Slashdot Mirror
iOS 8 Strikes an Unexpected Blow Against Location Tracking
schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'
At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.
Apple allready knows who you are and what you are doing and where you are and where you have been ...
Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.
No, this is about 3rd parties tracking you - it means your iPhone does not provide its MAC address to the network(s) it has found. This never had anything to do with Apple tracking you nor does not stop Apple from keeping tabs on what networks you have identified while looking for a connection.
Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.
I would be more optimistic if it weren't for the fact that Apple went and deliberately developed "iBeacon", more or less deliberately designed for every sort of horrid 'location based service' and 'relevant offer' crap in the book.
Architecturally, hunting for wifi networks with a spoofed MAC is a good idea; but it sure does look like Apple is cutting an attempt to track their phones the non-blessed way off at the knees, even as they actively provide a blessed way of doing it.
In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.
They want to be sure that you find the experience of being sold tasteful and unobtrusive; but they aren't actually your friends, nor do they consider your hardware purchase to be sufficient to exempt you from being the product.
The point, obviously, is that you can't be identified by the access points you don't connect to.
Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?
systemd is Roko's Basilisk.
You make a good point. However, iirc, a user can completely diasable their iPhone's from repsonding to iBeacons. So even under the "blessed" way, a customer's privacy is still within their personal control.
In your example, the prosecutors were able to argue that deliberately using a utility to intentionally change your MAC address was akin to taking steps to file off the serial numbers of a car. This is because Aaron intended to change his MAC address and deliberately took steps to effect the change.
If future iPhones automatically change their MAC address, on their own, without any intervention by their user, where is the crucial element of acting with intent or deliberation?
It is far too soon to cry wolf.
Correct. The only difference is that they don't like to share...
The only difference is that they don't like to share..
Yes they do, they even say so in their privacy policy: “[Apple will] make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers.”
In fact, if you read their privacy policy, you'd realize Apple gathers up about as much personal information on users as any other big tech company. The main difference is they say they don't connect the dots.In fact, they've been and are being sued for sharing too much user data...
Personal user data big part of any technology company's business model these days. Even Apple.
http://motherboard.vice.com/bl...
Apple went and deliberately developed "iBeacon"
Which works by Bluetooth, not WiFi, and it's basically a Bluetooth broadcaster. Also, it is opt-in.
In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.
That you can opt out of.
Assorted stuff I do sometimes: Lemuria.org
Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.
You know you can turn it on and off selectively, yes? Allowing certain apps to use it, but others not?
Assorted stuff I do sometimes: Lemuria.org
No, it still provides your MAC to the network. Doing otherwise would break things - static DHCP reservations for one. It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.
Not, crappy security is not better that no security. When users know there's no security, they may be slightly cautious. If they belive there's security in place, they might let their guard down, so this false sensation of security is actually a bad thing.
They don't connect the dots for everybody for free. Become a strategic partner (that is: find a way to bring them more money) and they'll be happy do connect the dots for you. So don't be naive: Apple cares about its customers only when it can turn that care into profit.
BTW, this app does the same on a rooted Android device.
really? I know they were roundly accused of this with no evidence ever provided other than a bug which caused excessive *local* retention of location data. Interestingly, it came out at about the same time that *google* was in fact shipping the location data back to the mothership (something Apple doesn't do) with no retention limits evident.
As a company, Google *depends* on eliminating privacy -- it is the source of their revenue. Apple depends on hardware sales. So while they make some money by selling aggregated data (and try to foist obnoxious things like itunes radio on their users) that is not actually their core business nor a significant part of their revenue stream. When Apple advertised an earlier incarnation of icloud as being better privacy they didn't call out Google specifically -- they didn't need to. The people who cared already knew who they are talking about.
But somehow Apple is the anti-privacy company and google is okay. I never understand the fanboys.
If you want to bust on Apple, great, I'm all for it. Just bust them on things they are actually guilty of and don't try to misrepresent them. They've definitely done some bad things, but strangely they don't seem to get beat up for things they've really done (or the issue is misrepresented).
What I'm saying is that while it may be fun to trot out things like the "640K should be enough for everyone" to bust on Bill Gates that is an urban myth and he never said it. Instead, bust on him for things that he *did* do (like hire someone else to pirate CPM). Same for Apple and Jobs (I just have a somewhat better memory for the Microsoft end of things, hence using MS-centric example).
When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer?
Google mades a bit over $14 billion revenue. Just under $13 billion of that is from advertisement.
Apple makes the vast majority of its $54 billion revenue on hardware, a small part ($4 billion) on software and iTunes sales and its advertisement revenue is so small it vanishes somewhere under "services" and I couldn't quickly find a number for it.
Ask yourself which company is more likely to sell out your data to advertisers. The one that makes 90% of its money from them and 10% from you, or the one that makes 98% of its profits from you and 2% from them.
Assorted stuff I do sometimes: Lemuria.org
This is nothing more then PR twisting, by a company that is suspected of willfully working with spying/law enforcement agencies.
To me to have the press sit there an report this without highlighting the companies past and current data collecting activities is misleading the public into thinking they are somehow safe, or just to give people a false sense of security as a way to sell more phones then your competitor.
First, *every* US company is suspected to work together with the NSA. So Apple isn't worse off in that regard.
Second, this feature is not about avoiding the NSA. The spooks can just utilize the cell network to track you. This feature is about *everyone else* trying to track you. Because, you know, not everyone is able to spoof a cell tower. But everyone *is* able to put up a WiFi hotspot.
Third, *of course* this is about selling more devices. And what's wrong with trying to make money by offering something actually useful?
Apple doesn't care as much about profit after the fact because they got 45% off of you as soon as you bought their phone.
Even if you turn off every function on your phone--including the phone--and kept it in airplane mode the whole time like some sort of absurdly expensive iPod, Apple already made a profit.
Apple cares about your privacy insofar as it allows them to put a bullet-point on the box that they can use to distinguish themselves from Google's model. Google needs information to make a profit. They make virtually no money off of Android itself; that's why buying a Nexus is so cheap.
Essentially, Apple can afford to be stingy with information, and can afford for YOU to be stingy with YOUR information. Google can't.
I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.
Privacy Policy
Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
...
Disclosure to Third Parties
At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and your carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and your carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.
Service Providers
Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.
Others
It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.
Of course news about a fake are Fake News.