Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I am amazed with the number of people who use the word privacy when they mean secrecy. This was never a privacy issue, it was a secrecy one, those who complained wanted to keep their data a secret. Their privacy was never in danger, never invaded.

I never read one instance of how this data could be misused to harm someone in a way that couldn't have been done in an easier and more harmful way. I read from those paranoid about law enforcement agencies misusing this data, it would be easier for any corrupt law enforcement agency to falsify location files for you than go through the convoluted path in gaining access to your actual files. You would also find it very difficult to use the actual files on your iPhone as a defence as they show such random inaccurate data (look at the number of people including myself who have a log erroneously showing them to have visited Las Vegas!). There were more cheating men worried about their wives finding out their whereabouts than I have heard in a long time, again wanting to gain secrecy, not privacy; let's face it your wife has a right to know where you are!

Be careful of your secrets, they may creep up and bite you one day.
 
Ummm.... Reading a little further down in that same Arstechnica article you cite, it says "Further analysis by developers and security experts suggests that the data points recorded are more likely cell tower and WiFi basestation locations, and not necessarily actual device locations.". :D



.
I'll repeat this post:

Here is quote from Arstechnica:

"Last week, a news firestorm started after the public revelation by researchers Alasdair Allan and Pete Warden that iPhones and iPads keep a log of location data based on cell tower and WiFi base station triangulation in a file called consolidated.db."
 
I am amazed with the number of people who use the word privacy when they mean secrecy. This was never a privacy issue, it was a secrecy one, those who complained wanted to keep their data a secret. Their privacy was never in danger, never invaded.

I never read one instance of how this data could be misused to harm someone in a way that couldn't have been done in an easier and more harmful way. I read from those paranoid about law enforcement agencies misusing this data, it would be easier for any corrupt law enforcement agency to falsify location files for you than go through the convoluted path in gaining access to your actual files. You would also find it very difficult to use the actual files on your iPhone as a defence as they show such random inaccurate data (look at the number of people including myself who have a log erroneously showing them to have visited Las Vegas!). There were more cheating men worried about their wives finding out their whereabouts than I have heard in a long time, again wanting to gain secrecy, not privacy; let's face it your wife has a right to know where you are!

Be careful of your secrets, they may creep up and bite you one day.

You need to think more like a criminal, someone that want to create mischeif, or someone that wants to cause you harm. Using that viewpoint, you may be able to more easily come up with an instance of where the data could be used in a harmful way.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8H7)

samcraig said:
Not "both important". One loses account data for 77 million customers. Usernames, passwords, addresses, the lot. That's important. The other one stores information on a phone that doesn't really give anyone any useful information, and is only accessible by someone stealing the phone. That's not important.




Well of course. Apple sends data to your phone and stores them in a file so they can later steal that data back. It so makes sense. But wouldn't it make a lot more sense if they wanted to steal that data to just record it when they send it to you, without deleting duplicates, and recording the best possible location, not the location of a cell tower? And not leaving any traces around? All the data in this file _was sent to you by Apple_ in the first place.

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8H7)

Both are issues of different magnitude. I don't see why you keep comparing them. Are you trying to insinuate that we should only care about Sony and not Apple's issue? There are millions of people starving in Africa and only hundreds of thousands starving in the US. Should we only care about Africa?

Poor analogy - but my point is - you can and should care about both. Sony and Apple had issues. They are being addressed. Let it go...


Your 'right' to privacy does not extend passed your front door.

Wrong. Are you saying that my privacy can't be violated if someone breaks into my car? That my privacy can't be violated by someone illegally tapping my cell phone? That my privacy can't be violated if someone breaks into my doctors office and opens my medical records?

Perhaps you just wanted to think you were being cute/clever with your short post. But you're wrong

Surely you perceive the difference between potential misuse but no actual evidence of such, and actual felony theft.
(And I'll stop calling you Shirley;).

I do. I just don't see the point in discussing Sony when Sony has nothing to do with Apple's DB file which is the actual topic here.

I was saying that when you are in public you have no right to an expectation that your location will be a secret.
 
Credibility is a funny thing, after its gone there is nothing to cash against.

logging personal data indefinitely in unencrypted form - "Bug"

logging personal data with location services disabled - "Bug"

Those are two big arse bugs! How many other "Bugs" have they got in there?

This is the classic PR mistake, not admitting what you are doing, refusing to be humble about it and expecting your users to be idiots. Jobs himself assured us that disabling location services would prevent tracking. Despite the spin the net effect is tracking.

I have and idea why don't you let ME decide what is acceptable behaviour on MY device?

On the other end of this I don't like that Apple (or the the others) are mapping and logging MY ssid and leveraging it to their own advantage.

Quit spitting in my face, I'm you customer. The reason I am your customer is because I expected this behaviour from Google and mistakenly thought that Apple might have more respect for their customers.
 
Ummm.... Reading a little further down in that same Arstechnica article you cite, it says "Further analysis by developers and security experts suggests that the data points recorded are more likely cell tower and WiFi basestation locations, and not necessarily actual device locations.". :D

.

I am not sure what that means (article is not clear) but consider this. Storing location of cell towers is pointless (those are well known) whilst because of the nature of WiFi location of WiFi base stations is the same as your location (with 30 feet accuracy)
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8H7)



I was saying that when you are in public you have no right to an expectation that your location will be a secret.

That's not what you were saying at all. Maybe that's what you meant. But that's not what you wrote...
 
Credibility is a funny thing, after its gone there is nothing to cash against.

logging personal data indefinitely in unencrypted form - "Bug"

logging personal data with location services disabled - "Bug"

Those are two big arse bugs! How many other "Bugs" have they got in there?

This is the classic PR mistake, not admitting what you are doing, refusing to be humble about it and expecting your users to be idiots. Jobs himself assured us that disabling location services would prevent tracking. Despite the spin the net effect is tracking.

I have and idea why don't you let ME decide what is acceptable behaviour on MY device?

On the other end of this I don't like that Apple (or the the others) are mapping and logging MY ssid and leveraging it to their own advantage.

Quit spitting in my face, I'm you customer. The reason I am your customer is because I expected this behaviour from Google and mistakenly thought that Apple might have more respect for their customers.

Also, the unencrypted part must be a very interesting kind of bug. Not only the code that was recoding the data had a bug (and stored data unencrypted), the code that later used this information also had a bug which allowed it to read unencrypted data (where supposedly an encrypted one was expected). :D
 
I am not sure what that means (article is not clear) but consider this. Storing location of cell towers is pointless (those are well known) whilst because of the nature of WiFi location of WiFi base stations is the same as your location (with 30 feet accuracy)

It can send info about wifi stations 500 feet away, 2 miles away, 10 miles away, in addition to the one I use. And it's anonymous info that does not identify me or my specific phone. It's not the same as my location.
 
It can send info about wifi stations 500 feet away, 2 miles away, 10 miles away, in addition to the one I use. And it's anonymous info that does not identify me or my specific phone. It's not the same as my location.

I did not know Apple's WiFi is that good that it can receive signals from 10 miles away. I am lucky if my WiFi works good enough inside my house.
 
Its not about being a criminal or paranoid. This data is for the sole purpose of marketers to sell us crap.

Actually it is not used for that at all. Did you read any of the actual information on the subject? You don't seem to understand it at all.

Go ahead though and explain how a database of cell towers and wifi hotspots is going to be translated into being used for marketing. I own a marketing firm, and I would love for you to enlighten me of what value that information is.



You should read Apple's reply to a query from two Congressmen in July 2010: http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

Apple clearly states that location data is being collected anonymously and is being used to maintain Apple's database of cell tower and Wi-Fi hotspot locations. Prior to iOS 3.2, Apple made use of similar databases provided by Skyhook and Google, but now Apple has created its own.

I am all for it. The Assisted GPS is an awesome feature and I personally want my device contributing data to that project as it helps my own usage of my devices and those of other people. So I am 100% in favor of Apple anonymously collecting this data as it improves the experience for all iOS devices with GPSs perform better.
 
It was just from an anonymized series of Google searches, and they figured out who typed in the search. There were many, many others they couldn't trace, but it did prove that you MIGHT be found from your searches. Oh, by the way, Google searches for "how to poison your wife" and so on, captured from the cache, have been used as evidence in many trials. Why not? The computer remembers almost everything.

For the paranoid: Ctrl+Shift+P (Firefox)
 
I did not know Apple's WiFi is that good that it can receive signals from 10 miles away. I am lucky if my WiFi works good enough inside my house.

Yes, I believe that even very weak signals can be detected, although not necessarily used for web surfing. Check out some earlier posts in this forum about this. Apple claims up to 100 miles, which may be a bit of a stretch according to some earlier posts.
 
Not at all. That's strictly up to the individual. If you want to secure it, by all means find a way to do so.

In this case - yes, individual (provided they are given that option) I will agree with. But that's not the case across the board. I'm sure you didn't mean it was either. I think we all can agree that information such as credit card info should be encrypted. In fact - it's mandated via PCI compliance regulations.
 
They also note that findings that the database continues to grow despite Location services being off as a bug that will soon be addressed.

Seriously, does anyone believe anything that comes out of Apple PR anymore?
 
Also, the unencrypted part must be a very interesting kind of bug. Not only the code that was recoding the data had a bug (and stored data unencrypted), the code that later used this information also had a bug which allowed it to read unencrypted data (where supposedly an encrypted one was expected). :D

Some companies pile all sorts of development issues under the term "Bug". Everything from problems in the spec to defects in the code. What likely happened here is that the spec for the SQLite DB work that was done in 4.0 (previously it was a plist which wasn't very RAM friendly, or quick to parse) didn't adequately address the security concerns. This type of oversight is more common in existing features where they make changes, since you don't always get a spec that takes the whole system into account.

One person can read the spec and say "Well, it's a cache of cell sites and wifi basestations, I don't see how someone can invade privacy with this information." An actual attack on the design was probably never performed by someone that can show the interesting ways you can visualize the information and turn it into a privacy invasion with the DB in hand. White box inspection isn't always useful here.
 
Anyone else starting to suspect this "discovery" was intentional? I know it sounds farfetched, but hear me out.

Let's say Apple sees that Google and its partners are indifferent about abusing this kind of tracking data on Android because they're able to make a lot of money off mining that info which is Google's bread-and-butter. So, Apple intentionally makes this tracking database easy-to-find in iOS 4, makes sure they're being completely hands-off with it, and then waits for the inevitable sh*tstorm. Let said sh*tstorm brew for a week or so until anger at Apple spreads out and people start wondering if other phone companies are doing the same. Apple goes on record saying they don't use the data and will remove it or make it harder to access. That leaves Google and their partners completely exposed and an angry public (including some politicians) waiting for answers.

Have to wonder how intentional this was. Apple could certainly have done a much better job hiding or encrypting this database. It almost seems like it was put out there on purpose.
 
Anyone else starting to suspect this "discovery" was intentional? I know it sounds farfetched, but hear me out.

Let's say Apple sees that Google and its partners are indifferent about abusing this kind of tracking data on Android because they're able to make a lot of money off mining that info which is Google's bread-and-butter. So, Apple intentionally makes this tracking database easy-to-find in iOS 4, makes sure they're being completely hands-off with it, and then waits for the inevitable sh*tstorm. Let said sh*tstorm brew for a week or so until anger at Apple spreads out and people start wondering if other phone companies are doing the same. Apple goes on record saying they don't use the data and will remove it or make it harder to access. That leaves Google and their partners completely exposed and an angry public (including some politicians) waiting for answers.

Have to wonder how intentional this was. Apple could certainly have done a much better job hiding or encrypting this database. It almost seems like it was put out there on purpose.


I love this theory. You may be completely on the mark!! Nice one.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.