Big Steve is Watching You?
April 20, 2011 7:22 AM Subscribe

iPhones Found to Track Your Movements, Keep Record Security researchers have discovered that without any input from the user, iPhones permanently record the movements of their owners. Download an open-source app (Mac) here to reveal your own geo history.
posted by modernnomad (370 comments total) 43 users marked this as a favorite

This would have made the mystery in City of Glass a lot easier to solve.
posted by shakespeherian at 7:25 AM on April 20, 2011 [9 favorites]

Wow, two FPPs in as many days that make me glad I don't have a smart phone. Ah, MetaFilter, you can always be relied upon to awaken my inner Luddite.
posted by AugieAugustus at 7:26 AM on April 20, 2011 [12 favorites]

Interesting! I think it's hitting the cell towers, because honestly I spend like 90% of my time at home (funemployment for the win) and there's no corresponding dot. Also, there's like a huge set of dots near a restaurant I went to once right after I bought this phone, the only time I'd been in that area.
posted by sugarfish at 7:27 AM on April 20, 2011 [2 favorites]

Apple obviously knows what is best for us. Give in to the tracking.
posted by blahblahblah at 7:28 AM on April 20, 2011 [1 favorite]

I wonder what the first apps to exploit this data will do. In the near future, plausible deniability is going to all-but-disappear.
posted by fake at 7:30 AM on April 20, 2011

thank you nasreddin for being the other person who has read that book
posted by shakespeherian at 7:32 AM on April 20, 2011

Combine this with the report on Michigan State Police being able to grab your phone and copy it at will, makes me consider dropping my cell phone alltogether.
posted by Old'n'Busted at 7:32 AM on April 20, 2011 [2 favorites]

Stalkers will fucking love this.
posted by bwg at 7:34 AM on April 20, 2011

As long as you don't go anywhere you have nothing to worry about.
posted by bondcliff at 7:35 AM on April 20, 2011 [50 favorites]

I'm kind of excited to download this app when I get home and run it against the location database. Personal stat tracking!

I kind of wonder if it's actually logging cell towers and possibly sitting there as a way to submit feedback to carriers on where there are weak spots or glitches in coverage.
posted by mikeh at 7:36 AM on April 20, 2011

Using the downloaded app, it appears to be logging cell towers rather than specific GPS co-ordinates. Or at least, that is the info that the app is showing me. It might be recording both.
posted by modernnomad at 7:37 AM on April 20, 2011 [3 favorites]

Big Brother is ~~watching you~~ chewing through your tracking log. He'll be back with you shortly.
posted by mosk at 7:38 AM on April 20, 2011

Apple declined to comment on why the file is created or whether it can be disabled.

I hope this means "we're gathering the facts and will comment shortly" rather than "we're not telling you chumps anything, neener neener."
posted by brain_drain at 7:40 AM on April 20, 2011 [5 favorites]

In other news, there was recently a really interesting discussion on AskMetafilter how best to stock an electricity-free cabin in the woods . . .
posted by BlueJae at 7:41 AM on April 20, 2011 [3 favorites]

I immediately think of this as a way to gather/log political information without needing an informant - who attended a meeting? Where are meetings routinely held? Where are protesters likely to gather? Ultimately, this is the sort of thing that I expect could be acquired by a really clever and unscrupulous police officer, union-busting firm (it would be super-useful for that--you could identify and target employees attending union meetings)...And of course, it means that if you're wanting to meet un-logged, you can't have your phone with you.

I wish I thought that everyone would be really clever and start leaving their phones at home or not get fancy ones, but I suppose all phones will do this eventually, and activists are pretty careless about email and Facebook anyway.

Seriously, we have enabled a tyranny that would dazzle Stalin. The only reason this isn't readily apparent in the US (to anyone who isn't either a radical or a Muslim) is that there simply haven't been mass protests since the sixties.
posted by Frowner at 7:42 AM on April 20, 2011 [9 favorites]

Wow, two FPPs in as many days that make me glad I don't have a smart phone.

Your dumbphone is being tracked just the same, but by the owners and operators of cell towers rather than in the phone. Personally I have far more faith in both Apple and my ability to turn off or wipe the phone whenever I want than I do our local telcos.

Sorry to spoil that for you.
posted by mhoye at 7:44 AM on April 20, 2011 [25 favorites]

This ought to make the iPhone 5 rollout far more interesting. I can see it now!

A friendly looking man in an Oxford shirt, sitting before a white background, will earnestly exclaim: "Apple has created the most invasive mobile device ever. This will revolutionize the way you find yourself stalked."
posted by Bromius at 7:44 AM on April 20, 2011 [2 favorites]

Apple just wants to know where their customers are at all times, in order to reward them.
posted by blue_beetle at 7:45 AM on April 20, 2011 [11 favorites]

Seriously, we have enabled a tyranny that would dazzle Stalin.

My eyes just rolled so hard they flipped over, like an odometer going back to zero.
posted by brain_drain at 7:46 AM on April 20, 2011 [79 favorites]

My research group's actually been doing a lot of studies on location trails and location-based services. While I fully acknowledge the creepiness factor, having a lot of data like this would be really useful in understanding human behavior and real-world social networks at scale.

For example, one finding we've had is that we can combine lots of people's location trails and predict likely privacy preferences (PDF). The idea is to differentiate between "private" and "public" places, and we found a pretty good correlation to location sharing preferences.

Another thrust has been to predict who is likely to be friends using collocation patterns (PDF). In the longer-term, I suspect that we can use data like this to predict the onset of depression (you're not going out as much or hanging out with friends). I believe we can also predict physical decline using the same kind of analysis.

Oddly, I think we can also use data like this to improve privacy as well. If your computer could differentiate between your "friends" (e.g. Facebook acquaintances) vs your "Friends" (your real friends that you like and spend time with), it could probably do smarter things in helping to set sharing preferences, warning you if it looks like you are sharing media with the wrong groups, triage and prioritize your messages, and so on. A big issue, of course, is how this is done (on servers or on your own computers), who has access to that model, and how to protect that model from unwanted people (malware, Michigan police, and three-letter agencies, among others).

I think this kind of info can be useful for personal informatics as well, helping to understand your own patterns and improving your behavior over time. One of the PhD students in our department is looking at design issues for personal informatics.

But this is the current state of affairs we're at with these kinds of mobile and ubiquitous technologies. Right now they are a two-edged sword, with a tremendous amount of potential for benefit, and a tremendous amount of potential for abuse.
posted by jasonhong at 7:46 AM on April 20, 2011 [33 favorites]

Hey, Steve, you might wanna explain this, toot sweet.
posted by Brandon Blatcher at 7:46 AM on April 20, 2011 [4 favorites]

Personally I have far more faith in both Apple and my ability to turn off or wipe the phone whenever I want than I do our local telcos.

Out of curiosity, and this is a serious, non-troll question - what has Apple done to engender your faith in them?
posted by cmonkey at 7:48 AM on April 20, 2011 [15 favorites]

In a speech, Google's then-chief executive Eric Schmidt suggested that: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

OK, Eric: you have "done no evil." Congratulations. Some of us may have something to hide and have a tech-savvy spouse. Or a tech-savvy Big Brotherish country.
posted by kozad at 7:50 AM on April 20, 2011

Seriously, we have enabled a tyranny that would dazzle Stalin.

"You mean I didn't have to murder millions of people? I could have just distracted them with Angry Birds? I am dazzled."
posted by bondcliff at 7:52 AM on April 20, 2011 [24 favorites]

Your dumbphone is being tracked just the same, but by the owners and operators of cell towers rather than in the phone. Personally I have far more faith in both Apple and my ability to turn off or wipe the phone whenever I want than I do our local telcos.

Because your iPhone totally stops the telcos from tracking you at all ?

This "feature" is in addition to, not in place of, existing tracking abilities.
posted by Pogo_Fuzzybutt at 7:53 AM on April 20, 2011 [12 favorites]

Seriously, we have enabled a tyranny that would dazzle Stalin.

I read tyranny as "tranny" and after getting over the initial "you can't say that on MeFi!" I wondered to myself what sort of TV/TS might dazzle Stalin and what they would be wearing.

It's a much happier world where I get to picture Stalin beaming beatifically at someone in a stylish red sequinned number I have to tell you.
posted by longbaugh at 7:53 AM on April 20, 2011 [15 favorites]

Your dumbphone is being tracked just the same, but by the owners and operators of cell towers rather than in the phone. Personally I have far more faith in both Apple and my ability to turn off or wipe the phone whenever I want than I do our local telcos.

How/why would the telcos not also track your smartphone?
posted by kmz at 7:55 AM on April 20, 2011

glad I don't have a smart phone.

Your dumbphone is being tracked just the same

Ha! i have neither a dumb nor a smart phone! So, all you mofos who wanna track me? Sorry! You don't know WHERE I am!

well, Friday night I'll be playing at a joint in Roppongi, but otherwise...
posted by flapjax at midnite at 7:55 AM on April 20, 2011 [6 favorites]

Maybe my knees just don't jerk like they used to, but this just doesn't really bother me all that much. Via Facebook, Foursquare, Twitter and Gowalla I probably volunteer more data in a week than seems to have been stored about me in my iPhone backups. Using the app, I can't click on specific place names and get addresses. In addition, because of the triangulation used, half the time the map pins are miles and miles from places I've ever actually been. So, no it isn't hashed or encrypted. Yes, it's attributable to me (it's on my hard drive), but how exactly would a "stalker" get or use this data? If a stalker has stolen your computer and is learning Objective C to more effectively stalk you, you have a whole other world of problems.

I still just don't see how this is "invasive". It's a shitty breadcrumb trail of places you might have been, kinda, plus or minus a hundred miles. Please save words like "invasive" and "tyrannical" for things other than this.

The lesson? Erase your hard drive before you sell your computer and encrypt your home folder and your Time Machine backups. And don't bang your knees on anything hard.
posted by littlerobothead at 7:56 AM on April 20, 2011 [5 favorites]

It's a much happier world where I get to picture Stalin beaming beatifically at someone in a stylish red sequinned number I have to tell you.

And I immediately picture that scene rendered in this style, which makes it all the happier.
posted by AugieAugustus at 7:57 AM on April 20, 2011 [1 favorite]

Surely this happens to make the "find my iphone" service run better?

And to get this information do you have to access the computer the user sync's their phone to?
If so, you could open their Mail client, look at their documents, check their facebook or whatever.

Not sure what the fuss is about.
posted by 13twelve at 7:58 AM on April 20, 2011 [1 favorite]

My first reaction was "Ha, they can see where I left my phone laying about for 9 hours at a stretch," but my second reaction was to reach over and turn the thing off.

You absolutely cannot count on being the guy who doesn't do anything wrong, because as we've seen the definition of "wrong" can get skewed by people with the power to fuck up your life. This makes me uncomfortable.
posted by Devils Rancher at 7:58 AM on April 20, 2011 [4 favorites]

Ex-Appler Pete Warden is prepared to answer technical questions over at Hacker News.
posted by fake at 7:58 AM on April 20, 2011

This is clearly a Bad Thing, but as others have mentioned, the same information is logged by your mobile network where it can be accessed without someone having to obtain your phone or PC.

I suspect this is an oversight rather than arising from sinister motives, a well-meaning developer probably implemented logging during development to make testing easier then it got forgotten about or wrongly flagged as innocuous data only the user could access. It's not that I inherently trust Apple, more that I think they're smart enough to realise their products are subjected to close scrutiny and so it would get spotted eventually.
posted by malevolent at 7:58 AM on April 20, 2011

"You mean I didn't have to murder millions of people? I could have just distracted them with Angry Birds? I am dazzled."

Angry Birds is the new opiate of the masses. That's precisely the problem. [/HaHaOnlySerious]
posted by The Bellman at 7:59 AM on April 20, 2011

Since this is in a simple format, can someone write me an app to spell out words in tracking dots so that I can send rude messages to people invading my privacy?
posted by edd at 7:59 AM on April 20, 2011 [2 favorites]

Yes it is very important to note that this same information is stored for regular phones as well--except it is literally out of your hands and in the hands of AT&T, Verizon etc..
posted by kuatto at 8:00 AM on April 20, 2011 [2 favorites]

Hey, but isn't this what apps like 4Square do? They get you to think you're playing a game, but actually you're just helping them keep track of everywhere you've been. And once you've logged all that info, I don't think it's all that secure. No thanks! BIG.BROTHER.SEES.ALL.
posted by garnetgirl at 8:01 AM on April 20, 2011

can someone write me an app to spell out words in tracking dots...

"Hmm... first he took what looks like an F turn. Oh, now he's taking a U turn."
posted by Devils Rancher at 8:02 AM on April 20, 2011 [4 favorites]

Via Facebook, Foursquare, Twitter and Gowalla I probably volunteer more data in a week than seems to have been stored about me in my iPhone backups.

Hey, but isn't this what apps like 4Square do?

Last I checked you actually have to sign up for those services.
posted by kmz at 8:07 AM on April 20, 2011 [2 favorites]

It isn't working for me. I guess Steve doesn't care where I've been.
posted by spilon at 8:07 AM on April 20, 2011

In a speech, Google's then-chief executive Eric Schmidt suggested that: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Didn't Bill Hicks have a term for people who used this kind of logic? I think he called them Satan's Cocksuckers?
posted by Liquidwolf at 8:08 AM on April 20, 2011 [2 favorites]

"Hmm... first he took what looks like an F turn. Oh, now he's taking a U turn."

Oh, yeah, at Cee-Lo Junction.
posted by inturnaround at 8:08 AM on April 20, 2011 [2 favorites]

Angry Birds is the new opiate of the masses.

Alcohol still does fucking quite well.

*glares drunkenly*
posted by mrgrimm at 8:08 AM on April 20, 2011 [2 favorites]

Obviously, this is a ploy to get people to buy more smartphones. Because after you allude the strike team that cornered you in the Vanduci warehouse, you'll pause to take your breath at a nearby bus stop. "How did they find me so fast?" you'll wonder. Your reverie will be broken when an elderly black lady asks you the time and you reflexively look to your cellphone. "Quarter to thr-- Waitaminute!" you'll exclaim. The lady will look shocked, but you'll calm her down the minute you say, "Hey, actually, it sounds like you need this phone more than I do. Here."

"What a nice young man," the lady will say as she settles into her bus seat. Eyes intent on the phone, she'll miss the black helicopter hovering overhead.

Meanwhile, you step into a bright, white cube of glass and steel and buy a new phone.

CHA-CHING, goes Steve-o.
posted by robocop is bleeding at 8:09 AM on April 20, 2011 [2 favorites]

I'm looking forward to the jailbreak app that writes random location data into this file.
Someone please get on this.
posted by namewithoutwords at 8:11 AM on April 20, 2011 [4 favorites]

So many people are surgically attached to their smartphones that they'd sooner voluntarily download their geodata and email it to Apple with a smiley-face emoticon in the subject field than give up their precious radiation-emitting devices. Fortunately my Samsung is a dumbphone and I almost never use it.

That doesn't mean that my carrier and the NSA can't find out anything about me that they want to anyway. As Trent Lott once said, "What are people worried about? What is the problem? Are you doing something you're not supposed to?"
posted by blucevalo at 8:11 AM on April 20, 2011

Via Facebook, Foursquare, Twitter and Gowalla I probably volunteer more data in a week than seems to have been stored about me in my iPhone backups.

Hey, but isn't this what apps like 4Square do?

Yeah, there's a crucial opt-in / opt-out distinction between those apps and what this is.
posted by modernnomad at 8:13 AM on April 20, 2011

Out of curiosity, and this is a serious, non-troll question - what has Apple done to engender your faith in them?

They've given me the ability to wipe, both locally and remotely, my phone. It's not much, but it's not nothing. Understand that I am saying that in comparison to telcos, which is not exactly setting a high bar. It's kind of like saying that somebody who only picks your pocket had the courtesy not to shiv you.
posted by mhoye at 8:13 AM on April 20, 2011 [3 favorites]

Oooh, sometimes I go downtown!

... yeah, to the Comfort Inn on MLK at 1:05pm, Monday, April 18 and at 12:35pm on Tuesday, April 19...

Just don't get arrested, have an affair, and/or get sued for something you didn't do in the vicinity of something you did do.
posted by mrgrimm at 8:14 AM on April 20, 2011 [1 favorite]

They've given me the ability to wipe, both locally and remotely, my phone.

Do they also magically give you the ability to evade telco tracking?
posted by kmz at 8:15 AM on April 20, 2011

Here's my iPhone 4's history (I guess I haven't been to NYC with it yet, just Vermont)

And here's my zoomed in just Oregon history. Definitely looks like cell towers as I follow freeways in the state.
posted by mathowie at 8:16 AM on April 20, 2011 [6 favorites]

Pfft, that's what you SHEEPLE get for using smartphones (especially CRAPPLE ones). My cell phone is a Motorola DynaTAC 8000X, and I leave it at home whenever I leave my mom's basement so the Feds can't track me when I go down the Pizza Hut for my LUG meetings!
posted by entropicamericana at 8:17 AM on April 20, 2011 [9 favorites]

Smart phones = Dumb People
posted by ReeMonster at 8:17 AM on April 20, 2011

Do they also magically give you the ability to evade telco tracking?

Of course not, but control of the information you carry on your person matters.
posted by mhoye at 8:17 AM on April 20, 2011

Surely this happens to make the "find my iphone" service run better?

Find my iphone only needs the current (or most recent) recorded location. There's no need for it to keep older data in a permanent log. It could simply be continuously written over with the latest data.
posted by modernnomad at 8:18 AM on April 20, 2011

This has about as much data on me as you could find by having my business card and looking at my address on my driver's license, and drawing a line between the two on a map. Oooh, sometimes I go downtown!

No, that's not right.

The time resolution is to the second, and the place data is good to something-worse-than-GPS accuracy. It doesn't say "sometimes I go downtown".

It says "chambers was downtown at this location at 3:16:04 on 20/04/2011".

It also says "chambers went from here to here, at this time, and proceeded to this next place."

That's a narrative, a chain of causality, and a problem for people who don't want it recorded or made available unencrypted on an easily stolen, or copied, device. It is hilarious that your iTunes data is better protected.

Also, keep in mind that the author of the app is deliberately fuzzing the data display a bit, but the logfile does no such thing.
posted by fake at 8:19 AM on April 20, 2011 [7 favorites]

It would be in everyone's best interest to read the FAQ, which explains a few important details about what you are seeing when you run the app... most importantly (IMHO), this:

To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.

And this:

As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.

And this:

There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.

posted by srkit at 8:19 AM on April 20, 2011 [3 favorites]

Do they also magically give you the ability to evade telco tracking?

>Of course not, but control of the information you carry on your person matters.

Exactly, especially over international borders.
posted by fake at 8:20 AM on April 20, 2011 [1 favorite]

Two perhaps stupid questions.

1) Can (smart or "dumb") mobile phones be tracked (by telco or service/device provider) when they are powered off?

2) Likewise, can telco and provider tracking be disabled by putting a powered-on phone inside of something (regardless of how it would affect connectivity), such as say a lead satchel?
posted by mrgrimm at 8:20 AM on April 20, 2011

Intellectually I understand why I should be bothered by this but in reality I feel like if a shadowy force of evil wants to track me down, they're going to be able to do it whether or not I'm carrying a device, and that it has been ever thus.
posted by padraigin at 8:21 AM on April 20, 2011 [7 favorites]

It's a much happier world where I get to picture Stalin beaming beatifically at someone in a stylish red sequinned number I have to tell you.

I think I saw an app for this, actually....
posted by GenjiandProust at 8:21 AM on April 20, 2011

I don't think the places are the dangerous part, but what one would get when aggregating numerous individuals' logs and finding whom they associate with. The possibilities are disturbing: certainly, if the British law-enforcement authorities had these files on everyone in the general public, those who have frequently been in the company of known anti-corporate protesters could probably expect to be preemptively detained over the duration of the Royal Wedding and/or banned from greater London during the Olympics. And then there's what the Iranian or Chinese governments would do. Or US employers hunting down covert union sympathisers in their workforces.
posted by acb at 8:21 AM on April 20, 2011 [2 favorites]

Jasonhong-- I appreciate your faith in data--- but that's just what it is--faith. And your perspective requires some underlying assumptions -- the first of which is that people need improvement. Not everyone wants to examine their patterns of behavior.

I often find people who believe in an inherent goodness in looking at data (or research). That potential isn't located in the data itself. Human beings have done terrible things to each other with good science/data/research.

Data insists on itself, I'll say that for it.
posted by vitabellosi at 8:22 AM on April 20, 2011 [4 favorites]

I'm actually kind of glad that this data is accessible. Just looking at Mathowie's map, it reinforces the level of control these telecoms enforce, but now you can tangibly grasp the extent and precision of the tracking.
posted by kuatto at 8:23 AM on April 20, 2011 [2 favorites]

This has about as much data on me as you could find by having my business card and looking at my address on my driver's license, and drawing a line between the two on a map. Oooh, sometimes I go downtown!

So far, not that scary.

So because you have nothing to worry about, nobody else should care? I mean, I wouldn't care about it either because my life is extremely boring, but I'm not going to dismiss other people's concerns about it.
posted by kmz at 8:23 AM on April 20, 2011

Yeah, this app doesn't even come close to exact coordinates when tracking cell towers. I went to Bend, Oregon once while holding this phone in my pocket, and it looks like my phone hit cell towers up to 30 miles away in all directions, along roads I know I didn't venture down. I may have been at a few higher altitude spots that had line-of-sight with more towers, but I definitely didn't explore the area as much as this app claims I did.
posted by mathowie at 8:23 AM on April 20, 2011

Now I don't feel so bad about forgetting to take my phone with me when I leave the house.
posted by amyms at 8:23 AM on April 20, 2011

Of course not, but control of the information you carry on your person matters.

And until today, you didn't know you carried this information in your pocket and on your computer. Data tracked, btw, without your consent.

Or did you ask for this? I mean, if you think it's perfectly acceptable for your phone to have been tracking your movements and storing that information completely without your knowledge, that's perfectly okay.

I think its fucking invasive. I also think that it allows for your phone to be used against you as evidence should the situation arise.
posted by eyeballkid at 8:28 AM on April 20, 2011 [1 favorite]

It only took them 27 years to switch roles, eh?
posted by zarq at 8:28 AM on April 20, 2011 [2 favorites]

Can (smart or "dumb") mobile phones be tracked (by telco or service/device provider) when they are powered off?

In theory no, but as with most modern devices it's not entirely clear what "powered off" means when the battery isn't pulled. Does it mean powers down the screen, stops answering calls and silently emits one packet an hour? If you're really concerned about this, own a phone that lets you pull the battery out.

Likewise, can telco and provider tracking be disabled by putting a powered-on phone inside of something (regardless of how it would affect connectivity), such as say a lead satchel?

The copper-mesh pouches some people sell aren't 100% effective, but for the most part they're good enough. Faraday cages need to be grounded to work properly.
posted by mhoye at 8:29 AM on April 20, 2011 [3 favorites]

in reality I feel like if a shadowy force of evil wants to track me down, they're going to be able to do it whether or not I'm carrying a device, and that it has been ever thus.

This, and who's to say that it's even me carrying the phone, or if I leave it at home vs. actually being at home?

This kind of data can work both ways. "No, officer, I didn't leave my house all night... check my phone records."
posted by chambers at 8:29 AM on April 20, 2011

mrgrimm wrote,
1) Can (smart or "dumb") mobile phones be tracked (by telco or service/device provider) when they are powered off?

Quick google search reveals: FBI taps cell phone mic as eavesdropping tool: the eavesdropping technique "functioned whether the phone was powered on or off."

2) Likewise, can telco and provider tracking be disabled by putting a powered-on phone inside of something (regardless of how it would affect connectivity), such as say a lead satchel?

Faraday Cage

:)
posted by kuatto at 8:29 AM on April 20, 2011 [1 favorite]

They collect the information because they expect it to have some value down the road, particularly when combined with info from other data-mining collections. That they don't ask permission, or even give notification, is par for the course for this kind of thing.
posted by mediareport at 8:30 AM on April 20, 2011

I think its fucking invasive. I also think that it allows for your phone to be used against you as evidence should the situation arise.

I agree, but looking at Matt's map of where he's been, it doesn't look like productive information (though very beautiful).

Does it show times and dates of the location?
posted by Brandon Blatcher at 8:30 AM on April 20, 2011

This data animation is from the security researchers that broke the story. It lends more argument to the 'cell tower location' idea -- unless of course Amtrak trains travel in neat little circles on their way from DC to NYC.
posted by JohnFredra at 8:30 AM on April 20, 2011

Two perhaps stupid questions.

1) Can (smart or "dumb") mobile phones be tracked (by telco or service/device provider) when they are powered off?

I think it depends on if there's anything like wake-on-signal built into the phone. I'm not sure if any phone has that right now. I suppose to be really "safe" you could take the battery out.

Actually now that I think about it, one of my alarm apps has a feature that turns on the phone first if it's off. I've never tried it though and I don't know how exactly it works.

2) Likewise, can telco and provider tracking be disabled by putting a powered-on phone inside of something (regardless of how it would affect connectivity), such as say a lead satchel?

If you're actually blocking all signals, I don't see how they could track you. I suppose if the phone was really trying to track everything and anything it could, it could record in an internal log your movements based on an accelerometer and compass, and when exposed again to a cellular signal, upload that data along with its last known coordinates. I have no idea how well that would work though, and that would be going seriously into tinhat territory.
posted by kmz at 8:31 AM on April 20, 2011

Ah, but, apart from the app, this is so March 26th...
posted by y2karl at 8:32 AM on April 20, 2011

So because you have nothing to worry about, nobody else should care?

If you're already up to something you'd rather not have anyone know about, I thought it was already general knowledge to not take your phone with you.

The trick is that the population was convinced that you have to have your cell phone with you at all times. The world got on just fine without being within arm's reach of the phone for a long time.
posted by chambers at 8:32 AM on April 20, 2011 [1 favorite]

Don't the baseband chips in mobile phones contain a VM which can run code pushed to it by the carrier (or law-enforcement authorities, or intelligence agencies, or organised criminals who steal/crack the codes) without user intervention, and independently of the interactive interface part of the phone?
posted by acb at 8:34 AM on April 20, 2011 [2 favorites]

iSpy
posted by tittergrrl at 8:34 AM on April 20, 2011 [2 favorites]

If you're actually blocking all signals, I don't see how they could track you.

I think having no signal or info for odd periods of time would generate a bigger suspicion than having a signal stay in one place.
posted by chambers at 8:35 AM on April 20, 2011

Okay!! I GET IT PEOPLE!!! My iPhone is not only tracking my whereabouts for the government, but it's giving me cancer, ruining my attention span, fucking up my spelling, making me a sheep who's less cool then Android users, locking me in a walled garden, contributing to global warming. It's made using conflict rare Earth minerals by suicidal child slaves in a hellish Chinese prison that makes their spines fuse together. It's also making me impotent, sterile, deaf, blind and giving me a false sense of importance. I GET IT. You REALLY don't want me to have this thing, do you, internet?
posted by fungible at 8:36 AM on April 20, 2011 [15 favorites]

All these comments and not a single finger of blame for closed-source? Really?

In an open-source phone this would have been a secret for about...10 seconds.
posted by DU at 8:37 AM on April 20, 2011 [12 favorites]

Not that I love this feature (turn off Location Services if you don't), but it's not exactly new news, either. Police have used it before in cases that I can't seem to find links to right now, and there's this from September 2010.

The worst thing about it seems to be that it's stored unencrypted.
posted by rokusan at 8:37 AM on April 20, 2011

Or did you ask for this?

Unfortunately, in modern society being able to uniquely identify somebody in time and space is a necessary precursor to being able to deliver services to them of any kind. I understood that in order to receive phone calls, email and SMS messages, that the phone company needs to know where my phone is, and I accepted that. I also know that once information exists at all, it can be logged quickly and cheaply; I've personally built the machines that do that, though not for telcos.

If you find it invasive, you may choose to opt out by refusing to participate in processes that require you to be uniquely identified. But in this relatively miraculous modern society we have, that fucking sucks. It means no ordering pizza, using credit cards, calling 911, or obtaining health care, among zillions of other things.

Honestly, finding out that among all the information I radiate deliberately or not that's being picked up and logged by God knows who, that it's also being recorded in my phone, is just not that big a deal at all.
posted by mhoye at 8:38 AM on April 20, 2011 [2 favorites]

okay, wait a second. Google got sued over logging unsecured wifi connections when making maps for people; Apple does active logging of your movements and it's all "meh"?
posted by Old'n'Busted at 8:42 AM on April 20, 2011 [4 favorites]

This is not tracking you, it is caching the connected cell tower locations for the "assisted" part of assisted GPS and probably connection quality monitoring as well.
posted by aaronh at 8:45 AM on April 20, 2011 [1 favorite]

okay, wait a second. Google got sued over logging unsecured wifi connections when making maps for people; Apple does active logging of your movements and it's all "meh"?

It's a redundant log, the phone companies have this data too through their own towers. The bigger deal than the tracking is how the data is stored unencrypted.
posted by chambers at 8:46 AM on April 20, 2011 [2 favorites]

Google got sued over logging unsecured wifi connections when making maps for people;

Google wasn't just logging the locations of unsecured wifi connections, they were logging traffic that passed though them. Which is sort of the difference between knowing your address and reading your mail. They correctly admitted wrongdoing in that case.
posted by mhoye at 8:47 AM on April 20, 2011

In an open-source phone this would have been a secret for about...10 seconds.

A shame there's no open source phones and open sourced telcos, then, huh?
posted by Threeway Handshake at 8:49 AM on April 20, 2011 [1 favorite]

Google got sued over logging unsecured wifi connections when making maps for people; Apple does active logging of your movements and it's all "meh"?

Google's motto is 'Do no evil' so I hold them to higher standard in a way, especially since their business model relies on selling me and info whenever possible.

Apple seems more customer oriented and their business relies on keeping me happy. I do want an explanation though.

Big Steve is Watching You?

In Recent Activity, this looks like 'Steve Jobs is WASHING You' out of the corner of my eye.
posted by Brandon Blatcher at 8:51 AM on April 20, 2011

Whoa, I am never home.
posted by elwoodwiles at 8:52 AM on April 20, 2011 [1 favorite]

Is this Guardian article extremely overwraught? Almost a Daily Mail-level of hand-wringing? Because this:

Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device

is demonstrably not true. Maybe this is just standard-issue journalist-who-doesn't-understand-technology?

I mean yes, every detail of the phone file may be transferred to a computer, but not every detail of my movements. As far as I can tell, it's not counting the number of times I walk from my desk to the bathroom to hide in a stall and play Bejeweled.
posted by muddgirl at 8:58 AM on April 20, 2011

This kind of data can work both ways. "No, officer, I didn't leave my house all night... check my phone records."

It will be like every other tool the police use: polygraph, DNA, prints. If it proves what they want to prove it will be styled infallible; if not, clearly it's either a new and iffy technology or they just missed something and you still probably did it, you lousy damn citizen.

I'm surprised there isn't a bigger obvious market for anonymous communications technology. Pay as you go anonyphones will make somebody some big dollars. Probably already has, somewhere. Doesn't matter if they track you if they have no idea who you are. Sit your phone at home and alibi yourself. Of course, it won't matter. Just like it really doesn't matter if you're guilty or not if there's heroic press-worthy closure to be had.
posted by umberto at 9:00 AM on April 20, 2011 [2 favorites]

I shared this information with a friend who has a teenage son. Her first reaction: "Ooh, I can see where my son's going."

Now is she gonna do it? I kind of doubt it, knowing her and her sense of humor. But if one person has said it as a joke, you know there are five people who want to use it for exactly that reason.
posted by tittergrrl at 9:01 AM on April 20, 2011 [2 favorites]

The combination of IP-based geolocation, Wi-Fi Access point location, and Cell Site location, you are typically pinpointed within 100 meters when you have a smart phone on.

See SkyHook

Not to be confused with Skynet, which became self-aware yesterday.
posted by kuatto at 9:02 AM on April 20, 2011 [2 favorites]

I wish I thought that everyone would be really clever and start leaving their phones at home - I was just watching the last Bourne movie again the other night, and one of the plot points was checking which spy had left their (company) phone off for an extended period of time to get a pool of potential suspects. (FWIW, the "suspect" was being hunted down for leaking info about an icky spy project to a reporter.)
posted by epersonae at 9:02 AM on April 20, 2011

I GET IT. You REALLY don't want me to have this thing, do you, internet?

You still have an iPhone? Spleh. Hipsters have upgraded to Apple's newest secret phone, the μPhone.

You probably haven't heard of it. It doesn't track where you go as it doesn't connect to cell towers. The phone only connects within 10 feet of electric car recharging stations via Bluetooth. It also doesn't make telephone calls, only texts. The character maximum on the texts has been reduced to 34 characters. The spell check runs on a passive aggressive algorithm designed to mock you. It runs on a DOS variant for irony's sake. The LCD screen is recycled from late 1990's 900 MHz cordless phones, no Chinese child labor involved. The case is made from plant-based plastic. The buttons are re-purposed typewriter keys. The only ringtones for your texts are bands that have names with at least six words. Very popular right now is the "Someone Still Loves You Boris Yeltsin" ringtones.
posted by Mister Fabulous at 9:03 AM on April 20, 2011 [12 favorites]

I think having no signal or info for odd periods of time would generate a bigger suspicion than having a signal stay in one place.

If turning off my phone is a suspect activity, then we have a problem.
posted by Devils Rancher at 9:03 AM on April 20, 2011

This is why I carry a landline and three miles worth of cable on spools.
posted by klangklangston at 9:04 AM on April 20, 2011 [13 favorites]

this is NOTHING... Here's what I learned today.

Every single person in YOUR town has been equipped with biologically enabled light sensing lenses which are connected to a grey matter data storage system. These implants are also connected to auditory sensors to verify and confirm data.

Every time you walk through your town, thousands of these units are focused on you and recording not only your location, but when you pick your nose, what kind of crappy hat you have on, and how long you spend staring at that hot babe in the coffee shop.

All of this data can be called into court using a unique "lawyer" system and used to build a criminal case against you, or by your spouse to suck you dry of money.

I'm not worried about no iphone, but I'm going to start carrying a sidearm to disable all these friggin' surveillance units all over town!
posted by tomswift at 9:04 AM on April 20, 2011 [5 favorites]

Not to be confused with Skynet, which became self-aware yesterday.

OH SHIT. The Portal 2 release date and GLaDOS@Home makes so much more sense now.
posted by Threeway Handshake at 9:05 AM on April 20, 2011 [1 favorite]

tittergirl: Lost Verizon, Simpsons episode from 2008.
posted by epersonae at 9:05 AM on April 20, 2011

I'm surprised there isn't a bigger obvious market for anonymous communications technology. Pay as you go anonyphones will make somebody some big dollars. Probably already has, somewhere.

Aren't those "burner phones"? But as far as I know it is now more difficult in most places to buy prepaid phones anonymously.

But really everything I know about that kind of stuff is from Castle or random L&O eps.
posted by kmz at 9:05 AM on April 20, 2011

what kind of crappy hat you have on

I like my hat! Also, please stop looking at me.
posted by yeolcoatl at 9:06 AM on April 20, 2011

muddgirl: "Every detail" may be a *little* strong, but not by much. Most people don't expect their phones to log their location to 50m accuracy (which this can probably achieve in areas where masts are fairly dense) without any notification to the end-user.

That means that which shops you used and, more importantly from a privacy point of view, who you talked to (if they had a similar phone) can be discovered by anyone who can get access to this data.
posted by pharm at 9:06 AM on April 20, 2011 [1 favorite]

I was going to make this comment in the other smartphone thread, but it's probably just as applicable here:

There will never be a drive to regulate or prevent this sort of thing until people in power feel the sting of being on the wrong end of it. Want to see this kind of thing go away? Figure out a way to use the data off of some politicians or CEOs cell phone to prove they are having an affair or killing hobos in their spare time and you'll suddenly see a mad dash to get this kind of thing restricted.
posted by quin at 9:06 AM on April 20, 2011 [3 favorites]

"Every single person in YOUR town has been equipped with biologically enabled light sensing lenses which are connected to a grey matter data storage system. These implants are also connected to auditory sensors to verify and confirm data."

Yeah, but the encryption is much, much better, and the storage is notoriously lossy.
posted by klangklangston at 9:06 AM on April 20, 2011 [4 favorites]

Scenario:

You are pulled over for a traffic stop in Michigan. Your phone is scanned by the officer and you are released with your ticket. Geo-data collected from your phone puts you in the vicinity of a robbery that happened 3 months earlier. You are brought in for questioning based on this evidence.

Far fetched? Would it seem far fetched if your skin color wasn't white?
posted by j03 at 9:06 AM on April 20, 2011 [3 favorites]

But as far as I know it is now more difficult in most places to buy prepaid phones anonymously.

I bet even Googling "buy prepaid phones anonymously" will put you on some watch list, or even used as evidence against you if they can't get you with your cell phone records.
posted by chambers at 9:08 AM on April 20, 2011

Smart phones = Dumb People

Not that I'm particularly interesting to track since I haven't done anything bad since moving back to Canada, but I don't bring my iPhone with me most of the time when I leave the house and use it primarily as a home phone. The gummint already knows where I live, so no biggie here. It was a hand-me-down phone from someone who upgraded to a 4 that I just popped my old SIM card into, so it's not much use for anything other than calls once I'm out and I can connect to the internet on my network at home. I love smart phones. It's all about the games--Galaxy on Fire 2, Final Fantasy 3, Secret of Mana, Street Fighter 4...I play games on that damned thing more than my Wii. Call me dumb if you must, I'm having more fun than you on a plane.

Ha! i have neither a dumb nor a smart phone!

I really was not into cell phones before moving to Japan 6 years ago and discovering the 3G camera-video internet phone which immediately became indispensible. I don't know how you do it over there without one, flapjax. You must be able to read kanji or something.
posted by Hoopo at 9:08 AM on April 20, 2011

I got an error message*, so I can't see where I've been (I live the most boring life imaginable, so I know the map wouldn't have been very exciting, but still).

*"Couldn't load consolidated .db file from [path]"
posted by rtha at 9:09 AM on April 20, 2011

Far fetched? Would it seem far fetched if your skin color wasn't white?

I don't know why, but the scenario reminds me of when I was at Ohio State, and posters were put up around campus (somewhere around 2004-2005) looking for a robbery suspect. Description was as follows:

Black male, 18-24, 5'10" - 6'2". Wearing a black or gray shirt. Seen on south campus. If you have seen anyone matching this description, please call Columbus Police...
posted by Mister Fabulous at 9:10 AM on April 20, 2011

I bet even Googling "buy prepaid phones anonymously" will put you on some watch list

I think maybe you should search for "tinfoil hats" instead, but use like, Altavista, or something. Just in case!
posted by Threeway Handshake at 9:10 AM on April 20, 2011 [1 favorite]

and, more importantly from a privacy point of view, who you talked to (if they had a similar phone) can be discovered by anyone who can get access to this data.

Again, this seems like a huuuge stretch. Even particular stores can't really be pinpointed at a resolution of 50 meters.

So yes, someone who has already cracked my computer or my phone may be able to triangulate my location to the Bates Motel last weekend, but at that point wouldn't they already have the confirmation sent to my email address? My bank statement showing the credit card charge? Any text messages or photos?

I'm glad this information was discovered and revealed, but no, I don't think it is a huge privacy violation. The information is being stored on your local devices. It's not being sent to anyone. It's about as secure as information can be nowadays.
posted by muddgirl at 9:15 AM on April 20, 2011 [2 favorites]

NEWS FLASH: LOCATION TRACKING DEVICE TRACKS LOCATIONS! FILM AT ELEVEN!
posted by quonsar II: smock fishpants and the temple of foon at 9:17 AM on April 20, 2011 [2 favorites]

If you think your spouse is cheating on you, this is a really good way to confirm that.

The arguments that the telco companies log the same data seem inane, since this lets anyone who can access your computer log your movements. I know we have gotten blase about these things, but s that really something people are expecting??? I don't get the comparisons to voluntary check-ins on sites like Four Square either.
posted by smackfu at 9:17 AM on April 20, 2011

The file contains a log of the cell towers you connected to and when. That's it. This is why the dots are in grids that get bigger the as you leave populated areas and routinely include places you haven't been within 30 miles of.

This information is most likely used for connection quality monitoring and caching for Assisted GPS cold starts. It is also the same information stored by your cell phone provider no matter what phone you use. As such, "Big Brother" already has the ability to access to this information.

At this point, the only person potentially aided by this discovery is a suspicious spouse.
posted by aaronh at 9:17 AM on April 20, 2011

Unfortunately, in modern society being able to uniquely identify somebody in time and space is a necessary precursor to being able to deliver services to them of any kind. I understood that in order to receive phone calls, email and SMS messages, that the phone company needs to know where my phone is, and I accepted that. I also know that once information exists at all, it can be logged quickly and cheaply; I've personally built the machines that do that, though not for telcos.

If you find it invasive, you may choose to opt out by refusing to participate in processes that require you to be uniquely identified. But in this relatively miraculous modern society we have, that fucking sucks. It means no ordering pizza, using credit cards, calling 911, or obtaining health care, among zillions of other things.

What are you going on about? I haven't owned a cell phone in nearly a decade now, and I have no problems ordering pizza, using my credit card, calling 911, or obtaining health care when I can afford it. What does doing ANY of those things have to do with location data collection?
posted by hippybear at 9:17 AM on April 20, 2011 [4 favorites]

since this lets anyone who can access your computer log your movements

I would hope that anybody cheating on somebody would encrypt their phone backups. It is the big checkbox next to the sync button on your computer.
posted by Threeway Handshake at 9:18 AM on April 20, 2011

Heck, why would a private investigator even bother with GPS tracking nowadays? They just need access to a computer the person backed up their iPhone to, and they are golden.
posted by smackfu at 9:18 AM on April 20, 2011

And hopefully no one syncs their iPhone to their work computer.
posted by smackfu at 9:20 AM on April 20, 2011 [2 favorites]

To put it another and more crude way, I KNOW Google is going to screw, as will Apple, but the latter will show me a good time first and look good while doing so.

Yes, that makes it better.
posted by Brandon Blatcher at 9:20 AM on April 20, 2011

smackfu: "Heck, why would a private investigator even bother with GPS tracking nowadays? They just need access to a computer the person backed up their iPhone to, and they are golden."

Yeah, you can pinpoint me to within 30 miles of a cell tower at a given time. Unless you're trying to prove I lied about what city I was in, the PI is wasting his time.
posted by aaronh at 9:21 AM on April 20, 2011

Speaking of William Gibson, I seem to remember that in the early chapters of Count Zero, "The Count", upon realizing that he's a WANTED man must go on the run. But he can't use cash. Because even though it's technically legal to still use cash, to do so is to instantly draw suspicion. So he must buy "money chips" (at a loss, of course) that have been programmed to appear to present the movements of "someone else". Which gets us, kind of, to where we are now ... tho maybe in mirror reverse.

Bottom line: in the NOW, to not be visible/trackable is to be suspicious (or at least potentially so), and ummm, what was that message again that MAC was pitching in that 1984 Super Bowl Ad?
posted by philip-random at 9:22 AM on April 20, 2011

what was that message again that MAC was pitching in that 1984 Super Bowl Ad

IBM sucks?
posted by entropicamericana at 9:24 AM on April 20, 2011

Is Your Phone Smarter Than A 5th Grader?
posted by It's Raining Florence Henderson at 9:25 AM on April 20, 2011

what was that message again that MAC was pitching in that 1984 Super Bowl Ad

No, wait! "Buy a Mac!"
posted by entropicamericana at 9:25 AM on April 20, 2011 [1 favorite]

Unfortunately, in modern society being able to uniquely identify somebody in time and space is a necessary precursor to being able to deliver services to them of any kind.

And now, the decoded version of that sentence:

Unfortunately, in modern society being able to uniquely identify somebody in time and space is a necessary precursor to being able to deliver them at any time.
posted by philip-random at 9:26 AM on April 20, 2011

> In an open-source phone this would have been a secret for about...10 seconds.

Is it a known fact that Android phones don't log cell tower locations with timestamps? I'm curious now.
posted by ardgedee at 9:27 AM on April 20, 2011

union-busting firm (it would be super-useful for that--you could identify and target employees attending union meetings)

It is illegal to do that under the NLRA. Any employer doing that would be completely idiotic. The employer-side firms would run out the door. My experience representing unions is that the employer wants the election over fast, and then wants to drag the negotiations out as long as possible until the next election where they hope someone else will win.
posted by Ironmouth at 9:28 AM on April 20, 2011

Ok, so! For those of you with xcode who want to better see what information is tracked, get the project from his site and edit iPhoneTrackingAppDelegate.m. The lines you want to edit to make it more precise are:

const float precision = 100;

and:

const float weekInSeconds = (7*24*60*60);

I changed those to 10000 and 24*60*60 and.. Well, the new app shows data on a day-to-day basis, but it's a cloud at a day level. It's certainly not a breadcrumb trail like my old Garmin eMap used to make. At best you could use it to determine that I never went to either of our datacenters, but you can't tell that I went to 2327 Lover's Lane at 8:36pm for a secret tryst.

I'm also willing to believe that I'm doing it entirely wrong. I can't get hour-by-hour buckets to work, but I'm not really a programmer.
posted by Kyol at 9:29 AM on April 20, 2011 [1 favorite]

I'm also curious how mutable the data is. Because by Pete Warden's description of how the data is logged, I don't understand why you can't:

1. Back up your iPhone or 3G iPad,
2. Run a handy utility that overwrites the location data on the backup with known innocuous data,
3. Restore from backup. Problem solved. Seriously.

The only gap here is the handy utility, a desktop application that asks you where you would rather have been at a given date/time and then modifies the data accordingly. Since all the relevant code components seem to be in place, this might not take significant effort.
posted by ardgedee at 9:31 AM on April 20, 2011

Frankly, this feature is really cool and useful to me. My main complaint is A: Apple didn't disclose it and B: I can't get access to the data more easily.

Anyone found any non-MacOS tools for working with the data yet? I'll take Windows binaries, Perl/Python/Ruby/Javascript, or POSIX C.
posted by Nelson at 9:31 AM on April 20, 2011

The file contains a log of the cell towers you connected to and when. That's it. This is why the dots are in grids that get bigger the as you leave populated areas and routinely include places you haven't been within 30 miles of.

Is data about cell towers and coverage available to consumers now? I'm curious about ways we could use this to create more realistic coverage maps if we could adequately anonymize and aggregate this data.
posted by almostmanda at 9:31 AM on April 20, 2011

For those inclined, here is how to make this a total non-issue.

If anybody was at all concerned with privacy about backups, you would have already had this ticked.
For extra points, make your computer's drives encrypted, and make your computer not auto-log in when turned on.

If you are scared about cops seeing your shit, then do these things. Also password protect your telephone.

But this only protects the assets you have. The cops will still call up the telephone company who will gladly snitch and tell them exactly where you were if your phone had been on. This has always been the case, and is absolutely nothing new or unique to "smartphones."
posted by Threeway Handshake at 9:32 AM on April 20, 2011 [2 favorites]

i was just thinking how useful it would be to have a pedometer app. this'll do.
posted by mwhybark at 9:32 AM on April 20, 2011

Encrypting the backup won't make it a non issue if someone gains access to your actual phone. Also password protecting your phone won't stop someone with technical expertise.
posted by meta87 at 9:36 AM on April 20, 2011

This is why my revolutionary cell uses a series of semaphore towers to communicate all of our secret meeting minutes. The revolution WILL NOT be geolocated!
posted by briank at 9:36 AM on April 20, 2011

Yeah, you can pinpoint me to within 30 miles of a cell tower at a given time.

I have a lot more points on my map than just the cell towers, and the resolution is far better than 30 miles. CT is a small state and 30 miles is far here. Maybe it is doing triangulation? Or is it randomizing the data? The app is forcing the data to a grid that seems about 1/4 mile resolution, and we certainly don't have that many cell towers.

Oddly, I have barely any points at home, but that may be because I am on WiFi here.
posted by smackfu at 9:36 AM on April 20, 2011

pay as you go (in cash) cellphones just got more attractive.
posted by edgeways at 9:38 AM on April 20, 2011

"Personal Informatics is a class of applications that help people collect personally relevant information for the purpose of self-reflection and gaining self-knowledge"

What a load of bu!!$#it, self-knowledge? Right.

As an urban planner I'm also excited about how these mountains of data are going to allow us to solve problems of large scale organization. BUT, it's going to have to be done with respect to peoples' basic rights and privacey, full stop. The early adopters leading the charge are not convincing, so far.
posted by Reasonably Everything Happens at 9:38 AM on April 20, 2011 [1 favorite]

> For those inclined, here is how to make this a total non-issue.

Encrypting the backup is effective at preventing the data from readily being accessed on the computer.

The concern here, though, is that the data seems to be stored in the clear on the phone itself, so third parties (such as the Michigan State Police) can grab them with a simple plug-and-play gadget. Encrypting the backup on the computer is of no consequence when the phone itself is the vulnerability.
posted by ardgedee at 9:38 AM on April 20, 2011 [2 favorites]

I don't think enough people have read the faq. This app has dumbed down the info stored for your own benefit:
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.

and, yes, as many people have pointed out, it's a problem because it wasn't opt-in and isn't encrypted. so anyone who has access to either your phone or your computer has access to this data.

also, to the whole "well if you're not doing anything wrong what are you worrying about?" camp:
what is "right" and what is "wrong" can be different depending on the laws of your country. laws are always changing, governments are in flux. we should learn from history and be able to put ourselves in the context of other times/places. if we do this, it makes sense to be concerned.
posted by butterteeth at 9:39 AM on April 20, 2011 [7 favorites]

Okay, as to the Michigan thing -- I'm not seeing the answer to this in any links here.

Screnario: the Michigan state police pull me over for speeding, and ask me for my phone. What happens to me if I refuse to hand it over?
posted by Devils Rancher at 9:44 AM on April 20, 2011

(actually, eliminate the precision fuzzer entirely by changing the latitude_ and longitude_indices to just inherit the value of lat and long, but it doesn't change the output that much when precision is a large enough value)

I mean, with the updated code, this is what my Monday looks like:

My Monday - work and home roughly denoted by arrowheads.

Maybe Milwaukee just has lousy Skyhook coverage?
posted by Kyol at 9:45 AM on April 20, 2011 [1 favorite]

Kyol, It looks like the degraded data from the app might be at play there. If you were to fit a line to that data it looks like it would be spot on.
posted by kuatto at 9:50 AM on April 20, 2011

That's with the degradations turned off, if I'm judging the loop correctly.
posted by Kyol at 9:50 AM on April 20, 2011

(well, to be more precise, it's still degraded to a day long bucket, but I believe I have the latitude and longitude degrader removed.)
posted by Kyol at 9:52 AM on April 20, 2011

Wasn't there an FPP about a German politician who had the same experience with his T-Mobile phone, where the telco was tracking his movements by way of his phone?
posted by Blazecock Pileon at 9:52 AM on April 20, 2011

Hang on, I'm lost. Some of you are saying this tells you EXACTLY where you've been, others are saying it tells you which towers your phone has connected to.

Also (stupid question),

is this how that Foursquare business works? When people keep "checking in" places, do they have to physically push a button, or does it happen automatically? I kind of hope it's automatic otherwise I need to send out a few WTFs to some friends of mine for broadcasting to me that they're at Dairy Queen.
posted by Hoopo at 9:52 AM on April 20, 2011

Damn it. Now I will have to go to museums and art shows! And stop frequenting McDonald's drive-thrus or Walmart. I know how you people are.

i was just thinking how useful it would be to have a pedometer app. this'll do.

I have this one.
posted by misha at 9:52 AM on April 20, 2011 [2 favorites]

Kyol, that is really weird. It really looks like a nice fit if you were to perform a linear regression.

I'm wondering if the data is not somehow crippled or obfuscated.
posted by kuatto at 9:55 AM on April 20, 2011

I use a Verizon iPhone 4 and the app failed, raising a popup: "Couldn't load consolidated.db file from '/Users/alterscape/Library/Application Support/MobileSync/Backup'" -- I wish I felt comforted, as in maybe Verizon iPhones don't have this behavior, but more likely, it's there and the format is just different enough to bork their parser. Might download the source and have a look..
posted by Alterscape at 9:57 AM on April 20, 2011

Hoopo: you have to physically push a button to log in, although generally the Foursquare app will tell you what "venues" are near where the phone thinks you are. It usually gets a better list if you have GPS turned on. (venue screenshot)

So, yeah, send those WTFs...your friends are checking in from Dairy Queen.
posted by epersonae at 10:03 AM on April 20, 2011

Threeway Handshake: A shame there's no open source phones and open sourced telcos, then, huh?

They're working on it. It's already possible to set up your own telco, the handset baseband is also on its way. Software defined radio will break our shackles!
posted by vanar sena at 10:03 AM on April 20, 2011

Ah, here we go. It was Deutsche Telekom, not T-Mobile: Can You See Me Now
posted by Blazecock Pileon at 10:19 AM on April 20, 2011

So here's a question for you: Is my iPhone 4 refurbished? Because let me tell you, I bought it new. But the location data for the week I bought it clearly shows it in Las Vegas. Sure, I've been there. But not since I was 16, and never with an iPhone. The timestamps showing my phone in Vegas overlap with timestamps showing my wife and I on a road trip (with my old 3GS) in Michigan. At no point did I or my phone take a day trip to Vegas. So either my 3GS phone was suddenly powerful enough to lock on to towers in Nevada all the way from Michigan, or some guy bought an iPhone 4 in Vegas, then returned it, and it was sold to me as a new phone by AT&T, upon which point it was somehow merged with my existing profile without wiping all of the prior location data.

I have two questions here, really. Question 1 is what the fuck, as elaborated above. Question 2 is what to do about it. Because I paid new price for what seems to be a used phone.
posted by caution live frogs at 10:21 AM on April 20, 2011 [4 favorites]

Open source telephony is the future! Look out, iPhone!
posted by entropicamericana at 10:21 AM on April 20, 2011

Kyol, that is really weird. It really looks like a nice fit if you were to perform a linear regression.

Well, if my memory serves, I took a couple of routes to and from work that night, but none of them really line up with the points that were plotted. So it's not like it's just a simple degradation of an out and back route.

I suspect the data is just really really low resolution quick AGPS snapshots so it doesn't kill the battery getting a solid fix. I'd be interested to get the time buckets fixed so I could see if it eventually does focus in on a location when you've been there for a while. Zoomed in, there's a point at my house's address, but nothing at work's address.
posted by Kyol at 10:24 AM on April 20, 2011

Caution: Possible alternate explanation is turning on the phone for QA.
posted by klangklangston at 10:27 AM on April 20, 2011

Open source telephony is the future! Look out, iPhone!

Open-source phones will do to the iPhone what desktop Linux did to Windows.
posted by acb at 10:29 AM on April 20, 2011 [1 favorite]

klang: Does QA involve driving it all over the Las Vegas suburbs? Because the location data is spread around along a couple of highways outside of town, near an Air Force base, with the biggest dot centered on a residential neighborhood. If it were in a spot I could say relates to some AT&T or Apple testing area, maybe. But it isn't. I picked it up "new" in store from AT&T. Then a week later I exchanged it for a "new" replacement via AppleCare at the local Apple Store, because it had a dead pixel. So either the original or the replacement iPhone 4 looks to have been a used phone that was repackaged as if it were a new item.

If that's the case, fine - there's nothing wrong with the phone (aside from the scratch on the back, thanks to my 2 year old) - but I am concerned that (a) I ended up paying a new price for a used phone, and (b) the possibility that location data NOT belonging to me could be attributed to me. Which is a big friggin' deal, considering potential legal implications of time/date stamping a person's position via cellphone.
posted by caution live frogs at 10:36 AM on April 20, 2011

So, is there any way I can do this on Windows or on the iPhone itself?
posted by goodnewsfortheinsane at 10:36 AM on April 20, 2011

I work writing location-based services using cell phones as data sources, and we really care about sensitive location data is. Yes cell companies have this data already but they tend to be good about not giving it out to anyone who asks. You need a subpoena (which arguably is just too damn easy to get these days.) That means you can't just go fishing for data to see if there's anything interesting. That means you can't get ahold of someone's cell phone and look over the data and see if there's anything interesting. That means that if you aren't a police officer you can't get the data, period. Also, phone companies GET RID OF THE DATA. I'm no sure how long retention is, but it isn't forever.

As for cell tower based location, yeah it's not going to be useful for tracking exactly where someone is, but at least in urban areas it's amazing how much you can tell from the location stream. You can pretty easily tell when they changed their routine, or if they weren't at work when they said they were, etc etc. You visited a friend a few towns over? It's in there. You went to an interview at a competitor's company on a day you called in sick. Also there. It's not going to give specific details, but that stream is invaluable.

I don't think this was some big brother plan from Apple. I suspect the whole file is a side effect of code used for some reasonable purpose, but it's a good example of why people need to really pay attention to what they do with location data. My worry is there's going to be some high profile case out there were something bad happens because a company plays fast and lose with location data and the response leads to a HIPPA like overkill law that kneecaps the location based space. There's some really cool ideas out there and some really good ways location data can be used, so engineers owe it to themselves not to be idiots.
posted by aspo at 10:38 AM on April 20, 2011 [1 favorite]

caution: I'd bet that the replacement you got under AppleCare was a refurb. I tend to only buy refurb products from Apple (they carry the same warranty and are even eligible for extended AppleCare warranty), I save a bit of money that way, and yes, the refurb products are packaged exactly like the new ones.

Why the phone wasn't 100% wiped and reset to factory condition before it was given to you as a replacement, I cannot say. Seems like that should be part of the refurb process.
posted by hippybear at 10:43 AM on April 20, 2011

This is awfully overblown. If you actually look at the data file, it's clearly a cache of radio locations used for location services like Skyhook and so on. When not using GPS, or if you have a phone that doesn't have a GPS receiver, the phone works out your location based on what cell towers and wifi access points it can see. Those signals don't include an indication of their physical location— just a name or ID number. So Skyhook et al maintain a database of where these towers are, which your phone consults in order to figure out where it is. This file is a cache of lookups. I'd guess it also feeds data back to Skyhook so that when a new tower or AP appears they get a database update for free.

Technical details:

% sqlite3 4096c9ec676f2847dc283405900e284a7c815836
SQLite version 3.7.5
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .schema
CREATE TABLE CdmaCellLocation (MCC INTEGER, SID INTEGER, NID INTEGER, BSID INTEGER, ZONEID INTEGER, BANDCLASS INTEGER, CHANNEL INTEGER, PNOFFSET INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, SID, NID, BSID, ZONEID, BANDCLASS, CHANNEL, PNOFFSET));
CREATE VIRTUAL TABLE CdmaCellLocationBoxes USING rtree(ROWID, MinimumLatitude, MaximumLatitude, MinimumLongitude, MaximumLongitude);
CREATE TABLE "CdmaCellLocationBoxes_node"(nodeno INTEGER PRIMARY KEY, data BLOB);
CREATE TABLE "CdmaCellLocationBoxes_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);
CREATE TABLE "CdmaCellLocationBoxes_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);
CREATE TABLE CdmaCellLocationCounts (Count INTEGER);
CREATE TABLE CdmaCellLocationHarvest (MCC INTEGER, MNC INTEGER, SID INTEGER, NID INTEGER, BSID INTEGER, BSLatitude FLOAT, BSLongitude FLOAT, ZoneID INTEGER, SectorID TEXT, SectorLatitude FLOAT, SectorLongitude FLOAT, BandClass INTEGER, RAT INTEGER, CellType INTEGER, PNOffset INTEGER, Channel INTEGER, Operator TEXT, BundleId TEXT, LTMOffset INTEGER, DayLightSavings INTEGER, DerivedMcc TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, SID, NID, BSID, Timestamp));
CREATE TABLE CdmaCellLocationHarvestCounts (Count INTEGER);
CREATE TABLE CdmaCellLocationLocal (MCC INTEGER, SID INTEGER, NID INTEGER, BSID INTEGER, ZONEID INTEGER, BANDCLASS INTEGER, CHANNEL INTEGER, PNOFFSET INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, SID, NID, BSID, ZONEID, BANDCLASS, CHANNEL, PNOFFSET));
CREATE VIRTUAL TABLE CdmaCellLocationLocalBoxes USING rtree(ROWID, MinimumLatitude, MaximumLatitude, MinimumLongitude, MaximumLongitude);
CREATE TABLE "CdmaCellLocationLocalBoxes_node"(nodeno INTEGER PRIMARY KEY, data BLOB);
CREATE TABLE "CdmaCellLocationLocalBoxes_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);
CREATE TABLE "CdmaCellLocationLocalBoxes_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);
CREATE TABLE CdmaCellLocationLocalCounts (Count INTEGER);
CREATE TABLE Cell (Timestamp FLOAT, MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, PRIMARY KEY (Timestamp, MCC, MNC, LAC, CI));
CREATE TABLE CellLocation (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI));
CREATE VIRTUAL TABLE CellLocationBoxes USING rtree(ROWID, MinimumLatitude, MaximumLatitude, MinimumLongitude, MaximumLongitude);
CREATE TABLE "CellLocationBoxes_node"(nodeno INTEGER PRIMARY KEY, data BLOB);
CREATE TABLE "CellLocationBoxes_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);
CREATE TABLE "CellLocationBoxes_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);
CREATE TABLE CellLocationCounts (Count INTEGER);
CREATE TABLE CellLocationHarvest (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, RSSI INTEGER, ARFCN INTEGER, PSC INTEGER, RSCP INTEGER, ECN0 INTEGER, Operator TEXT, Transmit INTEGER, BundleId TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI, Timestamp));
CREATE TABLE CellLocationHarvestCounts (Count INTEGER);
CREATE TABLE CellLocationLocal (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI));
CREATE VIRTUAL TABLE CellLocationLocalBoxes USING rtree(ROWID, MinimumLatitude, MaximumLatitude, MinimumLongitude, MaximumLongitude);
CREATE TABLE "CellLocationLocalBoxes_node"(nodeno INTEGER PRIMARY KEY, data BLOB);
CREATE TABLE "CellLocationLocalBoxes_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);
CREATE TABLE "CellLocationLocalBoxes_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);
CREATE TABLE CellLocationLocalCounts (Count INTEGER);
CREATE TABLE CompassCalibration (Timestamp FLOAT, MagneticX FLOAT, MagneticY FLOAT, MagneticZ FLOAT, BiasX FLOAT, BiasY FLOAT, BiasZ FLOAT, Level INTEGER, Magnitude FLOAT, Inclination FLOAT);
CREATE TABLE Fences (BundleId TEXT, Name TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, Distance FLOAT, DesiredAccuracy FLOAT, SetupComplete INTEGER, LastStatus INTEGER, PRIMARY KEY (BundleId, Name));
CREATE TABLE Location (Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Lifespan FLOAT, PRIMARY KEY (Timestamp));
CREATE TABLE LocationHarvest (Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, TripId TEXT, Context INTEGER, PRIMARY KEY (Timestamp));
CREATE TABLE LocationHarvestCounts (Count INTEGER);
CREATE TABLE TableInfo (TableName TEXT, SoftwareVersion TEXT, SerialNumber TEXT, PRIMARY KEY (TableName));
CREATE TABLE Wifi (Timestamp FLOAT, MAC TEXT, RSSI INTEGER, PRIMARY KEY (Timestamp, MAC));
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
CREATE TABLE WifiLocationCounts (Count INTEGER);
CREATE TABLE WifiLocationHarvest (MAC TEXT, Channel INTEGER, Hidden INTEGER, RSSI INTEGER, Age FLOAT, BundleId TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER);
CREATE TABLE WifiLocationHarvestCounts (Count INTEGER);
[... index and trigger entries snipped ...]
posted by hattifattener at 10:43 AM on April 20, 2011

hippybear - my wife's MacBook is a refurb. Generally I don't have a problem with it, but handing me a replacement phone that had been on the ground in use by someone else a week prior is pretty darn fast turnaround for a refurb product - how good was the recheck and repair again? And to reiterate, (a) the data was wiped but not completely, which is potential for a can of worms legally, and (b) if it's refurbed I feel like I got shafted, given that my original had a defect out of the box and was in my hands less than 2 days before I had it replaced. When I buy refurbished I pay the refurbished price, not the full price. There needs to be an obligation to state replacements are refurbed, which they don't do.
posted by caution live frogs at 10:50 AM on April 20, 2011

I bought it new. But the location data for the week I bought it clearly shows it in Las Vegas. Sure, I've been there. But not since I was 16, and never with an iPhone.

I think it brings up another point if-you're-not-doing-anything-wrong-you-don't-have-anything-to-worry-about crowd is forgetting. Now CLF actually has to prove he wasn't in Las Vegas.
posted by c13 at 10:51 AM on April 20, 2011 [3 favorites]

Ah, here we go. It was Deutsche Telekom, not T-Mobile: Can You See Me Now

This is different. The Telecom was doing the recording. This really can't be helped, at least tracking a person, as they have to use cell tower strength to determine which tower is communicating with the person. This is not terribly fine grained, although in the city, where towers are closer, and their strength and coverage is less, it can be. This is being stored on the phone, in plaintext, and transferred from the phone to the computer when you sync.

I would assume as hattifattener said, it's for Skyhook, and that Android devices do a similar communication, especially after the whole Google Wifi fiasco. I don't think Android devices leave the file in plain text on the device though.
posted by zabuni at 10:54 AM on April 20, 2011

Now CLF actually has to prove he wasn't in Las Vegas.

Why? To whom?

Information doesn't exist in a vacuum - clearly CLF wasn't in Vegas. His credit card shows charges in Minnesota. His wife and friends and boss and Starbucks barista can all attest that he was in MN. There's no evidence that he bought a ticket to Vegas and no flight manifests show him going to Vegas.

If someone else wants to prove CLF was in Vegas, his phone might be one point of data, which is conflicted by every other piece of data which shows he was in Minnesota.
posted by muddgirl at 10:55 AM on April 20, 2011

which is conflicted by every other piece of data which shows he was in Minnesota

Replying to myself: Including his own phone

The timestamps showing my phone in Vegas overlap with timestamps showing my wife and I on a road trip (with my old 3GS) in Michigan.

posted by muddgirl at 10:56 AM on April 20, 2011

What happens in Vegas stays in your phone through multiple owners.
posted by kmz at 10:56 AM on April 20, 2011 [3 favorites]

> Is my iPhone 4 refurbished? Because let me tell you, I bought it new. But the location data for the week I bought it clearly shows it in Las Vegas. Sure, I've been there. But not since I was 16, and never with an iPhone.

Had you bought it through Apple, directly from AT&T or Verizon, or through a third party? As far as I know, Apple and AT&T (and, I assume, Verizon) will only sell refurbs at a discount and with a clear paper trail documenting it. A third party might be sleazier about it.

(I've bought a lot of refurbed equipment through Apple, and they don't even come in original packaging. They take pains to make sure people can't resell refurbs as new just by removing some stickers and adding shrinkwrap.)

In any event, that's janky as heck. Ask Apple directly about this (or your telco, if you bought it from a store owned by AT&T or Verizon). Have your purchase paperwork handy, in case they ask.
posted by ardgedee at 11:00 AM on April 20, 2011

Apparently I spend a lot of time in a bar near work.
posted by Jim Slade at 11:01 AM on April 20, 2011 [1 favorite]

It's a good thing, muddgirl, that you've never had an insecure suspicious significant other.
posted by c13 at 11:01 AM on April 20, 2011

So how easy is it for people wanting to track you (supposing they're willing to do it illegally and know a bit about doing such things on computers) to get access to your locations by your phone?

I guess what I'm saying is, how protected is this information? I know most computer systems attempt to be hacker proof but they still get hacked an creit car numbers an identities get stolen. In the wrong hands this information could be bad news.

Do we think this information will always remain completely protected like credit card numbers (are supposed to be).... or will this eventually be opened up to the public? Because that would suck a lot.
posted by xarnop at 11:05 AM on April 20, 2011

It's a good thing, muddgirl, that you've never had an insecure suspicious significant other.

Let me be perfectly clear: I am glad that I and others know about this data, because now we can take steps to mitigate any personaldamage that it might do, just as we (hopefully) do with any other data stored on our phones and computers. I believe Apple should have disclosed this or not produced it at all.

BUT, abusive people do not need any of the contents of this data file to be abusive. They have already stolen your phone and/or hacked into your encrypted phone backups. They already have your text messages and your photos and your emails and your facebook password. Anything will give them the seed to "excuse" their abusive behavior. A highly innaccurate dot on a map is just as infuriating to them as anything else.
posted by muddgirl at 11:06 AM on April 20, 2011 [2 favorites]

This is different. The Telecom was doing the recording.

I don't know. From a privacy standpoint, does it really matter who is doing the recording?
posted by Blazecock Pileon at 11:11 AM on April 20, 2011

I don't know. From a privacy standpoint, does it really matter who is doing the recording?

It does if on the one hand a subpoena is required to get the information and on the other it can be obtained by taking a specific, unencrypted file from a phone - especially if copying phone data is ruled as permissible during routine stops.
posted by running order squabble fest at 11:16 AM on April 20, 2011

It does matter, some, because as mentioned above the physical location of the data (on the phone vs. in some central office) can endanger an individual in different ways.
posted by fake at 11:17 AM on April 20, 2011

Things I learn through paranoid curiosity.

CPNI (Customer Proprietary Network Information).

EPIC work related to CPNI.

US Code on CPNI
posted by dglynn at 11:20 AM on April 20, 2011 [2 favorites]

I don't know. From a privacy standpoint, does it really matter who is doing the recording?

Both are bad but this is worse. In the case of the German politician, to get access to the data he had to file suit against Deutsch Telekom to get around the relevant privacy legislation (he based it on being an MP, and so it was in effect a 'freedom of information' request).. In contrast, this info is unencrypted by default, available to anyone who gets access to your computer.

So, from a privacy standpoint, it doesn't matter who is doing the recording, but it definitely matters what they do with what they record, why they keep it, and how long for.
posted by modernnomad at 11:21 AM on April 20, 2011

The concern here, though, is that the data seems to be stored in the clear on the phone itself, so third parties (such as the Michigan State Police) can grab them with a simple plug-and-play gadget. Encrypting the backup on the computer is of no consequence when the phone itself is the vulnerability.

Interestingly, the tool the Michigan cops have cannot access an iPhone 4 what has an unknown passcode lock without having physical access to the person's computer. And then they have a problem if the person encrypted their backups they are SOL until they defeat the password protection and decrypt the drive. Now other forensic toolsets that law enforcement has can probably snatch the file. Then again, it would be faster for the same law enforcement people to just get the info from my carrier.

At present, it seems the only way to get to this file is by having physical access to the iPhone or one's backup on their computer. Both of these are things that I tend to protect.

The moral to this story --- and every story about "privacy" and cellphones --- is these device can be used to track your movement and activity. There's no such thing as privacy when using any cellphone unless you take extraordinary steps to rotate through burner phones that can't be tied back to you personally.
posted by birdherder at 11:21 AM on April 20, 2011

That was not my point, muddgirl. The suspicious girlfriend was just an example. (However, if you know a way to make logic and sence have any usefulness in dealing with such people, I would be greatful if you shared).
The point is, if I paid (and I sure as hell have not) several hundred dollars for some stupid ass toy, last thing I want is for it to create problems for me. Yes' it's possible for me to take my fuming significant other (or a cop) to Starbucks or work and make a fool of myself, but why the hell would I want to?
Here's another example: you're interviewing for a job and are asked whether you're also applying at a competitor's firm. You are not and state so. But your phone record mistakenly places you in a pretty close vicinity of their firm. The people you've intervirewd with make the assumption that you've lied, pass you on, but don't give you the specific reason why. Is your barista going to be of much help?
And, more globally, why would you want the extra problems?
posted by c13 at 11:23 AM on April 20, 2011

So how easy is it for people wanting to track you (supposing they're willing to do it illegally and know a bit about doing such things on computers) to get access to your locations by your phone?

If these people have no official recourse, they would probably need to steal your phone, or at least have access to it for a while, to get hold of the file. It is also on the computer you sync with, so someone with access to that could also get hold of it. Of course, as has been said, someone with lengthy access to either of these things could pretty easily find out more about you than roughly where you have been. However, this would be a very easy, quick way to get a dump of your approximate physical location going back to June 2010 for someone who knew where to look.

If law enforcement is able to remove information from your phone without your knowledge or permission, or even with your knowledge but without your permission, physically or remotely, then it will be far easier to get hold of this data than through subpoenas to telecommunications service providers.

Incidentally, if you're interested in location-based data and its implications, o'Reilly's Where 2.0 is on and live streaming at the moment.
posted by running order squabble fest at 11:28 AM on April 20, 2011 [1 favorite]

It is really strange how everyone affected by this paid for the privilege.

My Verizon bill is paying for my own tracking and monitoring, and the tracking and monitoring of others.
posted by fake at 11:30 AM on April 20, 2011

(However, if you know a way to make logic and sence have any usefulness in dealing with such people, I would be greatful if you shared).

Yes, this is it exactly. Logic and sense have no usefulness with such people. They are looking for an excuse to be pissed off. If this data file didn't exist, then it would be a text message or a photo or a wrong number.

Now that you know this file exists, I hope you are taking steps to protect yourself from abuse, the way you already do with everything else. I hope you will start deleting this file the way you delete "incriminating" text messages, or the way you routinely scrub your phone memory.

Here's another example: you're interviewing for a job and are asked whether you're also applying at a competitor's firm. You are not and state so. But your phone record mistakenly places you in a pretty close vicinity of their firm. The people you've intervirewd with make the assumption that you've lied, pass you on, but don't give you the specific reason why. Is your barista going to be of much help?

Why would the people you've interviewed with ever have access to this file? Again, it is only stored on a local machine, just like the phone records which would show that you made several calls to a competing firm.
posted by muddgirl at 11:34 AM on April 20, 2011 [2 favorites]

Here's another example: you're interviewing for a job and are asked whether you're also applying at a competitor's firm. You are not and state so. But your phone record mistakenly places you in a pretty close vicinity of their firm. The people you've intervirewd with make the assumption that you've lied, pass you on, but don't give you the specific reason why.

How would this hypothetical employer get access to your phone's file with your whereabouts? Did you hand over your phone to them during the interview process? It isn't like they can grab the file wirelessly from you while you're waiting in the lobby.
posted by birdherder at 11:34 AM on April 20, 2011

Both are bad but this is worse. In the case of the German politician, to get access to the data he had to file suit against Deutsch Telekom to get around the relevant privacy legislation (he based it on being an MP, and so it was in effect a 'freedom of information' request).. In contrast, this info is unencrypted by default, available to anyone who gets access to your computer.

With the added benefit of being able to just get it from Apple, since it's part of the massive data dump sent out every morning.
posted by kafziel at 11:37 AM on April 20, 2011

At present, it seems the only way to get to this file is by having physical access to the iPhone or one's backup on their computer. Both of these are things that I tend to protect.

Any app installed on the iphone has access to the file too - and there's no logging of who or what has accessed it. This has been the case since June 2010. Plus, we don't know whether Apple are retrieving the data themselves or not. There's no evidence they are - but there's no evidence they're not, either. It's not like it takes long to get it off, either - ever leave your phone unattended for a few minutes? Better make sure you always keep it in your pocket.

If you wipe your iPhone, it puts it straight back on there as soon as you resync with iTunes, as it's stored there. Even if Apple aren't getting the iPhone or iPad to serve it up directly, there's absolutely no way of knowing whether they pull it out of iTunes at this point. They've certainly given themselves carte blanche to do what they want with it in the T&C.

Also, who are they sharing with? Who are the apps installed on your phone sharing it with? You don't know. Because Apple are keeping schtum.

Also - are we seriously going with the 'if you've done nothing wrong, you've nothing to fear' defence of this?
posted by ArkhanJG at 11:40 AM on April 20, 2011

Your inability to imagine a scenario in which this data might be

a. shared privately
b. distributed publicly
c. uploaded somewhere by the device
d. used against you
e. used against your children or family years from now

is telling. For years, people have had data (think geneaology records, for one) used against them long after the time and place of collection. Data isn't collected because it is useless, and arguing otherwise is disingenuous.
posted by fake at 11:40 AM on April 20, 2011 [2 favorites]

Both are bad but this is worse

I disagree, mainly because:

1. If you encrypt your phone, the location data are encrypted, as well.
2. Anyone who has physical access to your (unencrypted) computer can get to a much wider array of personal data.

These are known issues and solutions, I think. That these location data are collected without user notification is a serious privacy concern, but there's no evidence, yet, that the data make their way to Apple or other third-party servers.

I'll state again that this is a serious privacy concern, while stating my opinion that the Stalin comments and similar seem mostly agenda-driven, in the larger context of what telecoms do on behalf of governments across the world, with and without subpoenas.
posted by Blazecock Pileon at 11:41 AM on April 20, 2011

I'm not clear on how either of those factors make this a better scenario than the Deustch Telekom one, as you suggest.
posted by modernnomad at 11:44 AM on April 20, 2011

ever leave your phone unattended for a few minutes?

What? No, do not do this. Come on, it shouldn't take an screw-up on Apple's part to teach us not to leave our belongings unattended.

If you wipe your iPhone, it puts it straight back on there as soon as you resync with iTunes, as it's stored there.

iTunes isn't some sort of cloud storage, is it? If you delete the file on your computer, can it still re-sync it to your iPhone?
posted by muddgirl at 11:45 AM on April 20, 2011

Any app installed on the iphone has access to the file too - and there's no logging of who or what has accessed it.

Are you sure? AFAIK, the iPhone sandboxes apps' filesystem access to their own subdirectories, which is why apps can't share documents, even if they both use, say, PDF files.
posted by acb at 11:46 AM on April 20, 2011

I'm not clear on how either of those factors make this a better scenario than the Deustch Telekom one, as you suggest.

Mainly because you have some solutions at hand. Here, you have the physical devices and data in your hand and can apply some measure of protection, unlike the example with DT, or AT&T and Verizon, where a telecom keeps the data and hands it over to the government upon request.
posted by Blazecock Pileon at 11:46 AM on April 20, 2011

Plus, we don't know whether Apple are retrieving the data themselves or not. There's no evidence they are - but there's no evidence they're not, either.

there's no evidence, yet, that the data make their way to Apple or other third-party servers.

Yes, we do, and yes, there is.
posted by kafziel at 11:48 AM on April 20, 2011

Her first reaction: "Ooh, I can see where my son's going."

Actually worse. You can see where your son has been. There's a semi-legitimate reason to want to know where your children are going; but after they've been? No thanks, Mom.
posted by mrgrimm at 11:49 AM on April 20, 2011

Yes, we do, and yes, there is.

According to the security folks who discovered this, there is no evidence, as yet, that Apple is retrieving these data from your phone.
posted by Blazecock Pileon at 11:51 AM on April 20, 2011 [1 favorite]

These are known issues and solutions, I think.

This particular issue was not known until today. And personally, I dont't want a fucking solution. I want the issue to not exist in the first place.
posted by c13 at 11:51 AM on April 20, 2011

I want a pony.
posted by entropicamericana at 11:52 AM on April 20, 2011 [1 favorite]

Just yesterday you've had no clue that your favorite cell phone maker has a secret file on your phone with all your geolocation data.

Personally, I use Virgin Mobile, who for all I know is collecting GPS information about my every movement and Tweeting it with links to my Facebook page.

Jesus christ, it's like hey, it's just an apartment next door that's on fire, we dont't have anything to wotty about!

Who said it's "nothing to worry about?" I'm probably the least worried person here, and I never said that. In fact, I said that Apple should either have disclosed it or never produced it in the first place, which seems to be exactly what you are saying.
posted by muddgirl at 11:55 AM on April 20, 2011

The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
posted by modernnomad at 11:55 AM on April 20, 2011

As long as it doesn't report where I'm going to go next, I'm good with it.
posted by vverse23 at 11:55 AM on April 20, 2011

Any app installed on the iphone has access to the file too - and there's no logging of who or what has accessed it. This has been the case since June 2010. Plus, we don't know whether Apple are retrieving the data themselves or not. There's no evidence they are - but there's no evidence they're not, either. .

Sure, Apple could be looking the file each day. Or they could not be. Sure, Angry Birds could be uploading this data weekly for some nefarious purpose.

It's not like it takes long to get it off, either - ever leave your phone unattended for a few minutes? Better make sure you always keep it in your pocket.

Yes, since having phones stolen from me 10+ years ago, I don't leave them unattended. Ever. Of the things I worry about day to day is someone stealing my phone for a quick buck. Way down the list is someone stealing the phone to get this file. Again, the coppers can get the same information from my carrier by just telling a judge "we think he's a terrorist" faster than it would take to copy the files.

If you wipe your iPhone, it puts it straight back on there as soon as you resync with iTunes, as it's stored there. Even if Apple aren't getting the iPhone or iPad to serve it up directly, there's absolutely no way of knowing whether they pull it out of iTunes at this point. They've certainly given themselves carte blanche to do what they want with it in the T&C.

If you wipe and restore to the last backup, the location data is still there. That's a feature. But if you wipe and start over from scratch, the file will not be there (although it will start collecting data from scratch).

Also, who are they sharing with? Who are the apps installed on your phone sharing it with? You don't know. Because Apple are keeping schtum.

Apple could be sharing this information with a cabal of evildoers from across the galaxy. But it probably is not. A little paranoia is fine, but really when Apple says it may share anonymous user data at the aggregate level, it is easier to believe than some sort of conspiracy.

Also - are we seriously going with the 'if you've done nothing wrong, you've nothing to fear' defence of this?

I don't. Buit I also don't pretend that my cellphone use was ever private in the first place. If I was doing wrong things, I'd be more careful than to keep any evidence on my phone.
posted by birdherder at 11:56 AM on April 20, 2011 [1 favorite]

According to the security folks who discovered this, there is no evidence, as yet, that Apple is retrieving these data from your phone.

Yes they are, they admitted to Congress that they do, anonymously though. Same as google, except google lets you opt out.
posted by zabuni at 11:57 AM on April 20, 2011 [1 favorite]

I can't tell whether you guys are naive or shortsighted. Just yesterday you've had no clue that your favorite cell phone maker has a secret file on your phone with all your geolocation data. What other things do you not know about? Are you sure there isn't or won't be an app to get this data off your phone wirelessly?
Jesus christ, it's like hey, it's just an apartment next door that's on fire, we dont't have anything to wotty about!

Apple seems to take its time responding to this sort of thing, so I'm giving them time to do so. Yes, it's troubling, but it doesn't seem to be that huge of a deal at this point. But like Matt's posting of the map where's been, it's kinda "meh" at this point.

Overall though, I'm not strongly bothered because this is the way things are doing, data about everything being swapped and shared, to the point where it'll be able to passively track the entire population at some point. That's a given. It's the question of what's done with that information that matters the most, not that it's happening.

This isn't an excuse of Apple, but an attitude of wait and see what the explanation is. Yes, I'd be more worried/annoyed if it was Google, just because they seem to have stronger monetary reason to sell, giveaway or use such data.

The more fundamental problem is that Apple are collecting this information at all.

No, it's not, the big problem is how easy it is to get to it and that the general user doesn't know it's available.

I want a pony.

Wait 'till dinner.
posted by Brandon Blatcher at 11:58 AM on April 20, 2011 [1 favorite]

I want a pony.

And if you pay for a pony, I'm sure you would pick one without "issues" to which you have to buy " solutions", not some lame and retarded one.
posted by c13 at 11:59 AM on April 20, 2011

Or I'd start a pony rescue organization for the physically and mentally challenged ponies who are unloved by other Mefites...

Oh, were "lame" and "retarded" supposed to be perjoratives?
posted by muddgirl at 12:05 PM on April 20, 2011

Yes, I'd be more worried/annoyed if it was Google, just because they seem to have stronger monetary reason to sell, giveaway or use such data.

Google does the same thing, they just don't keep it in an easily readable file. It's some fallout from the whole Google Wifi stuff. They grab location data plus Wifi signal strength to allow phones to triangulate themselves when they don't have good signal strength from the GPS satellites.
posted by zabuni at 12:10 PM on April 20, 2011

Brandon Blatcher, the app that Matt uses has been deliberately degraded, as pointed out several times upthread. The actual data is much better.
As far as being able to track entire populations in real time, you may want to google Main Core and Simulex Inc.’s Synthetic Environments for Analysis and Simulation system.
But I disagree with you on the fact that this is " given". We give them all that info ourselves. Looks like a lot of people are ok with it, I think that's why they are pretty meh abut this whole iphone thing.

Muddgirl, you can do whatever you like, I would just want to ride my healthy paid for pony. The association of lame and retarded ponies and ACLU can bite me.
posted by c13 at 12:17 PM on April 20, 2011

the app that Matt uses has been deliberately degraded,

(well, to be more precise, it's still degraded to a day long bucket, but I believe I have the latitude and longitude degrader removed.)

posted by muddgirl at 12:19 PM on April 20, 2011

Ugh. Get off my side, c13.
posted by kmz at 12:22 PM on April 20, 2011

"Belive" is the operative word here...
posted by c13 at 12:25 PM on April 20, 2011

Oh one more thing for people keep talking about the cell phone companies already having this data, at least in the United States, the courts have been pretty good at recognizing that getting data from the phone company is a search. That means there needs to be some cause and some reason to get it. But the courts have been horrid about understanding the same is true of personal electronics.
posted by aspo at 12:25 PM on April 20, 2011

I'm sure you would pick one without "issues" to which you have to buy " solutions"

You can encrypt your iPhone and any synced devices for free. Nothing to buy, unless you want to pay for third-party options.
posted by Blazecock Pileon at 12:26 PM on April 20, 2011

"Belive" is the operative word here...

It's a program designed to access a database - there shouldn't be a lot of obfuscation. You can examine it yourself and verify whether or not you trust that the data has been properly un-degraded.

I would hope that one productive end to this press release is a greater understanding of the technical issues behind geo-location, databases, and computer backups.
posted by muddgirl at 12:32 PM on April 20, 2011

FWIW I emailed the app authors about the Vegas thing, and got this in response:

"That is quite interesting. My data also shows that I've been in Las vegas, and I've never been there at all. Actually a couple of people have mentioned that they're showing up in Las Vegas... hmm!

-Al."

So that's even weirder. Perhaps at night when we are sleeping the iPhones occasionally transform into tiny jets and fly off to Vegas to meet their comrades for evenings of debauchery. I can think of no other logical explanation.
posted by caution live frogs at 12:33 PM on April 20, 2011 [3 favorites]

Looks like their policy is, "What app is in Vegas, stays in Vegas."
posted by George Clooney at 12:37 PM on April 20, 2011 [3 favorites]

Brian X Chen of Wired reports on the iPhone location tracking issue here, and also mentions the Deutsche Telecom case (where, it's worth noting, the subject had to go to court to get access to his own information).
posted by running order squabble fest at 12:37 PM on April 20, 2011

Of course you would want to buy a third party software. Hoping that it has a smaller backdoor than what comes preinstalled.
I personally can live a few hours without internet and Angry Birds, so I carry a motorolla F3. But I do like Apple products and this thing worries me.
posted by c13 at 12:38 PM on April 20, 2011

Has anyone mentioned how cool this app is? I made a few little maps including my home territory and two days that I spent in Regina SK where I am fairly certain I didn't use my cell phone at all [had it in airplane mode with all the data turned off in fact because who wants to pay Rogers all that money]. I'm still trying to figure out why it was even pinging the towers at all.
posted by jessamyn at 12:40 PM on April 20, 2011 [3 favorites]

I'm another person with Las Vegas inexplicably in my backup. I assumed I had been there on a layover, but no, it shows me all over town.

Privacy issues notwithstanding, I would love to get a non-degraded version of this app. I want to see myself moving around on a map!
posted by danny the boy at 12:42 PM on April 20, 2011

Of course you would want to buy a third party software. Hoping that it has a smaller backdoor than what comes preinstalled.

I wonder if you'd be happy with any solution, free or otherwise. Anyway, in the real world, privacy of manner of data is an issue for which some measure of technological and legislative solutions exist. As far as the tech goes, this is not much different.
posted by Blazecock Pileon at 12:42 PM on April 20, 2011

They grab location data plus Wifi signal strength to allow phones to triangulate themselves when they don't have good signal strength from the GPS satellites.

Do they do so at all times, without user knowledge or permission, without GPS-reliant programs running, and keep a perpetual log file of all data gathered this way, which is backed up both locally and remotely?

Because if not, this isn't comparable.
posted by kafziel at 12:44 PM on April 20, 2011

> I'm still trying to figure out why it was even pinging the towers at all.

As long as it's powered up, it wants to know where the nearest towers are, because even if you're not calling out or using network services, you're not preventing it from taking calls or being used to place a 911 call. I remember first reading about cellphones being trackable circa 2000 or so -- the mechanics (in broad strokes) isn't the news, as much as the discovery that Apple's phones are storing the data in an easily accessible, readable format.
posted by ardgedee at 12:47 PM on April 20, 2011

At this point, I suspect the Vegas thing may be a problem with how the program is interpreting the database information?
posted by muddgirl at 12:48 PM on April 20, 2011

Maybe the Vegas stuff is from dummy data that is preloaded? My map looks a lot like the way CLF described his. Or maybe we got the same batch of phones that were turned on in Vegas for some reason.
posted by danny the boy at 12:55 PM on April 20, 2011

On a sidebar, anyone ready to step up to the plate and fight Apple's corner, to mix sporting metaphors, could really earn their stripes on this one. Some possible approaches include:

1) Everybody does this, and if you are remotely shocked by it you are showing your ignorance of modern technology.
2) Nobody who has used or been tempted to use Google Latitude, foursquare or Facebook Places has any right to criticise Apple for offering a service for free that other companies aim to make money from.
3) These criticisms are driven by personal animosity and envy of Apple executives and owners of Apple products.
posted by running order squabble fest at 12:56 PM on April 20, 2011 [1 favorite]

Me personally? Like I said before, solution is not the point. This is a completely artificial, manufactured problem. The tracking software didn't just magically appear out of nowhere. So looking for a solution is missing the point. I don't want to have these problems to begin with. That's why I declined a free (to me) iphone several times. That's also why the only way to contact me on the net is through a 1995 hotmail account.
posted by c13 at 12:59 PM on April 20, 2011

That's also why the only way to contact me on the net is through a 1995 hotmail account.

Do you have any idea how insecure that it is?! Any paranoiac worth his salt runs his own mail server!
posted by entropicamericana at 1:04 PM on April 20, 2011 [1 favorite]

Good thing Apple has been holding on to iTime technology, so they can go back in time and fix the problems that c13 doesn't want them to solve, before they start.

That's also why the only way to contact me on the net is through a 1995 hotmail account.

I begin to suspect that you're engaging in a bit of performance art. Why do you trust Microsoft (owners of Hotmail) any more than Google or Apple?
posted by muddgirl at 1:05 PM on April 20, 2011

Any app installed on the iphone has access to the file too - and there's no logging of who or what has accessed it.

Are you sure? AFAIK, the iPhone sandboxes apps' filesystem access to their own subdirectories, which is why apps can't share documents, even if they both use, say, PDF files.

No, you're right. I apologise for the misleading info.

After further reading;
any app on the computer with itunes on it has easy access to the file, unless you use encryption. If the phone is jailbroken, the file is easily accessible, including potentially by other apps on the iphone. But general apps on a non-jailbroken iphone cannot access it. Apple themselves can of course, but there's no evidence whether they do or don't, other than the T&C which gives them permission to do so if they wish.

As far as android/google goes; similiar info (nearby cell towers, long/lat, nearby wifi points) is used for current location when GPS is turned off. Only apps that have requested and been granted access gain that current location data (same as the iphone); such as weather services. However, there is no device-stored log on android. Nor is that information given to google services, such as google search, without again asking for permission - default is off.
posted by ArkhanJG at 1:06 PM on April 20, 2011

Has anyone mentioned how cool this app is?

I often think about people's paths through space and time, and I've always wanted to see them superimposed on a map, as a squiggly line. This does that thing, so I was pretty impressed by the visualization of the data, for sure. I'd love to see two people's timelines animated and superimposed on the same map, because that's another thing I'd love to see visualized -- the chance meetings in space and time as two people's paths converge. For instance, my wife and I were both at a David Bowie concert across an arena from one another in the 80's, and we were both at Billy Idol at Club Foot, a few weeks/months before or after that. We didn't actually meet for another 15 years. It's a tantalizing thought process to see mapped out - how close were we over the years? What about that random stranger at the store? Will your paths only converge in space and time exactly once?

I wish the data were opt-in, and that it wasn't instantly downloadable by cops I might not be able to trust, but the underlying data itself is very cool in a nerd way.
posted by Devils Rancher at 1:09 PM on April 20, 2011 [1 favorite]

in the real world, privacy of manner of data is an issue for which some measure of technological and legislative solutions exist

Not to beat a dead horse, this is precisely what bothers me. Some fucker at one place stands to gain from creating a privacy problem for me. Then some other fucker gains by offering me a technologicak solution to this " problem". Another one gains by creating more laws and playing politics. Someone else gains by enforcing the new laws. All the while all I wanted to do is to make fucking phone calls.
And guys, I'm pretty aware what a hotmail account represents. I get about a 1000 pieces of spam daily, that's with a filter. There is no sensitive info about me at all.
posted by c13 at 1:12 PM on April 20, 2011

Ahem... thechnologicaL.. My spellchecker is also from 1995...
posted by c13 at 1:13 PM on April 20, 2011

A phone is just giving you a solution to a problem you didn't originally have. I just talk to people in person.
posted by muddgirl at 1:15 PM on April 20, 2011

I don't talk to people, I just play Angry Birds.
posted by Brandon Blatcher at 1:21 PM on April 20, 2011

And now the greedy pigs know exactly where to find you.

I wish the data were opt-in, and that it wasn't instantly downloadable by cops I might not be able to trust, but the underlying data itself is very cool in a nerd way.

The underlying data is very easy to provide - you're carrying something with a GPS tracker and an Internet connection. It would pretty easy, for example, to use a MapMyRun mobile app to map everywhere you went, or to have a script that posted your coordinates to a Twitter account every five minutes which you could them put onto a map using, say, Metacarta. People who check in on foursquare or Facebook Places or Latitude or Gowalla (or various other services) are basically doing this, except they are curating what they record about their whereabouts. Once you have the data in some form, it would be again not impossible to interrogate, present it, or to aggregate it with others to see, for example, who was in or near Madison Square Gardens at the time of a concert.

In a specific and crude way, this is the sort of thing Jer Thorp did with "Just Landed"- extrapolated locations from the words people used in their tweets, plotted them on Metacarta and used that to map travel (in a high-level and abstract way).

The issue here is purely about people's knowledge that their hardware provider was storing data, the security of that data and what might be done with it. If you want to get the data for yourself, that's perfectly possible, and you can then decide how to store it and with whom to share it.
posted by running order squabble fest at 1:39 PM on April 20, 2011 [1 favorite]

Well, the "how accurate is it" thing is pretty straightforward - grab the samples out of the database yourself and plot them. Is there an easy way to throw a mess of latitudes and longitudes at google maps, say, and see what gets plotted? Picking a time frame is a matter of simple sql bashing (although I haven't the time right now), and I know google accepts lat/long as inputs. But I'm fairly confident about the data you see in the app if you remove their fuzzer - the loop is pretty clear. Make precision=1 and you get one solitary dot. The larger that number gets, the finer the mesh until you're as near 1:1 with reality as is recorded. Or you just bypass it entirely. But I wouldn't mind some outside confirmation.
posted by Kyol at 1:43 PM on April 20, 2011 [1 favorite]

I don't talk to people, I just play Angry Birds.

I communicate via an elaborate semaphore composed of subtleties in how I launch myself into them via a giant slingshot.
posted by kmz at 1:45 PM on April 20, 2011

That's it, my iPhone's going straight into the incinerator.

WAKE UP SHEEPLE! THEY LIVE, WE SLEEP!
posted by acb at 1:49 PM on April 20, 2011

Can I easily sync an iPhone to any computer in the world, or is it like how iPods used to be - really effin' difficult to sync it to more than one copy of iTunes at a time? (which made iPod deejaying a lot harder than it should have been).

I'm pretty sure that, like with all Apple satellite devices, the iPhone will only sync with a designated iteration of iTunes. iPods still work this way.

FWIW, you don't have to sync an iPod when you plug it into a computer, and you can still use the iTunes interface to access the files on that iPod. The sync that starts automatically can be aborted and then you just use the iPod while plugged in.
posted by hippybear at 1:51 PM on April 20, 2011

Can I easily sync an iPhone to any computer in the world, or is it like how iPods used to be - really effin' difficult to sync it to more than one copy of iTunes at a time? (which made iPod deejaying a lot harder than it should have been).

Like iPods, iPhones want to be synced only to one computer at a time. Especially w/r/t music and video. I sync my iPhone to two Macs. One for music/video and the other to photos. (I do this because I keep my photos on my MacBookPro and my huge music/movie collection on another Mac.) By default, the iPhone wants to erase the music and videos when I plug it into what it thinks is the "wrong" device. A lot of time it "just works" and a few times it will want to delete the files and copy whatever files are on the computer it is plugged into. The phone does make backups (including this location datafile discussed today) to both.
posted by birdherder at 1:55 PM on April 20, 2011

On one hand, it's an at best negligent disregard for privacy which is typical of the modern panopticon. On the other hand, now I might be able to find those keys I dropped.
posted by reynir at 2:10 PM on April 20, 2011

This seems easy to resolve. Apple should explain the purpose of the recorded data (and the purpose of making it easier to read in iOS 4.0) and update their privacy policy.
posted by RobotVoodooPower at 2:14 PM on April 20, 2011

So here's a question for you: Is my iPhone 4 refurbished? Because let me tell you, I bought it new. But the location data for the week I bought it clearly shows it in Las Vegas.

This is a bit off topic, but an AT&T store here in DC sold me as new an iPhone that had been used for something like an hour of talk time, according to the Settings/General/Usage screen.
posted by exogenous at 2:21 PM on April 20, 2011

Apple should explain the purpose of the recorded data (and the purpose of making it easier to read in iOS 4.0) and update their privacy policy.

Agreed.

To solve this across the board, I'd also argue that the US government should have tougher privacy laws that apply equally to Google, Facebook and all the other major tech companies who collect our data.

It probably won't stop the Verizons and AT&Ts from handing over our private lives without warrants, but it might be a start to gradual improvements.
posted by Blazecock Pileon at 2:32 PM on April 20, 2011 [1 favorite]

So here's a question for you: Is my iPhone 4 refurbished? Because let me tell you, I bought it new. But the location data for the week I bought it clearly shows it in Las Vegas.

This is a bit off topic, but an AT&T store here in DC sold me as new an iPhone that had been used for something like an hour of talk time, according to the Settings/General/Usage screen.

I've only bought new iPhones or had replacement refurbished units directly from the Apple Store and have never had other data/usage info on any device.

Having data, even on a refurb, is unusual. The random Vegas data is disconcerting since it meant the phone was active outside a store as if ATT took a return and put new shrink wrap on it and sold it as new again, or an employee took it out for a spin. Usually the replacements you get with from Apple for dead pixels are of officially refurbed. But if you restored from a backup, it would have copied the Vegas data from the original phone. If you got a brand new phone and restored from a backup this afternoon, it would have the same Vegas data on it because iOS 4's backups carry this location file from device to device.

I'm not certain what Apple or ATT would do address your concern they sold you a used iPhone for the full price. And, like I said, even if you did get a brand new phone today, it would carry the same location file unless you set it up as a brand new phone and re-added apps and media. This would mean you'd lose older voicemails and SMS, passwords for wifi and cookies for websites. It wouldn't stop the iPhone from recording a new location file.
posted by birdherder at 2:35 PM on April 20, 2011

So, the viewer was neat, though due to a dud phone it missed out on my recent SE Asia trip. It certainly remembers the wine tour last year.

That done, how do I delete this file from my phone?
posted by pompomtom at 3:04 PM on April 20, 2011

Where would this database be stored for an iTunes user on a Windows machine? Also, has anyone compiled the source code of the app to run under Windows?
posted by IanMorr at 3:05 PM on April 20, 2011

Privacy, and the possibility of privacy, is eroding rapidly. It's incredibly difficult to keep data secure. For everybody who thinks it's no big deal, fine, but I prefer not to have my life so open. It amazes me what data people will give up, and for how little in return (i.e., Farmville).

I would guess that geo-location tools use more than 1 tower, so have a pretty good location to record.

Now I want to market a faraday cage mobile sack, for when you don't want to be located.
posted by theora55 at 3:14 PM on April 20, 2011

But the location data for the week I bought it clearly shows it in Las Vegas.

Well, that's between you and the police, yes?
posted by sebastienbailard at 3:39 PM on April 20, 2011

Assuming you get pulled over.
posted by sebastienbailard at 3:42 PM on April 20, 2011

Al Franken has nine questions for Apple
posted by bonehead at 3:43 PM on April 20, 2011 [1 favorite]

theora55: "Privacy, and the possibility of privacy, is eroding rapidly. It's incredibly difficult to keep data secure. For everybody who thinks it's no big deal, fine, but I prefer not to have my life so open. It amazes me what data people will give up, and for how little in return (i.e., Farmville)."

I get the feeling that this is something people over 30 worry about. For everyone younger than that, they've grown up in a culture that is not only ok with that exchange, but enthusiastic about it. And not because they don't value their privacy, but because (I suspect):

- they now fully expect 'smart' experiences
- they're capable of imagining much better returns than "Farmville"*
- they know it's futile to expect privacy unless they actively manage it

* Your mom plays Farmville, not your niece.

I have no idea what 'privacy' will look like in 10 years, but I know it's not going to be simply about having more or having less than we do now. It's going to mean something entirely different.

I'm reminded of a Grandpa Simpson quote:
"I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and wierd. It'll happen to YOOOOOU."
posted by danny the boy at 3:45 PM on April 20, 2011 [3 favorites]

theora55: "Now I want to market a faraday cage mobile sack, for when you don't want to be located."

Also, you'd be late to the party but maybe you could design a more stylish sack.
posted by danny the boy at 3:47 PM on April 20, 2011

If the phone is tracking tower data even when it's powered off, is it possible the Las Vegas data is related to a shipping stopover? To and from a warehouse maybe?
posted by stopgap at 3:54 PM on April 20, 2011

If the phone is tracking tower data even when it's powered off, is it possible the Las Vegas data is related to a shipping stopover? To and from a warehouse maybe?

Does QA involve driving it all over the Las Vegas suburbs? Because the location data is spread around along a couple of highways outside of town, near an Air Force base, with the biggest dot centered on a residential neighborhood. If it were in a spot I could say relates to some AT&T or Apple testing area, maybe. But it isn't.
posted by kafziel at 3:57 PM on April 20, 2011

If the phone is tracking tower data even when it's powered off, is it possible the Las Vegas data is related to a shipping stopover? To and from a warehouse maybe?

I've never seen anything to suggest an iPhone that is off is not connecting to anything and that it is actually off. If cell phones regularly used its radio when it was off, there'd be a bigger stink than this.
posted by birdherder at 4:02 PM on April 20, 2011

Senator [Al Franker] questions Apple over iPhone tracking
posted by nostrada at 4:45 PM on April 20, 2011

^ Franken
posted by nostrada at 4:46 PM on April 20, 2011

For everyone younger than that, they've grown up in a culture that is not only ok with that exchange, but enthusiastic about it.

Whoa whoa whoa, speak for yourself there, buddy. I'm under 30 and still hate the whole "everything must be smart and connected to Facebook at all times" thing. Even for people who have accepted this state of affairs as "the way it is" aren't necessarily enthusiastic about the whole thing.

I have to say, I think it's interesting how the burden of proof is assigned in these discussions - apparently since "everyone under 30" is all hipster-blase about privacy issues, the burden of proof now falls on those who are for some strange reason opposed to having their movements constantly tracked and recorded. In my perfect world, it would be up to those who think that the benefits outweigh the costs to argue in favor of that tracking. I mean, obviously they need to know where you are to send you a message, but why do they need to keep a meticulous record of every time you so much as ping a tower, much less keep that log file on your phone?
posted by dialetheia at 4:56 PM on April 20, 2011 [2 favorites]

I've never seen anything to suggest an iPhone that is off is not connecting to anything and that it is actually off. If cell phones regularly used its radio when it was off, there'd be a bigger stink than this.

Me neither. I was referring to jessamyn's comment above:

and two days that I spent in Regina SK where I am fairly certain I didn't use my cell phone at all [had it in airplane mode with all the data turned off in fact because who wants to pay Rogers all that money]. I'm still trying to figure out why it was even pinging the towers at all.

posted by stopgap at 5:52 PM on April 20, 2011

The application won't work with my version of OS X, but it offers no specifications on their page.

I run 10.5.8. Are other people experiencing this problem?
posted by rollbiz at 7:40 PM on April 20, 2011

For everyone younger than that, they've grown up in a culture that is not only ok with that exchange, but enthusiastic about it.

I disagree. I'm under 30, and I'm not happy about privacy intrusive practices like this. I'm also a privacy policy specialist, and I can tell you that our office is very young, demographically speaking.

Young people may be happy to disclose private details, but they want to do it willingly. They want to exercise the choice. There's a few (Australian) polls showing that young people don't want to be tracked without their knowledge, and are generally quite concerned with privacy.
posted by His thoughts were red thoughts at 7:51 PM on April 20, 2011 [1 favorite]

Here's a recent privacy survey commissioned by Australian TV show Hungry Beast, that's on point.
posted by His thoughts were red thoughts at 8:18 PM on April 20, 2011

For example, one finding we've had is that we can combine lots of people's location trails and predict likely privacy preferences (PDF). The idea is to differentiate between "private" and "public" places, and we found a pretty good correlation to location sharing preferences.

We spied on you a little, and you acted like the kind of person who didn't like being spied on. So we kept doing it.

How do we know what those kind of people look liked?

Simple, we just spied on a wide swath of people, then checked to see what their privacy settings actually were!

My research group's actually been doing a lot of studies on location trails and location-based services. While I fully acknowledge the creepiness factor, having a lot of data like this would be really useful in understanding human behavior and real-world social networks at scale.

Putting cameras in people's houses would provide a lot of data for anthropologists too!

---

Also the bigger problem here is that anyone who can get your phone can get this data, meaning this would be a huge boon to jealous boyfriends/girlfriends. If it's being done by the telcos, at least random people you meet can't get the data.
posted by delmoi at 12:12 AM on April 21, 2011

For everyone younger than that, they've grown up in a culture that is not only ok with that exchange, but enthusiastic about it. And not because they don't value their privacy, but because (I suspect):

A lot of people simply don't realize that the data is being shared everywhere. They think the pictures they post to FB are only going to their friends and don't realize they're being databased everywhere.

Kids, regardless of the date, I think are less concerned about long-term embarrassment.
posted by delmoi at 12:13 AM on April 21, 2011

jessamyn: "I'm still trying to figure out why it was even pinging the towers at all."

It doesn't have to ping the towers to be able to listen to them, which is all it needs to get the tower ID. Presumably Airplace Mode doesn't actually turn off the radio, it just stops it from ever transmitting.
posted by pharm at 1:54 AM on April 21, 2011

Kids, regardless of the date, I think are less concerned about long-term embarrassment.

That's because they're aware that the people they'll be competing for jobs and such against will typically have just as many goofy photos online. In fact, not having a photo of yourself shotgunning a beer bong or making a face at a cameraphone in a bar or whatever could be even more incriminating; the impression that your history is pristinely clean, well-scrubbed even, sounds more creepy than the suggestion that you have been known to let your hair down with friends.
posted by acb at 3:07 AM on April 21, 2011

I'm looking forward to the jailbreak app that writes random location data into this file.

For jailbroken iPhones, there's now a small package available via Cydia and called untrackerd that runs in the background of the iPhone and periodically wipes the consolidated.db file for you.
posted by dreamyshade at 3:28 AM on April 21, 2011

Still no comment from Apple? Huh. Well, I suppose it's only been a day, and they're a huge, clunky company in the internet age, so it's probably too much to expect them to be on top of stuff like this right away or anything.
posted by mediareport at 5:35 AM on April 21, 2011

We are about due for a pithy Steve email remark like "who cares?" though.
posted by smackfu at 6:40 AM on April 21, 2011 [1 favorite]

Perhaps we'll find they've given us freedom from freedom.
posted by Devils Rancher at 6:44 AM on April 21, 2011

They hate us for our freedom from freedom.

No, wait... what?
posted by flapjax at midnite at 6:50 AM on April 21, 2011

Apple doesn't seem to have come up with a solution yet, but someone has. For those with jailbroken phones, you can erase the file with this app.
posted by modernnomad at 6:53 AM on April 21, 2011

I clearly remember seeing an article about this yesterday that I can't find today. It pointed to a 2008 terms and conditions update that described this feature and also how to disable it (which I think was just turning off location services in general settings). Anyone else see that?
posted by scottreynen at 7:00 AM on April 21, 2011

The trick is that the population was convinced that you have to have your cell phone with you at all times. The world got on just fine without being within arm's reach of the phone for a long time.

No, we just took along change so we could you use the payphone that was on every fucking corner.

In a just world, it's really simple: No one is entitled to my personal information for any reason without my express consent, period. Some boilerplate weasel-worded EULA doesn't cut it.
posted by Benny Andajetz at 7:01 AM on April 21, 2011 [1 favorite]

3 Major Issues with the Latest iPhone Tracking “Discovery”

Personally, I'd call it "Two Major Issues with the Latest iPhone Tracking Discovery and One Demand for Recognition for Calling Attention To It First", but it actually is a very good post and worth reading if you're inclined to care about what's going on in your iPhone.
posted by ardgedee at 8:16 AM on April 21, 2011 [1 favorite]

and One Demand for Recognition for Calling Attention To It First

Well honestly, he's apparently written a book chapter on it.
posted by muddgirl at 8:47 AM on April 21, 2011

China Is Apple's Fastest Growing Market for IPhone
posted by homunculus at 11:18 AM on April 21, 2011

So Android does exactly the same.

What was that about 10 seconds, DU?
posted by bonaldi at 11:52 AM on April 21, 2011 [1 favorite]

So Android does exactly the same.

Holy shitsnacks. Can't wait for the Metafilter outrage brigade to jump on this Stalinist display of jackbooted thuggery!
posted by Blazecock Pileon at 12:03 PM on April 21, 2011 [1 favorite]

blaze, your sheer paranoia and victim complex cracks me up once again. thanks.

I am quite comfortable saying that regardless of the manufacturer or telecom carrier, any organization that collects tracking details about its customers needs to be forthright about why they are doing it, and if it is intentional, make it explicitly opt-in and if it is an unintentional oversight, offer a grovelling apology and a quick bug fix.
posted by modernnomad at 12:09 PM on April 21, 2011

While not at all the same thing - a regularly trimmed list of the 20 most recent wifi locations and 50 most recent cell towers you've connected to with is not the same thing as triangulating your own location based on tower and wifi data and archiving it forever - this is still something that needs explaining. Ultimately, though, those differences actually are differences. You can make a functionality claim about yesterday's cell tower location data that you can't about last year's personal location data.
posted by kafziel at 12:19 PM on April 21, 2011

any organization that collects tracking details about its customers

This is some broad definition of "collects."

Should I be concerned that Virgin Mobile is collecting the last 10 pictures I took on my phone? In that they are stored on my phone?
posted by muddgirl at 12:24 PM on April 21, 2011 [1 favorite]

Does Virgin Mobile pull those pictures from your phone and store them on their servers, without telling you or giving you access to that data, like Apple is? If not, then no.
posted by kafziel at 12:38 PM on April 21, 2011

sorry, by "collects tracking details" i meant as it has been revealed in this particular case, in others, "collects a permanent log of my geo-spatial co-ordinates without my knowledge".. if it's the last location in order to facilitate certain location-based services without keeping a permanent log, I have little problem with it. i thought that would have been clear, but i guess not.

but if virgin mobile was pulling your last 10 photos and keeping them in an unsecured, permanent log, then oh yes, i would have a problem with that too.
posted by modernnomad at 12:43 PM on April 21, 2011

Does Virgin Mobile pull those pictures from your phone and store them on their servers, without telling you or giving you access to that data, like Apple is?

Is Apple pulling the data in question from your phone and storing it on their servers? I can find no evidence of that in this case, unless we're talking about a different case, in which case they probably shouldn't do that.

But this particular file isn't going to Apple's servers. It isn't going anywhere except your phone back-up on your personal computer.

keeping them in an unsecured, permanent log

It seems to me that Apple's greatest sin is that they didn't give users a way to clear this log. Others have stepped up to the plate and done so. Does that solve the issue?
posted by muddgirl at 12:51 PM on April 21, 2011

It seems to me that Apple's greatest sin is that they didn't give users a way to clear this log. Others have stepped up to the plate and done so. Does that solve the issue?

The greatest sin was not making users aware the log was being kept in the first place, or negligently allowing the log to be created through a bug. It's still unclear whether this was intentional or inadvertent.

It's great that some enterprising folks have created software for the those of us with jailbroken iphones to clear the log, but that's the tip of the iceberg in terms of global iphone users who don't follow these kinds of things (like my mother, for instance). The issue will be solved when Apple issues a software update that eliminates the log and creates new rules about for how long it is generated, or if it remains a permanent log, redefines it as an opt-in process. It seems like it should be a minor issue and I would expect a fix to be released within days rather than weeks. I can't imagine anyone at Apple is too happy with the press attention this is getting.
posted by modernnomad at 12:57 PM on April 21, 2011

blaze, your sheer paranoia and victim complex cracks me up once again. thanks.

As far as paranoia goes, you wrote a FPP entitled "Big Steve is Watching You", not me.

I am quite comfortable saying that regardless of the manufacturer or telecom carrier, any organization that collects tracking details about its customers needs to be forthright about why they are doing it, and if it is intentional, make it explicitly opt-in and if it is an unintentional oversight, offer a grovelling apology and a quick bug fix.

I agree and am looking forward to hearing Google issue something along these lines.
posted by Blazecock Pileon at 12:57 PM on April 21, 2011 [1 favorite]

As far as paranoia goes, you wrote a FPP entitled "Big Steve is Watching You", not me.

Yeah, it has a question mark at the end of it, and was intended to be a jokey a riff on the well known line from 1984. But if you think I am actually concerned that Steve Jobs is personally tracking iphone users, I guess my (poor, admittedly) joke was lost on you. As I've done before, let me reassure you I am writing this from a macbook air and happily own an iphone.

I hope explicit guidelines are adopted by all handset manufacturers or mobile phone software developers; Google, Apple, Nokia, Microsoft, HTC, etc... no-one gets a pass for this kind of stuff. There's a reason it has got such global coverage, and I'm quite sure it's not because anyone at the BBC is an "apple hater".
posted by modernnomad at 1:02 PM on April 21, 2011

It's still unclear whether this was intentional or inadvertent.

This article explains exactly why the log exists, the fact that it's not new and not a bug.

Before, the log existed and the majority of users couldn't access it at all - although it is apparent that "forensic services" were able to access the log. Now that we CAN access it, we can prevent others from doing so.
posted by muddgirl at 1:03 PM on April 21, 2011 [1 favorite]

I hope explicit guidelines are adopted by all handset manufacturers or mobile phone software developers; Google, Apple, Nokia, Microsoft, HTC, etc... no-one gets a pass for this kind of stuff.

I've stated my position on privacy matters several times, so I find the accusations of paranoia and victimhood oddly agenda-driven, frankly, since we're in agreement here. I also find it hilarious and hypocritical that when the other guy gets caught doing the very same thing, it's "different".
posted by Blazecock Pileon at 1:10 PM on April 21, 2011

I've stated my position on privacy matters several times, so I find the accusations of paranoia and victimhood oddly agenda-driven, frankly, since we're in agreement here. I also find it hilarious and hypocritical that when the other guy gets caught doing the very same thing, it's "different".

So given that I am a happy owner of multiple apple products, and I am also the one who has suggested you exhibit a weird paranoia about anything apple-related, what exactly do you think my agenda is?

My agenda with this FPP has nothing to do with Apple, or Google, or MS, or Nokia, or any other company. My agenda solely relates to a professional interest in privacy matters in the digital world, particularly those that relate to location-based services.
posted by modernnomad at 1:15 PM on April 21, 2011 [1 favorite]

Permanent log != limited cache.
posted by kmz at 1:16 PM on April 21, 2011 [1 favorite]

So given that I am a happy owner of multiple apple products, and I am also the one who has suggested you exhibit a weird paranoia about anything apple-related, what exactly do you think my agenda is?

Yeah, I don't think it's really too relevant what you own, I'm just dealing with the content of your post as you chose to write it. I think you've been at this site long enough to know that phrasing posts with rhetorical questions has always been bit of a sticky editorial issue here. Based on your post, I'll suggest that you are perhaps displaying a weird paranoia about either Steve Jobs or Apple, despite no evidence for anything horrible having taken place, beyond locally storing location data, which also appears to be happening on Android devices. Sadly, this was a missed chance for a larger discussion about privacy, perhaps.
posted by Blazecock Pileon at 1:29 PM on April 21, 2011

This article explains exactly why the log exists

At the heart of the explanation is this:
"The Core Location framework lets you determine the current location or heading associated with a device."

It doesn't seem like a permanent record of every location ever visited across the life of the phone would really be necessary for this.
posted by Devils Rancher at 1:30 PM on April 21, 2011

Like others, I've used the tracking app and it's claimed that my phone has been in Vegas even though I haven't been in Vegas in years. When I press the arrow at the bottom of the screen and to show week-by-week data, it shows me that the phone was in Vegas during the same week that I bought my phone at an Apple store in NYC last July. So I'd imagine that Vegas has a warehouse or something like that where they store new iPhones.
posted by Tin Man at 1:42 PM on April 21, 2011

I HOPE YOU KNOW THIS WILL GO DOWN ON YOUR PERMANENT RECORD

... Oh yeah?

Don't get so distressed...

...Did I happen to mention that I'm impressed?
posted by entropicamericana at 1:54 PM on April 21, 2011 [1 favorite]

For once I thought we were going to go without the standard derail... Fool is my name.
posted by juiceCake at 2:13 PM on April 21, 2011

i forget what 8 was for
posted by mrgrimm at 2:49 PM on April 21, 2011 [1 favorite]

Purely from the standpoint of privacy, the quantity of data stored seems, to me, to be largely besides the point. The data are collected, and an Android application can presumably funnel that data away on a rooted Android phone, as much as an iOS app could apparently be doing the same on a jailbroken iPhone. From a privacy standpoint, location tracking without consent is troubling, whether the data collected are 1 kB in size — or 100.
posted by Blazecock Pileon at 4:34 PM on April 21, 2011

I find it stunning that it's been two days and Apple hasn't seen any need to make a statement. There's the usual back-channel via Gruber (originally characterized as "little-birdie-informed", now edited to say "somewhat-informed theory"). But no official statement. Apple's never been in a hurry to talk to the press and their success allows them plenty of room. But it still strikes me as awfully arrogant not to explain to their customers why this data exists. Maybe they'll say something for the weekend, in the quiet part of the news cycle? Or maybe they don't need to say anything, just patch it out and pretend it never happened.

Personally, I'd like to see this tracking file turned into a product. I want access to this data.
posted by Nelson at 10:19 AM on April 22, 2011

This is a literal difference. It's not up for debate really.

No one has disagreed with you about how much data are being collected. I have been and remain in full agreement with you that the statements that less data are collected on Google phones is a 100% factually correct statement.

As far as these being issues of equal significance with respect to privacy rights, however, that is most certainly a matter that is up for fair discussion. The fact that Google has been in no small part the beneficiary of hypocrisy on this issue in this thread is not really up for debate, either. To pretend otherwise is just factually incorrect.
posted by Blazecock Pileon at 1:04 PM on April 22, 2011

Blazecock, I would also say there is some difference between how Apple and Google go about collecting the data. For Google, the default is that the feature for correlating location data with Wifi hotspots and cell towers is turned off, and when you enable it, it brings up a consent dialog that tells you they will report anonymous location data to Google. It's not hidden in a EULA, and the file is not copied from phone to phone, and it most certainly doesn't keep a record of every single location data the phone has seen.

To pretend otherwise is just factually incorrect.

I would contend that it is very much up for debate. Google asks for consent before sending the data, they don't copy the data to other devices, and the data actually stored on the device is much smaller than Apple's. It's also possible to disable the collection at any time by unchecking a box. With newer versions of android, it also wipes the file.

More details here.
posted by zabuni at 1:17 PM on April 22, 2011

they will report anonymous location data to Google

Apparently, this is no longer true:

Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual's phone.

Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the "evercookie"—a type of tracking file that is difficult to be removed from computers—as a way to highlight the privacy vulnerabilities in Web-browsing software.

The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar's findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar's conclusions.

posted by Blazecock Pileon at 1:22 PM on April 22, 2011

How police have obtained iPhone, iPad tracking logs
posted by homunculus at 4:38 PM on April 22, 2011

Has anyone seen the same behaviour in Windows Phone 7, yet? If I read Blazecock Pileon right, that seems to be the smartphone operating system he's recommending. Or possibly Maemo?
posted by running order squabble fest at 3:14 AM on April 23, 2011

I certainly don't see anything amounting to "On Mefi, if Google does it it's OK," which is apparently what you're insinuating.

Me neither. Such a notion is absolute fantasy. Very Beckian I'd say, and thus frightening and hilarious.

You only have to look here for example.
posted by juiceCake at 11:06 AM on April 23, 2011

People relax. Soon people like MetaFilter's Apple Defender™, TUAW and Jon Gruber will all explain to you why this is a great feature. You just need to give it some time.
posted by eyeballkid

Gruber:

It’s worse than that, though, because even if you are encrypting your backups, it’s also available to anyone who has physical access to your iPhone.

Android phones store the same type of location information, but, unlike iOS, Android’s cache only contains recent entries — which is to say Android is doing it right.

I can understand how Gruber grates on some readers nerves, but either you've never read Gruber or you should probably stop mischaracterizing his writing.
posted by justgary at 1:07 PM on April 23, 2011 [1 favorite]

The discussion of Google's location cache file comes rather late in this thread.

Well, it's more like silence, than discussion. Which is a bit damning, particularly the silence after the revelations in the Wall Street Journal piece. I guess the next step is to dismiss what they say, since the WSJ are just another bunch of Apple fanbois.

Very Beckian I'd say, and thus frightening and hilarious.

What's funny and tragic is that I haven't defended Apple in any way, shape or form — in fact, I have been quite concerned about what has happened here and have expressed an opinion that Apple has questions to answer — and yet your behavior has not changed one bit, accusing me of derailing a thread when someone else pointed out that Google is doing the Exact. Same. Thing.

The hypocrisy is absolutely stunning, really. It should be bottled up and sold to Republicans in six packs.
posted by Blazecock Pileon at 5:40 PM on April 23, 2011

Via ioerror's Twitter stream: Was the iPhone location logging put in by quiet law-enforcement / intelligence agency request?
posted by mediareport at 5:43 PM on April 23, 2011

Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.

posted by hippybear at 7:14 PM on April 23, 2011

We're discussing it right now

You've been dismissing any similarities (and any dissenting opinions about the important similarities — like the obvious fact that how much data being collected doesn't affect the privacy implications. That's not really discussion.

If you want to disagree please be specific.

I tried.
posted by Blazecock Pileon at 7:15 PM on April 23, 2011

like the obvious fact that how much data being collected doesn't affect the privacy implications

You keep saying that like it's true.
posted by mediareport at 7:21 PM on April 23, 2011

I may have missed it but are they claiming that phones are calling location data back to Google even if the user turned off this checkbox during the OS bootup?

Well, the two paragraphs which seem to answer your question are:

In the case of Google, according to new research by security analyst Samy Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It also transmitted the name, location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.

and

Google seems to be taking a different approach, to judge from the data captured by Mr. Kamkar. Its location data appears to be transmitted regardless of whether an app is running, and is tied to the phone's unique identifier.

I don't see any mention of an opt-in checkbox anywhere in that article. Why that is, I cannot say.
posted by hippybear at 7:30 PM on April 23, 2011 [1 favorite]

I agree with you about the privacy implications in general

Thank you.

but the threat posed to someone's privacy is far less with the Android cache file than it is with the iPhone's entire historical log

That's not really true. All you need is a trojan horse app on a Google phone, and there's plenty of those that Google won't remove until people complain on Reddit.

The auto-sync with iTunes also further exposes the file to anyone with access to your computer, which isn't the case with the Android file.

So you encrypt your iPhone backup. It is one, single, solitary checkbox in iTunes, for Christ's sake.
posted by Blazecock Pileon at 7:31 PM on April 23, 2011

Google Defends Way It Gets Phone Data

Inquiries Grow Over Apple’s Data Collection Practices [NYT]
posted by hippybear at 2:43 AM on April 24, 2011

Goodness, this axe grinding is boring.

I spent some time with the iPhone data, making my own map of a year's worth of travels. High level notes here, technical detail including database schema here.

My belief is this is a poorly maintained cache of the locations of cell towers and wifi nodes. It doesn't seem to be designed as a location tracker. The key thing is the table does not record how often you've been near a place, only the last time you were there. The primary key in the table is the tower ID or wifi MAC; it literally can't store every single visit near a tower.

The thing I can't understand is how many IDs there are in the table. There are a couple of thousand cell IDs in half of San Francisco, maybe more. I'm no cellular expert but I don't think there's anywhere near that number of GSM towers. The "cell ID" primary key is MCC+MNC+LAC+CI: anyone know enough about cellular towers to explain what that is? Some of the "locations" are in the water, too, so they aren't exact tower locations; maybe the tower's idea of where I am based on distance and angle? I don't know.
posted by Nelson at 8:19 AM on April 24, 2011

I'm glad we agree that users need to take extra steps in the iPhone circumstance to secure their location data on their computer, steps unnecessary for Android users.

I don't agree at all and have explained the technical reasons why, and I hope I'm not the only getting tired of the relentless hypocrisy about Android's equivalently significant violations of privacy, in light of presented, troubling facts.
posted by Blazecock Pileon at 10:55 AM on April 24, 2011

So this is a big thumbs up to Windows Phone 7, by the looks of it. Interesting.
posted by running order squabble fest at 11:14 AM on April 24, 2011

At least reading here, windows phones also store and forward location information, including the same randomly generated device id that google phones send, although the id is only kept for "a certain time".
posted by zabuni at 3:42 PM on April 24, 2011

It's a fact that Android users don't have any of their location data stored automatically on computers they've used with their phones. iPhone users do. This is simply a statement of fact.

It's a fact that you can tick a checkbox and address this easily — trivially. This is also a statement of fact, and one that has been mentioned to you, repeatedly.

It's also a fact that Android has a chronic problem with trojan horse applications, which make it trivially easy to collect and redistribute the kind of personally-identified location data that Google collects. This is simply a statement of fact.

sloppy reporting is certainly not unheard of

Dismissing the Wall Street Journal's work as sloppy is not much of a defense. But it's easy enough to write their editors a letter.
posted by Blazecock Pileon at 2:06 AM on April 25, 2011

You cache my drift?
posted by flapjax at midnite at 5:51 AM on April 25, 2011 [1 favorite]

In more news, unlike Android, you can't turn off the storage of location data, although it won't be sent.

Trojans that would have access to the file for Android would need to have root, which most phones don't have activated stock. There have been similar concerns for trojans on rooted iPhones, so this appears to be a concern on both sides.
posted by zabuni at 7:03 AM on April 25, 2011

What Does Your Phone Know About You? More Than You Think

or not...

Steve Jobs on iOS Location Issue: 'We Don't Track Anyone'
posted by mrgrimm at 10:08 AM on April 25, 2011

I'm not sure if it's linked above (didn't see it), but Alex Levinson has a good breakdown of the iPhone-specific issue:

3 Major Issues with the Latest iPhone Tracking “Discovery”
posted by mrgrimm at 10:10 AM on April 25, 2011

Apparently Apple is going with no official statement. Steve's email says nothing useful, and Apple let the weekend go by without making a quiet statement.
posted by Nelson at 10:36 AM on April 25, 2011

Apple: We 'must have' comprehensive user location data on you

(which is actually about statements Apple made in 2010, but probably still applies.)
posted by hippybear at 12:54 PM on April 25, 2011

Apparently Apple is going with no official statement. Steve's email says nothing useful, and Apple let the weekend go by without making a quiet statement.

I disagree that it says nothing useful. Jobs says "We don't track anyone", while anybody can open their iPhone up and see the exact database that's tracking them. What this says is that Steve Jobs in his capacity as the public face and head of Apple is perfectly willing to flat-out lie about what they're doing. That's very meaningful information.
posted by kafziel at 1:36 PM on April 25, 2011

So... Maemo? Upgrading to Meego over time?
posted by running order squabble fest at 1:41 PM on April 25, 2011

kazfiel: I don't see Steve's email as a direct lie so much as your classic PR speak that denies without saying anything meaningful. A generous reading of "We don't track anyone" is that "We" refers to "Apple" and "track" means "deliberately record your location". The iPhone itself is recording location but there's no evidence they send this new data to Apple. And having looked at the data myself, I think the location tracking was an accidental side effect of a caching implementation, not deliberate tracking. Same goes for "The info circulating around is false"; by being so ambiguous as to what he's refuting, he's refuting nothing. The more significant misdirection in the Steve email is "Oh yes [Droid does track you]". He's implying Droid's geolocation invades privacy more than the iPhone, which as far as I know no one credible has documented.

(Of course, your iPhone is constantly sending your position to the cell phone provider and to Apple's geolocation lookup servers. That's nothing new, and honestly is a much bigger privacy issue than an obscure database in a backup on your home computer.)
posted by Nelson at 1:55 PM on April 25, 2011

Or Android and turn off Location services when you don't want to use them. Because turning the function off actually does mean something, there.
posted by kafziel at 1:56 PM on April 25, 2011

House Democrat Warns of Sex Predators Using iPhone Tracking (it's a bit facepalmy)

Florida, N.Y. consumers sue Apple over location tracking
posted by hippybear at 2:16 PM on April 25, 2011

IPhone Stored Location in Test Even if Disabled
posted by hippybear at 2:18 PM on April 25, 2011

A recent Apple patent application reveals that the location-tracking dossiers accumulated in iPhones are to be used in apps from Apple and any number of other companies.
posted by lilkeith07 at 4:33 PM on April 25, 2011

House Democrat Warns of Sex Predators Using iPhone Tracking

Won't someone think of the children?
posted by Blazecock Pileon at 5:18 PM on April 25, 2011

Apple & Google Summoned for Senate Hearing on Mobile Privacy

Illinois Seeks Meeting With Apple, Google (paywalled WSJ)
posted by hippybear at 6:54 PM on April 25, 2011

A “Probe in Your Pocket”? Apple’s Steve Jobs and Google’s Andy Rubin Talk Smartphone Privacy at D8 and Dive.
posted by Blazecock Pileon at 3:41 PM on April 26, 2011

Whaddaya know? Apple made a public statement after all. It's pretty good and thorough. Summary: "it was a bug and we're fixing it". Lots of interesting detail.

The same article notes Microsoft also has a statement about Windows Phone 7. In case you were dying to know.
posted by Nelson at 8:20 AM on April 27, 2011

Gotta love how that 9to5mac link that Nelson has provided uses as its illustration the map created by the guy in Germany who FOIAed his cell movement data from his carrier, and really doesn't have much to do with this kerfuffle much at all.

It's a nice illustration and all, but seems to be mixing issues a bit.

Anyway, good find Nelson. Thanks.
posted by hippybear at 9:09 AM on April 27, 2011

So a bug like Google's inadvertent collection of data from unprotected WiFi networks.

Some bugs really do bugger you.
posted by juiceCake at 10:01 AM on April 27, 2011

From Apple's statement:

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

Just to clarify that this data is being sent to Apple.
posted by eyeballkid at 11:27 AM on April 27, 2011

But, to be fair, my problem with the situation is fixed by this line: In the next major iOS software release the cache will also be encrypted on the iPhone.
posted by eyeballkid at 11:29 AM on April 27, 2011

Just to clarify that this data is being sent to Apple

It's not great, but at least it is anonymous. Looking forward to the core location bug fix.
posted by Blazecock Pileon at 1:04 PM on April 27, 2011

Good news I think, at least relatively... Apple admits they fucked up on this one, and will be offering a patch hopefully in the next couple of weeks. I''m glad they acknowledged it and I'm glad it's not enough to make me jump ship to android. Hopefully they've learned their lesson.

Deep down I'm actually glad there's people out there holding Apple and Google and whoever else to task on this sort of thing because, frankly, I sometimes get worried that I'm too ensconced in a particular software ecosystem to risk leaving and make my voice heard.. So kudos to everyone that got them to change tack on this -- goes to show that every little bit helps.
posted by modernnomad at 6:15 PM on April 27, 2011

Jobs is an arrogant SOB and acts like petulant child at times, but he doesn't seem interested in spying on anyone, so this isn't surprising.

Still, it wouldn't have hurt anything to say, a week ago, "Ok, we're looking into this, we'll get back to you."
posted by Brandon Blatcher at 4:03 AM on April 28, 2011 [1 favorite]

Still, it wouldn't have hurt anything to say, a week ago, "Ok, we're looking into this, we'll get back to you."

The fact that they didn't is simply a reflection of the culture of arrogance that exists at Apple. I love my Mac OS and all, but there is definitely a culture of arrogance at the company, and it's gotten steadily worse in recent years.
posted by flapjax at midnite at 6:29 AM on April 28, 2011 [1 favorite]

I love my Mac OS and all, but there is definitely a culture of arrogance at the company...

Yep. Sometimes I like it and sometimes not so much.
posted by Brandon Blatcher at 6:37 AM on April 28, 2011

Windows user for many years, switched to Mac about three years ago for my current laptop, which is definitely an improved experience ... but not in all respects. Such that, as I now consider buying my next laptop, I'm not remotely convinced it's going to be a Mac. And yeah, part of this that culture of arrogance.

A few fundamental frustrations which it doesn't seem Mac has any interest in remedying:

I-movie is unnecessarily limited, with nothing between it and Final Cut with its steep learning curve and steep price tag.

Garage Band is extremely limited with other related options not just expensive but not even remotely as versatile or good as related (and far cheaper) Windows options.

The hardware itself just isn't as tough as comparable Windows options. Regular day-to-day use has already necessitated two visits to Applecare whereas I've never had to bring a Windows to the shop for anything but software related issues.

Again, I'm reminded of something Neal Stephenson wrote years ago. If your windows box is like a clunky K-car, your Mac is a BMW ... but they're still both just cars when the potential is there for rocketships.
posted by philip-random at 10:13 AM on April 28, 2011

The hardware itself just isn't as tough as comparable Windows options. Regular day-to-day use has already necessitated two visits to Applecare whereas I've never had to bring a Windows to the shop for anything but software related issues.

Use what makes you happiest and your life easiest, but this ("it's not as tough as [whatever]") is such an individual thing, and most of us have such teeny sample sizes to draw from, that I think it's pointless to bring it up. I owned a refurbished 12" powerbook for years that went from work to home to work to home daily, and got traveled with on airplanes and cars, and never gave me a lick of trouble except when the hard drive died. It now lives downstairs with my neighbor. My current laptop is a 13" mbp and it does the same commute as the pb and has also never given me a lick of trouble. YMObviouslyVaried.
posted by rtha at 10:28 AM on April 28, 2011

Word! I use my Macbook to help with chopping vegetables, tenderizing meat and as a bulletproof shield when I'm out superheroing. Sure, some people swear by PCs, but when you have to finish up prepping for soup and deal with Dr. Danger's fiendish plans, there's no computer I'd trust more.
posted by Brandon Blatcher at 12:05 PM on April 28, 2011 [1 favorite]

Here, let me explain why MAC is obviously a failure because it does not meet my arbitrary and utterly subjective criteria. What? Pfft, you're using objective measures like sales as a refutation of my argument? blah blah justin bieber blah blah popular too blah blah sheeple blah blah

but they're still both just cars when the potential is there for rocketships.

The iPad has been on sale for sometime now.
posted by entropicamericana at 12:53 PM on April 28, 2011 [1 favorite]

The iPad has been on sale for sometime now.

Car : Rocketship :: PC : iPad

?!
posted by mrgrimm at 1:09 PM on April 28, 2011

The iPad may not be a rocketship, but they've certainly been used on them for over 40 years now.
posted by hippybear at 1:38 PM on April 28, 2011

If you have to use a stylus you're doin' it wrong.
posted by Brandon Blatcher at 1:43 PM on April 28, 2011 [1 favorite]

Or you are using Maemo, and thus doing it right. Seriously, Angry Birds on Maemo? Awesome.

Incidentally:

Here, let me explain why MAC is obviously a failure because it does not meet my arbitrary and utterly subjective criteria. What? Pfft, you're using objective measures like sales as a refutation of my argument? blah blah justin bieber blah blah popular too blah blah sheeple blah blah

I hope that if I am ever this rude to somebody else over their choice of computer hardware, a loved one will stage an intervention.
posted by running order squabble fest at 1:56 PM on April 28, 2011

Kirk always had his own way of doing things. Even using an iPad.
posted by hippybear at 2:22 PM on April 28, 2011

Here, let me explain why MAC is obviously a failure because it does not meet my arbitrary and utterly subjective criteria.

I think you meant: Here, let me not read your considered comment about which operating system you have a preference for and jump all over you for criticizing a company I worship, but cares not a whit for me.
posted by eyeballkid at 2:53 PM on April 28, 2011

Android phone owners sue Google for $50m over location data

The Michigan complaint from Julie Brown and partner, a possible class action, accused Google of excessively detailed tracking. Android 2.2 on their HTC Inspire 4G phones was tracking with the level of frequency and precision of a "tracking device for which a court-ordered warrant would ordinarily be required," Brown said.
posted by Blazecock Pileon at 11:12 AM on April 29, 2011

Google Memo Reveals Importance of Android Location Database

Google Tracks You Too, Internal E-mails Show
posted by hippybear at 2:03 PM on May 1, 2011

« Older Bad Politics, Worse Prose | "For the majority of Pentagram's career, if you... Newer »

This thread has been archived and is closed to new comments

MetaFilter

Big Steve is Watching You?
April 20, 2011 7:22 AM Subscribe

Tags

Share

Big Steve is Watching You? April 20, 2011 7:22 AM Subscribe

Tags

Share

Big Steve is Watching You?
April 20, 2011 7:22 AM Subscribe