Slashdot Mirror
Apple Updating iOS To Address Privacy Concerns
wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."
It's been a long week of high-profile fuck-ups.
Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case. It seems to be a design decision to cache locations to speed up look ups the next time, so would've been considered a feature. Not encrypting the data, on the other hand, seems to be a genuine oversight. But no wonder they want to call everything a bug, what with the government breathing down their neck with Congressional hearings.
This space for rent.
Apple: We never did anything wrong, but pardon us while we fix it anyway.
So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?
Sigh...
Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?
Who owns your data?
Turning location services off doesn't make it any harder for someone to track your phone... it just makes it harder for you to find your location.
Why not use the direct link as nothing was added and some was cut?
ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
... so that it can tell which particular towers & wi-fi hotspots you've seen most recently?
The point of the database is to help the iPhone determine its own location more quickly. Having a list of a thousand map coordinates that the iPhone has seen "in the last year, sometime," does very little to facilitate that unless the iPhone can also know which ones it has been in range of recently.
Do you need the minute for that? Isn't the month or week good enough? Would take up less space, too.
Sendou Wave Kick!!
Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case.
You only put tests in for problems you think of. Deleting the log file altogether when you turn off location services, is a problem they simply didn't think about. If you think about it the guys writing that part of the code probably assumed that since the file was cached it would be truncated so leaving it around wouldn't matter...
The rest of the time you aren't deleting the file, instead you are periodically truncating it - something beyond a single test case, and requiring a long period of time to elapse. That part seems also like it could easily be oversight.
To my mind they probably just thought keeping a record of cell towers was not a big deal, because it was not an exact location log... although just from a performance aspect you'd think they would not want that file growing too large.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.
location data isn't currently deleted when location services are disabled. That's a coming feature.
Its not what it is, its something else.
How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?
As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.
This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.
Imagine all the people...
Out of curiosity: why? When the next version of the iPhone comes out, you can sell your existing one on eBay and buy the new one for a net profit of $50. $150 if you unlock it first.
No comment.
It does make it harder for someone to know where you have BEEN though. It's not about tracking the phone "now" as much as where it has been. Such data could be used by law enforcement or jealous spouses as evidence against you. It could also be used by a stalker. And while I haven't given it much thought, I am quite certain there are dozens of other possible uses of this data that would not be good.
Alarmist? no, not really.
Look around the world. In a lot of areas, people are rising up against oppressive governments. In these situation, people are being found by the government based on cell phone location. Imagine what happens when a 'dissenter' gets caught and his phones also has the location of where he has been?
That isn't some hypothetical, it stuff that is actually happening. Right now. It may not be happening where you live, but the world is bigger then you.
So, no not alarmist, reasonable.
The Kruger Dunning explains most post on
Oh, it's not over - where Apple is concerned, it's never over here on Slashdot.
How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?
As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.
This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.
Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...
Um, are you one of those people rising up against oppressive governments? How about the people bringing a class action lawsuit? How about the many blogs screaming about it? No?
Can this data be used in real-time? No. Can it locate you precisely? No. Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.
Hmmm... I think "alarmist" is an accurate description.
What about people who are grabbed by their government? Now there Phone can be checked for locations and those location will be at risk whether or not they aided the dissenter....Know what cell tower you connected to is one thing, know the exact block or store you where in is another.
That's the thing though, it was NOT storing accurate location data. It's cell tower and some WiFi data, generally information you cannot use to tell you were at a specific house or even possibly neighborhood... think 1/4 to 1/2 mile radius, possibly a block but not a store.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
WiFi hotspot data can be used to figure out where you are, for when you don't have GPS, or when the GPS doesn't have a satellite fix yet.
This data is NOT "tracking the phone's location". It is only enough to show you that "this phone was somewhere inside ~100 miles of a given location."
If you're being executed or imprisoned because "your phone says you were within 100 miles of Tahrir Square on a day that protests against the Egyptian government occurred," then they're simply looking for an "official" reason to put on your execution / imprisonment paperwork. Of course, all of this "The iPhone, it TRACKZ JOO" hysteria simply gives people looking to "disappear" a few political opponents another way of documenting someone's "guilt".
If you're concerned about oppressive governments misusing the data, you wouldn't give them the crutch of saying "It's tracking the phone," and thus lending credibility to a flimsy justification for throwing someone in prison. You'd be very clearly and very strongly stating that that data on the phone has nothing to do with the precise location of the phone, and only provides the most general (regional) indication of the location of the phone at any given point in time. Because, you know, that's actually what it does - not indicate precise-to-the-centimeter location information for the phone.
yeah, really it is alarmist. Your location is tracked constantly due to cellphone-to-tower chatter. IOW, if your signal-strength meter is working, The Man knows where you are.
Security Theater -- no longer limited to airports, courthouses and queues.
Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...
If you are worried about those that do not posses legal method to access that data - you should really encrypt your data. The log can only be accessed from you home computer or you mobile phone directly (after hacking it) - if somebody you don't like has unrestricted/uncontrolled access to any of those, there is a lot more stuff you need to be worried about.
There is of course the Private Investigator case hired by your wife that could be borderline possible. In real life, that would be far easier for the PI to stick a GPS tracker under your car and that would give him more precise, more discreet data collection service.
Here in the US, availability of cellphone location for civil/criminal actions isn't a good thing either:
1: A DA could easily file a warrant for location info from cell providers to find who was in a park after dark, then go on a mass raid, filing criminal trespass charges on 20-30 people at once in a roundup.
2: People who were at the location of a certain protest can be blacklisted from jobs, or even supermarkets, where they would have to ask friends or go out of town to get basic groceries.
3: Foreign intel sources can get info what VIPs go to what meetings, and know what soft targets to attack.
4: People who have sensitive jobs can have the location information used as blackmail.
5: Blackmail/extortion in general. I remember a school district in California that had a security breach (with major PII compromise), and parents in that district got an anonymous E-mail with a map of how their kid walked to school and a note that their kid would have a greater chance of completing their journey from home to school if they paid a "fee".
Location information needs to be treated as PII, as much as SSNs. However, I doubt we will ever see laws that actually punish anyone for PII loss anytime soon in the political climate in the US. Europe would be a different story just due to the past history.
My favorite answer:
No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.
And then, two sentences later...
So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.
The data from the GPS is not the location of the receiver, but rather the locations of the satellites surrounding the receiver's location.
This sentence no verb.
This file... Apparently, the timestamped location log database file was a locally-generated composite of RF signals the phone received, and nearby locations that were provided from Apple's database(Requests for which, of course, would in no way inform Apple of the user's location at a given time...). That particular file doesn't seem to have been sent back, in large part because much of it would be redundant.
However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way.
"8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data? Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."
Leave the police and the courts out of the equation for a moment (as we have to assume, these days, that the state is omnipotent in any case).
This whole controversy sprung up because some well-meaning developer released an app that could access the data. By extension, we could assume that all iOS developers- including malware developers- could work a similar trick, to less innocent ends. Malware/adware/spyware developers couldn't subpoena your details from your provider; this is the only method by which they could access this sort of data.
As such, you can look at it as a pretty big security hole that needn't exist.
No one? Apple says that they do is items # 3,4,5,8.
It takes a pretty large amount of cognitive disassociation to rationalize that "This data is sent to Apple" as stated in Apples point number 5 means that the data isn't sent to Apple.
Apples response is a full and complete admission that they are spying on iPhone users. Sure they are using New-Speak to try and make it sound double plus good, but that doesn't change the fact that they are spying.
This log file has been a known issue for at least 6 months. I'll give Apple credit and say that never purging the contents of the file is a bug, but they have know about the problem and did nothing to correct it.
On top of that, there are professional phone forensic applications that use this exploit to gather the location data off the phone. Police and private investigators have been exploiting this issue long before the recent announcement.
Here are a few articles with more detailed info on it.
No one? Apple says that they do is items # 3,4,5,8. 5.
From TFA:
Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
Hi there. reality calling. If they can't tell it's from you, it's not YOUR DATA they are sending.
Bloody tinfoil-hat Apple Haters...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Google never said that collection of WiFi hotspots was accidental. That would be a totally absurd lie. They were openly collecting data that was designed from the get go to be publicly accessable. If you find Google Street maps to be evil (as some obviously do), then that would be where the complaint lies. The "accident" part of their excuse was concerning how much data they were collecting when they hit an open WiFi hotspot.
The point of collection the WiFi hotspot data is that WiFi hotspots generally don't change. So if you can see 5 WiFi mac addresses at a specific location identified by your GPS, a week later you can determine with a pretty high level of confidence that if you can see the same 5 WiFi hotsposts, that you are at the same location without having to turn on the GPS radio.
It also makes things like identifying locations possible when in doors. How often do stores in a mall change their WiFi routers? Not often. By learning their mac addresses (no need to enter their network), your phone can figure out where in the mall you are, and give you navigation to the specific store you want.
Law enforcement can do anything with it that they can do with GPS data. They can determine where you were at specific times. Interestingly enough, while law enforcement can get phone records from the phone company with a warrant, they cannot get location data determined via WiFi mac addresses without getting access to the phone itself. Unless of course, your phone is transmitting that data back to the phone manufacturer.
I have a question, why collect WiFi hotspot data?
Remember when Google said that its collection of WiFi hotspots as part of Google Maps was "accidental"?
Now we learn that the Android phone is still collecting hotspot data and sending it to Google. Doesn't seem so accidental after all.
Why does any company need this? There is no advertising that is tied to your hotspot/MAC address.
What can they do with that information, and what can law enforcement do with it?
Did you really miss all the comments explaining this in all the slashdot articles regarding this issue?
Android collects and sends because the location DB is hosted on Google's servers.
Apple collects and stores because the location DB is hosted on your device.
The location DB is used to locate exact Wifi hotspots and cell towers, so they can be used for triangulation on devices where there's no active GPS signal -- thus allowing you to use location aware apps like maps, weather apps, astronomy apps, exercise apps, social networking apps, etc.
As I understand it, iOS apps can't access it because they're sandboxed off from the system. The file is accessed in the phone backups on the computer. So the moral is don't run untrustworthy software on your computer, unless you're alright with it doing things you don't like.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Apparently, I did. Apparently, I ran it on my own data, as well. Apparently, you do not understand the phrase "within 100 miles". Apparently, you also do not understand that the lack of precise location data in the log means that if that's the only evidence against you that leads to your conviction, you're being railroaded and the "iphone log says you were somewhere in the area" is simply a fancy way of dressing up an abuse for political reasons.
Apparently, you don't realize that your attitude is actually legitimizing people who would make the claim that the iPhone's log is some sort of "irrefutable proof of absolute location," and use that "proof" as a pretext for making political rivals disappear. If you're concerned about oppressive governments, you would be clearly and unequivocally stating that this is not "tracking" data, and does not absolutely identify a user's location. It gives a "general area" - and unless you have some other proof that I committed a crime while in that "general area," then any attempt to use my presence in that "general area" as the only evidence to convict me of that crime is a farcical parody of justice. And if your government is the type of government that engages in that, then the existence (or lack) of an iPhone log will make no difference to them if they've decided you're going to prison.
Let's at least try to be honest.