Jump to content

IPhone store your whereabouts

splashy

By splashy
in GPS technology and devices

Followers 1

Recommended Posts

CacheFreakTim

+CacheFreakTim

Posted
Posted

Ya I saw that. Its scary but at the same time not a big deal. The data is stored on your machine so unless someone breaks into your house I think you will be ok. I installed it on my machine and it does show everywhere I have been for the three years. It was interesting to go back and see all the places I Geocached in with my iPhone over the last year too ;)

Link to comment
Gushoneybun

+Gushoneybun

Posted
Posted (edited)

Ya I saw that. Its scary but at the same time not a big deal. The data is stored on your machine so unless someone breaks into your house I think you will be ok. I installed it on my machine and it does show everywhere I have been for the three years. It was interesting to go back and see all the places I Geocached in with my iPhone over the last year too ;)

 

According to the news here in the UK when you sync your iphone it uploads the data to Apple's website! I have no idea how many iphones are out there but I really doubt anyone at Apple will sift through all the data to find out where you have been. But then what do they do with it :huh:

Edited by Gushoneybun
Link to comment
user13371

+user13371

Posted
Posted (edited)

Reality check -- are you terrified yet?

 

I downloaded the example app and looked at my phone's stored data -- and can see that anyone with access to my phone or computer could tell at a glance that I live and work in Portland Oregon. With a little deeper analysis, that I live in the outer southeast and work downtown -- and go down to the coast sometimes. It doesn't look like the database could pinpoint my house, office, or where to get the best Ethiopian food in town -- but my contact list could tell you that.

 

But you don't need to grab my phone to know that -- I just told you and it's a low-risk disclosure. Truth is, if you DID get your hands on my phone, computer, or even my wallet, you'd have access to a lot more useful (or damaging) stuff than just where I hang out. The only difference is that everybody KNOWS what kind of stuff we carry in our wallet and what to do if we lose it. It comes as a bit of a surprise to some folks what's in our cell phones, and not everyone knows how to protect it.

 

Lose your wallet? Call the credit card companies and bank to freeze/or cancel the account numbers. Lose your phone? Locate or wipe it.

 

Apart from a reminder that you have to protect their phone as closely as your wallet -- is this really a worry to anyone?

Edited by Portland Cyclist
Link to comment
northernpenguin

+northernpenguin

Posted
Posted (edited)

Ya I saw that. Its scary but at the same time not a big deal. The data is stored on your machine so unless someone breaks into your house I think you will be ok. I installed it on my machine and it does show everywhere I have been for the three years. It was interesting to go back and see all the places I Geocached in with my iPhone over the last year too ;)

 

According to the news here in the UK when you sync your iphone it uploads the data to Apple's website! I have no idea how many iphones are out there but I really doubt anyone at Apple will sift through all the data to find out where you have been. But then what do they do with it :huh:

 

I seriously doubt that.

 

iTunes connects to Apple if you have it set to check for updates automatically:

 

iossettings1.jpg

Edited by northernpenguin
Link to comment
user13371

+user13371

Posted
Posted (edited)
According to the news here in the UK when you sync your iphone it uploads the data to Apple's website!

Nope. The article cited at the beginning of this thread deals with a data file that resides on the phone only, and gets backed up to any computer you sync with. Doesn't go anywhere else. As far as anyone can tell so far (cue sinister chuckle).

EDIT: Correction -- your phone's location history gets uploaded to Apple twice a day. In an anonymized form -- that is, Apple know that "an iphone" was at specific locations and they use this to build a location database. Apple does NOT retain the specific device or user info.

 

See also: http://www.f-secure.com/weblog/archives/00002145.html

Edited by Portland Cyclist
Link to comment
CacheFreakTim

+CacheFreakTim

Posted
Posted
...I installed it on my machine and it does show everywhere I have been for the three years...

Really? The 'feature/bug/exploit' discussed in the linked article has only been around since iOS 4 was released in June.

 

Your right. Now that I look again it goes back to mid last year. I saw it had me in Detroit and i assumed it was from a trip 3 years ago. Now that i look at it the date was more recent.

 

I will say it did not start with the iPhone 4 because it has the data from when I still had my iPhone 3GS. Unless this changes it looks like the data is collected no matter what iPhone you use.

Link to comment
user13371

+user13371

Posted
Posted (edited)
I will say it did not start with the iPhone 4 because it has the data from when I still had my iPhone 3GS. Unless this changes it looks like the data is collected no matter what iPhone you use.

Actually, it has ALWAYS collected (and backed up) this data, from day one. But prior to iOS version 4 released last June, older data was routinely cullled and it only kept a fairly short/recent history. There's some discussion in other tech blogs whether this is on purpose, or if someone Apple programmer just made a change that goofed up the code for purging old data.

 

As for being able to see the data on your older model 3GS, this would happen if you have the newer iOS version on it. The issue is in the operating system, not the phone hardware.

Edited by Portland Cyclist
Link to comment
dakboy

+dakboy

Posted
Posted (edited)

In addition to Portland Cyclist's on-the-ball observations:

 

Your cell phone carrier knows where you are, within a few blocks, regardless of how "smart" or dumb your phone is. Whether it's an iPhone, the latest HTC Thunderbolt, a Crackberry, or the cheap 4-button phone you give your 8 year old with 4 emergency numbers pre-programmed into it.

 

And they've had the ability to keep a log of those movements for at least a decade.

 

People are worried about a little location data being stored on the phone? Your contact list is far more useful to someone with nefarious purposes than knowing where you were.

 

If the software used to cull the data on a more regular basis, it's quite possible that someone simply flubbed the units while changing the interval to a slightly longer, but still reasonable duration.

Edited by dakboy
Link to comment
northernpenguin

+northernpenguin

Posted
Posted

If you want the information removed, you can do that on a Jailbroken iPhone.

 

TiPB reports it is simply a bug that will be fixed.

 

Also, as the original article points out, you gave permission for Apple to do just that when you skimmed over the terms and conditions for your iPhone:

 

Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services".
Link to comment
user13371

+user13371

Posted
Posted
I can't image this is a bug. ... I am thinking this was intentional.

Of course collecting the data is intentional. What's getting attention at the moment (and may indeed be a bug or oversight) is that it's in an unencrypted file that never gets purged.

 

For what purpose? We may never know now.

Apple makes no secret about how and why they collect the date. Good reading here: http://www.f-secure.com/weblog/archives/00002145.html

Link to comment
Team Pwiiq

+Team Pwiiq

Posted
Posted

Collecting is not a bug. Lack of a secure file could be a bug and expect to see this patched quickly. I do IT support and have already had a couple employees come up acting like the world is ending because Apple is tracking them! Most of the articles that are comming out about this are written to scare the public. People would rather read a story with drama than just that Apple gets anonymous information from your phone which you give it permission to when installing iTunes. With the ease of setting up the findmyiphone app if you lose your phone you can easily lock and wipe it. If you dont take the 5 minutes to set this up then its your own fault. Besides if I wanted to know where you lived there are a heck of a lot easier ways to find that out other than stealing your phone. Sometimes it takes nothing more than a Google search or a phone book.

Link to comment
DanOCan

+DanOCan

Posted
Posted

My reaction was "Meh."

 

Anyone who wants to know where I am can simply check my latest check-in on foursquare or can simply check the Social Media section of my website.

 

It's like I told Mrs. DanOCan -- if someone gets physical access to my phone or my computer then the location data is the least of my worries. :laughing:

Link to comment
dakboy

+dakboy

Posted
Posted

Anyone who wants to know where I am can simply check my latest check-in on foursquare or can simply check the Social Media section of my website.

Difference is, those are places where you voluntarily post your location. This tracking isn't.

 

But this tracking is less specific than you checking into Starbucks via FourSquare.

Link to comment
user13371

+user13371

Posted
Posted (edited)
Difference is, those are places where you voluntarily post your location. This tracking isn't. ... but this tracking is less specific ...

To expand on that "less specific" point -- Apple's tracking is anonymized (at least they say it is).

 

While the detailed data is certainly on your phone and backed up to your computer, what gets sent to Apple doesn't retain the device and user information. In other words, Apple says they're only collecting info like "An iPhone was at these locations, and here are the details about WiFi hotspots in relation to cellphone towers." That's useful for Apple to build their their location database; constantly polling millions of iPhones in use is a lot cheaper and better for them than paying Skyhook for a similar location service. It's also quite a bit different and less worrisome than transmitting specifics like "Lee's iPhone was at SW 3rd and Pine at 0700, and at SW 1st and Oak 15 minutes later."

 

Of course, myriad other apps (like the Geocaching app) DO send device and user-specific data back and forth. iDevices would be a lot less useful without this! And as Dakboy points out, they're all voluntary, you opt-in to use them. And you can uninstall or shut them off in Location Services any time you want.

 

Guess I just said the same thing as Dakboy, but with a lot more words. Dakboy, I commend you on your economy of style :)

Edited by Portland Cyclist
Link to comment
ecanderson

+ecanderson

Posted
Posted

Ready for that warrant or grand jury subpoena for your iPhone so that your whereabouts on December 14th, 2010 can be verified? That's the problem of tracking for unnecessarily long periods and not encrypting the data.

 

My TomTom GPS tracks both location and speed information for purposes of acting as a "probe" for traffic info gathering and since it's a Live model, for live traffic information redistribution to users. But not only is the data anonymous, it's cleared after transmission, and is encrypted to boot. Best practice is understood in the industry, and Apple should have used the same methods.

Link to comment
user13371

+user13371

Posted
Posted (edited)
Tom Tom probably tells its users this up front.

So does Apple. It's just that nobody reads all of the fine print -- or even think about it too closely.

 

GC.com knows exactly where you are when you query for nearby caches.

The local transit company knows exactly where you are when you check nearby bus schedules.

Every location-specific ad you get embedded in your web browser or other app knows where you are.

 

And at deeper level most people don't really think about -- a lot of other iPhone location-aware magic works simply because Apple IS querying location data from millions of phones in use, updating their own location databases constantly. It's magic because it just works and you don't HAVE to think about it.

 

On the one hand, the thing would be a lot less useful if it couldn't do all that. But on the other hand -- someone frames it as a privacy issue and suddenly a bunch of folks blink and go "Huh?! My phone is telling Apple &c where I am? How dare they!"

 

This sort of trade off has been obvious -- for decades -- to anyone who really thought about it. John Brunner envisioned it in 1975 (Shockwave Rider). Among other things, he foretold people suffering breakdowns from worrying about how much "the net" knew about them and that someone else might gain unfair advantage from it.

 

You have zero privacy anyway. Get over it.

Edited by Portland Cyclist
Link to comment
ecanderson

+ecanderson

Posted
Posted

I think the difference is Tom Tom probably tells its users this up front. Also I think the main reason people are scared is because phones are much more personal. It has access to their address book, photos, email, phone numbers, passwords, etc, etc, etc....

Actually, TomTom doesn't say what exactly they're collecting nor how it will be used, only that it will be collected anonymously. However, if you dig deeper, it is then you find that they are good enough to not only encrypt the data, but delete it from your unit after transmission. As I say, if Apple had been swift enough to have done those things, people might be far less concerned. As it is, you might as well carry a GPS tracker on your person. Until recently, the average Joe would have had no clue that he was carrying around a tracklog that could be obtained either legally or illegally if another party could get access to his phone. That's NOT the case with TomTom, so there's no comparison.

 

Whether the fine print explains it at all well for either company (and it doesn't in either case), at least TomTom takes some care with the tracking data stored on its users devices. Apple does not.

Link to comment
user13371

+user13371

Posted
Posted (edited)

You're unfairly singling out Apple here.

If anyone (police or bad guys) gets their hands on your smartphone or your personal computer, you are pwned. Doesn't matter what make or model the device is.

 

That's neither a defense of Apple nor a criticism of any other manufacture -- it's just a fact of life. Even though Apple should do more to protect data security (as in, consolidated.db should be encrypted by default), the reality is that no matter how secure you think a device is, there are forensic tools that'll open it up. True of every consumer device available now and I don't expect that to ever change. Consumer devices are not built to military specs and you couldn't afford them if they were.

Edited by Portland Cyclist
Link to comment
user13371

+user13371

Posted
Posted

100% correct Greg.

 

Shoot, we don't even need your GPS or your phone, a prolific cacher like you leaves trails online of where you've been. Likewise for the less prolific cachers like me. And Geocaching is a pretty weak tracking tool compared to many other social networks and online communities.

 

I suppose if you were a hermit named John Smith living completely "off the grid," you might be untraceable. Good luck with that.

Link to comment
dakboy

+dakboy

Posted
Posted

Ready for that warrant or grand jury subpoena for your iPhone so that your whereabouts on December 14th, 2010 can be verified? That's the problem of tracking for unnecessarily long periods and not encrypting the data.

Wouldn't they need a password to access that, and isn't witholding passwords protected by the 5th Amendment?
Link to comment
kunarion

+kunarion

Posted
Posted (edited)
Your cell phone carrier knows where you are, within a few blocks, regardless of how "smart" or dumb your phone is. Whether it's an iPhone, the latest HTC Thunderbolt, a Crackberry, or the cheap 4-button phone you give your 8 year old

And that location data's likely stored by the cell phone carrier. If it's not a Federal requirement to save that info, which it probably is (for *ahem* "patriotic" purposes), it's at least kept for resolving billing disputes.

 

At least with iphone, maybe you can see what the phone company sees.

Edited by kunarion
Link to comment
user13371

+user13371

Posted
Posted (edited)
Wouldn't they need a password to access that, and isn't witholding passwords protected by the 5th Amendment?

A password is about as secure as the cylinder lock on the front door of your house. It just slows down folks who weren't serious about breaking in anyhow. Someone wants in, they'll find a way in. See Cellebrite for example.

 

As far as ECAnderson's dire warning that someday the police might get a warrant to sniff your phone and computer -- that's already been happening for years. And lately the ACLU is upset that Michigan State Police have got been using such Data Extraction Devices with questionable lack of regard for due process.

Edited by Portland Cyclist
Link to comment
CacheFreakTim

+CacheFreakTim

Posted
Posted

At last Apple has something to say on the subject:

http://www.apple.com/pr/library/2011/04/27location_qa.html

 

Believe them? And if so, do these explanations satisfy your curiosity and concern?

 

It sounds reasonable to me. The only thing that came off like BS is where they said it was a bug causing it to hold a year of data instead of 7 days. This is on par for what I expected Apple to say about the issue. It looks as if an update will be put out to fix this "bug" so it seems this will not be as big of a deal as what everyone is making it out to be.

Link to comment
ecanderson

+ecanderson

Posted
Posted

As far as ECAnderson's dire warning that someday the police might get a warrant to sniff your phone and computer -- that's already been happening for years.

It wasn't a warning that it might happen someday - it was a warning that there's no reason to think it can't happen to you. I read the news. My warning is that we now know of yet another source of data that shouldn't be available to anyone but the owner.

 

And your statement that all consumer electronics can be cracked... if an SSL layer encryption can be cracked (within anything close to a reasonable length of time), then yes, the data on a recent model TomTom can be gathered before it is transmitted. Let me know which LEO has the computer to crack that, will you? Yes, they're using SSL to communicate with the units now, on top of encrypting the data on the unit (something they've done on previous models as well). As I say, TomTom seems to have got it right. Apple has not. Not too complicated.

Link to comment
ecanderson

+ecanderson

Posted
Posted

At last Apple has something to say on the subject:

http://www.apple.com...ocation_qa.html

 

Believe them? And if so, do these explanations satisfy your curiosity and concern?

Whether I believe their rationale is irrelevant. It's action, not intent, that's important here. The content being held on the unit in unencrypted form is relevant. It seems that they are acknowledging only that the excessive retention period of the log data needs to be corrected. Well, that's a half-arsed attempt to solve the problem, but still isn't state-of-the-art by any means.
Link to comment
splashy

+splashy

Posted
  • Author
Posted

It's important to KNOW what really happens to your given data.

In my opinion it's a bit childish to say "I've nothing to hide", well they make you sooner or later.

 

The collected user data from Tom Tom to avoid traffic jams is used (sold) to a thirdparty, who is selling it to police,

so they know where to setup a traffic/radar trap.

 

CEO of Tom Tom was not aware of this and is trying to stop this.

Link to comment
user13371

+user13371

Posted
Posted (edited)
...The content being held on the unit in unencrypted form is relevant. It seems that they are acknowledging only that the excessive retention period of the log data needs to be corrected.....

You must have stopped reading the release a paragrah a few bullet points too soon; Apple does plan to address both the retention time (minor update coming soon) as well as encrypting it on the device (next major release). I have no crystal ball but I'd guess the next major iOS release between June and September, the rumored time frame for the next iPhone hardware release.

 

As far as it not being encrypted originally, I suppose Apple figured requiring root access would be enough of a protection against casual access. But encrypted or not, if you lose your phone -- to the police or the bad guys -- I think the contents of this database are the least of your worries.

Edited by Portland Cyclist
Link to comment
CacheFreakTim

+CacheFreakTim

Posted
Posted

As far as it not being encrypted originally, I suppose Apple figured requiring root access would be enough of a protection against casual access. But encrypted or not, if you lose your phone -- to the police or the bad guys -- I think the contents of this database are the least of your worries.

 

That is a very good point. If someone can get close enough to me to steal my phone or my computer I have bigger problems then them finding out where I drive. I also think it would be funny if someone lost their phone and used the data to find out where I live and deliver it back to me.

Link to comment
user13371

+user13371

Posted
Posted
I also think it would be funny if someone lost their phone and used the data to find out where I live and deliver it back to me.

The wallpaper on my lock screen reads "If found, please call ###-###-####" with my Google Voice number displayed. I can also use Find my iPhone / Mobile Me to locate the phone, send a message to the lock screen, or wipe it.

 

So in my case, the only way your funny scenario could play out is if someone got it back to me before I noticed it was missing :)

Link to comment
user13371

+user13371

Posted
Posted (edited)
...the collected user data from Tom Tom to avoid traffic jams is used (sold) to a thirdparty, who is selling it to police, so they know where to setup a traffic/radar trap.

Y'know, I see no problem with that at all.

 

The data TomTom was selling to third parties was not specific user or device information nor related to tracking any private activity -- it was bulk data about traffic patterns. Completely fair game for the police to use that (or any other public or commercial data source) to figure out where to step up speed enforcement activity. Of course, I also think it's completely fair for motorists to download crowd-sourced updates about where the speed traps are, too.

Edited by Portland Cyclist
Link to comment
TL&MinBHIL

+TL&MinBHIL

Posted
Posted

I downloaded one of the programs today that allows you to see the stored data on a Windows PC (the first one that came out was for a Mac). There's really not too much to be worried about. Apple had said that it uses cell towers & WiFi hotspots when collecting this data and that it could actually use a tower that's 100 miles from you. I see this to be quite true because the map of my "locations" shows places that I was nowhere near. It even showed that I was in places today 20-30 miles from home when in fact I had never left the house. It was merely bouncing off cell towers. So people shouldn't worry too much about this being pinpoint accurate.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 1
Go to topic listing
×
×
  • Create New...