Slashdot Mirror
Apple Logging Locations of All iPhone Users
An anonymous reader writes "The Guardian reports that researchers have found a hidden file on all iPhones, iPads and any computers to which they synchronize, logging timestamped latitude and longitude coordinates of the user since June 2010. A tool is available on their website to check on your own."
Surprise!
Tracking people's whereabouts is truly evil. Wait until the divorce lawyers start subpoena them for location data to help their clients.
Do you really need to invoke a government conspiracy? This is Apple we're talking about.
Look again. There is no link to upload anything only a link to download the application.
What good reason could they have for pulling something like this? I know, I know, I'm not thinking creatively and/or cynically enough. Give the caffeine an hour or so.
This is why I'm quite happy with my N900. No carrier lockability, no Big Brother bullshit, and it's a better phone to boot. As the longtime owner of two Power Macs and a 4G iPod (you know, the kind that can run RockBox, that alternative firmware that you guys hate so much) I feel compelled to tell you, Apple, to get bent.
Help protect civil rights from abuse by the TSA - visit TSA News Blog.
http://www.tsanewsblog.com
Still surprises me how everybody accepts that kind of cryptototalitarian shit while saying while saying "OMG SHINY APPS!!!". Next thing you know, the economy is down for good, the chinese take over, then nobody cant say crap while they get painfully raped up their sociopolitical collectives arses. Fascism? There's an app for that!
-- Home is where you eat your heart out.
So you're telling me if someone physically steals my phone or computer, and is able to break the passwords, they can see private info about me? NFW!
I assure you all that if someone were to do that, I'd have a lot more to worry about than my PC or phone giving up my travel habits.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Evil? Then what word do we we use for the Einsatzgruppen and serial killers?
Let's put away the hyperbole before the language no longer means anything, K?
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Why were the people who own these products not informed? (or why was the informing done within miles of legal jargon that is the user agreement?) I have a BIG problem with this as I believe that us Canadians still have some privacy laws left.
Yes. It uses cell triangulation, so it's still tracking with GPS switched off. The researchers' website has a very informative FAQ. Also, as their app illustrates, with this data on the phone, *any* iphone or ipad app has access to this, not just Apple themselves. It's a privacy nightmare.
The phone logs the data for some reason.
This is then backed up when the phone is backed up.
It is never sent to Apple.
Really.
I mean, there are millions of things on the iPhone that checks your position. It gets embedded in photos. It gets uploaded to somewhere whenever you start the App you use to order pizza or check phone-directory.
Also, if Apple wanted to find you they would just send a "find my iPhone" ping to the phone.
This is a local list saved to the phone only (and then backed up).
It would be nice to know why it is there, but it does not really worry or surprise me.
It's not like someone is going to break into your house to steal your iphone location logs. Besides, if my phone or ipad gets ripped-off, It may actually help to reveal where the thief's travels took him. Possibly implicating other theives. I think it's good that Apple is thinking ahead this way. Everyone can be an active participant in crime fighting.
Maybe this will even be enough of a deterrent that the 'other' handset manufacturers will adopt the same strategy for their devices. It could mean the end of technogadget theivery altogether. Also, this is a perfect example of an instance where Apple has pioneered another idea which will change the world to make it better, but they will never get the credit for it. Steve invented the Linux kernel you know... He and Chuck Norris.. it's all over the internet, go read it for yourself.
boycott slashdot February 10th - 17th check out: altSlashdot.org
It's impossible to determine where this data has been sent. Any app has access to it. Access to this file itself is not logged. It could be sitting on the hard drives of any number of app producers.
From the FAQ:
negative points for me =/
You fool! This is Slashdot. If we're not seeing the End Of Freedom lurking in every shadow then the terrorists have already won!!1!!2!!
Apple has a service that allows you to find a lost or stolen iPhone. Presumably, the phone logs its position so it can upload it when asked. Nothing scary here, though the fact this data is available means people will try and extract it. My guess is that the next iOS release will wipe this data every seven days or so.
They are either at the Apple Store, North Face or Star Bucks. Done.
Though it is a very fine distinction, Apple isn't receiving any of this information, it's simply being stored.
From the Article
As bad as some may play it, without Apple receiving this information it's simply information that is stored, not "Big Brother"/Apple monitoring your every move.
DEMETRIUS: Villain, what hast thou done?
AARON: Villain, I have done thy mother.
Shakespeare invents 'your mom'
If it is being collected you can guarantee it is being sent, how and when is another question entirely. Never mind the privacy implications with respect to other people that may have access to your PC, or law enforcement suddenly knowing everywhere you've been over the last indefinite period.
But of course, no one has any rights before American Corporations.
I've checked the data on my iPhone and it's crap. Zero hits on my apartment, zero hits on my office. Hundreds of hits on places I've never visited. During a trip to the UK, I seem to have visited locations arranged on a one-kilometre grid covering most of Yorkshire and Lincolnshire -- which is odd, because I just went to my sister's house. Good luck using that for anything worhwhile.
Apple fanbois couldn't stop bashing Google's wifi tracking, meanwhile saying Apple's ethics are superior. I for one can't wait until lawyers get a hold of this. Karmic retribution.
That brings me to an interesting point, / . is just "the ramblings of socially-inept, technology-literate news-mongers".
Okay I'm all for explaining why this is bad, but why the fuck do we insist as a group using the example of a private eye tracking down a cheating spouse for the purpose of divorce as a reason to take privacy concerns seriously? The average citizen is going to be like "Oh well I don't have to worry about that, I have nothing to hide from my spouse!" even if they are lying to themselves. The political and social leadership will be like "well then don't cheat and you'll be fine!"
WORST... EXAMPLE...EVAR...
Here's some better examples for this specific situation:
1) A burglar determining a pattern when you aren't home so they can rob your house.
2) A stalker determining the best place to attack you
3) Someone who doesn't like you smearing your character publicly simply because your phone walked by a strip club (he must have gone in, he's a sinner!!!), even though 2 blocks away is the hospice you volunteer once a week at.
Let's try to come up with better examples that make people actually care please?
"All great wisdom is contained in .signature files"
you kidding? Apple labels this a feature! Do you not remember that mobile me thing which tracks location? Tracking location on a cellphone is pretty trivial anyway, since you're continually connecting to cell towers it's not hard to place where you are/where you are going, generally. I believe there was a study of this from some politician in germany recently.
There's a big difference between telling a web site, or an app, where you are at this moment -- which is what the article you link to is about, and what Android/Blackberry do -- and keeping a log of everywhere you've ever been, without telling you.
There is no evidence that this data is being sent to Apple or anyone else.
As the article illustrates, any app you install has easy access to this data.
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
The file contains only unique wifi spots seen over time period, each once. In my case, that is 12k different wifi basestations, but any repeated travel is unlikely to see those points again..
mini ~/temp/x/library/caches/locationd>sqlite3 consolidated.db 'select * from WifiLocation' | wc
11907 23814 257383
mini ~/temp/x/library/caches/locationd>sqlite3 consolidated.db 'select * from WifiLocation' | cut -d '|' -f 1 | sort | uniq -c | egrep -v ' 1 '
mini ~/temp/x/library/caches/locationd>
Nothing to see here, move on..
-- pending
Well it certainly sounds bad if you just read the headline, but let's think though this. It seems that the phone tracks the location of the cell towers it's been connected to in a file on the device. The data is not sent anywhere, it's just living in a file. That file then gets copied to your machine every time you do a sync (since a full backup of the phone is also made at the same time).
So the question comes down to: what's the purpose of the file? Does it exist for a legitimate reason? Or something more sinister? Since the file is never sent anywhere, it's hard to see how Apple directly benefit here. Perhaps it's actually just a location services cache file or something (designed to be consumed by any application that then relies on the location service), that doesn't ever get cleared for one reason or another.
Actually come to think of it, it's the CARRIERS that benefit from this data, not Apple. It's not storing your GPS location ... just the location of the cell towers you've hit. So it's giving, essentially, a map of network load caused by your phone. Aggregated with other phones, this would be pretty interesting information to a carrier, you'd think. Perhaps carriers wanted Apple to do this kind of logging? But again, since the data isn't sent to anyone, it's still hard to see how this could be useful for anything other than a legitimate reason related to the phone itself (e.g. caching your previous locations so that it can more quickly use AGPS to pinpoint you again).
With their phone data slurper tools (Michigan State Police Could Search Cell Phones During Traffic Stops), they could get your location database in a couple of minutes.
I just dumped the file from my iPhone and imported it into a Google map. I had to check out the source code to the tool at TFA to figure out that the dates are based on an epoch of 2001-01-01 and not the usual Unix epoch date.
I'm looking forward to using this feature to help me track my location. Since the phone is already doing this "for free" it's not going to "cost" me any more battery power to use this log. It's not as accurate as GPS, but it's accurate enough for my needs.
Once I've got a cron job setup to offload the file from my (jailbroken) iPhone 3GS to a box on my network I'll work out how to wipe the file on the device after each upload (so that the device isn't carrying around weeks or months of my position data).
The Attitude Adjuster, I hate me, you can too.
Frankly, the borg analogy applies more to Apple than Microsoft these days just because Apple has a wider presence, and non-fanboi's tend to think the follow the same path as "resistance is futile".
That brings me to an interesting point, / . is just "the ramblings of socially-inept, technology-literate news-mongers".
I am just looking into the file.
The database contains also a huge list of access points.
basically it seems that for each and every WiFi network the iPhone "sees" (not only if you join it, and even if the network is hidden)...the toy stores the Mac Address of the access point, timestamp of detection, coordinates (including height and accuracy), speed, ...
See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
Mine contains >50000 entries, basically I have the entire WiFi Map of Milano.... nice but, isn't this what Google was fined for doing ???
Interestingly, each and every iPhone user is doing the same "crime" committed by Google,, but unintentionally (and no, this does not seem to collect packets).
Andrea Cocito
/var/root/Library/Cache/locationd/consolidated.db
http://www.hollowdepth.com
There's only one way to see if the data is sent somewhere: it's to monitor the iPhone's input and output over an extended period. To my knowledge, no one has done that. In other words, we simply do not know whether this data is sent anywhere - and there are absolutely zero protections against it being sent. However, the way the data is stored, and the way the data is connected per user instead of per phone (being migrated across if you switch phones), makes it seems like presuming that Apple is being totally clean with this is very very naive.
True, but even if it was being sent to Apple, I don't think it's particularly useful to them. Remember - it's logging the location of the cell towers you hit, not YOUR actual location. Given that there's only one cell tower every couple of kilometres in most areas, this is not particularly 'high resolution' data.
I've used the tool linked in TFA to examine the data on my own iPhone and you couldn't really figure precisely out where I lived or worked from the data. Only the 'general area' (e.g. 'oh the northwestern suburbs of city X'). Your phone company logs this data too as a natural consequence of providing you with service, and frankly I don't trust my phone company any more or less than Apple.
Agreed that Apple should probably address this issue (explain what the file exists for, and perhaps patch it so that you can turn it off/expire the data after X days etc.) It's mildly concerning but not enough to worry me too much. If it were logging exact GPS-derived location on the other hand, rather than cell towers, that would be bad.
(PS. the data is only connected 'per user' insomuch as you can restore an iPhone backup taken from one phone, onto another phone, if you so desire. It's not specifically being linked to you or your Apple account ... it's just that you are restoring an image taken of one phone onto your next phone, which happens to include this file. The 'new phone' becomes the 'old phone'. You may actually be a completely different user ... though that's unlikely in practice, since who's gonna use someone else's backup to restore their phone?)
Actually come to think of it, it's the CARRIERS that benefit from this data, not Apple. It's not storing your GPS location ... just the location of the cell towers you've hit. So it's giving, essentially, a map of network load caused by your phone. Aggregated with other phones, this would be pretty interesting information to a carrier, you'd think. Perhaps carriers wanted Apple to do this kind of logging? But again, since the data isn't sent to anyone, it's still hard to see how this could be useful for anything other than a legitimate reason related to the phone itself (e.g. caching your previous locations so that it can more quickly use AGPS to pinpoint you again).
Nice logic. Except that the carriers already know with great precision where you've been anyway. They run the towers you connect to, remember?
Next, they'll be sharing it with their 'partners', and using it for direct advertising. You've already agreed to it in the terms.
Obviously you are not an iPhone user, being intentionally disingenuous, or you have not been reading how pissed off the "partners" are about Apple locking up privacy. Any app or content purchase explicitly asks if the purchaser wants to share info, and he must affirmatively approve of it each time. The idea that iPhone users have already agreed to sharing info with partners in advance is total bullshit, and any iPhone user could tell you otherwise.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
As much as I hate to admit that the crazies are right, these things really are Stalin's wet dream: mobile devices are a wonderland of surveillance hardware. It's past time to push back on this, hard. That means two things:
1) free and open-source operating systems and
2) a public policy framework that makes this kind of data logging so terrifying and risky for companies that they really would prefer you to have control over your phone.
Here's the best shot I've seen at the software side of this:
http://arstechnica.com/open-source/news/2011/04/for-paranoid-androids-guardian-project-supplies-smartphone-security.ars
Since every cell phone can be, and is, tracked by tower, why do you only point to Apple? The feds or which ever agency can go right to any cell phone company and get tracking information on any cell phone. They don't need Apple or a database in a cell phone to get that data. They go direct to the tracking source - The cell phone company. They're tracking you all the time the phone is turned on. Not to mention, this is nothing new. It's been going on for years, well before iPhones were even being sold. A local cop I know showed me that back around 2004. And with the Patriot Act (such as it is) tracking became standard.
Or better yet, what if its sent to ATT or whoever your carrier is now?
Uh, AT&T (or whomever is your carrier) already knows everywhere your cell phone has been.
In times of universal deceit, telling the truth gets you modded -1 Troll
disapprove off
This is why it is a always a bad idea to be a spelling/grammar Nazi. You always end up being a hypocrite. The parent poster's comment was criticizing content of your post, which was worthy of criticism.
You don't even seem to understand the difference between illegal and evil. Here is a hint. They are not synonymous.
Let's see herea device I control that already knows my location because it's a sensor platform logs it. And it transfers it only to a computer I control. If I don't encrypt that file, and my computer is given to others, they can read it. Big deal. Is there nothing else on your computer or phone that's sensitive? Wouldn't the most basic of security practices be to keep your computer under your own control and not hand it out to others?
If there was evidence a location log was actually going to someone, then there would be something to talk about. Apple haters always seem to drum up a problem or conspiracy out of thin air. They'll speculate how Apple _could_ transmit the file somewhere - missing the point that Apple could transmit all your email to their servers, or your contact info, or really anything on any device. Same goes for any device manufacturer. At some point, it's just moronic - either you trust your device, or you don't. If you don't, you don't buy it.
I'd be more wary of trusting a device where the customer is an advertiser rather than the end user, but to each his own.
I suppose if you say no to the request then they would not be able to slurp data off of your phone without a court order.
It appears the ACLU asked the department to confirm that was the rule, they wont. I have been pulled over for 10 MPH over the speed-limit, and had my car searched, items taken, and my pockets cleaned out without any permission (other than I opened my door to get out when the officer asked me to.) When asked, the officers response was more or less, "so sue me." but I can't they were protected by a superior ruling from a judge that no warrant was required, because they first saw a "weapon" (softball bat well out of my reach). The extent of reaction I had available, was I could get the items excluded with the help of a lawyer from court (but the charges were dropped immediately after I requested a jury trial, no items were ever returned to me.)
Basically you will know you lost control of your cell phone, you wont see that he opened up the plastic bag your items went into, and slurped all from your phone. You will have no proof to do any legal recourse... (FYI my case was one where I had the same first and last name of a convicted felon this officer had previously had interactions with, even though the other was 2' shorter, and 100pounds lighter than me.)
I just got an 'attaboy' from this super-hot girl I've been into for a long time and got with my boss. I can't say I'm very happy about either.
Dude, there are AT commands to list *ALL* cell towers in range, the phone always knows its position.
The db levels are always known for each tower.
The info about its toweres ID is known.
The info about how many 'packets' away the tower is known every second.
Overall accuracy is not like GPS but isnt bad, and get be good when used while you are moving.
No power is used.
Even a 1997 GSM phone has at commands to get this data, but only now we have the power/storage to Store and compute Lat/Long.
Go google 'at commands for cell tower info'
I even used this my self years ago to record cell tower codes to a rolling CSV file every 10 seconds.
Liberty freedom are no1, not dicks in suits.