Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Page 2 of 2 < 1 2
Topic Options
#344547 - 27/04/2011 17:08 Re: iOS tracking users [Re: tonyc]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
I get the impression is that is exactly what they have done, ie they have responded just as quickly as they have been able to understand exactly what the situation is.
_________________________
Remind me to change my signature to something more interesting someday

Top
#344548 - 27/04/2011 18:28 Re: iOS tracking users [Re: peter]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Originally Posted By: tonyc
Exactly. For the life of me I can't understand why so many companies don't get that it's better to lay all your cards on the table when this stuff happens than to hem and haw and obfuscate. If El Steve-o had just come out right away and said "we're collecting stuff, it's not very detailed, we'll put in a mechanism to turn it off without losing any location-aware functionality," this could have blown over before senators started getting involved.

But they did, last summer (2010), due to a general congressional inquiry about location tracking regarding all smart phones. And even prior to that inquiry, there was information about what Apple was doing, from the EULA, to WWDC sessions and information readily available on the developer site.

There was nothing new discovered with this current issue, beyond bug related problems. The existence of the cache was known (directly from Apple), the fact it was backed up was known (from forensics experts last year and is now known to be a bug), and the fact that it doesn't contain the exact location of the phone. The only thing new about the report from O'Reilly Media was the hype, and an application to incorrectly map the data.

Originally Posted By: peter
Originally Posted By: hybrid8
According to Apple, none of this information is sent from the iPhone TO Apple, and in fact it's downloaded FROM Apple to the iPhone. Which does make sense

It makes no sense at all -- or at best is a misleading half-truth. The information they're talking about ("all the cell towers in Toronto") is sent from Apple to Iphone. Why is that particular slice of the global database sent? Because the Iphone has sent to Apple a request saying, "send me all the cell towers near <this specific location>". Apple still gets told your whereabouts.

Bruno's statement should probably be clarified. Apple stated the cached file is never sent to Apple. That's what they mean. Last summer, they already acknowledged they receive data from users based on location requests. And they explained that under iOS 3.0, Google and Skyhook also received the requests, but as of iOS 4, only Apple sees it.

As far as the data Apple gets for this exact location issue, they see a request not that a phone is at exact position X, but instead they receive data that says "I can see a cell tower with ID number 53022, and another with ID 53023, send me all cell tower data around those towers". All the triangulation involving power levels of the signals from each tower is done locally on the phone. With WiFi data, Apple receives requests that do narrow down the area a bit more, but these requests may also be based on where the user is searching, and not the location of the device. This is done for the iOS devices lacking cellular radios and GPS chips to still allow them to show a basic location marker.


Edited by drakino (27/04/2011 18:48)

Top
#344550 - 27/04/2011 19:35 Re: iOS tracking users [Re: drakino]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
All Things Digital has an interview with Jobs, Schiller, and Forstall posted. One point seems to be that they think the misunderstanding is an education issue, and that Apple, and other companies need to do a better job at explaining how all these location services work.

Forstall also commented the file is being truncated now, but only when the file hits 2MB. This was clearly high enough to contain a ton of data, and as previously announced, they will be switching to a time based truncation method of a week.

Something revealed earlier in the official announcement and reiterated in the interview is that Apple is planning on using the anonymous data they do collect for a traffic reporting system. No further details on it were given though. This may be part of iOS 5, with the rumored departure from Google Maps to an Apple built maps program.

Quote:
I was curious if you have an ETA about when you would be coming back full time?

Jobs: Look, we’re here to talk about location today, not me.

Yep, thats Steve Jobs. Looks like his health problems haven't impacted his feistiness.


Edited by drakino (27/04/2011 19:39)

Top
#344551 - 27/04/2011 20:05 Re: iOS tracking users [Re: drakino]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
I wonder if they got him to comment on his health off the record. I hope he hangs in there, but realistically he's not been looking very good at all. Statistically, he's already on borrowed time.
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#344554 - 27/04/2011 23:36 Re: iOS tracking users [Re: hybrid8]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Quote:
from forensics experts last year and is now known to be a bug

I haven't been following every detail of this story, but what evidence has been presented that this is a bug rather than a feature? The only reference I've seen to it being a bug is your speculation to that effect. It very well may be, but I didn't know that had transitioned from your well-educated guess to a verified fact.

That said, I get that much of this was known about by some experts, but once it became known to the larger audience, Apple had a responsibility to respond in a timely manner to it, and to inform users of their plans to correct the problem. In my opinion, they failed on that, as many companies do. This is more of a complaint about how tech companies think they can just weather the storm with vague press releases when user privacy concerns are bringing them bad press, not a specific criticism of Apple alone.
_________________________
- Tony C
my empeg stuff

Top
#344555 - 27/04/2011 23:41 Re: iOS tracking users [Re: hybrid8]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Quote:
Statistically, he's already on borrowed time.

Yes, but those statistics include people of all means. It's quite a marvel that he's doing as well as he apparently is, but less of a marvel when you consider his immense personal fortune he can pour into getting the best medical care available.
_________________________
- Tony C
my empeg stuff

Top
#344556 - 28/04/2011 00:47 Re: iOS tracking users [Re: tonyc]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Originally Posted By: tonyc
what evidence has been presented that this is a bug rather than a feature?


Only Apple's claim. So they're either lying or telling the truth.
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#344557 - 28/04/2011 03:37 Re: iOS tracking users [Re: tonyc]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Originally Posted By: tonyc
I haven't been following every detail of this story, but what evidence has been presented that this is a bug rather than a feature? The only reference I've seen to it being a bug is your speculation to that effect. It very well may be, but I didn't know that had transitioned from your well-educated guess to a verified fact.

This part only applies to the data file being backed up to a computer.

Anyone who works deeply with OS X and iOS as far as how the filesystem is laid out, and how Time Machine/iOS backups work would likely come to the same conclusion as my speculation about it being a bug. Some engineer decided to save a preferences file in a cache folder and removed that folder from the backup exclude list. Or, the other possibility I see is that the caches folder was never properly added to the backup exclude list like it should have been.

One mistake I did make in my checks was the location of the data in the past. iOS prior to 3.2 stored the older h-cell.plist cache under /root/Library/Caches, the cache folder for the root user on the phone. 3.2 moved it to the user partition under ~/Library/Caches. I had incorrectly assumed the location was still the same. Knowing the change happened reinforces my belief this is a bug, as the previous plist wasn't part of the backups. Why make a change now, when they previously saw no need to back up caches in the past? From information released at WWDC (that I can't re quote here, I think 2010 sessions are still under NDA), and from a previous link to Alex Levinston's analysis, the changes had to do with supporting the multitasking features of iOS 4. Combine the analysis of file location, changes needed for iOS 4, and Apple's paranoia about location and analytics*, and it seems more like a bug/oversight vs a feature intentionally added.

I get that not everyone is trustworthy all the time, including Jobs. After looking into the issue myself by using my phone to test it directly, along with my experience in the software field as a build engineer, it all comes across to me as a bug or an oversight. I'm sure many developers here have been through those last minute crunches, and something falls through the cracks. In this case looking at Apple's tight release schedules for iOS over the years, it seems to me there were plenty of corners cut to get things out the door. I don't see this as intentional malice, just crunch time carelessness. It does point to a need for stronger code and implementation reviews at Apple, especially when a users privacy is concerned.

The only way this would be a verifiable fact is if the engineer who either implemented this "feature", or didn't implement the changes for iOS 4 properly were to come forward. That is highly unlikely to happen due to his NDA work agreements and such, so I'm not sure how to really convince you beyond what has been said and linked here. Some of my earlier links contain discussions other people are having that have been researching this, and most lean towards a mistake and not malice.

* I spent about 15 minutes trying to find good links to the previous issues Apple discussed last year, but Google is mostly returning results on the current 2011 story. Basically the changes made in iOS 4 to show what apps last gathered any location data came out of Apple discovering 3rd party apps were silently reporting more info then they thought. Some app revealed early details of the iPad when in development. This lead to some analytics lockdowns, and an awareness about apps gathering location details when they shouldn't. Jobs revealed more info on their beliefs regarding location last year at the D8 conference.

Quote:
That said, I get that much of this was known about by some experts, but once it became known to the larger audience, Apple had a responsibility to respond in a timely manner to it, and to inform users of their plans to correct the problem. In my opinion, they failed on that, as many companies do. This is more of a complaint about how tech companies think they can just weather the storm with vague press releases when user privacy concerns are bringing them bad press, not a specific criticism of Apple alone.

From having worked closely with some of the community folks in the games industry, it seemed to be a balancing act. In general, people are going to be posting random crazy things all the time. Some times, those posts blow up into a bigger rumor. A company can't sit there and deny every single rumor thrown at them. Even a simple statement of "we are looking into this rumor" can cause more problems.

To draw a parallel here (and don't get stuck in the details, this is just a general comparison to another recent event), should Obama have responded every time his location of birth was brought up? After all, it is a pretty major thing concerning his eligibility as President. Initially he ignored the situation since he passed all the checks required to be on the ballot in all 50 states. Then later he bowed to pressure and released his short form certificate. Time goes on, the rumors continue to churn and bubble, and eventually blow up again when Trump starts talking about it. Nothing changed, except the hype. And Obama once again bowed to the pressure and released the long form certificate today. Will the release end the issue? Nope, based on all the birther comments still showing up around the web.

Yes, this particular situation is a little different since it involves potential privacy concerns, but this overall issue of location tracking came up last year as a big deal. Apple may have felt that they already addressed these concerns with their EULA, the congressional response, WWDC coverage, and the systems they put into place last year (short form release). More then just a few experts knew about it, but it wasn't a big deal. Nothing really changed between then and now, but for some reason the O'Reilly report (Trump) stirred it up again. Apple's latest response and action is similar to the long form certificate release. Bugs were identified (ignoring the backup, they did confirm the bug where cached data was still being collected with Location Services toggled off), oversights were identified (the 2MB cap on the file was too big), and corrective actions are being taken. Will this quell the general location tracking fears? Probably not.

Top
#344561 - 28/04/2011 13:25 Re: iOS tracking users [Re: drakino]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Ok, you know what? It's clear I was just too close to this all, with my own personal investigation into it. My mind has changed now that I've seen the excellent coverage of whats going on from Next Media Animation wink
(potentially NSFW video)

Top
#344566 - 28/04/2011 15:57 Re: iOS tracking users [Re: drakino]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
Quote:
Apple had a responsibility to respond in a timely manner to it, and to inform users of their plans to correct the problem. In my opinion, they failed on that, as many companies do.


I suspect there is a disconnect between what an individual would wish for in terms of, speed of response, and what any corporation can actually muster.

For Apple to investigate what the issue was, and get the response vetted by all the necessary people.... I think they moved pretty fast.


I hope they can get ahead of the misinformation.
_________________________
Glenn

Top
#345038 - 10/05/2011 22:31 Re: iOS tracking users [Re: gbeer]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Been running 4.3.3 (the version that cuts the cache down to 7 days), and I'm definitely noticing the change. Went to lunch today to an area I haven't been in for about 2 weeks now, and Maps initially showed an estimate location circle the size of the entire Orange County area. It took a good 2-3 second for it to narrow it down closer, due to the network lag of having to pull the data over the network. Never saw a guess that large on the initial load since iOS 4.0.

Also, if anyone is interested in the senate committee hearing about mobile data privacy that Franken called, This is my Next had a good liveblog of it. It went beyond just location tracking and also talked about other data mobile apps appear to be collecting.

I found two things interesting from it, the FTC has a lab where they test various apps on different platforms and snoop the traffic to see what is being sent out, and:
Quote:
8:10 am Kind of interesting that Google sent a lobbyist, while Apple sent an engineer.

Top
#345039 - 10/05/2011 22:33 Re: iOS tracking users [Re: drakino]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
The engineers at Google were busy engineering. They pay lobbyists to be lobbyists. smile
_________________________
- Tony C
my empeg stuff

Top
Page 2 of 2 < 1 2