Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?
There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.
Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.
It's a bug in a critical low-level OS component having to do with caching results from cell tower contacts made by the cellular radio.
Do you honestly think that's just a 3 line fix? Even if it is 3 lines, you've still got code-review and commit sign off and you need to have a test plan and hand if off to the testing team to verify that your "simple 3 line fix" doesn't screw anything above this layer up, which means your 3 line change needed to be on a PM's schedule of bug priorities for this iteration of development because there's no way the test team lead is just going to carve off time for your pet fix unless someone above you and him carved it out ahead of time in a change-control meeting.
I'm impressed that Apple's development process is so rigorous that slipping in"DELETE FROM privacy_invasion_table WHERE date < DATESUB(TODAY(),1 DAY);" is a multi-year project but less impressed that it allows a massive storage leak like writing to a database but never deleting from it to slip through QA.
Let's say each row is 512 bytes (it's not) and each day you talk to 100 towers (you don't).
If you went an entire year without updating your phone (atypical behaviour for the vast majority of iphone owners), at the end of the year this db has eaten a whopping 17 megs.
That's not a big-time concern. But yeah it is a (very slow) leak, because cache-invalidation failures are one of the richest and most common sources of bugs causing leaks.
Which again suggests that there's nothing malicious about this.
Seriously.
a) It's impossible to fix quickly! there are so many checks and barriers in a huge project like this!
b) what? It's not like everything is QA'd properly, we got deadlines!
You pick a subset of all the work you could do to try to get done in a fixed period of time, and you're lucky if you get 80% of that actually done and QA'd to an acceptable (let alone good) level on time. The lower-level the change, the higher the barrier you need to meet to convince anyone it's worth the effort, because the more testing is needed to validate that you just didn't break the world.
There's nothing contradictory or abnormal about any of this. It's the reality of modern software development.
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
If they were facing $5 liability per effected device we wouldn't. Data retention on a corporate scale is generally used because it has very low costs.
Void Slayer on
He's a shy overambitious dog-catcher on the wrong side of the law. She's an orphaned psychic mercenary with the power to bend men's minds. They fight crime!
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
I think you're overestimating the importance or value of this kind of data. I mean, people give this stuff away for free via 4sqare and whatever the facebook equivalent is.
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
I think you're overestimating the importance or value of this kind of data. I mean, people give this stuff away for free via 4sqare and whatever the facebook equivalent is.
No. Some people give this stuff away.
Facebook doesn't track my every movement unless I do the job for it.
This thread is just .... I mean, I know for years it's been obvious tons upon tons of people just give away their private information for shits and giggles. I've accepted that. I just never thought I'd see people arguing that "Hey, a bunch of people don't care so there's no reason to protect that information at all!".
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
I think you're overestimating the importance or value of this kind of data. I mean, people give this stuff away for free via 4sqare and whatever the facebook equivalent is.
No. Some people give this stuff away.
Facebook doesn't track my every movement unless I do the job for it.
This thread is just .... I mean, I know for years it's been obvious tons upon tons of people just give away their private information for shits and giggles. I've accepted that. I just never thought I'd see people arguing that "Hey, a bunch of people don't care so there's no reason to protect that information at all!".
Value is just the amount people are willing to buy or sell something for. The fact that many people are willing to give this information away (or more accurately trade it for very little) indicates that location information is not really worth much for many people. Any unique factors that make one's own location data more valuable to himself or another's location data valuable to someone are more likely to be exceptions than the norm.
I think it's been stated earlier, that if your cellphone or pc is compromised, this kind of data would probably be the least of your concerns.
Then perhaps the solution is to have HIPAA style laws governing retention of data like this. If Apple was facing liability of $25k per affected device, we wouldn't be having this conversation.
I think you're overestimating the importance or value of this kind of data. I mean, people give this stuff away for free via 4sqare and whatever the facebook equivalent is.
No. Some people give this stuff away.
Facebook doesn't track my every movement unless I do the job for it.
This thread is just .... I mean, I know for years it's been obvious tons upon tons of people just give away their private information for shits and giggles. I've accepted that. I just never thought I'd see people arguing that "Hey, a bunch of people don't care so there's no reason to protect that information at all!".
Value is just the amount people are willing to buy or sell something for. The fact that many people are willing to give this information away (or more accurately trade it for very little) indicates that location information is not really worth much for many people. Any unique factors that make one's own location data more valuable to himself or another's location data valuable to someone are more likely to be exceptions than the norm.
I think it's been stated earlier, that if your cellphone or pc is compromised, this kind of data would probably be the least of your concerns.
The thing is, is this data undervalued?
Yes, people give this information away, but there's a question of if they are doing so with the full knowledge of what doing so entails. And more and more, the evidence is piling up on the "no" side in my opinion. For example, people have been finding out that, to their surprise, photos they take with their smartphones can have location data embedded in the metadata - and that they could be tracked using that. I think a lot of the people should read the DC Circuit Court's ruling to require search warrants for GPS tracking devices - it discusses the ramifications of tracking data and what can be done with it.
In Alistair's defense, it probably is very likely it is ~3 lines of code. Though that doesn't detract from the "test shit before releasing it" that 3 lines turns into hundreds of hours of verification and testing.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I think it's been stated earlier, that if your cellphone or pc is compromised, this kind of data would probably be the least of your concerns.
I would have many concerns.
I would rather that list not include "a year or more of physical location logs."
If someone's got a warrant to seize your assets, they probably already seized the exact same logs from your vendor. I don't get what's different.
You're either worried about the popo getting them, which, if you were, you'd be worried about the company as a whole having them, which you're not. Or you're worried some random schmoe can get them, which they can't, unless you're dumb and A) lose your phone and didn't protect it or didn't encrypt your computer's personal settings/data/whathaveyou.
The second worry is probably an edge case with how often it happens.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me?
I could be wrong, but I'm pretty sure this is the inevitable and perhaps not-so-terrible future. Except, the way I'd state it is more like, "are you still clinging to that archaic, contrived concept known as 'privacy'? Then you have no place in future society."
Information doesn't scare me, so long as I can reasonably protect myself from its misuse. Privacy is just a sanctimonious proxy for security (among other things).
Lots of people smoke because the cancer doesn't really scare them. Does this mean I should be forced to smoke too?
I can't make heads or tails of this statement, it doesn't seem to pertain to anything I said.
Many of us seemed to have missed the original discussion. Isn't it possible that, if it did not receive sufficient media coverage, Apple may have simply decided that there were more pressing tasks for their developers?
It's funny that if it were Microsoft doing this, there would be no question in the Mac-heads' minds that it was nefarious.
True, I think if it were MS there would be riots. However, it being Apple, then I'll forgive them if they'll agree to let Angry Birds run on my 1G Touch. That can be the class-action settlement right there, and I'll call it even.
This whole thing is just beyond creepy to me. I can tell when I walked my dog and on what trail/beach. I do not like this, and I am supposed to be of the generation that does not care about online privacy.
No doubt this event is a little too ahead of its time and thus creepy, but otherwise yeah I think future generations will care less and less about privacy.
Apple today responded to several of the common questions it has recently received about the gathering and use of location information by its devices.
Apple also said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.
Apple today responded to several of the common questions it has recently received about the gathering and use of location information by its devices.
Apple also said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.
:^:
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
One interesting note omitted in that summary is that the cache wasn't actually a cache of cell towers you visited, it was a cache of cell towers anyone had come into contact with near you, and the timestamp represented when that tower's location had been first uploaded to Apple as a new tower for the location database. When you'd go into a new area your phone would grab some more locations for performing A-GPS calculations.
In other words, these tools that plotted your past movements were actually just plotting an essentially random walk of cell towers in areas you'd been in based on when some random person first came into contact with it.
Posts
Remind me to never spend any money on any software projects that you're involved in.
Let's say each row is 512 bytes (it's not) and each day you talk to 100 towers (you don't).
If you went an entire year without updating your phone (atypical behaviour for the vast majority of iphone owners), at the end of the year this db has eaten a whopping 17 megs.
That's not a big-time concern. But yeah it is a (very slow) leak, because cache-invalidation failures are one of the richest and most common sources of bugs causing leaks.
Which again suggests that there's nothing malicious about this.
Well apparently we're using SQLLite files for core kernel components so we may as well just slap in some SQL.
And this is all ignoring the fact that they used a props file previously so in shifting from iOs 3 to 4 they looked at an re-engineered this section.
I made a game, it has penguins in it. It's pay what you like on Gumroad.
Currently Ebaying Nothing at all but I might do in the future.
You pick a subset of all the work you could do to try to get done in a fixed period of time, and you're lucky if you get 80% of that actually done and QA'd to an acceptable (let alone good) level on time. The lower-level the change, the higher the barrier you need to meet to convince anyone it's worth the effort, because the more testing is needed to validate that you just didn't break the world.
There's nothing contradictory or abnormal about any of this. It's the reality of modern software development.
If they were facing $5 liability per effected device we wouldn't. Data retention on a corporate scale is generally used because it has very low costs.
I think you're overestimating the importance or value of this kind of data. I mean, people give this stuff away for free via 4sqare and whatever the facebook equivalent is.
No. Some people give this stuff away.
Facebook doesn't track my every movement unless I do the job for it.
This thread is just .... I mean, I know for years it's been obvious tons upon tons of people just give away their private information for shits and giggles. I've accepted that. I just never thought I'd see people arguing that "Hey, a bunch of people don't care so there's no reason to protect that information at all!".
Typical mainstream media science reporting, but scary shit, nonetheless.
Value is just the amount people are willing to buy or sell something for. The fact that many people are willing to give this information away (or more accurately trade it for very little) indicates that location information is not really worth much for many people. Any unique factors that make one's own location data more valuable to himself or another's location data valuable to someone are more likely to be exceptions than the norm.
I think it's been stated earlier, that if your cellphone or pc is compromised, this kind of data would probably be the least of your concerns.
The thing is, is this data undervalued?
Yes, people give this information away, but there's a question of if they are doing so with the full knowledge of what doing so entails. And more and more, the evidence is piling up on the "no" side in my opinion. For example, people have been finding out that, to their surprise, photos they take with their smartphones can have location data embedded in the metadata - and that they could be tracked using that. I think a lot of the people should read the DC Circuit Court's ruling to require search warrants for GPS tracking devices - it discusses the ramifications of tracking data and what can be done with it.
I would have many concerns.
I would rather that list not include "a year or more of physical location logs."
the "no true scotch man" fallacy.
If someone's got a warrant to seize your assets, they probably already seized the exact same logs from your vendor. I don't get what's different.
You're either worried about the popo getting them, which, if you were, you'd be worried about the company as a whole having them, which you're not. Or you're worried some random schmoe can get them, which they can't, unless you're dumb and A) lose your phone and didn't protect it or
The second worry is probably an edge case with how often it happens.
True, I think if it were MS there would be riots. However, it being Apple, then I'll forgive them if they'll agree to let Angry Birds run on my 1G Touch. That can be the class-action settlement right there, and I'll call it even.
No doubt this event is a little too ahead of its time and thus creepy, but otherwise yeah I think future generations will care less and less about privacy.
:^:
the "no true scotch man" fallacy.
In other words, these tools that plotted your past movements were actually just plotting an essentially random walk of cell towers in areas you'd been in based on when some random person first came into contact with it.
Stellar fact-checking all around, new media.