. That would be the address where my phone bill arrives. It's also the billing address of the credit card I used to sign up with iTunes. But holy shit, now they know the same thing with GPS! It's like 1984 or something! AAAGGHHHH!!!
You seem to be missing the point. Apple specifically indicated to Congress that they anonymize location data by assigning a unique random ID every 24 hours. Presumably the goal is to disassociate your location information from the details that Apple already knows, i.e., your name and home address. That way Apple can claim they're not collecting data that would actively violate a user's privacy. More specifically, the theory is to prevent Apple (or someone malicious who obtains the database) from associating "a phone at some series of locations throughout the day" with "John K. Oodaloop at 4945 Spring Place". If this anonymization actually works, then customers can rest easy that they're not carrying an active tracking device with them all day that's recording their movements into a long-lived and possibly ill-secured database.
Clearly this is what Apple would like Congress to believe, anyway, and that's why they're "anonymizing" the data in the first place.
The grandparent poster is pointing out that Apple's anonymization really stinks, and that with some very minimal data mining you should be able to easily de-anonymize it and link those phone movements with the phone's owner. As you point out, Apple already has your billing address (which is likely to be your home or work), so this de-anonymization should be especially trivial. Therefore one can't really credit Apple with anything significant when they say they anonymize your data.
In my mind the fear is /not/ that Apple will track me and sell ads (hey, non-stupid advertising would be an improvement). It's that this data will never ever go away, and will eventually find its way into the hands of third parties who aren't so interested in my well being. For example, it might wind up someday being sold to third party "marketing" agencies, and then eventually to firms that do credit reporting, private investigation, background checks, etc. Mobile phone companies already seem perfectly content to sell my call logs this way, so this isn't without precedent. Or else it will be written to a hard drive that might someday be carelessly thrown away without being properly wiped (after all, the data is "anonymized", so why worry?). While my movements are generally pretty uninteresting, I don't love the idea that by carrying an iPhone I'll be constantly leaving a trail of potentially long-lived breadcrumbs that may never, ever go away.
And no, this isn't limited to Apple. Once it becomes accepted practice, you can be more or less certain that any device with an Internet connection and GPS (which will be a lot of devices in the future!) will be doing the same thing.
Actually it is far from clear that Apple is doing anything different, but either way it strikes me as quite a high risk approach in a common law system.
No, it's not scummy when congress does it. They're protecting us. The walls of legislative text are actually a defense barrier, shielding our precious little minds from harmful truths. And let's be realistic, we wouldn't understand the truth anyway.
/* MAGIC THEATRE
ENTRANCE NOT FOR EVERYBODY
MADMEN ONLY */
Not to mention that the Congressman apparently suffers from AADD if he can't read through a 13-page report written in more or less plain English. And, yes, I did read the linked PDF file. It wasn't exactly gripping but I had no problem getting though it.
Actually, I think he's talking about Apple's Privacy Policy - which is as long as it is due to requirements of the law.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck