I couldn't disagree more with the end of your message. So what if they've done a lot for accessibility? What does that have to do with collecting private information on people? lol. Just because you do a good thing, doesn't mean your faults should be overlooked.
Ricardo Walker rwalker...@gmail.com Twitter, Skype, and AIM: rwalker296 www.mobileaccess.org On Apr 22, 2011, at 11:20 PM, Zachary Kline wrote: > Hi All, > . Don't go pulling out the lawsuits yet. I have heard more than one report > that this issue may simply be an undetected iOS bug, involving some > improperly written code. If so, it's perhaps unusual in its effect, but not > necessarily a cause for alarm. I believe that if anybody reads through the > various privacy policies companies implement, they'll find there are > provisions in them for all kinds of things you wouldn't have expected. I > think the reason people are talking about this so much is the overdramatic > news media coverage. The tech crowd is, on the whole, much more restrained. > Is Apple being malicious in doing this? Possibly, but unlikely. What was > the point? Is this an oversight which has just been exposed in a fashion > unusually public? Quite possibly. Is this part of something which you did > legally agree to, even though you didn't read the whole agreement? Very > likely. > So, in summary, let's take a step back here and think about this. I'm > willing to give Apple the benefit of the doubt here. They have done > remarkable things for accessibility, and should be commended. I don't have > an iPhone, but I still want one in the near future. WHo cares how often I go > out to eat, except me and anyone I go with? > Best, > Zack. > On Apr 22, 2011, at 7:24 PM, Karen Lewellen wrote: > >> I agree, again since apple has already expressed interest n connecting ads >> to programs, as in you could not use the program until you responded to the >> ad, the file would not need to go anywhere to be used by advertisers. The >> article on the ads was posted here a few months back. >> its a privacy risk as well as a security one. >> Karen >> >> On Fri, 22 Apr 2011, James Mannion wrote: >> >>> Yes, but if they are collecting the information, obviously they have >>> intentions for it. They may be implementing their intent in steps. >>> This honestly really ticks me off. Apple needs to be slammed with a >>> law suit and lose big if they are doing this secretly. Think about it. >>> Collecting this information to a file and not being forth coming about >>> doing it or why? Do you really think they are collecting it just for >>> you to have such a file? If there were such a silly reason, why not >>> tell you about it? It is pretty black and white, if it is being >>> collect into the file, that file is being collected by someone or they >>> have the intention of doing so in the future. Is there any information >>> if it is being done when location services is not turned on? Does it >>> override that location services setting of being off to collect it >>> anyway? My guess is that it does, but I would not know for sure. Of >>> course companies want you to believe what they are doing is harmless. >>> A dishonest hand never plans to be obvious. It's called deception. >>> >>> On 4/22/11, Aman Singer <aman.sin...@gmail.com> wrote: >>>> Hi, Karen and all. >>>> This has been extensively discussed on the iPhone lists. Here is a >>>> message I sent to those lists with some methods to disable the saving >>>> of the information. You may want to note a few things. First, there >>>> is, as yet, no evidence that this file ever leavves the phone or >>>> computer where it's stored. That doesn't mean it isn't being sent out, >>>> but it does mean that people have looked and haven't found it being >>>> sent out yet. Secondly, the file is stored on both the phone and any >>>> computer which the phone has been backed up to. Therefore, encrypting >>>> backups on the computer might be worthwhile to avoid anyone with >>>> access to the computer being able to obtain the location information. >>>> As it stands, and without evidence that the file is actually leaving >>>> the phone/PC, this is a moderate security issue, in my view, rather >>>> than a large one, or a large privacy breach. >>>> HTH. >>>> Aman >>>> >>>> >>>> Hi, all. >>>> First, as to a quick and dirty solution to this particular problem, >>>> there are two. Both require the phone to be jailbroken. The first may >>>> be found at >>>> http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html >>>> and is as follows >>>> Looks like Apple is tracking iOS devices an recording that info in clear >>>> text: >>>> http://radar.oreilly.com/2011/04/apple-location-tracking.html >>>> >>>> Here's a way to ensure this data is not recorded: >>>> >>>> You must have a hacked iOS device, and either Mobile Terminal or an >>>> SSH login. You must also know the root password. You first >>>> remove/move this file, >>>> and recreate it as a symbolic link to /dev/null like: >>>> >>>> su >>>> cd /System/Library/Frameworks/CoreLocation.framework/Support >>>> rm consolidated.db >>>> ln -s /dev/null consolidated.db >>>> >>>> Anything written to this 'file' is sent to /dev/null, so it is not >>>> saved on the file system. I've done this on a hacked device, and >>>> Location Services >>>> continue to work. >>>> >>>> There is also a program which removes the file at intervals >>>> http://www.ijailbreak.com/cydia/untrackerd-tweak-stop-your-iphoneipad-from-tracking-your-location/ >>>> Thanks to Rose Morales, @chicksdigmacs on Twitter, for the alert. I am >>>> not sure about the accessibility of the program, if Rose or anyone >>>> else would care to comment, I would be grateful. I cannot find any >>>> source code for this program, so it's obvious that one should use at >>>> one's own risk. The first method above does not, to my knowledge, >>>> produce any insecurities, the commands given are normal. I am not >>>> familiar enough with links/symlinks on iOS, however, to be sure that this >>>> first method works properly without side-effects. This issue hasn't >>>> been out there long enough to judge. At the very least, I suspect that >>>> restoring an older backup would stop this method from working. Note >>>> that I am not sure what anyone without a jailbroken iPhone can do >>>> about this issue, I have seen no solution for non jailbroken phones. >>>> Note, also, that this file can be accessed from iPhone backups on the >>>> computer, so those should be encrypted or deleted. It can be accessed >>>> with any of the usual tools for Jailbroken iPhones, and with most of >>>> the forensic tools like >>>> http://accessdata.com/products/forensic-investigation/mobile-phone-examiner >>>> To spread out a bit, and deal with the problem more generally, people >>>> ought to keep in mind, if I may suggest it, that mobile phones are >>>> innately traceable. That isn't because anyone has made them that way, >>>> it's because the phone company needs to know where to route the >>>> information and where it's coming from. This is not something that >>>> anyone can really work around, one can encrypt the information as it >>>> passes, but cannot obfuscate the fact, to my knowledge at least, that >>>> information is passing from and to a specific location. Usually, the >>>> only people aware of the location information, however, are the phone >>>> company and the companies/agencies to which they sell/give the >>>> information. The problem in this case is that this file is stored, >>>> unencrypted, on the phone and computer. By accessing the file, anyone >>>> can get a history of the location of the phone, which might be useful >>>> for many sorts of people, jealous spouses and stalkers who have some >>>> sort of non-private access to the victim come to mind as just two >>>> categories. I think this is more a security, rather than a privacy, >>>> problem just at the moment, nobody has yet detected the sending out of >>>> this file to anyone else, but that isn't conclusive simply because I >>>> have yet to see a decent network sniffer for iOS. If anyone knows of >>>> one, I'd love to hear of it. Anyhow, as it stands, when it comes to >>>> privacy, this is just another reminder, in case one is needed, that >>>> mobile phones are innately public, at least in their location data and >>>> sometimes in everything else, too. If you dislike being tracked at >>>> all, don't carry anything with a chip that can talk to the outside >>>> world, or disable that chip by cutting its power. >>>> Aman >>>> >>>> On 4/22/11, Karen Lewellen <klewel...@shellworld.net> wrote: >>>>> We talked about the pop up ad possibility a while back, now it seems apple >>>>> is gathering data on your whereabouts? >>>>> here is the story. >>>>> TVBizwire >>>>> >>>>> >>>>> Researchers Say Apple Is Tracking Locations of Mobile Device >>>>> Users betanews >>>>> >>>>> A team of researchers says Apple is secretly obtaining the >>>>> locations of iOS4 users and recording them in a hidden file, >>>>> according to a betanews.com report. >>>>> >>>>> Two of the researchers, Alasdair Allan and Peter Warden of >>>>> O'Reilly Media, presented their findings today at the Where 2.0 >>>>> conference in Santa Clara, Calif. >>>>> >>>>> According to the story, the revelation raises "obvious privacy >>>>> concerns and questions as to why Apple would be storing such >>>>> information. The researchers believe it is intentional, as the >>>>> file is restored after backups and even when the user switches to >>>>> a new device." >>>>> >>>>> The group says the functionality is apparently new to iOS4, the >>>>> mobile operating system that runs the latest iPad, iPhone and >>>>> iPod touch. The researchers have reportedly tried to contact >>>>> Apple's security team but had yet to hear back from the company. >>>>> The story reports: "Allan says that the existence of the file on >>>>> on your computer is a security risk, as it is both unprotected >>>>> and un encrypted. `It can also be easily accessed on the device >>>>> itself if it falls into the wrong hands,' he wrote in a blog >>>>> post. `Anybody with access to this file knows where you've been >>>>> over the last year, since iOS4 was released.'" >>>>> >>>>> >>>>> >>>>> http://www.tvweek.com/blogs/tvbizwire/2011/04/researchers-say-apple-is-track.php >>>>> >>>>> http://api.recaptcha.net/noscript?k=6Lcb_78SAAAAAHmtN74lHVK-IOutZhLRidl4tCzl >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "MacVisionaries" group. >>>>> To post to this group, send email to macvisionaries@googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>>> macvisionaries+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/macvisionaries?hl=en. >>>>> >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "MacVisionaries" group. >>>> To post to this group, send email to macvisionaries@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> macvisionaries+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/macvisionaries?hl=en. >>>> >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To post to this group, send email to macvisionaries@googlegroups.com. >>> To unsubscribe from this group, send email to >>> macvisionaries+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/macvisionaries?hl=en. >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To post to this group, send email to macvisionaries@googlegroups.com. >> To unsubscribe from this group, send email to >> macvisionaries+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/macvisionaries?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to macvisionaries@googlegroups.com. > To unsubscribe from this group, send email to > macvisionaries+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com. To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.