I'm rather surprised that the usual tech sites, including this one, have failed to pick up on this.
I don't think that document discusses the usage of the "consolidated.db" file. For example the document talks about:
● Apple transmitting location data. Supposedly, "consolidated.db" is not transmitted anywhere.
● The user being able to turn off location based services. Collection of "consolidated.db" data cannot be turned off.
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Additionally, because the data is unencrypted and also stored on the computer used to sync your iPhone, the issue is raised of how this data can be used by parties other than Apple and its partners.
Interesting, all cell phone companies know where most of their customers are, at ANY time, and ANY time in the past. This has helped to find missing persons in the past, using the GPS encoded pings of the victim's cellphone.
This has been true at least 1 decade. I would be shocked if Apple's iPhone were, illegally, NOT tracking cell phone customer movements. If they were not, I think the FCC would order them to begin complying with tracking requirements.
Meanwhile devices that snoop the data from your phone (without a password) are readily available and not just to law enforcement, yet it's the the real issue isn't ease of access to the data on your phone ? I feel like these lawsuits are more about press and money, they aren't working the right end of the system to protect our rights.
The argument seems to be that the data should not be there at all, but that's like saying I'll never store my web history, cache, bookmarks photos etc. Any of that data could in the least be embarrassing, if not incriminating. "Oh hey, I see you visited the strip club last night. What's your wife think of that?" LOL
Most of this information is useful to the user and regretfully law enforcement is going to ask for access to this data if the phone is evidence in a criminal investigation.
As long as warrants aren't frivolously issued and the general public doesn't have access to evasive technologies, then it shouldn't be a problem. However the convenience of having so much data on one portable unit (including GPS) obviously comes with a price and we have to work a little to protect our rights.
The ARS article on one of these devices was eye opening and personally I think it's not an issue of the data's presence (it's useful to the user) as much as it is about who has access, explicitly why and to how much of it. Often it takes a while for the law to catch up with tech, this is just another instance.
The argument seems to be that the data should not be there at all, but that's like saying I'll never store my web history, cache, bookmarks photos etc. Any of that data could in the least be embarrassing, if not incriminating. "Oh hey, I see you visited the strip club last night. What's your wife think of that?" LOL
You can't answer the question of "should the data be there" without knowing why Apple stored it in the first place. You can't say it's a good idea or a bad idea if you don't know what idea they were trying to implement.
What you can say is that the way the data is handled opens it up to exploitation by unknown 3rd parties. It was the publication of exactly such an application that set this off to begin with.
As to comparing it to web browser caches, cookies, and such, the user has the ability to turn those things off/clear them. The same is not true of this "consolidated.db".
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Section 4b of the EULA gives consent, but whatever. Just cos you never read it, doesn't exempt you from it.
given that Google is transmitting user identifiable information along with location data on a regular basis, that the press, bloggers and Android fans are all over Apple about this, when they appear not to be transmitting any user identifiable information.
As far as I know any location and personally identifiable information sent thru to Google (or whoever on Android) requires an opt-in. I know if it's an app that's how it works. I don't know if what you're referring to is something else? Certainly possible, but nothing that I've read about.
EDIT: Anonymouse, I read the article you had mentioned, and at least two "hackers" stated that Google does transmit location info, tho it doesn't specify whether users' had been required to "opt-in" by using Google Navigation or Places for instance, or under what circumstances location is shared.
Interesting article. Leaves the reader with as many questions as answers so I hope they do a follow-up story. Thanks for mentioning it.
With all due respect to infowars.com, being able to determine the users current location is not the same as recording their movements.
In the worst scenario it save the location the phone was at certain time. Not what the user was doing.
Lawsuits in USA are becoming ridiculous. Lot of people eager to grab a bit of Apple's cash. Maybe for regular people is an issue but for enterprise could be handy lol, like have a GPS watch dog.
Section 4b of the EULA gives consent, but whatever. Just cos you never read it, doesn't exempt you from it.
No, that section doesn't cover "consolidated.db", and I specifically pointed out why. Here's the text of that section:
Quote:
Originally Posted by iPhone EULA Section 4b
(b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party's terms and privacy policy on use of location data by such third party applications or services.
Highlights mine.
You cannot turn off the "consoliated.db" functionality.
I don't think that document discusses the usage of the "consolidated.db" file. For example the document talks about:
● Apple transmitting location data. Supposedly, "consolidated.db" is not transmitted anywhere.
● The user being able to turn off location based services. Collection of "consolidated.db" data cannot be turned off.
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Additionally, because the data is unencrypted and also stored on the computer used to sync your iPhone, the issue is raised of how this data can be used by parties other than Apple and its partners.
data in consolidated.db file are public info such as cell tower location etc, right? so why need to encrypt it? can you provide some examples on why parties other than apple would want it?
In the worst scenario it save the location the phone was at certain time. Not what the user was doing.
Lawsuits in USA are becoming ridiculous. Lot of people eager to grab a bit of Apple's cash. Maybe for regular people is an issue but for enterprise could be handy lol, like have a GPS watch dog.
There's nothing ridiculous about not wanting to have my movements tracked and stored and made available in unencrypted form without my consent, or even my knowledge.
data in consolidated.db file are public info such as cell tower location etc, right?
No. Cell tower data locations are stored in another file. The data stored in consolidated.db is my location with a maximum granularity of 100 meters at a given time. For the entire time I've owned any iPhone.
Quote:
Originally Posted by anakin1992
can you provide some examples on why parties other than apple would want it?
It makes no difference at all why someone would want to access my private information. The relevant point is the information is private, not public.
Interesting, all cell phone companies know where most of their customers are, at ANY time, and ANY time in the past. This has helped to find missing persons in the past, using the GPS encoded pings of the victim's cellphone.
This has been true at least 1 decade. I would be shocked if Apple's iPhone were, illegally, NOT tracking cell phone customer movements. If they were not, I think the FCC would order them to begin complying with tracking requirements.
GPS location data is not transmitted unless a call is placed, and the default setting is only on 911 calls although it can be user enabled for all calls. That was required by the FCC some years back. The wireless providers in general only have access to triangulation, or, in some cases, bearing data.
If one needs an alibi, that they didn't commit a crime, or if one want to commit a crime, there are workarounds... In both cases, the attorneys can raise enough Reasonable Doubt that the data in that file has been manipulated and thus is not accurate. By the time Tech Experts on both sides are done trying to convince the Jury, the Jury could either get too confused, or and too smart, and will not be able to agree on their interpretation of the "evidence"... Mistrial, Case Dismissed... Or that particular Evidence will be ignored....
I've seen a some anger about this on NY Times Discussion
What if one is in some country where things are not very democratic, the authorities can use that info against the political opponents... I agree that it could be a valid concern... So let's imagine a scenario:
In some dictatorship a person is captured by the authorities. The File is now on the screen, and a person is being beaten, questioned about their activities on a given day in the past, at particular time...
Both the authorities and suspect know that nobody can remember their activities too far back, never mind in details. If the authorities want a confession to a any "crime", they won't even bother with such file. They'll beat the suspect until the suspect will sign any kind of admission of the crime... In any case, revolutionaries, good people or criminals, will find the workaround, so that it's harder to trace them...
Jealous Husband and Wife will have to look for a Private Detective who knows about all that technology, and even then they will believe whatever they want to believe, with or without such File...
I am not going to predict how this pseudo scandal will play out... Media needs ratings! The can't constantly talk about real news like Earthquakes, or civil wars, or Deficits, Economy, Sex Scandals, Cancer etc... Media of all kinds will milk/exploit this to various degrees... But, I did notices that the Emphasis in this story was mostly on Apple, and not on Google's Android, or Blackberry... Maybe that's media's way of Divide and Conquer Balancing of Powers, so that neither Apple, nor Google, nor any Phone Makers gets too powerful?
I think Apple should not be required to disclose any more Info on this topic than Any and All Cell Phone and GPS Makers! If there are National Security Implications, then that should be also applied equally! Apple should not be singled out as the worst offender...
In most cases there won't be enough average people who could View that File and Play with it... It's a pretty Geek thing to do play with those Databases... It's not like simple double-click of a simple Text File... Never mind visualizing it on a map through yet another 3rd party application... It all requires more than an average tech skills, and maybe premeditation...
Apple and Google will come out with their lawyers, explain this away, and people will accept this as yet another fact of life.... But for a while, there will be those who will try to exploit it, as if the sky is falling... The lawyers will cost $$... Too bad the $$ spent on such Legal Cases will not go to Cancer Research, Earthquakes, and other Causes that will always need Funding and Donations etc...
I'm rather surprised that the usual tech sites, including this one, have failed to pick up on this.
They have.
The problem is the current situation has nothing to do with what Apple states in that letter.
Also of note in that letter - Apple states that you can 'turn off' the location features. However, you can't. Sliding the location tracking to off does nothing to stop this invasion.
Apple's PR department is sitting back trying to gauge the public's response. It will be interesting to see how they try to spin this. So far it seems the public isn't buying the BS that this is an accidental bug. Same with Google.
I can see this being a big election issue next year with Obama pushing for more police powers and the Tea Party pushing for upholding constitutional rights. Talk about a confusing twist of ideologies.
No. Cell tower data locations are stored in another file. The data stored in consolidated.db is my location with a maximum granularity of 100 meters at a given time. For the entire time I've owned any iPhone.
It makes no difference at all why someone would want to access my private information. The relevant point is the information is private, not public.
That is not what is in my consolidated.db. It has tables for cell tower and wifi locations amongst other stuff. The lat/long coordinates are accurate for the cell towers in my area - within 100 m. There is no table for phone location, and no location data that correspond to my house or place of work.
Comments
But that doesn't explain why Apple is recording this data.
However this letter from Apple's general counsel to a couple of members of Congress last year certainly does: <http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf>;
I'm rather surprised that the usual tech sites, including this one, have failed to pick up on this.
"Motion to Dismiss"
sooner than later. This case is without merit unless the "smoking gun" is found where Apple is profiting from such data collection.
Rather than complaining, I wrote a script to tag Places for your pictures in iPhoto.
Please check it out and offer feedback!
http://goo.gl/OQzfB
In other news, I'm looking for a job...
Peter
http://peterburk.appspot.com
However this letter from Apple's general counsel to a couple of members of Congress last year certainly does: <http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf>;
I'm rather surprised that the usual tech sites, including this one, have failed to pick up on this.
I don't think that document discusses the usage of the "consolidated.db" file. For example the document talks about:
● Apple transmitting location data. Supposedly, "consolidated.db" is not transmitted anywhere.
● The user being able to turn off location based services. Collection of "consolidated.db" data cannot be turned off.
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Additionally, because the data is unencrypted and also stored on the computer used to sync your iPhone, the issue is raised of how this data can be used by parties other than Apple and its partners.
Well it was bound to happen sooner or later.
This is America. It was bound to happen sooner or even sooner . . . .
This has been true at least 1 decade. I would be shocked if Apple's iPhone were, illegally, NOT tracking cell phone customer movements. If they were not, I think the FCC would order them to begin complying with tracking requirements.
The argument seems to be that the data should not be there at all, but that's like saying I'll never store my web history, cache, bookmarks photos etc. Any of that data could in the least be embarrassing, if not incriminating. "Oh hey, I see you visited the strip club last night. What's your wife think of that?" LOL
Most of this information is useful to the user and regretfully law enforcement is going to ask for access to this data if the phone is evidence in a criminal investigation.
As long as warrants aren't frivolously issued and the general public doesn't have access to evasive technologies, then it shouldn't be a problem. However the convenience of having so much data on one portable unit (including GPS) obviously comes with a price and we have to work a little to protect our rights.
The ARS article on one of these devices was eye opening and personally I think it's not an issue of the data's presence (it's useful to the user) as much as it is about who has access, explicitly why and to how much of it. Often it takes a while for the law to catch up with tech, this is just another instance.
http://arstechnica.com/tech-policy/n...-a-warrant.ars
The argument seems to be that the data should not be there at all, but that's like saying I'll never store my web history, cache, bookmarks photos etc. Any of that data could in the least be embarrassing, if not incriminating. "Oh hey, I see you visited the strip club last night. What's your wife think of that?" LOL
You can't answer the question of "should the data be there" without knowing why Apple stored it in the first place. You can't say it's a good idea or a bad idea if you don't know what idea they were trying to implement.
What you can say is that the way the data is handled opens it up to exploitation by unknown 3rd parties. It was the publication of exactly such an application that set this off to begin with.
As to comparing it to web browser caches, cookies, and such, the user has the ability to turn those things off/clear them. The same is not true of this "consolidated.db".
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Section 4b of the EULA gives consent, but whatever. Just cos you never read it, doesn't exempt you from it.
given that Google is transmitting user identifiable information along with location data on a regular basis, that the press, bloggers and Android fans are all over Apple about this, when they appear not to be transmitting any user identifiable information.
As far as I know any location and personally identifiable information sent thru to Google (or whoever on Android) requires an opt-in. I know if it's an app that's how it works. I don't know if what you're referring to is something else? Certainly possible, but nothing that I've read about.
EDIT: Anonymouse, I read the article you had mentioned, and at least two "hackers" stated that Google does transmit location info, tho it doesn't specify whether users' had been required to "opt-in" by using Google Navigation or Places for instance, or under what circumstances location is shared.
Interesting article. Leaves the reader with as many questions as answers so I hope they do a follow-up story. Thanks for mentioning it.
With all due respect to infowars.com, being able to determine the users current location is not the same as recording their movements.
In the worst scenario it save the location the phone was at certain time. Not what the user was doing.
Lawsuits in USA are becoming ridiculous. Lot of people eager to grab a bit of Apple's cash. Maybe for regular people is an issue but for enterprise could be handy lol, like have a GPS watch dog.
Section 4b of the EULA gives consent, but whatever. Just cos you never read it, doesn't exempt you from it.
No, that section doesn't cover "consolidated.db", and I specifically pointed out why. Here's the text of that section:
(b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party's terms and privacy policy on use of location data by such third party applications or services.
Highlights mine.
You cannot turn off the "consoliated.db" functionality.
I don't think that document discusses the usage of the "consolidated.db" file. For example the document talks about:
● Apple transmitting location data. Supposedly, "consolidated.db" is not transmitted anywhere.
● The user being able to turn off location based services. Collection of "consolidated.db" data cannot be turned off.
● Requiring customer consent to collect data. The user is never even informed of the collection of "consolidated.db" data, let alone asked to give consent.
Additionally, because the data is unencrypted and also stored on the computer used to sync your iPhone, the issue is raised of how this data can be used by parties other than Apple and its partners.
data in consolidated.db file are public info such as cell tower location etc, right? so why need to encrypt it? can you provide some examples on why parties other than apple would want it?
In the worst scenario it save the location the phone was at certain time. Not what the user was doing.
Lawsuits in USA are becoming ridiculous. Lot of people eager to grab a bit of Apple's cash. Maybe for regular people is an issue but for enterprise could be handy lol, like have a GPS watch dog.
There's nothing ridiculous about not wanting to have my movements tracked and stored and made available in unencrypted form without my consent, or even my knowledge.
data in consolidated.db file are public info such as cell tower location etc, right?
No. Cell tower data locations are stored in another file. The data stored in consolidated.db is my location with a maximum granularity of 100 meters at a given time. For the entire time I've owned any iPhone.
can you provide some examples on why parties other than apple would want it?
It makes no difference at all why someone would want to access my private information. The relevant point is the information is private, not public.
Interesting, all cell phone companies know where most of their customers are, at ANY time, and ANY time in the past. This has helped to find missing persons in the past, using the GPS encoded pings of the victim's cellphone.
This has been true at least 1 decade. I would be shocked if Apple's iPhone were, illegally, NOT tracking cell phone customer movements. If they were not, I think the FCC would order them to begin complying with tracking requirements.
GPS location data is not transmitted unless a call is placed, and the default setting is only on 911 calls although it can be user enabled for all calls. That was required by the FCC some years back. The wireless providers in general only have access to triangulation, or, in some cases, bearing data.
I've seen a some anger about this on NY Times Discussion
http://pogue.blogs.nytimes.com/2011/...g-you-so-what/
In some Comments there was a common theme:
What if one is in some country where things are not very democratic, the authorities can use that info against the political opponents... I agree that it could be a valid concern... So let's imagine a scenario:
In some dictatorship a person is captured by the authorities. The File is now on the screen, and a person is being beaten, questioned about their activities on a given day in the past, at particular time...
Both the authorities and suspect know that nobody can remember their activities too far back, never mind in details. If the authorities want a confession to a any "crime", they won't even bother with such file. They'll beat the suspect until the suspect will sign any kind of admission of the crime... In any case, revolutionaries, good people or criminals, will find the workaround, so that it's harder to trace them...
Jealous Husband and Wife will have to look for a Private Detective who knows about all that technology, and even then they will believe whatever they want to believe, with or without such File...
I am not going to predict how this pseudo scandal will play out... Media needs ratings! The can't constantly talk about real news like Earthquakes, or civil wars, or Deficits, Economy, Sex Scandals, Cancer etc... Media of all kinds will milk/exploit this to various degrees... But, I did notices that the Emphasis in this story was mostly on Apple, and not on Google's Android, or Blackberry... Maybe that's media's way of Divide and Conquer Balancing of Powers, so that neither Apple, nor Google, nor any Phone Makers gets too powerful?
I think Apple should not be required to disclose any more Info on this topic than Any and All Cell Phone and GPS Makers! If there are National Security Implications, then that should be also applied equally! Apple should not be singled out as the worst offender...
In most cases there won't be enough average people who could View that File and Play with it... It's a pretty Geek thing to do play with those Databases... It's not like simple double-click of a simple Text File... Never mind visualizing it on a map through yet another 3rd party application... It all requires more than an average tech skills, and maybe premeditation...
Apple and Google will come out with their lawyers, explain this away, and people will accept this as yet another fact of life.... But for a while, there will be those who will try to exploit it, as if the sky is falling... The lawyers will cost $$... Too bad the $$ spent on such Legal Cases will not go to Cancer Research, Earthquakes, and other Causes that will always need Funding and Donations etc...
However this letter from Apple's general counsel to a couple of members of Congress last year certainly does: <http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf>;
I'm rather surprised that the usual tech sites, including this one, have failed to pick up on this.
They have.
The problem is the current situation has nothing to do with what Apple states in that letter.
Also of note in that letter - Apple states that you can 'turn off' the location features. However, you can't. Sliding the location tracking to off does nothing to stop this invasion.
Wired has a good article on the subject.
http://www.wired.com/gadgetlab/2011/...ation-opt-out/
Apple's PR department is sitting back trying to gauge the public's response. It will be interesting to see how they try to spin this. So far it seems the public isn't buying the BS that this is an accidental bug. Same with Google.
I can see this being a big election issue next year with Obama pushing for more police powers and the Tea Party pushing for upholding constitutional rights. Talk about a confusing twist of ideologies.
No. Cell tower data locations are stored in another file. The data stored in consolidated.db is my location with a maximum granularity of 100 meters at a given time. For the entire time I've owned any iPhone.
It makes no difference at all why someone would want to access my private information. The relevant point is the information is private, not public.
That is not what is in my consolidated.db. It has tables for cell tower and wifi locations amongst other stuff. The lat/long coordinates are accurate for the cell towers in my area - within 100 m. There is no table for phone location, and no location data that correspond to my house or place of work.