Smartphones are an amazing distributed instrument. Millions and millions of computers with constant net access, GPS and whatnot, being carried all over the world in the pockets of their users. The nerd in me sees perfectly well the amazing potential here.
I would be just too glad to be part of this instrument and to participate in data collection allowing others to offer good and useful services from the collected data. I have no problems with others monetizing this and offering me what they created, IF they make sure that neither my phone nor I as the user can be identified or tracked by this.
THIS is the problem to be solved and it is a technical problem that can be solved by technical means.
Use a random ID that is valid for a short while and then is replaced by another random ID generated on my phone and take my location data along with this ID. I'm fine with this. A location tagged with a random ID is worthless to me but combined with millions of other locations with random IDs it is not worthless. It's valuable data then. Done this way the data is precise enough to count phones in a road and to see how fast they move and it's enough to deliver targeted ads and countless other things, but it is not enough to know who I am and to track me. Google and MS tagging that data with the unique device ID and/or the carrier user ID instead very obviously haven't recognized that problem and need to have their noses smacked with a lawsuit to learn about it.
This "anonymized information" still contains the unique device ID of your phone that gets only reset when you do a factory reset of your phone. AdMob (by Google) submits this unique device ID as well as the carrier user ID along with your location data every time you view an ad.
I'm saying this over and over these days, but: Knowing the location of the phone that views a certain ad right now is not evil. Knowing WHICH phone it is and/or WHO the user is, this is evil.
Google (and MS) just use an engineering approach here and use the Unique Device ID for tagging the location data (and AdMob even adds the Carrier User ID). What Apple does with iAd (use random IDs that get renewed on the iPhone every 12 hours) is much better, since it avoids this privacy problem to begin with. Using random IDs allows targeting phones and harvesting location information without identifying users/phones or tracking users over time.
Come on, fellow nerds: There ARE technical solutions to technical problems. Recognize that privacy is valuable and implement your stuff in a way that honours privacy by making abuse impossible (or at least possible only in a very abstract way) and you can have both: Advertisers targeting users and users not being tracked.
The amount of dumb fear and paranoia and especially the unwillingness to talk about technical details is just mindblowing. Advertisers are not after YOU. They may be after all people in a certain location or with a certain income or whatever, but they do not care for you personally and in fact they would LOVE to not have to care for such privacy problems by getting a clean implementation that gives them clean and anonymous data to work with. They work with "dirty" and too personal data only if they haven't got anything else.
Every piece of information about your customers/users is extremely valuable. But it depends on what you do with it; how you get it; and how you protect it.
I think there is a huge difference between having information about your customers as a group (or as sub-groups) and having information about identifiable customers. There's nothing wrong with Google (or Apple) knowing that 500 customers are at a certain point on a road and not moving since an hour. But there's everything wrong with being able to know who these customers are or being able to track every single one of them over days, weeks or months.
And the point is not what you do with this information or how you get it: The point should be to make sure by technical means that you CAN'T get such personal information to begin with. As soon as we have to trust companies to not abuse such information it's too late. Exactly this is the reason that Big Brother in 1984 was called Big Brother (and not Evil Bully): It's the seemingly benign, well-meaning and powerful entity you trust and get abused by.
Location data that is anonymous (or uses random IDs that frequently change) can't be abused easily. You can use this to count devices in a certain place or to deliver ads to the right devices but since you have no idea which phone the data comes from and who owns the phone there's a limit what you can do with it. It's enough information to offer useful services from it and not enough to abuse it.
But this is not YOUR location. I mean, it may be your location, but Apple does not know (and does not care) if it is you. They just want to know how many phones are in a certain location and maybe how fast they move. You can do this perfectly with random IDs that change twice a day or so and that Apple does exactly that already with iAd seems to prove that Apple knows perfectly well about the implied privacy problems here. And implements things in a way to make sure that you can't be tracked.
Now, I'm not a fanboi, but this is exactly the way Apple makes sure to have their ideas work out in the long run. Trying to implement such things without proper consideration about what it may imply just leads to your ideas being shot down after half a year and you've got nothing for your investments. Do it right and you can offer useful services from it and make money. What Apple is prone to do.
The question is whether you believe that the data they collect truly is anonymous. I don't believe that creating a traffic database is compatible with truly anonymous data collection.
This is not about religion, you don't have to "believe" anything. Just think about it and find out.
If you use temporary and random IDs (as Apple already does with iAd) you can of course count phones in a certain location anonymously. Very much as you can make sure the right ad gets to the right phone in the right place with such IDs anonymously. Believe it or not.
Traffic monitoring is easily possible with a random ID that is generated on the phone and valid for a few hours until it generates a fresh one. With this Apple has no idea which phone this is, they have no idea who you are (since the IDs are random and not connected to your phone or to the user) and even this anonymous user with that anonymous phone can't be tracked over time.
This traffic monitoring actually is very similar to iAd: You need a temporary, unique anonymous ID with an associated location. In one case to deliver the right ad to the right phone in the right location (with no way to find out which phone it is and who owns it), in the other to count different phones in the same place on the same road.
"Tracking an unknown phone of an unknown user for a while" is a totally different thing from "tracking you".
The difference is like you posting with your real name on slashdot (this is like tagging location data with a user ID) or posting with a fixed pseudonym (the same as using a device ID) or with a random string as a name you change twice a day for a fresh one (what Apple does here).
Ask some people actually working with privacy-sensitive stuff and they will tell you that Apple's implementation of iAd is pretty much exemplary. If Apple uses the same or a similar implementation for this, I'm fine with it. At least it seems as if Apple has recognized the privacy problems here very clearly. Google and Microsoft using the Unique Device ID obviously haven't.
In BOTH cases everybody with two eyes and a brain (and an iPhone) is able to look at the data and decide what it is. In the case of the iPhone data everyone who actually did that quickly noticed that this is the locations of cell towers and WiFi stations, that there is one entry per cell tower / WiFi station and this is as much a "tracking log" as a whale is a fish.
In case of this project everyone who runs that java tool to extract the data and then looks at it with zless should be able to see that it is a list of coordinates of these boring stations and nothing more.
Why on earth do people trust their suspicion and paranoia and the bad news they've read MORE than their own set of eyes and their own brain?
Which amounts to the same thing if you are trying to use the data nefariously. Not to jump off the deep end, but imagine a world where the CIA can get your location because they have your device ID, and then knowing roughly where you are, they can send an agent, equipped with a device that locks onto and tracks your unique signal. The very same signal beacon you carry around with you, at all times.
This isn't science fiction, this is how some UAV's work. Right NOW.
So then the question is, what exactly is stopping any power (government, corporate, private) from harnessing that technology? So far... nothing. Talk to ATT about the NSA if you don't believe me, oh that's right you can't. The government, after breaking the law, and coercing corporations into breaking the law, made it all go away. Damn, that is a neat trick.
This happens all the time. The carriers are tracking you all the time (and much more precise than the iPhone's INTERNAL database, which also saves each position of a cell tower or WiFi station only once).
I'm not saying this is good. I'm just saying that saving such data on your own device, where it at least is of some use for you, isn't adding anything here. And uploading data to a project which tries to create a map of cell towers certainly isn't doing anything to your privacy.
Or, in other words: they track you, for advertising purposes.
iAd uses random IDs that are generated twice a day on the iPhone. Impossible to track you with this.
But I would surely like to have that cleared up. Especially what the anonymous collecting of location data actually means in detail.
Personally I think that the part of the privacy policy you quoted is just a general list of things that Apple may collect for many different things (the Unique Device ID will be needed at least for DRM purposes with the iTunes store, for example) and that this does not mean that anonymous location data is tagged with the Unique Device ID. I just can't see Apple going to such lengths to ensure anonymity with iAd and then needlessly collect location data in a less anonymous way.
Still, I'm pretty sure we will here more of this in the coming months, not only from Apple.
By the way, here's the privacy policy for AdMob Mobile Services (Google), which in no uncertain terms says what AdMob collects here:
"AdMob will automatically collect and receive information about those visitors such as, but not limited to, browser identifiers, session information, browser cookies, device type, carrier provider, IP addresses, unique device ID, carrier user ID, geo-location information, sites visited and clicks on advertisements we display."
In most countries the carriers only publish quite useless coverage maps without tower locations. Having real maps of tower locations can help you to see where you may have coverage or not.
This "log file" (actually it's a SQLite3 database) does not contain the locations of the iPhone, it contains the locations of the cell towers and WiFi base stations the iPhone was near to. I thought this was clear meanwhile?
This project does NOT map the whereabouts of iPhone users, it maps the locations of WiFi and cell towers.
are going to hate that. Right now every iPhone has a very precise map of all cell phone towers it ever saw saved in that intenal DB. They're not going to like these positions to be published, I would say.
Since I learned that AdMob sends my location data tagged with the Unique Device ID of my phone to Google, I'm very much wondering if even Google has actually realized that there may be problems with that approach. WP7 sends the very same data that the iPhone saves into its local database right home to Microsoft, also with the Unique Device ID.
What I was saying was that TECHNICAL DETAILS MATTER.
Building an internal database of cell tower locations is one approach, having this database in some datacenter and having the phone ask it all the time (and by this telling it where you are) is another. Both approaches have their advantages and disadvantages. Stop looking for whom to trust, start looking for technical implementations that do not require you to trust them.
I don't trust Apple and I don't trust Google. I want systems I can use even if I don't trust Apple or Google. I want my devices to NOT leak identifiable data to anyone to begin with. I do not want to have to trust Apple or Google to not abuse the data they get, I want that they don't get anything abusable to begin with. This is why details matter and why comparing approaches matters.
With just a teeny bit more data, it COULD be used to describe your exact position though.
All that is needed is a pingtime from the towers. 3 towers, and you have a triangulated position. (or, rather, could triangulate the position painlessly.)
Or much easier: Since this is only the "assisted" part of "assisted GPS" and the iPhone usually has a perfect GPS fix half a minute or so later, the iPhone could then just save that perfect true position of itself into an eternal log file.
i've been messing with http://petewarden.github.com/iPhoneTracker a bit. its pretty interesting. i'm just wondering what triggers the coords to be stored. it has places i have been at for more than a few minutes - home, work, in-laws home, mall, etc. but nothing for the routes in between (i have a 45minute drive from home to work) so is it triggered by calls made? specific times of the day? after X number tower changes? does anyone know?
Using location services triggers this. Like, using Google Maps or taking a photo (which gets location data embedded) or one of the myriad other apps that need location data. You see this indicated with an arrow in the status bar. If you don't use anything that needs location data, no location process is triggered and nothing is there to be saved.
Just out of curiosity, what's the minimum geographical accuracy required before this behavior becomes "not OK", where it can be abused? The police are already using the current set of data to provide another point of evidence that you were in the area where they say you were.
Here's another question: if Apple could get a GPS location as efficiently as recording cell tower UIDs, is there any reason to believe they wouldn't?
I think they're build that internal network map exactly because they CAN'T get a GPS location in any way fast or efficiently. If they could, they wouldn't bother with all that and just have the phone get a GPS fix if the user wants to know where he is. Additionally, all this is usually just the first step of assisted GPS. Half a minute later the iPhone has a GPS fix. And still this precise location data gets not saved to this database. If this would be for evil purposes, they would save this precise data, but they don't. There is no log of true positions on your iPhone. There's only a database of cell towers.
Police will just go to the carrier who has much better data, because the carrier IS tracking you all the time.
You're quoting the bit about Location Services, and when you turn those on, your phone's location is identified for ad services. What Apple is saying here is that the ad services never get to know who they're serving to, and Apple does not store this data either. They could, based on uid, but they say they don't..
They even couldn't. The ID iAd sends along with the location data is a random ID that gets generated twice daily on the iPhone. This is just enough to serve the right iPhone with local ads, but that's it. It's not a user ID and not a phone ID and it changes twice a day.
"AdMob will automatically collect and receive information about those visitors such as, but not limited to, browser identifiers, session information, browser cookies, device type, carrier provider, IP addresses, unique device ID, carrier user ID, geo-location information, sites visited and clicks on advertisements we display."
Don't ask for companies you can trust. Ask for implementations of privacy-related technologies that don't require you to trust them.
Just as an example: Android sends along the Unique Device ID and the Carrier User ID when sending you location data to AdMob customers. iOS (iAd) sends a random ID that is generated twice daily on the iPhone. What's more wrong?
And I'm really curious how you want to have fast positioning without knowing the positions of cell towers. Either the phone saves the positions in an internal database (as the iPhone does) or it has to ask external databases every time. And if your phone asks Google's or SkyHook's servers where the cell towers are that it sees, Google/SkyHook then know where you are. You have basically the choice of your phone tracking you in an internal database or have others track your phone in their database. This is somewhat similar to local storage for documents or storing it in the cloud: In the first case someone stealing your phone can get at your documents. Put them into the cloud and someone else already has them.
I just can't believe that "nerds" are complaining that the iPhone tries to lessen the dependence on external services by building an internal database of cell tower locations. Yeah, if someone steals your iPhone he can see roughly where you have been at least once. But then he also has your address book and your call and SMS history and your browser history and all other data on it. So remote wipe it immediately and be done with it.
It has meanwhile been debunked that this file tracks the location of the iPhone. It draws a map of locations of cell towers. The positions in this file are not the position of the iPhone when the user used a location app, the positions are the locations of the cell towers the iPhone saw in this moment. This is pretty clear now. The cell tower ID is the UNIQUE ID of the database, there are only clusters of tower locations saved at the same time with locations miles apart and NONE of these are the actual position of your phone.
And yes, this also paints a rough picture of where you used location services, because only the stations around the places where you used location services are in this database. But: The stations are miles around your real position and since there is no signal strength info saved triangulation is not possible. I have found stations recorded that were up to ten miles away from my true position and hardly any stations nearer than half a mile (you'd need to stand right under a cell tower and use Google Maps there to have the position of the iPhone and the tower match by accident, so this happens almost never and the data shows exactly that).
So: The iPhone builds a local database with a network topography map and never throws it away. If it would throw that info away it would need to ask external databases (of Google or SkyHook) instead to learn the coordinates of the towers that it sees. By doing so it would neccessarily TELL these providers where it is.
Basically you have the choice of your phone tracking you (very roughly) in an internal database or have someone else providing an external database and by this tracking your phone. The iPhone does the first, Android does the latter (and Android even sends the Unique Device ID along). Believe it or not, but technically Jobs is right. The iPhone tracks you in an internal database, but with Android Google tracks your phone in external databases.
I don't expect many people to understand that though. Even with much explaining to basically neutral people hardly more than 5 of ten understand how positioning works and what it implies. Or what a "Unique Device ID" is.
This whole situation is a perfect example of why Free Software is superior to proprietary.
I bet if there were a Free Software implementation of aGPS location frameworks the first thing any developer worth his salt would do would be building a local database of celltower locations to get a local map of the network topography to free the software from the dependency of cell providers and third party services like SkyHook.
And lo and behold! Exactly this is this database on the iPhone!
Do you really think such software should insist in asking SkyHook over and over where the cell towers are that it sees?
It's only unencrypted on your computer if you don't encrypt your backups (which is a click away in iTunes).
But this is nothing new. I know people securing their computers very tightly and still without thinking store their backups unencrypted and unsecured. People...
And: http://www.willclarke.net/?p=247 -- This is not a database of where you've been, it's a database of cell towers your phone has seen, one entry per cell tower. Looking at the data on my iPhone I came to the same conclusion. I have found hardly any datapoint in there closer than half a mile to my real position and when I was on high ground in otherwise flat land the iPhone recorded dozens of locations at once from up to tens of miles around.
But now having a cell tower map of all areas I have been surely is nice! Thanks, Apple!
Mr. Clarke's research implies that cell tower and Wi-Fi network locations are recorded, but phone location is *not* recorded, in the file at issue.
Of course, if you request the location of nearby restaurants via iPhone app, then your location is must be determined. I have seen no proof that user accessible *device* location data is stored.
If such data were available, why would an application like "Trails - GPS Tracker" ever need to "Resume recording"?
When looking at the data stored in that DB on my iPhone I came to exactly the same conclusion. The iPhone builds a local network topography map of cell towers and WiFi base stations to avoid having to look up that data over and over again from the databases at Google and SkyHook (as Android does it). Not more, not less.
And this is not only faster than accessing external databases and consumes less power, it also does NOT leak your location data to these service providers. Whenever a phone (or another device) asks an third party provider where a cell tower with a certain ID is, it also tells that provider where it is. So basically you have the choice of your phone tracking you (by drawing an internal map with coordinates of cell towers it has seen) or have someelse tracking your phone (by recording a map of cell towers your phone as seen).
Insisting in your phone not building up such a database so that nobody can steal it with your phone is like not hoarding your money at home in case a burglar finds it and instead giving the money to strangers in the street. Surely a wise move!
But try to explain that to people. I'm trying this since days and you have to talk so much that everyone shouting "OMG! Apple is spying on you and recording every move!!!" will get heard much easier. It's like trying to teach science to people jumping around a stake, burning a witch. Talk about germs versus curses then and you can count yourself lucky if you don't end up on the stake yourself.
Thanks very much for that link, by the way. This is one of the very few pieces of real work to analyse what's going on instead of just opinion and FUD. And it totally mirrors what I got when I had a closer look at that data.
Slashdot Mirror
Smartphones are an amazing distributed instrument. Millions and millions of computers with constant net access, GPS and whatnot, being carried all over the world in the pockets of their users. The nerd in me sees perfectly well the amazing potential here.
I would be just too glad to be part of this instrument and to participate in data collection allowing others to offer good and useful services from the collected data. I have no problems with others monetizing this and offering me what they created, IF they make sure that neither my phone nor I as the user can be identified or tracked by this.
THIS is the problem to be solved and it is a technical problem that can be solved by technical means.
Use a random ID that is valid for a short while and then is replaced by another random ID generated on my phone and take my location data along with this ID. I'm fine with this. A location tagged with a random ID is worthless to me but combined with millions of other locations with random IDs it is not worthless. It's valuable data then. Done this way the data is precise enough to count phones in a road and to see how fast they move and it's enough to deliver targeted ads and countless other things, but it is not enough to know who I am and to track me. Google and MS tagging that data with the unique device ID and/or the carrier user ID instead very obviously haven't recognized that problem and need to have their noses smacked with a lawsuit to learn about it.
This "anonymized information" still contains the unique device ID of your phone that gets only reset when you do a factory reset of your phone. AdMob (by Google) submits this unique device ID as well as the carrier user ID along with your location data every time you view an ad.
Come on, this is just too much information.
I'm saying this over and over these days, but: Knowing the location of the phone that views a certain ad right now is not evil. Knowing WHICH phone it is and/or WHO the user is, this is evil.
Google (and MS) just use an engineering approach here and use the Unique Device ID for tagging the location data (and AdMob even adds the Carrier User ID). What Apple does with iAd (use random IDs that get renewed on the iPhone every 12 hours) is much better, since it avoids this privacy problem to begin with. Using random IDs allows targeting phones and harvesting location information without identifying users/phones or tracking users over time.
Come on, fellow nerds: There ARE technical solutions to technical problems. Recognize that privacy is valuable and implement your stuff in a way that honours privacy by making abuse impossible (or at least possible only in a very abstract way) and you can have both: Advertisers targeting users and users not being tracked.
The amount of dumb fear and paranoia and especially the unwillingness to talk about technical details is just mindblowing. Advertisers are not after YOU. They may be after all people in a certain location or with a certain income or whatever, but they do not care for you personally and in fact they would LOVE to not have to care for such privacy problems by getting a clean implementation that gives them clean and anonymous data to work with. They work with "dirty" and too personal data only if they haven't got anything else.
I think there is a huge difference between having information about your customers as a group (or as sub-groups) and having information about identifiable customers. There's nothing wrong with Google (or Apple) knowing that 500 customers are at a certain point on a road and not moving since an hour. But there's everything wrong with being able to know who these customers are or being able to track every single one of them over days, weeks or months.
And the point is not what you do with this information or how you get it: The point should be to make sure by technical means that you CAN'T get such personal information to begin with. As soon as we have to trust companies to not abuse such information it's too late. Exactly this is the reason that Big Brother in 1984 was called Big Brother (and not Evil Bully): It's the seemingly benign, well-meaning and powerful entity you trust and get abused by.
Location data that is anonymous (or uses random IDs that frequently change) can't be abused easily. You can use this to count devices in a certain place or to deliver ads to the right devices but since you have no idea which phone the data comes from and who owns the phone there's a limit what you can do with it. It's enough information to offer useful services from it and not enough to abuse it.
But this is not YOUR location. I mean, it may be your location, but Apple does not know (and does not care) if it is you. They just want to know how many phones are in a certain location and maybe how fast they move. You can do this perfectly with random IDs that change twice a day or so and that Apple does exactly that already with iAd seems to prove that Apple knows perfectly well about the implied privacy problems here. And implements things in a way to make sure that you can't be tracked.
Now, I'm not a fanboi, but this is exactly the way Apple makes sure to have their ideas work out in the long run. Trying to implement such things without proper consideration about what it may imply just leads to your ideas being shot down after half a year and you've got nothing for your investments. Do it right and you can offer useful services from it and make money. What Apple is prone to do.
This is not about religion, you don't have to "believe" anything. Just think about it and find out.
If you use temporary and random IDs (as Apple already does with iAd) you can of course count phones in a certain location anonymously. Very much as you can make sure the right ad gets to the right phone in the right place with such IDs anonymously. Believe it or not.
Traffic monitoring is easily possible with a random ID that is generated on the phone and valid for a few hours until it generates a fresh one. With this Apple has no idea which phone this is, they have no idea who you are (since the IDs are random and not connected to your phone or to the user) and even this anonymous user with that anonymous phone can't be tracked over time.
This traffic monitoring actually is very similar to iAd: You need a temporary, unique anonymous ID with an associated location. In one case to deliver the right ad to the right phone in the right location (with no way to find out which phone it is and who owns it), in the other to count different phones in the same place on the same road.
"Tracking an unknown phone of an unknown user for a while" is a totally different thing from "tracking you".
The difference is like you posting with your real name on slashdot (this is like tagging location data with a user ID) or posting with a fixed pseudonym (the same as using a device ID) or with a random string as a name you change twice a day for a fresh one (what Apple does here).
Ask some people actually working with privacy-sensitive stuff and they will tell you that Apple's implementation of iAd is pretty much exemplary. If Apple uses the same or a similar implementation for this, I'm fine with it. At least it seems as if Apple has recognized the privacy problems here very clearly. Google and Microsoft using the Unique Device ID obviously haven't.
In BOTH cases everybody with two eyes and a brain (and an iPhone) is able to look at the data and decide what it is. In the case of the iPhone data everyone who actually did that quickly noticed that this is the locations of cell towers and WiFi stations, that there is one entry per cell tower / WiFi station and this is as much a "tracking log" as a whale is a fish.
In case of this project everyone who runs that java tool to extract the data and then looks at it with zless should be able to see that it is a list of coordinates of these boring stations and nothing more.
Why on earth do people trust their suspicion and paranoia and the bad news they've read MORE than their own set of eyes and their own brain?
Which amounts to the same thing if you are trying to use the data nefariously. Not to jump off the deep end, but imagine a world where the CIA can get your location because they have your device ID, and then knowing roughly where you are, they can send an agent, equipped with a device that locks onto and tracks your unique signal. The very same signal beacon you carry around with you, at all times.
This isn't science fiction, this is how some UAV's work. Right NOW.
So then the question is, what exactly is stopping any power (government, corporate, private) from harnessing that technology? So far... nothing. Talk to ATT about the NSA if you don't believe me, oh that's right you can't. The government, after breaking the law, and coercing corporations into breaking the law, made it all go away. Damn, that is a neat trick.
This happens all the time. The carriers are tracking you all the time (and much more precise than the iPhone's INTERNAL database, which also saves each position of a cell tower or WiFi station only once).
I'm not saying this is good. I'm just saying that saving such data on your own device, where it at least is of some use for you, isn't adding anything here. And uploading data to a project which tries to create a map of cell towers certainly isn't doing anything to your privacy.
iAd uses random IDs that are generated twice a day on the iPhone. Impossible to track you with this.
But I would surely like to have that cleared up. Especially what the anonymous collecting of location data actually means in detail.
Personally I think that the part of the privacy policy you quoted is just a general list of things that Apple may collect for many different things (the Unique Device ID will be needed at least for DRM purposes with the iTunes store, for example) and that this does not mean that anonymous location data is tagged with the Unique Device ID. I just can't see Apple going to such lengths to ensure anonymity with iAd and then needlessly collect location data in a less anonymous way.
Still, I'm pretty sure we will here more of this in the coming months, not only from Apple.
By the way, here's the privacy policy for AdMob Mobile Services (Google), which in no uncertain terms says what AdMob collects here:
"AdMob will automatically collect and receive information about those visitors such as, but not limited to, browser identifiers, session information, browser cookies, device type, carrier provider, IP addresses, unique device ID, carrier user ID, geo-location information, sites visited and clicks on advertisements we display."
In most countries the carriers only publish quite useless coverage maps without tower locations. Having real maps of tower locations can help you to see where you may have coverage or not.
This "log file" (actually it's a SQLite3 database) does not contain the locations of the iPhone, it contains the locations of the cell towers and WiFi base stations the iPhone was near to. I thought this was clear meanwhile?
This project does NOT map the whereabouts of iPhone users, it maps the locations of WiFi and cell towers.
are going to hate that. Right now every iPhone has a very precise map of all cell phone towers it ever saw saved in that intenal DB. They're not going to like these positions to be published, I would say.
On the other hand *I* like that very much...
Since I learned that AdMob sends my location data tagged with the Unique Device ID of my phone to Google, I'm very much wondering if even Google has actually realized that there may be problems with that approach. WP7 sends the very same data that the iPhone saves into its local database right home to Microsoft, also with the Unique Device ID.
It's not just the apps, really.
Microsoft has no on-device location tracking but sends the location to MS together with the Unique Device ID.
Great, just great.
Come on, I'm not in either team.
What I was saying was that TECHNICAL DETAILS MATTER.
Building an internal database of cell tower locations is one approach, having this database in some datacenter and having the phone ask it all the time (and by this telling it where you are) is another. Both approaches have their advantages and disadvantages. Stop looking for whom to trust, start looking for technical implementations that do not require you to trust them.
I don't trust Apple and I don't trust Google. I want systems I can use even if I don't trust Apple or Google. I want my devices to NOT leak identifiable data to anyone to begin with. I do not want to have to trust Apple or Google to not abuse the data they get, I want that they don't get anything abusable to begin with. This is why details matter and why comparing approaches matters.
With just a teeny bit more data, it COULD be used to describe your exact position though.
All that is needed is a pingtime from the towers. 3 towers, and you have a triangulated position. (or, rather, could triangulate the position painlessly.)
Or much easier: Since this is only the "assisted" part of "assisted GPS" and the iPhone usually has a perfect GPS fix half a minute or so later, the iPhone could then just save that perfect true position of itself into an eternal log file.
But the point is: It doesn't.
i've been messing with http://petewarden.github.com/iPhoneTracker a bit. its pretty interesting. i'm just wondering what triggers the coords to be stored. it has places i have been at for more than a few minutes - home, work, in-laws home, mall, etc. but nothing for the routes in between (i have a 45minute drive from home to work) so is it triggered by calls made? specific times of the day? after X number tower changes? does anyone know?
Using location services triggers this. Like, using Google Maps or taking a photo (which gets location data embedded) or one of the myriad other apps that need location data. You see this indicated with an arrow in the status bar. If you don't use anything that needs location data, no location process is triggered and nothing is there to be saved.
Just out of curiosity, what's the minimum geographical accuracy required before this behavior becomes "not OK", where it can be abused? The police are already using the current set of data to provide another point of evidence that you were in the area where they say you were.
Here's another question: if Apple could get a GPS location as efficiently as recording cell tower UIDs, is there any reason to believe they wouldn't?
I think they're build that internal network map exactly because they CAN'T get a GPS location in any way fast or efficiently. If they could, they wouldn't bother with all that and just have the phone get a GPS fix if the user wants to know where he is. Additionally, all this is usually just the first step of assisted GPS. Half a minute later the iPhone has a GPS fix. And still this precise location data gets not saved to this database. If this would be for evil purposes, they would save this precise data, but they don't. There is no log of true positions on your iPhone. There's only a database of cell towers.
Police will just go to the carrier who has much better data, because the carrier IS tracking you all the time.
You're quoting the bit about Location Services, and when you turn those on, your phone's location is identified for ad services. What Apple is saying here is that the ad services never get to know who they're serving to, and Apple does not store this data either. They could, based on uid, but they say they don't..
They even couldn't. The ID iAd sends along with the location data is a random ID that gets generated twice daily on the iPhone. This is just enough to serve the right iPhone with local ads, but that's it. It's not a user ID and not a phone ID and it changes twice a day.
Now, AdMob (Google):
"AdMob will automatically collect and receive information about those visitors such as, but not limited to, browser identifiers, session information, browser cookies, device type, carrier provider, IP addresses, unique device ID, carrier user ID, geo-location information, sites visited and clicks on advertisements we display."
Don't ask for companies you can trust. Ask for implementations of privacy-related technologies that don't require you to trust them.
Just as an example: Android sends along the Unique Device ID and the Carrier User ID when sending you location data to AdMob customers. iOS (iAd) sends a random ID that is generated twice daily on the iPhone. What's more wrong?
And I'm really curious how you want to have fast positioning without knowing the positions of cell towers. Either the phone saves the positions in an internal database (as the iPhone does) or it has to ask external databases every time. And if your phone asks Google's or SkyHook's servers where the cell towers are that it sees, Google/SkyHook then know where you are. You have basically the choice of your phone tracking you in an internal database or have others track your phone in their database. This is somewhat similar to local storage for documents or storing it in the cloud: In the first case someone stealing your phone can get at your documents. Put them into the cloud and someone else already has them.
I just can't believe that "nerds" are complaining that the iPhone tries to lessen the dependence on external services by building an internal database of cell tower locations. Yeah, if someone steals your iPhone he can see roughly where you have been at least once. But then he also has your address book and your call and SMS history and your browser history and all other data on it. So remote wipe it immediately and be done with it.
It has meanwhile been debunked that this file tracks the location of the iPhone. It draws a map of locations of cell towers. The positions in this file are not the position of the iPhone when the user used a location app, the positions are the locations of the cell towers the iPhone saw in this moment. This is pretty clear now. The cell tower ID is the UNIQUE ID of the database, there are only clusters of tower locations saved at the same time with locations miles apart and NONE of these are the actual position of your phone.
Some real world testing: http://www.willclarke.net/?p=247
And yes, this also paints a rough picture of where you used location services, because only the stations around the places where you used location services are in this database. But: The stations are miles around your real position and since there is no signal strength info saved triangulation is not possible. I have found stations recorded that were up to ten miles away from my true position and hardly any stations nearer than half a mile (you'd need to stand right under a cell tower and use Google Maps there to have the position of the iPhone and the tower match by accident, so this happens almost never and the data shows exactly that).
So: The iPhone builds a local database with a network topography map and never throws it away. If it would throw that info away it would need to ask external databases (of Google or SkyHook) instead to learn the coordinates of the towers that it sees. By doing so it would neccessarily TELL these providers where it is.
Basically you have the choice of your phone tracking you (very roughly) in an internal database or have someone else providing an external database and by this tracking your phone. The iPhone does the first, Android does the latter (and Android even sends the Unique Device ID along). Believe it or not, but technically Jobs is right. The iPhone tracks you in an internal database, but with Android Google tracks your phone in external databases.
I don't expect many people to understand that though. Even with much explaining to basically neutral people hardly more than 5 of ten understand how positioning works and what it implies. Or what a "Unique Device ID" is.
This whole situation is a perfect example of why Free Software is superior to proprietary.
I bet if there were a Free Software implementation of aGPS location frameworks the first thing any developer worth his salt would do would be building a local database of celltower locations to get a local map of the network topography to free the software from the dependency of cell providers and third party services like SkyHook.
And lo and behold! Exactly this is this database on the iPhone!
Do you really think such software should insist in asking SkyHook over and over where the cell towers are that it sees?
It's only unencrypted on your computer if you don't encrypt your backups (which is a click away in iTunes).
But this is nothing new. I know people securing their computers very tightly and still without thinking store their backups unencrypted and unsecured. People...
And: http://www.willclarke.net/?p=247 -- This is not a database of where you've been, it's a database of cell towers your phone has seen, one entry per cell tower. Looking at the data on my iPhone I came to the same conclusion. I have found hardly any datapoint in there closer than half a mile to my real position and when I was on high ground in otherwise flat land the iPhone recorded dozens of locations at once from up to tens of miles around.
But now having a cell tower map of all areas I have been surely is nice! Thanks, Apple!
I found this via Hacker News.
willclarke.net - Apple is not “recording your moves”
http://www.willclarke.net/?p=247
Mr. Clarke's research implies that cell tower and Wi-Fi network locations are recorded, but phone location is *not* recorded, in the file at issue.
Of course, if you request the location of nearby restaurants via iPhone app, then your location is must be determined. I have seen no proof that user accessible *device* location data is stored.
If such data were available, why would an application like "Trails - GPS Tracker" ever need to "Resume recording"?
When looking at the data stored in that DB on my iPhone I came to exactly the same conclusion. The iPhone builds a local network topography map of cell towers and WiFi base stations to avoid having to look up that data over and over again from the databases at Google and SkyHook (as Android does it). Not more, not less.
And this is not only faster than accessing external databases and consumes less power, it also does NOT leak your location data to these service providers. Whenever a phone (or another device) asks an third party provider where a cell tower with a certain ID is, it also tells that provider where it is. So basically you have the choice of your phone tracking you (by drawing an internal map with coordinates of cell towers it has seen) or have someelse tracking your phone (by recording a map of cell towers your phone as seen).
Insisting in your phone not building up such a database so that nobody can steal it with your phone is like not hoarding your money at home in case a burglar finds it and instead giving the money to strangers in the street. Surely a wise move!
But try to explain that to people. I'm trying this since days and you have to talk so much that everyone shouting "OMG! Apple is spying on you and recording every move!!!" will get heard much easier. It's like trying to teach science to people jumping around a stake, burning a witch. Talk about germs versus curses then and you can count yourself lucky if you don't end up on the stake yourself.
Thanks very much for that link, by the way. This is one of the very few pieces of real work to analyse what's going on instead of just opinion and FUD. And it totally mirrors what I got when I had a closer look at that data.