Interesting write up, and apparently old news.... https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/
On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <m...@seiden.com> wrote: > yes, that's right. on one of the forensics lists someone pointed out that > he started google maps for 6 seconds > and ended up with 1253 locations in the cache, all with the same time > stamp. those would be potential known > locations in your neighborhood. > > much fuller disclosure in > > http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf > > including that the some of the location data comes from.... google. > > it looks like everything gets anonymized, aggregated to 5 digit zipcodes, > and max retention of 6 months, but don't > talk much about what the device does except when it uploads data. > > the congressional disclosure, while it makes me feel better about location > data, contains a few choice items like > > > > it's unclear how apple can keep app developers from retaining location > data. which doesn't seem forbidden by apple, only by law. > > it's also unclear why they keep really old data in the cache on the phone. > cache bloat results for little benefit. > > the android doesn't do time-based pruning either and has a similar location > cache with the same data it. > > it appears to me that since the keying is by mac address or the tower id > that there will only be one timestamped item for > each of those. so if you go around the same neighborhood repeatedly, the > same data will be in the cache. so not exactly > tracking, just recency. > > but it would seem prudent to both specify and implement the briefest > retention of the location data that was possible to perform > the function expected by the user. > > On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote: > > > > > I've been poring over my phone's data, and I'm not sure if the resolution > is > > just very low, or if it's logging the locations of towers and not my > phone. > > > > Ex: http://imgur.com/2m5tO > > > > I'm going to xref with FCC databases soon to try and find out. > > > > B > > > > (Not speaking for Cisco, only for myself and with nobody's approval) > > > > On 4/20/11 12:11 PM, "Michele Orru" <antisnatc...@gmail.com> did > declare: > > > >> Already twitted today. > >> Pretty scary btw. I hope there's not the equivalent for Android. > >> > >> antisnatchor > >> > >>> > ------------------------------------------------------------------------ > >>> > >>> Thor (Hammer of God) <mailto:t...@hammerofgod.com> > >>> April 20, 2011 9:05 PM > >>> > >>> > >>> For those of you who have not seen this yet: > >>> > >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html > >>> > >>> Description: Description: Description: > cid:image001.png@01CBA43F.5B83F2A0 > >>> > >>> /There's no reason to think "outside the box" / > >>> > >>> /if you don't think yourself into it. / > >>> > >>> ** > >>> > >>> *My newest book: "Thor's Microsoft Security Bible > >>> < > http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597 > >>> 495727C:/Users/thor/Documents/Cakewalk>" > >>> * > >>> > >>> ** > >>> > >>> *Timothy Thor Mullen > >>> t...@hammerofgod.com <mailto:t...@hammerofgod.com>* > >>> > >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>* > >>> > >>> _______________________________________________ > >>> Full-Disclosure - We believe in it. > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/