Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it,
follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given
their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
iPhone and iPad logging detailed information about your whereabouts
Posts
I'd argue that in choosing to buy a cell phone with GPS capabilities, you've already opted in to this. Even hand-held GPS devices are going to of necessity do a lot of caching and previous location storage if they want to maintain any kind of reasonable battery life. It's just a fact of life with hand-held location-aware technologies. Which isn't to say that it wouldn't be nice if this cache were encrypted, but I'm not super concerned that it's not.
The reality is that if you're a person with a large concern for personal privacy, you shouldn't buy a cell phone, full stop. Carrying one around means you've already ceded knowledge of where you are to your cell company, and if your phone is also using wifi AP triangulation (like iOS, Android, and I'd guess windows 7 and anything else with a wifi antenna) to Google or Skyhook or whomever is maintaining the AP-to-approximate location translation lists.
The only thing that's changed here is that in addition to a number of companies having access to data on where you've been, that data is actually available to you in this case, too.
Cache invalidation bugs are really common.
So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me? It's not unreasonable to expect that data collected be done so for a specific purpose, only if you opt into it, and protected well once it becomes necessary to keep it. That should be the baseline.
Information doesn't scare me, so long as I can reasonably protect myself from its misuse. Privacy is just a sanctimonious proxy for security (among other things).
Lots of people smoke because the cancer doesn't really scare them. Does this mean I should be forced to smoke too?
Knowledge of this "bug" is old, it was being discussed last year the year of our lord 2010.
If it's just a bug then why hasn't it been fixed long before now?
Look, when Daring Fireball is asking questions of Apple and saying that Android is doing it right you know this is serious business.
If you partake in lighting cigarettes and holding them with your lips, probably yeah.
Many of us seemed to have missed the original discussion. Isn't it possible that, if it did not receive sufficient media coverage, Apple may have simply decided that there were more pressing tasks for their developers?
Fun fact: did you know that they don't even need a warrant to pull the logs off of your phone? And that they're allowed to do it automatically at US border crossings, even if there's no suspicion of wrongdoing?
One could argue that they don't need it because you could destroy evidence after your arrest. I agree but don't agree with this. Do I think this is bad? No. Do I think police should have access to it? Doubly no. Do I think they should need a warrant just like they do if they get it straight from the telco? Yes. Do I think there's anything else going on with this? No.
Much of your position can be easily boiled down to: "It doesn't matter to me, therefore it shouldn't matter to anybody else."
The brouhaha about this demonstrates that this is neither minutiae nor incomprehensible. I understand that you don't physically travel to places that you wouldn't necessarily want the entire world to know. But some people do.
Privacy is contextual - the idea of "private" and "non-private" information is quickly becoming obsolete. The real question is who is privy to what information. (I don't mind if my girlfriend knows I went to Burning Man, but I don't want my boss to know that. I don't mind if my friends know that I crossed the border into Mexico on my trip to LA, but I don't want a police officer who stopped me for a broken tail-light on I-5 to know that. I might tell my divorce lawyer that I started cheating on my soon-to-be-ex-wife two weeks before divorce papers were filed, but I don't want her lawyer to know that.) So when you say, effectively, 'all this information is available in other contexts,' yes that is important to the conversation, but it is not the end of the conversation.
Sure, my cell phone company already knows where I've been. But somebody picking up my phone and fiddling with it for five minutes shouldn't. (Similarly, my ISP knows which porn sites I visit, but I still clear my browser cache before my mother comes over.)
Inprivate browsing doesn't disable the fundamental function of the browser.
Unless you let people fiddling with your phone jailbreak them, and then download associated software. Or, they have specialized hardware/software worth a tens of thousands of dollars. Or they had a warrant.
If someone was getting the information right then and there with no skills and using shit on the phone to do it? You're absolutely right.
a large number of people jailbreak their phones to skin them, or install better sms apps.
A staggeringly large percentage of them do not change their root password.
All of these phones are wide open to compromise by anyone with even a passing interest in collecting the data, and a laptop that can spoof as a free wifi access point.
I kind of get the sense that the root of your argument is that anyone with good technical knowledge of my phone's OS should be able to find out where I've been for the entirety of my ownership of it... because if I've done nothing wrong, I have nothing to hide.
EDIT let's stop mincing words here, taking this information from me without compensating me for it is motherfucking theft. Information is a valuable commodity, if someone wants to know how I move about Canada with my phone they'd better be providing me some compensation that we've mutually agreed to.
For the sqlite file to contain location information, your device must have location services turned on.
For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.
The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.
For the file to be readable, you must NOT have encryption services enabled on the device.
Is that correct, or have I missed important details?
The phone contains the full log at all times, and the device is actually much easier to hack then Apple would have you believe.
The legal implications. Basically, by this data being on your phone/computer, it increases the legal exposure.
As someone who used the internet back in the early 90's when browsers were a new thing: none of those features existed. Every one of them came about long after browsers started keeping caches, cookies, histories, and logs, and they all came about because there was sufficient outcry from users for such things. I mean, the InPrivate thing is fairly new even in Internet Time.
When browsers first hit the scene it apparently did not occur to Netscape or Microsoft that people would care that they were keeping a record of where you'd been or copies of everything you'd looked at. There was not, that I recall, even a button anywhere in the UI to clear those things. I had a piece of software back in the day that would go and clear out my cookies file and my cache once a day.
Randomly discovering that a company is non-maliciously logging things that make the public gasp and cry out in shock because it didn't occur to anyone that it was going to be a problem is not exactly new to the computer world. It's happened before and I guarantee you that it will happen again.
My understanding is the opposite: it contains cell tower triangulation data regardless of your location-services settings.
CptHamilton: Sure. I'm not arguing that this is malicious or criminally negligible or morally horrendous or anything like that. I'm just saying: the problem has been identified, now Apple needs to remediate it. I feel that the precedent you're describing only reinforces my argument.
I have nothing but contempt for Apple, but as I cannot boycott their products any further, I see no point in preemptively getting all worked up over their suspected motives here. If you give me a reason to suspect them (like that article, which is troubling on a couple levels), I'll take it at face value. I don't feel sufficient evidence has been presented to eliminate oversight as the most likely cause, and indifference for its persistence.
As well as the 'extra-legal' exposure. A stalker, for example, can't subpoena your cell company, but they can lift your phone and compromise your computer, to more effectively perv on you around town.
re: iTunesIsEvil, I've talked to some people, and apparently it is possible to pull that file off your phone via USB and the right application.
[e]Trivia: This is the first time I've wanted an iPhone (for testing)
[ed] @Arbitrary: so someone must get physical access to your phone, time alone with it to plug it into a computer, the "right application," and the phone's data needs to be unencrypted. This is something that I do not get. Once someone's got physical access to your shit, you're fucked. Period. End of story. They've got your keychain, they've got your app data, they've got your contacts, your email, your calendar, your AT&T/Verizon/whatever account information.
I just had a link. Damnit, where did it go... eh, editing it in when I find it.
edit: here's some code to parse Android's location caching.
fixed
The article says courts are split as to whether you need a warrant to pull logs off of an arrestee. Police are allowed to make a warrantless search incident to an arrest, but I believe it has to be relevant to the cause for arrest. If that is the case, searching the phone seems like it would be hard to justify.
Yes the government can search at border crossings, but they can search anything at border crossings. Of course, this is why carrying around this kind of data can be a problem.
Apples and math equations.
Stripping a car apart is done to look for concealed contraband. The car is then put back together, and you carry on your merry way.
Pulling a phone's data is a seizure of incredibly personal information, and there is no controls on what the government can do with that data. You don't get their copy of the data back.
There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.
And they often don't. The data is really only pulled when there's a suspicion of illegal activity. For instance a drug dealer (ie, the reason they'd strip your car apart in violation of the 4th amendment). I find it odd that they'd just tell you to give them your phone so they can pull data from it.
Making mountains out of mole hills and all.
More than likely they'd just use their ability to clone your hard-drive without a warrant to dump your OS's cache of wireless APs you've seen or connected to, feed those into skyhook and obtain a rough list of places you've been recently.
Or they could use the various network logs to find out old IP and DNS info to do the same thing.
Or...
Mostly I think the brouhaha over this illustrates that most people aren't aware of just how many different trails of this same roughly-location-revealing information they generate on their own devices every day.
If I don't seem worried about this particular cache, Feral, it's because if it went away tomorrow it still wouldn't even solve the "somebody fiddling with your device for 5 minutes" problem. At the end of the day electronic security always comes down to: once someone else has your device, you have no security. Your best bets are to either never let that happen or never have them in the first place. Anything else is fretting about the dead bolt of a house with no walls.
Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.
It's a bug in a critical low-level OS component having to do with caching results from cell tower contacts made by the cellular radio.
Do you honestly think that's just a 3 line fix? Even if it is 3 lines, you've still got code-review and commit sign off and you need to have a test plan and hand if off to the testing team to verify that your "simple 3 line fix" doesn't screw anything above this layer up, which means your 3 line change needed to be on a PM's schedule of bug priorities for this iteration of development because there's no way the test team lead is just going to carve off time for your pet fix unless someone above you and him carved it out ahead of time in a change-control meeting.
"Three line fixes" don't exist in these projects.
This is an enormous project covering really low-level functionality that a multi-billion dollar corporation relies on for a huge chunk of their revenue. There's no way they have uncontrolled change going on in low-level components like this. That means triage, prioritization, scheduling, meetings et al, and there's no way "there's some data that isn't getting trimmed that could be used potential to find out where someone has been, but if it goes away you could still do that almost exactly as easily, and it's breaking nothing" is beating most issues in those processes. 99.999% of people are going to look at it, know it's only one of dozens such information leaks with regards to location, and de-prioritize accordingly, because fixing it won't really fix the core concern and there hasn't been any noise about it prior to three days ago.
Now that there's a bunch of talking heads going on about it it's probably at the top of someone's docket.
In addition to it not being a severe-level bug that's blocking anything, there is a significant cost to that development and testing. Then there's the cost of serving the 666MB update to all those copies of iTunes. So Apple's probably thinking "what's costlier, lost sales of iPhones if this would lose us sales, or the cost of that development and testing and serving?" I know what my guess is...
[ed] Also, everything in Senj's post that mine didn't cover.
I'm impressed that Apple's development process is so rigorous that slipping in"DELETE FROM privacy_invasion_table WHERE date < DATESUB(TODAY(),1 DAY);" is a multi-year project but less impressed that it allows a massive storage leak like writing to a database but never deleting from it to slip through QA.
Seriously.
a) It's impossible to fix quickly! there are so many checks and barriers in a huge project like this!
b) what? It's not like everything is QA'd properly, we got deadlines!