Can you elaborate? I am a programmer, and I read the PDF provided in the article. My conclusion is that they did a very clever job in creating a mechanism that could statically analyse the code and determine with some degree of certainty that some functions where accessing what they considered to be personal information; and then transmitted this over the wire. It is clever because, due to its complex and dynamic nature, the Objective-C runtime does not make static analysis easy or practical.
They also mention that, at least to some extent, they corroborated these results with actually using the application in question, invoking the functionality identified by their scanner, and analysed the network traffic resulting from it.
You didn't read the PDF of the experiment, did you? In there they explained the risk of the capturing the UDID.
The identifier by itself does not say much. However, most of the companies offering the frameworks are either advertising brokers, or affiliated to them, which then use the captured identifiers to correlate them with additional personally identifying information captured through other applications and services in order to build a profile of the user.
They give as an example AdMob, which is owned by Google. Wherein Google can easily capture the device ID of a GMail or Google+ user and associate it with their account. Then all apps using AdMob's advertising framework can report the device's ID, which can then be mapped in this database against a real user account.
It's also because it's a novelty, a gimmick. I tried Dippin' Dots once. The experience was just like you would imagine eating a super-cooled liquid would be: a bit uncomfortable and absolutely tasteless.
But there are no losses; it's their margins that are reduced. But they are indeed making it up in volume, it's just not at the rate they would like had they been able to keep the original margins.
Have you even seen an iPhone or an iPad? There's no user-accessible "file system." Going by its popularity, that seems to be an abstraction that people like.
However, iCloud and iOS in general are moving towards a solution that will make a service like DropBox irrelevant. When your applications abstract their files as data objects, and the user does not need to interact with a file system at all, there is need for a file system synchronization service.
I think the point was that Objective-C is compiled to native machine code and it has instrospection along with dynamic typing. C# may have those capabilities but at the cost of running in a VM.
Only if you use TObject and it's descendants. If you go for TInterfacedObject you not only get automatic reference counting and memory management, you also get interfaces and a crude form of introspection.
So let me ask you, and I'm sincerely curious, why did you or anybody else ever thought "Liking" a commercial company meant?
I always assumed it meant you sponsored their product or services and are expressing your support; and since it's in Facebook, you're doing so publicly. Exploiting this by broadcasting your sponsorship to all your friends in an attempt to expand brand-awareness seems logical, if creepy.
As a matter of fact, I always assumed this was happening already.
P.S. Did something change in here?? I need to hit " Reply" twice now. The first time I click it, the Twitbook and Myface icons pop up, and the second time it takes me to the Reply page. WTF???
In each financial report, Apple management state that that iTunes Music Store operates at almost break even terms. Revenue from this is definitely less than 10% of their profit.
How do you guess that it is "probably more than 10%"? And what information do you have that suggests the operation is of "low-overhead", other than you wish it were so? All comments from officials and all documentation suggests otherwise.
Sorry, I don't pay that kind of money for a mediocre milky coffee. I've had many varieties of Starbucks fluids (on the company nickel) and while it's less bad than McDonalds, it's nowhere close to the European standards I'm accustomed to.
Then how would you explain that I received the message on an e-mail address that I made specifically to use the NYT app and never have used for anything else?
That automatically rules out a third party. It was either sent in error, or their user accounts list was indeed compromised.
A possible third alternative is that they shared their accounts list with a partner that was then compromised. Either way it seems the list was compromised.
Slashdot Mirror
Can you elaborate? I am a programmer, and I read the PDF provided in the article. My conclusion is that they did a very clever job in creating a mechanism that could statically analyse the code and determine with some degree of certainty that some functions where accessing what they considered to be personal information; and then transmitted this over the wire. It is clever because, due to its complex and dynamic nature, the Objective-C runtime does not make static analysis easy or practical.
They also mention that, at least to some extent, they corroborated these results with actually using the application in question, invoking the functionality identified by their scanner, and analysed the network traffic resulting from it.
What alarm bells were going off on your side?
-dZ.
You didn't read the PDF of the experiment, did you? In there they explained the risk of the capturing the UDID.
The identifier by itself does not say much. However, most of the companies offering the frameworks are either advertising brokers, or affiliated to them, which then use the captured identifiers to correlate them with additional personally identifying information captured through other applications and services in order to build a profile of the user.
They give as an example AdMob, which is owned by Google. Wherein Google can easily capture the device ID of a GMail or Google+ user and associate it with their account. Then all apps using AdMob's advertising framework can report the device's ID, which can then be mapped in this database against a real user account.
-dZ.
It's also because it's a novelty, a gimmick. I tried Dippin' Dots once. The experience was just like you would imagine eating a super-cooled liquid would be: a bit uncomfortable and absolutely tasteless.
-dZ.
The funny thing is, I know exactly which printer UI you're talking about, for I've had to learn it too.
On second thought, that's the sad thing.
-dZ.
Mark, is that you?
-dZ.
Man, that sucks. No popcorn on long flights!
-dZ.
Actually making slightly less per unit, more overall.
-dZ.
But there are no losses; it's their margins that are reduced. But they are indeed making it up in volume, it's just not at the rate they would like had they been able to keep the original margins.
-dZ.
No, you're dreaming of electric sheep.
Have you even seen an iPhone or an iPad? There's no user-accessible "file system." Going by its popularity, that seems to be an abstraction that people like.
However, iCloud and iOS in general are moving towards a solution that will make a service like DropBox irrelevant. When your applications abstract their files as data objects, and the user does not need to interact with a file system at all, there is need for a file system synchronization service.
-dZ.
I think the point was that Objective-C is compiled to native machine code and it has instrospection along with dynamic typing. C# may have those capabilities but at the cost of running in a VM.
dZ.
It is, nonetheless, compilable.
Only if you use TObject and it's descendants. If you go for TInterfacedObject you not only get automatic reference counting and memory management, you also get interfaces and a crude form of introspection.
dZ.
So let me ask you, and I'm sincerely curious, why did you or anybody else ever thought "Liking" a commercial company meant?
I always assumed it meant you sponsored their product or services and are expressing your support; and since it's in Facebook, you're doing so publicly. Exploiting this by broadcasting your sponsorship to all your friends in an attempt to expand brand-awareness seems logical, if creepy.
As a matter of fact, I always assumed this was happening already.
-dZ.
I must admit it worked. It does sound cool.
P.S. Did something change in here?? I need to hit " Reply" twice now. The first time I click it, the Twitbook and Myface icons pop up, and the second time it takes me to the Reply page. WTF???
Not quite failed. Geeks in /. now are aware of the (upcoming) Wipeout Quantum game, presumably for the PS3.
I thought it was obvious: for a new game from Sony Entertsinment: Wipeout Quamtum.
Wow, which movie is that?
In each financial report, Apple management state that that iTunes Music Store operates at almost break even terms. Revenue from this is definitely less than 10% of their profit.
How do you guess that it is "probably more than 10%"? And what information do you have that suggests the operation is of "low-overhead", other than you wish it were so? All comments from officials and all documentation suggests otherwise.
The idiots need to get to work too, and it's more expensive and harder to invest in a good mass transportation system.
In Tampa, Florida (and other cities across the USA), we have Cine-Bistro, which is a classy and very nice.
dZ.
OK, so how much do those European drinks cost?
Then how would you explain that I received the message on an e-mail address that I made specifically to use the NYT app and never have used for anything else?
That automatically rules out a third party. It was either sent in error, or their user accounts list was indeed compromised.
A possible third alternative is that they shared their accounts list with a partner that was then compromised. Either way it seems the list was compromised.
I would agree, except for the fact that I received the message on a throw-away address I only gave the New York Times to use their app.
It seems clear to me then that their accounts list was compromised.
dZ.