
How Apple tracks your location without consent, and why it matters - shawndumas
http://arstechnica.com/apple/news/2011/04/how-apple-tracks-your-location-without-your-consent-and-why-it-matters.ars
======
SoftwareMaven
I'm disappointed with Ars on this one. There is a lot of fear-mongering in the
article with a strong implication Apple is taking the data. There is not any
evidence the data is being used by Apple at all.

Yes, the file should not be in the clear (it probably shouldn't exist in its
current uncapped form), but can we stick to the facts, please. When we know
something is being sent to Apple, we can turn on the hate.

~~~
bxr
It seemed pretty factual to me. I wouldn't exactly call it fear-mongering, an
actual portrayal of the situation is fear-educing enough. It would be
irresponsible for Ars to not point out the ways this data could be compromised
and the severity of that happening.

>Yes, the file should not be in the clear

No, that file should not exist at all.

>When we know something is being sent to Apple, we can turn on the hate.

So it doesn't matter that they're collecting the data to begin with? At all?
I'd prefer to be asked for permission, not for forgiveness after the fact.
Only what they decide to do with it matters? Even though they've left it lying
around for a year in a format you admit was inadequate?

~~~
SoftwareMaven
The problem I have is I don't see it as "they" are collecting the information.
It is information I am collecting on my phone (until proven otherwise).
Concerns about Michegan abusing my data should engender outrage...at Michegan
for violating the fourth amendment.

I'm not keen on the file and will take steps to nuke it, since I jailbreak. I
just thing the the level of anger is premature, until we know why the file
exists (eg does it give me a better experience) or we know Apple or Google are
taking the data off my phone.

~~~
bxr
>I don't see it as "they" are collecting the information.

This is an interesting distinction, that I don't really know where I stand.
_They_ wrote the software, but it runs on a device _you_ choose to own and
operate.

Allow me to as a few hypothetical questions, that I don't want to imply relate
to this situation, but instead challenge some notions of who the actor is in
their context: If I get a virus that encrypts my files and demands ransom, did
I do it to myself? Do I run my website, or do I tell my hosting provider how
to run it? If I have a device that uses TPM to make me completely unable to
change, modify or understand what the code on it does, am I the one performing
the actions of the software or is the writer? If I compute 2+2 serverside vs
in javascript clientside, does that change who is doing the adding? If it is
the owner of the device is the actor, what if the software is (unbeknownst to
the user) stealing credit card numbers from the POS terminal it is installed
on. Who is legally responsible then?

Software operates on its own, and can do so simultaneously for more than one
party, with potentially conflicting interests. I think our shuffle to the
cloud is going to run into some complex ownership, responsibility, liability
and transparency questions soon, I'm interested to see how it all shakes out.

------
pdenya
I haven't seen any mentions of this data being sent to Apple. Until that comes
out, I'd prefer to turn this tracking off but I don't particularly care about
it.

It's not like anyone can get access to it without breaking into your computer
and it's not a real time feed. On top of the fact that it's only recording the
gps location of the cell tower you're connected to (supposedly) it seems about
as much of a security issue as my 4square feed.

~~~
sigzero
From everything I have read, it doesn't go to Apple at all and the data isn't
very accurate. This is a non-starter to me.

~~~
thrill
Kinda like saying one didn't inhale.

------
dilap
Good to know, I suppose, if you're worried about a spying spouse, but hard to
care much -- the carriers are already tracking you anyway, after all. (And
probably monitoring texts and phone calls, too (a la Carnivore). Or am I too
cynical?)

~~~
justsee
That's actually the point of the article - law enforcement does have access to
tracking data, but the barriers to access are high.

By storing a user's data in an easily-accessible, unencrypted way the barriers
are low enough that private investigators, stalkers, and other unsavory types
have a similar level of access to someone's data, but with none of the legal
hoops and hassles.

~~~
tedunangst
If stalkers and other unsavory types have unmonitored access to my computer
and phone, them getting a file listing places I've been is the least of my
worries.

~~~
justsee
You're a police informant. You're an undercover cop who didn't realise all
this was accessible, but the organisation you've infiltrated just did.

Look, it's so easy to conceive of situations where someone's well-being is
seriously impacted by having this location data stored so sloppily that it's
almost not worth arguing about. Almost! ;)

------
markstahler
Having location services enabled and recording location history are two
completely different things. A am very surprised more people are not concerned
about this. Wonder if Microsoft or Google is doing the same thing on their
phones.

~~~
Aloisius
Well considering AT&T can just as easily log the same thing and you wouldn't
need to go to all the effort of going to someone's house and confiscating
their computer and/or phone, I'm not sure why anyone should be any more
concerned than they already are.

~~~
lawnchair_larry
Because no one other than AT&T is AT&T, obviously.

------
bajsejohannes
As a data addict, I actually wish my phone had this feature :)

~~~
sixcorners
Doesn't Google Latitude do something similar? What phone do you use?

~~~
sp332
It does, but you have to turn it on:
<https://www.google.com/latitude/b/0/history>

------
cydonian_monk
When this story broke this morning, my first thought was "this must be
something related to or used by the MobileMe 'Find My iPhone' feature." I'm
not entirely convinced of that, but I'm willing to wait for the official
'reality distortion field' answer before I start grumbling. Even then it may
not really bother me.... It's not terribly different from how my car phone
provider back in the mid-90s provided triangulation "guesses" for call
locations. (It's just always on.... but in that respect so is my phone.)

What does bother me, though, is how easy this data is to get to.

~~~
thought_alarm
All of the data on your phone is easy to get to. If privacy is a concern then
you should encrypt your backups (regardless of which smartphone you happen to
use).

------
locopati
When you consider something like this...

[http://www.geek.com/articles/news/michigan-police-can-
scan-a...](http://www.geek.com/articles/news/michigan-police-can-scan-all-of-
your-phones-data-in-less-than-2-minutes-20110421/)

...where the Michagan State Police believe that your cell phone data is
searchable without a warrant, something like your cell phone storing your
locations does matter. I'm a bit surprised to see this being hand-waved away
by many of the commenters.

------
tuhin
As far as "without consent", one can as well go to Settings>Location and see
all the apps which access your location.

Also a point to note is the device these are on (iPhones and iPads) is making
them accessible to these, so saying "without consent" seems like the wrong
word. The device will have that information by default and nature of it being
the middle layer.

Why Apple is putting it in an unencrypted format is a different story
altogether.

------
Terretta
He added, he continued... These are press release words. I wonder why they're
showing up here?

------
radicaldreamer
Without consent? You have to have location services turned on and they're off
by default when you get your phone.

~~~
198d
I believe the article mentioned that the data comes purely from triangulating
your position with what cell towers you are connected to. The consent related
to location services seems to be only related to the GPS data. The author
mentioned a trip to China where he turned off cell data services and used the
GPS and Wifi and that none of those locations were tracked in the file.

~~~
thought_alarm

      I believe the article mentioned that the data comes purely
      from triangulating your position with what cell towers you
      are connected to.
    

Correct. Wi-fi triangulation data is cached in a different file (which is also
stored in your backups).

    
    
      The consent related to location services seems to be
      only related to the GPS data.
    

No, Location Services includes everything: Cell tower triangulation, Wi-Fi
triangulation, and GPS.

