A lawsuit has been filed against Apple in the ongoing dust-up over its alleged tracking of the whereabouts of users of iPhones and iPads. "Irreparable injury has resulted and continues to result from Apple's unauthorized tracking of millions of Americans," alleges the lawsuit, filed on Monday in the US District Court for the …
I know others will say this, but this is just the sort of danger from proprietary/close-source software that we are likely to see, compounded by the kind of lock-out attitude of the likes of Apple (and increasingly Google with Honeycomb ).
You just couldn't get away with this kind of thing with Open Source.
You can argue that open source software would stop you getting away with this, Unfortunately, it's almost impossible to get a phone with an entirely Open Source OS. Even assuming companies install Android without Google's closed source components, they often install their own closed source software that may or may not be doing anything dodgy.
..but I still desire Apple sofware and hardware.
Step away from the court and put the lawyer down.
I dislike Apple as much as the next guy (maybe more so as I purchased an iPhone) but doesn't the speed of this just make it look like yet another cash grab in an overly litigious world?
It does look like a cash grab or knee-jerk reaction... However the fact remains that this is about the only way to get Apple to respond to anything. Especially if said thing is related in any way to the iPhone. They seem to think it's perfect.
Surely that's just following the Apple legal dept business model, after all?
Ts and Cs
Isn't there something buried in the small print in which Apple mentions the use of geolocation to provide targetted advertising? If so, it will likely be a very short court case and the cash grab will fail miserably.
It's the American Way!
Unfortunately, it seems to be the only way to get a US Company to do something about their users.
McDonalds had to get sued for them to stop serving third-degree-burning coffee. (And the woman who won that lawsuit is now universally ridiculed.)
Comcast, I think, got sued because of their RST mangling, and the FCC threat made them finally back down on that.
A good bunch of class-action lawsuits have stopped companies from dumping toxic waste into rivers or soil.
Ford stopped making deathtrap Pintos until they got slammed with lawsuits.
The lesson is: if you want a US company to hear you, SUE THEM.
But there is something burred in many legal frameworks that states you can put anything you like in a contract, but good luck enforcing it if it tries to supersede the law.
EULA does not equal automatically binding contract.
I for one...
welcome our invasive fruity overlords.
Dumb and dumber
From what I read, this is just a cache file stored on the device.
Using this cache file actually reduces the chance of tracking as it reduces the number of network transactions. Nobody has access to the cach unless they have physical access to an unlocked device or an unencrypted pc backup.
I sm happy to be proven wrong if anyone knows better.
Obtainable from a locked device as well
An iDevice doesn't need to be unlocked to be jailbroken, and once jailbroken the full file system is available for access over USB. It is this aspect that seems to have some folks' knickers in a twist.
In many jurisdictions law enforcement need to obtain a warrant or subpoena to get historical location information from telecoms providers, but may only need probable cause to seize and examine the phone itself. Because of this cache file, the latter may now be almost as good as the former when it comes to discerning an individual's movements.
I'm somewhat on the fence when it comes to this whole thing. While I hate the idea of my own hardware keeping an easily readable log of my whereabouts, I'm not convinced Apple have actually done anything illegal here. There's no evidence that the data goes anywhere other than the users' handsets, so Jobs is right in that they're not actually tracking anybody in the normal sense of the word.
On the other hand perception and opinion are everything these days and Apple's naivety in this regard is incredible. Stories of similar privacy concerns have been all over the technology media for years, and are becoming increasingly prominent in mainstream news as well. I can't believe that in the course of developing iOS not one Apple employee questioned the wisdom of leaving this data unencrypted, especially in the backup files. Or perhaps they did, and were shouted down. Who knows the mysteries of internal communication in the Cupertino citadel?
"Nobody has access..."
I don't know any better, but if there is truly no way for others to get at the data, then the worst Apple has done is to carelessly provide a means for sensitive info to leak via the backups. The court case they face must surely fail unless it can be proven that they are also remotely lifting the data. Is there any evidence for that?
Yeah but, yeah but
That is correct
The only way to access the data is to have physical access to the device. And then, you'll have to jailbreak it, or access an unencrypted back-up from a PC where it was sync'ed.
If anybody has access to the physical device, they have access to much more damning and sensitive information than the location of cell-towers near the user. Consider that the address-book, e-mails, and browser history are also stored on the physical device.
So that sleezy "genius" at the Apple store would never take a copy home, right?
Nor would the random guy/girl at a computer/phone shop you hand it over to when you have a question about it...
And of course no suspicious wife/husband/friend/relative would ever plug it into a computer and take a copy while you're off cooking dinner or taking a shower.
Never. People just aren't like that...
More than just a cache
A cache should just store a limited number of recent/frequently used entries. Shouldn't need timing data either (especially as it doesn't expire entries).
But they could also copy your pr0n collection, the phone number and address of your mistress, and report your incriminating e-mails to the police.
Just a cache
Date and time could be used to rank the entries, giving higher priority to those more recently updated. I'm not saying this is the reason, I'm just saying that there are legitimate uses for that information other than "ZOMG! Apple is tracking my movement!"
"Jobs reply: "Oh yes they do. We don't track anyone. The info circulating around is false.""
Quick bit about Jobs' reply. Google tracks users web habits, and likely collects "anonymized" usage data (no different than Microsoft being able to determine which buttons in IE are used most often). Jobs is tracking a user's physical location indefinitely. Do they send it back to Cupertino? Likely not. The info circulating is not false, as anyone can pull up these specific files (depending on iOS version) and see for themselves. Jobs is a liar in this case.
If you have an iPhone for work (because you requested it over a blackberry for instance), then your work would have every right to have physical access to your device. They can see where you've been, even during off hours. This in itself is a violation of privacy plain and simple. You might as well have a tracker in your work-issued badge (which is likely in your glovebox perhaps?). You don't have to have something to hide for this to be a problem. There's a privacy uproar for internet browsing, so much so there's "Do Not Track" methods being implemented in browsers now. Simply put, there's no need to keep an indefinite log of location on a phone. The last few hours? Sure. "Take me home" or the like. But not "Show me where I went on vacation last year."
"Consider that the address-book, e-mails, and browser history are also stored on the physical device."
You mean the iPhone doesn't support local data encryption on the address book, e-mails, browser history and such? Geeze, my BlackBerry does this. Hell, my previous 3.5 year old BB can do it as well, nobody can access that info unless it's unlocked...
Apple legal stuff is water-tight, I betcha.
There as so many fucking disclaimers in their EULAs, I bet the consumer has zero recourse.
You cannot EULA disclaim against negligence or anything that may be against the law, or indeed an unfair contract.
If I stick in an "indentured servitude" clause into an EULA it doesn't mean you have to serve after you tick the box saying you read it.
Apple is actually being rather careful with your privacy
It's a cache file of cell locations that you MIGHT go near, data downloaded FROM Apple. It PREVENTS the iPhone from covertly emitting location data. And location services on the phone can come up with an answer even when GPS isn't working (you're deep indoors, or maybe you haven't even got any GPS hardware). With it, location services doesn't need internet connectivity, and can use any one of mobile signal, WiFi signal, GPS signal, to come up with a location. Even then, the user is in full control of location visibility, on a global and per App basis.
The file doesn't tell anyone where you live, or work, or where you've been, except in the vaguest and most incomplete way imaginable. And seeing it requires physical access to your PC / iPhone. So the evil one has to know exactly where you are to find out within 50 miles or so where you may have been.
The existence of this cache file enables the iPhone demonstrably NOT to covertly emit any location info about you to Apple, because the answers to Location Services' questions are already on the phone.
Now the phone book is different. It's publishers should be locked up after paying every person listed thousands in compensation.
Cash in bank.... errr woz
Now we know what Apple needs the $67trillion dollar bank nest egg for, its to pay off legal costs.
RE ".reduces the chance of tracking.."
There is a date, time and location. If you don't call that tracking, what the hell do you call that?!?!?
I call it a cache database of known network access points in the vicinity, along with the date and time when they were last updated.
>>> There is a date, time and location. If you don't call that tracking, what the hell do you call that?!?!?
A list of dates, times and locations. Without knowledge of who the data relates to - and what they were doing at each point - it's not an awful lot of use. Unless you lose the phone or it's stolen of course, in which case a list of locations is the least of your worries.
I love how Tesco knows what brand of toilet paper I buy and no-one bats an eyelid, but the fact that Apple or any Android implementer might be able to work out approximately where some of their customers may have been standing the other day is suddenly a big deal.
Well said sir!
That always gets my goat!
People bang about PC security this and phone security that, but they will happily have one of those nasty little loyalty cards from TESCO or Sainsbury's and always blindingly hand it over! TESCO, I believe, still have one of the biggest databases in the UK, every single purchase you make is recorded against your name and address. They know the make and number of sanitary products the ladies in your house have bought and used, the number of times you bought "something for the weekend" or when you last had to buy creams and ointments for that rather unpleasant rash you got on your private bits, yet most people seem to think nothing of handing this info over in exchange for £25 off their Crimble shopping at the end of the year!!
Yes I tend to find the location info I see in Google maps on my iPhone rather unnerving, especially when I see how accurately it has pin-pointed my location but that's not that much of concern to me. I am more worried that TESCO will start sending me spam for erectile disfunction pills 'cos I bought from Prep-H 3 months ago after a very bad night on the curry and fizzy-pop!
RE: Well said sir!
The key difference that you seem to have missed here is that loyalty card data is only captured if you hand over the card: a step that's optional and also one with a benefit, albeit a small one, for choosing to share that information.
Apple's data is collected for all iphone owners. Burying that information deep in the Ts&Cs is a hell of a lot sneakier than asking 'Do you have a clubcard?'. And they're not giving you anything in return for your data either...
If, say, you worked at a battered partners' refuge, or were on a witness protection programme, you might be a bit cheesed off to know that pinching your phone is enough to reveal that kind of data.
Stupid is as stupid does
Now before this information came to light there was no issue.
Now they know they are, allegedly, being tracked there is suddenly an issue. What do these two people have to hide? Criminal activity? Or do they see this as an avenue for monetary gain.
This information is NOT TRANSMITTED TO APPLE therefore there is no surreptitious act by Apple to secretly track users. Apart from that do these idiots realize the amount of storage and computing power required to process this much information for every device they have sold!
Credit card companies track you, your GPS even stores details of your previous journey's, mine even keeps records of journey's that I took that I didn't ask directions. Didn't give it permission to do this either but I am not going to shit my pants and start a lawsuit against Garmin for doing it.
Advertisers store cookies on your computer without permission and use these to show advertising for products and services that you have been looking at. Did they ask permission....
... didn't ask me! Still not shitting my pants and wanting to hire an attorney!
What is it with people, you are all so god damn paranoid. Everyone has been tracked for years!
"What do these two people have to hide? Criminal activity? "
Privacy and the desire for privacy are not the sole domain of criminals.
Unless, of course, you dont mind me looking through your bedroom window at night and following you around.
Please let me know your home address and phone number. I mean, its not like you have anything to hide - do you?
"What do these two people have to hide?"
Tell us your PIN.
Its the old nothing to hide then nothing to fear crap its all good then. how about this, I've nothing to hide its just nobody elses busness but my own!. The only thing I fear is having to prove that I have nothing to hide.
Annon because I can.
>>> Tell us your PIN.
Knowing where his iPhone was last week does not make his PIN available, or any other personally identifiable information. Try again.
Seems you are unable to follow an argument.
--"What do these two people have to hide? Criminal activity? "
A variation of the "nothing to hide, nothing to fear" gambit is what has generated the comments.
Nothing to hide?
Some people are paranoid for good reason. There are several reasons not in any way associated with the criminal law why one might want to keep ones movements secret. Cell-based locations are more than accurate enough to reveal that someone hasn't actually been where they were supposed to be that week when they said they had to be away on business. Not that I'm condoning adultery and such, but it's not illegal (yet).
Ummm, and as for cookies, as from May 25th all EU websites will have to ask explicit permission to store them.
"I guess if you don't have a iPhone, you are not being spy on."
This is what the stupid commercial should say.....
If the information is false, as the possibly real Mr Jobs claims, why don't Apple just explain what it is and then this will all go away? If it's innocent and nothing for people to be concerned about, then just explain what it really is. Then the problem goes away.
Oh but wait, I forgot this is Apple we're dealing with. Someone could ask them if the sky is blue and they'd probably refuse to comment.
It's green. Now shut up and buy our stuff.
People need to get a fecking grip. Have these people wondered how much data your network provider has one you, and the amount of location tracking they do.
More importantly, under RIPA, how much acess the Police, local authorities, and others have to this? I'd take a local log file over this any day. One the pigs need a warrant to get access to.
Are you saying that because there is a lot of tracking available to law enforcement, everyone should just shut up and let everything they own track their habits?
Dont you see the difference between Police justifying a RIPA intercept / track vs J03 H4xxor getting hold of the data?
Even if you think they are the same, that just means the RIPA legislation should be fought... I must admit I am a bit confused by the apparently defeatist approach to being followed 24/7 and the apparent attitude towards the police...
Oh, the dilemma of being a fanbois
The lure of money from a lawsuit with the potential to put Apple out of business.
... you don't have to worry about privacy unless you have something to hide! - Schmidt
RE: open source
Which is why I'm holding on to my n900 and look forward to Meego :D
Sure, since we all know that the network companies do not track your every move expressly. We also know for sure that they don't share this information with the government, data brokers or advertisers. No, they wouldn't do that. After all, Open Source will save us all.
They don't because they can't
Cells just aren't clustered that closely together. You'd only get that kind of accuracy from an AGPS device (don't give me that bullshit about it locating cell towers, there are NOT 19,000 towers in central London).
The limited triangulated tracking we used to be able to do via cell towers - which yes, was done at police request with a warrant - has nothing on the maps I've seen generated from consolidated.db
I know you LOVE Apple - you always defend them no matter what - but seriously, you gonna get violated, son.
Cell triangulation is more precise than what you think
Take a look at this experiment published about a month ago by German Green Party member Malte Spitz:
It is amazing, incredible, scary... And fun :)
It's improved, sure
Microcells alone up the cell-count which improves triangulation calculations but regardless, that's not what the iPhone is tracking. Not a chance. And as I say, the generated maps blow cell triangulation out of the water.
Personally I'd be more annoyed about...
... the much reduced battery life that comes with having the GPS chip on all the time.