It didn't take long for the blogosphere to pooh pooh research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail. On Thursday, a forensics expert who sells software to law …
I used to work for a firm that did GPS tracking of trees, but there was an application being tested on similar kit to ours by a professor in Sunderland. Police tried to do him for speeding, but as he was testing his GPS kit at the time he was able to use that as evidence and prove he was within the speed limit at the time the police were trying him do him for.
Ah, to be a technically illiterate fanboi like yourself. The world must look like one pretty garden.
As the Wall Street Journal reported yesterday, "Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.".
Data Subject Access Request
It would be really interesting to hit Apple with a Data Subject Access Request - it would cost you £10 and Apple would have to give you a copy of all the data that it has on you within 40 days. That would show up if any of this data ends up on Apple's servers.
I don't think that Jobs would be too pleased with this, but it is a right that we have in the UK.
I don't own an iphone so I can't do it.
Any of you tried it ?
So, if I jailbreak my phone, login as root and chmod this file to 000 will that stop it writing to the log file whilst not throwing nasty errors all over?
"“We both have the exact same data point in Vegas, and neither of us have been,” he said."
Same data point, same time?
Hmmm. Do I need to spell that one out for you?
Trust me, it's harmless
Yes, folks, Apple tracking your location is harmless.
We'd never tap into that info and it can't ever harm you. Even if your imprecise location might indicate "which side you are on" or where to aim our artillery. After all, doing so would be illegal.
Muammar Muhammad al-Gaddafi
Too many halfwits here
If the data is unreliable, as seems to be the case, forget the use of the data for legal purposes. Any half decent lawyer would be able to show from any other log that there was no guarantee 'beyond a reasonable doubt' that the data was accurate, and so none of it could be relied upon.
You simply cannot say someone was in Las Vegas using such a log, unless you can show that the person was in every other location in the log and there were no errors.
So put the 'oooo I might go to jail' argument aside - its puerile.
Since Apple users are sheep, they would be happier when they are surrounded by other sheep. So my app idea is a Location Coolness score, by the local density of Sheep (other Apple users). This data makes the job pretty easy.
So a Lady GaGa concert would be a really Cool place, and shopping for tires at WalMart Not Cool at all.
if it would keep me away from WalMart's tire section and from clueless haters like you I'd sign up for it.
Maybe we can do an app that uses both Android's locations file and the iPhone's and would then instruct each camp on where to go to make sure a safe distance is maintained.
dont forget the telcos
I am an officer on a private police force. Recently, the local "public" police force called us to give us a tip on a missing person. A run away child was shown to be in our facility , as determined by examining the data pulled from her phone's GPS (although it's not a smartphone) and call tower data, all stored AT THE TELCO and not on the cellphone itself.
So, I think this is rather moot when it comes to the cops looking at this file because they have easier, more accurate methods, assuming they have a warrant or court order. Apple, on the other hand does not need a court order to see this data.
Will Clarke should read more closely
Will Clarke should have RTFM, the application's web site clearly states that they skew the data intentionally, to keep this software being used by script-kiddies. The points are supposed to be way off.
QUOTE : http://petewarden.github.com/iPhoneTracker/
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced.
...you could have read my blog post, where I describe how I used the raw data from consolidated.db to make my conclusions.
Where there's paranoia - there's money
App idea - an app that runs when the password is entered - it prompts for a second password - you can enter either the right password whereupon the app exits, or the wipe password which deletes everything.
You think having nothing to hide means you've nothing to be afraid of? See why a cop and a law professor agree that you should not talk to the police.
If you use mobile phone, any mobile phone, you can be tracked.
All phones can be tracked to within a few meters by triangulating their emissions. If this was not done it would not be possible to move between cell towers while on a call. This data is logged by the networks and those logs can be accessed by the authorities if they obtain authorization, or if they just do it anyway.
Also the web pages you browse are logged by ISPs, so if you look at location-specific content on your phone there is another record of where you are, along with the web history file in the phone itself.
So this new tracking file is simply another way for a third party to establish where you've been, seemingly less accurately than methods that were already available. Admittedly access to the logs of service providers is restricted, but anyone who has access to the phone can look at its browsing history.
Its not that there is nothing to worry about, but I don't see there is much new to worry about.
Learn to hide!
If you have something to hide, then learn to hide it. If you think you might have something to hide, then learn to hide it. If you just want to protect your privacy even if you don't have anything to hide at the moment, then learn to how to hide.
Don't expect the technology you buy to do your work for you. Don't go around like wide-eyed fluffly little bunnies expecting that Apple, Google, any business, the police, governments, etc, were going to do you any favours. Acting all shocked that someone can track you by your mobile phone is the same thing as acting shocked that the local curtain-twitcher can keep track of when you leave and return home.
Get smart: not only should you learn to hide, but you should learn to turn the technology against them. Plant your phone on someone else. Swap phones with friends. There are many things you can do, depending on what your plans are and how proactive you want to be. Expecting someone else to look out for you, though, means you'll always lose.
1. the location logging inaccurate, so let's say it is 3 miles out
2. a crime was committed at some location
3. the cop asked you where you were when the crime was committed
4. you said that you were nowhere near there, in fact you were 3 miles from away from said location
5. the cop examined your phone, and it said you were there
6. you go to gaol
I rest my case.
Again, some people immediately go to the 'not a big deal' response again without knowing why this data is being stored in the first place and with no way to turn it off. Just amazing
Not a big deal.
Change your alibi. Not that big of a deal.
Sent from my iPhone
Take tracking off iPhone
Any device which got Apps store will automatic get track of your location including the latest Android phone, so what happen with iPhone is nothing new!
Lots of users can't be bother to sit down and learn all the phone's settings. Under setting click off location service ... no Apps can track you!
If anyone who is absolutely paranoid then switch off the cellular network, your phone will disconnect all together from the internet.
It's all under setting, I don't know what the fuzz all about. Apple already done the ground work when iOS came out .... it is the end users need to learn how to use the phone.
Also under setting in iTunes users can delete & write over any backup data store in iTunes.
No one needs this info
The police don't need your phone. If they need to they can access the cell site info from your carrier which is probably less prone to thinking you're in Vegas periodically.
And if you're of that much interest to them they'd take your phone for forensic examination chances are they already have.
Horse, stable, bolted, long ago
Why would the notional 'big brother' go to the trouble of having to physically get access to your phone and hack it when they could get the same data much more easily from the telcos, along with the same information for all your non-iPhone carrying associates? (Yes, iPhone-less people do still exist). Your iPhone might know where you are, but your telco knows even better.
Never mind the cops
If 'they' can get the information you can bet a lot of even less pleasant people can get it too.
I imagine logging works this way
Phone connects to a base station, base station sends it's id, longitude & latitude info back in the call, that info gets logged. If there is more than one base station in the area, the others can be used to do a rough triangulation. If a station were sending the wrong values it might wildly affect the triangulation. If the phone is 3G connected or GPS is enabled the location might be refined further.
And yes it's has incredibly serious repercussions. I can well imagine husbands & wives surreptitiously feeding the info into the app to see where they've been; phone thieves using it to see when someone is away from home; infected PCs stealing that data now; government investigators using it to plot movements of suspects.
Basically it tracks users. It should be simple enough to fix the issue, e.g. by not storing the info or only holding it in a transient table which is not backed up and does not survive a reboot. But it's a worry that phone devs don't think of these things at the very beginning. Maybe if someone asked the engineer who wrote this they might say they did it to optimize location information, or handover efficiency but the fact it's such an infringement of privacy means it needs to be fixed.
Food for thought...
Last time I stored a large amount of coordinates, I applied an algorithm to them to change each set by a random (but re calculable) amount- This was in order to stop people nicking the data but at the same time make those that did want to pinch it believe that it was stored unencrypted. I never thought of injecting false data (Las Vegas)- I must add that to the next version.
Pointless Information for Law Enforcement
If the police want to know where you were by your mobile phone, they just need your number and provider then the go directly to the telcos, where they can get exactly the same information and more from their logs regardless of what make/model your phone is.
I'm not an Apple fan, but this is just paranoia for paranoia's sake.
As if the cops are going to go to all the trouble of seizing your iphone (which you will notice) when they can just get the mobile operator to track you (which you won't notice and might continue incriminating yourself while being tracked).
While I agree that I don't think that devices should keep a record of your movements unless you've told them that it's OK to do so, I think you undermine your argument when you say:
> if you have no appreciation of how, historically, advanced civilized and democratic countries have been transformed into totalitarian regimes
I don't think you need to bring in loony conspiracy theories to win this debate!
I leave my mobile at home. Track that. If it's even on.
Radiation spraying all over a First World country that happens to supply many IT components -> Reg says happy clappy, No Problem.
An iBlob comes with a free buggy, unreliable low-precision database that says you might have been somewhere, more or less, at some time, but which is so unreliable it would be completely useless as court evidence - Reg says OMGWTFBBQ!
Not that I'm defending Apple here. I don't want my iPhone to collect and store data about anything I think, say, or do, unless it really, really needs to. For a very good reason.
Even so - let's have some perspective and common sense in the reporting, please.
So you're overseas. Having a quiet dinner. Having nothing at all to do with that protest occurring a dozen blocks away from the restaurant. You probably didn't ever hear about it.
Until you try to return home ... and your phone log puts you 'in the vicinity'.
Nope. Nothing to worry about at all.
Hey, on the plus side ... I hear political dissident cells are lovely this time of year!
Apple = commercial.
I was going to read all the comments before posting, but after the first page of paranoid delusions I just skipped straight to posting. So apologies if someone else has already pointed this out and I missed it in the deluge of hysteria.
Apple is a commercial company, not a secret arm of the Gubbermint. Everything Apple does is to make money, period! Giving up your location to the cops/FBI/NSA does not make Apple a profit, if anything it could mean they get sued, so I don't think socila responsibility was high on the Apple business case. You're also forgetting that the authorities can simply ask the carriers for records of all the cells your mobile has talked to in a period.
I'm betting the this is linked to locational-based advertising in searchs, either for current Safari searchs or for a future product Apple is bringing to market. I'm betting the reason there are gaps in the databases are because the owner simply wasn't near anything that Apple thought worth advertising (in reverse, this explains why there would be thousands of hits in a city due to all the stores, shops and resteraunts). And by "worth advertising", I'm thinking in the Google terms of "pay-me-to-get-your-place-as-the-top-search-result". Given the widespread adoption of Apple mobile devices by the fanbois, it would seem that Apple are sitting on a potential goldmine if they can monetise the location information.
Exactly what cynic me was thinking too: "I smell ads linked to this". Will we ever know, tough?
"...Apple isn't taking privacy seriously."
In other news, the sky is blue.
All joking aside though, this is a pretty serious issue. Not as serious as some are making it sound (after all, you have to have access to either the phone or a backup file from it to make use of the data), but still quite serious. As for the law enforcement angle, under no circumstances should that kind of data be made available to cops.
Now don't misunderstand me. I have a lot of respect for cops. They do an extremely tough, thankless, and vital job in our society. However they have the unfortunate tendancy to use everything that points at the person they think did the crime to prove it, even if that person is innocent. The inaccuracy of this information makes this even more of a concern. You could be two blocks away from a crime and your phone can show that you were at the scene. If for some reason a cop suspects you, that could well be enough to sink you.
And that doesn't even begin to touch on the political enemies of abusive authorities. In those situations it would be easy for entire groups of political enemies (plus dozens who just happened to in someone's contact list) to be wiped out. All they have to do is catch one of the group, identify a likely location for a meeting based on his tracking data, then go through his contact list checking other people's phones to see if they were at the same meeting. No doubt in this process a lot of innocents would be nabbed as well, but that type of dictator won't be concerned with that.
Actually it is surprising
"...Apple isn't taking privacy seriously."In other news, the sky is blue. "
Can you produce actual examples of this issue or are you just talking out of your ass?
Note the joke alert icon
That is all.
They've been able to track people's whereabouts from the first day a mobile connected to a mobile mast. You really don't need databases on iphones all of a sudden to do that. You must be living in lala land to think no one can track you.
And for the Android people who think they can claim the moral high ground..
This article is 100% opinion. 0% fact. Keep that in mind.
The fanboys are not being logical...
I don't much care, since I don't have a smart phone anyway. But it's an interesting situation, and the fanboys are contradicting themselves, it would appear. They say, repeatedly (you'd think they are being paid by the post, or that they are unemployed and have all day...), one of two things:
a) the logging is needed for the proper functioning of the phone, or some subset of its functionality at least;
b) the logging is so wildly inaccurate this is not an issue.
Now, has anyone seen the problem there? Or are you saying the bloody thing does not work to begin with? That would be the only logic conclusion, if both a) and b) are correct.
And by the way, and as noted above by a fellow commentard, the tool released by the researchers purposefully makes your data inaccurate so script kiddies can't easily use it (RTFA, the original one from yesterday). So, unless you tell us how you examined your phone's data, your statement that the data is inaccurate is as reliable as a politician's campaign promise. Although some of the inaccuracies reported here seem much larger than what the tool makers said they introduced, sot who knows.
Anyway, back to your regular program...
How about adding Google to this mix?
I don't think it's much of a surprise that your phone keeps a record of your location, especially when you have location services built into the OS and apps.
But how about railing on Google for its Android software talking to the mother ship several times an hour with your location data, unique phone ID, etc.?
The reason for this erroneous location info is probably caused by hitting the WiFi on a plane which then registers as a Vegas address.
I checked my locations about six months ago and had a single log of a visit to Fort Lauderdale Airport, which I've never been to.
I love the commetards
Everyone has an opinion, but no one even bothers to check or even learn about anything.
No wonder the world is so fucked up as it is.
The media can feed you people just about anything they want.
That's the truly scary part of it all, not ridiculously harmless cell tower cache tables.
Alex Jones, the real paranoid guy says no big deal (serious)
Alex Jones says "they were doing it for years with any cell phone shipping since 2001, this isn't only Apple". Any Americans to talk about telecommunications act of 1997?
Lets not forget, Apple could post a statement to their website and hire an independent, serious investigator about consequences of such data.
If they mute like that, the noise will grow of course. Don't forget the general, non tech public barely understands how they are able to make such a device let alone some xml files.
iPhone and Android, Symbian are general public targeting devices. It seems everyone (including vendors) sometimes forget this.
No point in trying to reason against a firehose of histeria
Anyone who's been the target of any kind of mass media attack knows it's just not enough to post facts. People would just say "the research was paid for by the company" or what have you. It could even make things far worse.
It's far better to wait for a little while and see how it plays out, in the meantime keep a few journalists and particularly editors on speed dial. That's why the media loves these sort of news: suddenly they can get the attention of big companies and may break a few ad deals out it.
They just wouldn't listen to reason.
Yes I've worked at a big financial newspaper (in IT) I know the kind of crap that goes on. We even had journalists routinely doing coke at work, it was all completely fucked up.
Did the Headline Writer read the story?
Headline says “it's not harmless and here's why;” the story says if Apple would only speak up there'd be no problem.
The only logical conclusion is that Apple's silence is what outrages the Register. What sense does that make?
And if indeed you don't like the idea of this data getting out— I don't — the Register has grossly neglected the trivial steps to prevent it:
1. Take Apple's advice on password-protecting your phone.
2. Take Apple's advice on how to encrypt your iPhone backup files on your PC.
3. Realize that there are probably a dozen OTHER files — recent phone calls, address books, web cookies, more — that are MORE sensitive than your location history. Keep your phone out of the hands of people you don't trust and encrypt or erase.
Of course, the Register has never been much for proactive how-to stuff; mostly it's a place to take cheap shots at others' work. “Whoring Link-bait,” as it's sometimes known. So the logical inconsistency in fact makes sense: the Register doesn't need you to know anything, as long as they can get you worked up.
what about this?
What about keeping the backup in encyripted form by default, like everyone's popular hate object Nokia/Symbian does with a freaking 300 mhz ARM processor?
secret ballot at elections
There is no secret ballot, every ticket is marked with your ID before it is handed to you. A quick check by the appropriate authorities afterward will show how you or anybody else voted. QED.
Inaccurate? That's funny...
My daughter posted a link for me way back when she was traveling between Arizona and California so we could estimate her time of arrival. There was some inaccuracy between her and her husband's phone due to clock differences but this just told us how fast they were driving.
What this link was subsequently able to do was track the phones to the in-law's house in Alberqueque -- not just to the general location but I could see exactly what part of the house the phones were in.
These were Blackberries on Verizon's network rather than Jesusphones but I think the basic idea is the same. A phone knows exactly where you are.
Cellphone location data is used by the radio stations in Los Angeles to estimate urban traffic flows in real time. They were using this yesterday to track rolling street closures due to a visit by the President.
So don't worry about misuse of phone information -- panic.
That's the purpose
My Canon DSLR has geo-location on every photo I take. My iPhoto software uses that information in its 'Places' library. I'm screwed.
You folks don't get it, do you?
If a government announced to its citizens that it was implementing a program to track everyone in real time, and that everyone would be required to pay for the tracking device and to pay a monthly fee for this "service," then people would be outraged.
However, if the tracking device can be "upgraded" to mimic the functions of a telephone, and if the device can be marketed as the latest "must-have" toy, then people will voluntarily adopt the tracking technology. Further "upgrade" the tracking device to a "smart phone," which mimics many of the functions of a computer, and people will fall all over themselves to spend hundreds of dollars for the device and for the "service."
Gee, it used to be that only rich people could afford mobile phones? Isn't life better now? Yeah, right.
As soon as you get a cell phone, you surrender to the matrix. So what is the big deal about the latest iPhone gambit? Cell phone providers already track the locations of cell phones. (After all, that's what makes it possible for them to route calls.) They also log the from and the to locations of the calls.
Apple is merely taking it to the next level. Apple is the Borg, and resistance is futile. Yes, it makes you feel good to vent, like any form of masturbation. So go ahead and express your outrage, if you're having fun doing so. Just don't expect it to accomplish anything.
You bamboozled yourselves into trading away your privacy. You bargained with the devil, and you lost.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND