Slashdot Mirror
Steve Jobs: 'We Don't Track Anyone'
fysdt writes "There has obviously been a lot of discussion about last week's disclosure that iOS devices are maintaining an easily-accessible database tracking the movements of users dating back to the introduction of iOS 4 a year ago. The issue has garnered the attention of US elected officials and has played fairly heavily in the mainstream press. One MacRumors reader emailed Apple CEO Steve Jobs asking for clarification on the issue while hinting about a switch to Android if adequate explanations are not forthcoming. Jobs reportedly responded, turning the tables by claiming both that Apple does not track users and that Android does, while referring to the information about iOS shared in the media as 'false.'"
Apple has now been hit with a class-action lawsuit over the location-tracking issue.
Not one specific person, anyway. More like "everyone". See the difference?
Then why did they come out with a statement last week saying they *had* to track users to give them the best experience? I'm not buying what Steve's selling.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Is it even important whether Google does it or not? It's still wrong.
If you're talking about information being sent to Apple then it's a "no". But if you define it as recorded locally, then "yes".
My take on it is, the device is tracking me, but Apple is not. Anyone know the specifics on the CA/NY law regarding "tracking"? If these are truly "consumer protection laws", then they should be referring to Apple, not the product you've purchased and is in your possession. I don't need a law to protect me from my PHONE.
I work for the Department of Redundancy Department.
...and we can see you're holding it wrong
And you're wearing the same T-shirt 2 days running
He thinks your attention span is so low that ... hey look a puppy.
Holding-it-wrong is the perfect solution to the problem.
"Place me in the company of those who seek Truth, but deliver me from those who believe to have found it."
"The location data is often far removed from a user's location. Schlesinger says he thinks it may be picking up cell towers and WiFi hotspots, neither of which will necessarily be that close to a person with a phone. Schlesinger and Levinson both say the tracking would not be much use in finding a certain person. The real issue is that the file is unencrypted when it is synced to another device.
Read more: http://www.ibtimes.com/articles/137806/20110425/apple-hit-with-class-action-suit-over-tracking.htm#ixzz1KZcOlnsG"
This line is kinda hazy if you ask me. This is an intricate problem, and I don't know that many of us understand the exact implementation well enough to really make much sense of it. Does the cell phone report the data? Is the data used? How is the data used (I'm perfectly fine with my phone being able to *quickly* find a nearby pizza joint)? Is the information they collect in real time or delayed (I don't care as much about them knowing where I was 6 months ago as today)? Surely unencrypted transmission of important data should be stopped, but I'll defer to Microsoft to explain why we accept security flaws sometimes. Apple provides services based on knowing where you are. They know where you are, how are they using it? I'm not sure. I'll wait for official statements.
It has meanwhile been debunked that this file tracks the location of the iPhone. It draws a map of locations of cell towers. The positions in this file are not the position of the iPhone when the user used a location app, the positions are the locations of the cell towers the iPhone saw in this moment. This is pretty clear now. The cell tower ID is the UNIQUE ID of the database, there are only clusters of tower locations saved at the same time with locations miles apart and NONE of these are the actual position of your phone.
Some real world testing: http://www.willclarke.net/?p=247
And yes, this also paints a rough picture of where you used location services, because only the stations around the places where you used location services are in this database. But: The stations are miles around your real position and since there is no signal strength info saved triangulation is not possible. I have found stations recorded that were up to ten miles away from my true position and hardly any stations nearer than half a mile (you'd need to stand right under a cell tower and use Google Maps there to have the position of the iPhone and the tower match by accident, so this happens almost never and the data shows exactly that).
So: The iPhone builds a local database with a network topography map and never throws it away. If it would throw that info away it would need to ask external databases (of Google or SkyHook) instead to learn the coordinates of the towers that it sees. By doing so it would neccessarily TELL these providers where it is.
Basically you have the choice of your phone tracking you (very roughly) in an internal database or have someone else providing an external database and by this tracking your phone. The iPhone does the first, Android does the latter (and Android even sends the Unique Device ID along). Believe it or not, but technically Jobs is right. The iPhone tracks you in an internal database, but with Android Google tracks your phone in external databases.
I don't expect many people to understand that though. Even with much explaining to basically neutral people hardly more than 5 of ten understand how positioning works and what it implies. Or what a "Unique Device ID" is.
Just as an example: Android sends along the Unique Device ID and the Carrier User ID when sending you location data to AdMob customers. iOS (iAd) sends a random ID that is generated twice daily on the iPhone. What's more wrong?
And I'm really curious how you want to have fast positioning without knowing the positions of cell towers. Either the phone saves the positions in an internal database (as the iPhone does) or it has to ask external databases every time. And if your phone asks Google's or SkyHook's servers where the cell towers are that it sees, Google/SkyHook then know where you are. You have basically the choice of your phone tracking you in an internal database or have others track your phone in their database. This is somewhat similar to local storage for documents or storing it in the cloud: In the first case someone stealing your phone can get at your documents. Put them into the cloud and someone else already has them.
I just can't believe that "nerds" are complaining that the iPhone tries to lessen the dependence on external services by building an internal database of cell tower locations. Yeah, if someone steals your iPhone he can see roughly where you have been at least once. But then he also has your address book and your call and SMS history and your browser history and all other data on it. So remote wipe it immediately and be done with it.
"And then you proceed to not back up your claim with any actual data."
"The difference is I'll bet from an Android app I could read that cache and from iOS you cannot."
Well, I wish you had backed up your claim with actual data, as you say.
Author of the tool that reads android's location file says: "You will need root access to the device to read this directory." Which means you can't do that with an app. ;)
To make things even funnier, its *almost* the other way around. From your desktop, any app could read your iphone's location data from any of your iTunes backups.
Apple claims that a database of all the wifi or cell transmitters your device has seen - in order to store your "location history" - is patentable, and have filed US Patent Application 12/553,554 to that effect:
http://www.scribd.com/doc/53886728
So if Apple doesn't do location tracking, and Android does, why is Apple trying to patent it?
Hey guys, you know that profitable thing you think we've been doing? You know, the one that causes bad press. We're totally not doing it.
-Guy that's being accused
Help fight spam
You're quoting the bit about Location Services, and when you turn those on, your phone's location is identified for ad services. What Apple is saying here is that the ad services never get to know who they're serving to, and Apple does not store this data either. They could, based on uid, but they say they don't.
The database of cell tower locations has nothing to do with this, other than that it is updated when Location Services is used.
The issue here is not "Apple is tracking me" -- it's "Apple is storing the timestamped location of towers I've been near while using Location Services, and they're backing this up to my computer in the clear without notification."
Everything else is just noise.
You're quoting the bit about Location Services, and when you turn those on, your phone's location is identified for ad services. What Apple is saying here is that the ad services never get to know who they're serving to, and Apple does not store this data either. They could, based on uid, but they say they don't..
They even couldn't. The ID iAd sends along with the location data is a random ID that gets generated twice daily on the iPhone. This is just enough to serve the right iPhone with local ads, but that's it. It's not a user ID and not a phone ID and it changes twice a day.
Now, AdMob (Google):
"AdMob will automatically collect and receive information about those visitors such as, but not limited to, browser identifiers, session information, browser cookies, device type, carrier provider, IP addresses, unique device ID, carrier user ID, geo-location information, sites visited and clicks on advertisements we display."
Don't ask for companies you can trust. Ask for implementations of privacy-related technologies that don't require you to trust them.
You will need root access to the device to read this directory." Which means you can't do that with an app.
Unless your Android device is rooted, which is common. Which means you can. Oops! Your bad.
No, apps run on a rooted Android device don't run as root.
They mean anonymous as in it isn't directly tied to your name.
It turns out they even explicitly explain this. Not quite as clearly, of course, but, from the Apple Privacy Policy again:
We also collect non-personal information -- data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
* We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used...
So, yeah - the unique device ID is gathered along with your location, and this is considered "non personal information" - a.k.a. anonymous information.
So I suppose what Jobs is saying is, technically, true: Apple isn't tracking you. They're just tracking your phone.
You are in a maze of twisty little relative jumps, all alike.
Regardless of what you may believe about Steve Job's contributions to the world and to personal computing, you really can't deny that he's a pretty big asshole (maybe not a "total" asshole, but at least an 85% asshole). Here we have him simultaneously slinging some rather deceptive mud at Android while simultaneously lying totally.
Apple tracks you. There's a file. It's created. It keeps track of all the locations you've been to. That's tracking, Apple is doing it. Therefore, Apple is tracking you. End of discussion.
Now what Apple might NOT be doing is *collecting* the tracking information they gather. They may simply leave it to rot on your phone without gathering it to a central location and parsing it. That does not mean Apple is not tracking me; it just means Apple does not know where I am. There's a big difference there, but both things *matter*. If Apple is tracking me, that means the record exists -- whether Apple has it or not is the only point of concern. The mere fact that it exists means that it can therefore be used against me by LEA, malicious software, and thieves. The record should not exist, but it does, and Apple needs to own up to that mistake and fix it, or acknowledge it and make it public knowledge. If Steve Jobs says "Apple does not track you", then he is explicitly and blatantly lying. If he wanted to address Apple's intent, or practices, or whatever -- he could, but saying that Apple does not track me is tantamount to saying that the file does not exist -- which is provably false. In short, it's a lie.
Does Android track people? Sometimes. If you run maps, it forwards that location data to Google which is anonymized and used for traffic pattern analysis etc. It does not track me all the time. Latitude does, but that's opt-in. Without enabling latitude, there's no personally identifiable record to be stolen/subpoenaed/abused. Moreover, unlike Apple, we know Google does this because they say so. They do not hide it, they put it front and center, and explain why they do it and how to opt out of it.
i've been messing with http://petewarden.github.com/iPhoneTracker a bit. its pretty interesting. i'm just wondering what triggers the coords to be stored. it has places i have been at for more than a few minutes - home, work, in-laws home, mall, etc. but nothing for the routes in between (i have a 45minute drive from home to work) so is it triggered by calls made? specific times of the day? after X number tower changes? does anyone know?
Using location services triggers this. Like, using Google Maps or taking a photo (which gets location data embedded) or one of the myriad other apps that need location data. You see this indicated with an arrow in the status bar. If you don't use anything that needs location data, no location process is triggered and nothing is there to be saved.
Who would have thought. I care about my privacy, but I see no reason to ditch my iPhone 4 over this: 1. It's not accurate 2. It doesn't get sent to Apple 3. Even if it did get sent to Apple, they can use that information to better manage their cell-tower connection code or what have you, I see that as a Win for the consumer. Seriously, it's like people complaining that their credit card keeps track of the date/time/location of their purchases (which I'd be MORE worried about, with the amount of money I spend in liquor stores!).
Oh nos. now the coppers now where cell phone towers are. Wait cant you normally see those from a couple of miles away.
PS I've sat on a jury and listened to testimony from Michigan State Police cell phone experts. Ummm lets just say you need not worry. These guys are just rank amateurs that took a seminar. They have no knowledge of technology what so ever. If anyone that reads Slashdot was arrested based on these guys work has no fear. Anyone here could cross examine these guys into a puddle of goo.
Guys,
Both IOS and Android were written by programmers, who tend to LOG EVERYTHING.
I provide a vertical, niche market web-based software stack. If somebody asked me if I was tracking them, I'd chuckle and say "No". Because I'm not. I don't care much what users do, we don't do any data mining, it's your data, so why do I want to look at it?
I'm far too busy fixing bugs and tweaking features to care about mining data! Which brings me to my point: we have extensive logs and can look up every button click, image download, or file upload/download/transfer, going back for years. We've only used that data for fixing bugs, and occasionally for forensics. (EG: at legal or administrative request)
So we aren't "tracking" anyone, but just about everything is logged. And ALL INTERNET BASED PRODUCTS ARE LIKE THAT. I know sure as anything that /. logs my IP address article details, and a few other nifty bits of data everytime I do *anything* *at* *all* here.
News would be proof that Apple is doing something with this data, which I honestly doubt. But even so, there are a million ways you give up your identity every day, online, even if you are "anonymous".
In fact, your actual identity may not matter. Much of what marketers want to know is the various correlations between the different things you are interested in. If you bought a specialty folding bike, what else did you buy? In this light, your name/address is largely irrelevant.
I have no problem with your religion until you decide it's reason to deprive others of the truth.