Apple again sued over iPhone location data, personal information

13567

Comments

  • Reply 41 of 122
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by iBill View Post


    Yes. magicj should be on the ignore list and is now. I feel much better.



    Same here.



    I would like to request that AI add a feature on the blog that also hides replies containing quotes from to those on your ban list.
  • Reply 42 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by d-range View Post


    As far as I understand this whole location cache thing, no data is collected if you turn off location services. Location data is pushed to your phone. Which effectively means you can deduct a coarse approximation of the location of the phone at a certain point in time, but it doesn't involve 'collecting location data', unless you include sending anonymized information about what cell tower you are near in that definition, which would mean every cell phone in existence is in violation.



    ● The data was being collected even when location services were turned off.

    ● The data was being collected hundreds, even thousands, of times per day (not the twice per day that some folks on this message board were claiming).

    ● The data was being stored for at least 1 year.

    ● The data _absolutely_ gave your location. Your location was triangulated off of cell towers and such in your area.

    ● The location was designed to have a minimum granularity of 1000 yards.

    ● Testimony made to Congress showed it was capable of tracking location within 20 feet.



    Quote:
    Originally Posted by d-range View Post


    If you leave out the emotional reasoning and just look at this issue rationally, it's obvious to anyone that Apple was not 'tracking you', that they didn't intentionally log your location to use it for some purpose other than to make your phone work better, and that the only mistake they made was being naive about the size of the location cache. Nothing more.



    ● The inability to turn off tracking ran directly counter to Apple's privacy policy. This fact alone means they could have been sued and/or subject to investigation by regulatory agencies.

    ● Copying the location data to the user's computer opened up a security hole that could have allowed them to be tracked via a trojan.



    There is no question that Apple's claim that the information on the phone did not track the user's location is bogus. This is verified by:



    ● Expert testimony to Congress.

    ● The originators of the technology being used clearly stating the purpose of the technology is to determine the location of the phone.

    ● It also takes only a moment to figure out that the iPhone cannot guess what cell towers, etc, are near its location without knowing its location to a reasonable degree of accuracy.



    As to the rest of your post, I will say it once again: We are past the point of pretending this wasn't a problem. We are now at the point of wondering what kind of legislation Congress will impose upon Apple and other companies for their additional flaws in handling customer privacy.
  • Reply 43 of 122
    tctomtctom Posts: 3member
    The problem discussed here is really irrelevant. Privacy is now a non-issue. What is the information that is generated by financial institutions and credit card companies. Is it less than collected by Apple? Is it less than Google? How about hackers having access to passwords, credit card numbers? How about the recent disclosures by a supplier to banks, among others? Telephone companies have this same information. Up in arms about that? All computers can be hacked. Computer users effectively invite invasion of their machine by responding to spam. Information on social sites? Please.



    I agree privacy issues are a serious matter, but what is being done about it is laughable. People will complain about who they don't like and pay no attention to those they like. Take on the entire issue. Remember, state sovereignty rested on two issues: does the government control the population, and can the state defend its borders. No state can, as witness the actions of many states, including the USA. It is looking like 1984 is becoming a reality. Who is fighting the entire issues?
  • Reply 44 of 122
    freerangefreerange Posts: 1,597member
    Quote:
    Originally Posted by magicj View Post


    ● The data was being collected even when location services were turned off.

    ● The data was being collected hundreds, even thousands, of times per day (not the twice per day that some folks on this message board were claiming).

    ● The data was being stored for at least 1 year.

    ● The data _absolutely_ gave your location. Your location was triangulated off of cell towers and such in your area.

    ● The location was designed to have a minimum granularity of 1000 yards.

    ● Testimony made to Congress showed it was capable of tracking location within 20 feet.





    ● The inability to turn off tracking ran directly counter to Apple's privacy policy. This fact alone means they could have been sued and/or subject to investigation by regulatory agencies.

    ● Copying the location data to the user's computer opened up a security hole that could have allowed them to be tracked via a trojan.



    There is no question that Apple's claim that the information on the phone did not track the user's location is bogus. This is verified by:



    ● Expert testimony to Congress.

    ● The originators of the technology being used clearly stating the purpose of the technology is to determine the location of the phone.

    ● It also takes only a moment to figure out that the iPhone cannot determine what cell towers are near its location without knowing its location to a reasonable degree of accuracy.



    As to the rest of your post, I will say it once again: We are past the point of pretending this wasn't a problem. We are now at the point of wondering what kind of legislation Congress will impose upon Apple and other companies for their addition flaws in handling customer privacy.



    STFU - you are a tiresome bore!
  • Reply 45 of 122
    hill60hill60 Posts: 6,992member
    Quote:
    Originally Posted by magicj View Post


    It's your choice to throw away personal information in the trash.



    There's nothing wrong with companies collecting personal information with your permission. It's when they do it without your permission, and sometimes even without your knowledge, that there's a problem.



    And as I said, we're past the point where these kinds of denials are useful.



    Just as it was your choice not to encrypt your iPhone back up so that the database of cell tower locations (when it existed) was accessible to those who had access to your computer.
  • Reply 46 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by hill60 View Post


    Just as it was your choice not to encrypt your iPhone back up so that the database of cell tower locations (when it existed) was accessible to those who had access to your computer.



    Already discussed in post #25 http://forums.appleinsider.com/showp...1&postcount=25 and post #7 http://forums.appleinsider.com/showp...94&postcount=7
  • Reply 47 of 122
    ungenioungenio Posts: 49member
    What I understand is that Apple downloads the locations of all the cell towers and hotspots in the same area the user is, if they are not in the phone already. Then, looks for location of the towers and hotspots it is connected or identifiable, and uses these locations to calculate user position. So: a) all tower locations downloaded at the same time form an area of a hundred miles radius, you can only say that a user was at certain dowloading time within that area. b) These are not locations identified by the phone, you can not calculate user position with this data. At most, it would seem user was at all dowloaded tower and hotspots positions AT THE SAME TIME. c) all user in the same area would seem to have at exactly the same locations.

    It would be helpful if those programs showing "user location" showed positions that have the same time, and also somebody could compare the purportedly locations of two users separeted by, say, 20 miles, and determine if they have exactly the same locations
  • Reply 48 of 122
    blah64blah64 Posts: 993member
    Quote:
    Originally Posted by wizard69 View Post


    Everybody acts like this is a big surprise yet the SDK has been available for years. More so the SDK is easy to understand. All this really is is grand standing by our elected leaders. Acess to contacts and the like has never been a secret.



    Sure, but it might as well be a secret if the general public doesn't know. You and I might read through SDK docs before breakfast, but few others even know how to, let alone would care enough to bother. It's only when the media gets hold of things and fans the flames that the general public finds out.



    Quote:
    Originally Posted by wizard69 View Post


    Then maybe you should dig a little deeper yourself. You do realize that our federal government, the one currently posturing about privacy, years ago required that cell phones be made trackable?



    See my previous post.



    Quote:
    Originally Posted by wizard69 View Post


    All we will get out of this is some BS legislation that on the face offers protection for our privacy but in reality does little to keep us safe.



    Actually, I'm not so sure we'll get any legislation out of this, but you're right that there's a danger of a false feeling of safety if it's poorly crafted. Still, I'm happy that these issues are out in the media simply because it helps to get (at least some) people thinking about the issues who wouldn't otherwise give it a thought.



    Quote:
    Originally Posted by wizard69 View Post


    Most people in this world are far more exposed on their home PC than they are on their cell phones. If you understood what was going on you would realize this.



    Heh, you don't know me personally, so I'll let the last line slide. But if you're implying that most people are idiots, I'll agree. There's a big difference though, in what a knowledgeable user has control of on their computer/network vs. on their phone w/no admin tools, no firewall, etc. And I'll leave it at that because it's very late.
  • Reply 49 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Blah64 View Post


    Of course they can! A traditional application has access to most of the data on your computer, so if it knows where to look, it can grab whatever it wants. Heck, it can do a lengthy search, for that matter, just to see what's there.



    The difference is that on a traditional OS, we are in control. We can put whatever tools we want on our computer to monitor and/or stop such behavior. In fact, everyone who owns a Mac should be running Little Snitch. Seriously. If people knew how much crap goes on without their permission, well, I think a lot of attitudes would change. Just like Ghostery (a similar, but simpler-in-scope tool) shows people the amazing amount of cross-site profile gathering that happens constantly when you're cruising the web. It's appalling!.



    I see your point, but I guess what I'm thinking is Mac's slogan of "It just works" doesn't equate to "It just works if you install snooping software in your computer to prevent potentially _any_software from stealing you personal contact information and selling to anyone on the planet. And when Apple finds out it's happened they won't tell you about it."



    Google has tech that requires the end user to give permission to access to contact info. I see no reason why Apple can't do the same thing. They did it for location. They also need to inform customers of breeches.
  • Reply 49 of 122
    wizard69wizard69 Posts: 13,377member
    Quote:
    Originally Posted by magicj View Post


    Yeah, this really surprised me. And now I'm wondering if Apple was stupid enough to do this on iOS, were they stupid enough to do it on Mac OS as well. Can someone write a Mac app that sends all my contacts back to them?



    Of course they can. It is software it can do whatever it wants with accessible data on the computer.



    Why do you think Apple runs apps in a jail on iOS in the first place? One of the whole points in allowing an app to only be able to access it's own data is to prevent apps from grabbing data from others. Apple gave certain bits of data global access because it makes sense for alternative apps to have access to things like your address book or pics.



    Quote:

    On top of that. I was disappointed in Apples policy on how to handle these situations when they're discovered. If Apple finds out that an iOS app is sending contact information back to a developer, they simply make them stop doing it. Nothing else.



    What do you expect them to do? Send out a hit man!

    Quote:

    So the developer has stolen Lord knows how much contact information from Apple customers and Apple does not report the company, they don't make them give the information back, and they don't inform their customers a breach has occurred.



    Report the company to whom? For the most part you have given permission to the developer in their user agreement. You know the ones nobody reads.



    If you really want congress to do something constructive have them outlaw contracts of adhesion.

    Quote:

    And, just or the record, Apple did confirm all this at the Congressional hearing and confirmed that multiple breaches have occurred.



    Apple in this case is just part of a circus act to get a few congressman reelected. You have to be off your rocker to believe anybody in congress gives a damn about privacy. I mean really just look at recent crap from congress like the TSA, the Patriot Act and a whole bunch of other legislation that eliminates privacy.



    I see two problems with your postings. One is that you really don't understand computers and software. The second is you are positively gullible. Very few people in congress give a damn about you or America for that matter. They will make a big product out of a thousand page piece of legislation designed to "protect you" while leaving so many loop holes for industry and government that you will be no better off than you are today. Maybe even worst because they will give people a framework within which they can exploit you.



    The reality is that your personal safety, privacy and whatever else you pine for is your responsibility. In any event find me a platform that is more secure than iPhone considering all the capability it has.
  • Reply 51 of 122
    anantksundaramanantksundaram Posts: 20,403member
    Quote:
    Originally Posted by plokoonpma View Post


    I am an Apple consultant and Support specialist. Yup I did read a lots of EULA's

    Thousands of pages on my 15+ years in this business.



    What is an 'Apple consultant'? (Serious question).
  • Reply 52 of 122
    quadra 610quadra 610 Posts: 6,757member
    Quote:
    Originally Posted by AppleInsider View Post




    for its alleged practice of capturing an iPhone's UDID and location data and sending the information to advertisers.



    The suit also alleges that the company collects data from users without their consent. As with a similar complaint from December 2010, the lawsuit appears to be based off of an article from The Wall Street Journal that highlighted the use of anonymous user tracking in mobile apps.



    So what.



    Go ahead and collect that data. As if it has any friggin bearing on my day.
  • Reply 53 of 122
    wbrasingtonwbrasington Posts: 381member
    I have to just laugh and laaaaaaaaaaugh.

    The idea you're running windows and stuffed with Trojans and malware that can read all your Microsoft email and contacts..... the idea that the iPhone data isnt secure because it can be loaded on a windows box makes me just laugh.



    When are we going to get congressional hearings on why Microsoft still sells an OS riddled with spyware, malware, Trojans and viruses?



    At this point, MS could be sued for not putting in their user licensing agreement that you WILL be attacked and your PI WILL be stolen if you continue using their products online!
  • Reply 54 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by wbrasington View Post


    I have to just laugh and laaaaaaaaaaugh.

    The idea you're running windows and stuffed with Trojans and malware that can read all your Microsoft email and contacts..... the idea that the iPhone data isnt secure because it can be loaded on a windows box makes me just laugh.



    The difference being the difference between a computer being susceptible to viruses and such (Windows) and companies having poor privacy policies (Apple, Google) whether by design or due to lack of clear understanding of privacy issues.
  • Reply 55 of 122
    plokoonpmaplokoonpma Posts: 262member
    I think some people have watched too many conspiracy movies. So Apple is hooked to NSA/Government satellites to GPS track you??? LMAO

    That kind of technology worth billions of taxes and is used by the gov only. Thats why google maps do not show areas cause their importance (military bases, etc)



    Even with specialized software and all resources Apple has I can't think Apple will invest on the matter cause is pointless.



    Crowd data base is good for advertising and the whole point of it is that and the maps of course.



    The DB file is no risk neither in your phone or your computer. It is not visible, doesn't have a label that states is there. NOT even the path to find it is of public knowledge.



    Those senators and their privacy experts are full of crap and ignorant. They been making a storm out of some valid concerns but no other company in the world looks and works privacy as Apple does.



    You should be worried of trojans if you machine is a PC windows. I am still waiting for a trojan to work under OSX. Malware is another stuff but again relies on how stupid is the user.
  • Reply 56 of 122
    d-ranged-range Posts: 396member
    Quote:
    Originally Posted by magicj View Post


    ● The data was being collected even when location services were turned off.

    ● The data was being collected hundreds, even thousands, of times per day (not the twice per day that some folks on this message board were claiming).

    ● The data was being stored for at least 1 year.

    ● The data _absolutely_ gave your location. Your location was triangulated off of cell towers and such in your area.

    ● The location was designed to have a minimum granularity of 1000 yards.

    ● Testimony made to Congress showed it was capable of tracking location within 20 feet.



    I'd be very interested to see any 'official' information that confirms and documents all this, because I sincerely think you are cutting corners here and posting misinformation. I've read the very detailed analysis a forensic expert made about this issue (and published about it TWO YEARS ago), and as far as I understand it works like this:



    Opt out of location services:

    No location information traceable to you or your phone is sent to Apple, just anonymized data about nearby cell towers and access point, ie, it sends: 'there is a phone that says it connected to a cell tower, and the cell tower says it's over there'.



    Location data collection:

    The anonimized information about cell tower locations is periodically uploaded to Apple, so it can build it's crowd-sourced location database. Instead of gathering this data from iPhones, Apple could just as well have requested the locations of cell towers from the provider, look them up on a map, drive around the country mapping them themselves, whatever. That's not practical though, this works much better.



    The location cache:

    To improve the accuracy and speed of location services on the iPhone, Apple pushes parts of its cell tower/WiFi access point database to your iPhone, which means someone could exploit that data to make a coarse estimate of your location



    The accuracy:

    The accuracy of the information is NOT 20 feet or even 1000 yards like you said, even though the Skyhook system or the technology behind it was designed for that. The difference between Skyhook and the location cache is that you cannot use the location cache for triangulating positions, because it logs multiple tower/access point locations at the same time, and the data is stamped with the time the data was received, not the time you were actually at a certain location. It also doesn't log signal strengths, so you cannot triangulate anything after the fact. The only thing you can tell from the data is 'at that point in time, your phone was near any one of the following towers'. Nothing more.



    The privacy issue:

    Apple goofed up and made the cache far too large, which means the data is retained far longer than necessary. They also goofed up not encrypting it by default.



    Quote:

    ● Copying the location data to the user's computer opened up a security hole that could have allowed them to be tracked via a trojan.



    This is just utter BS, because you could use that argument for EVERY freaking piece of software that stores anything on your PC. It's like saying the postal service invades your privacy for delivering some piece of mail you didn't know you were getting, and someone could break open your mailbox and read your private letter. The fact that you have to resort to diversions like this says it all: we're splitting hairs here, trying to make a fuss about some technicalities that, to the letter of the law, might in theory have privacy implications, but in practice are probably one of the last aspects of privacy you should worry about in modern society.



    Quote:

    There is no question that Apple's claim that the information on the phone did not track the user's location is bogus. This is verified by:



    You are selectively interpreting and bending reality here. Apple said it did not track USERS, or USER LOCATIONS, and no-one is disputing that. They WERE sending ANONIMIZED data about the location of your DEVICE, to build their location database. The fact that this location database turned out to be a privacy risk because (parts of) that location database also ended up back on your phone (which is traceable to you) doesn't change anything about this. The statement 'Apple does not track user locations' still holds and I can assure you that Apple will be acquitted of any claims against them that say otherwise.



    Quote:

    ● Expert testimony to Congress.

    ● The originators of the technology being used clearly stating the purpose of the technology is to determine the location of the phone.

    ● It also takes only a moment to figure out that the iPhone cannot guess what cell towers, etc, are near its location without knowing its location to a reasonable degree of accuracy.



    Here you are just acknowledging the fact that the whole location database thing is simply a technical solution to the problem of providing fast and accurate location services, not a user tracking tool. What the originators of the technology (I presume you mean Skyhook) designed their service for in the first place is completely irrelevant. The ONLY thing relevant is whether Apple could have better protected the location database, in which case it's pretty obvious they could have, they should have, and now they actually did do so. They publicly admitted they screwed up there. Case closed.



    Quote:

    As to the rest of your post, I will say it once again: We are past the point of pretending this wasn't a problem. We are now at the point of wondering what kind of legislation Congress will impose upon Apple and other companies for their addition flaws in handling customer privacy.



    So just because some idiots decide to start a case against Apple (and Google, let's not forget that) means there was a real issue here? I guess you don't see a lot of lawsuits then....



    Like I said: nothing will come out of this except for a few politicians fluffing their image of being concerned about user privacy. Nobody will be convicted or fined, and in the most extreme case, the only thing that will happen is that some token addendum will be added to some privacy law. That, and lots of tax dollars wasted. Meanwhile, Apple already patched iOS 2 weeks ago.



    You are so obsessively trying to make Apple look bad here that I'm really starting to think you were sent here on a mission, trying to pollute this topic with FUD in the hope other people will skim over it and get the impression that Apple is the evil Big-Brother empire who is out their to mine every aspect of your life. Apple isn't even an advertising company, what do they have to benefit from your location data in the first place? Why are you side-stepping the fact that Google has been doing stuff like this for years, publicly and openly, and even have been convicted for blatant privacy intrusions (the Google street view cars thing)?
  • Reply 57 of 122
    blah64blah64 Posts: 993member
    Sigh, late as it is, I can't help but write one last response.



    Quote:
    Originally Posted by Bilbo63 View Post


    For example, I get points towards groceries every time I use my MasterCard. They know what I like to buy and how often. From this data they can roughly determine my sex, age, how many people live in my house etc. Your internet provider knows how much time you spend online, where you go and what you download. I'm sure every purchase that is made with a card is recorded and kept. They know how often I travel and where I like to go. Where I get my car serviced. Who my dentist is. I'm betting that info has likely been sold many times over.



    And this doesn't bother you? It should.



    Why are people so addicted to plastic? It's really easy to carry cash around (for most basic purchases, I'm not talking about a computer or trip to the Bahamas), our society has done it for the last 100 years. Now people whip out their cards to buy a stinkin' pack of gum, it's pitiful.



    The "savings" games are all bullshit, because the banks charge the merchants for each and every purchase, so we're all paying for it via higher prices, but then getting some portion of it back again, but if and only if you play their games. Our country is full of sheep. I need to stop, I should not be typing at this hour.
  • Reply 58 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by wizard69 View Post


    Report the company to whom? For the most part you have given permission to the developer in their user agreement. You know the ones nobody reads.



    I just want to address a couple of parts of your post.



    First, no, it is not in the user agreement. Apple's policy is developers cannot access that data. When they discover someone who does, they require that they stop doing it. As to who Apple should report them to, at the very least Apple should inform their customers who've had their data stolen.



    Quote:
    Originally Posted by wizard69 View Post


    Apple in this case is just part of a circus act to get a few congressman reelected. You have to be off your rocker to believe anybody in congress gives a damn about privacy. I mean really just look at recent crap from congress like the TSA, the Patriot Act and a whole bunch of other legislation that eliminates privacy.



    Here you are mixing privacy from the government with privacy from corporations. They are not at all the same thing. With as much power as the government has to invade your privacy, it pales to the powers corporations have. Basically, there are very few rules governing corporations in this area and most of the rules that do exist are out-dated. A big part of the Congressional hearings dealt with the best way to correct this situation.



    If you really care about this issue, and it seems you do, I'd recommend watching the entire hearing. It's here: http://cspan.org/Events/Congress-Loo...10737421417-1/



    Quote:
    Originally Posted by wizard69 View Post


    The reality is that your personal safety, privacy and whatever else you pine for is your responsibility. In any event find me a platform that is more secure than iPhone considering all the capability it has.



    Even with today's weak laws, this is not true. Specifically, if a company states their privacy policy is XYZ and it turns out that's not the case, they can be prosecuted.
  • Reply 59 of 122
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by d-range View Post


    Nobody will be convicted or fined, and in the most extreme case, the only thing that will happen is that some token addendum will be added to some privacy law. That, and lots of tax dollars wasted. Meanwhile, Apple already patched iOS 2 weeks ago.



    I'm just going to address this part, because the rest is going around in circles. It matters not at all if you choose to believe my previous posts. What you and I think is irrelevant. From this point on, all that matters is what governments will do regarding this issue.



    As to your above point...



    The purpose of the Congressional hearings is not to convict or fine Apple, Google, or anyone else. Congress is not part of the Judicial branch and a hearing is not a trial. The hearings are part of a review of existing laws to see how they can be best updated to meet modern concerns.



    See my previous post for a link to the entire video of the hearings. It's 2.5 hours long and worth watching.
  • Reply 60 of 122
    wizard69wizard69 Posts: 13,377member
    Quote:
    Originally Posted by magicj View Post


    Well, just to be clear, no one is accusing Apple of wrong-doing. Not Congress, not me. Privacy is a complex issue. The discrepancy between the court ruling and the DoJ testimony shows an example of that.



    No it just shows that some people in the department of justice are lazy. If they can pass off IP addresses as evidence they can easily railroad people. It is sort of like convicting somebody for murder because use they were the last person to see the victim alive.



    Now obviously the juries are a problem here as they frankly often bend over for the prosecution. The problem as I see it is that the department of justice is acting in an unethical manner. In effect they are ignoring spoofing methods and a lot of other techniques that can be used to blame somebody else for illegal activities.

    Quote:

    But that doesn't change the fact that glaring issues have been uncovered and need to be resolved. There is no question in my mind that the government will be passing quite a bit of legislation on this.



    Nothing has been uncovered. Some of this stuff has been supported in the SDK since day one. Is it right. Well something's should be changed but you need to realize that Apple has been improving security constantly in iOS. Even with this effort it will never be 100% secure.



    As to the government please don't be so damn gullible. The last thing we need is another thousand pages of legislation that does very little other than to make the unknowing feel good.

    Quote:

    I really think it's in Apple's best interest to solve these problems now and push to use their preferred solutions as a template for that new legislation. But for that to happen, they'll first have to admit to themselves that there are many issues with their current practices.



    I really think you have a warpped sense of reality. You have this idea that someone can wave a magic wand and deliver unto us a perfectly secure phone. That isn't possible. In any event, as previously mentioned, Apple has been improving security with respect to iOS with just about every release and I fully expect them to continue that effort.



    Frankly I don't understand your tone and emotion in this manner. You act like there is a major problem here. There is but it isn't with Apple but rather with people like you over reacting and not understanding all the issues involved. Let's face it some smart a$$ played a lot of people with this claim that Apple was tracking users. They did that with the flimsiest of evidence. In the end I hope you never end up as a juror as you seem to be way to easy to lead astray, though I imagine lazy prosecutors would love for you to fall under their spell.
Sign In or Register to comment.