The conclusion about a "general place at a general time" seems entirely true when you're on a highway, moving quickly and hopping infrequently to large distant cell towers. No wifi points anywhere close. Just like the chosen example.
I bet its entirely different when you're in any kind of built-up area. Wifi points every few hundred meters, small cell towers every kilometer or two. I bet in those situations, someone could derive a pretty close record of "your moves". Even if the individual points jump around, you're presumably hopping cells and seeing new Wifi APs every few minutes - even when you're just walking around your house or your office - and that data can be triangulated.
I think the OP is right inasmuch as Apple probably didn't set out to track users as much as keep track of connected wifi & cell APs. That doesn't mean the data won't be enough to track movements in urbanised areas.
I'm not the author. But I believe the O'Reilly researchers claim that the co-ordinates logged are of the device itself. It is not clear at all that this is true and the author of this post presents some evidence that would suggest otherwise.
Sure, the article is a reasonable refutation to that part of the O'Reilly claim, and that is an important fact to clarify.
The article goes further though, and claims it's "not 'recording your moves'" and is just a "general place at a general time". I don't you can say that point-blank. As stated, I think that it's going to be entirely location-dependent as to whether the database can be treated as a "record of your moves" or not.
The author says he was using his phone and the GPS often.
If they wanted to track your moves and you have turned on the GPS, why doesn't it just, y'know, use the GPS data? Instead Apple tries to track your moves using cell towers?
Seems like the only way this would be a record of your moves would be by coincidence.
To quote from my original comment:
Apple probably didn't set out to track users ... That doesn't mean the data won't be enough to track movements in urbanised areas.
Whether this is really a scandal, I don't know. But it certainly seems surprising to me.
My understanding is hte iPhone doens't actually have a GPS receiver in it at all. It only uses a fuzzily defined "assisted GPS" which is basically based completely on 3g towers.
The original iPhone had no GPS and always used cell tower triangulation. This varied a lot - I remember in Manhattan, NY it could track me almost to the street number; on the other hand I once turned it on in a moving car in rural NSW, Australia and it drew a circle approximately 500km in diameter.
The device location is not logged in this database at all.
What it does is log the locations of all cell towers that it can communicate with at a point in time. So for a given timestamp, there will be dozens of points logged. So while the data will be able to say "You were somewhere in downtown Pittsburgh at 1:59PM on Monday", it won't be able to say "You were at 517 Liberty Ave at 1:59 on Monday." Also, timestamps for existing towers are updated whenever they are mapped an additional time. So if I was downtown again on Thursday, no one would be able to tell from my data that I had been there on Monday.
See my previous comment in another thread for more detail:
Yep, it's called cell id location. I worked in mobile phone location about 8 years ago and you could find a rough position (about 200m radius IIRC) and we used it as a first pass. That was on GSM networks, 3G cells are smaller.
The FAQ has nothing to do with it. Nobody is contesting that cell tower location information is being used. The differing claim is this: the O'Reilly researchers claim that the co-ordinates logged are those of the device itself and these co-ordinates are possibly calculated using cell tower triangulation, while this blog post claims that the co-ordinates logged are those of the cell towers themselves rather than the device.
Because for a given timestamp, the iphone logs dozens of cell towers. So while you might be able to tell I was in Pittsburgh on Monday, you won't be able to figure out what address I was at.
but isn't the important thing whether or not these are public or private, and whether you have control over them? the precision of the location may affect some use cases, may not affect others, but doesn't strongly affect why this is important or not (on the other hand, it;s the kind of thing people can have a nerd fight over, which seems to be a big attraction...)
The piece is specifically positioned as a retort to a somewhat sensationalist O'Reilly piece, and in that context it's perhaps decent. But this headline alone on HN is at least as sensationalist - redefining "your phone is tracking your movements between cell towers with a general accuracy of 2km or less" to "your phone is not recording your moves" is just newspeak.
Argue that the accuracy makes the data less usable for nefarious purposes, or argue the (much more pertinent to my mind) point that your carrier already has high-accuracy historical info and this really just puts similar historical info in your hands as well, point out that law enforcement can easily get the carrier info without ever even touching your iDevice, but don't try to claim that this is not recording location info attached to you.
It's a long time since I worked on mobile phones but in GSM the phone has to keep an internal of the tower it's connected to and the nearest neighbours in order to manage handover smoothly (ie. With dropping calls). I suspect 3G is similar.
In GSM the phone also had to know the distances to each tower +/-500m in order to adjust the timings for communication with the tower.
(It's 8 years since I did is stuff so memory might be off on the numbers a bit :-)
I just used the original headline from the blog. You're correct that it makes sense in context, but that is why the "recording your moves" part is in quotes. It's a direct quote from the O'Reilly headline.
Anyway the larger issue is that it is not clear exactly what information is being logged. We know some location info is vulnerable, but exactly what and how much? The O'Reilly researchers really should have done a better job. The least they should have done was to run some controlled experiments with a freshly wiped phone.
First off, information is only logged when using Location Based Services. So if you never load up Foursquare or Google Maps, you have nothing to fear. Also, you can totally disable LBS in your settings.
Secondly, it's only maintaining a single record for each cell tower and updates the "last seen" timestamp. So while it can tell you the last time I've been to a specific area, it can't tell you how often or when I've been there previously.
A better statement is: "Apple is not intentionally recording your moves."
What they're instead doing is, when possible, retrieving cell network / SkyHook (wifi) data about Lat./Long. for towers/APs that your device can see and when it last saw them.
This is for the Location service that an iOS device offers, so that if you choose to provide your location information to an app and it can't get a good GPS lock - this cached information is used to provide a "best guess".
In addition, it's used to provide an accelerated guess as GPS gets a lock (it's the "+" in GPS+).
The timestamp is to provide "last best location". I'm sure the rest (MACs, tower IDs, etc.) can be used to triangulate a better fix based on what's visible and what signal strength to each location is like.
The device caches this information locally because the Lat./Long. of a cell tower / AP will not change - but the timestamp for the last time your phone has "seen" it could be updated, without having to re-hit Apple's servers for the details.
It's being done because: storage is cheap, the amount of data doesn't take much space for thousands of points, it reduces server talk, and it speeds up your GPS/location acquisition for apps that you wish to use it with.
Apple's only mistake is that they didn't encrypt this information. Outside of that, the only other thing they could have done would be to store it purely in RAM - but RAM is at more of a premium (in MB) than flash storage (in GB).
They use an A-GPS chip. The "A" in A-GPS stands for assisted, which means it can be assisted by the cell towers to help find the GPS satellites more quickly. Because of the connection with the cell network, some confuse its capabilities with plain triangulation. It will continue to function as a plain GPS device in the absence of cell service, however.
Most of the points on my map correspond exactly with known locations of my carrier's towers, so the explanation makes sense. However, there are dots in locations where there are no towers. I don't think it is WiFi locations because I do not see any of the places I commonly use WiFi.
You don't need to connect to the network for it to be recorded.
The Skyhook-alike ( Apple rolled its own: http://blogs.wsj.com/digits/2010/07/30/skyhook-loses-a-big-f... ) tech works because your device is able to poll available wireless AP MACs, even if you don't sign into them or know the password. 802.11 headers have a MAC frame that's always broadcast in the clear.
Interesting analysis that strongly suggests the coordinates are for cell towers, not the iOS device.[1]
Personally, the fact that the file is in a cache directory path, and that some people don't have much data, or any, suggests to me that some programmer forgot to trim his cache or picked a ridiculously large size before he decides to trim.
"locationd" wants to know the coordinates of the cell towers you communicate with in order to triangulate your position without turning on the GPS, and it doesn't want to eat the battery by querying servers all the time. That argues for a cache of the towers you frequent. It's only one bug or poorly chosen constant from there to the situation people are reporting.
[1] That still reports your travels in gross terms and is a problem in need of a fix.
Which can be a good thing, if, say, you get kidnapped, or someone gets murdered and they're trying to retrace their steps. What's not a good thing is if there's no one "watching the watchers".
The only way this could be more hair-splitty is to argue "Apple isn't tracking you, it's tracking your device". Yes, there are valid reasons for this to exist. Doesn't change my user perspective that this is an electronic trail I do not want readily accessible.
Is it really "readily accessible"? It's on your phone, and in backups on your computer if you've synced your phone.
So to access it, a person needs access to either your phone or computer. But if they have access to your phone or computer, is a cache of cell towers you've connected to really a significant concern compared to the other things the accessor could get ahold of from either of these devices?
I've had phones stolen enough that I'd say "yes, too accessible" - your mileage may vary.
Timestamped travel information generally equates to "hey, this guy returns home between 7 and 8:30 most nights, works in the office five days a week, and here's where his home is". It's no great stretch to equate that to "he will not be home during this time frame" and suddenly a lost phone turns into a much larger burglary.
There's also plenty of larger privacy concerns, but even just the out-and-out-crook scenarios should be concerning enough.
The iPhone is not storing travel history information. It's only storing a "last seen" timestamp for each cell tower. And again, the most accurate they'd be able to get was "this guy was within 500 meters of these dozens of cell towers at 5PM, and with 500 meters of these dozens of other cell towers at 7PM." They'd in no way be able to get your physical address, unless you lived alone in the countryside.
But the data is not that important, relatively. The assumption is that some "Bad Guy" has gotten a hold of your phone. Here's a list of other vectors that this person could use to identify you, your residence, etc.
1) Your cell number is going to be readily available from the device itself. Using this, he'll be able to look up your address information in the Address Book.
2) Unless you notice the missing device right away and change your passwords, this guy also has access to your email accounts. Ever order anything online? Your address is most likely in your emails.
3) Ever use Google Maps? They can look at your recent searches. "3 different searches originating at 123 Main St? Might be his home address"
4) Phone app. Recent calls/favorites. With a little social engineering, your address is known. "Hi, I found this phone on the ground, can you tell me where they live so I can drop it off?"
There is a bit of a logical fallacy here. He says "the data is not extremely accurate", "metadata indicates apple intended to store locations of access points", "therefore the phone is not traking your location".
That's simply false. It is tracking your location, regardless of how accurately it's doing it, and irrespective of Apple's intentions.
That means someone reading the data can know roughly where you where when, the direction you where traviling in, and how fast you going.
Does that mean Apple set out to track you? No! But it does mean that your phone is tracking your position, all the time, everywhere you go, and is storing that data in a way that is not protected from exploration by any third party that happens to acquire access to it.
That's a serious bug, and is worth a little sensationalism.
I actually think my honest opinion on this fiasco is "someone can derive a user's movements from this database, but how big a deal is it really?"
I still think this should be fixed, Apple should explain it and release an update that pares it down to the bare minimum data for whatever function it serves.
However, let's honestly go through the implications of this:
- The user's cell provider already knows this. [1]
- If someone "owns" the user's phone then they can get their movement history. But that's at a point where they can track the user's current movements anyhow, so that's lose-lose there - the only difference is the historical angle.
- If someone steals the user's computer/phone they can get their previous history up until then. That's bad, but I bet nearly everyone has more sensitive private information available on their computer hard disk or their iPhone's internals - stuff that would be more exploitable than historical location data.
- Someone could maybe sneak private API calls into a legit app that sent this database somewhere else. No idea how feasible that is. However, if they can do that then it's pretty close to the "ownage" scenario described above - they can probably do anything anyhow.
If it comes out that Apple is sending this data back to Cupertino for some nefarious purpose then that is very bad as well, but I bet that's not the case.
Basically by having it stored locally, it lowers the barriers to accessing data, so that it is no longer restricted to law enforcement people seeking telco data.
That changes a lot of things.
For instance imagine you're a police informant or undercover cop: a technically savvy mob would be silly not to hoover up the location data of everyone in their org, which could lead to some interesting discussions.
For instance imagine you're a police informant or undercover cop: a technically savvy mob would be silly not to hoover up the location data of everyone in their org,
Sure, but if they have root or physical access to the phone (which they need) they can install a realtime tracking snooper to follow you around instead.
I agree this lowers the barrier, but fundamentally it seems to come down to - if you don't want people knowing where you are, don't carry around a GPS-enabled always-on computer in your pocket!
The point to be made here is that Apple's provided almost universal, historical snooping capabilities without any individual actors having to get James Bond on the situation. Every iOS device has the potential to reveal someone made a trip to a police station, or spent a lot of time in a suburb that doesn't match with a particular story.
The fact that people of sufficient technical capability and motivation can always install traffic snoopers with greater resolution / utility doesn't change any of the above?
I suppose this situation is a little like the Firesheep release. Things could already be exploited, but by reducing the effort and skill required it significantly changed the security / privacy situation.
Your final point is a bit of a false dilemma, because Apple can just fix the issue to remove that particular security concern. Of course the device is still tracked by networks, but as discussed the barrier to access that information is probably high enough for many people.
>Every iOS device has the potential to reveal someone made a trip to a police station, or spent a lot of time in a suburb that doesn't match with a particular story.
Sure, it has the potential. But only if the idiot was dumb enough to check into jail from Foursquare (or otherwise use a Location Service).
One would hope that a technically savvy mob would just disable location services on their iPhones in the Settings app and not track this information to begin with.
My guess is that this is just an implementation optimization. Probably analogous to lookupd caching DNS lookups. The developers probably didn't think anything of it.
Even lookupd caches could be represented in similar light: "Your Mac secretly records the websites you visit in a hidden file." It's just that we're all used to (and understand) DNS lookup caches, and locationd and location lookups are relatively young.
It remains unclear what Apple's motives were in collecting this information and regardless of how accurate the collected information is, I think the larger concern is that the database is unencrypted (although it does require root access) and is uploaded to a users computer upon backup.
How can the iPhone determine the location of a cell tower (or WiFi access point) just by receiving its signal?
While it seems obvious from that analysis that it is indeed logging the locations of the towers rather than the phone, I am more interested in how it derives the locations for those towers.
It could simply have a lookup table, but that would mean every iPhone has a lookup table of every cell tower (GSM and CDMA) as well as WiFi point in the world - with a globally unique identifier and location - as part of the OS. Which seems pretty implausible.
If it's doing a remote lookup, then it must be polling some service to determine the location of every CellID it seems. Something like OpenCellID (http://www.opencellid.org/) or Navizon http://www.navizon.com/) is what I mean. If so, it would effectively be broadcasting your location in real-time. This is equally implausible, as it just seems like the kind of thing we'd have heard about by now through OS investigation, or even just "why is my battery draining so quick".
It could conceivably triangulate the tower itself, but that's implausible as a) the phone's GPS would have to be active (see battery issue above) and b) it couldn't possibly be accurate unless you were effectively spiralling around the emitter.
It can't be getting it from the signal itself, as "emitter location" sure isn't part of the WiFi spec and I'd be amazed if it was in GSM or CDMA.
How else can the iPhone know (or estimate) the GPS coordinate of cell towers?
I'm not entirely familiar with the protocols in use, but I assume the cell towers publish their GPS coordinates.
When my carrier installed a new tower in my area, Google Maps would start with my location hundreds of miles away until the GPS locked on. It eventually corrected itself, but I assumed at the time that they had the wrong GPS coordinates entered for that cell location.
There are dots on my map for places I have never been, so I don't think it is coming from the on-board GPS receiver.
I can't comment on the website itself somehow. But here is my comment.
While you may be correct (and I think you are, because Apple has previously mentioned that they use such data to map tower locations) but I have a few counter points to your article (may not refute your main conclusion):
1. Even Cell Triangulation can be way off depending on a lot of factors. I use it regularly on my Android phone with Tasker for some profile purposes and it gives me worse results most of the times than actually working with exact tower ID that I am seeing. I've seen it being as off as upto 5 kms
2. The location data is collected for other countries as well, not just for the parent network within US. Out of the various articles from various people, they have seen data from all places where they used cell services, including abroad like Japan, India, etc. The data only seems to be missing when they don't have a cell service.
3. What irks me is that why they need to store this data on the device and PC? Even if they were building their own cell tower database, it should be done and done once apple gets the data. Why would they keep a whole history about it on the phone and PC? Maybe it is an oversight? But I can't find any reasonable explanation for this.
I've been playing around with the source today (planning to take a closer look at the file itself tomorrow). While there are definitely a fair amount of anomalie, even without removing the intended obfuscation in iPhoneTracker it still tells a good story. After adjusting the accuracy of the GPS grid and changing the animation to daily, it was easy to track where I had been.
It would probably be hard to track to any specific address (that's what I am looking into now) but by matching date with the coordinates it was trivial to see where I went for: 4th of July, my friends bachelor party and wedding, Halloween, Thanksgiving and New Year's Eve... among other events.
I looked at my data, and it didn't know that I had spent a whole lot of time at the office last week, but it did know the cell towers along the way to my friends house when I used Google Maps.
It is only updated when you use a location based service. Google Maps, Places on Facebook, Twitter, Foursquare and the like. I don't use anything besides Google Maps and only to get information on how to get to certain locations. Honestly I am not to worried about it.
By the way, this same information is already tracked and stored by the mobile networks themselves, and can be obtained by the government with a warrant (or likely by organizations like the NSA or CIA without one, given recent precedents).
"Cellular service providers generally retain information about phones’ contacts with towers, including which tower(s) each phone contacted during any given check-in, and which “face” of the tower(s) the phone contacted."
It looks like the original O'Reilly post was a bit imprecise.
On one hand, it says "your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file."
Later on, it mentions a "a list of hundreds of thousands of wireless access points that my iPhone has been in range of". This suggests that the list is one of cell towers (and perhaps Wi-Fi routers ?), but not actual device locations.
Not many people seem to be noting this, but I think it bears noting that it seems very much true that Apple isn't tracking anything; your iPhone is.
There are legitimate potential worries about that, but "ZOMG Apple is Big Brother" is the kind of rhetoric that keeps people confused and afraid about security to the point that they do screw themselves over.
tl;dr... All it’s showing is cell tower location heatmap, which is anywhere within a 2 to 3 mile radius. (Basically what city you are in.)
Cue false outrage... Endless CNN coverage.
Trolling rant: Meanwhile, US phone carriers, advertisers, and the government have known your location within 9 feet, ever since the warrentless wiretapping scandal. To the point that NSA, has a direct fiber split of all AT&T customer internet traffic. http://webcache.googleusercontent.com/search?q=cache:Rm4GQZm... America, choose your battles and get a grip on reality.
Has anyone looked at the coordinates in the Wifilocation table?
For cell towers, iOS has access to coordinates from the tower's signal itself. For Wifi, the best approximation would be the GPS location of the device. Unless it associates Wifi APs with nearby cell towers, or "fuzzes" that location.
I bet its entirely different when you're in any kind of built-up area. Wifi points every few hundred meters, small cell towers every kilometer or two. I bet in those situations, someone could derive a pretty close record of "your moves". Even if the individual points jump around, you're presumably hopping cells and seeing new Wifi APs every few minutes - even when you're just walking around your house or your office - and that data can be triangulated.
I think the OP is right inasmuch as Apple probably didn't set out to track users as much as keep track of connected wifi & cell APs. That doesn't mean the data won't be enough to track movements in urbanised areas.