Originally Posted by SolipsismX
I really don't know why this is such a hard concept.
The mention of the hash was a future option from Apple to allow the addition of an MD5, SHA-1 or similar cryptographic hash function that can be stored for each node, and the app (or a connected server) so it can be verified.
I fully understand the general scheme of how beacons work (though that was actually a very good description on your part, perhaps the most concise that I've read, but I'm also not a fan of any
location-tracking tech, so I admittedly have not read a lot).
What I'm talking about here that you're apparently not getting, is that afaik
there is no protection against impersonating Beacon IDs. That's what I think/thought you were referring to with the hash, so I'm just echoing your initial concern. Unless I'm mistaken about this, it could be a problem in the future. As for the potential magnitude of the problems this might cause, maybe "huge" is a stretch if we're only thinking about the obvious right now, but any time there is potential for abuse, miscreants will find a way to do so to the maximum extent possible. And as I stated earlier, I think it's fixable, so I'm not super concerned about it.
If there are protections against impersonating beacons, I'm happy to be corrected. Otherwise, I guess we can just disagree on the magnitude of potential for abuse.
How will they be able to collect data when they are not running? They are not running!
This part you're wrong about. I said:
The aspect that's most troublesome to me about the beacons is that apps are still able to collect data when they're supposedly not running.
Not the emphasized "supposedly". When someone hard-quits an app and it's not active, nor in their tray, the expectation is that app is not running. Like full-stop not running. Unless someone is a techie (tiny minority), they are not going to understand that these apps are actually still active in the background even when they're not in the tray. That's not cool, no matter how minor an issue it might be, and it kind of reeks of google-esque behavior, even though I don't think Apple is doing it for the same kind of reasons google and facebook and their ilk pulls their crap.
Gatorguy was kind enough to point out this conversation:
in which the author clearly considers this as an "improvement". Most of the developers appear to be excited (devs love new tech), but the last couple comments (not me! I just saw this article) have the same problems with it that I do.
But let's say they are, if you have given any app access to your GPS location, contacts, internet, whatever then you're giving it a lot more access than some very short range BT node that might randomly encounter… but you still need to have installed, location services enabled, and for those node IDs sent to the system to monitor. How are all these checks from the system and the very small range of a BT signal a huge issue, especially when compared to giving an app your actual location, contacts, calendar, and access back to its servers?
Now will Macy's record when you are in contact with their store's nodes? I can't imagine why they wouldn't, but you still will have to have installed their app, location services and app background refresh enabled, BT on, and be next to each node before any of the chain reaction happens to give the Macy's app the small package of data from the node.
Worrying about iBeacons is like worrying about the calories of an extra piece of broccoli but then completely ignoring that you had cheesecake for dessert.
You're mischaracterizing my concerns. I'm VERY
concerned about all the other stuff. Far more so than beacons. And no, I am in no way hypocritical, I walk the walk, and it poses more and more challenges as things like location-tracking get embedded into our culture. I do not, and never have, enabled any kind of location services, and in fact take great care in other areas as well, which I won't get into here. A 24/7/365/lifetime surveillance society is where we are headed, and it's pretty disgusting. That's a MUCH bigger problem than silly beacons, but that doesn't mean small issues around the edges shouldn't be addressed. As a Beacon developer
stated on that blog:
I think this is bad idea. Any app the needs to run in background should be granted that right on the “Background App Refresh” menu. Allowing individual Apps to do so opens security and power consumption issues the average user many not be aware of, especially when they might rightfully assume such privileges are granted on the background app refresh menu. There is no reason to hide this, we need to be forthright with our users!
Ultimately, this is the problem I have. Apple needs to be absolutely forthright and transparent about how stuff works, and a simple setting should be exposed to give users control. A user might choose to install something to give it a quick try, say a Starbucks beacon-enabled app. They decide they don't want to use it now, but maybe they'll keep it around to check it out in the future, so they quit the app and forget about it among the hundreds of apps on page 10 of their phone. AFAIK, with GPS-tracking, when you quit the app, you're no longer providing location data to the app, but with beacons, the app will continue to track this person's Starbucks visits forever. Is this a minor thing? Maybe in the scope of all the other tracking crap that's happening, but it doesn't mean it's wrong to point it out and push for a change.