Apple: "We must Have Comprehensive Location Data"

An anonymous reader writes "Apple's iPhone 3G, iPhone 3GS, the iPhone 4, and iPad models are keeping track of consumers whereabouts. Mac computers running Snow Leopard and even Windows computers running Safari 5 are being watched. But the question is why? 'To provide the high quality products and services that its customers demand, Apple must have access to the comprehensive location-based information,' Apple says."

So, who's the "customer"?

[GodfatherofSoul]

Your users or world governments?

Re:So, who's the "customer"?

[perbert]

Your users or world governments?

Advertisers.

Re:So, who's the "customer"?

[wireloose]

Exactly. Google's facing lawsuits from around the world for collecting "private" data. Does Apple face the same issue?

Re:So, who's the "customer"?

[icebike]

At least Apple buries the fact somewhere in some deep EULA (I guess). Google didn't ask anyone when it collected WIFI data, nor does it ask for permission when people use google's search engine (or 90% of the other sites on internet that have google analytics)

Well Hello there, Mr Double Standards Guy, Nice for you to drop by.....

Apple buries the fact >> Google Didn't ask permission? How are those even CLOSE to the same thing?

Let me fix it for you:
Apple Didn't Ask Permission. Google tells you right up Front.

Go to Google.com. Right there, mid screen is a Privacy link.
Click it and read. I'm astounded you've never seen this page before. Flabbergasted actually.

And were you TOTALLY UNAWARE that Google gives you all the tools you need to CONTROL what info they keep about you? I'm astounded.

And why is it suddenly about Google? Apple is the one leaving years worth of tracking data on the phones
and transmitting it secretly to headquarters with no way for you to opt out.
 

Re:So, who's the "customer"?

[Minupla]

I believe what the OP was referring to was:
http://www.priv.gc.ca/media/nr-c/2010/nr-c_101019_e.cfm

In this case it was Google street view cars driving by. obviously in this case the people's whose privacy was impacted had no opportunity to agree to a EULA

Now I will agree that the cases may be completely different, but I think thats what the OP was getting at.

Re:So, who's the "customer"?

Riiiiight, because governments are rushing to validate the statements of irrelevant slashbots (myself very much included) by disappearing them?

Maybe not the disappearing part but other than that it's spot on. Remember the case in which the FBI put a GPS logger on a students car because of some harmless commet on a blog? Yes, that is actually what "they" do.

Also, remember the case of the hacked playstation in which Sony subpoenaed the identities of all commenters for a video? It's not only governments that go after mere commenters.

Paranoid tinfoil hat wearers can't come up with conspiracies fast enough to catch up with reality.

Re:So, who's the "customer"?

[icebike]

I didn't say Google wasn't transmitting your location back to Google. I said they weren't doing it secretly.

You can make a setting right there on you Android phone to turn off location information.

There is NO EQUIVALENT in the iPhone.

Come on! Stop with this argument that just because others are doing it Openly and Above board, its ok for Apple to do it on the sneak.
Would you accept that same argument from you child?

Re:So, who's the "customer"?

[dragonhunter21]

Google has their privacy statement mid-page on the front page of their site.

Apple has it buried inside their EULA.

Stickin' with Google for this one.

(also, that streetview thing was an accident- Google didn't use any of the information. Heck, Google was the one that brought that problem to light- if they hadn't, we probably wouldn't have a clue.)

Re:So, who's the "customer"?

[hedwards]

I'm sorry, but you don't have a reasonable expectation of privacy if you're broadcasting it in clear text for anybody to intercept. The reality is that no matter how they choose to spin it, it's really easy to accidentally intercept communications when they're not encrypted.

Next thing you'll tell me is that it's illegal to tape notes for yourself in public because somebody in the background might accidentally be audible while you're making a note.

Re:So, who's the "customer"?

[RoFLKOPTr]

Mistake != Malice.

Err, how do you accidentally collect WiFi packets on platform whose ostensible purpose is to take photographs, and transmit them back via some other means (3g most likely) entirely?

They were mapping out WiFi network locations to assist with location services. A terrestrial GPS-like system, if you will. The Street View team basically included an old experimental bit of code in their WiFi system which, unbeknownst to them, actually recorded from all categories of publicly-broadcast WiFi data. They only intended to record SSIDs and MAC addresses of access points. They had no payload data from encrypted WiFi networks (if you have a password on your network, it is encrypted) and they had absolutely no data at all from encrypted networks not broadcasting an SSID. They wanted to delete the data they recorded as soon as it was discovered, but that data was at that point recognized as evidence so deleting it would be very illegal. They were basically forced to hold onto it until authorization from authorities allowed them to rid themselves of it.

So now you understand the purpose of what they were doing and that they had made a mistake. Do you not agree that Mistake != Malice?

Re:So, who's the "customer"?

[Minupla]

I'm not telling you anything, but the law tells companies: (http://www.priv.gc.ca/information/guide_e.cfm) which requires commercial entities to follow certain best practices in collecting information that may contain Personally Identifiable Information (including consent for the specific uses to which it is going to be put, retention, encryption, etc)

If you're doing business in Canada it is your responsibility to know this law and Google violated it. Its not about how easy it is to collect the information, it is about ensuring you have the legal authorization to do so. Just because you CAN do something does not make it legal to do so.

Min

Min

Re:So, who's the "customer"?

[dzfoo]

Are you dense? The Wi-Fi standard allows for the encryption of payload, while the headers are always sent in the clear, regardless of whether users secured their networks or not.

Most people were not aware of this, and rightfully thought that setting their networks to be "secure" was enough to provide privacy. These people had a very reasonable expectation of privacy.

Google took advantage of this fact and logged SSID's, MAC and IP addresses of every wireless network it encountered, regardless of security status. It then used this information to map the precise location of each transmitter. Moreover, this information is used to detect the location of any user who happens to come from such networks, and all done without the consent or even knowledge of most users.

              -dZ.

Re:So, who's the "customer"?

[HeavyDevelopment]

I assume that you have never owned an iPhone. Turning off location services is pretty simple actually: 1. Navigate to the iPhone's home screen. 2. Locate and open the "Settings" app, the icon that looks like a gray set of gears. 3. Select the "Location Services" menu item, which is usually the fifth item from the top. 4. Turn off all iPhone location services by changing the "On/Off" switch next to "Location Services" to "Off." You can also fine grain which apps are allowed access to that info and which ones aren't. If someone hasn't owned an iPhone you wouldn't know the process of what permission is asked and when. By default location services is turned off and you are prompted to sign off that you understand what you are doing when you turn them on. If you choose to ignore what that means or bypass it, that's your fault. I'm not an Apple apologist, but don't state something as fact when it isn't.

Re:So, who's the "customer"?

[Archangel+Michael]

Car Driving down the road collects data is sees (hears) while driving down the road, and you complain about "data" that is spewing forth from random houses being "private"?

Funny world you live in. Don't want your data spewing forth, then don't use WIFI or at least encrypt it.

Don't like those options and you want everyone to ignore your public data? Yeah, good luck with that.

Re:So, who's the "customer"?

[ScrewMaster]

How is this acceptable to the myriad people who expected privacy from setting the secure bit on their routers?

"Stupid is a stupid does, sir." You get what you pay for, and if you can't be bothered to learn the rudiments of the technology you use, you shouldn't be using it. And "privacy" is a loaded term: Google wasn't cracking anybody's system, wasn't logging private information, wasn't breaking any encryption, they were logging plaintext broadcasts.

If you don't want even that minimal information tracked then turn off your goddamn router, or encase your premises in screen wire. And in any event, this is about Apple: we've already beat Google to death on this one.

Still no answer.

[El_Muerte_TDS]

Still no answer to why they need that information.

Re:Still no answer.

[Stan92057]

For them and there partners to sell us stuff they think we want or need for our own good. I don't own an apple anything so this doesn't affect me directly but it will when every corporation starts to keep a track of us. Until the day comes when congress puts a leash on theses spying tactics,its only going to get worse. And as history teaches us it will take an act of congress to stop it. I don't want to be followed for advertising purposes. thats a service for THEM not us. anything like this must be opt in as we see it takes security experts to even find out there following us.

Old news.

[romanval]

This article is referencing a reply Apple wrote on June 2010.

Re:Many apps require location services by design,

[infosinger]

My apps don't need to know where I was last year.

Think of the users

[nolife]

Apple is doing it for the users regardless if they want it or not. Why not give them the ability to purge the data let them delete or purge the data regardless if they want it or not. It could be simple option somewhere that does not take away from the pristine user experience.

I call bullshit on the whole thing anyway. A database of where I was last week/month/year has very little benefit to advertisers. Any benefit it does have is far overshadowed by the users personal privacy of having that data available to Apple and whoever else can access that info. What if my bank account balance was available to them, sure, it would help advertisers but what is the downside to my privacy to give that info up?

The users do not want this.

Re:That smells like

Bullshit!

No it's not. That information is needed for the "Find-A-Homo" app. Th Republican's are really big on that app - don't know why. And the "Find-A- Public-Restroom" app.

I don't have time to find the sites. Today is worship the Chocolate Rabbit and Egg day.

Praise be the Easter Bunny - who the Jews killed and ate.

No excuse for lack of encryption.

[metrometro]

I will concede the debate that permanently logged location information is required to run the features consumers want. I think it's false, and I think it's about iAds, but I'll concede it.

However, the lack of encryption or even simple hashing on this database is inexcusable. Unencrypted copies stored on every computer an iOS device syncs to! Inexcusable, irresponsible, sloppy software. A product which flings around my private data that way is a broken product, regardless of which features it offers. This is a stalkers dream. This will appear in every divorce court (That database is jointly owned property!). This will be used to bully and out gay college roommates (Physical access to your desktop? Yup). This will be used to keep tabs on employees work habits (Have iTunes on a work computer? Burned).

Apple made terrible software, and they are now informing us that they will continue to do so.

Re:No excuse for lack of encryption.

[schnell]

Why on earth would you have iTunes on a work computer?

You may need to have it if your employer uses iOS products. iTunes is required to activate an iPhone (or iPad), as well as for backing up the on-device storage and doing certain other things. I have a work-issued iPhone and I'm actually required to have iTunes on my work PC for syncing the iPhone and loading on corporate-signed apps from outside the public app store.

Re:Many apps require location services by design,

[pla]

Obviously many apps for the iPhone REQUIRE location information because that's the whole point of the app.

They need to know my current location. Period. My every step for the past six months, not so much.

Not to say I can't think of uses that do need to record your movements (apps like jogging logs come to mind), but those don't apply to the vast majority of people and, once installed, can do their own - user initiated - tracking.


If you feel differently, then click the "don't allow" button when prompted.

Does the iPhone actually have such a button (in general, not just relating to tagging pictures)? If so, I would agree with you that this amounts to nothing but clueless end-users. I do not suspect that as the case, however.

Re:What? Me Worry?

[NFN_NLN]

I couldn't care less if Apple, a private investigator, or the US government knew my precise location 24/7. I'm not cheating on my wife, I'm not wanted by the FBI, and I'm not hiding from the IRS. So why would I give a shit?
 

You're obviously a moron so no amount of logic is going to change your mind. After all the information is already out there and you've chosen to ignore it so far.

Once everyone is logged and cataloged then police don't have to do their jobs anymore. Defense will change from "innocent until proven guilty" to "guilty until proven innocent based on a preponderance of the evidence". It has already happened, the most famous being finger prints. Finger prints are unique but matches are usually based on a few key markers. There have been plenty of cases where paper pushing monkeys blindly accept these key markers in cases to convict people. They had to hire professionals at their own expense to fight the system.

I just hope your iPhone whereabouts a linked to a high profile murder with no other suspects. The police will be pressured to get a conviction and with no other leads they will ride you like a $12 hooker trying to get you to confess... guilty or not. Sure you will most likely be found innocent, but that's after thousands of dollars in legal bills and having your like turned upside down.

The police government employees AND they're lazy. I wouldn't want them having this information. It's probably the first database they'll mine for leads rather than getting off their asses.

Why the timestamps ?

[redelm]

So Apple is beginning to reply over this blackeye. Excellent. Other posters have asked "who is the customer?" and that is a perfectly legitimate question. There ought at least have been some sort of consumer opt-out ala "DO_NOT_TRACK".

But beyond that, even granting _arguendo_ legitimacy to targetted advertising, what possible useful purpose do the detailed timestamps serve? A file with locations (when different from previous) would be equally as useful. Timestamps are for tracking & snooping, not local service advertising. If that were even ethical.

This argument is relatively important to Apple -- they might well be accused of "unauthorized access to computing systems" (aka cracking) unless they can show the tracking is somehow essential to the access they have been authorized (OS & app services). Just because they're a mfr/OS vendor does not grant them automatic permission to do what they want. The law is not written that way, and penalizes those whose use exceeds the owner's authorization.

Re:Hmmm

[Frosty+Piss]

"By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data to provide such products and services," Sewall's letter reads, citing Apple's End User Agreement. News? Not really. Unless you totally ignore the EULA. None the less, it is there.

Re:Hmmm

[index0]

"But look, you found the notice didn't you?"

"Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the EULA'."

Re:fsck you apple, and google

[macslas'hole]

I've looked at the table from my iphone. Its primary key is the tuple {MCC, MNC, LAC, CI}, which, if you google for you will find, is the "Cell Global Identity (CGI) identifier". The table has one entry per CGI. Each record has a timestamp, coordinates, and error estimates. The timestamp is not the time at which the cell was last encountered. The table has large chunks (weeks) of time missing. This is especially true when I am not traveling. There are many records from around my home and work, but most do not have recent timestamps. Apparently, new records are added as the phone encounters new cells. This does not appear to be a continuous process as there are gaps in space between clusters in cell-rich areas I have travelled through. Also, there are records from places over 100 km from where I've been.
From this data, you can get a rough estimate of when and where I have been. But the more often I visit an area and/or the longer I am there, the less precise in time the estimate becomes. Combine this with data points that can be 100 km off, and the position becomes untenable that this is a log of your whereabouts.
Apparently, Android logs the last 50 cells encountered *AND* sends this log to Google.

FUD

[brunes69]

All location tracking in Android is totally optional, in fact you are explicitly asked if you want to enable it the first time you turn on your phone, there is no way to even skip the question.