I'm mostly satisfied with the resolution here, it just kinda stinks of conveniently calling these things bugs after vast media attention brought them to light. I can't imagine their development team never thought about the amount of data they were storing, or the possibility that people would want it to be secured somehow. Also the fact that it still did this with location services turn off seems suspicious as well. If the user isn't using the location services, the phone shouldn't be doing anything to determine it's location and therefore not logging it.
A bug they uncovered!? Weren't we (including Apple) all made aware of this issue almost a year ago?
Nice prioritization of bugs! Well done.
This issue was known earlier. It was even written about in a book about security that came out in December 2010. Since this file isn't insidious, it's not a big deal anyway. It's not a security issue at all, so I'm not surprised that Apple didn't prioritize it until the publicity required them to hurry up.
This whole iPhone tracking issue was a non-issue from the beginning and it is much ado about nothing.
I'm more concerned about what Google does with my data and how it tracks and stores it. I see that my Youtube password is now invalid and everybody has to log in with their Gmail account instead from now on. Does that mean that Google tracks and knows every single thing that you watch on youtube and they can track it back personally to you? Does Google also know every single image that you've ever searched for on image search? Does Google store regular search queries?
I'm also skeptical about that new internet ID plan being proposed by Obama. I don't trust him or the government and that plan sounds extremely fishy.
We weren't all made aware of the consolidated.db file a year ago. Yes it was supposed to be logging cell towers and WiFi hotspots, it just wasn't supposed to be storing them for so long. It's the storing them for so long part that's the bug.
It would be nice if some of you actually bothered to read what Apple said in their statement, so you would know what this is actually all about.
This isn't tracking data FROM your phone. It's data that has been collected from tens of millions of individuals as they pass by these spots, and have the agreement they made to allow Apple to capture anonymous, encrypted data over time. The data in the .db file is data that other people, and possibly you as well, have collected over time, and is now being SENT BACK to you FROM Apple. It's not a record of where you were or are. It's impossible from this data to find out where someone was or is. Isn't accurate enough for that purpose.
This issue was known earlier. It was even written about in a book about security that came out in December 2010. Since this file isn't insidious, it's not a big deal anyway. It's not a security issue at all, so I'm not surprised that Apple didn't prioritize it until the publicity required them to hurry up.
For those who do not recall this, Apple is run like a uber-startup, the kind you only see in very early stage companies or high impact academia. They don't have specific people working on specific parts or even specific OSs.
And in service of schadenfreude, you may read this for the contrast.
It?s inattention to detail more than anything. I guess when you?re known for your attention to detail any mistep, no matter how inconsequential, becomes an issue.
PS: Are we ever going to get a response from Google on this matter or is now effectively closed. If it is that says a lot about the mindshare of Android.
Plus, the public, and especially the media, love to pounce on any opportunity which makes such a stellar, successful company look bad.
It's perfectly possible that they were aware of this bug's existence before the big media shitstorm.
One definition of "bug" is an undesirable behavior (for which access to source code is not required). The bug has existed for many months, since iOS 4.0, yet it will be fixed in just a few weeks from when outside researchers publicly disclosed it. Quite possibly Apple knew about the behavior but Apple didn't give a rat's ass about it until now. In other words, Apple didn't consider it a bug until outside researchers revealed it and the public at large characterized it as such. Ergo, Apple did not uncover the bug. I don't see any gratitude from Apple to the researchers who discovered the bug. I guess we've all just been using location services wrong. Silly consumers, we're just all confused about how stuff should work.
There is software available that can peek at any code. Researchers have this software, and so do others, including many developers.
And pray tell, what does that "software" do when it "peeks" at the code?
You do realize (okay, probably not, this is heavy computer science), that something as simple as disassembly is an undecidable problem; this means that it is *not possible* for *any* software to peek at "any" code and make any major decisions about it. True, there is some code that *can* detect certain patterns in *certain* software, especially when aided by a human being, but I think you've been watching too many episodes of "24" or some other television thriller if you honestly think software can achieve what you're saying here.
The only explanation needed by the public was for Apple to say they were aware of the problem and working on a fix.
Apple has now done that and I think we can put this issue to bed.
I agree that this case was blown out of proportion (much like the FUD WSJ/BGR is now trying to start about browsers tracking location)
But Steve Jobs made a very valid point. Location technology is very new, and a lot of people don't understand fully what it is, what's being tracked, and why this isn't always a scary thing.
I think location-aware devices are a good thing, and can improve customer experience dramatically, but companies need to make sure customers know that. Because most of them don't read the privacy policy (I bet most of us here haven't read every word either) and sensationalist journalism like this location tracking story helps no one but the guy collecting ad revenue.
... And I've loved Ina Fried while at CNet News. Glad she gets an interview with Steve and I hope there are many more. I know she did lots with big honchos at Microsoft, writes really great stories and understands technology very well. Bonus is her great sense of humor.
She's great, and really fair and even handed, which is quite unusual in the business she is in. I used to follow her on Twitter but had to stop as half her tweets are about basketball. (yuck!)
One definition of "bug" is an undesirable behavior (for which access to source code is not required). The bug has existed for many months, since iOS 4.0, yet it will be fixed in just a few weeks from when outside researchers publicly disclosed it. Quite possibly Apple knew about the behavior but Apple didn't give a rat's ass about it until now. In other words, Apple didn't consider it a bug until outside researchers revealed it and the public at large characterized it as such. Ergo, Apple did not uncover the bug. I don't see any gratitude from Apple to the researchers who discovered the bug. I guess we've all just been using location services wrong. Silly consumers, we're just all confused about how stuff should work.
No. It doesn't mean that Apple didn't consider it to be a bug. It just meant that it wasn't considered to be a CRITICAL bug. Companies prioritize them according to seriousness. This isn't exactly serious, except for the bad publicity.
A bug they uncovered!? Weren't we (including Apple) all made aware of this issue almost a year ago?
Nice prioritization of bugs! Well done.
Although I understand you were probably been sarcastic, but you actually speaks the truth. In the grand scheme of things, this bug is the lowest of low priority. It doesn't interfere with any operation, doesn't expose specific data in any way, not related to user experience in any way, so assigning it the lowest priority would be about right.
And pray tell, what does that "software" do when it "peeks" at the code?
You do realize (okay, probably not, this is heavy computer science), that something as simple as disassembly is an undecidable problem; this means that it is *not possible* for *any* software to peek at "any" code and make any major decisions about it. True, there is some code that *can* detect certain patterns in *certain* software, especially when aided by a human being, but I think you've been watching too many episodes of "24" or some other television thriller if you honestly think software can achieve what you're saying here.
I programmed for some time, including for the VAX, so yes, I do understand the issue, thank you.
There are dissemblers, decompilers, hex editors. Some work very well.Some not so well. This is an established field. Don't try to make it look like some unfinished business. How do you think forensic research works? Or do you?
Comments
A bug they uncovered!? Weren't we (including Apple) all made aware of this issue almost a year ago?
Nice prioritization of bugs! Well done.
This issue was known earlier. It was even written about in a book about security that came out in December 2010. Since this file isn't insidious, it's not a big deal anyway. It's not a security issue at all, so I'm not surprised that Apple didn't prioritize it until the publicity required them to hurry up.
I'm more concerned about what Google does with my data and how it tracks and stores it. I see that my Youtube password is now invalid and everybody has to log in with their Gmail account instead from now on. Does that mean that Google tracks and knows every single thing that you watch on youtube and they can track it back personally to you? Does Google also know every single image that you've ever searched for on image search? Does Google store regular search queries?
I'm also skeptical about that new internet ID plan being proposed by Obama. I don't trust him or the government and that plan sounds extremely fishy.
We weren't all made aware of the consolidated.db file a year ago. Yes it was supposed to be logging cell towers and WiFi hotspots, it just wasn't supposed to be storing them for so long. It's the storing them for so long part that's the bug.
It would be nice if some of you actually bothered to read what Apple said in their statement, so you would know what this is actually all about.
This isn't tracking data FROM your phone. It's data that has been collected from tens of millions of individuals as they pass by these spots, and have the agreement they made to allow Apple to capture anonymous, encrypted data over time. The data in the .db file is data that other people, and possibly you as well, have collected over time, and is now being SENT BACK to you FROM Apple. It's not a record of where you were or are. It's impossible from this data to find out where someone was or is. Isn't accurate enough for that purpose.
The bug was not discovered by Apple.
We don't know that. Just because other people made it public, doesn't mean that Apple wasn't aware of it.
This issue was known earlier. It was even written about in a book about security that came out in December 2010. Since this file isn't insidious, it's not a big deal anyway. It's not a security issue at all, so I'm not surprised that Apple didn't prioritize it until the publicity required them to hurry up.
http://sachin.posterous.com/apple-is...a-huge-startup
For those who do not recall this, Apple is run like a uber-startup, the kind you only see in very early stage companies or high impact academia. They don't have specific people working on specific parts or even specific OSs.
And in service of schadenfreude, you may read this for the contrast.
http://minimsft.blogspot.com/2011/01...?commentPage=2
Somebody else has access to the iOS code?
There is software available that can peek at any code. Researchers have this software, and so do others, including many developers.
Oh boy. RDF on, full power.
What do you call Google's?
It?s inattention to detail more than anything. I guess when you?re known for your attention to detail any mistep, no matter how inconsequential, becomes an issue.
PS: Are we ever going to get a response from Google on this matter or is now effectively closed. If it is that says a lot about the mindshare of Android.
Plus, the public, and especially the media, love to pounce on any opportunity which makes such a stellar, successful company look bad.
And you know this… how?
It's perfectly possible that they were aware of this bug's existence before the big media shitstorm.
One definition of "bug" is an undesirable behavior (for which access to source code is not required). The bug has existed for many months, since iOS 4.0, yet it will be fixed in just a few weeks from when outside researchers publicly disclosed it. Quite possibly Apple knew about the behavior but Apple didn't give a rat's ass about it until now. In other words, Apple didn't consider it a bug until outside researchers revealed it and the public at large characterized it as such. Ergo, Apple did not uncover the bug. I don't see any gratitude from Apple to the researchers who discovered the bug. I guess we've all just been using location services wrong. Silly consumers, we're just all confused about how stuff should work.
There is software available that can peek at any code. Researchers have this software, and so do others, including many developers.
And pray tell, what does that "software" do when it "peeks" at the code?
You do realize (okay, probably not, this is heavy computer science), that something as simple as disassembly is an undecidable problem; this means that it is *not possible* for *any* software to peek at "any" code and make any major decisions about it. True, there is some code that *can* detect certain patterns in *certain* software, especially when aided by a human being, but I think you've been watching too many episodes of "24" or some other television thriller if you honestly think software can achieve what you're saying here.
What do you call Google's?
Old saying: Two wrongs don't make a right.
The only explanation needed by the public was for Apple to say they were aware of the problem and working on a fix.
Apple has now done that and I think we can put this issue to bed.
I agree that this case was blown out of proportion (much like the FUD WSJ/BGR is now trying to start about browsers tracking location)
But Steve Jobs made a very valid point. Location technology is very new, and a lot of people don't understand fully what it is, what's being tracked, and why this isn't always a scary thing.
I think location-aware devices are a good thing, and can improve customer experience dramatically, but companies need to make sure customers know that. Because most of them don't read the privacy policy (I bet most of us here haven't read every word either) and sensationalist journalism like this location tracking story helps no one but the guy collecting ad revenue.
... And I've loved Ina Fried while at CNet News. Glad she gets an interview with Steve and I hope there are many more. I know she did lots with big honchos at Microsoft, writes really great stories and understands technology very well. Bonus is her great sense of humor.
She's great, and really fair and even handed, which is quite unusual in the business she is in. I used to follow her on Twitter but had to stop as half her tweets are about basketball. (yuck!)
Oh boy. RDF on, full power.
Oh boy... I guess someone decided to come out of the dumpster today.
One definition of "bug" is an undesirable behavior (for which access to source code is not required). The bug has existed for many months, since iOS 4.0, yet it will be fixed in just a few weeks from when outside researchers publicly disclosed it. Quite possibly Apple knew about the behavior but Apple didn't give a rat's ass about it until now. In other words, Apple didn't consider it a bug until outside researchers revealed it and the public at large characterized it as such. Ergo, Apple did not uncover the bug. I don't see any gratitude from Apple to the researchers who discovered the bug. I guess we've all just been using location services wrong. Silly consumers, we're just all confused about how stuff should work.
No. It doesn't mean that Apple didn't consider it to be a bug. It just meant that it wasn't considered to be a CRITICAL bug. Companies prioritize them according to seriousness. This isn't exactly serious, except for the bad publicity.
A bug they uncovered!? Weren't we (including Apple) all made aware of this issue almost a year ago?
Nice prioritization of bugs! Well done.
Although I understand you were probably been sarcastic, but you actually speaks the truth. In the grand scheme of things, this bug is the lowest of low priority. It doesn't interfere with any operation, doesn't expose specific data in any way, not related to user experience in any way, so assigning it the lowest priority would be about right.
And pray tell, what does that "software" do when it "peeks" at the code?
You do realize (okay, probably not, this is heavy computer science), that something as simple as disassembly is an undecidable problem; this means that it is *not possible* for *any* software to peek at "any" code and make any major decisions about it. True, there is some code that *can* detect certain patterns in *certain* software, especially when aided by a human being, but I think you've been watching too many episodes of "24" or some other television thriller if you honestly think software can achieve what you're saying here.
I programmed for some time, including for the VAX, so yes, I do understand the issue, thank you.
There are dissemblers, decompilers, hex editors. Some work very well.Some not so well. This is an established field. Don't try to make it look like some unfinished business. How do you think forensic research works? Or do you?