Data Broker Hack Exposes Location Info From Millions of iPhone Users

[CarAnalogy]

It's only a matter of time until personal data collection becomes illegal to collect. It has been shown time and again that none of them can protect the user and, on the contrary, do a lot of harm.

Why would the government make it illegal when they are its number one customer?

 

[dynamojoe]

I wonder how long before someone finds a reason to sue Apple over this .

There will be a race to find a victim and run to the courthouse to file. I think there is a first-to-file component in the decision of which firm gets to get control of the class action. I expect that a filing or three has already happened as finding victims should be easy and Apple is a fat target with deep pockets.

 

[Chuckeee]

This was from a data broker. That means that whatever the hacker stole was already available for purchase by anyone anyways.

 

[gsurf123]

I like "misappropriated access key" which is code for it was given out to someone who should not have it. Social engineering maybe which is the weakest link?

 

[JosephAW]

Wait until Apple Intelligence gets hacked and that’ll be the end of AI.

 

[jimscard]

There will be a race to find a victim and run to the courthouse to file. I think there is a first-to-file component in the decision of which firm gets to get control of the class action. I expect that a filing or three has already happened as finding victims should be easy and Apple is a fat target with deep pockets.

Apple shouldn't be a target of this at all, since iPhone users would not be affected unless they opted in to share tracking information with apps (which is not what Apple recommends). In this case, MacRumor's headline is wrong.

 

[tcgjeukens]

#gravy it is

 

[svish]

Disappointing to hear this. I am very glad that I have turned off app tracking on my iPhone. Happy with the improved privacy feature of my iPhone.

 

[JapanApple]

most trackers should be blocked. Safe then sorry.

 

[t0rqx]

Apple Privacy we think you'll love it?

 

[bellnen]

This is never a us only issue. If they provide consent at point of collection and you opt in they collect this from you. We only send data if consent has been provided which is only about 60% for us in the eu. Also with data portability regulations this data could be getting sent to the us.

Well in theorey the geo location of the data (where it is stored) does not matter. If it is about a EU citizien GDPR applies. As I said, in theorey.

 

[5692943]

I run a local VPN as a firewall on-device, then edge network stuff, then more protections at the very end of the chain. It’s ludicrous.

When I enabled it some apps have so much telemetry being blocked, and no timeouts written because they are ocded by morons, that they will make the device burning hot because it uses so much CPU just firing off blocked requests. I’ve seen literally thousands of them from some applications, it is outrageous that we don’t have better privacy laws and that Apple doesn’t provide a real on-device Firewall so we have to resort to hack-y workarounds.

The tracking toggles in settings do **** all for invasive code within the apps themselves, and for some reason only known to Apple iCloud private relay only works with Safari views.

iOS 19 could launch with this as its only feature and I would upgrade my phone if I had to in order to get it. Less damned “apple intelligence” and more privacy please.

this is intriguing. care to share the details of your setup, "edge network stuff" and "more protections at the very end" to achieve blocked telemetry in apps?

 

[joecomo]

luckily I have this **** disabled

 

[laptech]

So, when a company says we do not collect personal information from users only anonymised data we know that not to be true because if one company is doing it you can bet every other company is doing it as well.

 

[I7guy]

Apple shouldn't be a target of this at all, since iPhone users would not be affected unless they opted in to share tracking information with apps (which is not what Apple recommends). In this case, MacRumor's headline is wrong.

Apple has nothing to do with this. It’s third party apps that have these frameworks.

 

[MJaP]

a post from 2021, it's to do with web rather than apps, but the principal is the same <insert wibbly going back in time effect>

...so you're all SO concerned about privacy... and yet you all use macrumors.com ever wondered who they're selling your data to?... Let me show you...

Did you get a cookie popup once and only once when you first visited the site? It defaults to the "Purposes" tab... did you think to click on the "vendors" tab:

macrumors calls these advertising parasite "our partners" there are over 100 of them listed... looks like they're all turned off doesn't it?... but no, they are being highly deceptive, if you click on one of them...

Oh look INSIDE "legitimate interest" is turned on even though "consent" is turned off... and believe me, what constitutes "legitimate interest" is a VERY flexible term, and so macrumors sells your details to over 100 advertising partners without your knowledge and they sell it on to others.

You would have to open up each individual vendor and individually click on each green slider to turn it off... that's over 200 clicks... vile insidious marketing practice. I wonder if we can report them to the European Union for breech of GDPR as there should be a single simple click to turn off Legitimate Interest, other sites manage it, but apparently macrumors doesn't.

 

[jonnysods]

I also highly recommend people get an ad and tracker blocking DNS set up to further block such things on all devices and websites. The easiest is NextDNS, which is the best $20/year I spend probably. Other more complex solutions are PiHole or AdGuard Home.

Did you install NextDNS on your firewall? Just curious as I followed your link and I'm looking for some better protection in the home.

 

[SoldOnApple]

Further justifies Apple’s limiting the data organisations and aquire from iPhone users.

 

[oneMadRssn]

Did you install NextDNS on your firewall? Just curious as I followed your link and I'm looking for some better protection in the home.

I installed it on my firewall/router. I also downloaded the “profile” for all my ios/ipados devices so they get the benefit of it when away from home.

 

[SBlue1]

Disappointing to hear this. I am very glad that I have turned off app tracking on my iPhone. Happy with the improved privacy feature of my iPhone.

It's not just your phone. Every device that is online is capable of being turned into a spy. Just two weeks ago there was a huge scandal about one of the software companies developing for VW. They had a data breach that involved a million cars from VW, Skoda and Audi. They are tracking your exact location up to 10cm and storing your profiles together with your names, phone numbers, emails, addresses and whatever you decided to put into the VW app unencrypted and for everyone who wanted and knew how to see.

 

[Skyscraperfan]

Now we will know who attended P.Diddy's parties.

 

[SwissCanuck81]

One thing that isn't clear to me is what is required to match up this data with an actual person? Like, is their phone number in the data? If its just IP address and or some kind of tracking ID, it would require a lot of effort to match that to a physical person right? Or am I misunderstanding things?

 

[oneMadRssn]

Did you install NextDNS on your firewall? Just curious as I followed your link and I'm looking for some better protection in the home.

One more tip: This is a very helpful setup guide. You don't have to follow it to the letter, but it does a slightly better job of explaining what each setting does and whether you need it. The goal is to have a truly set-it-and-forget-it setup. https://github.com/yokoffing/NextDNS-Config

 

[DestructoTim]

I'm glad I don't have to worry about this one, as I never use those features and have them all turned off on the Mac and any other device I might use.

The NSA doesn't need to hack for that data since they have all the data already. If it goes through the Internet of the USA (from memory... around 80% worth of the world), they have it. They also track where every bit goes, so even if they can't see something as a whole, they do know where that bit was going to and where it came from etc.

Depends on if the data was encrypted. According to reports it sounds like it was. So they could have monitored all this data being sent around, but they wouldn’t be able to read it until the company was hacked and the keys stored there were swiped.

Though it is also possible I suppose that the NSA has obtained a quantum computer from one of our friendly mega corporations in the name of national security and has begun work on decrypting everything.

 

[DestructoTim]

Surely this very website would never use third party telemetry or click tracker embeddings via referrals and advertisements which wind up as part of these data sets…once sold and resold (and resold…)

Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.

Just wanted to say bravo for all the comments here regarding MR and not getting your voice silenced. Hopefully there has been a positive change in moderation here. I have posted comments with similar concerns in the past and had my posts deleted and been temporarily not allowed to post here (I avoid the B word for fear it may trigger some auto alert). Then again simply making this post is against TOS here, so wish me luck I am not on a forced vacation for a couple days 😂