Apple Logs Your iMessage Contacts - And May Share Them With Police: The Intercept 61
The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Siri on Mac (Score:5, Insightful)
Re: (Score:2)
Even the turn-on dialog for Siri on the Mac says it will go through your Contacts list so Siri can 'know more about you'. Not good.
Siri has a turn-on dialog with you? I didn't know they released that feature of Siri to the public yet.
Heh
Re: (Score:2)
Re: (Score:1, Informative)
Even the turn-on dialog for Siri on the Mac says it will go through your Contacts list so Siri can 'know more about you'. Not good.
Would you rather it didn't warn you? The fact is, Siri is OFF by default on macOS; so if you are that privacy-conscious, you don't HAVE to "Opt-IN".
Sheesh! You'd have a point if Siri was ON by default and/or it didn't warn you BEFORE it scanned your Contacts.
Oh, and you don't HAVE to use MacOS' Contacts list. I NEVER have. The ONLY Contact I have EVER had in my macOS Contacts/Address Book for the past 16 years is my own.
Re: (Score:1)
Re: (Score:1)
I'm sure if there is any proof of Apple spying on Users, You'll be the first to tell Us, right? Or are You saying You have that proof now? Or, is it more likely Apple has been completely above board knowing if They lie, even a little, it could destroy Their brand forever?
What lying? TFA stated that Apple had claimed something they really hadn't, and then excoriated them for somehow doing something they didn't say they didn't. Yes, that's a bunch of double-negatives; but it demonstrates the convoluted logic of TFA's claims.
Here: This commenter [slashdot.org] said it more clearly.
Re: (Score:1)
After you've had your morning, or noon, coffee you might realize what I was saying was that not only is your iPhone capable of spying on you, but now your Mac can too, all while Apple has been gettin up on stages and spouting how concerned they are about your privacy. After reading through the privacy notice about Siri I decided not to turn it on when I upgraded to Sierra.
So the warning was helpful to you. How is this news?
Re: (Score:1)
"Would you rather it didn't warn you? The fact is, Siri is OFF by default on macOS; so if you are that privacy-conscious, you don't HAVE to "Opt-IN".
Oh 'macs4all' your fanboi is shining through again. Nobody said Siri was on by default. And you are right, Apple did the right thing by shipping it off and making it opt in (hello Microsoft Cortana -- are you listening! I bet you are... because you're on by default!)
Nevertheless, once turned on Siri is much the same privacy sucking nightmare Cortana and Google are. The fact that it's off by default doesn't change what it is if you turn it on. Its literally the headline feature of the OS update; so talking a
Re: (Score:1)
Nevertheless, once turned on Siri is much the same privacy sucking nightmare Cortana and Google are.
Nope, sorry. That is incorrect.
Siri on MacOS (and also Siri on iOS 10) does its level-best to do as much as it can "client-side", directly on your Mac/iDevice. This is VERY different from Cortana an Google's "voice assist" stuff, which take every opportunity to send every utterance to their respective motherships.
If you would bothered to have watched the WWDC keynote, Apple talked at length about the lengths they have gone to make Siri, Dictation, and Spotlight do as much as they possibly can directly o
Re: (Score:2)
I'm not sure that the main thrust of your argument is entirely relevant here, because the context is that its slurping your contacts into icloud, which is definitely not anonymized in anyway.
It does this so that siri on your phone knows about the contacts on your desktop, just in case you ask about them. Is this not correct?
That said, I concede that calling it the same privacy nightmare as cortana and google is overstating it too much. Siri / icloud has many, but certainly not ALL, of the same privacy issue
Re:Siri on Mac (Score:5, Informative)
In the case of Siri on the Mac, however, the information is kept on-device, as I recall. In contrast, the situation discussed in the summary involved information that was never being kept strictly on-device and that Apple never claimed was private information that they weren't capable of accessing (which makes the "despite what Apple claims" seem a bit odd). Anyone who had ever glanced through Apple's (quite easily readable) white papers on their security measures would know that they had never made those claims.
According to Apple, iMessage conversation follows roughly this pattern (it's been at least six months since I brushed up on the specifics, so I'll definitely be glossing over quite a few details):
0) At some point in the past, Alice and Bob established Apple IDs, turned on iMessage, provided one or more pieces of contact info by which they could be identified by others via iMessage (e.g. e-mail, phone number), and then linked devices to those Apple IDs. During the process that links a device to an Apple ID, the device generated a fresh private-public key pair and provided the public key to Apple.
1) Alice creates an iMessage intended for Bob and presses send.
2) Alice's device opens an encrypted connection to Apple and indicates to Apple that it wishes to send an iMessage to the Apple ID associated with a provided piece of Bob's contact info.
3) Apple looks up the Apple ID associated with that contact info and returns the set of public keys associated with Bob's Apple ID, one per active device he owns.
4) Alice's device encrypts the iMessage once for each of Bob's devices (using the keys from step 3 so that only Bob's devices can decrypt them), then sends them to Apple. Metadata is included to help Apple route the correct messages to the correct devices.
5) Apple receives the encrypted iMessages and pushes them down to each of Bob's devices.
6) Apple keeps a log of recent messages so that they are able to perform various operations, such as syncing the Read status between Bob's devices after he reads the iMessage on one of them.
All of which is to say, Apple never claimed that they didn't know who you were talking with and when it was happening. Rather, they claimed the exact opposite, since that information is necessary for the operation of iMessage. The fact that they keep a log of information that was always available to them is both unsurprising and something that they had already disclosed. What they actually claimed was that your communication with that other person was end-to-end encrypted such that they couldn't get access to the content of the messages, and that remains true, so far as we know.
Guilty by association? (Score:4, Insightful)
You know, back in the Soviet Union you at least only got locked up and shot if your father was a crook, but in the free world it's already enough to know one.
Re: (Score:2)
Can't be, we don't turn the jammers on by default, that must be a mista... I mean, I have no idea what you mean.
Re: (Score:2)
You think Hillary can save us? The laws don't apply to her, so we already know where this will go. Tyranny for every American, except the Clinton Crime Family.
Worse, American public is mostly impulse-driven, which leads to familiarity and inner-thoughts of popularity. Read to the end of this comment before getting pissed, because single sentences don't explain the entire picture, please, people. In other words, Clinton has a bonus with so many people because they're biased in her direction because they've seen and heard of her before, and saw her as a past political figure. Plus, many women will vote just to see a woman in office next. NO NO NO, don't flameba
Re: (Score:2)
I didn't say "unless she doesn't". I said, " unless she's found to have broken more laws that make it impossible, or health issues."
Read: things that make it absolutely impossible for someone to make it into office based on law, even if they receive the majority vote count.
If she doesn't have a health problem that prevents her from making it in, and she doesn't have a criminal offense that can't be covered up, she'll make it in. I don't even know why I'm responding to a troller. Because I don't, unless I
Re: (Score:1)
People are more driven by television than reality, hence the reason advertising is structured the way it is
Actually, if history is any judge, Lyin' Trump will be the next President (Cthulu help us!) and instead of Lyin' Hillary (Cthulu help us!) because for the simple fact that Trump is the TALLER candidate. Plus, it doesn't help that he's a male, and even many females still believe that "President" is "man's work".
Seriously. Look it up (the height bias). Doesn't work as much for the Electrical College; but for the Popular Vote, it is true more than 2/3 of the time.
And if you watched the Debate, at the end
Re: (Score:2)
Damnit! Your data is solid (electrical college was a good laugh BTW, thank you).
In these situations, it's frustrating to not have in-line and stable data sources for evaluation. I hate People. Not you, not you. Just People with a capital P.
Re: (Score:1)
Damnit! Your data is solid (electrical college was a good laugh BTW, thank you).
I've called it that for so long I have to stop and think to say "Electoral"... ;-)
I hate People. Not you, not you. Just People with a capital P.
Yeah, well most people here hate me, too; so either way is ok, I guess!
But I hear ya. I generally hate "People" (Capital "P") as well...
Re: (Score:2)
No worries there mate. I am one of those people who aren't voting for either of them. Call my vote wasted, and that is fine, I couldn't vote for McCain, Obama, or that Mormon guy. I couldn't vote for GWB, Kerry, or Gore. And so on back to about Reagan (when I was young and stupid) whom I voted for. But that was the last of the two party candidates I actually voted for.
People misunderstand my attacks on Hillary as being "Pro Trump", which only exposes their illogical binary logic, "If you not for me, you're
Re: (Score:2)
No president can save "us". But collectivism thinks the "us" we elect, can save the "us" we are. Because we (us) end up shirking any responsibilty we (us) have to save ourselves. And then, we wonder why 8 years of Clinton, 8 Years of Bush, 8 years of Obama and we're not "saved" yet (and quite possibly worse off than ever).
So, Boo me all you want, but my views are on my profile, and you can review them all you want. Hillary is just another in a long line of people promising things she cannot deliver. I have
Re: (Score:3)
And exactly what do you think the ultimate corporate shill will do about corporate privacy transgression?
Make an insincere speech while taking millions of dollars of donations from the people she's speaking against?
Demand some flawed, ineffectual, and loophole-riddled legislation that will never pass in Congress?
This might come as a galloping shock, but President != Emperor
the never-ending story (Score:3)
Don't Stand So Close To Siri (Score:1)
So there's a chance of Tantric SMSs from Sting?
News flash (Score:1)
If you think for one moment that Apple, Google, FB, Twitter, etc don't log shit, don't share your shit with law enforcement/government, or even remotely give two fucks about your privacy.... you need to get your head out of your ass.
Do you really think the board of directors gives a flying fuck about you? They care about making money.
Does this really surprise anybody? (Score:4, Insightful)
The message contents are encrypted & "zero knowledge", but I'm not aware of a method to route messages between user devices with "zero knowledge".
Tor makes it more difficult to trace, but it's not impossible when you have the NSA's resources.
Re: (Score:2)
Why build a really secure end to end global network when different nations have mil or legal requests?
Secure the public end and comply internally.
Where that data is plain text again is the access point of 5 eye nations, their staff, ex staff, former staff and any their party nation who helps.
OMG! (Score:1)
OMG! Apple logs pretty much what any half-decent firewall or web server logs every time anyone sends a request/packet through it: source, target, timestamp.
Shock! Horror! Headphone jacks! ...
Seriously, people are clutching at straws now.
And about location. Sure, an IP address can give you a location, if you consider "I'm somewhere in the Mall, or adjacent areas within reach of the wif signal" a "location".
It's not exactly granular. And with ISPs deploying carrier grade NAT (more common that you might think)
Re: (Score:2)
I heard it's so bad they are even logging when you use your headphone jack.
Ha! They're screwed - I have an iPhone 7!
Re: (Score:1)
OMG! Apple logs pretty much what any half-decent firewall or web server logs every time anyone sends a request/packet through it: source, target, timestamp.
These things are not even remotely similar.
Really? What's the difference? Edumacate us.
Re: (Score:2)
OMG! Apple logs pretty much what any half-decent firewall or web server logs every time anyone sends a request/packet through it: source, target, timestamp.
Exactly. And unlike most firewalls and web server logs, Apple at least purges this every 30 days. Plus, they have a big ol' disclaimer that the information does not reflect that any actual communication took place. That disclaimer is more than enough for any half-braindead 1st year law student to stand on for "reasonable doubt".
And about location. Sure, an IP address can give you a location, if you consider "I'm somewhere in the Mall, or adjacent areas within reach of the wif signal" a "location".
It's not exactly granular. And with ISPs deploying carrier grade NAT (more common that you might think), IP address based location is worthless.
And isn't that exactly what the Courts have told Rightscorp, et al, when they have tried to sue based solely on an IP address?
Plus, this is even (much!) less information than a tra
In case you don't know by now... (Score:1)
...if YOU don't encrypt it, it is NOT encrypted.
That goes for metadata, too.
Re: (Score:2)
How do you deliver the messages if the recipient is encrypted (and you don't have a key to read it), and you already know the sender?
Tor tries to make it harder to trace, but it's not impossible to defeat.
Re: (Score:1)
...if YOU don't encrypt it, it is NOT encrypted.
That goes for metadata, too.
So, please explain to me how a system that uses Apple's servers (or anyone's for that matter) would work, where the source and destination addresses were not in the clear.
They kind of have to log the IP Address (Score:5, Insightful)
Since you need that to route using the internet protocol. And, yes, it is possible to attach a location to an ip address. Which may not necessarily match your real location.
Envelope Information (Score:5, Insightful)
This is hardly new news. Envelope information is available on many platforms.
Apple cooperates fully with the law. The parts that make the news are when they correctly construct some part of their system such that they don't have the key to it, and refuse to do their best to crack it.
The fact that Apple logs their own queries to route messages (each one can be delivered over their network, or over SMS) is unsurprising. The fact that they deliver a log should be completely unsurprising. iMessage is end to end encrypted, but that doesn't mean it magically loses the need to be routed. When you send an iMessage, your destination address is a PHONE NUMBER. The fallback delivery message is SMS. Of course it needs to have some method of figuring out who gets an iMessage and who gets an SMS.
Seriously! (Score:4, Interesting)
Who seriously believe that anything they do via their smartphone, are not snooped on by some governmental institution?
Re: (Score:2)
Here, make your own!
https://learn.adafruit.com/pip... [adafruit.com]
Don't trust your phone! (Score:2)
Or rather don't trust your "Mobile Surveillance Device" that, to add insult to injury, you paid for yourself. It is as simple as that.