I'm disappointed with Ars on this one. There is a lot of fear-mongering in the article with a strong implication Apple is taking the data. There is not any evidence the data is being used by Apple at all.
Yes, the file should not be in the clear (it probably shouldn't exist in its current uncapped form), but can we stick to the facts, please. When we know something is being sent to Apple, we can turn on the hate.
It seemed pretty factual to me. I wouldn't exactly call it fear-mongering, an actual portrayal of the situation is fear-educing enough. It would be irresponsible for Ars to not point out the ways this data could be compromised and the severity of that happening.
>Yes, the file should not be in the clear
No, that file should not exist at all.
>When we know something is being sent to Apple, we can turn on the hate.
So it doesn't matter that they're collecting the data to begin with? At all? I'd prefer to be asked for permission, not for forgiveness after the fact. Only what they decide to do with it matters? Even though they've left it lying around for a year in a format you admit was inadequate?
The problem I have is I don't see it as "they" are collecting the information. It is information I am collecting on my phone (until proven otherwise). Concerns about Michegan abusing my data should engender outrage...at Michegan for violating the fourth amendment.
I'm not keen on the file and will take steps to nuke it, since I jailbreak. I just thing the the level of anger is premature, until we know why the file exists (eg does it give me a better experience) or we know Apple or Google are taking the data off my phone.
>I don't see it as "they" are collecting the information.
This is an interesting distinction, that I don't really know where I stand. _They_ wrote the software, but it runs on a device _you_ choose to own and operate.
Allow me to as a few hypothetical questions, that I don't want to imply relate to this situation, but instead challenge some notions of who the actor is in their context: If I get a virus that encrypts my files and demands ransom, did I do it to myself? Do I run my website, or do I tell my hosting provider how to run it? If I have a device that uses TPM to make me completely unable to change, modify or understand what the code on it does, am I the one performing the actions of the software or is the writer? If I compute 2+2 serverside vs in javascript clientside, does that change who is doing the adding? If it is the owner of the device is the actor, what if the software is (unbeknownst to the user) stealing credit card numbers from the POS terminal it is installed on. Who is legally responsible then?
Software operates on its own, and can do so simultaneously for more than one party, with potentially conflicting interests. I think our shuffle to the cloud is going to run into some complex ownership, responsibility, liability and transparency questions soon, I'm interested to see how it all shakes out.
I haven't seen any mentions of this data being sent to Apple. Until that comes out, I'd prefer to turn this tracking off but I don't particularly care about it.
It's not like anyone can get access to it without breaking into your computer and it's not a real time feed. On top of the fact that it's only recording the gps location of the cell tower you're connected to (supposedly) it seems about as much of a security issue as my 4square feed.
I'm not sure why there's a tendency to evaluate the security / privacy implications of technology at an individual level when it has societal reach.
Yes in your instance, evaluated from an individual perspective, it seems absurd to worry about some imagined nefarious types breaking into your computer to get data like this.
But analysing the implications from an individual perspective is akin to forgoing fuzz testing on a web app because you'd never type all those sorts of inputs in as a normal user.
These things should always be analysed from a societal perspective. Having this type of data unencrypted means the father going through a child custody case may find all his movements lifted by a private investigator, the local politician who frequents a red light district may be at even greater risk of blackmail, and the small-town activist may find themselves harassed in new and interesting ways by local police of dubious moral character.
When presented with plausible scenarios like this there are certainly people who would still shrug and say, "I still don't care". That's fine - they're just not the people you'd trust to debate these issues, just like you wouldn't trust them debating internal security issues in a corporate environment.
Bit of an unfair mischaracterisation of my position don't you think? People can still conceive of the social implications of security / privacy issues and disagree in informed debate.
However it appears that a certain segment of the community only get as far as analysing the immediate, personal impact of said security / privacy issues before giving the thumbs up. To them, there is no value in discussing / considering the wider social implications, because they don't actually care.
Perhaps that tendency should be called the narcissistic defect of security / privacy analysis.
Why do you equate not caring with giving the thumbs up? Perhaps people have considered the wider social implications and have decided that the cost of caring exceeds the potential damage.
Some number of people will lose their phone and their ex-spouse will find it and blackmail them with their location data (but not any other data on the phone). I have tabulated the total damage to society caused by this problem and arrived at a total of X. I have also tabulated the total cost of fixing this problem and arrived at a total of Y. Which is bigger, X or Y?
Limiting analysis to the personal impact of privacy / security issues arising in our rapidly evolving society is simply poor analysis and certainly not helpful in contributing to a well-planned, well-designed future society.
This narcissistic / short-term mindset is unhealthy, and is manifested in discussions around security ("I'm boring, who wants to hack me?") / privacy ("I'm boring, who's interested in me?") / liberty ("I have nothing to hide!") / environment (tragedy of the commons).
Someone working up a societal cost calculation as you outline clearly does not suffer from the narcissistic defect of security / privacy analysis that obviously rankles me. As long as people take a broader view it's perfectly reasonable to disagree on the importance / severity of a particular security / privacy breach.
In this particular instance the cost of modifying iOS to encrypt consolidated.db, store less data points, or allow users to easily opt out would be negligible.
If it was a little Silicon Valley startup they'd potentially go down in flames as HNers howled at them for taking such an amateur and reckless approach to users personal data. It'd certainly be a software defect that would quickly be patched by any little software house.
Good to know, I suppose, if you're worried about a spying spouse, but hard to care much -- the carriers are already tracking you anyway, after all. (And probably monitoring texts and phone calls, too (a la Carnivore). Or am I too cynical?)
That's actually the point of the article - law enforcement does have access to tracking data, but the barriers to access are high.
By storing a user's data in an easily-accessible, unencrypted way the barriers are low enough that private investigators, stalkers, and other unsavory types have a similar level of access to someone's data, but with none of the legal hoops and hassles.
If stalkers and other unsavory types have unmonitored access to my computer and phone, them getting a file listing places I've been is the least of my worries.
You're a police informant. You're an undercover cop who didn't realise all this was accessible, but the organisation you've infiltrated just did.
Look, it's so easy to conceive of situations where someone's well-being is seriously impacted by having this location data stored so sloppily that it's almost not worth arguing about. Almost! ;)
Don't all cell phones ping cell towers frequently? My local search and rescue uses this feature somewhat often. It's helped out in more then a few cases.
Having location services enabled and recording location history are two completely different things. A am very surprised more people are not concerned about this. Wonder if Microsoft or Google is doing the same thing on their phones.
Well considering AT&T can just as easily log the same thing and you wouldn't need to go to all the effort of going to someone's house and confiscating their computer and/or phone, I'm not sure why anyone should be any more concerned than they already are.
When this story broke this morning, my first thought was "this must be something related to or used by the MobileMe 'Find My iPhone' feature." I'm not entirely convinced of that, but I'm willing to wait for the official 'reality distortion field' answer before I start grumbling. Even then it may not really bother me.... It's not terribly different from how my car phone provider back in the mid-90s provided triangulation "guesses" for call locations. (It's just always on.... but in that respect so is my phone.)
What does bother me, though, is how easy this data is to get to.
All of the data on your phone is easy to get to. If privacy is a concern then you should encrypt your backups (regardless of which smartphone you happen to use).
...where the Michagan State Police believe that your cell phone data is searchable without a warrant, something like your cell phone storing your locations does matter. I'm a bit surprised to see this being hand-waved away by many of the commenters.
As far as "without consent", one can as well go to Settings>Location and see all the apps which access your location.
Also a point to note is the device these are on (iPhones and iPads) is making them accessible to these, so saying "without consent" seems like the wrong word. The device will have that information by default and nature of it being the middle layer.
Why Apple is putting it in an unencrypted format is a different story altogether.
I believe the article mentioned that the data comes purely from triangulating your position with what cell towers you are connected to. The consent related to location services seems to be only related to the GPS data. The author mentioned a trip to China where he turned off cell data services and used the GPS and Wifi and that none of those locations were tracked in the file.
Yes, the file should not be in the clear (it probably shouldn't exist in its current uncapped form), but can we stick to the facts, please. When we know something is being sent to Apple, we can turn on the hate.