As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

iPhone and iPad logging detailed information about your whereabouts

13

Posts

  • SenjutsuSenjutsu thot enthusiast Registered User regular
    edited April 2011
    Senjutsu wrote: »
    I actually didn't mean it in jest. I think it's about equivalent in terms of severity and danger (as in, not very, and certainly not news-worthy). My home address is in the contacts app. My banking password is in 1password. Plane ticket receipts that indicate when I will be on vacation are in yojimbo. Persistent cookies that would let an attacker hijack my identity on a large number of sites are in the browser cache on both my phone and laptop.

    All of these are of far more concern to me than a list of old cell tower connections, were either device to be stolen.

    While I don't disagree that the vector for exploitation is narrow, and the intent is likely benign, all of your examples above are things that you chose to do. A person with greater preference for privacy could avoid all of these things, but not the location cache.

    I'd argue that in choosing to buy a cell phone with GPS capabilities, you've already opted in to this. Even hand-held GPS devices are going to of necessity do a lot of caching and previous location storage if they want to maintain any kind of reasonable battery life. It's just a fact of life with hand-held location-aware technologies. Which isn't to say that it wouldn't be nice if this cache were encrypted, but I'm not super concerned that it's not.

    The reality is that if you're a person with a large concern for personal privacy, you shouldn't buy a cell phone, full stop. Carrying one around means you've already ceded knowledge of where you are to your cell company, and if your phone is also using wifi AP triangulation (like iOS, Android, and I'd guess windows 7 and anything else with a wifi antenna) to Google or Skyhook or whomever is maintaining the AP-to-approximate location translation lists.

    The only thing that's changed here is that in addition to a number of companies having access to data on where you've been, that data is actually available to you in this case, too.

    Senjutsu on
  • SenjutsuSenjutsu thot enthusiast Registered User regular
    edited April 2011
    Android does this too, but it only keeps the last 50 entries for cell towers.

    info: https://github.com/packetlss/android-locdump

    Android source code from LocationCache:
    // Maximum time (in millis) that a record is valid for, before it needs
        // to be refreshed from the server.
        private static final long MAX_CELL_REFRESH_RECORD_AGE = 12 * 60 * 60 * 1000; // 12 hours
        private static final long MAX_WIFI_REFRESH_RECORD_AGE = 48 * 60 * 60 * 1000; // 48 hours
    
        // Cache sizes
        private static final int MAX_CELL_RECORDS = 50;
        private static final int MAX_WIFI_RECORDS = 200;
    

    So, I don't know. FYI. I still think it was a simple oversight on Apple's part.
    Yeah, Hanlon's razor almost certainly applies here: somebody forgot to flush this cache after N entries or X hours.

    Cache invalidation bugs are really common.

    Senjutsu on
  • JihadJesusJihadJesus Registered User regular
    edited April 2011
    Senjutsu wrote: »
    The reality is that if you're a person with a large concern for personal privacy, you shouldn't buy a cell phone, full stop. Carrying one around means you've already ceded knowledge of where you are to your cell company, and if your phone is also using wifi AP triangulation (like iOS, Android, and I'd guess windows 7 and anything else with a wifi antenna) to Google or Skyhook or whomever is maintaining the AP-to-approximate location translation lists.

    So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me? It's not unreasonable to expect that data collected be done so for a specific purpose, only if you opt into it, and protected well once it becomes necessary to keep it. That should be the baseline.

    JihadJesus on
  • YarYar Registered User regular
    edited April 2011
    JihadJesus wrote: »
    So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me?
    I could be wrong, but I'm pretty sure this is the inevitable and perhaps not-so-terrible future. Except, the way I'd state it is more like, "are you still clinging to that archaic, contrived concept known as 'privacy'? Then you have no place in future society."

    Information doesn't scare me, so long as I can reasonably protect myself from its misuse. Privacy is just a sanctimonious proxy for security (among other things).

    Yar on
  • RobmanRobman Registered User regular
    edited April 2011
    Yar wrote: »
    JihadJesus wrote: »
    So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me?
    I could be wrong, but I'm pretty sure this is the inevitable and perhaps not-so-terrible future. Except, the way I'd state it is more like, "are you still clinging to that archaic, contrived concept known as 'privacy'? Then you have no place in future society."

    Information doesn't scare me, so long as I can reasonably protect myself from its misuse. Privacy is just a sanctimonious proxy for security (among other things).

    Lots of people smoke because the cancer doesn't really scare them. Does this mean I should be forced to smoke too?

    Robman on
  • Alistair HuttonAlistair Hutton Dr EdinburghRegistered User regular
    edited April 2011
    Senjutsu wrote: »
    Android does this too, but it only keeps the last 50 entries for cell towers.

    info: https://github.com/packetlss/android-locdump

    Android source code from LocationCache:
    // Maximum time (in millis) that a record is valid for, before it needs
        // to be refreshed from the server.
        private static final long MAX_CELL_REFRESH_RECORD_AGE = 12 * 60 * 60 * 1000; // 12 hours
        private static final long MAX_WIFI_REFRESH_RECORD_AGE = 48 * 60 * 60 * 1000; // 48 hours
    
        // Cache sizes
        private static final int MAX_CELL_RECORDS = 50;
        private static final int MAX_WIFI_RECORDS = 200;
    

    So, I don't know. FYI. I still think it was a simple oversight on Apple's part.
    Yeah, Hanlon's razor almost certainly applies here: somebody forgot to flush this cache after N entries or X hours.

    Cache invalidation bugs are really common.

    Knowledge of this "bug" is old, it was being discussed last year the year of our lord 2010.

    If it's just a bug then why hasn't it been fixed long before now?

    Look, when Daring Fireball is asking questions of Apple and saying that Android is doing it right you know this is serious business.

    Alistair Hutton on
    I have a thoughtful and infrequently updated blog about games http://whatithinkaboutwhenithinkaboutgames.wordpress.com/

    I made a game, it has penguins in it. It's pay what you like on Gumroad.

    Currently Ebaying Nothing at all but I might do in the future.
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    Robman wrote: »
    Yar wrote: »
    JihadJesus wrote: »
    So basically if you aren't okay with having your privacy violated, get the hell out of modern society and just don't own a phone or PC? Are you kidding me?
    I could be wrong, but I'm pretty sure this is the inevitable and perhaps not-so-terrible future. Except, the way I'd state it is more like, "are you still clinging to that archaic, contrived concept known as 'privacy'? Then you have no place in future society."

    Information doesn't scare me, so long as I can reasonably protect myself from its misuse. Privacy is just a sanctimonious proxy for security (among other things).

    Lots of people smoke because the cancer doesn't really scare them. Does this mean I should be forced to smoke too?

    If you partake in lighting cigarettes and holding them with your lips, probably yeah.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited April 2011
    Senjutsu wrote: »
    Android does this too, but it only keeps the last 50 entries for cell towers.

    info: https://github.com/packetlss/android-locdump

    Android source code from LocationCache:
    // Maximum time (in millis) that a record is valid for, before it needs
        // to be refreshed from the server.
        private static final long MAX_CELL_REFRESH_RECORD_AGE = 12 * 60 * 60 * 1000; // 12 hours
        private static final long MAX_WIFI_REFRESH_RECORD_AGE = 48 * 60 * 60 * 1000; // 48 hours
    
        // Cache sizes
        private static final int MAX_CELL_RECORDS = 50;
        private static final int MAX_WIFI_RECORDS = 200;
    

    So, I don't know. FYI. I still think it was a simple oversight on Apple's part.
    Yeah, Hanlon's razor almost certainly applies here: somebody forgot to flush this cache after N entries or X hours.

    Cache invalidation bugs are really common.

    Knowledge of this "bug" is old, it was being discussed last year the year of our lord 2010.

    If it's just a bug then why hasn't it been fixed long before now?

    Look, when Daring Fireball is asking questions of Apple and saying that Android is doing it right you know this is serious business.

    Many of us seemed to have missed the original discussion. Isn't it possible that, if it did not receive sufficient media coverage, Apple may have simply decided that there were more pressing tasks for their developers?

    ArbitraryDescriptor on
  • ThanatosThanatos Registered User regular
    edited April 2011
    Interesting article about how Apple has known about this for over a year, and police have been using it.

    Fun fact: did you know that they don't even need a warrant to pull the logs off of your phone? And that they're allowed to do it automatically at US border crossings, even if there's no suspicion of wrongdoing?

    Thanatos on
  • ThanatosThanatos Registered User regular
    edited April 2011
    Many of us seemed to have missed the original discussion. Isn't it possible that, if it did not receive sufficient media coverage, Apple may have simply decided that there were more pressing tasks for their developers?
    It's funny that if it were Microsoft doing this, there would be no question in the Mac-heads' minds that it was nefarious.

    Thanatos on
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    Thanatos wrote: »
    Interesting article about how Apple has known about this for over a year, and police have been using it.

    Fun fact: did you know that they don't even need a warrant to pull the logs off of your phone? And that they're allowed to do it automatically at US border crossings, even if there's no suspicion of wrongdoing?

    One could argue that they don't need it because you could destroy evidence after your arrest. I agree but don't agree with this. Do I think this is bad? No. Do I think police should have access to it? Doubly no. Do I think they should need a warrant just like they do if they get it straight from the telco? Yes. Do I think there's anything else going on with this? No.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • BarcardiBarcardi All the Wizards Under A Rock: AfganistanRegistered User regular
    edited April 2011
    This whole thing is just beyond creepy to me. I can tell when I walked my dog and on what trail/beach. I do not like this, and I am supposed to be of the generation that does not care about online privacy.

    Barcardi on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited April 2011
    Senjutsu wrote: »
    All of these are of far more concern to me than a list of old cell tower connections, were either device to be stolen.

    ...


    Honestly, there are a huge number of caches in iOS, almost none of which are user-controllable, because Apple isn't in the business of making gargantuan Linuxesque monstrosity interfaces with reams of preferences controlling minutiae most users simply do not comprehend.

    Much of your position can be easily boiled down to: "It doesn't matter to me, therefore it shouldn't matter to anybody else."

    The brouhaha about this demonstrates that this is neither minutiae nor incomprehensible. I understand that you don't physically travel to places that you wouldn't necessarily want the entire world to know. But some people do.

    Privacy is contextual - the idea of "private" and "non-private" information is quickly becoming obsolete. The real question is who is privy to what information. (I don't mind if my girlfriend knows I went to Burning Man, but I don't want my boss to know that. I don't mind if my friends know that I crossed the border into Mexico on my trip to LA, but I don't want a police officer who stopped me for a broken tail-light on I-5 to know that. I might tell my divorce lawyer that I started cheating on my soon-to-be-ex-wife two weeks before divorce papers were filed, but I don't want her lawyer to know that.) So when you say, effectively, 'all this information is available in other contexts,' yes that is important to the conversation, but it is not the end of the conversation.

    Sure, my cell phone company already knows where I've been. But somebody picking up my phone and fiddling with it for five minutes shouldn't. (Similarly, my ISP knows which porn sites I visit, but I still clear my browser cache before my mother comes over.)
    Senjutsu wrote: »
    Additionally, there is the equivalent of private browsing here: put the phone in airplane mode. No cell towers are being contacted, and you're leaving no trail of such contacts.

    Inprivate browsing doesn't disable the fundamental function of the browser.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    Well feral, effectively someone fiddling with your phone for 5 minutes couldn't do it either. Or someone at your computer, unless you leave it unprotected.

    Unless you let people fiddling with your phone jailbreak them, and then download associated software. Or, they have specialized hardware/software worth a tens of thousands of dollars. Or they had a warrant.

    If someone was getting the information right then and there with no skills and using shit on the phone to do it? You're absolutely right.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • syndalissyndalis Getting Classy On the WallRegistered User, Loves Apple Products regular
    edited April 2011
    bowen wrote: »
    Well feral, effectively someone fiddling with your phone for 5 minutes couldn't do it either. Or someone at your computer, unless you leave it unprotected.

    Unless you let people fiddling with your phone jailbreak them, and then download associated software. Or, they have specialized hardware/software worth a tens of thousands of dollars. Or they had a warrant.

    If someone was getting the information right then and there with no skills and using shit on the phone to do it? You're absolutely right.

    a large number of people jailbreak their phones to skin them, or install better sms apps.

    A staggeringly large percentage of them do not change their root password.

    All of these phones are wide open to compromise by anyone with even a passing interest in collecting the data, and a laptop that can spoof as a free wifi access point.

    syndalis on
    SW-4158-3990-6116
    Let's play Mario Kart or something...
  • RobmanRobman Registered User regular
    edited April 2011
    bowen wrote: »
    Well feral, effectively someone fiddling with your phone for 5 minutes couldn't do it either. Or someone at your computer, unless you leave it unprotected.

    Unless you let people fiddling with your phone jailbreak them, and then download associated software. Or, they have specialized hardware/software worth a tens of thousands of dollars. Or they had a warrant.

    If someone was getting the information right then and there with no skills and using shit on the phone to do it? You're absolutely right.

    I kind of get the sense that the root of your argument is that anyone with good technical knowledge of my phone's OS should be able to find out where I've been for the entirety of my ownership of it... because if I've done nothing wrong, I have nothing to hide.

    EDIT let's stop mincing words here, taking this information from me without compensating me for it is motherfucking theft. Information is a valuable commodity, if someone wants to know how I move about Canada with my phone they'd better be providing me some compensation that we've mutually agreed to.

    Robman on
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    edited April 2011
    I'm still trying to make sure I've got the full story here.

    For the sqlite file to contain location information, your device must have location services turned on.

    For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.

    The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.

    For the file to be readable, you must NOT have encryption services enabled on the device.

    Is that correct, or have I missed important details?

    iTunesIsEvil on
  • RobmanRobman Registered User regular
    edited April 2011
    I'm still trying to make sure I've got the full story here.

    For the sqlite file to contain location information, your device must have location services turned on.

    For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.

    The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.

    Is that correct, or have I missed important details?

    The phone contains the full log at all times, and the device is actually much easier to hack then Apple would have you believe.

    Robman on
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    edited April 2011
    Robman wrote: »
    I'm still trying to make sure I've got the full story here.

    For the sqlite file to contain location information, your device must have location services turned on.

    For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.

    The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.

    Is that correct, or have I missed important details?

    The phone contains the full log at all times, and the device is actually much easier to hack then Apple would have you believe.
    Yes, we've established that the phone contains a log of approximate location data. Also, I was unaware that the device is extremely easy to hack. Do you have a link where I could read more?

    iTunesIsEvil on
  • AngelHedgieAngelHedgie Registered User regular
    edited April 2011
    I'm still trying to make sure I've got the full story here.

    For the sqlite file to contain location information, your device must have location services turned on.

    For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.

    The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.

    For the file to be readable, you must NOT have encryption services enabled on the device.

    Is that correct, or have I missed important details?

    The legal implications. Basically, by this data being on your phone/computer, it increases the legal exposure.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • CptHamiltonCptHamilton Registered User regular
    edited April 2011
    Feral wrote: »
    Senjutsu wrote: »
    Why cache that data? So that when location-aware applications are started by the user, you can fish a rough position fix out of the cache based on what cell towers the phone recently talked to, saving the user some battery life and speeding up a common operation performed by many popular applications.

    That's fine, then cache the last 24 hours.

    You made a comment in [chat] the other night comparing this to a browser cache. I know it was in jest, but I thought about exploring that comparison a little bit.

    If the phone had native tools to:

    1) Temporarily turn off location caching (analogous to InPrivate Browsing)
    2) Allow the user to view and delete the cache
    3) Allow the user to delete individual cache entries
    4) Allow the user to control how long the cache is kept

    ...and if these native tools were easy to use, in plain language, then I don't think this would be a problem.

    (Bonus points if the phone could be configured to clear the cache every time it's turned off.)

    The issue isn't just that this information is being stored, it's that the owner of the device isn't given (what I would consider to be) basic control over that storage.

    As someone who used the internet back in the early 90's when browsers were a new thing: none of those features existed. Every one of them came about long after browsers started keeping caches, cookies, histories, and logs, and they all came about because there was sufficient outcry from users for such things. I mean, the InPrivate thing is fairly new even in Internet Time.

    When browsers first hit the scene it apparently did not occur to Netscape or Microsoft that people would care that they were keeping a record of where you'd been or copies of everything you'd looked at. There was not, that I recall, even a button anywhere in the UI to clear those things. I had a piece of software back in the day that would go and clear out my cookies file and my cache once a day.

    Randomly discovering that a company is non-maliciously logging things that make the public gasp and cry out in shock because it didn't occur to anyone that it was going to be a problem is not exactly new to the computer world. It's happened before and I guarantee you that it will happen again.

    CptHamilton on
    PSN,Steam,Live | CptHamiltonian
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited April 2011
    For the sqlite file to contain location information, your device must have location services turned on.

    My understanding is the opposite: it contains cell tower triangulation data regardless of your location-services settings.

    CptHamilton: Sure. I'm not arguing that this is malicious or criminally negligible or morally horrendous or anything like that. I'm just saying: the problem has been identified, now Apple needs to remediate it. I feel that the precedent you're describing only reinforces my argument.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited April 2011
    Thanatos wrote: »
    Many of us seemed to have missed the original discussion. Isn't it possible that, if it did not receive sufficient media coverage, Apple may have simply decided that there were more pressing tasks for their developers?
    It's funny that if it were Microsoft doing this, there would be no question in the Mac-heads' minds that it was nefarious.

    I have nothing but contempt for Apple, but as I cannot boycott their products any further, I see no point in preemptively getting all worked up over their suspected motives here. If you give me a reason to suspect them (like that article, which is troubling on a couple levels), I'll take it at face value. I don't feel sufficient evidence has been presented to eliminate oversight as the most likely cause, and indifference for its persistence.

    ArbitraryDescriptor on
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited April 2011
    I'm still trying to make sure I've got the full story here.

    For the sqlite file to contain location information, your device must have location services turned on.

    For the file to be accessible, your device must be backed up to your computer, and someone must have physical access to your computer and/or your user folder. Alternately, your device must be jailbroken and someone must be able to gain root-level SSH access to the device.

    The information in the file never leaves your device except to be backed up to your computer, and is only used by applications as a rough starting-point when they've received your explicit approval.

    For the file to be readable, you must NOT have encryption services enabled on the device.

    Is that correct, or have I missed important details?

    The legal implications. Basically, by this data being on your phone/computer, it increases the legal exposure.

    As well as the 'extra-legal' exposure. A stalker, for example, can't subpoena your cell company, but they can lift your phone and compromise your computer, to more effectively perv on you around town.

    re: iTunesIsEvil, I've talked to some people, and apparently it is possible to pull that file off your phone via USB and the right application.

    [e]Trivia: This is the first time I've wanted an iPhone (for testing)

    ArbitraryDescriptor on
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    edited April 2011
    Feral wrote: »
    For the sqlite file to contain location information, your device must have location services turned on.

    My understanding is the opposite: it contains cell tower triangulation data regardless of your location-services settings.
    I'd really like to see clarification on this. I've been trying to read most of the news about this (including the write-up by the guy who originally found this and put it in that iOS forensics book) and don't recall reading that the phone collects location data even if that setting is disabled. Most of what I've read indicates that the phone is not collecting data if that setting is turned off.

    [ed] @Arbitrary: so someone must get physical access to your phone, time alone with it to plug it into a computer, the "right application," and the phone's data needs to be unencrypted. This is something that I do not get. Once someone's got physical access to your shit, you're fucked. Period. End of story. They've got your keychain, they've got your app data, they've got your contacts, your email, your calendar, your AT&T/Verizon/whatever account information.

    iTunesIsEvil on
  • EchoEcho ski-bap ba-dapModerator mod
    edited April 2011
    Turns out (some) Android phones store location data as well, but not for posterity like iOS does.

    I just had a link. Damnit, where did it go... eh, editing it in when I find it.

    edit: here's some code to parse Android's location caching.

    Echo on
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited April 2011
    Try page 4

    ArbitraryDescriptor on
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    AD you tell me how to do it without using iTunes to sync or jailbreaking my phone and I'll test it for you.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • oldsakoldsak Registered User regular
    edited April 2011
    Thanatos wrote: »
    Interesting article about how Apple has known about this for over a year, and police have been using it.

    Fun fact: did you know that they don't even need a warrant to pull the logs off of your phone if it's on your person when you're arrested? And that they're allowed to do it automatically at US border crossings, even if there's no suspicion of wrongdoing?

    fixed

    The article says courts are split as to whether you need a warrant to pull logs off of an arrestee. Police are allowed to make a warrantless search incident to an arrest, but I believe it has to be relevant to the cause for arrest. If that is the case, searching the phone seems like it would be hard to justify.

    Yes the government can search at border crossings, but they can search anything at border crossings. Of course, this is why carrying around this kind of data can be a problem.

    oldsak on
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    They can also strip your car to pieces if they wanted to.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • RobmanRobman Registered User regular
    edited April 2011
    bowen wrote: »
    They can also strip your car to pieces if they wanted to.

    Apples and math equations.

    Stripping a car apart is done to look for concealed contraband. The car is then put back together, and you carry on your merry way.

    Pulling a phone's data is a seizure of incredibly personal information, and there is no controls on what the government can do with that data. You don't get their copy of the data back.

    Robman on
  • SenjutsuSenjutsu thot enthusiast Registered User regular
    edited April 2011
    Senjutsu wrote: »
    Android does this too, but it only keeps the last 50 entries for cell towers.

    info: https://github.com/packetlss/android-locdump

    Android source code from LocationCache:
    // Maximum time (in millis) that a record is valid for, before it needs
        // to be refreshed from the server.
        private static final long MAX_CELL_REFRESH_RECORD_AGE = 12 * 60 * 60 * 1000; // 12 hours
        private static final long MAX_WIFI_REFRESH_RECORD_AGE = 48 * 60 * 60 * 1000; // 48 hours
    
        // Cache sizes
        private static final int MAX_CELL_RECORDS = 50;
        private static final int MAX_WIFI_RECORDS = 200;
    

    So, I don't know. FYI. I still think it was a simple oversight on Apple's part.
    Yeah, Hanlon's razor almost certainly applies here: somebody forgot to flush this cache after N entries or X hours.

    Cache invalidation bugs are really common.

    Knowledge of this "bug" is old, it was being discussed last year the year of our lord 2010.

    If it's just a bug then why hasn't it been fixed long before now?

    Look, when Daring Fireball is asking questions of Apple and saying that Android is doing it right you know this is serious business.
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Senjutsu on
  • oldsakoldsak Registered User regular
    edited April 2011
    I think his point is more "the government can do whatever they want at the border" and less car = phone analogy

    oldsak on
  • bowenbowen How you doin'? Registered User regular
    edited April 2011
    oldsak wrote: »
    I think his point is more "the government can do whatever they want at the border" and less car = phone analogy

    And they often don't. The data is really only pulled when there's a suspicion of illegal activity. For instance a drug dealer (ie, the reason they'd strip your car apart in violation of the 4th amendment). I find it odd that they'd just tell you to give them your phone so they can pull data from it.

    Making mountains out of mole hills and all.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SenjutsuSenjutsu thot enthusiast Registered User regular
    edited April 2011
    bowen wrote: »
    oldsak wrote: »
    I think his point is more "the government can do whatever they want at the border" and less car = phone analogy

    And they often don't. The data is really only pulled when there's a suspicion of illegal activity. For instance a drug dealer (ie, the reason they'd strip your car apart in violation of the 4th amendment). I find it odd that they'd just tell you to give them your phone so they can pull data from it.

    Making mountains out of mole hills and all.

    More than likely they'd just use their ability to clone your hard-drive without a warrant to dump your OS's cache of wireless APs you've seen or connected to, feed those into skyhook and obtain a rough list of places you've been recently.

    Or they could use the various network logs to find out old IP and DNS info to do the same thing.

    Or...

    Mostly I think the brouhaha over this illustrates that most people aren't aware of just how many different trails of this same roughly-location-revealing information they generate on their own devices every day.

    If I don't seem worried about this particular cache, Feral, it's because if it went away tomorrow it still wouldn't even solve the "somebody fiddling with your device for 5 minutes" problem. At the end of the day electronic security always comes down to: once someone else has your device, you have no security. Your best bets are to either never let that happen or never have them in the first place. Anything else is fretting about the dead bolt of a house with no walls.

    Senjutsu on
  • Alistair HuttonAlistair Hutton Dr EdinburghRegistered User regular
    edited April 2011
    Senjutsu wrote: »
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.

    Alistair Hutton on
    I have a thoughtful and infrequently updated blog about games http://whatithinkaboutwhenithinkaboutgames.wordpress.com/

    I made a game, it has penguins in it. It's pay what you like on Gumroad.

    Currently Ebaying Nothing at all but I might do in the future.
  • SenjutsuSenjutsu thot enthusiast Registered User regular
    edited April 2011
    Senjutsu wrote: »
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.

    It's a bug in a critical low-level OS component having to do with caching results from cell tower contacts made by the cellular radio.

    Do you honestly think that's just a 3 line fix? Even if it is 3 lines, you've still got code-review and commit sign off and you need to have a test plan and hand if off to the testing team to verify that your "simple 3 line fix" doesn't screw anything above this layer up, which means your 3 line change needed to be on a PM's schedule of bug priorities for this iteration of development because there's no way the test team lead is just going to carve off time for your pet fix unless someone above you and him carved it out ahead of time in a change-control meeting.

    "Three line fixes" don't exist in these projects.

    This is an enormous project covering really low-level functionality that a multi-billion dollar corporation relies on for a huge chunk of their revenue. There's no way they have uncontrolled change going on in low-level components like this. That means triage, prioritization, scheduling, meetings et al, and there's no way "there's some data that isn't getting trimmed that could be used potential to find out where someone has been, but if it goes away you could still do that almost exactly as easily, and it's breaking nothing" is beating most issues in those processes. 99.999% of people are going to look at it, know it's only one of dozens such information leaks with regards to location, and de-prioritize accordingly, because fixing it won't really fix the core concern and there hasn't been any noise about it prior to three days ago.

    Now that there's a bunch of talking heads going on about it it's probably at the top of someone's docket.

    Senjutsu on
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    edited April 2011
    Senjutsu wrote: »
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.
    I really, really doubt you're familiar enough with the iOS source to make that guess. In addition, the bug isn't breaking anything, and has been old news for a while and no one's freaked until now for some odd reason. So they've got a bug that's not creating stability issues in a device that people rely on daily. A device that they've sold about 100 million of. Pushing an update like that, that modifies the way that location data is managed and stored, and that's a big feature of the phone that A LOT of software uses, to that many devices is a BFD. You don't just go "well, I'll patch that and ship somethin' out on Tuesday, m'kay Bob?"

    In addition to it not being a severe-level bug that's blocking anything, there is a significant cost to that development and testing. Then there's the cost of serving the 666MB update to all those copies of iTunes. So Apple's probably thinking "what's costlier, lost sales of iPhones if this would lose us sales, or the cost of that development and testing and serving?" I know what my guess is...

    [ed] Also, everything in Senj's post that mine didn't cover.

    iTunesIsEvil on
  • Alistair HuttonAlistair Hutton Dr EdinburghRegistered User regular
    edited April 2011
    Senjutsu wrote: »
    Senjutsu wrote: »
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.

    It's a bug in a critical low-level OS component having to do with caching results from cell tower contacts made by the cellular radio.

    Do you honestly think that's just a 3 line fix? Even if it is 3 lines, you've still got code-review and commit sign off and you need to have a test plan and hand if off to the testing team to verify that your "simple 3 line fix" doesn't screw anything above this layer up, which means your 3 line change needed to be on a PM's schedule of bug priorities for this iteration of development because there's no way the test team lead is just going to carve off time for your pet fix unless someone above you and him carved it out ahead of time in a change-control meeting.

    I'm impressed that Apple's development process is so rigorous that slipping in"DELETE FROM privacy_invasion_table WHERE date < DATESUB(TODAY(),1 DAY);" is a multi-year project but less impressed that it allows a massive storage leak like writing to a database but never deleting from it to slip through QA.

    Alistair Hutton on
    I have a thoughtful and infrequently updated blog about games http://whatithinkaboutwhenithinkaboutgames.wordpress.com/

    I made a game, it has penguins in it. It's pay what you like on Gumroad.

    Currently Ebaying Nothing at all but I might do in the future.
  • AridholAridhol Daddliest Catch Registered User regular
    edited April 2011
    Senjutsu wrote: »
    Senjutsu wrote: »
    Because it's the nature of software development that bugs that aren't breaking anything for anyone and aren't getting any attention are at the absolute bottom of the triage pile of old bugs, new feature work, new bugs from new feature work, optimizations, testing, and all other work that goes into shipping software?

    There have been known bugs that have sat around for decades because no one cared enough to prioritize them over everything else. One that survived for 365 whole days is not exactly evidence of malace.

    Seriously, it's the work to like 3 lines of code to kill old location entries. I patched 3 things more difficult and obscure than that yesterday. Apple haven't. It shows a scandalous disregard of their customers' privacy.

    It's a bug in a critical low-level OS component having to do with caching results from cell tower contacts made by the cellular radio.

    Do you honestly think that's just a 3 line fix? Even if it is 3 lines, you've still got code-review and commit sign off and you need to have a test plan and hand if off to the testing team to verify that your "simple 3 line fix" doesn't screw anything above this layer up, which means your 3 line change needed to be on a PM's schedule of bug priorities for this iteration of development because there's no way the test team lead is just going to carve off time for your pet fix unless someone above you and him carved it out ahead of time in a change-control meeting.

    I'm impressed that Apple's development process is so rigorous that slipping in"DELETE FROM privacy_invasion_table WHERE date < DATESUB(TODAY(),1 DAY);" is a multi-year project but less impressed that it allows a massive storage leak like writing to a database but never deleting from it to slip through QA.


    Seriously.
    a) It's impossible to fix quickly! there are so many checks and barriers in a huge project like this!
    b) what? It's not like everything is QA'd properly, we got deadlines!

    Aridhol on
Sign In or Register to comment.