Slashdot Mirror
App Developer Says Stolen UDIDs Came From Them, Not FBI
pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."
This just shows that you cannot trust anonymous. but then again.. WOOHOO, EA SPORTS!!
Flowers By Irene?
Waiting for an amusing sig.
Which side to believe when both sides are known liars?
What do I know, I'm just an idiot, right?
was given the data by an insider or hacked it themself first.
The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?
Lets run those apps under traffic analysis. The version that was live a week ago.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
Ceci n'est pas un sig.
Surprise, surprise. Excuse me while I go back to read the pages of FBI-Apple conspiracy theories on the last related slashdot post, where this infinitely more likely possibility didn't appear until about the 3,000th post.
the fbi check cleared... i did it
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
So it's not Nintendo testing the waters before abandoning its 3DS-exclusive portable strategy?
that random developers have access to sensitive data and make a mess of it.
But at least I'm not being tracked by the FBI!
If the FBI was caught doing something illicit or illegal, wouldn't you expect them to come up with an alternate source of the data to cover up their behavior?
Just because someone denies it's happening doesn't mean it isn't. And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens. History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy". Of course, in doing so, they trample the very protections meant to protect the innocent, and so many people are in jail simply because they were in the wrong place at the wrong time, or had politically controversial views (as the FBI sees them, anyway).
Whenever a law enforcement organization takes liberties with our liberties, it is to the detriment to us all. Regardless of how well-intentioned they may be, it is the traditional path by which democracy is destroyed.
#fuckbeta #iamslashdot #dicemustdie
I RTFA to see why a company would voluntarily make such a claim ( unless they are an FBI front ;) ), and it seems the company were contacted by an outside researcher who suggested they were the "leak" (and perhaps would tell the world if they did not confess?). There are no further details that seemed interesting in case you were tempted to RTFA.
But of course the whole case seems rather uninteresting to me. A list of UDIDs. Wow, if FBI has them, they might also know who owns the UDIDs and have a pretty good list of annoying consumers with which you can't have a rational discussion on the subject of electronic devices. So what?
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
Anonymous is very much a top down organization with leadership. The ideal is very far from the reality friend.
How is Blue Toad a liar?
They are admitting a serious breech which impacts goodwill at the company.
Even at the time of the UDID release, I argued that the simplest explanation was simply that the list came from some app developer that had a server collecting some data. After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete, the only reason why such data would be sparse is that it was collected by an app that ran on a variety of devices with a variety of information provided by the users. There was also no reason WHY the FBI would even care about a UDID for a user since Apple had discontinued use months ago and there is really no way to use that data for anything useful.
Now the Blue Toad admission verifies what was already by far the likely scenario. At this point to believe anything else is right up there at the three-tinfoil hat level.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
UDID's are pretty useless on their own. Most devs collect them to uniquely identify devices. More nefarious use them for advertising
The /. crowd would rather believe the FBI is lying. They will contort themselves to protect that belief. Just as with so many other issues discussed here, like Apple and Android.
Goodbye karma. sigh.
And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens.
If you think that way about the FBI, then you know the list was not from the FBI.
With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.
It was always bullshit to think this list was from the FBI. It was painfully obvious the list was published by a group that hates the FBI as much as you and other Slashdot users do, just to discredit them.
I don't care about the FBI myself one way or the other. But I do care about groups that are supposed to represent a kind of healthy counterpoint to the FBI, losing a lot of credibility by making stuff up just to attack enemies.
You want a real conspiracy theory? How about the FBI was behind the original Anonymous post unveiling the UDID list, knowing the real holder would come forth and embarrass Anonymous... Anon, seems you have a mole.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.
Isn't also possible that the FBI hacked Blue Toad and got the list and then the Anonymous guys hacked the FBI and got the list from them? There is about as much public evidence for that scenario as any other.
Also, if the Anonymous guys supposedly got the list from Blue Toad, why is it 98% match for Blue Toad's and not a 100% match?
The original claim that the list came from the FBI is an amazing act of trolling. There are way too many people who not only believe that the instant they hear it, but will never let it drop, regardless of how much other evidence or pieces of the story come out.
The data file is of no use to the FBI. It has way too little data compared to total number of devices. UDID's have been of no use to anyone since about the start of the year.
The data file also had WAY too little information (too sparse) to be of much use in correlation. In short, there's no good reason why the FBI would care about a list of UDID's even if you tried to GIVE them to the FBI.
There is no logical reason why the FBI would care at all about the data set shown; to my mind that's the most damning evidence against the FBI ever having had it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
first organization Reciprocating bad the Choosing watershed essay, to the transmission COMMUNITY AT beyond the scope of the channel to sign obsessives and the
Woops. Forgot you took your Adderall this morning and doubled up on the dose? Shouldn't do that.
Either that or look at the screen carefully when you're posting from your iPhone. That autocorrect is a bitch sometimes.
Faster! Faster! Faster would be better!
About as wrong as is humanly possible. Certain sub-organizations that claim to be offshoots of Anonymous such as Lulzsec may have a top down leadership structure, but Anonymous as a whole is much more of an idea than an organization.
Blue Toad is a little-known privately held company, but its technology touches millions of users around the world. It provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month, DeHart said.
People are oblivious to the fact that the FBI and the intelligence community runs several shell companies. This proves nothing. I've never heard of this little company before, yet what are they doing with all that information? Yet, they provide ZERO proof.
Also, Anonymous claims they only released 1 million out of a purported 15 million entries. I think it's time Anonymous dumped the entire database, fully unredacted to prove them wrong.
the FBI doesn't need much in the way of an excuse to have data from Apple
Sure it does, but that's beside the point.
If the data was from Apple, it would be complete. Apple knows the names attached to a UDID, no-one else has this complete list.
Yes, we occasionally request device id's in the course of conducting investigations
Except they wouldn't because it would be pointless. The UDID's are useless for that purpose, especially (again) a list of UDID's why so little other information besides the UDID itself - which is worthless.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Since possessing such info is usually against the law for the FBI to have, agencies like the FBI have private companies gather it up for them. Then the FBI, or the NSA, or the CIA, or whoever, just gets the data on request through the "legal" channel of the private company. This is standard procedure. This means that the story is not danrathered yet; we are perhaps splitting hairs. The question is: WHO were they gathering the information for? Anyone? Was that "anyone" any law or spook service that asked for it, and how could we ever tell? Possession of such information by a private company which has no need for it should be on-the-face-of-it evidence of intent to provide to those who can't get, or are not allowed to get, such private data.
Just because a specific developer has a data set that "mostly" overlaps the FBI laptop dataset does not mean they are the same.
It's like saying a Maserati and a BMW SL are the same. They're both cars. They both have tires. They both go fast.
But they're not the same.
-- Tigger warning: This post may contain tiggers! --
A very useful definition of religion is "the lack of falsifiability". If there is no evidence which would convince you that the FBI isn't a bad actor in this case then your claims are not falsifiable. Therefore, your belief that that "the evil government is out to get you" is a religion. I'm not sure when it happened, but at some point most of Slashdot was swallowed up by this same "Church of the Tin Foil hat". It used to be funny, then it got scary, now it is just boring.
Since this is your religion, there is nothing I can do to talk you out of it, but what the hell, I'll give it a shot:
The government is not picking through your smartphone or tracking your location or reading your text messages. Of course they could, and would, but they aren't. Why? Because you don't matter.
hey, where did you think the $1.11 and $1.14 billion dollars was going to be spent? On the space program?
-- Tigger warning: This post may contain tiggers! --
The funny thing is the conspiracy theory guys are missing the most juicy conspiracy theory sitting right there in front of them.
The list was super-obviously not from the FBI right? So why would Anonymous leak such a list, when it so obviously would come back and damage credibility?
The answer s obvious. The FBI was in fact "Anonymous" that leaked the original list, known it would be disproved and make Anonymous look bad. The original leak was just credible enough that the real Anonymous would not speak out against it a snot coming from them, because it's a loose group and how would they really know if it was one of them that did it?
Even now probably many Anonymous guys are here and elsewhere, defending the leak has having come from the FBI and making Anonymous look more and more clueless in the process...
I give this FBI operation an A+ for effectiveness. They almost had me thinking Anon was the stupidest bunch of wankers to ever touch a keyboard until I figured it out.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
A UDID list with almost no user detail like this one had, is TOTALLY USELESS to the FBI.
There's no reason the FBI would take such a list if you tried to give it to them; so why would they try to "intercept" it?
Far more likely is that the original "leak" was not from Anon, but from the FBI trying to make Anon look bad.
Mission accomplished.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The simplest answer is Blue Toad is doing outsourced work for the FBI or another agency. Or it's as the article says, they have those ids because the've sold stuff to 11 million unique iPxd devices. Or both. What better cover than start a legitimate company selling to Peter and Paul at the same time. It's possible the DOS/DOD/FBI has outsourced this for multiple reasons. Not the least of which *might* be deniability. UDID? Us? No way. Never. That would be our sub-contractor's job. The gov't routinely outsources work to properly screened clearance approved private companies. Considering Blue Toad had the data.
The next question should be, "Why did Blue Toad have 11 miilion UDIDs from Apple and where did they get it from?"
Not, "Oh well that's not the FBI, why did Anonymous lie?"
Perhaps Anon knows that the FBI contacted Blue toad to get these ids, but can't say so, without risking exposing themselves?
Nope, the whole thing stinks. I'm more inclined to believe Blue Toad is shovelling something, and it's not chocolate shavings from Willy Wonka's Chocolate Mountain.Their whole business model seems bizarre. But then, I'm not an iPad user, and never heard of Blue Toad before today.
You have a good point about the hundreds of millions being global.
But through the second quarter of this year, Apple has sold 86 million iPhones in the U.S., and 34 million iPads (again in the U.S.).
That's still over 100 million devices, the 12 million number against that is not of a size that would match anything except what an app developer would be collecting (and keep in mind a lot of those UDID's are probably not from the U.S.).
Again I must stress how useless it is to have a UDID for anything the FBI would want to do.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The /. crowd would rather believe the FBI is lying.
And that Apple is evil, don't forget that bit of confirmation bias.
In fact, history shows that all of the three letter agencies gather information which has no apparent value or use and were just fishing expeditions. We also have no idea what other sources of UDIDs they may have which could have additional information that can be cross referenced to BlueToad app users, which depending on the material published might be of great interest to the FBI.
I assure you they are not admitting a serious breech. Abe Lincoln rocked some serious birches in the vampire hunter movie, and I'm wearing some right now. But this has nothin to do with the FBI apple anonymous blue toad udid hacker thing.
It isn't a matter of a legit theory, it is a matter of a belief they have which they'll try and find any evidence and force it to fit in to. It can get wilder and wilder the more their stuff gets shot down, but they never stop with it.
Ok, say the FBI is the genuine source of the leak, hypothetically?
Political cover may be synthesized vai a paid patsy for a new business model. Claim fault, get paid while government intrusion continues more easily sub rosa.
Considering the salami slice of freedom taken way larger in the public mind set, Blue Toad steps up because they are a paid mea culpa.
http://www.aisnota.com/slashdot/ Welcome to Logic and the Future
We also have no idea what other sources of UDIDs they may have which could have additional information
They may have such a list. But that'e even MORE of a reason why they would not have the Blue Toad list - there is NOTHING in there really worth cross-referencing to, if they had such a list it would have as you said way more data.
The Blue Toad list is worthless as something to corss-reference TO. The Blue Toad list is worthless as a list to cross reference FROM.
Why can't you and others accept the by FAR simpler explanation that Blue Toad was hacked and this information gathered, instead of some vastly harder hack of an individual's FBI laptop that mysteriously contained data the FBI would find useless?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The FBI obviously had something on Blue Toad and sent the black SUVs round to pay a visit.
No sig today...
Two Guys From Quantico Pizza
If both datasets measure or collect the same data, that they would have 98% of their data coincide is not that unlikely.
Depending on the collection methods used, they might get a 100% match if the data was collected through some common data-access method at near the same point in time.
I see this more as an attempt to discredit anonymous than anything else at this point -- which lends legitimacy to their claim of the FBI doing the monitoring.
Note -- I find the above to be near equal likelihood of being true as the original stories' statements... I really don't know which is true and really don't "believe" either one of them. As belief, in absence of facts is no more than superstition or religion.