Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Updating iOS To Address Privacy Concerns

CmdrTaco posted more than 3 years ago | from the hype-of-the-month dept.

IOS 318

wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."

cancel ×

318 comments

hmm.. (3, Insightful)

amalek (615708) | more than 3 years ago | (#35952442)

It's been a long week of high-profile fuck-ups.

Re:hmm.. (4, Funny)

Anonymous Coward | more than 3 years ago | (#35952818)

It's about time the US started another war to distract people.

Re:hmm.. (0)

tripleevenfall (1990004) | more than 3 years ago | (#35952874)

No kidding, starting wars, economy in the toilet, gas prices skyrocketing we either need a distraction or a new President.

(what? we just got a new one a couple years ago?)

Bug? (2)

recoiledsnake (879048) | more than 3 years ago | (#35952454)

Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case. It seems to be a design decision to cache locations to speed up look ups the next time, so would've been considered a feature. Not encrypting the data, on the other hand, seems to be a genuine oversight. But no wonder they want to call everything a bug, what with the government breathing down their neck with Congressional hearings.

Re:Bug? (5, Insightful)

mangino (1588) | more than 3 years ago | (#35952596)

Almost all bugs would be caught by a single testcase if you thought about writing it. Most often the problem is that nobody concerned the scenario and though to write a testcase. While it could be mailicious, it could also be just an accident.

Seems like a bug (4, Interesting)

SuperKendall (25149) | more than 3 years ago | (#35952608)

Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case.

You only put tests in for problems you think of. Deleting the log file altogether when you turn off location services, is a problem they simply didn't think about. If you think about it the guys writing that part of the code probably assumed that since the file was cached it would be truncated so leaving it around wouldn't matter...

The rest of the time you aren't deleting the file, instead you are periodically truncating it - something beyond a single test case, and requiring a long period of time to elapse. That part seems also like it could easily be oversight.

To my mind they probably just thought keeping a record of cell towers was not a big deal, because it was not an exact location log... although just from a performance aspect you'd think they would not want that file growing too large.

Re:Bug? (1, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35952662)

I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...

Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.

Re:Bug? (0)

intheshelter (906917) | more than 3 years ago | (#35953266)

Yeah, except you don't know WTF you're talking about. The file is NOT sent back to Apple.

Re:Bug? (0)

Anonymous Coward | more than 3 years ago | (#35953336)

It never sent that data back to Apple.

Never sent to Apple though (1)

SuperKendall (25149) | more than 3 years ago | (#35953396)

...orm back to Apple...

Just one problem with the tinfoil on your hat there - no-one is claiming that Apple was ever sent this file.

The issue is that someone might collect that data if they got to your phone or the backup. But not Apple.

Re:Bug? (4, Insightful)

SvnLyrBrto (62138) | more than 3 years ago | (#35952706)

Not necessarily a bug... it could have been a simple oversight. Just look at everything that's in /var/log on a vanilla UNIX/Linux installation. Unless you go in to your configurations and specifically dial things down, there's quite a lot in there that some nefarious party could exploit to get a very good idea of what you're doing on that box.

Re:Bug? (4, Interesting)

IAmGarethAdams (990037) | more than 3 years ago | (#35952716)

As Phil Karlton once said [simonwillison.net]

There are only two hard things in Computer Science: cache invalidation and naming things

Re:Bug? (4, Funny)

Spykk (823586) | more than 3 years ago | (#35953064)

Invalidating the cache is easy. Just call m_cacheThisIsTheLocationBasedCacheThatSpeedsThingsUp.MakeThisCacheSoThatItIsNotValidAnymore(); Naming things on the other hand...

Re:Bug? (1)

kdogg73 (771674) | more than 3 years ago | (#35953262)

Wasn't a design flaw in software once called a "turkey"?

Re:Bug? (1)

blueg3 (192743) | more than 3 years ago | (#35953370)

Not encrypting the data, on the other hand, seems to be a genuine oversight.

To what end? In order to make use of the data, the encryption key would have to be stored on the phone.

nice (2, Insightful)

calderra (1034658) | more than 3 years ago | (#35952480)

Apple: We never did anything wrong, but pardon us while we fix it anyway.

Re:nice (0)

Anonymous Coward | more than 3 years ago | (#35952702)

Apple: We never did anything wrong, but pardon us while we fix it anyway.

If fixing a bug is an admission of wrongdoing, the average Slashdotter has some penitence coming.

Re:nice (5, Insightful)

jessecurry (820286) | more than 3 years ago | (#35952710)

Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll take steps to make sure that our implementation is in-line with what our customers desire.

Re:nice (1)

Anonymous Coward | more than 3 years ago | (#35952814)

Thanks for pointing that out. The concept of "Making changes means you admit guilt!" whether in law or culture is a dysfunctional and stifling cul-de-sac.

Re:nice (-1)

Anonymous Coward | more than 3 years ago | (#35952924)

You: I am an Apple apologist who would suck Steve Jobs' cancerous dick if it meant getting an iPad 2.

Re:nice (-1, Offtopic)

tclgeek (587784) | more than 3 years ago | (#35953162)

Fear not! Once you get out of your teens you'll find you have much less desire to expose your ignorance and lack of eloquence. It's just a phase you're going through.

Re:nice (-1, Offtopic)

intheshelter (906917) | more than 3 years ago | (#35953292)

Leave him alone. He's trying to be cool by ripping on Apple. It's all the rage nowadays.

Re:nice (1)

Crudely_Indecent (739699) | more than 3 years ago | (#35953232)

Maybe a little more like this...

Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll begin encrypting the information so our customers have no idea what we are doing or what data we are storing. Maybe then they will go back to sleep until it's time to pony up for the next version of hardware.

Good...? (1)

tripleevenfall (1990004) | more than 3 years ago | (#35952482)

Well, this seems like a good response but I think we still saw here that data collection practices for consumers are going in a negative direction.

Overall, this has taught me to simply leave location services off, because the data is being stored on the phone and potentially could be available for data farming in the future.

Re:Good...? (2)

gabebear (251933) | more than 3 years ago | (#35952508)

Turning location services off doesn't make it any harder for someone to track your phone... it just makes it harder for you to find your location.

Re:Good...? (1)

tripleevenfall (1990004) | more than 3 years ago | (#35952528)

How so, if it deletes the cache entirely when you turn it off, as TFS seems to indicate?

Re:Good...? (2)

Necroman (61604) | more than 3 years ago | (#35952626)

location data isn't currently deleted when location services are disabled. That's a coming feature.

Re:Good...? (5, Insightful)

SvnLyrBrto (62138) | more than 3 years ago | (#35952650)

How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

Re:Good...? (0)

Anonymous Coward | more than 3 years ago | (#35952798)

Well, it was/is possible that if some nefarious third party stole/found your phone, they could get the data off the device and then see where you had been (sort of). But yes, this is Slashdot: Making Mountains Out of Molehills Since 1997

Re:Good...? (2)

machxor (1226486) | more than 3 years ago | (#35952888)

How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...

Re:Good...? (3, Insightful)

gutnor (872759) | more than 3 years ago | (#35953356)

Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...

If you are worried about those that do not posses legal method to access that data - you should really encrypt your data. The log can only be accessed from you home computer or you mobile phone directly (after hacking it) - if somebody you don't like has unrestricted/uncontrolled access to any of those, there is a lot more stuff you need to be worried about.

There is of course the Private Investigator case hired by your wife that could be borderline possible. In real life, that would be far easier for the PI to stick a GPS tracker under your car and that would give him more precise, more discreet data collection service.

Re:Good...? (1)

neoform (551705) | more than 3 years ago | (#35953346)

>This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

I'm fairly certain all the people up in arms about this are not iphone users.

Re:Good...? (2)

erroneus (253617) | more than 3 years ago | (#35952730)

It does make it harder for someone to know where you have BEEN though. It's not about tracking the phone "now" as much as where it has been. Such data could be used by law enforcement or jealous spouses as evidence against you. It could also be used by a stalker. And while I haven't given it much thought, I am quite certain there are dozens of other possible uses of this data that would not be good.

Re:Good...? (1)

Crudely_Indecent (739699) | more than 3 years ago | (#35953348)

Knowing a history of where you've been is key to determining where you might be going in the future.

I had to tell one of my daughters to turn off the GPS location update on her pedometer app because she was posting her jogging path/times on facebook. She didn't know the feature was turned on, and scrambled to delete the details from her facebook account. I didn't need to explain the dangers to her, but I'll explain it here.

With knowledge of her jogging path and the approximate times she normally runs, kidnapping (or worse) couldn't be easier.

Re:Good...? (1)

blueg3 (192743) | more than 3 years ago | (#35953394)

If your stalker has physical access to your phone, you're in a lot of trouble, regardless of Apple's policy and implementation of Location Services on the iPhone.

Glad this is over (1, Insightful)

gabebear (251933) | more than 3 years ago | (#35952486)

I'm an iOS developer and am glad this is finally over. I wasn't worried about the security ascpect; I was tired of getting stupid alarmist questions about it.

Re:Glad this is over (2, Insightful)

geekoid (135745) | more than 3 years ago | (#35952766)

Alarmist? no, not really.

Look around the world. In a lot of areas, people are rising up against oppressive governments. In these situation, people are being found by the government based on cell phone location. Imagine what happens when a 'dissenter' gets caught and his phones also has the location of where he has been?
That isn't some hypothetical, it stuff that is actually happening. Right now. It may not be happening where you live, but the world is bigger then you.

So, no not alarmist, reasonable.

Re:Glad this is over (4, Insightful)

Anonymous Coward | more than 3 years ago | (#35953012)

Um, are you one of those people rising up against oppressive governments? How about the people bringing a class action lawsuit? How about the many blogs screaming about it? No?

Can this data be used in real-time? No. Can it locate you precisely? No. Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

Hmmm... I think "alarmist" is an accurate description.

Re:Glad this is over (0)

intheshelter (906917) | more than 3 years ago | (#35953330)

Normally I can't stand posts who start with "ummm" or "hmmmm", but at least you redeemed yourself by pointing out geekoid's hyperbole and bullshit.

Re:Glad this is over (2)

Americano (920576) | more than 3 years ago | (#35953124)

This data is NOT "tracking the phone's location". It is only enough to show you that "this phone was somewhere inside ~100 miles of a given location."

If you're being executed or imprisoned because "your phone says you were within 100 miles of Tahrir Square on a day that protests against the Egyptian government occurred," then they're simply looking for an "official" reason to put on your execution / imprisonment paperwork. Of course, all of this "The iPhone, it TRACKZ JOO" hysteria simply gives people looking to "disappear" a few political opponents another way of documenting someone's "guilt".

If you're concerned about oppressive governments misusing the data, you wouldn't give them the crutch of saying "It's tracking the phone," and thus lending credibility to a flimsy justification for throwing someone in prison. You'd be very clearly and very strongly stating that that data on the phone has nothing to do with the precise location of the phone, and only provides the most general (regional) indication of the location of the phone at any given point in time. Because, you know, that's actually what it does - not indicate precise-to-the-centimeter location information for the phone.

Re:Glad this is over (2)

ediron2 (246908) | more than 3 years ago | (#35953196)

yeah, really it is alarmist. Your location is tracked constantly due to cellphone-to-tower chatter. IOW, if your signal-strength meter is working, The Man knows where you are.

Security Theater -- no longer limited to airports, courthouses and queues.

Re:Glad this is over (0)

Anonymous Coward | more than 3 years ago | (#35953226)

They still have this data. They had it all along. Before the iPhone even. You don't even need a smart phone. All cell phones have a unique identifier. This identifier is communicated to every cell tower your phone handshakes with. The logs of those cell tower's are retained and available to any government.

All this hoopla has been over a file only accessible on your device by your equipment. They don't need this file, the cell companies have their own.

Re:Glad this is over (2)

Americano (920576) | more than 3 years ago | (#35952820)

Oh, it's not over - where Apple is concerned, it's never over here on Slashdot.

But it's Apple (-1)

Anonymous Coward | more than 3 years ago | (#35952490)

The standard slashdot Apple haters will still find something wrong with this, or the more logical ones realizing it is fixed will still hold the fact it ever happened to need fixed as a current problem.

No need to read further

Re:But it's Apple (0)

Anonymous Coward | more than 3 years ago | (#35952542)

fact it ever happened to need fixed as a current problem

Fix your garbage English, it makes your post unintelligible; "need to be fixed" or "need fixing" would be acceptable, but your meaning is still unclear.

Re:But it's Apple (0)

Anonymous Coward | more than 3 years ago | (#35952708)

maybe he's from Pittsburgh they talk that way. It is garbage though.

Timestamps (1, Insightful)

Kuukai (865890) | more than 3 years ago | (#35952496)

What about the timestamps? Why does a "crowd-sourced Wi-Fi hotspot and cell tower database" still need timestamps?

Re:Timestamps (1)

Anonymous Coward | more than 3 years ago | (#35952522)

Because you need to know if the data is up to date.

Re:Timestamps (1)

Imagix (695350) | more than 3 years ago | (#35952530)

So one can expire out old entries? Or use it as some part of a confidence measure that the wifi spot still exists? Cell towers don't move (or disappear) as often.

Re:Timestamps (2)

Kuukai (865890) | more than 3 years ago | (#35952602)

Do you need the minute for that? Isn't the month or week good enough? Would take up less space, too.

Re:Timestamps (1)

geekoid (135745) | more than 3 years ago | (#35952780)

Maybe not, but he developer is just grabbing the time stamp as is.

As far as less space, it's really not a concern.

Re:Timestamps (1)

erroneus (253617) | more than 3 years ago | (#35952834)

In this case, it is quite easy to imagine that this was merely an oversight on Apple's part.

Log files are useful forensic data. All log files have time stamps, otherwise they would be less useful. And when making a log file, date/time information is standard data to include.

Why is this easy to accept as an oversight on Apple's part? Well, as a person with a programming background, I can't imagine writing a log file any other way. But not being 110% security conscious is not the same thing as "tracking users."

I too was on the band-wagon of Apple bashers on this topic. In a way, I still am -- I think all information tracking should be handled carefully and this is an instance where it wasn't. But to presume more beyond not cleaning log files is too much at the moment. (Still, was there evidence that this log file was ever pruned or rotated in any way? After all, what would happen if this guy was a taxi driver or a world traveller? Wouldn't there be potential for his iProduct to run out of space and crash?) In any case, additional thought on the subject has yielded a much more rational view.

Yes you need that level of accuracy (1)

SuperKendall (25149) | more than 3 years ago | (#35953092)

Do you need the minute for that? Isn't the month or week good enough?

If you are driving down the highway you change locations quite a lot in a minute. Knowing a rough rate of travel because of locations of previous data collected over time, you could easily see the iPhone not trusting data even a minute old if it could extrapolate you were recently traveling at high speeds from the other data - or it might tweak location results to give you a location centered around where it thought you might be.

In fact I don't know if minute tracking is good enough, I would have recorded it to the second...

Re:Timestamps (2)

Americano (920576) | more than 3 years ago | (#35952578)

... so that it can tell which particular towers & wi-fi hotspots you've seen most recently?

The point of the database is to help the iPhone determine its own location more quickly. Having a list of a thousand map coordinates that the iPhone has seen "in the last year, sometime," does very little to facilitate that unless the iPhone can also know which ones it has been in range of recently.

Re:Timestamps (0)

Kuukai (865890) | more than 3 years ago | (#35952660)

So you need the exact time and not, say, the day or week?

Re:Timestamps (1)

Anonymous Coward | more than 3 years ago | (#35952774)

Yes

Re:Timestamps (1)

Americano (920576) | more than 3 years ago | (#35952906)

Well, how about the fact that people often travel more than a few hundred yards in a single day or a single week?

Maybe you're a shut-in, I don't know. But I am pretty sure that people who travel frequently wouldn't appreciate the "excellent location services" that could be offered by an iPhone that always thinks you're in the same place you were yesterday, or last week, and takes a few minutes to locate you every time you move more than a few miles. Seems to sort of defeat the purpose of having a cache in the first place, no? If you're going to do that, might as well just kill the "assisted" part of aGPS and just force the phone to use GPS-only, all the time, no matter how long it takes.

Re:Timestamps (1)

Kuukai (865890) | more than 3 years ago | (#35953106)

Ok, just pretending that's true, do you need the exact time a month ago? Can't there be a fade-out or something? Yes this is more work, but apparently it takes more work to make a cache not be a log. If you indiscriminately record all information, that would be a gross breach of privacy, regardless of how inconvenient it would be for the programmers to do something else. This is an example of the same kind of thing. The information can be used to track a user. That's something Apple is expected to avoid, if possible. It's possible. Hence outrage.

Re:Timestamps (1)

Americano (920576) | more than 3 years ago | (#35953288)

Your initial question was why they needed timestamps to at all. That question has been answered.

If you want to go read the article and see how Apple plans to address your other concerns about the long-term retention of this data now, I'd certainly encourage that.

Fail (4, Insightful)

magamiako1 (1026318) | more than 3 years ago | (#35952498)

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

Sigh...

Re:Fail (1, Insightful)

Kuukai (865890) | more than 3 years ago | (#35952558)

Wouldn't it take less battery power to write less information? I don't think the original timestamped truckload of information was exactly lean. Saving power doesn't seem like it was a goal...

Re:Fail (3, Interesting)

geekoid (135745) | more than 3 years ago | (#35952800)

No, more probably.

The time stamp is a function call. Now you want to do the function call AND then strip out information. That would take more power.
Not that it would even be measurable.

*Under the hood, when you pass options to only return a subset of the time stamp, it gets it all, then truncates the information.

Re:Fail (0)

Anonymous Coward | more than 3 years ago | (#35952748)

...also encrypting is only good if the owner of the device is the only one with the encryption key to decrypt it.
  Giving APPLE the ONLY keys to your house is not really securing your house.

my 2c.

Re:Fail (2)

vlm (69642) | more than 3 years ago | (#35952792)

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

The worst part is the encrypted data will almost certainly have a universal "law enforcement" backdoor, or just the same key for all devices which happens to be shared with law enforcement and the underworld in general. Once that leaks, its wide open to everyone but the owners.

Re:Fail (1)

Anonymous Coward | more than 3 years ago | (#35952944)

Phone company already has that information and it doesn't matter if you turn off location services. Realistically that's the first place someone with a warrant is going to look.

Re:Fail (1)

machxor (1226486) | more than 3 years ago | (#35953122)

Maybe you haven't been following along but this unencrypted data was available on any computer you backed up to.

Re:Fail (1)

MobyDisk (75490) | more than 3 years ago | (#35953250)

The purpose of the encryption is to prevent a rogue app from mining that data.

1) So no one should encrypt private information if it is only kept on the device itself? So no need to encrypt your bank account files or password lists? No need to lock the doors to your house either.
2) This will not affect the battery life. Encryption is not that heavy.

Moving on (4, Insightful)

mudpup (14555) | more than 3 years ago | (#35952504)

Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

Re:Moving on (5, Interesting)

93 Escort Wagon (326346) | more than 3 years ago | (#35952712)

Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

That's a good point. Given their relatively short response and turn-around time on this, I'm wondering if Apple sees the possibility here for turning a negative situation into a positive. Don't get me wrong - I think Apple (and other vendors) should've been doing this from the get-go - but it will be interesting to see (for example) how Google responds, given that their business model is to own as much data about you as possible.

so what? (1)

doppelgaenger44 (1411121) | more than 3 years ago | (#35952532)

all this stuff should have been in the product requirements specification since they decided to collect all this data. and some of us more naive folks around even thought it was. so stupid!

Including the "obsoleted" phones? (1)

cgenman (325138) | more than 3 years ago | (#35952536)

My wife and I have 2g and 3g iPhones. Apple began blocking the installation of higher iOS systems at the end of the 3.1.3 and 4.2.2 lines, respectively. Since this is a global liability, will Apple update these old phones as well? Or do they remain an outstanding liability?

Re:Including the "obsoleted" phones? (3, Insightful)

Phleg (523632) | more than 3 years ago | (#35952664)

Out of curiosity: why? When the next version of the iPhone comes out, you can sell your existing one on eBay and buy the new one for a net profit of $50. $150 if you unlock it first.

Re:Including the "obsoleted" phones? (1)

Angostura (703910) | more than 3 years ago | (#35953016)

If you're worried, I suggest you turn off location services, delete the location cache from your desktop and restore the iPhone to factory settings. Problem solved... such as it was.

direct link (4, Informative)

bidule (173941) | more than 3 years ago | (#35952560)

Why not use the direct link [apple.com] as nothing was added and some was cut?

Re:direct link (4, Informative)

Americano (920576) | more than 3 years ago | (#35952734)

Just a wild, unscientific guess, but I'd say it's because linking to Apple's press release directly means that SecurityWeek doesn't get ad impressions from the slashdotting. The link goes to a SecurityWeek Article by Mike Lennon; TFS submitted by "wiredmikey," whose profile identifies him as "SecurityWeek Editor", and links to SecurityWeek.

Connecting the dots is left as an exercise for the reader.

Re:direct link (3, Funny)

Fnord666 (889225) | more than 3 years ago | (#35953144)

Connecting the dots is left as an exercise for the reader.

Because we sure in hell know the %$&*ing editors won't do it.

Re:direct link (1)

linuxpng (314861) | more than 3 years ago | (#35953160)

That requires clicking the link to the article.

Conclusion: (4, Insightful)

Lazareth (1756336) | more than 3 years ago | (#35952624)

A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.

Re:Conclusion: (1)

geekoid (135745) | more than 3 years ago | (#35952840)

What about people who are grabbed by their government? Now there Phone can be checked for locations and those location will be at risk whether or not they aided the dissenter.

So people in areas where there is an oppressive government, or a current uprise against the government, this is a very important issue. Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

Not useful for that purpose. (3)

SuperKendall (25149) | more than 3 years ago | (#35953014)

What about people who are grabbed by their government? Now there Phone can be checked for locations and those location will be at risk whether or not they aided the dissenter....Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

That's the thing though, it was NOT storing accurate location data. It's cell tower and some WiFi data, generally information you cannot use to tell you were at a specific house or even possibly neighborhood... think 1/4 to 1/2 mile radius, possibly a block but not a store.

Re:Conclusion: (1)

Americano (920576) | more than 3 years ago | (#35953194)

Know what cell tower you connected to is one thing, know the exact block or store you where in is another.

It's a good thing this database never provided that level of detail and precision then, wouldn't you say?

Re:Conclusion: (0)

Anonymous Coward | more than 3 years ago | (#35952872)

How was tracking a user a feature exactly?

Re:Conclusion: (1)

Angostura (703910) | more than 3 years ago | (#35953036)

The feature is "fast location lookups for the phone"

"Locally" still a risk (1)

1800maxim (702377) | more than 3 years ago | (#35953048)

I don't think that people who are worried about their privacy are concerned about being tracked via their cell phone. What privacy advocates are concerned about is the erosion of due process.

Having tracking information on a local device opens the potential for more risk (theft) and abuse (rogue law enforcement). There shouldn't be any reason why any police officer can get that information simply for pulling you over.

This is very simple to understand. No human being should be entitled to your tracking data without a good reason. You must be very naive to trust everyone with such data, which should not be collected in the first place.

And while we're on the subject, the Telco should not be storing your location data. It should be compelled to do so ONLY once a warrant is issued, from which point forward the Telco can begin recording the location of the target - helpful in criminal investigations, for example, or to build a case.

Re:Conclusion: (1)

metrometro (1092237) | more than 3 years ago | (#35953066)

> A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy.

Not local. The file was copied to any machine that syncs the device. In the case of corporate iPhones and iPads, it means your off-duty location track is sitting on a company owned system. On a corporate phone, it's not clear who owns that database, but in reality it's catch-me-if-you-can. Yes, I'd say that I "perceive" that to be a privacy violation.

Also, what the FUD? No features have been removed. You're free to ignore this stuff, but if you're going to comment on it at least recognize when "public outcry" made a bad situation a little better.

Re:Conclusion: (1)

gad_zuki! (70830) | more than 3 years ago | (#35953084)

Why is this perfectly sane? You only need my last couple hours worth of data for all the mapping functions. You don't need to cache every location since the day I booted the phone.

The grand result isn't nothing. Sure AT&T and Verizon know what towers you're on but thats not the same as storing your GPS location and now malicious apps can't read that data at all because its not there.

Re:Conclusion: (1)

Spykk (823586) | more than 3 years ago | (#35953244)

"Your honor, as you can see from these screenshots I ran the WifeSnoop app on our home computer and found out that my husband was in the neighborhood of his slut of an ex girlfriend on the date in question."
"That's where my dry clea..."
"GUILTY AS CHARGED."

Re:Conclusion: (1)

MobyDisk (75490) | more than 3 years ago | (#35953270)

The feature may have been reasonably sane, but the outcry was justified. Apple didn't tell anyone it was there, kept it way longer than necessary, and was not clear about what it was used for. Had they been clear from the beginning it would not be an issue. But their response now is quite sensible.

its not really a "phone" anymore (0, Interesting)

Anonymous Coward | more than 3 years ago | (#35952654)

Its a global consumer and user behavior monitoring device, with a phone tacked on.

Apple Scripture (0)

Anonymous Coward | more than 3 years ago | (#35952686)

Timeline check:

Article exposes / raises awareness of tracking / trackability.

Immediate shitstorm of Apple Worshipper hue and cry, "Cain't be! Android sucks! Jobs 4eva!"

Cops say, "We use and need this shit to make our lives easier, bitches."

God Jobs says, "And now behold, it is wisdom that this isn't happening. Resist the evil darkness that besmirches the holy name!"

And now the oracles at the temple have issued a proclamation that an update to the scriptures will "fix" this allegedly non-existent gaffe?

Ow! My beloved religion hurts!

p.s. More likely just make it harder to find, override, clear. L.E. will still have their access.

Translating to English (1)

Anonymous Coward | more than 3 years ago | (#35952698)

2. Then why is everyone so concerned about this?
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite.

A: Because they're idiots.

Encrypted On The iPhone... (0, Insightful)

Anonymous Coward | more than 3 years ago | (#35952726)

"Apple said that in the next major iOS software release the cache would be encrypted on the iPhone...."

Encrypted by Apple, so only Apple can only view & use it...!

damn, i liked this feature (1, Informative)

alen (225700) | more than 3 years ago | (#35952878)

it's the reason why my wifi only ipad knows exactly where it is just by the wifi access point it's connected to and nearby wifi access points. i thought it was very nice when i opened up the weather channel app for the first time on it and it knew where i was without me putting in a zip code. and it does this whenever i take it with me

Why collect WiFi hotspot data? (1)

1800maxim (702377) | more than 3 years ago | (#35952904)

I have a question, why collect WiFi hotspot data?

Remember when Google said that its collection of WiFi hotspots as part of Google Maps was "accidental"?

Now we learn that the Android phone is still collecting hotspot data and sending it to Google. Doesn't seem so accidental after all.

Why does any company need this? There is no advertising that is tied to your hotspot/MAC address.
What can they do with that information, and what can law enforcement do with it?

Re:Why collect WiFi hotspot data? (2)

Arlet (29997) | more than 3 years ago | (#35953026)

WiFi hotspot data can be used to figure out where you are, for when you don't have GPS, or when the GPS doesn't have a satellite fix yet.

Bluetooth (1)

Andy_w715 (612829) | more than 3 years ago | (#35952920)

great...how about fixing bluetooth connectivity now?

Encrypt a SQLite Database? (1)

Eponymous Coward (6097) | more than 3 years ago | (#35952966)

What's the best way to encrypt the database? Encrypt the row data (encryption is done before updating and decrypted after selecting), or encrypt the entire file (sql statements operate on plaintext)?

If only they encrypted it in the first place (1)

softWare3ngineer (2007302) | more than 3 years ago | (#35953130)

then the researcher wouldn't have found it, at it would of been a non-issue. :( this doesn't really change anything since most people will keep tracking turned on so they can use some social app that doesn't do much. soon we can go back to living in ignorance while our lives can be tracked and examined.

nothing to see here for iPhone 3G users (1)

niw3 (1029008) | more than 3 years ago | (#35953172)

If you are one, software updates should not bother you. Move on.

It's NOT tracking your location... Geez. (1)

minniger (32861) | more than 3 years ago | (#35953290)

From TFA:

3. Why is my iPhone logging my location? The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.

That is, it's keeping track of known locations near you so it can give you a quicker estimate of your location. Even sounds like this list of locations is downloaded from apple and not gathered by iOS. Why is this so hard for everyone to understand? This is exactly the kind of thing you want your devices to do. If they didn't have it everyone would be bitching about how long it takes for the phone to find your location.

I know, I know, I expect the internets to not be full of fools and trolls.

Sigh.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...