Apple and Location Tracking
Posted: April 21, 2011 Filed under: Uncategorized | Tags: gis, iphone, privacy Leave a comment »There’s been a lot of controversy around a blog post on O’Reilly Radar that claims Apple is recording user’s location data, for unknown purposes. I pulled the data from my phone and mapped six months of it.
The red points are from the cellphone table and the blue dots are from the WiFi table. The first thing I noticed is that the data look nothing like my regular spatial pattern, see below. These maps are not the same scale and time period, but you get the general idea. Look for the empty park in the centre of the top map and in the centre, near the top of the bottom map. The map below was recorded with a real GPS.
Here’s another map from a trip to Auckland. My actual location was Auckland Airport, upper-left, where I scampered from the domestic terminal to an international connection. Note the points all over South Auckland.
The timestamps in the database are curious. There are typically dozens or hundreds of records all with the same timestamp. There are a few unique timestamps per day, but there are many days with no data.
So what is this data? While the names of the database fields suggest that this data is a recording of the phone’s position, the authors of the blog post offer no evidence that this is actually the case.
The map from my phone has thousands of WiFi points at locations that I haven’t been near to and the gross pattern of recorded points doesn’t match my travel especially well. Your phone might be able to connect with distant cell towers, and I guess it’s possible that the phone has seen brief scraps of data from all these access points.
I’m wondering if this database is something else. Perhaps it’s a cache of data from a geolocation webservice that the phone can use to determine its position? If it is tracking my location, the positions are wildly inaccurate. You certainly couldn’t determine where I live or work from the data.
Update: Looks like this data is the devices radio logs and geolocation data.
Update: turns out Android phones keep this type of data too.
Update: Apple speaks.
From a privacy point of view, it’s not great that this file is lying around unencrypted. But in terms of disclosing your location, it’s not doing much better than “I was in Christchurch”. My online calendar and emails would be a much more accurate source of this information.
Perhaps the most striking part of this story is the hysterical storm that has swept across the news and social media. Come on, these things are location enabled devices. What did you expect?
Maze of Twisty Little Options
Posted: May 14, 2010 Filed under: Uncategorized | Tags: facebook, privacy Leave a comment »The New York Times sets out the Facebook privacy settings, a tangle of 50 settings and 170 options, in a graphic. Also, they note that the Facebook privacy statement now has more words than the US constitution.
Facebook’s Eroding Privacy
Posted: April 29, 2010 Filed under: Uncategorized | Tags: facebook, privacy, security Leave a comment »EFF’s blog post sets out a timeline showing how Facebook privacy has evolved. It’s gone from this
No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings
to this
When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. … The default privacy setting for certain types of information you post on Facebook is set to “everyone.” … Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.
And in another post they set out six things the new Facebook connections feature mean for the information in your profile. Matt McKeon visualises the chnages over time in a blog post The Evolution of Privacy on Facebook.
Adrian Perez sums it up like this
I joined Facebook under certain conceptions that it was a somewhat private place. [...] now it seems that there is something every month where they have started to sell or give more of my stuff to some company without my knowledge. Facebook, used to be fun and cool, but a large part of what I have to do on Facebook now is adapt to their changes on their terms….
Now I wouldn’t have posted about this [...] if I had not been personally affected by Facebook’s actions. I was with my girlfriend and we were listening to Pandora. I look at my Pandora player, and there is my girlfriend’s face (supplied by Facebook) staring back at me with some information about her tastes. This would not have been a problem, except she opted out of that program.We quickly learned you had to also ban each of the groups Facebook was sharing this data with, as well as hitting the opt-out checkbox.
This immediately congealed a sense of loathing for Facebook. It was a combination of their confusing interfaces, reneging on their former commitments, lack of privacy, and spammy newsfeeds.
You can get an idea of how Facebook views your control of your information in this clip of an interview with their CEO.
So, feeling exploited yet? Here’s how to delete your Facebook account
- Log in to Facebook
- Navigate to this URL http://www.facebook.com/help/contact.php?show_form=delete_account and follow the instructions.
- Log out and don’t log in again in the next 14 days. After that time your account will be deleted.
In all likelihood your data will remain on the Facebook servers for an indeterminate period after this, so you probably want to start by deleting all your profile information, applications, inbox/sent folders, networks and everything that you’ve posted.
Update1 : More Facebook privacy problems. Techcrunch is reporting that for a period of time private chats weren’t actually entirely private. Facebook say this has now been fixed.
Update2 : Think it can’t get any worse? MacWorld is reporting that if you visited certain sites while logged in to Facebook, an app for those sites was quietly added to your Facebook profile. Facebook say this was a bug and it’s now been fixed.
Update 3: Facebook leaks your internet connection’s IP address when you send a message or write on a wall. The person tha you sent a message to will get an email notification from Facebook. The header of that email has the IP address of your internet connection. That information can be used to discover, for example, where you are. The mail header looks like this (actual value obscured)
X-Facebook: from zuckmail ([xxxxxxxxxjM1LjE1OQ==])
“xxxxxxxxxjM1LjE1OQ==” is the base64 encoded IP address. Decode it to an IP address with Python
>>> import base64
>>> base64.b64decode("xxxxxxxxxjM1LjE1OQ==")
'xxx.xxx.xxx.159'
and use a GeoIP service to find the user’s location – in this case, Christchurch, New Zealand.
Update 3: The issue of Facebook leaking IP addresses has apparently now been fixed. Including the IP was apprently a spam control feature.
Google CEO On Privacy
Posted: December 9, 2009 Filed under: Uncategorized | Tags: google, privacy Leave a comment »When asked about privacy in an interview on CNBC Google CEO Eric Schmidt said ‘If You Have Something You Don’t Want Anyone To Know, Maybe You Shouldn’t Be Doing It’.
Bruce Schneier said this on the topic. Just as salient today as it was when it was written in 2006″
… Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these — as right as they are — is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
Two proverbs say it best: Quis custodiet custodes ipsos? (“Who watches the watchers?”) and “Absolute power corrupts absolutely.”
Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest — or just blackmail — with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies — whoever they happen to be at the time.
Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.
… Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide…
