iOS 8 Strikes an Unexpected Blow Against Location Tracking

schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'

Apple Actually Cares About Privacy

Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

Re:Apple Actually Cares About Privacy

Apple allready knows who you are and what you are doing and where you are and where you have been ...

Re:Apple Actually Cares About Privacy

Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

No, this is about 3rd parties tracking you - it means your iPhone does not provide its MAC address to the network(s) it has found. This never had anything to do with Apple tracking you nor does not stop Apple from keeping tabs on what networks you have identified while looking for a connection.

Re:Apple Actually Cares About Privacy

True. But I think the point is that Google's business plan depends on 3rd parties. It's not exactly a good comparison, but this is one more example of Apple's positive protection of customer's privacy againsts Google's equal number of negative examples.

Re:Apple Actually Cares About Privacy

[fuzzyfuzzyfungus]

Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

I would be more optimistic if it weren't for the fact that Apple went and deliberately developed "iBeacon", more or less deliberately designed for every sort of horrid 'location based service' and 'relevant offer' crap in the book.

Architecturally, hunting for wifi networks with a spoofed MAC is a good idea; but it sure does look like Apple is cutting an attempt to track their phones the non-blessed way off at the knees, even as they actively provide a blessed way of doing it.

In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

They want to be sure that you find the experience of being sold tasteful and unobtrusive; but they aren't actually your friends, nor do they consider your hardware purchase to be sufficient to exempt you from being the product.

Re:Apple Actually Cares About Privacy

[bluelip]

Pretty much a derp. You don't use 802.1x and mac filtering at home?

Re:Apple Actually Cares About Privacy

You make a good point. However, iirc, a user can completely diasable their iPhone's from repsonding to iBeacons. So even under the "blessed" way, a customer's privacy is still within their personal control.

Re:Apple Actually Cares About Privacy

[mwvdlee]

More specifically this is about 3rd parties tracking you, without paying Apple.
All this does is close up the tracking options that compete with Apple's tracking options.
As for Google, I suspect we'll see this happening on Android phones soon enough as MAC tracking competes with Google as well.

Re:Apple Actually Cares About Privacy

[sonamchauhan]

Correct. The only difference is that they don't like to share...

Re:Apple Actually Cares About Privacy

The only difference is that they don't like to share..

Yes they do, they even say so in their privacy policy: “[Apple will] make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers.”

In fact, if you read their privacy policy, you'd realize Apple gathers up about as much personal information on users as any other big tech company. The main difference is they say they don't connect the dots.In fact, they've been and are being sued for sharing too much user data...

Personal user data big part of any technology company's business model these days. Even Apple.

http://motherboard.vice.com/bl...

Re:Apple Actually Cares About Privacy

[justcauseisjustthat]

Big difference iBeacon needs to be enabled per app, the user has control! Here the user was scanned without their consent, this new privacy feature is awesome.

Re:Apple Actually Cares About Privacy

[justcauseisjustthat]

What Apple tracking options? iBeacon I suppose could be used for that but users have the option to enable or not.

Re:Apple Actually Cares About Privacy

[davester666]

well, to do so means turning off Bluetooth, which sucks because I hate using corded headphones.

And iBeacon hardware can trivially also work the same way as wifi tracking, by just tracking the bluetooth id your phone is emitting all the time instead. it's unique to your phone and can be used to pin down the phones location quite precisely.

while iBeacon itself is quite benign if you just don't download/authorize the stores app to get the iBeacon messages, I'm sure larger stores will spring the extra couple of bucks to do bluetooth tracking, particularly if they are already doing wifi tracking.

Re:Apple Actually Cares About Privacy

[sonamchauhan]

Thanks - I suspected that this was the case, but wasn't sure.

Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.

I suspect this entire ploy is so that iBeacons can be marketed more effectively.

Re:Apple Actually Cares About Privacy

[Tom]

It is true.

The reason is that for Apple, you are the customer. For Google, you are the product, because its customers are the advertisers.

Re:Apple Actually Cares About Privacy

[gl4ss]

they care about hiding potential profits from it from other people.

while breaking standards.

they'll still keep a list of where you've been on the phone..

Re:Apple Actually Cares About Privacy

[Tom]

Apple went and deliberately developed "iBeacon"

Which works by Bluetooth, not WiFi, and it's basically a Bluetooth broadcaster. Also, it is opt-in.

In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

That you can opt out of.

Re:Apple Actually Cares About Privacy

[Tom]

Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.

You know you can turn it on and off selectively, yes? Allowing certain apps to use it, but others not?

Re:Apple Actually Cares About Privacy

[SuricouRaven]

No, it still provides your MAC to the network. Doing otherwise would break things - static DHCP reservations for one. It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.

Re:Apple Actually Cares About Privacy

Yeah, sure and you have no way of knowing if it's actually disabled.

With Android, you can see the source code, so you know exactly what everything is doing and you can modify it if you don't like it. Google isn't trying to hide anything from anyone, unlike Apple.

Re:Apple Actually Cares About Privacy

[pmontra]

They don't connect the dots for everybody for free. Become a strategic partner (that is: find a way to bring them more money) and they'll be happy do connect the dots for you. So don't be naive: Apple cares about its customers only when it can turn that care into profit.

BTW, this app does the same on a rooted Android device.

Re:Apple Actually Cares About Privacy

[ifiwereasculptor]

AFAIK, you can't see the source for Google apps like Play Store, Maps etc, tough. Maybe not even for the launcher. I don't know what's part of AOSP and what's a Google add-on, these days. My point being that, for reaping the benefits of being able to see the source code, you must be able to see it all. Unless you have root access and can manage permissions on a per-app basis directly via the base, open OS. That's not Android's case, though - at least not by default.

Re:Apple Actually Cares About Privacy

[mlk]

In this case I could see Google doing the same as Google is not part of the loop.

Re:Apple Actually Cares About Privacy

[ocean_soul]

They don't really care about your privacy, they care about knowing more about you than their competitors do.

Re: Apple Actually Cares About Privacy

Great selling point. But: Have you looked at the source code? There's a lot of it. Did you understand it all? Did you find any bugs or holes?

Re:Apple Actually Cares About Privacy

[GoddersUK]

That's GPS based location tracking carried out by your phone. TFA is referring to nasties like this - http://www.telegraph.co.uk/tec... - where wifi enabled devices are tracked by wifi hotspots using their mac address.

Re:Apple Actually Cares About Privacy

[Tom]

GP was about GPS location tracking. ;-)

Re:Apple Actually Cares About Privacy

[jedrek]

Apple's falling out with Google over Maps was about GOOG wanting more data and Apple not wanting them to gather it.

Re:Apple Actually Cares About Privacy

[LookIntoTheFuture]

BTW, this app does the same on a rooted Android device.

Thank you, thank you, thank you! Mod this up!

Re:Apple Actually Cares About Privacy

[LookIntoTheFuture]

BTW, this app does the same on a rooted Android device.

Thank you, thank you, thank you! Mod this up!

Replying to my own post. This app is also available on the 1Mobile Market.

Re:Apple Actually Cares About Privacy

[tomhath]

...and Apple not wanting to share it with Google.

Re: Apple Actually Cares About Privacy

Why would he do that? Everyone knows that just having source code available makes software free from bugs and hidden security flaws. Nobody actually needs to check it.

Re:Apple Actually Cares About Privacy

It goes back to the other comments, while others cannot track you. That doesn't mean Apple isn't doing the collecting themselves and selling it off, or being requested by the FBI, NSA to give up what they have. This is nothing more then PR twisting, by a company that is suspected of willfully working with spying/law enforcement agencies.

To me to have the press sit there an report this without highlighting the companies past and current data collecting activities is misleading the public into thinking they are somehow safe, or just to give people a false sense of security as a way to sell more phones then your competitor.

Re:Apple Actually Cares About Privacy

[Mr_Trebuchet]

Per the Wikipedia page on iBeacon you linked: "The only role of the iBeacon is to advertise to the phones of its own existence at the physical location. iBeacon do not actively push out notifications (other than the iBeacon advertisement frames) nor does iBeacon actively track nearby users."

Re:Apple Actually Cares About Privacy

[Tom]

It goes back to the other comments, while others cannot track you. That doesn't mean Apple isn't doing the collecting themselves and selling it off, or being requested by the FBI, NSA to give up what they have.

This makes for a pointless argument. Essentially you are saying that turning tracking off completely somehow gets respected, but turning it off selectively somehow doesn't. That makes absolutely no sense. If they want to sell you out, it doesn't matter how you disable tracking.

Re:Apple Actually Cares About Privacy

[DrXym]

I doubt Google does either. Or Facebook. Or LinkedIn. Or Microsoft/Bing. Or any other service which specialises in gathering all your precious information in order to monetize it. They want it all to themselves because it's to their commercial advantage to do so.

Re:Apple Actually Cares About Privacy

> BTW, this app does the same on a rooted Android device.

How about the reverse? I want something that lies to the spy-apps on my phone about the names of all the available wifi access points in my vicinity. The goal is to make it harder for the data-stalkers to connect the dots between my phone and my friend's phone just because we are in proximity to the same wifi access points at some point in time.

And "don't install spy-apps" isn't a helpful answer, although I'm sure someone is going to say it.

Re:Apple Actually Cares About Privacy

[grub]

they'll still keep a list of where you've been on the phone..

Settings -> Privacy -> Location Services -> System Services -> Frequent Locations -> Off
There are several good privacy related options in there.

Re:Apple Actually Cares About Privacy

[stenvar]

They like to share with people who shove enough money into their hands. It's the same as with the rest of their OS, which is a hodgepodge of features designed to funnel business to specific partners. Apple "cares about your privacy" in the same sense that a pimp cares about the virginity of his ladies: their customers should be able to enjoy the illusion of it.

Re:Apple Actually Cares About Privacy

[stenvar]

Apple's falling out with Google over Maps was about GOOG wanting more data and Apple not wanting them to gather it.

Apple is fine with gathering the data, and sharing it, they just want to sell it themselves.

Re:Apple Actually Cares About Privacy

[stenvar]

iBeacons is just one small part of what they do. Apple's devices (like everybody else's) constantly determine your location, and unless you're very careful about disabling it, transmit it. Whether this bothers you or whether it should bother you is another question, but it is happening.

Re:Apple Actually Cares About Privacy

Yeah, cause that worked so well for OpenSSL / HeartBleed.

Can we get off the "oh everyone can just dig through millions of lines of code and know exactly what it's doing" trope? It's fucking horseshit, and you know it.

Re:Apple Actually Cares About Privacy

[tepples]

Then the application could require the user to create a unique screen name and password in case the user has the "Show Me Irrelevant Ads" options turned on. Or what in the App Store Review Guidelines document prohibits that?

Re:Apple Actually Cares About Privacy

[dave420]

Oh it must be true, as a pithy one-liner describes it so. Or not. Yes, Google gets the majority of its money from advertising. You fail to notice that Google users are the ones who buy the advertising, and are the ones who click on adverts. This also ignores the many non-ad-based services Google offers, but I guess that's not as cool as your one-liner, even if it is far more accurate, so you will keep spouting that nonsense.

Re:Apple Actually Cares About Privacy

They actually don't. CoreLocation does not operate unless an app has requested it. If it does operate, it doesn't send anything to apple unless you specifically opted in. If you did specifically opt in, it sends anonymised, randomised data, rather than actually tracking you.

Re:Apple Actually Cares About Privacy

Bollocks. How did those comments get modded insightful?

Apple's falling out with Google over Maps primarily was about Google not wanting to enable turn-by-turn directions in iOS devices because it considered that feature to be a strategic advantage to move more Android devices. Steve Jobs negotiated aggressively to get the feature, but finally got fed up and decided Apple should have it's own map solution that would let it enable turn-by-turn as well as deny Google a fat stream of location data.

Google did want more access to user data on iOS, but it was the turn-by-turn issue that drove home the big wedge.

http://techcrunch.com/2012/09/26/apple-reportedly-ditched-google-maps-over-lack-of-turn-by-turn-navigation/

Re:Apple Actually Cares About Privacy

[tepples]

You don't use 802.1x and mac filtering at home?

I imagine that most people don't. What percentage of home APs support 802.1x, especially integrated modem/router/APs provided by local DSL, cable, or fiber ISPs?

Re:Apple Actually Cares About Privacy

[thoromyr]

really? I know they were roundly accused of this with no evidence ever provided other than a bug which caused excessive *local* retention of location data. Interestingly, it came out at about the same time that *google* was in fact shipping the location data back to the mothership (something Apple doesn't do) with no retention limits evident.

As a company, Google *depends* on eliminating privacy -- it is the source of their revenue. Apple depends on hardware sales. So while they make some money by selling aggregated data (and try to foist obnoxious things like itunes radio on their users) that is not actually their core business nor a significant part of their revenue stream. When Apple advertised an earlier incarnation of icloud as being better privacy they didn't call out Google specifically -- they didn't need to. The people who cared already knew who they are talking about.

But somehow Apple is the anti-privacy company and google is okay. I never understand the fanboys.

If you want to bust on Apple, great, I'm all for it. Just bust them on things they are actually guilty of and don't try to misrepresent them. They've definitely done some bad things, but strangely they don't seem to get beat up for things they've really done (or the issue is misrepresented).

What I'm saying is that while it may be fun to trot out things like the "640K should be enough for everyone" to bust on Bill Gates that is an urban myth and he never said it. Instead, bust on him for things that he *did* do (like hire someone else to pirate CPM). Same for Apple and Jobs (I just have a somewhat better memory for the Microsoft end of things, hence using MS-centric example).

Re:Apple Actually Cares About Privacy

[Tom]

I refer to my reply to the other guy. Sure, one-liners always simplify facts, but in this case, it's pretty clear cut.

Re:Apple Actually Cares About Privacy

[MrNiceguy_KS]

BTW, this app does the same on a rooted Android device.

I'll add my thanks as well. The whole reason I came to this thread was because I hoped someone would post something like this.

Re:Apple Actually Cares About Privacy

[thoromyr]

that isn't very hard. I have no special information and haven't read TFA, but presumably they select an Apple prefix and use an algorithm to generate the rest. It'll actually be pseudo-random, but that isn't a particularly relevant distinction as very few systems have true random number generation and approximate it by collecting entropy from various sources to see the algorithm.

Given the large space represented by just Apple prefixes, the odds of a collision are incredibly small. If they used other prefixes as well (to avoid leaking it was an Apple device) then the risk of collision drops even further. Given that it reverts to the assigned MAC for an actual connection it amounts to a low impact and trivial way to improve the anonymity of a device before associating with a network.

Re:Apple Actually Cares About Privacy

[Andreas+Mayer]

Apple's devices (like everybody else's) constantly determine your location, and unless you're very careful about disabling it, transmit it.

Source please. Otherwise this is just FUD.

iOS devices determine your location if you agreed to at least one app using that information. The device also doesn't transmit this information. An app might if you opted in to location tracking. For something like "find my friends" that's kind of the point, you know.

(Of course, *every* active cell phone can be tracked by the cell phone network. But I don't think that's what you were referring to.)

Re:Apple Actually Cares About Privacy

[Andreas+Mayer]

This is nothing more then PR twisting, by a company that is suspected of willfully working with spying/law enforcement agencies.

To me to have the press sit there an report this without highlighting the companies past and current data collecting activities is misleading the public into thinking they are somehow safe, or just to give people a false sense of security as a way to sell more phones then your competitor.

First, *every* US company is suspected to work together with the NSA. So Apple isn't worse off in that regard.

Second, this feature is not about avoiding the NSA. The spooks can just utilize the cell network to track you. This feature is about *everyone else* trying to track you. Because, you know, not everyone is able to spoof a cell tower. But everyone *is* able to put up a WiFi hotspot.

Third, *of course* this is about selling more devices. And what's wrong with trying to make money by offering something actually useful?

Re:Apple Actually Cares About Privacy

[rogoshen1]

I think the point is that with open source the .00005% of the population who has the time and expertise to analyze the code -- has the opportunity to do so, and share their findings with the rest of us.

Whereas with closed source, the only people who have access to the source code are bound by NDA (IE, employees).

Re:Apple Actually Cares About Privacy

[mcgrew]

When I first saw this I thought "finally Apple has given folks a good reason to shell out the extra cash. Now if they were only waterproof and shock resistant like my cheap Kyocera..."

I keep location services shut off as well, but on my phone turning it on or off is just a swipe and a touch. And it's extremely annoying that apps with no real use except stalking me keep nagging me to turn it on. It's why I refuse to upgrade my TuneIn app, the upgrade wants my address book! WTF? Stupid developers writing stupid apps for stupid people. I wish they'd knock off their intrusive, annoying, STUPID stalking. But it seems that most businesspeople these days are sociopathic morons with absolutely no respect for their paying customers (there are places here where they demand that elderly people show ID to buy beer. Guess what? They don't get my business, I prefer to keep my money away from arrogant morons who insist on insulting the very idea of intelligence).

Re:Apple Actually Cares About Privacy

[Noah+Haders]

Replying to my own post. This app is also available on the 1Mobile Market.

Danger will Robinson! holy Chinese mobile malware batman!

Re:Apple Actually Cares About Privacy

[Dixie_Flatline]

Apple doesn't care as much about profit after the fact because they got 45% off of you as soon as you bought their phone.

Even if you turn off every function on your phone--including the phone--and kept it in airplane mode the whole time like some sort of absurdly expensive iPod, Apple already made a profit.

Apple cares about your privacy insofar as it allows them to put a bullet-point on the box that they can use to distinguish themselves from Google's model. Google needs information to make a profit. They make virtually no money off of Android itself; that's why buying a Nexus is so cheap.

Essentially, Apple can afford to be stingy with information, and can afford for YOU to be stingy with YOUR information. Google can't.

I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.

Re:Apple Actually Cares About Privacy

Nice app. Sadly you have to be rooted to use it, which is puts it beyond the reach of most people. And if you're technical enough to get rooted, you might be interested in XPrivacy which can intercept and feed fake info to all sorts of areas of your device. A short list:

return fake IP's
return fake MAC's (network, Wi-Fi, bluetooth)
return fake BSSID/SSID
return a fake own/in/outgoing/voicemail number
return a fake subscriber ID (IMSI for a GSM phone)
return a fake phone device ID (IMEI): 000000000000000
return a fake phone type: GSM (matching IMEI)
return a fake network type: unknown
return an empty ISIM/ISIM domain
return an empty IMPI/IMPU

Re:Apple Actually Cares About Privacy

[Noah+Haders]

Except google doesn't do the same. I see this as a strategy to push the adoption of I beacons. If you get I beacons then the functionality will be restored. At least the user gets benefits from I beacons like indoor nav.

Re:Apple Actually Cares About Privacy

[jo_ham]

Proof?

APL has been caught lying so many times, I'd like to see someone else do an in depth analysis proving that it is impossible.

Log in, then maybe someone will provide some.

Otherwise, why bother?

Re:Apple Actually Cares About Privacy

[stenvar]

Source please.

You just restated what I said; you simply tried to put a positive spin on it.

Re:Apple Actually Cares About Privacy

[fustakrakich]

...shipping the location data back to the mothership (something Apple doesn't do)...

I would like to know how you can definitively prove that.

Re:Apple Actually Cares About Privacy

[fustakrakich]

With both, can't you just sniff the network traffic?

Re:Apple Actually Cares About Privacy

[pmontra]

I'm the one you're replying to and I fully agree with you. A big initial markup leaves many strategies open.

Re:Apple Actually Cares About Privacy

[stenvar]

But somehow Apple is the anti-privacy company and google is okay.

Which part of "Apple's devices (like everybody else's)" did you not understand?

As a company, Google *depends* on eliminating privacy -- it is the source of their revenue. Apple depends on hardware sales.

And it is this sort of blind, foolish, uninformed fanboy belief that I was responding to. Apple's devices do what everybody else's do: they track your location and send it back. They do that for the simple reason that it's useful and that users want it. If Apple's devices didn't do it, Apple couldn't sell its hardware.

I never understand the fanboys.

You understand them perfectly because, unlike me, you are one.

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

https://www.apple.com/legal/privacy/en-ww/

Privacy Policy

Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

...

Disclosure to Third Parties

At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and your carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and your carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.

Service Providers

Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.

Others

It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

They like to share with people who shove enough money into their hands.

Care to name just one?

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

More specifically this is about 3rd parties tracking you, without paying Apple. All this does is close up the tracking options that compete with Apple's tracking options. As for Google, I suspect we'll see this happening on Android phones soon enough as MAC tracking competes with Google as well.

And it will be available to a small part of the users just a few months after introduction of the new OS version, as always.

And no, AmiMumu, this will not be shipped with the Play Application so you don't have to update.

Re:Apple Actually Cares About Privacy

[Wraithlyn]

There's two sides to every disagreement.

Apple wanted turn-by-turn. Google, IN EXCHANGE FOR PROVIDING THAT SERVICE, wanted more control and data.

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

I would be more optimistic if it weren't for the fact that Apple went and deliberately developed "iBeacon", more or less deliberately designed for every sort of horrid 'location based service' and 'relevant offer' crap in the book.

It's funny that you don't mention that what everybody here wants Apple to use that instead, NFC (also heavily backed by Google) is nothing but RFID renamed. Nothing like a little name change to boost reputation.

Re:Apple Actually Cares About Privacy

[jellomizer]

Well apple is about selling product. Google is about selling adds.

In short the money saved by buying a Google Product, is a trade-off in loss of privacy.
Comparing Apple and Google would make an interesting economics paper on the value of privacy.

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

Oh it must be true, as a pithy one-liner describes it so. Or not. Yes, Google gets the majority of its money from advertising. You fail to notice that Google users are the ones who buy the advertising, and are the ones who click on adverts. This also ignores the many non-ad-based services Google offers, but I guess that's not as cool as your one-liner, even if it is far more accurate, so you will keep spouting that nonsense.

https://www.google.com/search?q=advertisers+complain+apple+doesn't+share+enough+data - now replace "Apple" with "Google" in that search.

Re:Apple Actually Cares About Privacy

[stenvar]

http://advertising.apple.com/

Re:Apple Actually Cares About Privacy

[nabsltd]

It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.

This problem is easily solved by not turning on WiFi unless you know you are going to connect.

For me, I use an app on Android that keeps WiFi off unless I am in a location where I have already said I want to auto-connect to a specific network. It uses cell tower IDs and GPS to determine where I am.

Re:Apple Actually Cares About Privacy

[RockClimbingFool]

Locations based on the cell towers by definition cannot be turned off. That is recorded. You are fooling yourself if you think otherwise.

Re:Apple Actually Cares About Privacy

[LiENUS]

I imagine that most people don't. What percentage of home APs support 802.1x, especially integrated modem/router/APs provided by local DSL, cable, or fiber ISPs?

I've never had an integrated modem/router/AP and while I suspect those don't support it all of the home routers i've purchased in the past have supported 802.1x even before I started getting mikrotik/unifi gear. It's just called WPA-Enterprise in the settings.

Re:Apple Actually Cares About Privacy

[Albanach]

Apple doesn't care as much about profit after the fact because they got 45% off of you as soon as you bought their phone.

Even if you turn off every function on your phone--including the phone--and kept it in airplane mode the whole time like some sort of absurdly expensive iPod, Apple already made a profit.

So there's no need for Apple to take a 30% cut on ever transaction you made, because they already made a profit. The only reason they do so is they want to make more money. yes somehow you think that, when it comes down to user data, they don't want to make money from selling it to partners?

Re:Apple Actually Cares About Privacy

[gnasher719]

I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.

In other words, you are Apple's customer. You are Google's product.

Re:Apple Actually Cares About Privacy

[gnasher719]

No, it still provides your MAC to the network. Doing otherwise would break things - static DHCP reservations for one. It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.

Which means that if you walk into a shopping centre, the hundred or so WiFi points that you are _not_ using don't get your MAC, only the one that you are actually using.

Re:Apple Actually Cares About Privacy

[gnasher719]

Big difference iBeacon needs to be enabled per app, the user has control! Here the user was scanned without their consent, this new privacy feature is awesome.

It's better than that. For every set of iBeacons, you have to specifically download, install and run an app that reacts to that iBeacon, or nothing will happen at all. The beacons themselves have no hardware to receive any data from the device. On stackoverflow.com you will find people asking all the time how to receive data from _any_ beacon, and are surprised when they are told there is no API for that.

Re:Apple Actually Cares About Privacy

[Plumpaquatsch]

IOW you have nothing that proves what you said. And you are probably even too dumb to realize it.

Re:Apple Actually Cares About Privacy

[Darinbob]

Because you can't do anything at all without first getting an Apple ID. On Android though you can get around without Google+, you just have to give up some apps.

Re:Apple Actually Cares About Privacy

[farble1670]

Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

you have it wrong. what apple cares about is not letting other people make money by skimming off of their business.

Re:Apple Actually Cares About Privacy

[R3d+M3rcury]

But it seems that most businesspeople these days are sociopathic morons with absolutely no respect for their paying customers [...]

Uh...isn't TuneIn free?

Remember that if the service is free, you are the product.

Re:Apple Actually Cares About Privacy

[BasilBrush]

Because you can't do anything at all without first getting an Apple ID. On Android though you can get around without Google+, you just have to give up some apps.

It's no more necessary to have an Apple ID to use an iPhone than it is to have a Google+ ID to use an Android.

Re:Apple Actually Cares About Privacy

[BasilBrush]

iBeacons are the exact opposite. They give information to an app on the phone about what iBeacon they are near. No such app, or don't give permission to any app, and nobody knows anything.

The iBeacon doesn't get to know anything. They aren't gathering info on you.

Re:Apple Actually Cares About Privacy

[Tharkkun]

Apple's falling out with Google over Maps was about GOOG wanting more data and Apple not wanting them to gather it.

What? It was all about Google wanting their logo on Apple's map application since it was Google maps. That didn't sit well with Apple so they purchased another mapping company.

Re:Apple Actually Cares About Privacy

[BasilBrush]

And iBeacon hardware can trivially also work the same way as wifi tracking, by just tracking the bluetooth id your phone is emitting all the time instead.

No it can't. It doesn't work that way. This isn't pairing with Bluetooth. iBeacon does not create a bidirectional communication with the phone. The iBeacon transmits BLE frames. The phone does not reply.

Re:Apple Actually Cares About Privacy

[SuricouRaven]

No, they all get it - but only if you are in proximity to an access point you intentionally connected to.

Re:Apple Actually Cares About Privacy

[Cederic]

Rooting it is a choice, not a chore. To root my android phone I merely have to.. unlock the bootloader. Something the manufacturer provides instructions for.

Not really Apple's "use a security hole in the phone.. until they fix it" approach, is it.

Re:Apple Actually Cares About Privacy

[Noah+Haders]

I stand corrected. Overall I am impressed by the array of tools apple bakes into their software to reduce the amount of stuff stolen by marketers. marketers are evil and can kiss my butt.

Re:Apple Actually Cares About Privacy

[Cederic]

Good. I MAC address ban all iDevices that connect to my access point. If they all started switching MAC address I'd have to switch to something more sophisticated, and if I have to put effort in, I'm going to get nasty.

Re:Apple Actually Cares About Privacy

[david_thornley]

Apple's devices do what everybody else's do: they track your location and send it back.

And your evidence for this would be?

If Apple's devices didn't do it, Apple couldn't sell its hardware.

Um, huh? Apple's sold lots of hardware without promising to give customer location information to everybody who wants it.

Re:Apple Actually Cares About Privacy

[david_thornley]

With Android, you can see source code for various versions. This is good. It's also way insufficient for security purposes.

With Android, device manufacturers can change the source code and not tell you. Google releases a good many apps that are nearly ubiquitous, and doesn't release the source code.

For a security audit, you need to know that you've got the right source code. (One of the steps in auditing TrueCrypt was finding out how to take the source and build a binary, and then checking that binary against the distributed one. No point in auditing the source code that isn't used.) You also need all the source code. So, if you want a secure Android build, you need to (a) install your own version of Android, and (b) don't use any of the normal Google apps.

Re:Apple Actually Cares About Privacy

[exomondo]

Apple's sold lots of hardware without promising to give customer location information to everybody who wants it.

Who sells hardware and promises to give customer location to everybody that wants it? I didn't see anybody claim anything like that, sounds like a strawman.

Re:Apple Actually Cares About Privacy

[exomondo]

The reason is that for Apple, you are the customer. For Google, you are the product, because its customers are the advertisers.

Stop that rubbish, the privacy policies make it pretty clear:

"At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers."
http://www.apple.com/legal/privacy/en-ww/

"We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites."
http://www.google.com/policies/privacy/

So if you want to show where "you are the product" then go right ahead, from what I can see they both do pretty much the same thing and anything that goes out to 3rd parties outside the reach of these companies' policies is non-personal information.

Re:Apple Actually Cares About Privacy

[davester666]

iBeacon doesn't, but bluetooth in general does, and you can get the bluetooth equivalent of a MAC address for your phone remotely. they could even triangulate your position pretty well using multiple receivers and your BT signal strength.

Re:Apple Actually Cares About Privacy

[LookIntoTheFuture]

Replying to my own post. This app is also available on the 1Mobile Market.

Danger will Robinson! holy Chinese mobile malware batman!

Could you show me proof of this? Thanks.

Re:Apple Actually Cares About Privacy

[MachineShedFred]

What I'm saying is that while it may be fun to trot out things like the "640K should be enough for everyone" to bust on Bill Gates that is an urban myth and he never said it. Instead, bust on him for things that he *did* do (like hire someone else to pirate CPM). Same for Apple and Jobs (I just have a somewhat better memory for the Microsoft end of things, hence using MS-centric example).

The thing that is funny about the old days of Apple, is that people misrepresent what happened back then too. Everyone claims that Apple ripped off Xerox when they started working on GUI with Lisa / Mac, when one of the alumni of Xerox PARC (and a member of the original Macintosh team) says otherwise. Oh, and Lisa and Mac were already specified to be graphical bitmapped systems before Xerox allowed the Apple team to come in not once, but twice, mostly allowed because Xerox had given Apple VC money.

Never mind that there is a massive gulf between research, and product development. Best example from this particular topic: the original Apple mouse. It went from being a tricky, finicky, expensive piece of lab equipment into a cheap, mass produced, reliable, and easy to use piece of equipment that everyone just accepts as always being there under Apple's development. More info including interviews, design sketches, and documentation here.

For some reason, everyone likes to put research of an idea without actually turning it into something useful on a mile-high pedestal, but turning that idea into something that people can actually use to accomplish things doesn't mean shit. Research is important, but so is development of that research into a useful thing.

Re:Apple Actually Cares About Privacy

[mcgrew]

Free as in "over the air radio" which isn't really free, having commercials in it is what you pay to listen. TuneIn has an audio ad that plays every time you turn it on, and video ads at the bottom of the screen. That's a fair enough price, but they want to raise the price by adding my address book to the payment. Nope, it's like cable TV. Cable stations used to have no commercials, Now there are ads on-screen even when the content is playing. It's really stupid; OTA TV fed from cable used to be a lot better picture and sound, no static, ghosts, or snow so you were paying for the content by watching ads and paying the cable company for clarity, as well as extra programming, mostly excellent and without commercials. Now that it's digital, over the air serves a better picture than cable. And cable may have hundreds of channels, but hundreds of channels I have no intention of ever watching. They think I'll pay for that? They're insane, I dropped cable over ten years ago.

I can drop TuneIn just as easily, and if it stops working without the update I'll just uninstall it*, which will make their real product less valuable. They surely have competitors.

*Then I'll email radio stations I listen to and let them know they lost a listener, and why. Most stations have their own apps anyway, TuneIn is really only useful because you only have to install the one app.

Re:Apple Actually Cares About Privacy

[Noah+Haders]

no, just being a dick. but I'm wary of apps that aren't in the apple/google/amazon stores.

Re:Apple Actually Cares About Privacy

[BasilBrush]

iBeacons are't "bluetooth in general", they are BLE transmitters.

Certainly you can set your bluetooth to discoverable, and then a bluetooth device at the store could identify it. But that has nothing to do with iBeacons.

The distinction matters as fuzzyfuzzyfungus claimed Apple created iBeacons to track users, and it is the opposite of the truth.

Re: Apple Actually Cares About Privacy

[i.kazmi]

Did you mean something like this?

Re: Apple Actually Cares About Privacy

[BasilBrush]

Anyone can file a suit about anything. That one was filed in January 2011. Now where's the result? Ah yes, it went nowhere.

"In January this year a 26-year-old pimp from Portland, Oreogan sued Nike for £60million claiming the shoe manufacturer is partially responsible for a brutal beating that helped net him a 100-year prison sentence.

"Sirgiorgiro Clardy claims Nike should have placed a label in his Nike Air Jordan shoes warning consumers that they could be used as a dangerous weapon.

"He was wearing a pair when he repeatedly stomped the face of a man who was trying to leave a Portland hotel without paying Clardyâ(TM)s prostitute in June 2012.

"In 2013 he was found him guilty of second-degree assault for using his Jordans to beat the manâ(TM)s face to a pulp.

"The man required stitches and plastic surgery on his nose.

"His mammoth sentence also includes time for beating a 18-year-old woman he forced to work as a prostitute so badly she bled from her ears."

Clearly you believe Nike did something wrong.

Re: Apple Actually Cares About Privacy

[i.kazmi]

So i guess typing 'sudo bash' to get root access makes Linux a non-free os?

Re: Apple Actually Cares About Privacy

[i.kazmi]

This German court seems to have objections to Apple's privacy policy, you should send them that totally relevant story

Re: Apple Actually Cares About Privacy

[BasilBrush]

An article based on the press release of a an organisation that sued Apple in Germany. Reflecting what they say the result was and meant.

What is the point you are trying to make?

Re: Apple Actually Cares About Privacy

[i.kazmi]

Install CyanogenMod or compile android for your device yourself and Google becomes completely optional, what was your point again? I would love to see you try to get an iOS phone without Apple services already pre-installed.

Re:Apple Actually Cares About Privacy

[davester666]

That's exactly what I initially wrote. "while iBeacon itself is quite benign if you just don't download/authorize the stores app to get the iBeacon messages, I'm sure larger stores will spring the extra couple of bucks to do bluetooth tracking, particularly if they are already doing wifi tracking"

if [particularly the larger chains] a store puts in a bunch of iBeacon hardware, it's not a lot of extra money to get BT hardware that both transmits the iBeacon messages and also logs what BT devices are broadcasting around it, which your phone's BT hardware does.

Re:Apple Actually Cares About Privacy

[BasilBrush]

And what you wrote was not right.
"if you just don't download/authorize the stores app to get the iBeacon messages"
There are no such iBeacon messages that the store can get. The stores transmit them, they don't receive them.

if [particularly the larger chains] a store puts in a bunch of iBeacon hardware, it's not a lot of extra money to get BT hardware that both transmits the iBeacon messages and also logs what BT devices are broadcasting around it, which your phone's BT hardware does.

Then they don't need the iBeacon part. iBeacon is playing no part of sniffing the air looking for discoverable Bluetooth phones.

Re:Apple Actually Cares About Privacy

[davester666]

Yes, there are iBeacon messages the store can get. That's the whole point of it, that eventually the store will get it, if you authorize it.

The store installs a BT device that broadcasts the iBeacon message.
Your phone receives the iB
[now assuming your phone has the stores app installed]
[the first time]Apple asks you if you permit App X to receive iB messages.
Assuming you touched "yes", the stores app on your phone now gets all iB messages broadcast for that store. And it is free to upload those messages to the stores servers whenever it wants to/can.

Re:Apple Actually Cares About Privacy

[BasilBrush]

Again, that's not iBeacon sending anything to the stores. That's an app using the internet via wifi or GSM. That the app also uses iBeacon to know where it is indoors is simply an app using 2 different technologies.

That implication you are making that iBeacon lets stores track you is as ridiculous as saying that GPS lets stores track you. A broadcast only technology cannot track you.

Re:Apple Actually Cares About Privacy

[davester666]

Now you are just being stupidly pedantic.

The entire point of the iBeacon system is to allow stores to track you with your permission. One part of the whole system doesn't do everything.

It's like saying "Wifi AP's don't track you. All they do is receive your Wifi MAC address. Sure, the information is sent elsewhere to be tracked, but the AP doesn't do it, therefore you aren't being tracked by Wifi."

Re:Apple Actually Cares About Privacy

[BasilBrush]

It's not pedantic. Your claim that iBeacon tracks you is wrong is a big way not a small way.

The entire point of the iBeacon system is to allow stores to track you with your permission.

No it's not. It's to enable location services whilst inside. And it's so that you can be sent advertising, such as special offers when you are in the vicinity of a store. It doesn't track you any more than a billboard tracks you,

It's like saying "Wifi AP's don't track you. All they do is receive your Wifi MAC address. Sure, the information is sent elsewhere to be tracked, but the AP doesn't do it, therefore you aren't being tracked by Wifi."

No it's not, because you are still avoiding the fact that iBeacons are transmit only. It's comparable to GPS satellites, not wifi APs. Wifi APs know that you are there. iBeacons do not.

Just accept you made a mistake. This is not something you can argue your way around.

Re:Apple Actually Cares About Privacy

[davester666]

No, getting coupons or special offers is just the sales pitch to get customers to install the app and authorize it to receive the stores iBeacon data.

Again, you uselessly focus on the transmission of the iBeacon data. That is only one part of the iBeacon system.

1. Store installs a bunch of bt hardware in various points through their store, and configures them to send store-speciific data in iBeacon format
2. Store deploys an app configured to receive the store-specific data in Apples app store
3. You download and install the app on your iDevice
4. You walk into the store and get near one of their bt devices, which sends out the store-specific data.
5. Yours iPhone receives the data, iOS parses it, determines it is for the stores app, and if you haven't already authorized the app to receive the data, asks you for your permission
6. If you have given permission for the app to get the data, the app is passed the store-specific data

And that is the entire iBeacon system. No ads, coupons, or even any other UI that an iBeacon message has been received will appear unless the stores app does something to notify you, if it chooses to.

At point 6, the app knows "this phone is at this point in this store at this time". It can do whatever it wants with this information.

And the stores that are currently logging your phones movement using wifi, will log this data instead [as the stores app will just upload it to the stores servers whenever you get an internet connection], because it's much more precise than wifi logging AND they can try to get you to identify yourself, like getting you to enter your loyalty card number or your name and address, or they will even link you using your loyalty card or credit card to your iDevice by having iBeacon broadcasting devices at each checkout stand.

The entire point of iBeacon is to track you as you move through a store. The store monetizes this tracking perhaps via coupons or points or whatever, but these are just some uses of the tracking data.

Re:Apple Actually Cares About Privacy

[BasilBrush]

Indeed. And where we are talking about outside, all of that could be done with GPS. But no one claims that GPS tracks you. It doesn't, and neither does iBeacon.

iBeacon is a device to enable better location services whilst indoors. That's it. It doesn't track you.

If you have chosen to run a stores app, that can track you, whether by GPS, Wifi AP or iBeacon. That's the app tracking you.

But of those 3 radio technologies, only WiFi can be used to track you.

TL;DR: Apps can track you. Wifi can track you. GPS can't track you. iBeacon can't track you.

Re:Apple Actually Cares About Privacy

[davester666]

iBeacon is the whole system, from the transmitter to the stores app, not just the transmitter.

Re:Apple Actually Cares About Privacy

[BasilBrush]

No. Just as with GPS, the GPS system consists of the Satellites, and the radio receivers, and drivers that end up with a location. A common application is sat-nav systems. The part with the map, and the routing is the sat-nav, it's not GPS.

Similarly iBeacon consists of the transmitters, and the driver through to the developer API. (On iOS the proximity API In Core Location.) An app that uses this service is an app that uses the service, it's not iBeacon.

Again, iBeacon has no way to track you. You can't redefine what iBeacon is to change that fact.

Re:Apple Actually Cares About Privacy

[Dixie_Flatline]

No, that's not what I'm saying. Apple is out there to make money, and I said they will when they can, but Google is simply not making money if you don't give useful information to them so they can advertise to you. Samsung makes money on the S5 they sell you, but Google doesn't make much, if anything. The Nexus 5 is so heavily subsidised I'm sure it's not really making a profit if you turn off internet access on it, but most people don't want to buy a device like that so it can NOT connect to the internet.

So it comes down to who has the incentive to take your information and do something with it. Apple? Not really. They've got some money, and they'll make a bit more on the app store, but the app store is probably has a smaller margin than the hardware. (It's effectively just a way to make something mildly profitable that gets you to buy the DEVICE, not the other way around.)

Samsung has less of a dog in this hunt, too. They use Android to give them broad-based appeal, but they make money on the phone. If you buy the phone from them and toss it in the drawer, I'm pretty sure they don't care. They're already on the way to the bank.

Google is the only one that isn't asking for your money because they want the information that makes YOU valuable.

Apple and Samsung are less likely to want your data because frankly, getting useful data is kind of hard. Google is big and they've got infrastructure in place to deal with it; realistically, they're one of the only companies that can really turn your data into good money.

Re:Apple Actually Cares About Privacy

[Kernel+Kurtz]

Thanks for the link!

but changing MAC is like filing serial# off a car!

At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.

Good.

[Mantrid42]

Good.

Re:but changing MAC is like filing serial# off a c

When it actually connects it's giving the real MAC address.

useless; who writes this crap?

The point is that there are many networks out there pinging for MAC addresses that the user DOESN'T connect to.

Re:but changing MAC is like filing serial# off a c

[jklovanc]

Most laws, except negligence statuettes, have an intent clause. In Schwartz's case it would have been easy to show that his intent was to circumvent being kicked off the network. Randomizing during search can easily be shown as an intent to remain anonymous.

Security

[jklovanc]

When it connects it uses the real MAC address so MAC filtering will work.

Re:Security

[viperidaenz]

Unless your access point is hidden and doesn't respond to MAC's it doesn't know about. The iPhone will never find the network it's looking for.

Re:Security

[fnj]

Uh, yeah. MAC filtering will work as well as it ever works, which is to say providing no more than the illusion of security.

What this does accomplish, though, is a real measure of somewhat increased privacy.

Re:Security

[Threni]

> When it connects it uses the real MAC address so that networking will work.

FTFY

Re:Security

[SuricouRaven]

Not true. MAC filtering is easily subverted if there is a device nearby already connected, and if the attacker is willing to spend some minutes looking over dumps. It's pathetic security, but it's still better than none at all, as the extra time taken can hold of opportunistic hackers. There's still no good reason to use it, though.

Re:Security

[hobarrera]

Not, crappy security is not better that no security. When users know there's no security, they may be slightly cautious. If they belive there's security in place, they might let their guard down, so this false sensation of security is actually a bad thing.

Re:Security

MAC filtering isn't for users, it's for network administrators, so your argument is invalid.

Re:Security

[neoform]

Why would you be scanning for a hidden network? If you know where the network is, no scanning is needed.

Re:Security

[Andreas+Mayer]

Not, crappy security is not better that no security.

So, I guess you don't lock your front door?

Because, you know, that's just crappy security.

Re:Security

[Dixie_Flatline]

The users that know about this kind of security and understand it are already the kind of people that this false sense of security doesn't work on. The people that aren't aware of this, or that don't understand it when you tell them are the people that are protected--they have no idea that they need to do anything, and couldn't even if they did know. Their false sense of security comes from not knowing that they need to protect themselves at all.

Increasing their security has knock-on benefits for the rest of us.

Re:Security

[hobarrera]

Mac filtering is aking to drawing a lock on your door instead of having one.

Re:Security

[hobarrera]

Wrong.

Encryption is security through obscurity, just like MAC filtering.

No it's not. None of them have any obscuriy. Encryption can openly defined, it's just they keys/passphrases that are secret. Mac filtering has no obscurity at all.

One is far more difficult than the other, but they are more or less the same. The MAC is a 6 byte key that gets broadcast openly fairly often where as most people use far larger keys for encryption that aren't broadcast at all if possible, but in the end the principles are the same.

Please stop repeating things someone else said that you don't understand.

Security is built in layers, defense in depth. You use as many as you can/need. You ACCEPT that one or more of your security protocols CAN and WILL fail, but you design in the hope that enough of them will work to keep you safe.

Your argument is the height of ignorance. You're arguing that leaving your valuables out in the front yard near the street is just as secure as putting them in your home because you left the door unlocked, ignoring the fact that no one will see them inside the house so they won't know its there to steal. Sure, its easy to walk through then unlocked door, but thats already a step beyond what most people will do.

I'm not repeating something someone else said. Mac filtering is like having a doorman to whom you scream your name before getting into the building. Anyone in range can hear it, and pretend to be you by screaming your name.

Actual encryption is like having a key. Nobody can get in until you give them a copy of it (eg: tell them the password).

Re:Security

[Plumpaquatsch]

No it is not, network administrators can also be fooled in to a false sense of security. You would be surprised how many admins think MAC filtering is secure and consequently don't implement anything else.

. Well, that defines the difference between a luser and a LU-Network-Admin-TIC.

Re:useless; who writes this crap?

[wonkey_monkey]

The point, obviously, is that you can't be identified by the access points you don't connect to.

Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?

Lack of intent

[Camael]

In your example, the prosecutors were able to argue that deliberately using a utility to intentionally change your MAC address was akin to taking steps to file off the serial numbers of a car. This is because Aaron intended to change his MAC address and deliberately took steps to effect the change.

If future iPhones automatically change their MAC address, on their own, without any intervention by their user, where is the crucial element of acting with intent or deliberation?

It is far too soon to cry wolf.

Re:Lack of intent

[jklovanc]

You are close but the intent issue is not in the act but in what the act was intended to do. It was not the fact that he used a utility to intentionally change his address but that he changed his Mac address with the intent of getting around his being kicked off the network. For example I could draw a dollar bill and use it to buy something as long as I am clear that it is a drawing and not a real bill. I do not "intend" to pass the bill as real money. This is why Boggs has never been convicted of counterfeiting even though he has paid for things using his drawings.

Re:Lack of intent

[bytesex]

It's not about intent at all - a MAC address is simply meaningless! A car's serial number is something that is officially alotted, and has all sorts of codified repercussions. A MAC address is simply a number. Prosecutors arguing that changing your MAC address is akin to filing off a car's serial number, are like those that argued that etoy.com had a .com address and therefore was meant to be using in the US only: a complete fabrication intended to pull the wool over the judge's eyes!

Re:Lack of intent

[thoromyr]

do yourself a favor and don't ever try to represent yourself in a legal setting. Get a lawyer and follow their advice.

Re:Lack of intent

[phorm]

Aaron intended to change his MAC address

And yet, here Apple is doing so because they say it helps preserve privacy, a thing that many hackers also tend to have a stronger interest in than laypersons. The car->phone analogy was stupid. You could argue that he changed his MAC to obscure his identity, but it's a far cry from changing the VIN on a car.

Re:Lack of intent

[hawk]

Better yet, hire a lawyer without MPD and follow his advice (or "her," if the specific lawyer is female).

Speaking as a lawyer, never, EVER higher a lawyer that can be referred to in the plural . . . :)

hawk, esq.

Re:Lack of intent

[Camael]

If I intentionally buy an IPhone instead of a non-mac address randomizing phone just for this feature does that show intent?

Of course not. People buy iPhones for many different reasons. Filing serial numbers off a car however...

all kinds of ways to track people

[phantomfive]

Apparently Nordstroms is logging all phones that enter into their stores. Then they can know how many times you've entered, how long you stayed, when you left. I wasn't aware they were starting to do that.

Re:all kinds of ways to track people

[Impy+the+Impiuos+Imp]

I can see a time when they set up devices to triangulate so they can record where in the store you go too.

That would be very valuable info (in aggregate) because stores nowadays analyze display layouts and so on and experiment with these things to see what's successful, then roll it out to all stores.

Walmart was a pioneer in this, but this kind of tracking would computerize it.

This is Apple. Everything is proprietary.

So let's not prematurely confuse "we are making tracking more difficult for the benefit of our users" with "we're still happy to violate users' privacy for profit, we're just making it so there's only one implementation for doing so you can buy--ours".

Re:useless; who writes this crap?

A little long in the tooth to be so naive about wifi networks and tracking mobile devices, aren't you?

How about malfunctioning devices?

[ruir]

Lets suppose a malfunctioning device is crashing my enterprise wifi system. Tell me again, how in earth will I block it, and much less detect it? This is so wrong in many levels from the technical point of view...

Re:How about malfunctioning devices?

If your enterprise wifi system can be crashed by a device with a random MAC, then you've got problems...

Re:How about malfunctioning devices?

[Tom]

Say thank you to the advertisers who make such crap necessary.

Yes, technologically, it would be much better if we didn't have to do things like this. Spam filters and RBLs and greylisting make debugging e-mail delivery problems hell as well. But you can't have working e-mail without them, because if you try, you get flooded by spam.

Same thing. Yes I agree technologically it would be better to not have to do this. Unfortunately, we have to.

Re:How about malfunctioning devices?

[hobarrera]

Your enterprise networks gets crashed by a [broken?] device that scans for availabe wireless networks?
Looks like your enterprise network has some very serious issues you'll want to look into asap!

Re:How about malfunctioning devices?

[aaarrrgggh]

If your network can be crashed by a device not connected to it, but broadcasting packets with its MAC address spoofed for the purposes of compliance with 802.11 specifications then you have a real problem.

Once the device authenticates with and connects to your network, it broadcasts it's real MAC address.

The only thing I can see this messing up other than user tracking is using net stumbler to see who/what is in your area. Hopefully they don't use MAC addresses outside of their legitimate manufacturer IDs for this purpose.

Re:How about malfunctioning devices?

[aaarrrgggh]

It was actually Apple on the first version of the iPhone with the Cisco systems. However, it was when the device was actually connected to the network, not in broadcast mode to discover networks.

I forget it the root cause was later traced to Cisco or Apple.

Re:How about malfunctioning devices?

[BadgerRush]

They will use locally administered MAC addresses (you know, those with the 7th bit set to 1 instead of the traditional 0) which are not assigned to any manufacturer. (source: image in the twit)

Re:How about malfunctioning devices?

[Andreas+Mayer]

Lets suppose a malfunctioning device is crashing my enterprise wifi system. Tell me again, how in earth will I block it, and much less detect it?

Not sure what that has to do with the article. Those devices are not malfunctioning. They are just reporting a MAC address different from that burned into the hardware.

If that crashes your network, it's your network that is malfunctioning.

This is so wrong in many levels from the technical point of view...

Absolutely! Oh, wait, you didn't talk about your statement ...

Re:How about malfunctioning devices?

[BitZtream]

Yes, you are correct, you are wrong on so many levels.

If your system is so broken that this is a problem then you're already fucked. Its trivial to do far worse than what this does with any laptop with a wifi card and a simple script.

Re:How about malfunctioning devices?

[ruir]

Exactly, it has absolutely nothing to do with the article blocking a MAC by address...are you retarded, or just a common troll?

Re:How about malfunctioning devices?

[ruir]

I am just commenting about blocking a device by MAC address, but apparently I have a knack to attract idiots...

Re:How about malfunctioning devices?

[Plumpaquatsch]

It was actually Apple on the first version of the iPhone with the Cisco systems. However, it was when the device was actually connected to the network, not in broadcast mode to discover networks.

I forget it the root cause was later traced to Cisco or Apple.

http://www.wi-fiplanet.com/news/article.php/3690981

Shortly after the release of Apple’s Wi-Fi-powered eye candy, the infamous iPhone, reports surfaced of disruptions on Duke University’s WLAN. After 10 days of industry speculation and furious troubleshooting, the culprit has now been fully identified.

According to Duke, “a Cisco-based network issue” caused “some minor and temporary disruptions in service.” Specifically, the way in which a tiny handful of iPhones interacted with Duke’s WLAN sparked a number of short but intense Address Resolution Protocol (ARP) storms. While each storm lasted just 10-15 minutes, they effectively prevented WLAN service delivery by over two dozen APs during each interval.

And this was pretty much the case for all other reports of Apple devices "flooding" a network.

Ahh, the two companies with the OS called [iI]OS. One sells overpriced hardware and buggy software with security problems and has users that are convinced it can't do wrong - the other is Apple.

Spoofing considered criminal when convenient

Charged Aaron Swartz with "MAC Address Spoofing"

http://arstechnica.com/tech-po...

http://archive.org/stream/UsaV...

My question is what other modern tools do admins have for identifying malicious users to restrict access to open networks if automatic MAC address spoofing becomes commonplace?

Re:Spoofing considered criminal when convenient

[BitZtream]

Doing it on purpose to get around an existing ban on you and allow you to use services you aren't supposed to be using is ENTIRELY different than a it being done as a standard feature that doesn't make any attempt at communication other than discovery of PUBLIC radio signals that you're already allowed to communicate with by default.

Users should start asking for privacy

[ponos]

The adoption of measures protecting privacy depends on user demand. Online commerce has been considered safe enough for years yet exchanging an email or having any online activity is completely unprotected. I was always surprised by lack of interest from users. Maybe the younger users, if they are not yet addicted to making all their life public on facebook et al would put some pressure for simple technical solutions that guarantee a basic level of privacy. Obviously, I don't expect complete protection against three-letter agencies; that's not the point. In that sense, this looks like a step in a desireable direction, even if it is done for the wrong reasons. As a potential customer, I appreciate this effort.

Re:useless; who writes this crap?

[dltaylor]

no, that's just one of the reasons I don't have one (little utility traded for a lot of work maintaining and securing the thing).

This is worthless.

[poptix]

Unless your device is beaconing for networks in your saved networks list (WHICH ONLY HAPPENS for networks that do not transmit their SSID) a client *never* sends out probes, so there is no opportunity to randomize the MAC address.

If your device is listening for WiFi beacons and finds one in your saved network list, it *must* associate with your actual MAC address.

In other words, the teeny tiny percentage of the population with hidden SSIDs in their WiFi network list will benefit from this, nobody else. It would have been a lot better if they had done this with bluetooth.

Re:This is worthless.

[peragrin]

that's just it people don't turn off wifi but companies like nordstrom run monitoring software. so whenever you enter their store they know how long you were there, what parts of the store you visited, and how often you come visit. I am surprised more companies aren't doing this as it is a quick way to track customers.

What apple has done is made this method of tracking useless. instead they will be forced to use ibeacon type technology which uses bluetooth. It also provide more accurate tracking as bluetooth is much shorter range.

Re:This is worthless.

[Splab]

I think you are confusing standards with the real world.

Your device is constantly beaconing to the entire world around it, what networks it knows - and it will often quite happily connect to annyone claiming to be that home network, enabling for all sorts of fun snooping attacks.

Go lookup creepyDOL network and the presentation for same from Def Con.

Re:This is worthless.

[BitZtream]

Your device has to beacon continuously if you have ANY hidden networks otherwise it won't find them. At least not until it takes GPS location into account to determine if it should be broadcasting to hidden SSIDs.

In other words, any device has a hidden network in its list is always looking. Not to mention that mobile clients DO probe in order to find known networks more quickly than waiting for the WAP beacon.

There's an obvious response

[elvum]

Stores and malls that want to track you still have options - perhaps the most obvious one is to offer free wifi to their customers. Which is probably a win-win situation, although most users probably won't realise that part of the price of the "free" wifi is that they get tracked until they tell their device to forget the network again. There might be some subtle biases introduced into the data captured by this method if some kinds of customer are more likely to accept the offer of free wifi than others, mind you.

Apple would sell the tracking info

[140Mandak262Jamuna]

The randomized MAC addresses might not be all that random. Apple might be able to reverse engineer the fake mac address to find the true mac address. That algorithm might be licensed to "business partners" for a fee. Apple is just interested in preventing third parties from tracking you without paying the due share to Apple.

Umm, no

[Viol8]

It actually randomised the MAC address. Its been a long time since MACs were burnt into ROM and couldn't be changed. On Linux you can do it using ifconfig or one ioctl() in C.

Re:Umm, no

[gmack]

RTFA, It only randomizes on scan and goes back to the original MAC address when it connects.. You are correct that it is easy to change the MAC address, but that doesn't change the fact that randomizing the mac address on connect would break things like DHCP reservations or MAC based white lists.

Re:Umm, no

[Megol]

But trying to sidestep the fundamentals of the network design isn't a wise choice. Using a random MAC when scanning doesn't matter except for someone tracking devices by their MAC identifier. Using a random one when _connecting_ to a network could lead to problems...

Re:Umm, no

[stenvar]

Of course, they could randomize except when connecting to selected networks.

Re:Umm, no

[Viol8]

"Using a random one when _connecting_ to a network could lead to problems..."

Never caused me any problems. I have a script that randomizes the wlan0 MAC address on my netbook for when I'm staying in hotels. Stops them tracking me between different locations.

Re:Umm, no

[jk379]

Care to post the perl script for others to look at and possibly use?

Re:Umm, no

[Viol8]

"but that doesn't change the fact that randomizing the mac address on connect would break things like DHCP reservations or MAC based white lists."

Yeah, but thats not really an issue when using public wifi networks is it which is essentially what this is aimed at.

Re:Umm, no

[Viol8]

Why perl? Its just a bash script. This the important bit (from memory as I don't have it here):

ifconfig wlan0 hw ether xx:yy... etc
ifconfig wlan0 up
wicd-client&

Re:Umm, no

[skids]

Even this small change will break things unless they do it really, really right. Modern large WiFi networks have recently started to implement standards on top of dot11k that help the device make better roaming decisions. They do this by locating the system, seeing what direction it is travelling in, and telling APs that you are going away from to not answer your probes. These optimizations will break if the MAC address on probes and scans changes. Now, if they have the sense to stabilize the MAC address in probes when the last SSID you attached to is still in range, that might work, but as it is, Apple doesn't know crap about making their devices work on enterprise WiFi and has had ongoing unresolved problems in this area for a decade. My hopes are not high that this will be anything more than a headache for us network admins.

Also depending on just how many different addresses these devices use on the network, the hazard exists that wifi controller vendors were not planning to have so many clients twisting doorknobs, and this behavior will actually cause problems for everyone. Won't be the first time Apple managed to bring down WiFi for everyone, though in this case I'd lay the blame at the vendors' feet because they should really be defending against such client misbehavior in case it gets done maliciously.

Re:Umm, no

[BasilBrush]

If your network relies on a feature which means less privacy for users, then I have no sympathy.

I've even less sympathy considering that you haven't had a problem yet, but are just whining on an assumption.

Re:Umm, no

[skids]

It's not an assumption, it's a deduction and a prediction: Apple products will perform comparitively poorly on networks that have features such as Prediction Based Roaming (CISCO) or ClientMatch (Aruba) unless they *properly* implement 11k and the network is 11k-capable, or unless they stop randomizing the MAC in probes when associated to an enterprise SSID. It will be especially bad considering the presence of utter suck in the Apple roaming behavior is one of the primary reasons these technologies were developed. The reason I am not optimistic that they will properly handle turning off this feature when needed is that Apple has, historically, seemed determined to make their devices useless outside of the living room and coffee shop. I don't know if they've even realized running a differently named SSID on 5GHz from the one used on 2.4GHz (a position they held for years) so their clients stop crapping their pants is NOT an acceptable workaround.

Meanwhile, while they are flailing around, they will likely degrade the overall performance of the network for everyone by sending/receiving low rate frames at high transmission power to distant APs, with plenty of retransmits. This already happens now, and this feature seems to have the potential to make it more difficult for the network to compensate for bad client behavior.

Also, to your second point, in order to be exempt from CALEA, we are legally obliged make a reasonable effort to ensure the people we provide network service to are indentifiable associates of our organization, which is beside the point as far as TFA is concerned, but so you understand: if we do not, the alternative is to make our network sniff-ready for the feds at our expense. Ensuring that we qualify as a "private network" involves ensuring that we are serving members or identified guests of a private organization (ourselves, or a consortium such as eduroam), and this involves identifying said people's machines. We do this (and adjust our historical data retention and usage policies accordingly) to improve overall privacy, comparatively.

Re:Umm, no

[Viol8]

"Also, to your second point, in order to be exempt from CALEA, we are legally obliged make a reasonable effort to ensure the people we provide network service to are indentifiable associates of our organization"

Are you *seriously* suggesting using an easily spoofed MAC address is one way to do that?

Christ, I hope I never have to use a network you're administering! Its probably been hacked to death already.

Re:Umm, no

[skids]

Are you *seriously* suggesting using an easily spoofed MAC address is one way to do that?

No, and I remind my employers of this pretty much monthly to try to push towards 802.1x/MACSec on the wired side. However, we already use (password-based) 802.1x on the WiFi side, and you can't gain anything by changing your MAC after WPA2 enterprise authentication because your encryption keys and AAA state are tied to it, and trying to use someone else's for a fresh authentication isn't something the controllers abide. Which is why the Apple tweak doesn't try to touch anything but probes; it would be completely dysfunctional if they did it on actual traffic.

Also in our case your IP is locked to the MAC and ARP traffic is properly inspected and filtered (you'd be surprised how many WiFi systems do not do this.)

So yes, our network relies on a feature (802.1x auth and WPA2) which "means less privacy for users" in the sense that we know who is using what machine, for what, and roughly where. You would be hard pressed to find an enterprise network that did not.

As far as what we use it for in house, it's to improve the odds that each client has virus-checked each of their IOS or Windows devices individually (it is more trouble for most of them to learn how to change a MAC address than just to update their virus signatures, so this works well), and, as mentioned above, the controllers do location-based roaming optimization to unstick sticky clients, and that last part it what the Apple changes have the potential to break. We do carve out exemptions for network troubleshooting, deployment planning, and for stuff like locating lost or stolen equipment, but for the most part our policy on location tracking data is "don't look at that data and throw it away promptly."

Now, if this feature does become a problem, I sincerely hope Apple bothered to put in a user-accessible control for it. Given they seem to be of the mindset that the more user control they can take away from their WiFi setup the better, that hope is pretty bleak, and we'll be lucky to even get the ability to tweak it via a .mobileconfig.

Re:Umm, no

[GuB-42]

Are you *seriously* suggesting using an easily spoofed MAC address is one way to do that?

It is *one way* to do that and it is totally reasonable if there are other lines of defense. That's defense in depth.

Re:Umm, no

[BasilBrush]

to make their devices useless outside of the living room and coffee shop.

then

that each client has virus-checked each of their IOS

Your snideness and ignorance are noted. Apple knows far more about networking than you do. You're just a sysadmin.

Re:Umm, no

[skids]

I don't know how to argue with someone who makes no sense whatsoever, so I won't. Suffice to say Apple's poor client behavior is well noted among wifi vendors.

Thanks for a new pain in my ass Apple.

[sabbede]

Because what are the odds that someone would need consistent MAC's for something crazy like.. oh, I don't know... DHCP lease assignment/reservations? Did Apple forget how dhcpd works? Do they just not care about us networking people who need their users to be on the right frikking subnets?

Re:Thanks for a new pain in my ass Apple.

[MrMickS]

Oops. The quality of poster on Slashdot is going down. Read the article. The real mac address is used once you attempt to join a network. Its only whilst the device is looking for networks that the randomised MAC is used. It won't impact DHCP leases etc.

Re:Thanks for a new pain in my ass Apple.

[gnasher719]

Oops. The quality of poster on Slashdot is going down. Read the article. The real mac address is used once you attempt to join a network. Its only whilst the device is looking for networks that the randomised MAC is used. It won't impact DHCP leases etc.

It's worse than that. The quality of slashdot posts is _not_ going down :-(

Re:Thanks for a new pain in my ass Apple.

[sabbede]

I can't be forgiven for missing that?

but changing MAC is like filing serial# off a car!

I hate this type of analogy people come up with to further their agenda. It doesn't help the public understand what really is the issue and it also perverts the public's view on the subject.

Changing a MAC address is not akin to filing a serial number off of a car. A MAC address is not a security feature, it's an identification number for the physical layer of a network, in which collisions ARE possible (although not likely). So if an NIC has the same MAC address as another NIC, it's not like two cars having the same serial number (which doesn't repeat, because, you know, it's serial).

Re:Why keep Wifi on?

[MrMickS]

Why keep Wifi on? It never seems to work well for me. When I did try to use it the data connection would constantly sever and sometimes cause whatever app I'm using to get angry. Furthermore at my house my Wifi is much slower than my mobile connection. Even though I have a data cap (Verizon) I never exceed the cap without Wifi. I also save some battery by keeping it off.

Wish I had mod points for the above.

I disable my WiFi until I'm somewhere I want to use it. The only people that can track me are my cell provider and those people within range of a WiFi network I want to connect to.

Re:They are lying - and what about ARP resolution?

[sabbede]

What if you have a wifi client whitelist?

Google is no better/worse than Apple

[sjbe]

With Android, you can see the source code

And you've seen the source code for the Android device in your hand? Right. Didn't think so. Hell, even if you compiled it yourself I seriously doubt you looked. Furthermore 99.9999% of people wouldn't have the foggiest idea where to find the relevant bits of code even if they did have the source code. Which they don't. And even if they did they certainly don't have time to review all the code themselves. I'm as big a supporter of open source as anyone here but I'm under no illusion that it protects me from a company like Google.

Google isn't trying to hide anything from anyone, unlike Apple.

If you believe that I have some property I'd like to sell you. Just because they have a cute motto about not being evil doesn't mean much. Google is no better than Apple when it comes to collecting and selling information about you. They are an advertising company and that is how they make their money. They may not sell all your specific information to specific buyers but they definitely are using that information to make money. And if you think they aren't hiding anything just try waltzing into their headquarters and snooping around sometime. Tell me how that goes for you.

Re:Google is no better/worse than Apple

[ColdWetDog]

Yeah. Like the Open SSL bug. That just took, what, fourteen years to find?

This is Internet time, not geologic time.

Re:Google is no better/worse than Apple

[creepynut]

Not all of the code on your Android device is open source. Google could easily pack whatever they want into the Google Apps on your phone, just the same as Samsung, LG, HTC, etc could if they want. The OS itself is open source, but what you buy is very unlikely completely open (maybe with the exception of the Cyaogenmod devices)

Re:Google is no better/worse than Apple

[exomondo]

Yeah. Like the Open SSL bug. That just took, what, fourteen years to find?

What OpenSSL bug took fourteen years to find?

Re:useless; who writes this crap?

[tomhath]

Which is the real point; only Apple applications can connect and track.

Re:Why keep Wifi on?

[Splab]

Ahrem.. and anyone listening for your cell signal or any other electronic device you have, that will happily ping away its presence. Good for you for turning off WiFi, but trust me, it's not the only thing bad guys and good guys will be listening for. NFC, RFID, BT - if its broadcasting, someone will be trying to pick it up.

(Yes, it is indeed close to impossible to listen in on your conversation, but the fact that your phone is communicating with a tower means there is a signal that can be fingerprinted to "you" - "you" being the device in your pocket; which interestingly can be used later to correlate data, when your surveillance network is big enough)

Random or pseudo-random?

[Squidlips]

The NSA wants to know

This has more to do with Apple lock-in

[wkearney99]

This is one more step in pushing their own schemes.

Sure, on the face of it there's benefit from being able to avoid being tracked by 3rd parties.

But what do you want to be you'll be unable to change your device's iBeacon ID in the same manner?

Re:This has more to do with Apple lock-in

[Andreas+Mayer]

This is one more step in pushing their own schemes.

Sure, on the face of it there's benefit from being able to avoid being tracked by 3rd parties.

But what do you want to be you'll be unable to change your device's iBeacon ID in the same manner?

What's an iBeacon ID? The iBeacon is the device that is installed in the store. iBeacons send data. iPhones receive that data. Never is anything sent from an iPhone to an iBeacon. And while the app on the phone is able to process the data from the beacon, that is completely opt-in. As in you need to use the app in the first place.

(Sorry for disturbing your completely irrational Apple hate. You may now continue.)

How is a paying customer the product?

[tepples]

When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer? Or am I strictly only ASUS's customer and Google's product? When my boss buys a Google Apps subscription for his company, how is he not the customer?

Re:How is a paying customer the product?

[Tom]

When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer?

Google mades a bit over $14 billion revenue. Just under $13 billion of that is from advertisement.

Apple makes the vast majority of its $54 billion revenue on hardware, a small part ($4 billion) on software and iTunes sales and its advertisement revenue is so small it vanishes somewhere under "services" and I couldn't quickly find a number for it.

Ask yourself which company is more likely to sell out your data to advertisers. The one that makes 90% of its money from them and 10% from you, or the one that makes 98% of its profits from you and 2% from them.

Re:How is a paying customer the product?

[Ksevio]

Because it's IMPOSSIBLE for a company to have customers other than its primary revenue stream. Even if you sell products to your other products and provide support to your products and ask your products for feedback to make your products better for your other products. Or something like that.

Re:How is a paying customer the product?

[Cederic]

Apple makes the vast majority of its $54 billion revenue on gouging its customers and suppliers.

Sorry, no - I'm thinking profit. It makes its revenue on the back of slick marketing.

Ask yourself which company is more likely to sell out your data to advertisers

Doesn't really matter, they're both going to give my data for free to the NSA who will in turn sell it on.

Re:How is a paying customer the product?

[david_thornley]

There is a difference between protecting yourself from advertisers and protecting yourself from the NSA.

Moreover, I've seen no good evidence that Apple tracks iDevices, and I don't remember seeing that the NSA passed domestic surveillance data to advertisers.

Re:How is a paying customer the product?

[exomondo]

Ask yourself which company is more likely to sell out your data to advertisers.

Define "your data", because that is very important. If they are selling my emails and my personal details along with tracked location (if I used their location/mapping services or Android that is) then that is very different to anonymized, non-personally identifiable information.

MAC address blocks

[tepples]

It's not about intent at all - a MAC address is simply meaningless! A car's serial number is something that is officially alotted

IEEE disagrees with you to an extent. It is the registration authority for blocks of 16.7 million MAC addresses.

Re:How do you know the MAC addresses are random?

[Andreas+Mayer]

Exactly! And the black helicopters could be invisible and inaudible and circling above us right now!

master random list

[beefoot]

Apple probably uses a logic to generate the random mac address depending on time of day, etc. Unfortunately, while advertisers may not be able to track the owner of the phone that easy anymore, I'm sure the law enforcement has a copy of the logic to reverse engineer to find the owner of the phone. Having said that though, I'm sure the law enforcement has other tools at their disposal to track one down. I think the better solution is to use TASKER to disable automatically when leaving the home/workplace and re-enable it when entering home/workplace. It works surprisingly well. Ya, I'm aware that tasker does not run on IOS. The choice is still yours though -- android or not android.

Re:master random list

[RyuuzakiTetsuya]

You can also just turn off WiFi auto-join and prompt to joins in iOS.

Re:master random list

[beefoot]

Why turn off auto join -- why not just turn off the wifi while you're at it. It saves battery too.

Re:useless; who writes this crap?

[thoromyr]

Don't say that like it is a bad thing. I *want* my devices to have predictable identities because that is how the home router knows what IP address to hand out. Same thing at work. Also understand that a repeatable MAC only links sessions locally: your MAC address is not advertised to the internet.

Now, what would be nice would be an option to only use the assigned MAC when associating to selected networks. E.g., home, work, a friend's, etc., but by default use a randomly generated MAC. The hotels I've been at "forget" your device quickly anyway requiring a new acceptance of the terms so using a random MAC per session wouldn't hurt any. That'd be great for hot spots.

More important is the IP6 address selection. I'm not sure of the current state of affairs, but last I knew MS Windows was the only one that respected privacy. Apple used the MAC to generate a predictable suffix which allows global unique device tracking no matter where you go in the world. Now, they were not alone in this and IIRC it was originally a recommended method. But it is ironic, given MS close ties to NSA spying, that MS Windows (Win7 home, I believe) was the one that would generate a new suffix periodically even on a single connection (e.g., each day the suffix would change).

Re:They are lying - and what about ARP resolution?

[Andreas+Mayer]

I do not have any empirical data to back up this feeling,

Great. I just hate fact based reasoning anyway.

but considering the cozy and close relationship Apple has demonstrated with our friends in the NSA,

You mean, together with Google, Microsoft and the rest of the US IT industry?

this article strikes me as a dishonest attempt to fool us into thinking they actually care about privacy and security.

They actually do care. Which does not mean they will necessarily be able to protect us from the NSA.

In BLE (Bluetooth Low Energy) it's standard.

[Ungrounded+Lightning]

but changing MAC is like filing serial# off a car! At least according to the prosecutors...

Not any more. The Bluetooth Sig just spent four years in heavy sessions to plug the privacy leak from the MAC address tagging every packet with a device "serial number". This was rolled out in Bluetooth 4.0, especially in the Bluetooth Low energy addition.

If the option is turned on, the "MAC address" that labels the packets is pseudo-randomly chosen and constantly mutating. If the other device trying to communicate has a special relation it can access the true MAC address and/or share the secret so it can predict the pattern of mutation.

Apple went one further, though. Even when the remote device has the option turned off and is using the real MAC address for the link label, their stack doesn't export this info to apps over the API. The apps have to have to negotiate with the far end of the link to get it (or find a way to work around the stack, and risk Apple deliberatly breaking it, or removing them from the app store, if they find out), even though it was already "in the air".

I think Apple is sensitive to accusations of privacy violations and is making it hard for independent developers to put them in legal hot water.

Apple is in a unique position...

[erp_consultant]

Unlike Google and Facebook, Apple makes a lot of money from their hardware business. Apple fans are happy to pay high margins on, what they feel, are superior products. Google and Facebook, OTOH, rely on selling customer data to advertisers to generate a good part of their revenue.

Apple is taking an interesting pivot on the "walled garden" approach. In the past it has been derided by some as a good reason to NOT buy Apple products. Now Apple is saying "yes, we have a walled garden but with that comes some benefits". One of which is data security and privacy. With iOS8 in particular we are seeing a greater emphasis on protecting the user from malware for example. I read somewhere that close to 98% of all malware is targeted towards Android devices. That's the price you pay for the freedom and flexibility of Android - it's easier for some to exploit.

What this also indicates is that more and more, many people are really beginning to distrust Google and Facebook with their data. This leads to fake FB profiles and fake Gmail accounts in an attempt to dodge the ad-man.

Personally, it has led me to using DuckDuckGo as my default search engine. Basically, I don't trust Google with my personal data. Yes, Google does a lot of great things but I'm careful with how I use their services. Facebook, in my view, does nothing to benefit anyone other than Facebook. They are a honeypot for advertising data and have consistently abused their position as data steward for millions of users, selling information to the highest bidder. I don't use any of their services and never will.

Now I'm not under the illusion that Apple does not collect any data on their users. I'm sure they do. But it seems to me that Apple can be more trusted than the other two.

Re:on related news

[PPH]

Aston Martin already does this for select customers.

Re:but changing MAC is like filing serial# off a c

[chihowa]

Although of questionable constitutionality, as it may run afoul of the right to due process, an increasing number of criminal laws in the US are strict liability only, meaning that intent is not required to be demonstrated. Theoretically, prosecutorial discretion keeps these laws from being applied in ridiculous circumstances, but practically...

Re:Slashdot Mods Apple Fanbois?

[paazin]

Seems you didn't see the one below where the last decade drop in violent crime was clearly correlated with the increase in private gun ownership.

Re:but changing MAC is like filing serial# off a c

[gnasher719]

At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.

Sad that you don't understand enough about how WiFi works. There are two phases: In the first phase your device detects routers around it. In that phase, it must give out an MAC address so that the router can respond, but the MAC address is completely irrelevant. And no WiFi router will block out anyone during that discovery phase. The second phase is the connect phase, and in the connect phase, the device does indeed give its own MAC address.

In other words, what you are saying is complete bullshit.

Re:They are lying - and what about ARP resolution?

[gnasher719]

What if you have a wifi client whitelist?

That isn't used when devices scan for WiFi routers. Ever device using WiFi can see any WiFi router that is close enough, even those that you don't see in the UI, and even those that use whitelisting. When the device _connects_, that is where the WiFi router can reject the device due to the MAC address, but at that point Apple uses the correct MAC address.

Really, do you think they are complete idiots who break WiFi for about half their customers?

Re:useless; who writes this crap?

[gnasher719]

So, basically, the device is doing something stupid (banging away hoping an AP will talk to it, when the USER has not indicated a need to do so), and Apple is just going to put on a fig leaf, of who knows how much transparency, rather than just stop doing the stupid thing? Are the few milliseconds it takes to connect to a network deliberately really going to ruin the the experience THAT much?

Basically, the "stupid" thing is what _all_ devices do. And you are free to call what Apple is doing "putting a fig leaf on", fact is that with any other device everyone interested gets a full frontal view of you in the nude. And of course eventually comes the point where your device _must_ check what WiFi devices are around, because without that it cannot find the one it wants to connect to.

Bleeding edge

[cuncator]

Wonder if they're randomizing the entire MAC or just the lower three bytes, and what this does for the odds of a MAC collision.

Any bets this ends up causing as many problems as Apple's broken DHCP implementation in iOS 3.2.1 through 6.1?

Re:useless; who writes this crap?

[Plumpaquatsch]

Once connected to a network, it will use the real MAC, making it utterly traceable.

God, you remind me of the idiot who wanted to spoof his IP address "for security reasons". For his normal TCP traffic.

Re:They are lying - and what about ARP resolution?

[sabbede]

That's reassuring.

But yes. I do think they would break it. They would do it happily, tell us its better that way, and insist that its what users actually want because they know best. Because that's how Apple thinks.

jailbreak your ios

[RoseAisha]

go to:- http://jailbreakallios.blogspo...