M$ are in the love in http://news.cnet.com/8301-31921_3-20057329-281.html
On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivan...@gmail.com> wrote: > Interesting write up, and apparently old news.... > > > https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ > > On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <m...@seiden.com> wrote: > >> yes, that's right. on one of the forensics lists someone pointed out that >> he started google maps for 6 seconds >> and ended up with 1253 locations in the cache, all with the same time >> stamp. those would be potential known >> locations in your neighborhood. >> >> much fuller disclosure in >> >> http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf >> >> including that the some of the location data comes from.... google. >> >> it looks like everything gets anonymized, aggregated to 5 digit zipcodes, >> and max retention of 6 months, but don't >> talk much about what the device does except when it uploads data. >> >> the congressional disclosure, while it makes me feel better about location >> data, contains a few choice items like >> >> >> >> it's unclear how apple can keep app developers from retaining location >> data. which doesn't seem forbidden by apple, only by law. >> >> it's also unclear why they keep really old data in the cache on the phone. >> cache bloat results for little benefit. >> >> the android doesn't do time-based pruning either and has a similar >> location cache with the same data it. >> >> it appears to me that since the keying is by mac address or the tower id >> that there will only be one timestamped item for >> each of those. so if you go around the same neighborhood repeatedly, the >> same data will be in the cache. so not exactly >> tracking, just recency. >> >> but it would seem prudent to both specify and implement the briefest >> retention of the location data that was possible to perform >> the function expected by the user. >> >> >> On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote: >> >> > >> > I've been poring over my phone's data, and I'm not sure if the >> resolution is >> > just very low, or if it's logging the locations of towers and not my >> phone. >> > >> > Ex: http://imgur.com/2m5tO >> > >> > I'm going to xref with FCC databases soon to try and find out. >> > >> > B >> > >> > (Not speaking for Cisco, only for myself and with nobody's approval) >> > >> > On 4/20/11 12:11 PM, "Michele Orru" <antisnatc...@gmail.com> did >> declare: >> > >> >> Already twitted today. >> >> Pretty scary btw. I hope there's not the equivalent for Android. >> >> >> >> antisnatchor >> >> >> >>> >> ------------------------------------------------------------------------ >> >>> >> >>> Thor (Hammer of God) <mailto:t...@hammerofgod.com> >> >>> April 20, 2011 9:05 PM >> >>> >> >>> >> >>> For those of you who have not seen this yet: >> >>> >> >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html >> >>> >> >>> Description: Description: Description: >> cid:image001.png@01CBA43F.5B83F2A0 >> >>> >> >>> /There's no reason to think "outside the box" / >> >>> >> >>> /if you don't think yourself into it. / >> >>> >> >>> ** >> >>> >> >>> *My newest book: "Thor's Microsoft Security Bible >> >>> < >> http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597 >> >>> 495727C:/Users/thor/Documents/Cakewalk>" >> >>> * >> >>> >> >>> ** >> >>> >> >>> *Timothy Thor Mullen >> >>> t...@hammerofgod.com <mailto:t...@hammerofgod.com>* >> >>> >> >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>* >> >>> >> >>> _______________________________________________ >> >>> Full-Disclosure - We believe in it. >> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/