Slashdot Mirror
App Developer Says Stolen UDIDs Came From Them, Not FBI
pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."
This just shows that you cannot trust anonymous. but then again.. WOOHOO, EA SPORTS!!
Flowers By Irene?
Waiting for an amusing sig.
Which side to believe when both sides are known liars?
What do I know, I'm just an idiot, right?
was given the data by an insider or hacked it themself first.
The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?
Lets run those apps under traffic analysis. The version that was live a week ago.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
Ceci n'est pas un sig.
Am I the only one thinking
1. FBI may have sourced the file from Blur Toad
2. Blue Toad may have been asked by FBI to say this
3. Blue Toad may simply be a cover company
I do not give more for FBI's and Blue Toad's word than for anonymous's word.
Vajk
Surprise, surprise. Excuse me while I go back to read the pages of FBI-Apple conspiracy theories on the last related slashdot post, where this infinitely more likely possibility didn't appear until about the 3,000th post.
the fbi check cleared... i did it
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
So it's not Nintendo testing the waters before abandoning its 3DS-exclusive portable strategy?
that random developers have access to sensitive data and make a mess of it.
But at least I'm not being tracked by the FBI!
If the FBI was caught doing something illicit or illegal, wouldn't you expect them to come up with an alternate source of the data to cover up their behavior?
Just because someone denies it's happening doesn't mean it isn't. And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens. History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy". Of course, in doing so, they trample the very protections meant to protect the innocent, and so many people are in jail simply because they were in the wrong place at the wrong time, or had politically controversial views (as the FBI sees them, anyway).
Whenever a law enforcement organization takes liberties with our liberties, it is to the detriment to us all. Regardless of how well-intentioned they may be, it is the traditional path by which democracy is destroyed.
#fuckbeta #iamslashdot #dicemustdie
The media speaks of "Anonymuos" as if it's a top-down organization with members, leadership and a charter. In reality it's nothing but a label that anyone with an agenda can adopt to advance their cause. It's not much different than what post-9/11 Al Qaeda became in that regard.
What's the difference between Apple, the FBI, or some development studio having the UDIDs? Doesn't it just prove the point that UDIDs are accessible...probably even moreso that there could literally be thousands of caches of UDIDs out there? If these could be use for some nefarious purposes then wouldn't it make sense to lock them down? Just sayin...
that if the info was taken from an FBI laptop, that there would be other information on that laptop to prove it was in use by an FBI agent. If Anonymous doesnt have such information, then it seems unlikely they got the information from an FBI used laptop.
I RTFA to see why a company would voluntarily make such a claim ( unless they are an FBI front ;) ), and it seems the company were contacted by an outside researcher who suggested they were the "leak" (and perhaps would tell the world if they did not confess?). There are no further details that seemed interesting in case you were tempted to RTFA.
But of course the whole case seems rather uninteresting to me. A list of UDIDs. Wow, if FBI has them, they might also know who owns the UDIDs and have a pretty good list of annoying consumers with which you can't have a rational discussion on the subject of electronic devices. So what?
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
How is Blue Toad a liar?
They are admitting a serious breech which impacts goodwill at the company.
Even at the time of the UDID release, I argued that the simplest explanation was simply that the list came from some app developer that had a server collecting some data. After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete, the only reason why such data would be sparse is that it was collected by an app that ran on a variety of devices with a variety of information provided by the users. There was also no reason WHY the FBI would even care about a UDID for a user since Apple had discontinued use months ago and there is really no way to use that data for anything useful.
Now the Blue Toad admission verifies what was already by far the likely scenario. At this point to believe anything else is right up there at the three-tinfoil hat level.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
...these guys have no iPhone applications out there warranting a 1m+ user base, especially of people who, judging from the names of the phones, seem to be teenagers?
The /. crowd would rather believe the FBI is lying. They will contort themselves to protect that belief. Just as with so many other issues discussed here, like Apple and Android.
Goodbye karma. sigh.
fagets
And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens.
If you think that way about the FBI, then you know the list was not from the FBI.
With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.
It was always bullshit to think this list was from the FBI. It was painfully obvious the list was published by a group that hates the FBI as much as you and other Slashdot users do, just to discredit them.
I don't care about the FBI myself one way or the other. But I do care about groups that are supposed to represent a kind of healthy counterpoint to the FBI, losing a lot of credibility by making stuff up just to attack enemies.
You want a real conspiracy theory? How about the FBI was behind the original Anonymous post unveiling the UDID list, knowing the real holder would come forth and embarrass Anonymous... Anon, seems you have a mole.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
FBI may have sourced the file from Blur Toad
Then you must answer WHY they would do this.
UDID's are totally useless to the FBI. WHY would they collect such a TINY list, such an incomplete list.
It makes no sense to me why the FBI would want this list. It is pointless.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.
Isn't also possible that the FBI hacked Blue Toad and got the list and then the Anonymous guys hacked the FBI and got the list from them? There is about as much public evidence for that scenario as any other.
Also, if the Anonymous guys supposedly got the list from Blue Toad, why is it 98% match for Blue Toad's and not a 100% match?
The original claim that the list came from the FBI is an amazing act of trolling. There are way too many people who not only believe that the instant they hear it, but will never let it drop, regardless of how much other evidence or pieces of the story come out.
The data file is of no use to the FBI. It has way too little data compared to total number of devices. UDID's have been of no use to anyone since about the start of the year.
The data file also had WAY too little information (too sparse) to be of much use in correlation. In short, there's no good reason why the FBI would care about a list of UDID's even if you tried to GIVE them to the FBI.
There is no logical reason why the FBI would care at all about the data set shown; to my mind that's the most damning evidence against the FBI ever having had it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
first organization Reciprocating bad the Choosing watershed essay, to the transmission COMMUNITY AT beyond the scope of the channel to sign obsessives and the
Woops. Forgot you took your Adderall this morning and doubled up on the dose? Shouldn't do that.
Either that or look at the screen carefully when you're posting from your iPhone. That autocorrect is a bitch sometimes.
Faster! Faster! Faster would be better!
People are oblivious to the fact that the FBI and the intelligence community runs several shell companies. This proves nothing. I've never heard of this little company before, yet what are they doing with all that information? Yet, they provide ZERO proof.
Also, Anonymous claims they only released 1 million out of a purported 15 million entries. I think it's time Anonymous dumped the entire database, fully unredacted to prove them wrong.
Can anyone else reach http://www.bluetoad.com/
Looks like Anon is getting back at them.
So, it's claimed that this developer does work 4k "brands" and that they recieve 100k pageviews a month. The developer won't reveal a client list. Ok
Work out which apps have updated in the last week
Zoom and Enhance
Ok, let's discount apps that don't have the same look and Feel (because develpers are lazy)
Zoom and Enhance
A ha... It's the Romney and Obama Apps.
I knew I shouldn't have trusted politicians
the FBI doesn't need much in the way of an excuse to have data from Apple
Sure it does, but that's beside the point.
If the data was from Apple, it would be complete. Apple knows the names attached to a UDID, no-one else has this complete list.
Yes, we occasionally request device id's in the course of conducting investigations
Except they wouldn't because it would be pointless. The UDID's are useless for that purpose, especially (again) a list of UDID's why so little other information besides the UDID itself - which is worthless.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Since possessing such info is usually against the law for the FBI to have, agencies like the FBI have private companies gather it up for them. Then the FBI, or the NSA, or the CIA, or whoever, just gets the data on request through the "legal" channel of the private company. This is standard procedure. This means that the story is not danrathered yet; we are perhaps splitting hairs. The question is: WHO were they gathering the information for? Anyone? Was that "anyone" any law or spook service that asked for it, and how could we ever tell? Possession of such information by a private company which has no need for it should be on-the-face-of-it evidence of intent to provide to those who can't get, or are not allowed to get, such private data.
Just because a specific developer has a data set that "mostly" overlaps the FBI laptop dataset does not mean they are the same.
It's like saying a Maserati and a BMW SL are the same. They're both cars. They both have tires. They both go fast.
But they're not the same.
-- Tigger warning: This post may contain tiggers! --
The Golden Gate bridge is up for TAX sale...
A very useful definition of religion is "the lack of falsifiability". If there is no evidence which would convince you that the FBI isn't a bad actor in this case then your claims are not falsifiable. Therefore, your belief that that "the evil government is out to get you" is a religion. I'm not sure when it happened, but at some point most of Slashdot was swallowed up by this same "Church of the Tin Foil hat". It used to be funny, then it got scary, now it is just boring.
Since this is your religion, there is nothing I can do to talk you out of it, but what the hell, I'll give it a shot:
The government is not picking through your smartphone or tracking your location or reading your text messages. Of course they could, and would, but they aren't. Why? Because you don't matter.
The funny thing is the conspiracy theory guys are missing the most juicy conspiracy theory sitting right there in front of them.
The list was super-obviously not from the FBI right? So why would Anonymous leak such a list, when it so obviously would come back and damage credibility?
The answer s obvious. The FBI was in fact "Anonymous" that leaked the original list, known it would be disproved and make Anonymous look bad. The original leak was just credible enough that the real Anonymous would not speak out against it a snot coming from them, because it's a loose group and how would they really know if it was one of them that did it?
Even now probably many Anonymous guys are here and elsewhere, defending the leak has having come from the FBI and making Anonymous look more and more clueless in the process...
I give this FBI operation an A+ for effectiveness. They almost had me thinking Anon was the stupidest bunch of wankers to ever touch a keyboard until I figured it out.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If this app developer has them, are their records secure from FBI interception?
No.
Are they saying that the FBI didn't get it through them?
No.
And if any old developer can get them, can anyone say why?
No.
And where did the other 2% come from?
How many people howl for WL blood because they gave out classified information from a government source?
How many howl for Manning's head for giving out the data?
A UDID list with almost no user detail like this one had, is TOTALLY USELESS to the FBI.
There's no reason the FBI would take such a list if you tried to give it to them; so why would they try to "intercept" it?
Far more likely is that the original "leak" was not from Anon, but from the FBI trying to make Anon look bad.
Mission accomplished.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I mean what blue toad was doing with 12 million UID (or whatever millions) to begin with ?
Blue toad?? more like RED HERRING! doesn't the GOP have ties in florida?
The simplest answer is Blue Toad is doing outsourced work for the FBI or another agency. Or it's as the article says, they have those ids because the've sold stuff to 11 million unique iPxd devices. Or both. What better cover than start a legitimate company selling to Peter and Paul at the same time. It's possible the DOS/DOD/FBI has outsourced this for multiple reasons. Not the least of which *might* be deniability. UDID? Us? No way. Never. That would be our sub-contractor's job. The gov't routinely outsources work to properly screened clearance approved private companies. Considering Blue Toad had the data.
The next question should be, "Why did Blue Toad have 11 miilion UDIDs from Apple and where did they get it from?"
Not, "Oh well that's not the FBI, why did Anonymous lie?"
Perhaps Anon knows that the FBI contacted Blue toad to get these ids, but can't say so, without risking exposing themselves?
Nope, the whole thing stinks. I'm more inclined to believe Blue Toad is shovelling something, and it's not chocolate shavings from Willy Wonka's Chocolate Mountain.Their whole business model seems bizarre. But then, I'm not an iPad user, and never heard of Blue Toad before today.
Only a partial list was published.. Less than 10% of wasnt it? How can they say 98% = 100% confidence in that case? I have a list of 5 devices. I could say 100% of my list matched. Any PR is good PR I guess.
You have a good point about the hundreds of millions being global.
But through the second quarter of this year, Apple has sold 86 million iPhones in the U.S., and 34 million iPads (again in the U.S.).
That's still over 100 million devices, the 12 million number against that is not of a size that would match anything except what an app developer would be collecting (and keep in mind a lot of those UDID's are probably not from the U.S.).
Again I must stress how useless it is to have a UDID for anything the FBI would want to do.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Maybe we should get Rupert Murdoch's expert opinion? I recall his London staff has some expertise in mobile app security.
Have some more tinfoil ;-)
Really. Given the often braindead way they collect information (and lose the interesting bits in the dogpile of dross), who says the FBI know what they can do with the data?
If they have it and find out they can use it later, they have it. If they don't have it, they have to ask for it.
SOP.
After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete
There's no reason to assume why the origin of the illicitly copied data was complete in the first place, or if the transfer of data ever fully completed.....
The /. crowd would rather believe the FBI is lying.
And that Apple is evil, don't forget that bit of confirmation bias.
I assure you they are not admitting a serious breech. Abe Lincoln rocked some serious birches in the vampire hunter movie, and I'm wearing some right now. But this has nothin to do with the FBI apple anonymous blue toad udid hacker thing.
It isn't a matter of a legit theory, it is a matter of a belief they have which they'll try and find any evidence and force it to fit in to. It can get wilder and wilder the more their stuff gets shot down, but they never stop with it.
How is Blue Toad a liar?
They are admitting a serious breech which impacts goodwill at the company.
this, exactly this - why would a "self-respecting" company admit a breach like this? usually companies keep it quiet after any sort of breaches..
Ok, say the FBI is the genuine source of the leak, hypothetically?
Political cover may be synthesized vai a paid patsy for a new business model. Claim fault, get paid while government intrusion continues more easily sub rosa.
Considering the salami slice of freedom taken way larger in the public mind set, Blue Toad steps up because they are a paid mea culpa.
http://www.aisnota.com/slashdot/ Welcome to Logic and the Future
I say it was Aliens.
They have been planning this all along! They control the FBI and Apple. Blue toad is a front for both of these companies. What you all don't realize is that Anonymous are actually Thetans controlled by Xenu! The Grey's and Xenu are at war for our UDID's because they are actually the key to controlling the universe! The Grey's have to disperse these keys in order for their nefarious plans to come to fruition. Xenu needs that power to escape his prison!
We are all just pawns in an intergalactic chess game!
Weeeeeeeeeeee!!!!!!!
http://images1.wikia.nocookie.net/__cb20071124204126/uncyclopedia/images/b/bd/StraightJacket.jpg
Well he found a lot of Blue Toads and some of the names were also mentioned and worked as BlueToad so BlueToad's iPhones were using the app that was hacked which wasn't likely to be BlueToads.
98% correlation is no correlation at all. Companies don't throw away data, he'd be able to find 100% as current or former users. With 12 million records that's a sizeable portion of the devices and with 1 million apps, they'd be a lot that have that level of correlation.
The name on the spreadsheet is still a flag. Possibly a false flag.
If Bluetoad look through their iPhones and see what they have in common, most likely they are using ONE TELCO on a company plan, that telco probably installed something like Carrier IQ, and that will be the likely source of this data.
We also have no idea what other sources of UDIDs they may have which could have additional information
They may have such a list. But that'e even MORE of a reason why they would not have the Blue Toad list - there is NOTHING in there really worth cross-referencing to, if they had such a list it would have as you said way more data.
The Blue Toad list is worthless as something to corss-reference TO. The Blue Toad list is worthless as a list to cross reference FROM.
Why can't you and others accept the by FAR simpler explanation that Blue Toad was hacked and this information gathered, instead of some vastly harder hack of an individual's FBI laptop that mysteriously contained data the FBI would find useless?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
What the takeaway and discussion here should be is this:
Have government agencies acted in such a way that they are above reproach?
One has the hard issue of security and the other of the past conduct. What can be done to make sure events of the past don't happen again is the important conversation as someone might actualy have a workable idea.
The FBI obviously had something on Blue Toad and sent the black SUVs round to pay a visit.
No sig today...
Two Guys From Quantico Pizza
If both datasets measure or collect the same data, that they would have 98% of their data coincide is not that unlikely.
Depending on the collection methods used, they might get a 100% match if the data was collected through some common data-access method at near the same point in time.
I see this more as an attempt to discredit anonymous than anything else at this point -- which lends legitimacy to their claim of the FBI doing the monitoring.
Note -- I find the above to be near equal likelihood of being true as the original stories' statements... I really don't know which is true and really don't "believe" either one of them. As belief, in absence of facts is no more than superstition or religion.