Apple Updating iOS To Address Privacy Concerns

wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."

hmm..

[amalek]

It's been a long week of high-profile fuck-ups.

Re:hmm..

It's about time the US started another war to distract people.

Re:hmm..

[tripleevenfall]

No kidding, starting wars, economy in the toilet, gas prices skyrocketing we either need a distraction or a new President.

(what? we just got a new one a couple years ago?)

Re:hmm..

Didn't you hear? The *WHITE* iPhone is coming out tomorrow!!!!!! The line forms here!

Re:hmm..

[Hal_Porter]

Obama has said that ground troops are "out of the question", so I'd expect a full on land invasion in a few days.

Re:hmm..

The only people/places/countries left to go to war with are ourselves. From all the rhetoric coming out of our political parties, that scenario is starting to look plausible.
But what has this to do with Apple not noticing that they were storing all this information. Unless, perhaps you were trying to distract us concerning shenanigans at Apple Inc.

Bug?

[recoiledsnake]

Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case. It seems to be a design decision to cache locations to speed up look ups the next time, so would've been considered a feature. Not encrypting the data, on the other hand, seems to be a genuine oversight. But no wonder they want to call everything a bug, what with the government breathing down their neck with Congressional hearings.

Re:Bug?

[mangino]

Almost all bugs would be caught by a single testcase if you thought about writing it. Most often the problem is that nobody concerned the scenario and though to write a testcase. While it could be mailicious, it could also be just an accident.

Re:Bug?

[fuzzyfuzzyfungus]

I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...

Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.

Re:Bug?

[SvnLyrBrto]

Not necessarily a bug... it could have been a simple oversight. Just look at everything that's in /var/log on a vanilla UNIX/Linux installation. Unless you go in to your configurations and specifically dial things down, there's quite a lot in there that some nefarious party could exploit to get a very good idea of what you're doing on that box.

Re:Bug?

[IAmGarethAdams]

As Phil Karlton once said

There are only two hard things in Computer Science: cache invalidation and naming things

Re:Bug?

[Spykk]

Invalidating the cache is easy. Just call m_cacheThisIsTheLocationBasedCacheThatSpeedsThingsUp.MakeThisCacheSoThatItIsNotValidAnymore(); Naming things on the other hand...

Re:Bug?

[kdogg73]

Wasn't a design flaw in software once called a "turkey"?

Re:Bug?

[intheshelter]

Yeah, except you don't know WTF you're talking about. The file is NOT sent back to Apple.

Re:Bug?

It never sent that data back to Apple.

Re:Bug?

[blueg3]

Not encrypting the data, on the other hand, seems to be a genuine oversight.

To what end? In order to make use of the data, the encryption key would have to be stored on the phone.

Re:Bug?

Not if the bug is in the requirements. You can't test for something if there is no requirement for it. One of the biggest failures of how agile/XP methodologies are implemented, they skimp on the requirements documentation.

Re:Bug?

[fuzzyfuzzyfungus]

From Apple's own flack piece...

"3. Why is my iPhone logging my location? The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Re:Bug?

[dzfoo]

Pay attention now, that's a different set of data. On one hand we have the "consolidated.db" file which Apple now has stated is a sub-set of the full database of network access points they have. On the other hand we have data of new network access points (or updated data of old ones) that is collected by the phone and sent anonymously to Apple.

Why would Apple send themselves a file that they sent you in the first place?

Moreover, they are not sending this data back silently. A year ago they explained in detail which data the phone sends, under what circumstances it sends it, and how to stop it from sending it. Notice that updating the local "consolidated.db" file when Locations Services was off is identified as a bug, while sending collected data anonymously is in fact disabled when you turn off Locations Services.

        -dZ.

Re:Bug?

[dzfoo]

Actually, it is even easier than that. Just call:
      c1.f(foo); // foo = current timestamp
I agree that naming things could be improved.

          -dZ.

Re:Bug?

[Belial6]

Since Apple states in their 'explanation' that they are collecting the data, using it, and intend to use it more in the future, it is pretty hard to rationalize it as a bug or an oversight.

The only oversight on Apple's part would be in not hiding the fact that they are tracking users well enough.

Re:Bug?

The oversight wasn't that they were collecting. The oversight was that the phone didn't erase the file when the user turned off Location Services, which Apple admitted and said they intend to correct.

Re:Bug?

[mangino]

I don't know that I agree with this. I've worked building software for more than 15 years and I can tell you that the likelihood of somebody accurately capturing something like this in a requirements document is very close to zero. After all, this isn't a feature we're talking about, it's an implementation detail of a performance optimization. The requirement would likely be something like

"Must be able to detect a location within 0.2s if wifi is active or can locate at least 3 cell tower ids"

the rest is how the programmer chose to make it work. If you are creating requirements to the level of detail needed to fully specify purge behavior of a cache database, you're never going to finish your requirements document.

Re:Bug?

[dwandy]

I thought there were two hard things in Computer Science: cache invalidation, naming things and off by one errors.

Re:Bug?

[fermion]

Many bugs are design decisions. Either someone decides to implement a feature using particular rules, or decides not to check input, or decides not test for a particular event.

For instance, buffer overflows involves a design decision not to test boundaries. Many would blame the language or the complier for this, but in fact is the developer. The compiler or language does not do this because it was inefficient on older machines to have this overhead even when it was not needed. it was left up to the developer to implement these procedures when it was needed, either as code that would not run in production, or single instance code that would not be efficiently run in production. The decision not to do such checks is a design decision made by the developer, possible a good and defensible decision until someone hacks the code.

Re:Bug?

[soup]

All right, so they'll encrypt it...

Who gets the keys?

Who would *you* trust with the keys?

Re:Bug?

It's not a bug if is actually patent pending...

http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220110051665%22.PGNR.&OS=DN/20110051665&RS=DN/20110051665

http://slashdot.org/story/11/04/26/1758220/iPhone-Tracking-Ruckus-Ongoing

Re:Bug?

[node+3]

I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...

No, it's by design. And Apple takes privacy seriously. This is consistent across all their products. iTunes, for example, has features which send data to Apple, and they are all opt-in, and Apple makes it clear that the data is collected anonymously (for example, Genius recommendations).

In fact, Apple is one of the few companies that I think really take privacy seriously. Part of this is due to the sense of responsibility the people running Apple have (in numerous interviews, Jobs and others have stated how they feel a sense of responsibility to their users and their employees, etc.), and part of it is due to the fact that, unlike almost every other high-profile tech company (Google, Facebook, etc.), the end user is the actual customer and selling their personal info would be killing the goose that laid the golden egg.

Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.

The data is anonymous. Your cell provider collects and analyzes it. Your ISP does. Your bank does. Every service analyzes usage data for their particular service to know where to put their resources and to provide a better user experience. On the iPhone, this is no different. The only thing that's really concerning, or "dodgy", is if this information is personally identifiable. Having a full history stored on your iPhone is problematic. Backing up even a small cache is problematic. If the information is sent to Apple with your name or number or perhaps phone serial number is troubling.

But Apple just collecting a log file of WiFi AP names and cell towers isn't only not troubling, but very useful. It helps locate WiFi APs, to help with GPS acquisition time on iPhones and 3G iPads, and gives iPod touch and WiFi iPads the ability to give a general location in the first place. It also can help provide real-time traffic info.

However, if Apple ties this to a person, phone number, or a phone, they are doing it wrong. If it's just an unrelated list of "this cell tower, this WiFi AP, this time", then really, there's no big deal.

Re:Bug?

Not at all. Off by one errors are *easy*.

Re:Bug?

[node+3]

Since Apple states in their 'explanation' that they are collecting the data, using it, and intend to use it more in the future, it is pretty hard to rationalize it as a bug or an oversight.

The oversight is in not culling the file, including it in the backup, and not deleting it when Location Services is turned off. All of which will be fixed in an upcoming iOS update.

The only oversight on Apple's part would be in not hiding the fact that they are tracking users well enough.

Apple isn't tracking their users. The information is anonymous. No one is tracking each iPhone user personally, just the group in aggregate. Also, it's funny you say their oversight is "not hiding" this very well, when your previous sentence is based on a public statement by Apple that they are collecting this information. Let alone the fact that this is also stated in the iPhone EULA.

Android does this too. One main difference is Google ties a lot of information to your Google ID. I'd trust Apple to be less of a privacy invader than Google.

Re:Bug?

[goombah99]

Where do you think the data in consolidated.db came from?

Re:Bug?

[Belial6]

The lack of culling the file is a red herring. It is the small 'mistake' they use to divert people from the fact that they were secretly bugging their phones. Apple was continuing to collect location data and transmit that data back to Apple even when the user turned off location services. As bad as poor cache culling is, it is a distraction that is being exploited by Apple.

You don't know that Apple isn't tracking their users on a personal basis. Apple is notorious for hand waving and telling you that "We've always been at war with Eastasia". A perfect example is to say they are not recording the location of your phone, but instead are recording the cell towers and wifi points. We all know that it is pretty trivial to calculate a point from that, and in fact is how all GPS supplies a users location. If Apple defines "no personally identifiable information" the way they define "don't log your location", then they are tracking users.

Claiming that they were not secretly tracking users because they admitted it AFTER they got caught does not mean they were not doing it secretly. The EULA excuse is just that. An excuse. It is intentionally writing in a vague manner in a document that they know full well will not be read by the vast majority of people. Just as their admitting that they are still tracking users, and will continue to track users is writing in New-Speak so that users will not know they are being tracked. Just read this forum, and your own post to see how many people know they are being tracked even after the New-Speak press release.

Here is a question. (Presuming you have an iPhone) Do you know that you are being tracked by Apple? If the answer is no, then you have validated my point on how Apple can admit that they are tracking users and still be doing it secretly.

Re:Bug?

[beelsebob]

One of the biggest failures of how non-agile/XP methodologies are implemented – the requirements documentation is usually so out of date that it doesn't even contain the feature that you're working on, let alone what it shouldn't do.

Re:Bug?

[Kyusaku+Natsume]

As an example of the usefulness of this feature, I lent a friend of me my iPod touch 3rd. generation to use it has a PDA and to make Skype calls during his trip to Japan. Thanks to this cache when he used the (Google) Maps application the iPod immediately pinpointed his current location with a few meters of accuracy.

Re:Bug?

[CheerfulMacFanboy]

The file is a cache of what is sent to you by Apple . Why would they want it back? If you actually thought about it for a moment: the more data is in the cache, the less you tell Apple where you are (and that only within a couple of hundred feet at best).

It is clear you are not paranoid enough and must be one of Them.

Re:Bug?

[bennomatic]

In their official statement (via an interview on All Things D), they made it appear that the length of storage for users with location services enabled was a function of an arbitrary decision to limit the log to 2 MB. "Less than half a song," they said. But that's a lot of location data. So they're changing it.

Re:Bug?

It was an oversight. From a followup interview over here (http://mobilized.allthingsd.com/20110427/qa-jobs-and-apple-execs-on-tracking-down-the-facts-about-iphones-and-location/), the VP for iOS stated the cache was capped at 2MB. As people have discovered, this 2MB limit was so high, it potentially allowed a year or more worth of data to accumulate. The fix is to lower this to an exact time cap of 7 days.

A true bug is the backup of the file. From my own examination of the issue and history, this is what I believe happened:

* iOS 2.0 (or possibly earlier) created a cache of cell towers, and put the info in /root/Library/caches/locationd/h-cells.plist (the root users Library cache location)
* iOS 4.0 changed location providers and started caching WiFi data. Previously Google was used for cell towers, and Skyhook for WiFi. iOS now uses data from Apple. The cache was changed from a plist (XML format settings file) to an sqllite DB, and stored as /root/Library/caches/locationd/consolidated.db
* iOS 4.0 also added a new panel in Settings with on/off toggles for location permissions for every app. This was stored in a configuration file in /root/Library/caches/locationd/clients.plist
* The engineer who added the clients.plist wanted this file to be backed up and restored, so he included /root/Library/caches/locationd/ in the list of places to back up

That last part there shows a failure of code/implementation review processes on the iOS team. Anyone here who works with OS X (and iOS) knows the standard place for settings/preferences is in Library/Preferences, a place already backed up normally. Caches folders, on both OS X with Time Machine, and on iOS with iTunes syncs have never been part of a backup. Until this one path was added in.

Re:Bug?

[dissy]

The lack of culling the file is a red herring. It is the small 'mistake' they use to divert people from the fact that they were secretly bugging their phones.

There is NO audio data stored what so ever, and no bugging of the phone happening at all.

Apple was continuing to collect location data and transmit that data back to Apple even when the user turned off location services.

At this point you are just purposly lying to make up a problem that doesn't exist.
None of what you say is happening, nor claimed by anyone but you.

The phone is not collecting your location data. It is collecting cell tower locations. Not your location. It is also not being sent to Apple, or anywhere for that matter.

This is just flamebait pure and simple.

Re:Bug?

[Belial6]

By 'bug' I was refering to a secret remote monitoring device. If that lead to a misunderstanding, I apologize. That doesn't change that Apple has been secretly monitoring users.

Apple says on their own website http://www.apple.com/pr/library/2011/04/27location_qa.html that they are collecting data and transmitting it back to Apple even when location services are turned off. The level of cognitive disassociation that it must take to think that they are not collecting data, even when Apple themselves say they are is astounding.

Plus, cell tower locations is your location for anyone that knows how to do math. I presume that Apple has a couple of people on staff that are capable of doing some fairly simple math.

Re:Bug?

[CheerfulMacFanboy]

Since Apple states in their 'explanation' that they are collecting the data, using it, and intend to use it more in the future, it is pretty hard to rationalize it as a bug or an oversight.

What data are you talking about exactly? The file that was just discovered - or rather 6 months ago? That caches data send to you by Apple. Why would they want it back?

Re:Bug?

[Belial6]

The data that Apple admits to collecting here: http://www.apple.com/pr/library/2011/04/27location_qa.html

Re:Bug?

[CheerfulMacFanboy]

Not encrypting the data, on the other hand, seems to be a genuine oversight.

Why would they encrypt a cache that was never intended to leave the device?

Now, if the common conspiracy theory were true, and Apple had backed up the file so it would be kept across several devices and they could use it later - then they would have encrypted it, so nobody would know what the file contained. Instead it was found and identified 6 months ago - and now again by a bunch of wannabe security experts, who couldn't use Google nor find out what the file actually contained.

Re:Bug?

[node+3]

The lack of culling the file is a red herring. It is the small 'mistake' they use to divert people from the fact that they were secretly bugging their phones. Apple was continuing to collect location data and transmit that data back to Apple even when the user turned off location services. As bad as poor cache culling is, it is a distraction that is being exploited by Apple.

They aren't bugging the phone. The information you are referring to is anonymous, and is inherent with using a device that connects to cell towers. By definition, this information is in another party's hands. With Apple, this info is anonymous. With your carrier, it's not.

You don't know that Apple isn't tracking their users on a personal basis. Apple is notorious for hand waving and telling you that "We've always been at war with Eastasia". A perfect example is to say they are not recording the location of your phone, but instead are recording the cell towers and wifi points. We all know that it is pretty trivial to calculate a point from that, and in fact is how all GPS supplies a users location. If Apple defines "no personally identifiable information" the way they define "don't log your location", then they are tracking users.

Your example makes no sense whatsoever. When they say "no personally identifiable information", they don't mean location. That's not personal. They know an iPhone was in some location (with some varying level of accuracy), but they don't know which iPhone.

Claiming that they were not secretly tracking users because they admitted it AFTER they got caught does not mean they were not doing it secretly.

Except they aren't tracking anyone. They never admitted to it, because it never happened.

The EULA excuse is just that. An excuse. It is intentionally writing in a vague manner in a document that they know full well will not be read by the vast majority of people. Just as their admitting that they are still tracking users, and will continue to track users is writing in New-Speak so that users will not know they are being tracked. Just read this forum, and your own post to see how many people know they are being tracked even after the New-Speak press release.

Using Orwellian terms doesn't make it any more true. The EULA is fairly clear. I read the location part, did you? It very clearly states that the information is anonymous.

Here is a question. (Presuming you have an iPhone) Do you know that you are being tracked by Apple? If the answer is no, then you have validated my point on how Apple can admit that they are tracking users and still be doing it secretly.

No, in fact I know that I'm not being tracked by Apple. I know that they collect cell tower and WiFi AP information, and I know that they don't tie it to me personally, or my device specifically.

Do you know that Google does the same thing? Do you know that they are less clear with regards to how private the information is? Do you know that the end user is Apple's customer, but not Google's? Do you know that your cell carrier keeps a log of which towers you connect to, and that it's not anonymous, but very personally identifiable?

Re:Bug?

[node+3]

Plus, cell tower locations is your location for anyone that knows how to do math. I presume that Apple has a couple of people on staff that are capable of doing some fairly simple math.

No, it's not. It's a rough estimate of your location, and this information is being collected and logged by your cell carrier, by law, and is not anonymous, like it is with Apple.

Apple doesn't care where you were, they only care where certain towers and access points were (and soon, how many iPhones were in a specific stretch of road, for aggregate traffic info) so they can send a location database cache to your phone so that it can acquire its location more quickly. That is all it's doing. Apple never, ever, knows where you were unless you use a specific Apple service (like the Apple Store app, which asks for your location to find nearby Apple Stores, and most certainly doesn't log that information personally in some Orwellian database, like you seem to think they are doing).

Cognitive dissonance indeed!

Re:Bug?

[Nothing2Chere]

If you are creating requirements to the level of detail needed to fully specify purge behavior of a cache database, you're never going to finish your requirements document.

You joke, but I used to work for a bank...Requirements documents were considered "In-Draft" until the dev cycle was done, and the code got tossed over the wall to the testers. Even then, they would usually change them even after the features had been released to prod.

N2CHere

Re:Bug?

[MillerHighLife21]

Yea. It's a sad thing but in many cases dev teams are forced to deal with feature releases and marketing deadlines rather than getting to account for every ideal development scenario they'd prefer to pursue. Security details like this are often overlooked as many people/businesses just assume that the cost of fixing an issue when it comes up is dramatically lower than taking the time to try to find and fix every potential security issue.

Re:Bug?

[CheerfulMacFanboy]

The data that Apple admits to collecting here: http://www.apple.com/pr/library/2011/04/27location_qa.html

Which has nothing to do with the data that is being talked about now - apart from the fact that "your" data gets used to create our data. Anyway, we talked about your data nine month ago - get up with the times.

Re:Bug?

[4phun]

The oversight is in not culling the file, including it in the backup, and not deleting it when Location Services is turned off. All of which will be fixed in an upcoming iOS update.

The only oversight on Apple's part would be in not hiding the fact that they are tracking users well enough.

Apple isn't tracking their users. The information is anonymous. No one is tracking each iPhone user personally, just the group in aggregate. Also, it's funny you say their oversight is "not hiding" this very well, when your previous sentence is based on a public statement by Apple that they are collecting this information. Let alone the fact that this is also stated in the iPhone EULA.

Android does this too. One main difference is Google ties a lot of information to your Google ID. I'd trust Apple to be less of a privacy invader than Google.

If I was HSA or the FBI the data Google collects on each person is what I would want since google can pretty much tell where any particular Android user is in realtime. Since Google collects so much data across all it's products with the user Google ID it is extremely valuable to commercial interests who want your money and to any government who wants your loyalty or else your life.

Re:Bug?

[AmiMoJo]

Any programmer generating logs should be aware that old ones need deleting after a while. Otherwise your disk fills up. This is pretty basic stuff.

Re:Bug?

[Belial6]

Well, if you don't know how triangulation works, then there will be no convincing you. The fact that "where certain towers and access points were" are two the three ways that a phone knows where it is will be irrelevant to you.

Re:Bug?

[node+3]

The only thing Apple knows is that there was an iPhone in a rough area (the data isn't precise enough for GPS-level triangulation). Each time the data is sent to Apple, it's anonymized in such a way that it doesn't even know two data uploads are from the same phone.

And the information stored on the phone is much, much less precise. It's a collection of thousands of locations around where you currently are, 99% of which your phone can't even see.

Since you brought up the term "cognitive dissonance", you should realize that obstinately reinforcing your own ignorance, despite being presented with facts to the contrary, is a textbook example of this.

It is absolutely impossible for Apple to tell you were any individual person or iPhone is, and it's impossible to pinpoint an exact location (even within miles, in most cases) of where you were based on the data in the location cache. A cache which, by the way, is only accessible by hacking an iPhone, or perusing an unencrypted backup. Both of which are being addressed in the next iOS update.

Apple is not tracking, or "bugging", anyone. Get over it. Reality's nice this time of year.

Re:Bug?

[Belial6]

Really? Exactly what data are they sending back to Apple then?

Re:Bug?

[CheerfulMacFanboy]

Really? Exactly what data are they sending back to Apple then?

http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

Re:Bug?

[Belial6]

That statement pretty goes farther for indicating that they DO track you more than not. They make the comment that they don't track "you personally", but leave it wide open that they may track your phone. That is like saying, "We don't track the guy that is banging your wife". Sure, that COULD be someone other than you, but more often than not, it isn't. Before, you go into your "You just hate Apple rant", consider that in the other thread you were trolling, you claimed that Apple doesn't collect data on your phones actual location, yet the link you just provided states that they do. It also states they won't collect the data if you turn off location services, which has already been determined to be a lie.

Re:Bug?

[CheerfulMacFanboy]

Paranoia + no evidence + certainty that delusions are evidence = conspiracy theory.

Re:Bug?

[Belial6]

Whether you agree that what Apple is doing is bad or not, trying to claim that there is no evidence, and being concerned about the privacy implications is paranoia is a stretch taht only a Mac fanboy could make, no matter how cheerfully he might say it.

Re:Bug?

[CheerfulMacFanboy]

Whether you agree that what Apple is doing is bad or not, trying to claim that there is no evidence, and being concerned about the privacy implications is paranoia is a stretch taht only a Mac fanboy could make, no matter how cheerfully he might say it.

There is no evidence for any of your theories (you certainly haven't shown any). There isn't even evidence for your claims about me - like that I supposedly claimed "that Apple doesn't collect data on your phones actual location". Which makes it quite possible that you are not an uninformed paranoid, but a stinking liar who doesn't even believe his own shit. The only question is: are you only a pathological liar, a bog standard Apple Hater troll or somebody paid to lie like a politician.

nice

[calderra]

Apple: We never did anything wrong, but pardon us while we fix it anyway.

Re:nice

Apple: We never did anything wrong, but pardon us while we fix it anyway.

If fixing a bug is an admission of wrongdoing, the average Slashdotter has some penitence coming.

Re:nice

[jessecurry]

Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll take steps to make sure that our implementation is in-line with what our customers desire.

Re:nice

Thanks for pointing that out. The concept of "Making changes means you admit guilt!" whether in law or culture is a dysfunctional and stifling cul-de-sac.

Re:nice

[Crudely_Indecent]

Maybe a little more like this...

Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll begin encrypting the information so our customers have no idea what we are doing or what data we are storing. Maybe then they will go back to sleep until it's time to pony up for the next version of hardware.

Re:nice

Apple: We didn't see anything wrong with the previous implementation, but it seems that internet trolls do. We'll take steps to make sure that our implementation is in-line with what internet trolls desire.

Fixed it.

Re:nice

[Patch86]

Fixing a bug is at least an admission that it was a problem that needed fixing.

Since Apple/Google comparisons are all the rage, might I cast your mind back to the Street View / unsecured WiFi debacle. Google didn't do anything intentionally wrong (that anyone can tell)- instead they cocked up and ended up doing something they shouldn't have done, and have been dragged over the coals for it in various jurisdictions ever since. Negligence can still get you punished.

If Apple has been breaching privacy with their devices for a few years, all be it by accident, they could still feel the sharp end of legal stick. And admissions of large, privacy-breaking bugs are rarely good PR for the public either.

Re:nice

[Dunbal]

Apple: We never did anything wrong, but pardon us while we fix it anyway.

Apple: We never did anything wrong, but pardon us while we encrypt the data from now on. There - fixed that for you.

Re:nice

And just to rile up the anti-Apple haters...

Apple is doing so only because they are a greedy capitalistic company that wants to keep their users happy so they continue to entrench their distribution monopoly on their own hardware.

Re:nice

Until Microsoft does it, then you can attack freely.

Re:nice

Apple: Our Bad, There I Fixed It.

Re:nice

[slimjim8094]

Even better:

Apple: A relatively insignificant bug made it through QA, and now that it's been found we're going to fix it in the next update. While we're at it, here's what the facts are, what we do do and collect, and what we use it for - and how it's anonymized before we see.

Re:nice

[bored]

We'll begin encrypting the information so our customers have no idea what we are doing or what data we are storing.

That was sort of my thought too. Of course the key has to be on the phone somewhere, so finding the data probably won't necessarily be that much harder. Its more like "next time when someone catches us storing things we shouldn't be, we can hit them with a cease and desist letter because they violated the DMCA. "

Re:nice

[node+3]

Except they aren't going to encrypt the information, and they've never hidden the fact that they collect location information and anonymously send it to Apple.

Other than that, how's the tinfoil hat working for you?

Re:nice

[node+3]

Apple: We never did anything wrong, but pardon us while we fix it anyway.

Apple: We never did anything wrong, but pardon us while we encrypt the data from now on.

There - fixed that for you.

Except they aren't going to encrypt it. They clearly outlined what they are going to do:

1. Cull the cache so it's short term.
2. No back up the file.
3. Delete the file when Location Services is turned off.

They are still going to collect it anonymously, as per the EULA and other public statements.

Re:nice

[Crudely_Indecent]

Yeah, but the key can be compiled into a binary, so it might be inaccessible without knowing exactly where it is and how big it is. It probably won't be in a file named "ENCRIPTION KEY"

Re:nice

[Crudely_Indecent]

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

Other than that, how's being a schmuck working for you?

Re:nice

[Crudely_Indecent]

Except they aren't going to encrypt it....

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

You might try reading the article, or even the summary.

Re:nice

[node+3]

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

Other than that, how's being a schmuck working for you?

Apple never stated it's going to be encrypted. Read the article you linked to, or even Apple's actual Press Release.

You might want to adjust your tinfoil hat. Not only is Apple not going to simply encrypt the information, the information in the cache isn't even from the iPhone itself, but from Apple. It's a cache of nearby cell towers and WiFi access points so that when you use Location Services, the phone can look up its location faster than it would otherwise.

To repeat: this cache is from Apple, and is a collection of nearby towers and APs that your phone has never even connected to, so that if you drive ten, or even a hundred, miles from your current location, your phone can tell that it has done so in seconds instead of minutes.

Re:nice

[node+3]

Since you felt compelled to demonstrate your ignorance twice, I'll correct you twice:

Directly from Apple's Press Release. Nowhere does it state Apple will encrypt the data on the device. It does state that Apple has always encrypted the connection to Apple.

You lose. Twice.

Re:nice

[node+3]

Apple: We never did anything wrong, but pardon us while we fix it anyway.

If you were to read the actual Press Release, you'd realize how silly your post is.

The location file stored was not a log of where the phone was. It's a subset of the large database Apple has on where WiFi access points and cell towers are located. This helps the phone locate itself more quickly when the user requests it. Without this cache, the phone would have to rely solely on GPS (which can take minutes) or have to request data from Apple each time. The access points and cell towers in the file are not places where the phone has been, but places around where the phone has been so that if the phone moves to another location, it already has a local database to look up its location with.

This is not wrong. Not only is it not wrong, but it's good design. Additionally, Apple never tracks a user or a phone. This is also not wrong.

What they are fixing are some details of the implementation, but not the overall design of the implementation. Apple will continue to send a subset of the location database to your iPhone, but it will be stored for no more than seven days. It will not be included in the backup to your Mac or PC, and when you turn off Location Services, the cache will be cleared (and, by definition, it will not ask Apple for any location data, nor will it log it anywhere else).

Re:nice

[Crudely_Indecent]

Apple never stated it's going to be encrypted. Read the article you linked to, or even Apple's actual Press Release

Yes they did! DUDE, take your own advice.
From the Apple press release:

These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and *******encrypted******* form to Apple.

Further down, it states:

In the next major iOS software release the cache will also be encrypted on the iPhone.

Well, isn't that interesting....and you said:

cacheisn't even from the iPhone itself,

The Apple press release specifically says that it's generated from tens of millions of iPhones sending bla bla bla bla.....

My tinfoil hat fits fine, and I don't even own an iPhone.

I read the summary, the article and the press release. That's how I knew it was encrypted....All 3 resources state it....including Apple....in their press release....that you linked to....and obviously didn't read past the first paragraph.....

Re:nice

[Crudely_Indecent]

count again...

Apple never stated it's going to be encrypted. Read the article you linked to, or even Apple's actual Press Release

Yes they did! DUDE, take your own advice.
From the Apple press release:

These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and *******encrypted******* form to Apple.

Further down, it states:

In the next major iOS software release the cache will also be encrypted on the iPhone.

Well, isn't that interesting....and you said:

cacheisn't even from the iPhone itself,

The Apple press release specifically says that it's generated from tens of millions of iPhones sending bla bla bla bla.....

My tinfoil hat fits fine, and I don't even own an iPhone.

I read the summary, the article and the press release. That's how I knew it was encrypted....All 3 resources state it....including Apple....in their press release....that you linked to....and obviously didn't read past the first paragraph.....

Re:nice

[node+3]

Yup, there it is, at the very end. Sorry about that.

However, the original point stands. Apple is not simply encrypting the file, as Dunbal suggested (in this thread), and you suggested in a different one. Your tinfoil hat is still a bit tight. Apple isn't tracking you, they aren't simply hiding behind encryption. They proactively protect their users' privacy.

Re:nice

[node+3]

Yup, there it is, at the very end. Sorry about that.

However, the original point stands. Apple is not simply encrypting the file, as you suggested. Your tinfoil hat is still a bit tight. Apple isn't tracking you, they aren't simply hiding behind encryption. They proactively protect their users' privacy.

Re:nice

[Globe199]

Are you kidding me? Did they think that customers would want to have their every move logged into their phones? No.

This was by design. It took the collective efforts of some hackers finding out the technical aspects of it; a subsequent public uproar; and a nastygram from a US Senator. This isn't some benign misreading of consumer demand. Apple knew exactly what the hell they were doing.

Re:nice

So it's basically no different from a mapping application that downloads several square miles of maps at a time -- based on where you currently are. And I wouldn't expect the online map apps to purge the data when you turn it off, as it would be stupid to keep re-downloading them all the time.

Re:nice

[node+3]

Pretty much, yup. As far as whether to purge the data or not, Apple's position is that seven days is good enough. The data changes over time (cell towers and WiFi access points are are added, replaced, updated, and removed), so you'll need to update it anyway, and I don't suspect it's a very large data transfer.

Additionally, this is exactly how Apple's Maps app works. It caches data temporarily, but doesn't store it long term, instead redownloading as needed. I think this is a good compromise between performance, privacy, bandwidth, and storage.

Re:nice

[jessecurry]

You make it sound so sinister. Apple discussed the type of information that it collects, and why that information is collected over 1 year ago (http://www.wired.com/images_blogs/gadgetlab/2011/04/applemarkeybarton7-12-10.pdf).

Re:nice

Are you kidding me? Did they think that customers would want to have their every move logged into their phones? No.

This was by design.

It was by design because they think their customers want fast, reliable location fixes for applications like mapping, geotagging photos, and so forth. Map applications in particular have got to be a huge selling feature for smartphones. Do customers want a map always centered on their position which can advise them where to move next on their smartphone? You betcha.

So, the phone has a GPS receiver. Unfortunately, GPS has limitations. It can take a long time to return results, and it is very prone to line-of-sight issues: it doesn't always work so well unless you're outdoors with clear line-of-sight to many GPS satellites.

Therefore they (and other smartphone operating systems such as Android) augment GPS with triangulation. The phone can estimate the distance from each tower and hotspot it can currently see, and if it knows the locations of those radio base stations, it can calculate its location. This allows it to keep mapping applications (or whatever else the user is doing that wants a location fix) happy even when GPS is slow, unavailable, or unreliable.

How does it know the locations of those towers and hotspots? It queries a cache. You know, that file which has been the subject of so much tinfoil hat paranoia, including yours. If a tower isn't in the cache file, or hasn't been updated in a while, the phone asks Apple's central tower/hotspot location DB for the information, and writes it into the local cache.

And that's where the hysteria came from: it's a file which contains a bunch of locations which are loosely correlated with your own movements. I say loosely because the radius at which a phone can see a tower is rather large, so your phone may well ask for updates on towers miles away from your real location.

(The flip side of this is that phones also estimate radio locations and send that information back to the central DB, anonymized and encrypted: Apple's central DB is "crowdsourced". I'd guess most if not all of the information sent back is about WiFi hotspots, since Apple can get very precise up-to-date information about towers from the cellular service providers, whereas WiFi locations appear and disappear and move unpredictably. Most likely it's something like: "if GPS is accurate right now and I see a WiFi, anonymously send the GPS fix and WiFi signal strength and network ID", and then the central DB uses all the fixes sent to estimate the true location of the WiFi.)

It took the collective efforts of some hackers finding out the technical aspects of it; a subsequent public uproar; and a nastygram from a US Senator. This isn't some benign misreading of consumer demand. Apple knew exactly what the hell they were doing.

Apple did know exactly what they were doing. You don't, nor did Al Franken. Some in the media might have understood it, but breathless fearmongering sells more papers and gets more ad clicks.

Re:nice

[Dunbal]

They proactively protect their users' privacy.

Just like Facebook pro-actively protects your privacy by selling your personal information to everyone willing to pay for it. But you need a password to log in so you're protected.

Re:nice

[makomk]

The location file stored was not a log of where the phone was. It's a subset of the large database Apple has on where WiFi access points and cell towers are located

In terms of the privacy implications, it may as well have been a log - they were recording the estimated locations of the cell towers and WiFi access points in view together with the timestamp at which they were seen, which is obviously enough information to extract a coarse history of the phone's movements. When it comes to privacy issues, it doesn't matter what the information was intended to be used for, but also what it could be used for in practice.

Re:nice

[cheeks5965]

oooh burrn. Apple is improving their products because they hope to sell more products in the future. evil capitalists!

Re:nice

[CheerfulMacFanboy]

Fixing a bug is at least an admission that it was a problem that needed fixing.

Since Apple/Google comparisons are all the rage, might I cast your mind back to the Street View / unsecured WiFi debacle. Google didn't do anything intentionally wrong (that anyone can tell)- instead they cocked up and ended up doing something they shouldn't have done, and have been dragged over the coals for it in various jurisdictions ever since. Negligence can still get you punished.

Not quite - they stored data that there was no need to store, and they denied that fact until they were caught doing it - then they apologized.

Re:nice

[node+3]

They proactively protect their users' privacy.

Just like Facebook pro-actively protects your privacy by selling your personal information to everyone willing to pay for it. But you need a password to log in so you're protected.

Um, no. Apple doesn't allow anyone to access your personal location data without permission. They have also pissed off some publishers by making it opt-in, and entirely optional, for users to allow them access to information that the publishers usually require and themselves sell.

In other words (and in my original words), Apple proactively protects their users' privacy.

Remember, unlike Facebook and Google, the end user is the actual customer. Your accusations are not only unfounded, but completely contradict reality. Tin foil hats tend to do that.

Re:nice

[node+3]

The location file stored was not a log of where the phone was. It's a subset of the large database Apple has on where WiFi access points and cell towers are located

In terms of the privacy implications, it may as well have been a log - they were recording the estimated locations of the cell towers and WiFi access points in view together with the timestamp at which they were seen, which is obviously enough information to extract a coarse history of the phone's movements. When it comes to privacy issues, it doesn't matter what the information was intended to be used for, but also what it could be used for in practice.

To an extent, but it's not what people were making it out to be. For example, merely knowing which city (or rough part of a city) a person was in is quite different from knowing which address they were physically at, and I'm sure most people will react quite different to those very different scenarios.

Also, this file was never sent to Apple, and is entirely within the user's possession. However, the procedural updates very well address the lingering privacy concerns pretty much 100%. The file will be encrypted, will be culled within seven days, won't be included in back ups, and will be deleted when Location Services is turned off. It's difficult to imagine how it could be done any better than that.

Re:nice

Would that be like your cocksucking phase, or are you planning on keeping that up for a while?

Re:nice

albeit. Fuckwad.

Good...?

[tripleevenfall]

Well, this seems like a good response but I think we still saw here that data collection practices for consumers are going in a negative direction.

Overall, this has taught me to simply leave location services off, because the data is being stored on the phone and potentially could be available for data farming in the future.

Re:Good...?

[gabebear]

Turning location services off doesn't make it any harder for someone to track your phone... it just makes it harder for you to find your location.

Re:Good...?

[tripleevenfall]

How so, if it deletes the cache entirely when you turn it off, as TFS seems to indicate?

Re:Good...?

[Necroman]

location data isn't currently deleted when location services are disabled. That's a coming feature.

Re:Good...?

[SvnLyrBrto]

How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

Re:Good...?

[erroneus]

It does make it harder for someone to know where you have BEEN though. It's not about tracking the phone "now" as much as where it has been. Such data could be used by law enforcement or jealous spouses as evidence against you. It could also be used by a stalker. And while I haven't given it much thought, I am quite certain there are dozens of other possible uses of this data that would not be good.

Re:Good...?

Well, it was/is possible that if some nefarious third party stole/found your phone, they could get the data off the device and then see where you had been (sort of). But yes, this is Slashdot: Making Mountains Out of Molehills Since 1997

Re:Good...?

[machxor]

How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...

Re:Good...?

[neoform]

>This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

I'm fairly certain all the people up in arms about this are not iphone users.

Re:Good...?

[Crudely_Indecent]

Knowing a history of where you've been is key to determining where you might be going in the future.

I had to tell one of my daughters to turn off the GPS location update on her pedometer app because she was posting her jogging path/times on facebook. She didn't know the feature was turned on, and scrambled to delete the details from her facebook account. I didn't need to explain the dangers to her, but I'll explain it here.

With knowledge of her jogging path and the approximate times she normally runs, kidnapping (or worse) couldn't be easier.

Re:Good...?

[gutnor]

Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...

If you are worried about those that do not posses legal method to access that data - you should really encrypt your data. The log can only be accessed from you home computer or you mobile phone directly (after hacking it) - if somebody you don't like has unrestricted/uncontrolled access to any of those, there is a lot more stuff you need to be worried about.

There is of course the Private Investigator case hired by your wife that could be borderline possible. In real life, that would be far easier for the PI to stick a GPS tracker under your car and that would give him more precise, more discreet data collection service.

Re:Good...?

[blueg3]

If your stalker has physical access to your phone, you're in a lot of trouble, regardless of Apple's policy and implementation of Location Services on the iPhone.

Re:Good...?

[mjpaci]

Dollars to donuts the people bitching the loudest about this check in to FourSquare 72 times a day, tweet 245 times, and update their Facebook status with what they're doing and where at least every hour.

Re:Good...?

[erroneus]

Thieves are everywhere and nowhere. Most women keep their phones in their purses and they tend to leave those things laying around all the time and they don't have locks on them. And for that matter, I sometimes leave my phone on charger at my desk and walk away -- not smart, but we aren't always thinking of those things when other stuff is on our mind.

I liked Crudely's response above -- I hadn't really thought about how a stalker would use history data -- but there you go -- it's quite obvious and in one's face. And I'm not sure whether you saw that news bit that came out not long ago, but apparently there is some device/software designed for police to download the contents of just about any phone in a matter of minutes. Things like that often end up in private hands... or in the hands of police who can't separate their professional lives from their private lives... or in the hands of politicians who are in charge of police departments and on and on.

"Access to the device" is trivial. Having data there that would be better off NOT being there is not.

Re:Good...?

[Patch86]

Leave the police and the courts out of the equation for a moment (as we have to assume, these days, that the state is omnipotent in any case).

This whole controversy sprung up because some well-meaning developer released an app that could access the data. By extension, we could assume that all iOS developers- including malware developers- could work a similar trick, to less innocent ends. Malware/adware/spyware developers couldn't subpoena your details from your provider; this is the only method by which they could access this sort of data.

As such, you can look at it as a pretty big security hole that needn't exist.

Re:Good...?

[blueg3]

"A matter of minutes" is a bit of an overstatement (if everyone owned iPhones, it would be simpler, but the procedure for collecting data with something like Cellebrite is more time-consuming than "minutes"), but it's true that it's not too difficult to pull information off a phone if you have physical access to it.

It's certainly true that the location database can easily be taken and used against you if someone has physical access to your phone. It's certainly true that people can get physical access to your phone. However, there are lots of things -- many of them much worse than getting a history of your past locations -- that people can also easily do if they have physical access to your phone.

So, like I said, if your stalker has physical access to your phone, you're in a lot more trouble than "they might have my location history".

Re:Good...?

"This whole controversy was much ado about nothing."

That's your opinion.

You obviously don't know much about the weakness of iPhone
passwords, or GSM security.

But that doesn't keep you from spewing your meaningless bullshit,
does it ?

Re:Good...?

[Belial6]

Even if they do, that is irrelevant. Informed consent is important. If my hot neighbor wants to watch me shower, all she has to do is ask, and I'll invite her over. Heck, I'll invite into the shower with me. If I find out that she has planted a video camera in my shower, I am calling the cops.

Heck, right now, my wife and I GPS track our phones, and have access to the database on each other's phones. It is very convenient for planning dinner, finding each other at theme parks, and finding our phones if they are misplaced or lost. I have no problem with my wife knowing where I am 24 hours a day. We would have a serious problem is I found that she secretly install a GPS on my phone to secretly track me.

Re:Good...?

[shadowrat]

You also shouldn't take pictures. Even if they aren't geocoded, they still implicitly identify some location. Actually, it's probably best just to leave the phone off all the time. the cell companies have access to your location. It's only a matter of time before they realize there's a potential gold mine in that data.

Re:Good...?

They released a desktop app. iOS developers did not have access to this file.

Re:Good...?

[Dare+nMc]

>The only thing that was different was that the user had access to the data that "the man" had all along.

US authorities, may be allowed legally, with subpoena, get your US records today, but the Iphone is a international phone. Also no subpoena is currently needed when crossing into the US to take your phone/computer data. So it is very believable someone who went to someplace like Cuba and turned on their Iphone. It could be a real pain to have USBP having every location someones phone has been in the past year, and having to explain/defend your travels...
Of course it is also very plausible entering other countries they might also take this data, and also make your life miserable as well. (IE why were you in Amsterdam, not on your passport, lets check every bag now...)

Re:Good...?

[slimjim8094]

As I understand it, iOS apps can't access it because they're sandboxed off from the system. The file is accessed in the phone backups on the computer. So the moral is don't run untrustworthy software on your computer, unless you're alright with it doing things you don't like.

Re:Good...?

[internettoughguy]

So the moral is; before you get into the shower with your neighbour you should check your wife's GPS location?

Re:Good...?

[CheerfulMacFanboy]

http://www.willclarke.net/?p=278

there is still a large security concern for people that live in cities. Since the urban density of “cell phone towers” (or more realistically, wireless network nodes) is much greater, couldn’t someone who stole your iPhone find you in a city much more easily?

From the data I’m seeing, no. I have been looking through the table of my data more thoroughly and what I’ve found is interesting. It doesn’t log one data point at a time - it will log a couple dozen data points all at once. For example, here is my data visualized on a graph, for the timestamp of April 3rd at 5:15:25.865 PM:

Note the Horizontal Accuracy of the two points. This is a measure, in meters, of the confidence in that location - like when you load up maps and it shows a blue “halo” around your location indicating the area you may be in. The first point has an accuracy of 549 meters, the second 500 meters - and they are over 2000 meters from each other. Now, if these data points are supposed to be where you are, then their horizontal accuracies should all overlap on some point that reveals your actual location. But they don’t - which is why I believe they are locations of nearby cell sites, and the horizontal accuracy is a measure of how confident it is that the cell is there.

“But it’s still very revealing!” you must be thinking. After all, if it’s cell sites around you, you must be right in the middle of that circle. Fortunately for my privacy, no. At 5:15 PM on April 3rd I was in the bottom left of that circle, over a block away from the nearest dot on the map. I had just finished a 155 mile bike trip and was pretty happy to be sitting there, not moving.

If you think that is close enough to "track your every move", your paranoia is your least problem. Also check his previous post on how this "tracking" goes way off track.

Re:Good...?

[gabebear]

Knowing a history of where you've been is key to determining where you might be going in the future.

Oddly, this is true for your phone as well. The reason it caches any location data is so that it can figure out where you are without hitting the internet. If it sees the same WiFi access points that it did sometime in the past, and it knew where it was, then it knows where it is now.

Glad this is over

[gabebear]

I'm an iOS developer and am glad this is finally over. I wasn't worried about the security ascpect; I was tired of getting stupid alarmist questions about it.

Re:Glad this is over

[geekoid]

Alarmist? no, not really.

Look around the world. In a lot of areas, people are rising up against oppressive governments. In these situation, people are being found by the government based on cell phone location. Imagine what happens when a 'dissenter' gets caught and his phones also has the location of where he has been?
That isn't some hypothetical, it stuff that is actually happening. Right now. It may not be happening where you live, but the world is bigger then you.

So, no not alarmist, reasonable.

Re:Glad this is over

[Americano]

Oh, it's not over - where Apple is concerned, it's never over here on Slashdot.

Re:Glad this is over

Um, are you one of those people rising up against oppressive governments? How about the people bringing a class action lawsuit? How about the many blogs screaming about it? No?

Can this data be used in real-time? No. Can it locate you precisely? No. Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

Hmmm... I think "alarmist" is an accurate description.

Re:Glad this is over

[Americano]

This data is NOT "tracking the phone's location". It is only enough to show you that "this phone was somewhere inside ~100 miles of a given location."

If you're being executed or imprisoned because "your phone says you were within 100 miles of Tahrir Square on a day that protests against the Egyptian government occurred," then they're simply looking for an "official" reason to put on your execution / imprisonment paperwork. Of course, all of this "The iPhone, it TRACKZ JOO" hysteria simply gives people looking to "disappear" a few political opponents another way of documenting someone's "guilt".

If you're concerned about oppressive governments misusing the data, you wouldn't give them the crutch of saying "It's tracking the phone," and thus lending credibility to a flimsy justification for throwing someone in prison. You'd be very clearly and very strongly stating that that data on the phone has nothing to do with the precise location of the phone, and only provides the most general (regional) indication of the location of the phone at any given point in time. Because, you know, that's actually what it does - not indicate precise-to-the-centimeter location information for the phone.

Re:Glad this is over

[ediron2]

yeah, really it is alarmist. Your location is tracked constantly due to cellphone-to-tower chatter. IOW, if your signal-strength meter is working, The Man knows where you are.

Security Theater -- no longer limited to airports, courthouses and queues.

Re:Glad this is over

They still have this data. They had it all along. Before the iPhone even. You don't even need a smart phone. All cell phones have a unique identifier. This identifier is communicated to every cell tower your phone handshakes with. The logs of those cell tower's are retained and available to any government.

All this hoopla has been over a file only accessible on your device by your equipment. They don't need this file, the cell companies have their own.

Re:Glad this is over

[intheshelter]

Normally I can't stand posts who start with "ummm" or "hmmmm", but at least you redeemed yourself by pointing out geekoid's hyperbole and bullshit.

Re:Glad this is over

[mlts]

Here in the US, availability of cellphone location for civil/criminal actions isn't a good thing either:

1: A DA could easily file a warrant for location info from cell providers to find who was in a park after dark, then go on a mass raid, filing criminal trespass charges on 20-30 people at once in a roundup.

2: People who were at the location of a certain protest can be blacklisted from jobs, or even supermarkets, where they would have to ask friends or go out of town to get basic groceries.

3: Foreign intel sources can get info what VIPs go to what meetings, and know what soft targets to attack.

4: People who have sensitive jobs can have the location information used as blackmail.

5: Blackmail/extortion in general. I remember a school district in California that had a security breach (with major PII compromise), and parents in that district got an anonymous E-mail with a map of how their kid walked to school and a note that their kid would have a greater chance of completing their journey from home to school if they paid a "fee".

Location information needs to be treated as PII, as much as SSNs. However, I doubt we will ever see laws that actually punish anyone for PII loss anytime soon in the political climate in the US. Europe would be a different story just due to the past history.

Re:Glad this is over

[Belial6]

Most people know that the phone company knows where their phone is. We are talking about Apple knowing where the phone is. Right now, my wife knows where I am. My dentist doesn't. If my dentist called me and asked, I would tell him. I would find it odd, but I wouldn't have a problem telling him. If on the other hand, I found out that he had planted a tracking device in a filling, we would have a big problem on our hands.

The Apple apologists keep pointing out that the phone companies already know where your phone is, so it is OK for Apple to do the same. That is a ridiculous statement.

Re:Glad this is over

It's not about proving where you were. It's about proving who you were associating with. Maybe you're part of a rebellion and they use the location data of your phone to find out where you're most likely to have met co-conspirators, and then the location on their phones incriminates them. I think this is far fetched but it's the point GP was making that you are missing.

Re:Glad this is over

[Americano]

Once again: The data on the phone is not precise enough to tell "where you met" or "where you were" or "who you were with" with any degree of accuracy or precision.

The point is the same - that somehow some repressive government will use this logged data as a way of saying "your phone says you were within 100 miles of a suspected rebel safe-house on a day that other people were ALSO within 100 miles of that safe-house - you are, therefore, a rebel, and so are they!"

I repeat: If this is the entirety of the data your government is offering as a justification to imprison/execute you, then whether or not they have this data, you're going to end up imprisoned/executed. It simply is not precise enough to place people at a certain point at a certain time, and anybody who is arguing otherwise is, plainly stated, off-their-ass wrong in saying that the data is a log which tracks your movements.

Though I'm sure that repressive governments appreciate the unintended legitimization of this method for repression by the people who are trumpeting about how this data is "tracking" the movements of the phones. After all, "I read it somewhere on the internet that this information tracks the user, and it clearly shows the user at a specific location on a map where the rebels always meet," sounds so much more legitimate and convincing than "I don't like him, because he is my political opponent and wants a democratic society."

Re:Glad this is over

[moronoxyd]

Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

Can an oppressive government that just found out that you are opposing it get your location data from the last few days, weeks or months to see where you might have met with other dissenters?
Well, if you own an iPhone it can.

And the argument that I and GP are not one of those people is bull. The potential alone is a problem.

Re:Glad this is over

[moronoxyd]

My cell phone provider knows, because he needs to know in order to provide his service.
The Man can get that information because the law allows him to.

But that doesn't mean that Apple has a right to know, or that any third party has a right to know without my consent.

Re:Glad this is over

[moronoxyd]

Anyone who's been using Apple products for a while expected this, as it's how they typically respond to controversies - by investigating the issue and providing a detailed accounting of what they're doing and why.

Strangely enough, I don't use Apple products and I have a different perception:
1. Apples waits a few days, hoping that the matter will be buried by some other scandal.
2. Steve Jobs comes out saying: 'There's nothing to see here, but look over there! Our competition does that!'
3. Apple release an official statement along the line of 'we didn't make a mistake, but we'll fix it anyway'.

It happened here, it happened with Antennagate, it#s their modus operandi.

Re:Glad this is over

Apparently you didn't look at any of the maps that showed the plotting of the data. 100 mi? Let's at least try to be honest.

Re:Glad this is over

[Americano]

Apparently, I did. Apparently, I ran it on my own data, as well. Apparently, you do not understand the phrase "within 100 miles". Apparently, you also do not understand that the lack of precise location data in the log means that if that's the only evidence against you that leads to your conviction, you're being railroaded and the "iphone log says you were somewhere in the area" is simply a fancy way of dressing up an abuse for political reasons.

Apparently, you don't realize that your attitude is actually legitimizing people who would make the claim that the iPhone's log is some sort of "irrefutable proof of absolute location," and use that "proof" as a pretext for making political rivals disappear. If you're concerned about oppressive governments, you would be clearly and unequivocally stating that this is not "tracking" data, and does not absolutely identify a user's location. It gives a "general area" - and unless you have some other proof that I committed a crime while in that "general area," then any attempt to use my presence in that "general area" as the only evidence to convict me of that crime is a farcical parody of justice. And if your government is the type of government that engages in that, then the existence (or lack) of an iPhone log will make no difference to them if they've decided you're going to prison.

Let's at least try to be honest.

Re:Glad this is over

[CheerfulMacFanboy]

Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

Can an oppressive government that just found out that you are opposing it get your location data from the last few days, weeks or months to see where you might have met with other dissenters? Well, if you own an iPhone it can.

Of course they can do much easier going to the state owned cell phone provider, which gives you much better data anyway. And all that without you having to find that damn dissenter and his stupid phone first just to find out where he may be with a precision of a couple of miles. Too bad not all oppressive governments are remotely as stupid as you lot.

Timestamps

[Kuukai]

What about the timestamps? Why does a "crowd-sourced Wi-Fi hotspot and cell tower database" still need timestamps?

Re:Timestamps

Because you need to know if the data is up to date.

Re:Timestamps

[Imagix]

So one can expire out old entries? Or use it as some part of a confidence measure that the wifi spot still exists? Cell towers don't move (or disappear) as often.

Re:Timestamps

[Americano]

... so that it can tell which particular towers & wi-fi hotspots you've seen most recently?

The point of the database is to help the iPhone determine its own location more quickly. Having a list of a thousand map coordinates that the iPhone has seen "in the last year, sometime," does very little to facilitate that unless the iPhone can also know which ones it has been in range of recently.

Re:Timestamps

[Kuukai]

Do you need the minute for that? Isn't the month or week good enough? Would take up less space, too.

Re:Timestamps

[Kuukai]

So you need the exact time and not, say, the day or week?

Re:Timestamps

Yes

Re:Timestamps

[geekoid]

Maybe not, but he developer is just grabbing the time stamp as is.

As far as less space, it's really not a concern.

Re:Timestamps

[erroneus]

In this case, it is quite easy to imagine that this was merely an oversight on Apple's part.

Log files are useful forensic data. All log files have time stamps, otherwise they would be less useful. And when making a log file, date/time information is standard data to include.

Why is this easy to accept as an oversight on Apple's part? Well, as a person with a programming background, I can't imagine writing a log file any other way. But not being 110% security conscious is not the same thing as "tracking users."

I too was on the band-wagon of Apple bashers on this topic. In a way, I still am -- I think all information tracking should be handled carefully and this is an instance where it wasn't. But to presume more beyond not cleaning log files is too much at the moment. (Still, was there evidence that this log file was ever pruned or rotated in any way? After all, what would happen if this guy was a taxi driver or a world traveller? Wouldn't there be potential for his iProduct to run out of space and crash?) In any case, additional thought on the subject has yielded a much more rational view.

Re:Timestamps

[Americano]

Well, how about the fact that people often travel more than a few hundred yards in a single day or a single week?

Maybe you're a shut-in, I don't know. But I am pretty sure that people who travel frequently wouldn't appreciate the "excellent location services" that could be offered by an iPhone that always thinks you're in the same place you were yesterday, or last week, and takes a few minutes to locate you every time you move more than a few miles. Seems to sort of defeat the purpose of having a cache in the first place, no? If you're going to do that, might as well just kill the "assisted" part of aGPS and just force the phone to use GPS-only, all the time, no matter how long it takes.

Re:Timestamps

[Kuukai]

Ok, just pretending that's true, do you need the exact time a month ago? Can't there be a fade-out or something? Yes this is more work, but apparently it takes more work to make a cache not be a log. If you indiscriminately record all information, that would be a gross breach of privacy, regardless of how inconvenient it would be for the programmers to do something else. This is an example of the same kind of thing. The information can be used to track a user. That's something Apple is expected to avoid, if possible. It's possible. Hence outrage.

Re:Timestamps

[Americano]

Your initial question was why they needed timestamps to at all. That question has been answered.

If you want to go read the article and see how Apple plans to address your other concerns about the long-term retention of this data now, I'd certainly encourage that.

Re:Timestamps

[blueg3]

Redacting timestamps to the accuracy you think you need is much more annoying than simply getting a timestamp via a built-in function.

Re:Timestamps

[Kuukai]

Your initial question was why they needed timestamps to at all. That question has been answered.

No it hasn't. If they're only retaining records for a week, then once again why do you still timestamps? Everything in the retention period should be "good" data now.

Re:Timestamps

[Americano]

If they're only retaining records for a week, then once again, why do you still timestamps?

Perhaps you could try and explain how it's possible to expire data out of the cache when it is more than 7 days old, without some way of knowing when the data was added to the cache? Suggesting that it's possible to only keep 7 days worth of information - without recording the age of each entry - uses a set of assumptions and "logic" that escapes me.

Re:Timestamps

[klui]

I would put it in for development to give me the proper timeline of events. And if I have the time, I would either remove the timestamp or reduce its accuracy. If I have time.

Re:Timestamps

[Dunbal]

As far as less space, it's really not a concern.

Wait, you're the idiot storing every field as VARCHAR(1024)?

It's not a matter of space, it's a matter of efficiency. Plus when the space is on a storage device that doesn't belong to you, it most certainly is a concern. A good programmer would try to use as few resources as possible. Of course today people (developers and end users) just don't give a shit. Device too slow or out of space? Throw it away and buy a bigger one. The US produces more waste per capita than any other nation on the planet. This behavior however is not sustainable, and reckoning is coming.

Re:Timestamps

[Belial6]

Except for the part where Apple admits that they are collecting the tracking data, and intend to continue to do it in the future. The data on the phone is just a tell tale symptom. The problem is Apple tracking iPhone users.

Re:Timestamps

[shadowrat]

I can imagine the architecture meeting that took place.

engineer 1, "hey! you know what would help us get more accurate location? if we kept a cache of the locations of nearby cell towers on the device."
engineer 2. "Yeah! and if it was timestamped, we might be able to deduce movement patterns and provide even MORE ACCURATE DATA! WIN!"
jr programmer: "guys, wouldn't this pose a privacy risk? we would be storing a history of areas the phone went to. people are sensitive about that."
engineer 2: "Nah. people willingly post their exact location to social networks all the time. they WANT to share this data. this will help them share the data better. besides the cell provider has all this data already. what difference does it make if it's in one more spot?"

The team leaves the room [pan left to the corner]. A dark thin figure emerges from the shadows.

Steve Jobs: "excellent. all is going according to my plan. Soon I and I alone will know the locations of all AT&T, Verizon, and T-Mobile towers! The world will bow before me! heh heh heh! MU HA HA! HA HA HA HAAAA! ooo! ow, my kidney hurt from that."

ok. maybe that last part didn't happen exactly like that.

Re:Timestamps

[Kuukai]

Um, just record the day? You don't need the whole timestamp.

Re:Timestamps

[Americano]

Are you being deliberately obtuse? Or do you really think nobody ever travels more than about 3 miles in a single day?

Re:Timestamps

[pslam]

A good programmer would try to use as few resources as possible.

No, a good programmer recognizes premature optimization.

Re:Timestamps

[Kuukai]

What are you talking about? A lookup is triggered by a cache miss. Each location batch can be labeled by anything, it doesn't need to be the exact time. This information is useless for any part of the process besides dumping the cache because, like you said, users can travel all over the place in a short period of time. This makes the timestamp not a great heuristic of what batch you want, not that batch lookup would even affect performance in any perceivable way.

Re:Timestamps

[Americano]

Here's one way the timestamp could be helpful:
"Hmm. I don't have any of the towers in range cached. I don't have any clue where I am. I better do two things:
1) Assemble a list of towers & hotspots in range, and query for their locations;
2) Look back at the most recent towers & hotspots in my cache, and assume I'm near them for the purposes of beginning map data retrieval."

Cell network connections are high latency, and not always high speed. Minimizing the time required before you can start displaying usable information to the user is a feature, not a bug. I'm sorry that you're confined to your home, but not all of us must - or wish to - operate under those constraints.

And that's beside the fact that the 'time' function on Unix systems returns epoch seconds, and that it is simpler (and more efficient) programming to not bother with converting and extracting specific dates or other components of the date from that value to use in your cache. Given that you MUST have an 'age' for the entry to expire things out of the cache correctly after 7 days, using the actual value simplifies cache cleaning and cache creation.

It's much easier to implement:
if ( (current_time - 604800) > entry.create_time ) { purge(entry) };

Than to sit there saying "Today is Wednesday the 27th of April. Find and purge all entries in the cache that were created before April 20th!", due to the existence of month boundaries, and the simple fact that extra calculation is required every time you do this - making for less efficient software.

If you really can't see any way for timestamps to be helpful, and even desirable, in this application, then you're either trolling, or well out of your depth discussing things you have only the barest understanding of. Trolling is annoying; willful ignorance is sad. Either way, your points have been addressed numerous times.

Re:Timestamps

[Kuukai]

Here's one way the timestamp could be helpful: "Hmm. I don't have any of the towers in range cached. I don't have any clue where I am. I better do two things: 1) Assemble a list of towers & hotspots in range, and query for their locations; 2) Look back at the most recent towers & hotspots in my cache, and assume I'm near them for the purposes of beginning map data retrieval." Cell network connections are high latency, and not always high speed. Minimizing the time required before you can start displaying usable information to the user is a feature, not a bug.

You don't need a timestamp for that. You can just number cache batches in the order they were fetched. You know, 1, 2, 3...

Than to sit there saying "Today is Wednesday the 27th of April. Find and purge all entries in the cache that were created before April 20th!", due to the existence of month boundaries, and the simple fact that extra calculation is required every time you do this - making for less efficient software.

It's a bit shift. Nothing is simpler than a single ARM instruction. If you do that you're working with more like 3/4 of a day, but that's good enough for our purposes here.

I'm sorry that you're confined to your home, but not all of us must - or wish to - operate under those constraints.

Stay classy.

Re:Timestamps

[Americano]

You don't need a timestamp for that. You can just number cache batches in the order they were fetched. You know, 1, 2, 3...

Why bother with that, when you already have the timestamp? You need to know the time so you can expire things out of the cache. Using anything else is extra overhead. A few extra instructions not be MUCH overhead, but it's still overhead.

It's a bit shift. Nothing is simpler than a single ARM instruction. If you do that you're working with more like 3/4 of a day, but that's good enough for our purposes here.

It's a bit shift that's unnecessary, because, one last time: you already have the timestamp. Any additional bit shift, calculation, or change you're making to that timestamp requires additional instructions after you retrive the timestamp.

Stay classy.

I'm sorry, did you really think that somebody might conclude you're doing anything but trolling now? You asked "why they needed it." You've received an answer, and you persist in arguing that there's no reason to use the timestamp. You came into this with a predetermined conclusion that you simply wished to soapbox - it would've been far easier (and more honest) for you to simply say "LOL THEY R DUM N I IZ SMRT BCUZ I WUD NEVER DO DAT, NO MATTER WHAT REASON MIGHT EXIST 4 IT."

Re:Timestamps

[Kuukai]

To reiterate: Yes this is more work, but apparently it takes more work to make a cache not be a log. If you indiscriminately recorded all information, that would be a gross breach of privacy, regardless of how inconvenient it would be for the programmers to do something else. This is an example of the same kind of thing. The information can be used to track a user. This has already happened. Apple is expected to avoid this, if possible. It's possible. Hence outrage. A few extra instructions in this process will not affect performance.

We're both asserting our points. You're doing so with provocative language and an attitude. Therefore I'm the troll.

Re:Timestamps

[CheerfulMacFanboy]

What about the timestamps? Why does a "crowd-sourced Wi-Fi hotspot and cell tower database" still need timestamps?

Gee, why would a cache they had intended to clear entries after some time need a timestamp.

Re:Timestamps

[CheerfulMacFanboy]

Except for the part where Apple admits that they are collecting the tracking data, and intend to continue to do it in the future.

Where? No, don't answer - you don't actually want to understand what they say, you want to believe. And the long form doesn't prove anything either, else they would have brought it sooner. But that takes years to fake, right? Living La Viva Loco.

Re:Timestamps

[CheerfulMacFanboy]

Your initial question was why they needed timestamps to at all. That question has been answered. No it hasn't. If they're only retaining records for a week, then once again why do you still timestamps? Everything in the retention period should be "good" data now.

How are they going to know when a week is over? Just delete the cache every week on Sunday 0:00 AM? Do you even think about your answers for a second? Here's a hint: try a week between posts to think things over.

Fail

[magamiako1]

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

Sigh...

Re:Fail

[Kuukai]

Wouldn't it take less battery power to write less information? I don't think the original timestamped truckload of information was exactly lean. Saving power doesn't seem like it was a goal...

Re:Fail

...also encrypting is only good if the owner of the device is the only one with the encryption key to decrypt it.
  Giving APPLE the ONLY keys to your house is not really securing your house.

my 2c.

Re:Fail

[vlm]

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

The worst part is the encrypted data will almost certainly have a universal "law enforcement" backdoor, or just the same key for all devices which happens to be shared with law enforcement and the underworld in general. Once that leaks, its wide open to everyone but the owners.

Re:Fail

[geekoid]

No, more probably.

The time stamp is a function call. Now you want to do the function call AND then strip out information. That would take more power.
Not that it would even be measurable.

*Under the hood, when you pass options to only return a subset of the time stamp, it gets it all, then truncates the information.

Re:Fail

Phone company already has that information and it doesn't matter if you turn off location services. Realistically that's the first place someone with a warrant is going to look.

Re:Fail

[machxor]

Maybe you haven't been following along but this unencrypted data was available on any computer you backed up to.

Re:Fail

[MobyDisk]

The purpose of the encryption is to prevent a rogue app from mining that data.

1) So no one should encrypt private information if it is only kept on the device itself? So no need to encrypt your bank account files or password lists? No need to lock the doors to your house either.
2) This will not affect the battery life. Encryption is not that heavy.

Re:Fail

>and lower the battery to deal with encryption routines

"Fail." There is absolutely no way this will impact battery more than a few seconds every hour. You're making an issue out of nothing.

Re:Fail

The data will be encrypted with Apple's secret key. It just means the user will no longer know what is being tracked.

Congrats to all the people that wanted vendors to encrypt user generated data so users can't read it. Ignorance is bliss after all!

Re:Fail

[Belial6]

Actually the idiots are the ones who think the problem is solved even if the data is encrypted. The log file in the phone is the symptom. A symptom that can lead to more problems, but a symptom none the less. The actual problem is that Apple has been secretly tracking users, and intends to continue doing it in the future.

Re:Fail

[biglig2]

Unless, being someone who cared about the data on your phone, you checked the box labeled "encrypt my backups".

Re:Fail

[Just+Some+Guy]

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself

I can think of a lot of reasons why someone wouldn't want anyone else to have access to that information, period. For example, I bet there are a few abused wives around the country with husbands who just learned that they can track them (to a first approximation). "What's she doing in the next town over? She was supposed to be at work earning me money." If you don't like that particular scenario, there are plenty of others not involving Apple or governments to choose from.

Re:Fail

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

Sigh...

You're talking about a phone with a Wifi transciever, a cellular transciever, a GPS reviever, a backlit LCD screen, and a dual-core 1GHz processor with graphics acceleration, and you're worried about the battery demands of a few extra encrypted database reads?

You'd better go vacuum your car again. All the extra weight of those french fries under the seat is dragging down your fuel economy, you know.

Re:Fail

[magamiako1]

Okay,

Let me explain myself here.

As an iPhone 3G and 4 owner, as someone who follows the security field pretty heavily, I fail to see what this really accomplishes.

#1. Any concerns regarding law enforcement having access to this data is unfounded. They already have access to locating you, they have all sorts of access to your data. They already work with the mobile phone companies to get your position when they want. This extra file has no bearing on that whatsoever.

#2. The file only carries cell tower GPS locations (and I guess wifi access point gps locations?). It doesn't carry signal strength information so from this data alone you cannot use this file to pinpoint your location at any point in time.

#3. The most that anyone can do is infer that your phone (maybe not you) has been at a few miles from whatever points it has logged. Not really that accurate, do you understand how much space that is? How many square miles the data could cover? The same data again can be obtained from your mobile phone carrier by law enforcement officials.

#4. There are so many things wrong with data privacy and data security right now that this isn't that big of an issue. The issues going on with the Playstation network for that matter.

#5. This data is no more or less accurate than attempting to use IP address information to locate your physical person on the internet. For all intents and purposes the data inside this file is anonymous.

#6. My statements regarding "nobody else has access to the phone" is also that nobody else SHOULD have access to your computer. Out of all the shit on your computer that you should be concerned with someone knowing and you're worried about iPhone location data. If they get access to your iPhone backup files, you've got other issues going on.

Re:Fail

[keytoe]

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

Worse. In order to use the contents of the file that is now encrypted, the device needs access to the key. This is basically the DRM falacy: both the lock and the key are in the users' hands and the only thing keeping things locked is the current configuration of the system. Hack the system and there is no lock.

The encryption is a placebo to silence the backlash from clueless privacy nuts. Saying "Well, we'll encrypt it then!" is pretty likely to result in "Oh, good. We're safe now" by most everyone.

Aging the data out of the cache, however, is a pretty good idea. Not that it'll matter to the folk who rarely takes their phone out of a 20 mile radius. I'm guessing this number is pretty high. It just means that the trip you took to Paris - which is likely pretty well documented by the paper trail you leave with your credit cards, receipts and other scraps already - will eventually come out of the cache.

The fact of the matter is that the device needs to know things about you in order to do things for you in a convenient way. If the phone were sending realtime location data back to Apple, I'd be up in arms as well. That's pretty far from what's happening here, though. Pick your battles.

Re:Fail

The encryption key is going to have to sit there on the phone anyway. It isn't secure against anyone who has access to the phone. At most, it's a small speed bump.

Re:Fail

So apple's going to encrypt the location cache

No, they are going to stop logging the data permanently, and start caching it. Like Android already does.

on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself,

The general case is not a matter of concern, it's the special case which matters.
And your statement isn't exactly correct, either. While apps might not be able to directly access the logfile on a non jailbroken phone, they CAN access the logs indirectly by making use of the Location Services API and get all the same information once it's been uploaded. Also, any app which accesses your iTunes backup, or any program which can do so, can also get the data as it was being backed-up along with everything else.

and lower the battery to deal with encryption routines

By an incredibly small amount if they do it correctly. It's not like they can't just drop their polling interval by a couple microseconds to compensate if it is any kind of problem.

all because people are idiots?

If by "people" you mean "Apple" then yes, you'd be correct.

To any respectable programmer, this is an example of poor code practices, lack of appropriate best practice audits and oversight, and a failure of QA testing. There is no good reason to store the cache as a permanent log, unless you want all that data available for a reason. Failing to encrypt backups to iTunes accounts is sheer stupidity. Encryption on the phone itself I can overlook, although it's still not a great design to use. NOT giving users a way to turn of the logging is either sheer stupidity or intentionally malicious. Based on their patent filings, it does not appear to be accidental.

What I find amusing, is that all these changes simply bring the iOS in line with how the Android OS already operates.

Moving on

[mudpup]

Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

Re:Moving on

[93+Escort+Wagon]

Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

That's a good point. Given their relatively short response and turn-around time on this, I'm wondering if Apple sees the possibility here for turning a negative situation into a positive. Don't get me wrong - I think Apple (and other vendors) should've been doing this from the get-go - but it will be interesting to see (for example) how Google responds, given that their business model is to own as much data about you as possible.

Re:Moving on

[TyFoN]

The Android location services have allways been opt in with a big warning when you turn it on. If you are even more paranoid just install a custom version of android where you have total control.

Re:Moving on

[Belial6]

Apple said that they have been collecting your location data and that they plan to continue to do so in the future. What are you thinking that other manufacturers might be doing that Apple isn't?

Re:Moving on

[Globe199]

You thought this was short? It took them a week to respond, let alone whatever they're doing to mitigate it.

Re:Moving on

[makomk]

As far as anyone can tell, Android already does almost all the stuff that Apple have promised to do: it already deletes the cache when you disable location services, doesn't record anything whilst location services are disabled, automatically expires old entries, and keeps the cache on the phone without any way to access it short of rooting. The only thing they don't do is encrypt the data, and Apple won't be doing that until the next major release anyway.

so what?

[doppelgaenger44]

all this stuff should have been in the product requirements specification since they decided to collect all this data. and some of us more naive folks around even thought it was. so stupid!

Including the "obsoleted" phones?

[cgenman]

My wife and I have 2g and 3g iPhones. Apple began blocking the installation of higher iOS systems at the end of the 3.1.3 and 4.2.2 lines, respectively. Since this is a global liability, will Apple update these old phones as well? Or do they remain an outstanding liability?

Re:Including the "obsoleted" phones?

[Phleg]

Out of curiosity: why? When the next version of the iPhone comes out, you can sell your existing one on eBay and buy the new one for a net profit of $50. $150 if you unlock it first.

Re:Including the "obsoleted" phones?

[Angostura]

If you're worried, I suggest you turn off location services, delete the location cache from your desktop and restore the iPhone to factory settings. Problem solved... such as it was.

Re:Including the "obsoleted" phones?

[moronoxyd]

And? The question is still valid, as the next owner might not want his data being collected.

This 'if I sell it it's somebody else's problem' mentality is really short-sighted.

Re:Including the "obsoleted" phones?

[shagie]

The 3.1.3 iOS version is unaffected because data collection started with iOS 4. There is no need to to update that version. One option would be to downgrade the 3G phone to iOS 3.2.

Re:But it's Apple

fact it ever happened to need fixed as a current problem

Fix your garbage English, it makes your post unintelligible; "need to be fixed" or "need fixing" would be acceptable, but your meaning is still unclear.

direct link

[bidule]

Why not use the direct link as nothing was added and some was cut?

Re:direct link

[Americano]

Just a wild, unscientific guess, but I'd say it's because linking to Apple's press release directly means that SecurityWeek doesn't get ad impressions from the slashdotting. The link goes to a SecurityWeek Article by Mike Lennon; TFS submitted by "wiredmikey," whose profile identifies him as "SecurityWeek Editor", and links to SecurityWeek.

Connecting the dots is left as an exercise for the reader.

Re:direct link

[Fnord666]

Connecting the dots is left as an exercise for the reader.

Because we sure in hell know the %$&*ing editors won't do it.

Re:direct link

[linuxpng]

That requires clicking the link to the article.

Re:direct link

The dots make a bunny, right?

Seems like a bug

[SuperKendall]

Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case.

You only put tests in for problems you think of. Deleting the log file altogether when you turn off location services, is a problem they simply didn't think about. If you think about it the guys writing that part of the code probably assumed that since the file was cached it would be truncated so leaving it around wouldn't matter...

The rest of the time you aren't deleting the file, instead you are periodically truncating it - something beyond a single test case, and requiring a long period of time to elapse. That part seems also like it could easily be oversight.

To my mind they probably just thought keeping a record of cell towers was not a big deal, because it was not an exact location log... although just from a performance aspect you'd think they would not want that file growing too large.

Re:Seems like a bug

[chemosh6969]

Then what's the point in storing that log on a computer? Why should it ever need to leave the phone?

Re:Seems like a bug

[slimjim8094]

Because it's backed up so it's restored to the phone if you want to. This is along with every other system and application system. I routinely do "restores" instead of "upgrades" (it seems to make it run better), and the phone is as I left it. I've literally never found something it's missed.

So my assumption is they take a shotgun approach to backing up the phone. Not hard to imagine that a (relatively small) SQLite database could be transferred.

And that's assuming they didn't want to back it up and restore it. If it really is a short-lived cache that someone forgot to cleanup, which to be honest is what it sounds like, then it makes sense to want to hold onto that so the location performance doesn't plummet after a restore.

Much ado about nothing, it seems. If there was any evidence that Apple was getting more than a bastardized, aggregate non-identifiable copy of this sometimes perhaps, I expected to have seen it by now. As far as the data it does send - you *did* read the ELUA online (or requested a copy by mail) before you bought the phone, right?

Re:Seems like a bug

[chemosh6969]

I didn't buy an iphone, so no, I didn't read the ELUA for it. For everyone defending apple on this issue, or non-issue depending on your view, ask yourself what you'd be saying if it was Microsoft that had this incident happen to. This is pretending that their new phones were popular enough for someone to discover ;)

Re:Seems like a bug

[CheerfulMacFanboy]

although just from a performance aspect you'd think they would not want that file growing too large.

Accessing the database over the internet would always take longer than locally. And for you paranoids out there: it would let Apple know where you are - Booh!

Re:Seems like a bug

[CheerfulMacFanboy]

Then what's the point in storing that log on a computer? Why should it ever need to leave the phone?

"We plan to cease backing up this cache in a software update coming soon".

The developers of the code that use the cache probably didn't think about telling somebody that it didn't need to be backed up, and the people responsible for making the list of files to backup probably thought: "'*.db' - that sounds like it could be important, better back it up."

Re:Seems like a bug

[makomk]

Apparently Google must've thought about it, since Android both deletes the equivalent file on disabling location services and truncates it properly. It is actually possible to think about users' privacy, you know...

Re:Seems like a bug

[jrumney]

You only put tests in for problems you think of. Deleting the log file altogether when you turn off location services, is a problem they simply didn't think about. If you think about it the guys writing that part of the code probably assumed that since the file was cached it would be truncated so leaving it around wouldn't matter...

They probably also thought they were working within the walled garden of the iPhone, and didn't expect the file to get copied to the user's PC every time they plugged it in, as the sync was being worked on by another team.

Conclusion:

[Lazareth]

A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.

Re:Conclusion:

[geekoid]

What about people who are grabbed by their government? Now there Phone can be checked for locations and those location will be at risk whether or not they aided the dissenter.

So people in areas where there is an oppressive government, or a current uprise against the government, this is a very important issue. Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

Re:Conclusion:

How was tracking a user a feature exactly?

Re:Conclusion:

[Angostura]

The feature is "fast location lookups for the phone"

Re:Conclusion:

[metrometro]

> A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy.

Not local. The file was copied to any machine that syncs the device. In the case of corporate iPhones and iPads, it means your off-duty location track is sitting on a company owned system. On a corporate phone, it's not clear who owns that database, but in reality it's catch-me-if-you-can. Yes, I'd say that I "perceive" that to be a privacy violation.

Also, what the FUD? No features have been removed. You're free to ignore this stuff, but if you're going to comment on it at least recognize when "public outcry" made a bad situation a little better.

Re:Conclusion:

[gad_zuki!]

Why is this perfectly sane? You only need my last couple hours worth of data for all the mapping functions. You don't need to cache every location since the day I booted the phone.

The grand result isn't nothing. Sure AT&T and Verizon know what towers you're on but thats not the same as storing your GPS location and now malicious apps can't read that data at all because its not there.

Re:Conclusion:

[Americano]

Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

It's a good thing this database never provided that level of detail and precision then, wouldn't you say?

Re:Conclusion:

[Spykk]

"Your honor, as you can see from these screenshots I ran the WifeSnoop app on our home computer and found out that my husband was in the neighborhood of his slut of an ex girlfriend on the date in question."
"That's where my dry clea..."
"GUILTY AS CHARGED."

Re:Conclusion:

[MobyDisk]

The feature may have been reasonably sane, but the outcry was justified. Apple didn't tell anyone it was there, kept it way longer than necessary, and was not clear about what it was used for. Had they been clear from the beginning it would not be an issue. But their response now is quite sensible.

Re:Conclusion:

[romanval]

Nah, they'll just go to your cellphone carrier, which can give authorities a detailed log of your location within the last several months. EVERY cellphone (dumb or smart) is basically your own personal lo-jack to the government.

Re:Conclusion:

[milwcoder]

The conclusion is that the public is not yet ready to accept this type and extent of mandatory location tracking by Apple on their devices (despite apple's statement denying tracking location per se, it can be inferred from the database). The outcry caused Apple to reverse their decision and allow users to opt-out.

Re:Conclusion:

[Belial6]

You mean the response that they are tracking users, and plan to continue to do so in the future?

Re:Conclusion:

[moronoxyd]

'perfectly sane feature'?
What's sane about keeping data thats several months old?
What's sane about keeping the data when the feature is explicitly turned off?

The feature was implemented poorly and now get's fixed.
And that's assuming that Apple has no malicious intend.

Re:Conclusion:

[caitsith01]

A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.

Yes, but there is now less risk of Apple or app developers knowing where an iPhone user has been.

On the plus side, I can't see any reason why you couldn't write an app which records, say, your GPS location at all times and feeds that back to any mega corporation you want. So really, you've lost very little, and people who (sensibly IMHO) care about privacy have gained the ability to opt-out of Apple's dubious system.

If this was such a non-issue, Apple should have been up front about it and have always given users a way to opt-out. I'm sure the reason they did not do that is because they were well aware that many people don't like this kind of thing. Which just reinforces why it's a good thing that it's being changed now.

Re:Conclusion:

[RedBear]

Oh, and I should have pointed out earlier that your supposition that some sort of feature is being, as you put it, "curtailed" is completely incorrect. The new procedures will still keep seven days of location data downloaded to your phone at all times when location services are turned on, which should be more than enough to let your phone find its relative position. So I honestly don't understand what you think you're raving about. No benefit is being lost whatsoever as far as I can tell. The more dangerous and invasive long term data is being deleted while some short term data is being kept. That is all. I suggest you find something else to be upset about. There is literally no reason I can see for you to be bothered by this issue.

Re:Conclusion:

[jrumney]

The general public aren't worried about privacy violations from Big Brother, they are worried about the wife snooping around and finding out where the girlfriend lives. Slashdot users of course have different priorities, for obvious reasons.

its not really a "phone" anymore

Its a global consumer and user behavior monitoring device, with a phone tacked on.

Apple Scripture

Timeline check:

Article exposes / raises awareness of tracking / trackability.

Immediate shitstorm of Apple Worshipper hue and cry, "Cain't be! Android sucks! Jobs 4eva!"

Cops say, "We use and need this shit to make our lives easier, bitches."

God Jobs says, "And now behold, it is wisdom that this isn't happening. Resist the evil darkness that besmirches the holy name!"

And now the oracles at the temple have issued a proclamation that an update to the scriptures will "fix" this allegedly non-existent gaffe?

Ow! My beloved religion hurts!

p.s. More likely just make it harder to find, override, clear. L.E. will still have their access.

Translating to English

2. Then why is everyone so concerned about this?
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite.

A: Because they're idiots.

Re:But it's Apple

maybe he's from Pittsburgh they talk that way. It is garbage though.

Encrypted On The iPhone...

"Apple said that in the next major iOS software release the cache would be encrypted on the iPhone...."

Encrypted by Apple, so only Apple can only view & use it...!

damn, i liked this feature

[alen]

it's the reason why my wifi only ipad knows exactly where it is just by the wifi access point it's connected to and nearby wifi access points. i thought it was very nice when i opened up the weather channel app for the first time on it and it knew where i was without me putting in a zip code. and it does this whenever i take it with me

Re:damn, i liked this feature

[moronoxyd]

You will still have this feature.

Only:
In the feature, your iPad will not store data from way back.
In the feature, that information will not be synched (synced?) to your Mac/PC? (What would you need it for there anyway?)

Why collect WiFi hotspot data?

[1800maxim]

I have a question, why collect WiFi hotspot data?

Remember when Google said that its collection of WiFi hotspots as part of Google Maps was "accidental"?

Now we learn that the Android phone is still collecting hotspot data and sending it to Google. Doesn't seem so accidental after all.

Why does any company need this? There is no advertising that is tied to your hotspot/MAC address.
What can they do with that information, and what can law enforcement do with it?

Re:Why collect WiFi hotspot data?

[Arlet]

WiFi hotspot data can be used to figure out where you are, for when you don't have GPS, or when the GPS doesn't have a satellite fix yet.

Re:Why collect WiFi hotspot data?

[Belial6]

Google never said that collection of WiFi hotspots was accidental. That would be a totally absurd lie. They were openly collecting data that was designed from the get go to be publicly accessable. If you find Google Street maps to be evil (as some obviously do), then that would be where the complaint lies. The "accident" part of their excuse was concerning how much data they were collecting when they hit an open WiFi hotspot.

The point of collection the WiFi hotspot data is that WiFi hotspots generally don't change. So if you can see 5 WiFi mac addresses at a specific location identified by your GPS, a week later you can determine with a pretty high level of confidence that if you can see the same 5 WiFi hotsposts, that you are at the same location without having to turn on the GPS radio.

It also makes things like identifying locations possible when in doors. How often do stores in a mall change their WiFi routers? Not often. By learning their mac addresses (no need to enter their network), your phone can figure out where in the mall you are, and give you navigation to the specific store you want.

Law enforcement can do anything with it that they can do with GPS data. They can determine where you were at specific times. Interestingly enough, while law enforcement can get phone records from the phone company with a warrant, they cannot get location data determined via WiFi mac addresses without getting access to the phone itself. Unless of course, your phone is transmitting that data back to the phone manufacturer.

Re:Why collect WiFi hotspot data?

[Em+Adespoton]

I have a question, why collect WiFi hotspot data?

Remember when Google said that its collection of WiFi hotspots as part of Google Maps was "accidental"?

Now we learn that the Android phone is still collecting hotspot data and sending it to Google. Doesn't seem so accidental after all.

Why does any company need this? There is no advertising that is tied to your hotspot/MAC address.

What can they do with that information, and what can law enforcement do with it?

Did you really miss all the comments explaining this in all the slashdot articles regarding this issue?

Android collects and sends because the location DB is hosted on Google's servers.
Apple collects and stores because the location DB is hosted on your device.
The location DB is used to locate exact Wifi hotspots and cell towers, so they can be used for triangulation on devices where there's no active GPS signal -- thus allowing you to use location aware apps like maps, weather apps, astronomy apps, exercise apps, social networking apps, etc.

Re:Why collect WiFi hotspot data?

[AHuxley]

http://www.f-secure.com/weblog/archives/00002145.html has some insight into what Apple was after re WiFi hotspots. Skyhook and Goole had to seek them, Apple had iPhone owners.

Re:Why collect WiFi hotspot data?

[shagie]

If you've ever turned on a GPS device that had been off for a long time and/or moved significantly it can take minutes (the key information for GPS is only broadcast every 30 seconds and the satellite data has expired) for it to get a lock on the satellites. http://jeepx.blogspot.com/2006/01/cold-start-and-aided-gps.html and http://en.wikipedia.org/wiki/Time_to_first_fix are good reads about the issue. The short version of it is that in order to determine which satellites are there to listen to quickly, you need approximate information about the time and location of the receiver.

Bluetooth

[Andy_w715]

great...how about fixing bluetooth connectivity now?

Encrypt a SQLite Database?

[Eponymous+Coward]

What's the best way to encrypt the database? Encrypt the row data (encryption is done before updating and decrypted after selecting), or encrypt the entire file (sql statements operate on plaintext)?

Re:Encrypt a SQLite Database?

[blueg3]

How do you intend to do a select on encrypted data?

Re:Encrypt a SQLite Database?

[Eponymous+Coward]

Ah, I didn't really think of that. It guess that would only work for exact matches.

enc_city = encrypt(SECRET_KEY, "Boston")
cursor = select date, time from db where city=enc_city
loop(cursor):
    plain_date = decrypt(SECRET_KEY, cursor.date)
    plain_time = decrypt(SECRET_KEY, cursor.time) ...

This would be crazy slow though and highly crippled.

Re:Encrypt a SQLite Database?

[blueg3]

Right, and for a database that's storing timestamp-location pairs, you're probably mostly interested in finding rows that match a range (of coordinates or times), which means no exact matches.

Now, if you're using your SQL database as a fancy way of doing simple data storage and only ever query the last few items, you could encrypt the rows.

I think the answer, though, is that the whole file is encrypted. iOS has built-in facilities for that sort of thing so that the SQLite library doesn't need to know or care that the file is encrypted.

Re:Encrypt a SQLite Database?

[iluvcapra]

You write wrapper functions into the sqlite VFS layer that encrypt and decrypt the file on accesses. It's actually very easy to do (never tried, but have read posts on it and all the hooks are there.)

Not useful for that purpose.

[SuperKendall]

What about people who are grabbed by their government? Now there Phone can be checked for locations and those location will be at risk whether or not they aided the dissenter....Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

That's the thing though, it was NOT storing accurate location data. It's cell tower and some WiFi data, generally information you cannot use to tell you were at a specific house or even possibly neighborhood... think 1/4 to 1/2 mile radius, possibly a block but not a store.

Re:Not useful for that purpose.

[zzsmirkzz]

hat's the thing though, it was NOT storing accurate location data. It's cell tower and some WiFi data, generally information you cannot use to tell you were at a specific house or even possibly neighborhood... think 1/4 to 1/2 mile radius, possibly a block but not a store.

Now for cell towers, this is probably accurate. However, for WiFi networks, that gets you down to a couple hundred feet at most. Even with a high gain antennae on both ends, facing out windows, I could barely get my WiFi signal to reach the house directly across the street.

"Locally" still a risk

[1800maxim]

I don't think that people who are worried about their privacy are concerned about being tracked via their cell phone. What privacy advocates are concerned about is the erosion of due process.

Having tracking information on a local device opens the potential for more risk (theft) and abuse (rogue law enforcement). There shouldn't be any reason why any police officer can get that information simply for pulling you over.

This is very simple to understand. No human being should be entitled to your tracking data without a good reason. You must be very naive to trust everyone with such data, which should not be collected in the first place.

And while we're on the subject, the Telco should not be storing your location data. It should be compelled to do so ONLY once a warrant is issued, from which point forward the Telco can begin recording the location of the target - helpful in criminal investigations, for example, or to build a case.

Yes you need that level of accuracy

[SuperKendall]

Do you need the minute for that? Isn't the month or week good enough?

If you are driving down the highway you change locations quite a lot in a minute. Knowing a rough rate of travel because of locations of previous data collected over time, you could easily see the iPhone not trusting data even a minute old if it could extrapolate you were recently traveling at high speeds from the other data - or it might tweak location results to give you a location centered around where it thought you might be.

In fact I don't know if minute tracking is good enough, I would have recorded it to the second...

If only they encrypted it in the first place

[softWare3ngineer]

then the researcher wouldn't have found it, at it would of been a non-issue. :( this doesn't really change anything since most people will keep tracking turned on so they can use some social app that doesn't do much. soon we can go back to living in ignorance while our lives can be tracked and examined.

nothing to see here for iPhone 3G users

[niw3]

If you are one, software updates should not bother you. Move on.

It's NOT tracking your location... Geez.

[minniger]

From TFA:

3. Why is my iPhone logging my location? The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.

That is, it's keeping track of known locations near you so it can give you a quicker estimate of your location. Even sounds like this list of locations is downloaded from apple and not gathered by iOS. Why is this so hard for everyone to understand? This is exactly the kind of thing you want your devices to do. If they didn't have it everyone would be bitching about how long it takes for the phone to find your location.

I know, I know, I expect the internets to not be full of fools and trolls.

Sigh.

Never sent to Apple though

[SuperKendall]

...orm back to Apple...

Just one problem with the tinfoil on your hat there - no-one is claiming that Apple was ever sent this file.

The issue is that someone might collect that data if they got to your phone or the backup. But not Apple.

Re:Never sent to Apple though

[fuzzyfuzzyfungus]

This file... Apparently, the timestamped location log database file was a locally-generated composite of RF signals the phone received, and nearby locations that were provided from Apple's database(Requests for which, of course, would in no way inform Apple of the user's location at a given time...). That particular file doesn't seem to have been sent back, in large part because much of it would be redundant.

However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way.

"8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data? Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."

Re:Never sent to Apple though

[Belial6]

No one? Apple says that they do is items # 3,4,5,8.

It takes a pretty large amount of cognitive disassociation to rationalize that "This data is sent to Apple" as stated in Apples point number 5 means that the data isn't sent to Apple.

Apples response is a full and complete admission that they are spying on iPhone users. Sure they are using New-Speak to try and make it sound double plus good, but that doesn't change the fact that they are spying.

Re:Never sent to Apple though

[node+3]

This file... Apparently, the timestamped location log database file was a locally-generated composite of RF signals the phone received, and nearby locations that were provided from Apple's database(Requests for which, of course, would in no way inform Apple of the user's location at a given time...). That particular file doesn't seem to have been sent back, in large part because much of it would be redundant.

However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way.

No, it's in the iPhone EULA.

"8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."

Covered by the EULA. They never stated the specific uses, just that they would collect location information anonymously to provide services.

Re:Never sent to Apple though

[CheerfulMacFanboy]

However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way. "8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data? Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."

You mean this way is different from the way they already publicised 9 month ago? http://www.scribd.com/doc/34546602/apple-response-to-markey-barton

To provide location-based services, Apple must be able to determine quickly and precisely where a device is located. To do this, Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer.

Information about nearby cell towers and Wi-Fi access points is collected and sent to Apple with the GPS coordinates of the device, if available: (1) when a customer requests current location information and (2) automatically, in some cases, to update and maintain databases with known location information.

Page 6f. In case you were wondering, we already talked about it here: http://apple.slashdot.org/story/10/07/20/0250203/Apple-Lays-Out-Location-Collection-Policies. Not only that, you posted to that discussion.

Re:Never sent to Apple though

[PipsqueakOnAP133]

*sigh* You're not reading what fuzzyfuzzyfungus said.

fuzzyfuzzyfungus DID NOT say that data isn't being sent to Apple. We all know that data is being sent to Apple cuz Apple said it was.

fuzzyfuzzyfungus DID SAY that "consolidated.db" (aka "this file") is not being sent to Apple.

There is no cognitive disassociation or newspeak. There's just evidence that Belial6 needs to get his/her's eyes checked.

Re:Never sent to Apple though

[Belial6]

Whether Apple is spying on users via "consolidated.db" or by "consolidated_2.db", or by any other filename is irrelevant. Trying to pretend like there isn't a problem because they might be using a different filename, or data identifier is cognitive disassociation and newspeak.

Why the iTunes sync?

[Posting=!Working]

My favorite answer:

Why is my iPhone logging my location?
The iPhone is not logging your location.

No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.

And then, two sentences later...

iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements).

So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.

The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhoneâ(TM)s location

The data from the GPS is not the location of the receiver, but rather the locations of the satellites surrounding the receiver's location.

Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

Using the preceding logic, it probably only contains your iTunes logon, phone number, SSN, DOB and profile information. But since it doesn't contain your name, they can't identify the source of this data. Also, I would guess that they replace all spaces with an underline, rendering it unreadable and thus encrypted.

Re:Why the iTunes sync?

[robus]

Not sure what you're trying to say here, but unless the actual triangulation is recorded the cache is useless for figuring out exactly where the phone was at any point in time.

The hysteria around this is staggering...

Re:Why the iTunes sync?

[Posting=!Working]

The blind acceptance of Apple stating that the phone isn't tracking your locations is what is truly staggering, especially since their own explanation describes that they're storing all the data needed to get your location except the final calculation, which can be done at anytime after the fact. Which is exactly what the researchers did.

This, coupled with Michigan's recent purchase of equipment to download all your cell phone's data during traffic stops and California's supreme court decision stating that cell phones can be searched during traffic stops, is a huge problem. Calling the availability of warrant-less tracking of your location for the past year "hysteria" is not helping.

Re:Why the iTunes sync?

iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements).

So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location

They are storing (for your phone to use) information used to speed up locating your phone in conjunction with GPS data, or to roughly locate your phone by checking local wi-fi and cell towers. They are not caching all the information needed to precisely locate your phone. There is a huge difference between storing the GPS data needed to calculate your position (which it does not need) and storing the hints needed to more quickly find your position in conjunction with GPS hardware on your person, which it does need to speed up your use of your GPS.

Re:Why the iTunes sync?

My favorite answer:

Why is my iPhone logging my location?
The iPhone is not logging your location.

No, they're just logging the location of things you go near and the time you passed by them.

If you took some time to examine your own logs, or those of someone who's actually done that, you'd find that the list of "locations of things near you" fairly quickly diffuse to an unreasonable "position". For example, someone recently drove from Portland to L.A. for business, and on checking the logfile, found that according to it he'd been in either Portland or L.A., but not anywhere in between (although he'd been using the iPhone frequently during the multi-day drive), and that it had him "near" locations in Portland during the time he was in the L.A. area.

Not as useful for tracking your movement as some hysterics would have you believe.

Re:Why the iTunes sync?

[thoromyr]

Okay, some people are slow.

"their own explanation describes that they're storing all the data needed to get your location except the final calculation"

As long as that "final calculation" includes fetching additional information. Maybe you're weak on the concept, but triangulation works like this: take three known points and for each of them measure the distance to an unknown point. That distance measurement allows a circle to be drawn around each known point. The unknown point lies at an intersection of the three circles. Due to limitations in accuracy, this intersection is going to be larger than a point -- and may in fact cover a sizeable region.

Here's the thing: the cache only included the crowd-sourced information, that is the locations for the known points. The "final calculation" involves collecting *additional* data, the distance from those three known points. So, no, the cache does *not* have all the data needed. It is missing the distance calculations. Which only makes sense because it changes constantly -- and is supported by what the third party individuals who have looked into it have found. No need to trust Apple.

"Which is exactly what the researchers did."

Really! Amazing, can you point a link to that because I've read what the researchers (original and others) have said and that is *not* what they did. The application that was written does not magically triangulate past locations (how could it, without distance data), it just displays the locations of towers and hot spots. That you may or may not have been near to at the logged time. Apple says up to 100 miles. Someone who checked his database found even larger discrepancies.

"Michigan's recent purchase of equipment to download all your cell phone's data during traffic stops"

Okay, you read the headlines and never the article. The "purchase" was not recent, the fact that they buy the forensic devices just got brought up again. It isn't a recent phenomena at all and should come as a surprise to no one. (The ACLU's interest isn't that they were purchased, but what and how they are being used for.) Further, "download all your cell phone's data during traffic stops" -- there is no reasonable belief that this is happening, but if it /is/ happening they won't get "all" of *my* cell phone's data. Okay, let's assume for a minute that it was routine to hand over my cell phone at a traffic stop and that they imaged it. All that they get for their trouble is SIM data (problematic) and an encrypted blob. Why? Because my cell phone runs iOS 4 and I have set a password. But don't take my word for it, google iphone forensics, pay attention to iOS4 and read more than the front page or a quick marketing blurb. Or, even better, learn how to image an iPhone and demonstrate to yourself the difference.

Now, I do wish all the data were encrypted, but it isn't (and isn't on any phone I know of) -- but they won't get my email, SMS messages, notes, voice recordings, etc. There is no evidence that cache data is on the unencrypted data store of an otherwise encrypted iPhone.

Lesson 1: if you wish to do *something* to protect sensitive data on an iPhone -- which for most people is much more than geolocation data, and more serious -- then get it to iOS4 and set a passcode, or even better use a password (iOS4 allows that). And set it to wipe after 10 failed attempts. Wish I could set it to 3 (or fewer, even).

Lesson 2: it helps to know what the heck it is you are talking about.

Re:Why the iTunes sync?

[fredmosby]

You need more than just the positions of near by cell towers to triangulate a position. You need the exact amount of time it took a signal to travel from each of at least three towers to the phone. If that data isn't stored then at best you can only get a very rough idea of where the phone is. A phone can connect to cell towers that are miles away.

If this data is a cash, then the time stamp might not even be the time the phone was near the tower. It could be the most recent date the actual position of the tower was confirmed.

Re:Why the iTunes sync?

[rabtech]

Your characterization is way off.

So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.

Incorrect; what they are doing is using the known location of one cell tower, WiFi hotspot, or GPS to make a wild guess as to your current location, then going to Apple's servers and downloading a chunk of data that contains all the known cell towers and WiFi points anywhere within up to 100 miles of the WiFi hotspot/cell tower the device originally saw a signal from. This info is written to the cache.

*IF* an application requests location services, it uses this database to quickly triangulate an approximate current position to help it get a GPS lock extremely quickly (Go read up on GPS - if you have a half-way decent idea of where you are, it makes acquiring a more exact fix much faster - somewhat like turning your TomTom off then back on immediately vs turning it off, flying across the country, then turning it back on... in the latter case it will take a lot longer to get a location). If there is no GPS signal, it can at least give an approximate location to the application that requested it. Location services on iOS allow the app to specify the desired level of accuracy as well as receive the instantaneous accuracy level. If the app only wants to know what zip code you are in the device might not even need to bother turning GPS on - the cache might be enough to get that information.

In any case, all the database tells you is that of the entire list of cell towers and WiFi hotspots in the database for a given time period, you were near *one* of them somewhere vaguely around that time.

No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.

More like that address just means you were in the city of Pugsknuckle sometime on April 17; you might have been at 314 Evergreen, maybe 325 Evergreen... maybe across town at another address entirely. Maybe you just drove through town on your way to Texas. There is literally no way to know because the chunk of cache you get back can cover a wide area and depends on what the server decides to send you. Two people at the same location at the same time might get different lists back from the server that cover a different geographical area.

Short version: This is no different then looking at a laptop's recently seen WiFi access point list and trying to claim the laptop is tracking you. All it means is that you were within some distance X (depending on conditions) of that access point sometime in the past.

Re:Why the iTunes sync?

The blind acceptance of Apple stating that the phone isn't tracking your locations is what is truly staggering, especially since their own explanation describes that they're storing all the data needed to get your location except the final calculation, which can be done at anytime after the fact. Which is exactly what the researchers did.

Uh, no. You're reading much more into it than is actually there.

The information recorded in the database file which has caused all this fuss is the locations of cell towers and WiFi hotspots, plus timestamps so the phone knows how up-to-date the info is. The final location calculation also requires an estimate of the phone's range to at least three towers/hotspots (basic triangulation calculation: if you know the distance from you to at least three known locations, you can estimate your position).

When an app (say, a mapping program) requests a location fix, the phone estimates the range to each tower or WiFi it can see and uses that to calculate its location. However, it doesn't record the either the ranges or the final location fix calculated from them. (The app requesting the fix could log the final location fix, of course, but none of Apple's built in software appears to.)

The file definitely does not contain enough information to do what you claim.

Re:Why the iTunes sync?

[bennomatic]

I read it differently. My understanding is that some of that data is not even necessarily towers that you've been near, but towers that are in the vicinity of ones that you're near. So if the phone detects that you're near downtown Whoville, it'll log that, but it'll also pull down information about surrounding towers from the "crowdsourced cache" so that if you wander out a few miles, you'll still have relatively fast geolocation.

So where your own data may be a fine line through the cell network, the info on your phone might include a broad splattering around that line. Of course, it still shows that you're in downtown Whoville, or more importantly, that you were there three months ago, which is reasonably described as too invasive, but I think that the faster cache truncation should take care of the significant privacy concerns.

It's possible that I'm reading this wrong, but I think there's more to that data than meets the eye, and not necessarily in a bad way.

Re:Why the iTunes sync?

This is no different then looking at a laptop's recently seen WiFi access point list and trying to claim the laptop is tracking you. All it means is that you were within some distance X (depending on conditions) of that access point sometime in the past.

Really? Me having hpsetup, Panera, Netgear_11G, and Free Public WiFi listed in my previous access points is the same privacy risk as storing gps data and cell phone tower information? You give me the Apple data and I'll give you my access point history and we will see what we can find about about each others location.

Short version: The short version conclusion you are coming up with does not seem to relate to the facts.

Re:Why the iTunes sync?

So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.

From what I understand, they aren't storing all of the data needed to triangulate accurately. For instance, cell tower signal strength is not tracked and can be used to get a more accurate triangulation.

What is still not clear to me is why they keep in the database the time when you were near the tower. If it's just supposed to be a cache of their crowd-sourced location data for the gateway (cell tower, wifi router), they don't need to know/track when you used a particular entry.

Apple-haters

Apple said they weren't _using_ your location data, not that they were _storing_ it on your phone. Now they are saying they will stop your phone from storing it and stop iTunes from backing it up to your computer. You Apple haters are spinning this worse than fox news.

Known Issue Though

[jdev]

This log file has been a known issue for at least 6 months. I'll give Apple credit and say that never purging the contents of the file is a bug, but they have know about the problem and did nothing to correct it.

On top of that, there are professional phone forensic applications that use this exploit to gather the location data off the phone. Police and private investigators have been exploiting this issue long before the recent announcement.

Here are a few articles with more detailed info on it.

Re:Known Issue Though

This log file has been a known issue for at least 6 months. I'll give Apple credit and say that never purging the contents of the file is a bug, but they have know about the problem and did nothing to correct it.

They probably did nothing about it because it didn't seem like a big deal to them. You want an example of a security issue which has real world impact on tens of thousands of users? Insert latest credit card database theft news here. There seems to be at least one every few months, I think the latest was Sony.

By contrast, a phone which logs the locations of cell towers that it's been near causes next to no real harm to its users. The uproar has been essentially emotional: "ZOMG I'm being TRACKED!!!!", even though the information stays on your phone (and computer, if backed up) and isn't terribly useful to anybody likely to get hold of it. Maybe law enforcement might want to use it to pinpoint where you were if they suspect you of a crime, but they're going to have problems using it due to the nature of what's stored: it merely locates cell towers you were near, not where you actually were, and as soon as you return to a location near the tower they're interested in, the information they need (the timestamp of when the phone last asked for an update about the position of that tower) is destroyed.

Also, it's hard to make a case that LEOs lucking into a way of finding some information about the whereabouts of suspects greatly harms society as a whole. Yes, there's a privacy argument to be made, but what I'm getting at is that on the whole, leaks of CC databases cause real harm to innocents, while this problem almost certainly did not.

In short, assuming Apple had a Radar bug filed, it was probably treated as a low priority since they had no idea that it would become the subject of a media feeding frenzy and inflated into an issue of vastly more importance than it really is.

Autopsy approach to security harmful

[vuo]

It's obviously commendable to remove the "feature", but doing it after the fact is worse than not implementing it in the first place. The wider problem is the "autopsy" approach used here: when something goes wrong, only then analysis and corrections are done. As a consequence, you always need a catastrophic failure in order to drive developments in security. This is the worst possible way to do it. Furthermore, as often in security issues, you'll end up with a whack-a-mole game - which no one necessarily wants to even play - when trying to curb security failures by different companies - of different moral integrities, of course. The only way to solve this is to have legistlation that requires a certain level of security, particularly the security of personal information.

What's the name of that guy Jobs fired?

[unil_1005]

You know, the one who came up with this great "crowd sourcing" idea?

Reading Comprehension Check

[SuperKendall]

No one? Apple says that they do is items # 3,4,5,8. 5.

From TFA:

Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

Hi there. reality calling. If they can't tell it's from you, it's not YOUR DATA they are sending.

Bloody tinfoil-hat Apple Haters...

Re:Reading Comprehension Check

[moronoxyd]

Ah, so if I took pictures from all the houses around your house and send them somewhere without telling them that the pictures were taken from your house, that's no problem?

When I take your bank statement and remove the bits referencing your name and address, I can send that statement wherever I want because it's not your data anymore?

Good to know...

Re:Reading Comprehension Check

So their servers accepts random data from random sources, they have NO idea who is sending it, they just collect it for some unknown reason and they have not a single method to find out where it actually came from. To you really honestly believe that?
What system are they using to make sure that it is completely anonymous? Seperate servers, seperate gateways, a completely different network from all other phone communications? A second encrypted channel using SSB and UDP?

Re:Reading Comprehension Check

[Belial6]

If Apple isn't identifying who the data is coming from, then the data is useless because it is wide open to being flooded with fake data the first time Anonymous decides it is angry at Apple. It is amazing how often "Apple is stupid" is used by people to defend Apple. And, yes, it is still my data.

Re:It's NOT tracking your location... Geez.

> I expect the internets to not be full of fools and trolls.

then either double, half, or start psychotropic medication.

it's a privacy vs. convenience thing

[romanval]

Apple can probably have you opt-out of AGPS and rely strictly on GPS, although you'll have to get used to waiting outside for 2 minutes for your phone to get a lock on your location. Every. single. time. While those that keep AGPS will lock their location anywhere almost instantly. That's the breaks.

Re:It's NOT tracking your location... Geez.

[Belial6]

You do realize that is New-Speak, right? If I track the spot 3 feet directly north of you, I AM tracking your location. Previously, it was reported that no location data was being sent to Apple. Now we are supposed to not worry about the data they are collecting, and have said they will continue to collect. Look at the words being used. Clearly Apple is collecting data from your phone, or they could not send a 'subset" of their "crowd sourced" database to you. In response to the question, they tell you what data they are sending in response. They don't talk about what data they are collecting.

Re:It's NOT tracking your location... Geez.

[minniger]

Sorry but this is not new speak, it's the truth, there's a clear distinction between your lat/long/error radius and a list of towers and wifi locations that MAY be somewhere near you at a given point in time. To determine your location they need to triangualte at the time. The data in the file is not going to let anyone do that after the fact.

If you opt in (use locations services) then they'll send some data to you to help your device get a faster location fix. +1 IMHO.

I'd assume at this point your device may send helpful data back to them. They state that this data is anonymous. Also +1.

Sorry, but this is all blown way out of proportion. Apple isn't perfect, but the response they have given is quite reasonable.

Re:It's NOT tracking your location... Geez.

[ptbarnett]

If I track the spot 3 feet directly north of you, I AM tracking your location.

Not unless the tracking information says that the spot is 3 feet directly in front of you.

It doesn't. The iPhone cache simply says: I last heard this transmitter at this time. The location is retrieved from elsewhere.

The local cache doesn't say anything about where you were in relationship to that transmitter.

Analogy check

[SuperKendall]

Ah, so if I took pictures from all the houses around your house...

SInce it sends locations of cell towers around you, the better analogy is that if someone is taking pictures in the city I live in I'm ok with them sending those pictures off somewhere.

You are just acting as a conduit to confirm reception of a signal, they don't know it's you receiving it.

Good to know...

Now you do.

Re:Analogy check

[moronoxyd]

Sending information of the cell towers and WiFi networks that you can access/see from your current location is analogous to making pictures of the houses you can see from one point (your house).

Both will allow anybody to triangulate your postition to a certain degree.

Not a sane feature at all...

[RedBear]

As I tried to point out less than 24 hours ago here, this "feature" is not sane at all. It never was and never will be. Funny how closely Apple came to completely agreeing with my statements less than a day later, especially when saying that they also believe that the phone should not keep this kind of information for more than a maximum of one week.

You and far too many other people fail to realize that it was never "Big Brother" or Apple that made the presence of this information dangerous. Rather, it was and is the potential murderers, stalkers, rapists, thieves, kidnappers and assassins who could use the information for nefarious purposes that make it dangerous. Everyone with a smart phone that keeps this kind of location history is at risk if that information can ever be accessed by a malicious third party (and I'm not talking about advertisers). Keeping the cache limited to 7 days worth of data will help limit the abuse potential while still maintaining the point of keeping the information in the first place, which is to help the phone locate its own position quickly even with faulty or non-existent GPS data.

I, for one, am mildly impressed by the way that Apple is responding to and fixing this issue, although they should have already taken these exact steps a year ago when this type of "tracking" was initially revealed.

Re:Not a sane feature at all...

[Lazareth]

I guess you're against a calendar also, since it provides dangerous future location information to a potentially malicious third-party should they get access to it!

Really, the feature IS sane. Like I stated encryption and better handling of sensitive data is always nice, but the whole thing isn't what it has been made into.
The implementation was amateurish to be sure, but not nearly the glaring security hole people are decrying it as. We're talking about the most logical thing in networking; caching results you don't expect to change soon to save both bandwidth and time.

Re:Not a sane feature at all...

[RedBear]

A calendar is only going to show what you choose to put on it, and besides recurring appointments will not automatically show anyone where you have been throughout each day for the past several months or years. Most calendar apps delete expired events after at most 30 days, so any location history that might be derived is limited. Certainly there is still some abuse potential, especially for certain individuals. But calendar events don't even necessarily include any location information. In short, your comparison has almost zero relevance compared to the potentially minute-to-minute long term general location data that can be interpolated from the file in question. It is also quite insane to compare the caching of a few web pages to caching the physical wherebouts of a human being for a year or longer. You have to be mentally unbalanced to defend such a practice as acceptable.

If storing this information long term were a sane and safe thing to do, Apple would not be taking the steps to change their procedure so significantly in response to the well-deserved outrage they have encountered. They will no longer be backing up the file to your computer, they will be erasing the file completely if location services are turned off, the file will be limited to one week of data even when in use, and the next major version of iOS will encrypt the file. They obviously believe that the user's privacy is the most important part of the equation. If this were not a big deal, they wouldn't bother with such drastic changes.

You may have no issue with exposing such private information to any person or agency who feels like taking 30 seconds out of their day to copy it from your phone while you aren't looking, but not everyone has the luxury of forgetting that there are some very bad people in the world who spend their entire lives looking for ways to exploit others. This kind of data is like candy to them. Apple is doing the right thing by doing what they can to mitigate the abuse potential of the data. The only way the feature becomes "sane" is by limiting the data to a few days worth of information, which is all that is necessary to make the location feature work anyway. They have come straight out and admitted that this is the way the feature should have worked all along.

Much wider range

[SuperKendall]

However, for WiFi networks, that gets you down to a couple hundred feet at most. Even with a high gain antennae on both ends, facing out windows, I could barely get my WiFi signal to reach the house directly across the street.

There's a big difference between what WiFi networks you can use, vs. what the hardware underneath can detect.. probably 500ft at least. Yes that is a tighter area but when you consider it's a circle it's not enough to say you were in a specific block even (could have been the next block over) AND you don't know how long necessarily someone was there.

I looked at my own log data, from Hong Kong and elsewhere around the world. The practical reality was 1/4 a mile at best, even in major cities which have tons of WiFi connections everywhere.

One thing that adds to this is that it doesn't seem like it stores exact locations of anything, but instead locations on some kind of grid. When you zoom into the location map you don't see discrete points all over so much as a giant grid with points on the grid marked. There is just no way you could use this to determine anything really interesting or provide proof you were in a specific location.

As others have noted if you were law enforcement you'd be way better off going to the cell companies which have tracked you with far greater precision. If it's just some dude who stole your phone he's not going to be able to figure out where you live or work from this data.

Re:It's NOT tracking your location... Geez.

[Belial6]

It doesn't say your location if you can't do math. Those of us who can do math can pinpoint your location from that data pretty easily.

Re:It's NOT tracking your location... Geez.

[Belial6]

There is nothing that indicates that triangulation cannot be done after the fact. That is just made up. -5

Even if they properly anonymize the data (which is questionable), it is still not OK to sneak data off of the phone owners device without their knowledge. -5

This is not blown out of proportion. Apple is not a company filled with a bunch of bubling idiots. They knew exactly what they were doing, and have stated that they are going to continue. That is not a reasonable response.

What about iPhone 3G users?

What about people with the, now-unsupported, iPhone 3G?

Luckily, Apple has already tackled this by crippling the phone so that, at least in my case, location services are practically unusable.

--

Severely degrading the user experience on the 3G 4.x updates and then discontinuing support has left me feeling betrayed by Apple and, as a result, I am never buying another product from them. This is no different than Sony pulling the Other-OS function from existing PS3s. Fuck you Apple.

Repost of Anonymous Parent

[Kyusaku+Natsume]

I think that parent does a very good analysis of this issue:

This log file has been a known issue for at least 6 months. I'll give Apple credit and say that never purging the contents of the file is a bug, but they have know about the problem and did nothing to correct it.

They probably did nothing about it because it didn't seem like a big deal to them. You want an example of a security issue which has real world impact on tens of thousands of users? Insert latest credit card database theft news here. There seems to be at least one every few months, I think the latest was Sony.

By contrast, a phone which logs the locations of cell towers that it's been near causes next to no real harm to its users. The uproar has been essentially emotional: "ZOMG I'm being TRACKED!!!!", even though the information stays on your phone (and computer, if backed up) and isn't terribly useful to anybody likely to get hold of it. Maybe law enforcement might want to use it to pinpoint where you were if they suspect you of a crime, but they're going to have problems using it due to the nature of what's stored: it merely locates cell towers you were near, not where you actually were, and as soon as you return to a location near the tower they're interested in, the information they need (the timestamp of when the phone last asked for an update about the position of that tower) is destroyed.

Also, it's hard to make a case that LEOs lucking into a way of finding some information about the whereabouts of suspects greatly harms society as a whole. Yes, there's a privacy argument to be made, but what I'm getting at is that on the whole, leaks of CC databases cause real harm to innocents, while this problem almost certainly did not.

In short, assuming Apple had a Radar bug filed, it was probably treated as a low priority since they had no idea that it would become the subject of a media feeding frenzy and inflated into an issue of vastly more importance than it really is.

Just read the Patent application...

http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220110051665%22.PGNR.&OS=DN/20110051665&RS=DN/20110051665

The gist of the 26 claims makes it appear that Apple wanted to provide the user with a timestamped "journal" of their travels among other things.

Yeah, let's post a link

[dwightk]

that leads to a blog that summarizes the real article:

http://www.apple.com/pr/library/2011/04/27location_qa.html

I'd be saying the same thing

[SuperKendall]

ask yourself what you'd be saying if it was Microsoft that had this incident happen to.

I'm pretty sure WM7 DOES have a file like this - who knows what the cache policy is. Android also has a file just like this.

The thing is, there are great technical reason to cache these things across the system and that is why you'll find the same kind of thing on any system. Not only would I not complain but I'd be worried about the technical abilities of companies that did NOT have a file like this somewhere. And the data is so inaccurate that really the fact someone potentially might be able to read it from a backup file, is of no concern to me at all - regardless of platform.

Apple Location data controversy...

Just down the road from Apple at One Infinite Loop in Cupertino there is a nice shopping center called The Oaks, right across the road from DeAnza college. In that center there are several old Oak trees. I suggest you take your Iphone there and using a 3 inch gum nail and claw hammer, Nail the Iphone to one of those trees. Then Apple will always be able to find it.

Re:It's NOT tracking your location... Geez.

There is nothing that indicates that triangulation cannot be done after the fact. That is just made up. -5

I realize that you have difficulty with basic math, but it's not made up at all. Triangulation requires two types of data:

* Map coordinates for at least 3 known reference points
* Distance measurements from each reference point to the object whose position is to be triangulated

When the phone's close to reference points (cell towers and WiFi base stations), it requests location info on them from a central DB, and caches it locally so that the next time it needs it, it can get it without needing to go over the network. (Improves performance, reduces use of the radio.) That's the file you and others have been up in arms about.

It doesn't cache or store distance measurements. It performs them in real time based on application demand, in order to triangulate in situations where a GPS location fix is unavailable or slow or degraded, but it stores neither the distances measured nor the final location estimate. Triangulation after the fact is therefore impossible.

Even if they properly anonymize the data (which is questionable), it is still not OK to sneak data off of the phone owners device without their knowledge. -5

This is a separate issue from the File of Doom. They've always been open that if you turn Location Services on, they allow the phone to submit anonymized (and why is that questionable in your mind?) position reports for the purpose of bettering their central database. Most likely this takes the form of getting GPS fixes plus signal strength data for WiFi base stations: if you had a bunch of anonymous reports of that information for each known WiFi, it wouldn't be too hard to estimate a good true location for it, which can then be served back up to phones needing a known reference point for triangulation during times when GPS is problematic.

This is not blown out of proportion. Apple is not a company filled with a bunch of bubling idiots. They knew exactly what they were doing, and have stated that they are going to continue. That is not a reasonable response.

Yes, they're going to continue doing that thing which they always disclosed they were doing. That thing which helps them deliver services which their customers desire. One wonders what a reasonable response would be in your mind.

Which is why it doesn't take random data

[SuperKendall]

Actually I had been overlooking a key fact - that location database? That's not things around you YOU have found. That's locations from an APPLE DATABASE, sent TO YOU and cached on your phone.

So it's even less accurate than I thought at saying where you were since it's just a big old list of locations of everything probably within a few miles of you. You guys got all worked up for nothing - as per usual.

From Apple

[SuperKendall]

Where do you think the data in consolidated.db came from?

It came from Apple, who created the data set from a mixture of cell phone records of where towers were located, plus anonymous data about where wifi locations were near. Note that almost all the data Apple has was collected long before you ever got there.

More like exclusion list

[SuperKendall]

the people responsible for making the list of files to backup probably thought

The people doing the backup generally only build an exclusion list. They aren't looking for things to back up; that would be insane in a system with hundreds of thousands of files. They must be told what to explicitly not back up, and this file just wasn't on that list - again probably because no-one thought it mattered since it's a cache of an Apple database.

Re:More like exclusion list

Do you even know what a cache is?! By calling it a cache you are either showing that you have no idea what a cache is or being a desperate apple apologist trying to make it seem like this is temporary storage when it is not.

Location database is from Apple, not your phone

I haven't seen anybody point out the most relevant part of today's news: the location database that got everybody so alarmed is not something that your individual iPhone has collected and (some believe) reported to Apple. That database is something delivered from Apple to your iPhone to assist it in figuring out its location.

If police forensics labs are hoping to use that data to track people, then they've got useless mush. It will appear as if everybody has been everywhere.

Yes, this database is crowd-sourced. Which means that iPhones do report to Apple the correlation from WiFi networks and cell towers to GPS coordinates at a given time. If you wish to believe that Apple is associating that data with individual iPhones when they've flatly asserted they don't, nobody can prove otherwise. However, this is not what the recent controversy was about. That was about the location database, which is simply not about you or your phone.

Big Difference

[Nom+du+Keyboard]

Is Apple deleting the file, or are they erasing the file? There is a huge difference in the recovery of data from flash depending on which route they're taking.

Yeah right.

Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."

What to you want to bet that government agencies will "accidentally" be given a copy of the decryption key.

Who's next?

[Dragon_Punch]

It is interesting who has security problems next.

Re:It's NOT tracking your location... Geez.

[minniger]

Heh. Thanks A/C, exactly the points I was going to make. Except with a little less sass.

Couple of links:
http://en.wikipedia.org/wiki/Multilateration
http://en.wikipedia.org/wiki/Triangulation
etc.

So AFAIK the data is not sufficient to do more than place the phone in the general area (at least 100s of meters for the most part).

Most likely explanation for location-gate is that some developer got it working on their hardware, but they tended to re-install the os for testing. So it slipped through. Doesn't make them an idiot, just human.

Re:It's NOT tracking your location... Geez.

[CheerfulMacFanboy]

There is nothing that indicates that triangulation cannot be done after the fact. That is just made up. -5

Sure - if you have all necessary data. Apple doesn't -100000000000000. Fuck off you idiot.

This is a perfectly reasonable response to one of the lamest troll attempts in this thread.

Re:It's NOT tracking your location... Geez.

[CheerfulMacFanboy]

Liar. Nutcase. Astroturfer. It doesn't matter - you are wrong.