There was an interesting example recently where it was revealed the Target can tell if a woman is pregnant and what her due date is by changes in what she buys each week. Target then mails vouchers for things like diapers. Big retailers do even more tracking than online ad companies.
What the article doesn't really describe is how Target identified the woman.
I like this line: "The reason [emphasis added] Target can snoop on our shopping habits is that, over the past two decades, the science of habit formation has become a major field of research in neurology and psychology departments at hundreds of major medical centers and universities, as well as inside extremely well financed corporate labs."
No mention of what information is actually available and shared, nor from what sources. No mention of the laws.
In other words, the reason isn't actually provided.
I worked on a voucher app. Tying vouchers to the phone using UDID was the best solution for our needs. A legitimate use.
But isn't that the exact thing Apple asks developers not to do in their documentation? Apple recommends that the UDID be used in combination with a user login. The problem with UDID is that it tracks the device not the users. I think Apple is blocking UDID usage because it is being abused. It is being abused in a way that causes ranking issues in the app store with developers using "buy other apps to get in app credit". If a developer want to track a user then they can create a token/cookie when the user first use the app. The only disadvantage is that developers can no longer track users outside the app.
Sorry that just sounds like layman speculation and vague nomenclature. Where exactly is the MAC address? Perhaps the OS reads it saves it in memory where it becomes accessible but I would rather have a technical explanation than an abstract speculation.
What do you mean by "where"? It's pulled from the BIA on the Physical Later (OSI Layer 1) and then represented virtually on the Link layer (OSI Layer 2). Is that what you meant? This is where it can be altered if you want to hide your true MAC address from a network or pretend to be someone else's MAC address
Quote:
I have also been told that in a device such as a Mac Pro where you have two Ethernet ports, the MAC address that the machine reports is the card in the first slot even though technically there are two separate MAC addresses.
Sure, systems that simply need a unique network identifier will likely call for slot 0 of an IEEE 802 port. No use in grabbing all MAC addresses for the
Quote:
What happens when you turn wifi off.
Unless you remove the HW or the driver so it no longer exists to the OS then you'll have a MAC address in the system for WiFi.
Here's a test. Go to Airplane Mode on an iDevice and then to General » About. You'll still see the WiFi and Bluetooh MAC addresses listed.
But isn't that the exact thing Apple recommend against in their documentation? Apple recommends that the UDID be used in combination with a user login. I think Apple is blocking UDID usage because it is being abused. It is being abused in a way that causes ranking issues in the app store with developers using "buy other apps to get in app credit". If a developer want to track a user then they can create a token/cookie when the user first use the app. The only disadvantage is that developers can no longer track users outside te app.
We had to tie the voucher to a device, and prevent a user opening multiple accounts to take advantage of limited offers such as '20% off your first 5 meals at mcdonalds'. Sure this could be done in other ways, but none that were as simple from a user experience point of view.
90% of devs can piss off? Excluding Apple which obviously has access to the UDID?
You're making that number up. Even if most developers use this, which is not known, as we can see from the article, they can work out other ways of doing much if this, hopefully in ways that aren't as much of a problem.
I trust Apple much more than these unknown developers. Besides, it's not the ones who are honestly using information, but the ones who might not. It's the question of malware. If anyone can get certain kinds of info, then there will be some few who use it maliciously.
I admit that I'm not as familiar with the uses and info integrity assocciated with this as some, but there must be some issue that you don't understand, or are ignoring, for it to have come up.
It's far more important that Apple maintain its reputation than some developers have it easy. Even if a few leave the platform because of it. Google is their main competitor in mobile OS's right now, and advertising is, according to their own financial reports, 96% of their sales and profits. This means little to Apple financially, one way or the other. But it means a lot to Google. So with Congress getting involved in privacy issues, as they should, this could give Apple a big advantage. If Apple can say, that they've got these issues locked up, and Google is using them, then the guns will be pointed at them instead.
I hope Apple is looking at other holes in their armor.
Where as in which hardware component is it embedded? I believe it is in the wifi hardware.
I do see your point about it still being available even in airplane mode so that apparently supports my earlier speculation that it is read by the OS on boot and the OS reports it to requests rather than the hardware itself reporting it directly. So in that regard perhaps an app could use the MAC address as an alternate unique id.
Where as in which hardware component is it embedded? I believe it is in the wifi hardware.
As previously stated MAC addresses are part of all IEEE 802 technologies. That's why you see a MAC address for Bluetooth, too.
Quote:
I do see your point about it still being available even in airplane mode so that apparently supports my earlier speculation that it is read by the OS on boot and the OS reports it to requests rather than the hardware itself reporting it directly. So in that regard perhaps an app could use the MAC address as an alternate unique id.
There are plenty of unique identifiers that can used. From what I'm reading the UDID was simply the easiest to grab. monstrosity's link to getting the MAC address from iOS seems rather complex but not being a coder pretty much all code looks rather complex to me.
Apple - who are probably using the UDID all the time in iOS for their own purposes. They certainly do it in the profiles.
They also allow access to your contacts list without a confirmation, a far greater security risk.
They've closed down the ability to use contacts without asking.
Unlike you, I think that Apple is doing whatever they can to protect their customers, which unlike in Google's case, is us, not the advertisers. Some things slip through. I also believe that those running Apple can be a bit naive, they have actually thought that by issuing guidelines as to what should, and what shouldn't be done, developers would always follow those guidelines without being restrained from doing so. They are finding out that developers, good and bad, will poke around the API's and use whatever they want, even though Apple specifically says not to.
Apple is now understanding that guidelines aren't enough. They must make it impossible to do these things. If they must give up an imperceptible amount of income (imperceptible to Apple, that is), they they will do so.
Unfortunately, as always happens, and we've seen this with DRM, those who intend nothing bad get hit by the restrictions as well. That's too bad, but it's the way the world works. Remember in school when someone did something, and the teacher said that if that person didn't stand up, the entire class would get punished? Well, that's often the way it works.
As previously stated MAC addresses are part of all IEEE 802 technologies. That's why you a MAC address for Bluetooth, too.
Traditionally the network card is the considered the MAC address since back in the Sun OS days used for software authorization. I also remember when Intel and Windows tried to implement a UDID detection system where the id found on the pentium CPU was used. That was met with a lot of criticism from a privacy concern as the Id could be detected through the browser over the Internet.
I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.
I agree. With that. We get plenty of mailings, occasionally, something looks interesting, and I will look at it. Usually, it is interesting, but not something I've going to bother will. But just one in a while, something comes in that I am interested in. There might never have been a way that I would have known about it if not for the advertising. They buy targeted lists, so if you're subscribing to a magazine, or are on a list of customers for some store, or whatever, advertising it sent to you that you might have a better chance of responding to. The telling phone marketeers to send something is something I've been doing for years, especially charities. Most are somewhat legit, and I'll give to some. But others aren't really official, and they are the worst offenders.
I have nothing against targetted mailings. I have nothing against advertising as a whole.
But I don't like calls when I've told them not to do that. I don't like getting faxes that are poor attempts at pretending to be sent to some employee list, or otherwise, giving supposed deals, etc. I don't mind Ads at the bottom of the Bloomberg app, for example, or the way the NY Times has them in their app.
Whether or not people like the idea, advertising is very important to companies. Without it, many products and services would never be known. But giving up personal info without knowing you are doing so is too invasive. All of these should be opt-in. I know that Google has fought against this, as have others. Opt-in tends to get far fewer people than does opt-out. Whatever forces the user to do the least, and require the least effort, will always produce more people for the initiative.
I continue to mention Google, because they are the worst major company involved in this, because their entire existence depends on getting as much of out private info as possible, and selling it.
Where do you get the 90% number? I very much doubt that it affects that many developers. I develop for iOS and have never once needed to access the UDID. It's not like something you're forced to do to develop for iOS. I can't imagine that it really affects that many apps.
And frankly, for every developer it pisses off, there's going to be a developer who is thrilled to get a strategic opening for his app against a competing app. The faster you one-up the competition getting your own app in compliance and re-submitted, the better. The lazy ones will get a much-deserved kick in the ass. The others will go on doing what they do.
I think you're greatly overstating the negative impact on developers.
Traditionally the network card is the considered the MAC address since back in the Sun OS days used for software authorization.
I'm not sure we're looking at this in same way. When Xerox invented this unique identifier it was first for ethernet but then it was quickly adopted by other wired networking technologies. WiFi and bluetooth had if from the start but "back in the Sun OS days" they hadn't been invented yet.
edit:
Quote:
Originally Posted by Wikipedia
The following technologies use the MAC-48 identifier format:
Ethernet
802.11 wireless networks
Bluetooth
IEEE 802.5 token ring
most other IEEE 802 networks
FDDI
ATM (switched virtual connections only, as part of an NSAP address)
Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
The ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 gigabit/s) local area network using existing home wiring (power lines, phone lines and coaxial cables). The G.hn Application Protocol Convergence (APC) layer accepts Ethernet frames that use the MAC-48 format and encapsulates them into G.hn Medium Access Control Service Data Units (MSDUs).[
So I guess it's not a required part of IEEE 802 as I thought, just a very useful way to identify a node.
We had to tie the voucher to a device, and prevent a user opening multiple accounts to take advantage of limited offers such as '20% off your first 5 meals at mcdonalds'. Sure this could be done in other ways, but none that were as simple from a user experience point of view.
And that's the bottom line. You're using something with major security implications because you're too lazy to create a different system.
I think Internet security should be far more stringent. I'd like to see laws put into place so that people who steal or sell confidential information go to jail.
Of course, strict privacy laws would pretty much put Google out of business, but I"m OK with that.
Lol. Ok, you are right. External devs can't track where you are without requesting permission. Apple and the carriers can.
I really don't care that Apple and the carriers can track me. I'm not worried about that at all. Look, the truth is that we're not guaranteed privacy outside of our home, and First Class mail. The Constitution is very specific about that, and our Constitution guarantees us more than most anywhere else.
But we've got to grow up and realize that we can't have what we want in the devices without giving up some of our privacy at the same time. But, I want to know to whom I'm giving it up. If I do something illegal, then I shouldn't complain about law enforcement getting a warrant, and tracking me. If I'm not, then the truth is that no one is going to have an interest in tracking me. That is, in regards to Apple and the phone company.
But these small developers (in comparison to Apple and the carriers) do have an interest in tracking me. Sometimes, I don't care. Sometimes I do. When a weather app asks for permission to use my present location, am I going to say no? Of course not, that would be silly.
But if a game company asked the same question, I would have to wonder at why I should want to give them that info.
What the article doesn't really describe is how Target identified the woman.
I like this line: "The reason [emphasis added] Target can snoop on our shopping habits is that, over the past two decades, the science of habit formation has become a major field of research in neurology and psychology departments at hundreds of major medical centers and universities, as well as inside extremely well financed corporate labs."
No mention of what information is actually available and shared, nor from what sources. No mention of the laws.
In other words, the reason isn't actually provided.
Surely, you don't think that Target woud be remotely stupid enough to reveal that?!
I do not use a single app that has ads. It's intrusive and irritating on a mobile phone, and when on wireless, the user pays to see them. A lot of them are crap anyway.
If someone can't give us an honest-to-goodness free app, yes, they can piss off.
I won't go that far. I don't mind the Ads. So far I don't find them to be too annoying. Sure, they will always be annoying to some extent, but I'm willing to put up with that if an obvious attempt is being made to minimize that. It's much worse on Android, from what I've seen.
I want developers to make money. If they feel that people would want the app to be free, but are willing to accept Ads, then that's fine. Look at Angry Birds. They have their own Ads within the apps. Is it annoying, yup! But it doesn't stop people from buying the apps. And on Android, they couldn't sell the app at all, so they went to the free-with Ads route. And behold! Downloads went up more than a hundred times what it was, maybe more.
Obviously, people don't mind the Ads. So if you are not getting free apps because of the Ads, you aren't changing anything, just missing out on some good apps.
Comments
There was an interesting example recently where it was revealed the Target can tell if a woman is pregnant and what her due date is by changes in what she buys each week. Target then mails vouchers for things like diapers. Big retailers do even more tracking than online ad companies.
Here's the article http://www.nytimes.com/2012/02/19/ma...ng-habits.html
What the article doesn't really describe is how Target identified the woman.
I like this line: "The reason [emphasis added] Target can snoop on our shopping habits is that, over the past two decades, the science of habit formation has become a major field of research in neurology and psychology departments at hundreds of major medical centers and universities, as well as inside extremely well financed corporate labs."
No mention of what information is actually available and shared, nor from what sources. No mention of the laws.
In other words, the reason isn't actually provided.
I worked on a voucher app. Tying vouchers to the phone using UDID was the best solution for our needs. A legitimate use.
But isn't that the exact thing Apple asks developers not to do in their documentation? Apple recommends that the UDID be used in combination with a user login. The problem with UDID is that it tracks the device not the users. I think Apple is blocking UDID usage because it is being abused. It is being abused in a way that causes ranking issues in the app store with developers using "buy other apps to get in app credit". If a developer want to track a user then they can create a token/cookie when the user first use the app. The only disadvantage is that developers can no longer track users outside the app.
Sorry that just sounds like layman speculation and vague nomenclature. Where exactly is the MAC address? Perhaps the OS reads it saves it in memory where it becomes accessible but I would rather have a technical explanation than an abstract speculation.
What do you mean by "where"? It's pulled from the BIA on the Physical Later (OSI Layer 1) and then represented virtually on the Link layer (OSI Layer 2). Is that what you meant? This is where it can be altered if you want to hide your true MAC address from a network or pretend to be someone else's MAC address
I have also been told that in a device such as a Mac Pro where you have two Ethernet ports, the MAC address that the machine reports is the card in the first slot even though technically there are two separate MAC addresses.
Sure, systems that simply need a unique network identifier will likely call for slot 0 of an IEEE 802 port. No use in grabbing all MAC addresses for the
What happens when you turn wifi off.
Unless you remove the HW or the driver so it no longer exists to the OS then you'll have a MAC address in the system for WiFi.
Here's a test. Go to Airplane Mode on an iDevice and then to General » About. You'll still see the WiFi and Bluetooh MAC addresses listed.
The MAC address is probably as accessible to the software as a UDID. It might be a different call, but I don't see it being more difficult to get.
Fairly simple...
http://iphonedevelopertips.com/devic...c-address.html
But isn't that the exact thing Apple recommend against in their documentation? Apple recommends that the UDID be used in combination with a user login. I think Apple is blocking UDID usage because it is being abused. It is being abused in a way that causes ranking issues in the app store with developers using "buy other apps to get in app credit". If a developer want to track a user then they can create a token/cookie when the user first use the app. The only disadvantage is that developers can no longer track users outside te app.
We had to tie the voucher to a device, and prevent a user opening multiple accounts to take advantage of limited offers such as '20% off your first 5 meals at mcdonalds'. Sure this could be done in other ways, but none that were as simple from a user experience point of view.
90% of devs can piss off? Excluding Apple which obviously has access to the UDID?
You're making that number up. Even if most developers use this, which is not known, as we can see from the article, they can work out other ways of doing much if this, hopefully in ways that aren't as much of a problem.
I trust Apple much more than these unknown developers. Besides, it's not the ones who are honestly using information, but the ones who might not. It's the question of malware. If anyone can get certain kinds of info, then there will be some few who use it maliciously.
I admit that I'm not as familiar with the uses and info integrity assocciated with this as some, but there must be some issue that you don't understand, or are ignoring, for it to have come up.
It's far more important that Apple maintain its reputation than some developers have it easy. Even if a few leave the platform because of it. Google is their main competitor in mobile OS's right now, and advertising is, according to their own financial reports, 96% of their sales and profits. This means little to Apple financially, one way or the other. But it means a lot to Google. So with Congress getting involved in privacy issues, as they should, this could give Apple a big advantage. If Apple can say, that they've got these issues locked up, and Google is using them, then the guns will be pointed at them instead.
I hope Apple is looking at other holes in their armor.
What do you mean by "where"?
Where as in which hardware component is it embedded? I believe it is in the wifi hardware.
I do see your point about it still being available even in airplane mode so that apparently supports my earlier speculation that it is read by the OS on boot and the OS reports it to requests rather than the hardware itself reporting it directly. So in that regard perhaps an app could use the MAC address as an alternate unique id.
Where as in which hardware component is it embedded? I believe it is in the wifi hardware.
As previously stated MAC addresses are part of all IEEE 802 technologies. That's why you see a MAC address for Bluetooth, too.
I do see your point about it still being available even in airplane mode so that apparently supports my earlier speculation that it is read by the OS on boot and the OS reports it to requests rather than the hardware itself reporting it directly. So in that regard perhaps an app could use the MAC address as an alternate unique id.
There are plenty of unique identifiers that can used. From what I'm reading the UDID was simply the easiest to grab. monstrosity's link to getting the MAC address from iOS seems rather complex but not being a coder pretty much all code looks rather complex to me.
Apple - who are probably using the UDID all the time in iOS for their own purposes. They certainly do it in the profiles.
They also allow access to your contacts list without a confirmation, a far greater security risk.
They've closed down the ability to use contacts without asking.
Unlike you, I think that Apple is doing whatever they can to protect their customers, which unlike in Google's case, is us, not the advertisers. Some things slip through. I also believe that those running Apple can be a bit naive, they have actually thought that by issuing guidelines as to what should, and what shouldn't be done, developers would always follow those guidelines without being restrained from doing so. They are finding out that developers, good and bad, will poke around the API's and use whatever they want, even though Apple specifically says not to.
Apple is now understanding that guidelines aren't enough. They must make it impossible to do these things. If they must give up an imperceptible amount of income (imperceptible to Apple, that is), they they will do so.
Unfortunately, as always happens, and we've seen this with DRM, those who intend nothing bad get hit by the restrictions as well. That's too bad, but it's the way the world works. Remember in school when someone did something, and the teacher said that if that person didn't stand up, the entire class would get punished? Well, that's often the way it works.
As previously stated MAC addresses are part of all IEEE 802 technologies. That's why you a MAC address for Bluetooth, too.
Traditionally the network card is the considered the MAC address since back in the Sun OS days used for software authorization. I also remember when Intel and Windows tried to implement a UDID detection system where the id found on the pentium CPU was used. That was met with a lot of criticism from a privacy concern as the Id could be detected through the browser over the Internet.
I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.
I agree. With that. We get plenty of mailings, occasionally, something looks interesting, and I will look at it. Usually, it is interesting, but not something I've going to bother will. But just one in a while, something comes in that I am interested in. There might never have been a way that I would have known about it if not for the advertising. They buy targeted lists, so if you're subscribing to a magazine, or are on a list of customers for some store, or whatever, advertising it sent to you that you might have a better chance of responding to. The telling phone marketeers to send something is something I've been doing for years, especially charities. Most are somewhat legit, and I'll give to some. But others aren't really official, and they are the worst offenders.
I have nothing against targetted mailings. I have nothing against advertising as a whole.
But I don't like calls when I've told them not to do that. I don't like getting faxes that are poor attempts at pretending to be sent to some employee list, or otherwise, giving supposed deals, etc. I don't mind Ads at the bottom of the Bloomberg app, for example, or the way the NY Times has them in their app.
Whether or not people like the idea, advertising is very important to companies. Without it, many products and services would never be known. But giving up personal info without knowing you are doing so is too invasive. All of these should be opt-in. I know that Google has fought against this, as have others. Opt-in tends to get far fewer people than does opt-out. Whatever forces the user to do the least, and require the least effort, will always produce more people for the initiative.
I continue to mention Google, because they are the worst major company involved in this, because their entire existence depends on getting as much of out private info as possible, and selling it.
Bad move. Pissing about 90% of devs off.
Where do you get the 90% number? I very much doubt that it affects that many developers. I develop for iOS and have never once needed to access the UDID. It's not like something you're forced to do to develop for iOS. I can't imagine that it really affects that many apps.
And frankly, for every developer it pisses off, there's going to be a developer who is thrilled to get a strategic opening for his app against a competing app. The faster you one-up the competition getting your own app in compliance and re-submitted, the better. The lazy ones will get a much-deserved kick in the ass. The others will go on doing what they do.
I think you're greatly overstating the negative impact on developers.
Traditionally the network card is the considered the MAC address since back in the Sun OS days used for software authorization.
I'm not sure we're looking at this in same way. When Xerox invented this unique identifier it was first for ethernet but then it was quickly adopted by other wired networking technologies. WiFi and bluetooth had if from the start but "back in the Sun OS days" they hadn't been invented yet.
edit:
The following technologies use the MAC-48 identifier format:
So I guess it's not a required part of IEEE 802 as I thought, just a very useful way to identify a node.
We had to tie the voucher to a device, and prevent a user opening multiple accounts to take advantage of limited offers such as '20% off your first 5 meals at mcdonalds'. Sure this could be done in other ways, but none that were as simple from a user experience point of view.
And that's the bottom line. You're using something with major security implications because you're too lazy to create a different system.
I think Internet security should be far more stringent. I'd like to see laws put into place so that people who steal or sell confidential information go to jail.
Of course, strict privacy laws would pretty much put Google out of business, but I"m OK with that.
Lol. Ok, you are right. External devs can't track where you are without requesting permission. Apple and the carriers can.
I really don't care that Apple and the carriers can track me. I'm not worried about that at all. Look, the truth is that we're not guaranteed privacy outside of our home, and First Class mail. The Constitution is very specific about that, and our Constitution guarantees us more than most anywhere else.
But we've got to grow up and realize that we can't have what we want in the devices without giving up some of our privacy at the same time. But, I want to know to whom I'm giving it up. If I do something illegal, then I shouldn't complain about law enforcement getting a warrant, and tracking me. If I'm not, then the truth is that no one is going to have an interest in tracking me. That is, in regards to Apple and the phone company.
But these small developers (in comparison to Apple and the carriers) do have an interest in tracking me. Sometimes, I don't care. Sometimes I do. When a weather app asks for permission to use my present location, am I going to say no? Of course not, that would be silly.
But if a game company asked the same question, I would have to wonder at why I should want to give them that info.
And that's the bottom line. You're using something with major security implications because you're too lazy to create a different system.
UH? As I had already explained: We chose not because it was easier, but for user experience reasons.
Here's the article http://www.nytimes.com/2012/02/19/ma...ng-habits.html
What the article doesn't really describe is how Target identified the woman.
I like this line: "The reason [emphasis added] Target can snoop on our shopping habits is that, over the past two decades, the science of habit formation has become a major field of research in neurology and psychology departments at hundreds of major medical centers and universities, as well as inside extremely well financed corporate labs."
No mention of what information is actually available and shared, nor from what sources. No mention of the laws.
In other words, the reason isn't actually provided.
Surely, you don't think that Target woud be remotely stupid enough to reveal that?!
When a weather app asks for permission to use my present location, am I going to say no? Of course not, that would be silly.
But if a game company asked the same question, I would have to wonder at why I should want to give them that info.
I certainly go through the same thought process.
I do not use a single app that has ads. It's intrusive and irritating on a mobile phone, and when on wireless, the user pays to see them. A lot of them are crap anyway.
If someone can't give us an honest-to-goodness free app, yes, they can piss off.
I won't go that far. I don't mind the Ads. So far I don't find them to be too annoying. Sure, they will always be annoying to some extent, but I'm willing to put up with that if an obvious attempt is being made to minimize that. It's much worse on Android, from what I've seen.
I want developers to make money. If they feel that people would want the app to be free, but are willing to accept Ads, then that's fine. Look at Angry Birds. They have their own Ads within the apps. Is it annoying, yup! But it doesn't stop people from buying the apps. And on Android, they couldn't sell the app at all, so they went to the free-with Ads route. And behold! Downloads went up more than a hundred times what it was, maybe more.
Obviously, people don't mind the Ads. So if you are not getting free apps because of the Ads, you aren't changing anything, just missing out on some good apps.
UH? As I had already explained: We chose not because it was easier, but for user experience reasons.
IOW, you were too lazy to come up with your own method.
There's absolutely no reason you couldn't have come up with a system that was equally transparent for the user.