Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Data Broker Hack Exposes Location Info From Millions of iPhone Users
- Thread starter MacRumors
- Start date
- Sort by reaction score
I wonder how long before someone finds a reason to sue Apple over this 
.
.Surely this very website would never use third party telemetry or click tracker embeddings via referrals and advertisements which wind up as part of these data sets…once sold and resold (and resold…)
Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.
Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.
I deleted and stopped downloading apps years ago except for Firefox and WhatsApp (because you have to have that or be banished forever.) Absolutely ridiculous that we are just cattle to organisations who collect and buy this data.
I run a local VPN as a firewall on-device, then edge network stuff, then more protections at the very end of the chain. It’s ludicrous.
When I enabled it some apps have so much telemetry being blocked, and no timeouts written because they are ocded by morons, that they will make the device burning hot because it uses so much CPU just firing off blocked requests. I’ve seen literally thousands of them from some applications, it is outrageous that we don’t have better privacy laws and that Apple doesn’t provide a real on-device Firewall so we have to resort to hack-y workarounds.
The tracking toggles in settings do **** all for invasive code within the apps themselves, and for some reason only known to Apple iCloud private relay only works with Safari views.
iOS 19 could launch with this as its only feature and I would upgrade my phone if I had to in order to get it. Less damned “apple intelligence” and more privacy please.
That's because Apple allows this kind of data harvesting then collected and potentially sold online.
This is much deeper than that. This covers ads that are displayed in web browsers, which are outside of that control setting. You’d likely need a strong ad blocker to avoid most of Gravy on top of the setting you mentioned.
You’re closing the barn door after the horses got out.
You (and anyone else annoyed by this) should seriously write a polite but firm letter to both tcook@apple.com and pschiller@apple.com if you’re dissatisfied. Not a joke.
Those App Privacy “nutrition labels” were influenced if not created in response to feedback that was sent in.
The emails are reviewed by executive assistants and they actually do take responses to incidents like this seriously if the public starts addressing it directly. For all of Tim Cook’s faults, he is very sensitive to customer satisfaction – I have personally dealt with his team.
They got "hacked" AKA made a offline backup of their systems.
Who invented the apps should apologize with the World.
I have a Firewalla on my home network that aggressively blocks trackers, ads and other nonsense. Blocks hardcoded DNS, too.
My phone stays connected via a VPN and doesn't touch the internet without going through my firewall.
well, the app was probably "invented" based on someone's request - the ones who actually use this data "legally" are the ones who should apologize imho
Agreed. Going from my dns to a public dns feels crazy now — all those ads! It also blocks ads inside apps, which is nice.
The benefit of NextDNS over Adguard Home or PiHole is it works when on cellular or away from home without needing tailscale or vpn or anything like that.
Also, while us techies can install such things no problem, NextDNS is super easy set it and forget it. I used to use PiHole (had dual synced systems actually for redundancy and no interruption during updates) but adminning it became a pain. $20 is money well spent for someone else to admin it for me.
Just so you know sometimes DNS requests (and an apple service or two) will leak since Apple’s VPN implementation doesn’t cover everything always but that’s another story.
If you have RCS enabled it also often goes straight out around the iOS VPN which you can verify if you’re on the wifi network that’s connected to and look at traffic, it regularly directly pings the carrier for some stupid reason and it’s crazy because they have the ability to do it via cell they wanted to. There is a lot of room for Apple to improve here, they may be waiting to improve the RCS support until encryption arrives but there’s no excuse for the VPN holes.
It’s way better than doing nothing though. With your setup you can also see how much that “disable requests to track” really does (almost nothing IMO).
These data files are going to be very useful once AI can do stuff with it for scams and blackmail at scale. Sure the random number "oh I misdialed" scam doesn't work well. But once it comes with "Hey, didn't I meet you at (insert interesting location) on (insert date that target is known to have been at said location).", well then folks are going to engage with that text.
Secret data collection should be illegal and probably will be. Permitted data collection should remain legal, as it can be a cheaper alternative that some consumers may prefer, even with the risks. The key is transparency and putting the control of the consumer’s data in the consumer’s hands.
I don’t care for my data. But you can go to the dark web and search a phone that is every night at the address your boss lives. And now you got his movement history. Check where he drops his kids at school, where he picks them every evening after their soccer practice. Where he goes to the gym. What doctor he sees. What stripclub he went to. Who he meets at a regular basis.
Or just look what phones are every day at the news paper office. Now you got the journalists. Check who they meet. Who are their sources. Find the whistleblowers.
Or check what phones are every noon at the location of your football team if you want to stalk some players.
Check out what phones are at the Apple campus and see if they travel abroad. You can find the next supplier, the secret test lab, the unknown factory.
See what phones are every day at the secret service headquarters. Check if the same phones are at the White House. Boom you found the presidents bodyguards. See what hotels they check out before he flys to another country. See what phones are regularly at the White House when there are events and see if they line up with catering locations. Now you know who cooks for the president and his guests.
This is a gold mine of unprecedented scale for China and Russia, for every dictator who wants to spy on his people, every company who wants to spy on its competitors, every violent husband who wants to stalk his wife, every crazy stalker, every mad psycho.
Or just look what phones are every day at the news paper office. Now you got the journalists. Check who they meet. Who are their sources. Find the whistleblowers.
Or check what phones are every noon at the location of your football team if you want to stalk some players.
Check out what phones are at the Apple campus and see if they travel abroad. You can find the next supplier, the secret test lab, the unknown factory.
See what phones are every day at the secret service headquarters. Check if the same phones are at the White House. Boom you found the presidents bodyguards. See what hotels they check out before he flys to another country. See what phones are regularly at the White House when there are events and see if they line up with catering locations. Now you know who cooks for the president and his guests.
This is a gold mine of unprecedented scale for China and Russia, for every dictator who wants to spy on his people, every company who wants to spy on its competitors, every violent husband who wants to stalk his wife, every crazy stalker, every mad psycho.
I'm glad I don't have to worry about this one, as I never use those features and have them all turned off on the Mac and any other device I might use.
The NSA doesn't need to hack for that data since they have all the data already. If it goes through the Internet of the USA (from memory... around 80% worth of the world), they have it. They also track where every bit goes, so even if they can't see something as a whole, they do know where that bit was going to and where it came from etc.
Ask yourself why all these companies want your tracking information. It's not just to sell you stuff.
Such handy info to have for governments, militaries & police. I see no apologies coming from any of them. Let alone the hackers & dark web folks who will make use of this data… 🤬