The problem is "consolidated.db" doesn't operate in accordance with the policies defined in that document. The user cannot turn it off and the data it stores is kept forever. Even if you get a new phone, the old data is copied to the new phone via iTunes.
They could be argued to be within the stated policy if turning off location services prevents transmission. I didn't see anything about the phone not recording cell towers and wifi points in that situation.
A very poorly written article filled with so many bad pieces of information that I'm not going to spend time debunking it.
I'll just say that, speaking as an small iPhone developer, my iPhone is now off and will stay off until this issue is resolved.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
They could be argued to be within the stated policy if turning off location services prevents transmission. I didn't see anything about the phone not recording cell towers and wifi points in that situation.
And perhaps Apple will make that argument to Congress. But I doubt it will get very far. Tracking someones movements whether they want it done or not is something that's done to criminals.
Anyway, bringing "consolidated.db" in line with the iPhone EULA (i.e. the user can turn it off) and encrypting the data would go a long way towards making me happy with how they're handling this data.
And there is no device or user data sent and all lat/long locations are converted to a zipcode and then immediately deleted.
Surely people expect apps that you allow know your device?s specific location will know your general location.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
Apple is collecting and storing your location data (presumably not anonymized, although may people don't seem to understand the difference).
Even if Apple is not collecting it then it is lying around unnecessarily unencrypted on your phone (although as has been pointed out before - there is likely much more sensitive information to be harvested from your phone).
Look, we know that this whole fiasco is nothing, but what does locating people when they call 911 have to do with private companies tracking you for business purposes?
Quote:
Originally Posted by solipsism
Where is Apple tracking YOU without your consent?
Quote:
Originally Posted by sprockkets
That's not what I asked or brought up.
I guess you were referring to Google/Android but it was too painful to you to actually mention them by name.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
Apple is collecting and storing your location data (presumably not anonymized, although may people don't seem to understand the difference).
Even if Apple is not collecting it then it is lying around unnecessarily unencrypted on your phone (although as has been pointed out before - there is likely much more sensitive information to be harvested from your phone).
It's also lying around on your computer via iTunes. From there, anyone can write a Mac or PC application that accesses the data. Two guys doing exactly that is what set this whole thing off to begin with.
And perhaps Apple will make that argument to Congress. But I doubt it will get very far. Tracking someones movements whether they want it done or not is something that's done to criminals.
Anyway, bringing "consolidated.db" in line with the iPhone EULA (i.e. the user can turn it off) and encrypting the data would go a long way towards making me happy with how they're handling this data.
On your first point - I agree, unless it is anonymized, in which case there is really no privacy issue. On your second - yes - it is hard to see why that would cause any problems and it would probably make a lot of people happier.
It's also lying around on your computer via iTunes. From there, anyone can write a Mac or PC application that accesses the data. Two guys doing exactly that is what set this whole thing off to begin with.
True, and maybe that could be an issue for some, but if someone obtained access to one of my machines then I would have a lot more to worry about than my iPhone location data. So maybe the backups should be encrypted by default.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
Apple is collecting and storing your location data (presumably not anonymized, although may people don't seem to understand the difference).
Even if Apple is not collecting it then it is lying around unnecessarily unencrypted on your phone (although as has been pointed out before - there is likely much more sensitive information to be harvested from your phone).
1) They said last year the zipcode they collect is anonymous. Not connection to a device or user.
2) Your phone isn?t open to the world. It?s not like you can read the info on the phone or copy to some other drive as easily as you see in movies by attached some dongle or getting near some BT receiver. And even if they could is that generalized location data really more important than the other data on your phone? Do people think that their contacts are stored in 5 layers of AES-256 encryption on their phone? And if it bothers people they can encrypt their backups on their ?PC? which also should be password protected.
1) They said last year the zipcode they collect is anonymous. Not connection to a device or user.
2) Your phone isn?t open to the world. It?s not like you can read the info on the phone or copy to some other drive as easily as you see in movies by attached some dongle or getting near some BT receiver. And even if they could is that generalized location data really more important than the other data on your phone? Do people think that their contacts are stored in 5 layers of AES-256 encryption on their phone? And if it bothers people they can encrypt their backups on their ?PC? which also should be password protected.
I personally agree that it doesn't seem like a problem at all - I was just pointing out that the main thrust of the complaints was not whether the apps know where you are, but further use of the data. I was not defending the logic of the complaints.
If this is the statement to which you refer, then it appears to state that the cell tower and wifi data contained within consolidated.db may be transmitted to Apple ...
It is and the data, when transmitted, is done so anonymously.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
I generally agree with your conclusions. Apple should encrypt the data for iPhone backups and limit the amount of stored location data. I'd only add the amount of data stored (including "none") should be a user option.
Points 1-4 that you used to arrive at your conclusions I think are all either wrong or irrelevant, but I don't feel like arguing them because the conclusions are the important part to me.
Edit:
Nice work on the app to read "consolidated.db". But as I mentioned earlier, I'd prefer to hear about these things from Apple, rather than a 3rd party. It may be that your situation in AZ is not the same for someone in, say, New York. Or there may be additional data we don't know about yet. Apple just needs to make a clarifying statement about their data policies.
Why is Daniel Erin Dilger still allowed to write for Apple Insider?
He apparently doesn't know the difference between a carrier providing a location to emergency services and a manufacture storing a persistent log of all locations.
I consider many bloggers to be journalists. But DED is no journalist... he's a fiction writer.
I won't be back to AI, which is a bit unfortunate, since the actual bloggers and journalists here can be insightful and informative. Sadly for AI one bad apple does indeed spoil the bunch.
It is and the data, when transmitted, is done so anonymously.
Yes. And if we accept their clear statement on this (which I am inclined to do), then the transmission/collection part of the complaint would seem to be unfounded. Of course others will likely choose to disbelieve them.
If this is the statement to which you refer, then it appears to state that the cell tower and wifi data contained within consolidated.db may be transmitted to Apple if:
The location services option is ON and,
The user launches an app that requests location services.
I posted that statement before I came to your post. The statement also says that it will transmit info even if location services are turned off. The other info is often info that being requested by apps,where your exact location is needed, and wanted, by both yourself, and the app, for the purposes you purchased the app. For example; where's the nearest Mexican restaurant? Well, not useful if the app doesn't know where you are.
But Apple is collecting triangulated locations of where you are mostly from cell tower info that's not very accurate for knowing exactly where you are, but accurate enough to know if enough towers are in place for a good signal. So it MAY have the info for several hundred to a couple of thousand feet of where you may be.
Yes. And if we accept their clear statement on this (which I am inclined to do), then the transmission/collection part of the complaint would seem to be unfounded. Of course others will likely choose to disbelieve them.
Just as a reminder, the issue isn't just whether or not Apple is collecting data. It's also who has access to your data via iTunes.
I posted that statement before I came to your post. The statement also says that it will transmit info even if location services are turned off. The other info is often info that being requested by apps,where your exact location is needed, and wanted, by both yourself, and the app, for the purposes you purchased the app. For example; where's the nearest Mexican restaurant? Well, not useful if the app doesn't know where you are.
But Apple is collecting triangulated locations of where you are mostly from cell tower info that's not very accurate for knowing exactly where you are, but accurate enough to know if enough towers are in place for a good signal. So it MAY have the info for several hundred to a couple of thousand feet of where you may be.
I still don't see where it says that the data may be transmitted if location services are off. I'm looking at page 7 main text and footnote 8. What am I missing?
Points 1-4 that you used to arrive at your conclusions I think are all either wrong or irrelevant, but I don't feel like arguing them because the conclusions are the important part to me.
Oddly, there is little indication my 4 points are wrong.
1) The EULA clearly spells out the use of location data and diagnostic data. There is no indication that opting out of sharing data when you init a phone results in transmission of data. Check out F-Secures tests on this matter. They do take exception to the dialog, however, by finding it a bit opaque.
2) Apple never claims that turning off Location services disables "consolidated.db". They simply claim that it disables location services for the "following apps". This is not opinion. It is fact. For confirmation, go to the indicated screen.
3) Location data is required if at all physically available to be served on 911 calls. Again, this is not opinion. It is fact. And it is a good thing. Accurate and fast geo location data can save lives when seconds count. Having the location data available quickly precludes deleting the "consolidated.db" file completely.
4) The other option to collect much of this data is to drive around in cars. This takes gas. Why not passively collect it and save 10,000,000 miles/year in driving? Works out to 1,000 tons of CO2 emissions/year. Given the .19 ppm/year rise in the past 10 years it is a small step, but small steps are not a bad thing.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
Exactly! From what I understand of this issue is that once you agree to do that, Apple collects this data, anonymously from then on. I don't pretend to know why the .db file is kept forever. Perhaps it's incase Apple's data gets lost or for some such reason. Unless it's a bug, and the data should be wiped after a week, or a month, or whatever.
I assume we'll hear whatever the situation is as soon as Apple's lawyers and people who work on this finish their response.
Comments
The problem is "consolidated.db" doesn't operate in accordance with the policies defined in that document. The user cannot turn it off and the data it stores is kept forever. Even if you get a new phone, the old data is copied to the new phone via iTunes.
They could be argued to be within the stated policy if turning off location services prevents transmission. I didn't see anything about the phone not recording cell towers and wifi points in that situation.
A very poorly written article filled with so many bad pieces of information that I'm not going to spend time debunking it.
I'll just say that, speaking as an small iPhone developer, my iPhone is now off and will stay off until this issue is resolved.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
http://www.noisetech-software.com/Di...atability.html
So from what I see, it is pretty clear:
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
They could be argued to be within the stated policy if turning off location services prevents transmission. I didn't see anything about the phone not recording cell towers and wifi points in that situation.
And perhaps Apple will make that argument to Congress. But I doubt it will get very far. Tracking someones movements whether they want it done or not is something that's done to criminals.
Anyway, bringing "consolidated.db" in line with the iPhone EULA (i.e. the user can turn it off) and encrypting the data would go a long way towards making me happy with how they're handling this data.
And there is no device or user data sent and all lat/long locations are converted to a zipcode and then immediately deleted.
Surely people expect apps that you allow know your device?s specific location will know your general location.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
Look, we know that this whole fiasco is nothing, but what does locating people when they call 911 have to do with private companies tracking you for business purposes?
Where is Apple tracking YOU without your consent?
That's not what I asked or brought up.
I guess you were referring to Google/Android but it was too painful to you to actually mention them by name.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
It's also lying around on your computer via iTunes. From there, anyone can write a Mac or PC application that accesses the data. Two guys doing exactly that is what set this whole thing off to begin with.
And perhaps Apple will make that argument to Congress. But I doubt it will get very far. Tracking someones movements whether they want it done or not is something that's done to criminals.
Anyway, bringing "consolidated.db" in line with the iPhone EULA (i.e. the user can turn it off) and encrypting the data would go a long way towards making me happy with how they're handling this data.
On your first point - I agree, unless it is anonymized, in which case there is really no privacy issue. On your second - yes - it is hard to see why that would cause any problems and it would probably make a lot of people happier.
It's also lying around on your computer via iTunes. From there, anyone can write a Mac or PC application that accesses the data. Two guys doing exactly that is what set this whole thing off to begin with.
True, and maybe that could be an issue for some, but if someone obtained access to one of my machines then I would have a lot more to worry about than my iPhone location data. So maybe the backups should be encrypted by default.
That does seem to be kind of essential, but the specific complaints, as I interpret them, are slightly different:
1) They said last year the zipcode they collect is anonymous. Not connection to a device or user.
2) Your phone isn?t open to the world. It?s not like you can read the info on the phone or copy to some other drive as easily as you see in movies by attached some dongle or getting near some BT receiver. And even if they could is that generalized location data really more important than the other data on your phone? Do people think that their contacts are stored in 5 layers of AES-256 encryption on their phone? And if it bothers people they can encrypt their backups on their ?PC? which also should be password protected.
1) They said last year the zipcode they collect is anonymous. Not connection to a device or user.
2) Your phone isn?t open to the world. It?s not like you can read the info on the phone or copy to some other drive as easily as you see in movies by attached some dongle or getting near some BT receiver. And even if they could is that generalized location data really more important than the other data on your phone? Do people think that their contacts are stored in 5 layers of AES-256 encryption on their phone? And if it bothers people they can encrypt their backups on their ?PC? which also should be password protected.
I personally agree that it doesn't seem like a problem at all - I was just pointing out that the main thrust of the complaints was not whether the apps know where you are, but further use of the data. I was not defending the logic of the complaints.
If this is the statement to which you refer, then it appears to state that the cell tower and wifi data contained within consolidated.db may be transmitted to Apple ...
It is and the data, when transmitted, is done so anonymously.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
http://www.noisetech-software.com/Di...atability.html
So from what I see, it is pretty clear:
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
I generally agree with your conclusions. Apple should encrypt the data for iPhone backups and limit the amount of stored location data. I'd only add the amount of data stored (including "none") should be a user option.
Points 1-4 that you used to arrive at your conclusions I think are all either wrong or irrelevant, but I don't feel like arguing them because the conclusions are the important part to me.
Edit:
Nice work on the app to read "consolidated.db". But as I mentioned earlier, I'd prefer to hear about these things from Apple, rather than a 3rd party. It may be that your situation in AZ is not the same for someone in, say, New York. Or there may be additional data we don't know about yet. Apple just needs to make a clarifying statement about their data policies.
He apparently doesn't know the difference between a carrier providing a location to emergency services and a manufacture storing a persistent log of all locations.
I consider many bloggers to be journalists. But DED is no journalist... he's a fiction writer.
I won't be back to AI, which is a bit unfortunate, since the actual bloggers and journalists here can be insightful and informative. Sadly for AI one bad apple does indeed spoil the bunch.
It is and the data, when transmitted, is done so anonymously.
Yes. And if we accept their clear statement on this (which I am inclined to do), then the transmission/collection part of the complaint would seem to be unfounded. Of course others will likely choose to disbelieve them.
If this is the statement to which you refer, then it appears to state that the cell tower and wifi data contained within consolidated.db may be transmitted to Apple if:
I posted that statement before I came to your post. The statement also says that it will transmit info even if location services are turned off. The other info is often info that being requested by apps,where your exact location is needed, and wanted, by both yourself, and the app, for the purposes you purchased the app. For example; where's the nearest Mexican restaurant? Well, not useful if the app doesn't know where you are.
But Apple is collecting triangulated locations of where you are mostly from cell tower info that's not very accurate for knowing exactly where you are, but accurate enough to know if enough towers are in place for a good signal. So it MAY have the info for several hundred to a couple of thousand feet of where you may be.
Yes. And if we accept their clear statement on this (which I am inclined to do), then the transmission/collection part of the complaint would seem to be unfounded. Of course others will likely choose to disbelieve them.
Just as a reminder, the issue isn't just whether or not Apple is collecting data. It's also who has access to your data via iTunes.
With that said, I'm off to bed.
I posted that statement before I came to your post. The statement also says that it will transmit info even if location services are turned off. The other info is often info that being requested by apps,where your exact location is needed, and wanted, by both yourself, and the app, for the purposes you purchased the app. For example; where's the nearest Mexican restaurant? Well, not useful if the app doesn't know where you are.
But Apple is collecting triangulated locations of where you are mostly from cell tower info that's not very accurate for knowing exactly where you are, but accurate enough to know if enough towers are in place for a good signal. So it MAY have the info for several hundred to a couple of thousand feet of where you may be.
I still don't see where it says that the data may be transmitted if location services are off. I'm looking at page 7 main text and footnote 8. What am I missing?
Just as a reminder, the issue isn't just whether or not Apple is collecting data. It's also who has access to your data via iTunes.
With that said, I'm off to bed.
Agreed - that is why I said just the collection/transmission part of the complaint would be unfounded.
Points 1-4 that you used to arrive at your conclusions I think are all either wrong or irrelevant, but I don't feel like arguing them because the conclusions are the important part to me.
Oddly, there is little indication my 4 points are wrong.
1) The EULA clearly spells out the use of location data and diagnostic data. There is no indication that opting out of sharing data when you init a phone results in transmission of data. Check out F-Secures tests on this matter. They do take exception to the dialog, however, by finding it a bit opaque.
2) Apple never claims that turning off Location services disables "consolidated.db". They simply claim that it disables location services for the "following apps". This is not opinion. It is fact. For confirmation, go to the indicated screen.
3) Location data is required if at all physically available to be served on 911 calls. Again, this is not opinion. It is fact. And it is a good thing. Accurate and fast geo location data can save lives when seconds count. Having the location data available quickly precludes deleting the "consolidated.db" file completely.
4) The other option to collect much of this data is to drive around in cars. This takes gas. Why not passively collect it and save 10,000,000 miles/year in driving? Works out to 1,000 tons of CO2 emissions/year. Given the .19 ppm/year rise in the past 10 years it is a small step, but small steps are not a bad thing.
As a small developer myself, what issue? I decided to check out just how accurate the data is that is collected in regard to my true location. Over a 36 hour period, I found it could pin point my location within the Phoenix metro to within a 43 square mile area.
http://www.noisetech-software.com/Di...atability.html
So from what I see, it is pretty clear:
1) When you upgrade an iOS device or activate it, you are given an option to Opt-Out of sharing data with Apple. This falls under the "Diagnostic and Usage Data". Clicking on "Details" will spell out things more. With the Opt-Out set, you will still get location data available on the device but items like crash logs and location data will not be shared.
2) Under Settings->General-Restrictions, you can turn off Location for the "Following Apps". Apple never claims, for those that read, that all location data is turned off. Just specific apps cannot use location data.
3) Location data is still used for things like emergency calling where rapid and accurate location determination can be life saving.
4) Passively collecting this data VS driving cars (like Foursquare and Google with StreetView) saves about 1000 tons of CO2/year from being emitted.
The only real issue is Apple needs to simply cull the data and not keep an infinite amount. Keep 2 weeks or 2 months or some set amount that is reasonable to achieve the desired effect. Likewise, using the Data Protection APIs (if they are not already) to make sure the actual data is encrypted on the device. For those that think this is an issue, it is easily handled by the user by using strong pass codes on handsets, logins and encrypted iPhone backups.
Exactly! From what I understand of this issue is that once you agree to do that, Apple collects this data, anonymously from then on. I don't pretend to know why the .db file is kept forever. Perhaps it's incase Apple's data gets lost or for some such reason. Unless it's a bug, and the data should be wiped after a week, or a month, or whatever.
I assume we'll hear whatever the situation is as soon as Apple's lawyers and people who work on this finish their response.