Hi All, . Don't go pulling out the lawsuits yet. I have heard more than one report that this issue may simply be an undetected iOS bug, involving some improperly written code. If so, it's perhaps unusual in its effect, but not necessarily a cause for alarm. I believe that if anybody reads through the various privacy policies companies implement, they'll find there are provisions in them for all kinds of things you wouldn't have expected. I think the reason people are talking about this so much is the overdramatic news media coverage. The tech crowd is, on the whole, much more restrained. Is Apple being malicious in doing this? Possibly, but unlikely. What was the point? Is this an oversight which has just been exposed in a fashion unusually public? Quite possibly. Is this part of something which you did legally agree to, even though you didn't read the whole agreement? Very likely. So, in summary, let's take a step back here and think about this. I'm willing to give Apple the benefit of the doubt here. They have done remarkable things for accessibility, and should be commended. I don't have an iPhone, but I still want one in the near future. WHo cares how often I go out to eat, except me and anyone I go with? Best, Zack. On Apr 22, 2011, at 7:24 PM, Karen Lewellen wrote:
> I agree, again since apple has already expressed interest n connecting ads to > programs, as in you could not use the program until you responded to the ad, > the file would not need to go anywhere to be used by advertisers. The > article on the ads was posted here a few months back. > its a privacy risk as well as a security one. > Karen > > On Fri, 22 Apr 2011, James Mannion wrote: > >> Yes, but if they are collecting the information, obviously they have >> intentions for it. They may be implementing their intent in steps. >> This honestly really ticks me off. Apple needs to be slammed with a >> law suit and lose big if they are doing this secretly. Think about it. >> Collecting this information to a file and not being forth coming about >> doing it or why? Do you really think they are collecting it just for >> you to have such a file? If there were such a silly reason, why not >> tell you about it? It is pretty black and white, if it is being >> collect into the file, that file is being collected by someone or they >> have the intention of doing so in the future. Is there any information >> if it is being done when location services is not turned on? Does it >> override that location services setting of being off to collect it >> anyway? My guess is that it does, but I would not know for sure. Of >> course companies want you to believe what they are doing is harmless. >> A dishonest hand never plans to be obvious. It's called deception. >> >> On 4/22/11, Aman Singer <[email protected]> wrote: >>> Hi, Karen and all. >>> This has been extensively discussed on the iPhone lists. Here is a >>> message I sent to those lists with some methods to disable the saving >>> of the information. You may want to note a few things. First, there >>> is, as yet, no evidence that this file ever leavves the phone or >>> computer where it's stored. That doesn't mean it isn't being sent out, >>> but it does mean that people have looked and haven't found it being >>> sent out yet. Secondly, the file is stored on both the phone and any >>> computer which the phone has been backed up to. Therefore, encrypting >>> backups on the computer might be worthwhile to avoid anyone with >>> access to the computer being able to obtain the location information. >>> As it stands, and without evidence that the file is actually leaving >>> the phone/PC, this is a moderate security issue, in my view, rather >>> than a large one, or a large privacy breach. >>> HTH. >>> Aman >>> >>> >>> Hi, all. >>> First, as to a quick and dirty solution to this particular problem, >>> there are two. Both require the phone to be jailbroken. The first may >>> be found at >>> http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html >>> and is as follows >>> Looks like Apple is tracking iOS devices an recording that info in clear >>> text: >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html >>> >>> Here's a way to ensure this data is not recorded: >>> >>> You must have a hacked iOS device, and either Mobile Terminal or an >>> SSH login. You must also know the root password. You first >>> remove/move this file, >>> and recreate it as a symbolic link to /dev/null like: >>> >>> su >>> cd /System/Library/Frameworks/CoreLocation.framework/Support >>> rm consolidated.db >>> ln -s /dev/null consolidated.db >>> >>> Anything written to this 'file' is sent to /dev/null, so it is not >>> saved on the file system. I've done this on a hacked device, and >>> Location Services >>> continue to work. >>> >>> There is also a program which removes the file at intervals >>> http://www.ijailbreak.com/cydia/untrackerd-tweak-stop-your-iphoneipad-from-tracking-your-location/ >>> Thanks to Rose Morales, @chicksdigmacs on Twitter, for the alert. I am >>> not sure about the accessibility of the program, if Rose or anyone >>> else would care to comment, I would be grateful. I cannot find any >>> source code for this program, so it's obvious that one should use at >>> one's own risk. The first method above does not, to my knowledge, >>> produce any insecurities, the commands given are normal. I am not >>> familiar enough with links/symlinks on iOS, however, to be sure that this >>> first method works properly without side-effects. This issue hasn't >>> been out there long enough to judge. At the very least, I suspect that >>> restoring an older backup would stop this method from working. Note >>> that I am not sure what anyone without a jailbroken iPhone can do >>> about this issue, I have seen no solution for non jailbroken phones. >>> Note, also, that this file can be accessed from iPhone backups on the >>> computer, so those should be encrypted or deleted. It can be accessed >>> with any of the usual tools for Jailbroken iPhones, and with most of >>> the forensic tools like >>> http://accessdata.com/products/forensic-investigation/mobile-phone-examiner >>> To spread out a bit, and deal with the problem more generally, people >>> ought to keep in mind, if I may suggest it, that mobile phones are >>> innately traceable. That isn't because anyone has made them that way, >>> it's because the phone company needs to know where to route the >>> information and where it's coming from. This is not something that >>> anyone can really work around, one can encrypt the information as it >>> passes, but cannot obfuscate the fact, to my knowledge at least, that >>> information is passing from and to a specific location. Usually, the >>> only people aware of the location information, however, are the phone >>> company and the companies/agencies to which they sell/give the >>> information. The problem in this case is that this file is stored, >>> unencrypted, on the phone and computer. By accessing the file, anyone >>> can get a history of the location of the phone, which might be useful >>> for many sorts of people, jealous spouses and stalkers who have some >>> sort of non-private access to the victim come to mind as just two >>> categories. I think this is more a security, rather than a privacy, >>> problem just at the moment, nobody has yet detected the sending out of >>> this file to anyone else, but that isn't conclusive simply because I >>> have yet to see a decent network sniffer for iOS. If anyone knows of >>> one, I'd love to hear of it. Anyhow, as it stands, when it comes to >>> privacy, this is just another reminder, in case one is needed, that >>> mobile phones are innately public, at least in their location data and >>> sometimes in everything else, too. If you dislike being tracked at >>> all, don't carry anything with a chip that can talk to the outside >>> world, or disable that chip by cutting its power. >>> Aman >>> >>> On 4/22/11, Karen Lewellen <[email protected]> wrote: >>>> We talked about the pop up ad possibility a while back, now it seems apple >>>> is gathering data on your whereabouts? >>>> here is the story. >>>> TVBizwire >>>> >>>> >>>> Researchers Say Apple Is Tracking Locations of Mobile Device >>>> Users betanews >>>> >>>> A team of researchers says Apple is secretly obtaining the >>>> locations of iOS4 users and recording them in a hidden file, >>>> according to a betanews.com report. >>>> >>>> Two of the researchers, Alasdair Allan and Peter Warden of >>>> O'Reilly Media, presented their findings today at the Where 2.0 >>>> conference in Santa Clara, Calif. >>>> >>>> According to the story, the revelation raises "obvious privacy >>>> concerns and questions as to why Apple would be storing such >>>> information. The researchers believe it is intentional, as the >>>> file is restored after backups and even when the user switches to >>>> a new device." >>>> >>>> The group says the functionality is apparently new to iOS4, the >>>> mobile operating system that runs the latest iPad, iPhone and >>>> iPod touch. The researchers have reportedly tried to contact >>>> Apple's security team but had yet to hear back from the company. >>>> The story reports: "Allan says that the existence of the file on >>>> on your computer is a security risk, as it is both unprotected >>>> and un encrypted. `It can also be easily accessed on the device >>>> itself if it falls into the wrong hands,' he wrote in a blog >>>> post. `Anybody with access to this file knows where you've been >>>> over the last year, since iOS4 was released.'" >>>> >>>> >>>> >>>> http://www.tvweek.com/blogs/tvbizwire/2011/04/researchers-say-apple-is-track.php >>>> >>>> http://api.recaptcha.net/noscript?k=6Lcb_78SAAAAAHmtN74lHVK-IOutZhLRidl4tCzl >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "MacVisionaries" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/macvisionaries?hl=en. >>>> >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/macvisionaries?hl=en. >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/macvisionaries?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.
