The iPhone 11 Pro's Location Data Puzzler (krebsonsecurity.com) 74
Brian Krebs: One of the more curious behaviors of Apple's new iPhone 11 Pro is that it intermittently seeks the user's location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company's own privacy policy. The privacy policy available from the iPhone's Location Services screen says, "If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."
The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off"). When one does this, the location services indicator -- a small diagonal upward arrow to the left of the battery icon -- no longer appears unless Location Services is re-enabled. The policy continues: "You can also disable location-based system services by tapping on System Services and turning off each location-based system service." But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.
The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off"). When one does this, the location services indicator -- a small diagonal upward arrow to the left of the battery icon -- no longer appears unless Location Services is re-enabled. The policy continues: "You can also disable location-based system services by tapping on System Services and turning off each location-based system service." But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.
Re: (Score:2)
cuz that's what you are if you go pro with the iPhone.
Really no more than any other phone. Have you looked at all the Android aps that grab your data? https://www.cnet.com/news/more... [cnet.com]
Re:Apple needs a new "reamed" emoji (Score:5, Informative)
Yeah, but the difference is Apple lies and states this doesn't happen. "What happens on your iPhone, stays on your iPhone."
False advertising isn;t something that should be defended
Re: (Score:3)
Yeah, but the difference is Apple lies and states this doesn't happen. "What happens on your iPhone, stays on your iPhone."
Absolutely. What happens on your iPhone stays on your iPhone. But your iPhone spots a Wifi router nearby, and tells Apple where that WiFi router is. That's not information that was ever on your iPhone. It's not your information. It's information about a router. Which is kind of public information, because your iPhone, in no way related to the router, could detect it.
Re: (Score:1)
But your iPhone spots a Wifi router nearby, and tells Apple where that WiFi router is. That's not information that was ever on your iPhone. It's not your information. It's information about a router. Which is kind of public information
Bullshit.
Because if that information is tagged with what phone it came from then Apple has just sent my location back to them. That is my information.
Also EVEN if it was just the router location... if that router is only observable on private property (eg inside a building with a metal frame) and it is a private router, then it most definitely is NOT public information.
Re: (Score:2)
Really no more than any other phone. Have you looked at all the Android aps that grab your data? https://www.cnet.com/news/more [cnet.com]...
Android is fine with root and without Google play services. As for Android apps that grab your data that's a much different issue than the underlying operating system doing it. At least with apps you can pick which ones you want to install on your device. On Android you can use iptables to firewall apps you don't fully trust from the Internet.
All devices (Score:1)
All modern devices are going to poll your location. There're just too many useful things that can be done with it.
If you don't trust whoever is gathering the data to use it in a benign / privacy sensitive manner, don't use the device.
Re: (Score:1)
Issue with this is, Apple claims that this doesn't happen, in fact they claim the exact opposite ("What happens on your iPhone, stays on your iPhone"). Its not as simple as "If you trust whoever is gathering the data", its the fact they are claiming they don't collect it at all, and yet here they are doing it.
Re: (Score:2)
What they really should do though is decouple location services from this reporting functionality. I should be able to have location services turned on for other applications while deciding no
Re: (Score:2)
There're just too many useful things that can be done with it.
There're just too many ways that monetizing can be done with it.
FTFY.
Re: (Score:2)
Re: (Score:2)
Re:All devices (Score:4, Informative)
Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.
It's it right in the TFA.
"If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."
That's Apple using location services to build a database of wifi hotspots, to be used to improve their products and services, which makes them money.
Re: (Score:2)
https://slashdot.org/comments.pl?sid=15338782&cid=59488660
Re: (Score:1)
Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.
What if (deep breath) they're lying?
Re: (Score:2)
https://slashdot.org/comments.pl?sid=15338782&cid=59488660
Re: (Score:2)
That's just what they want you to believe. Since the deep state new world order secret society has taken over the gubmints, they can pass all the fake laws they want to keep us calm while the chemtrail commandos round us up and put us in the secret FEMA concentration camps. It was just on FOX News so it's gotta be true.
Re: (Score:2)
Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.
The problem is the theft of data in the first instance not whether or not those doing thieving are turning a profit.
Re: (Score:3)
I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?
Re: (Score:2)
It's rather difficult to go about detecting whether or not some company is violating their users' privacy unless you allow the government unparalleled access to companies' information and could determine if you've even been given all of it since no company would just hand over incriminating documents. The government won't even ap
Re: (Score:2)
Government gets to do all sorts of things others can't. That is fair because the government is by the people, for the people, while corporations are by the rich, for the rich. I wouldn't want a private company policing me, would you? Private fire companies would be (and were) a nightmare. Some things are best done by government alone.
As to what the legislation would look like, have you heard of HIPAA? It works fairly well at keeping your medical information private, and there is a huge profit motive for sha
Re: (Score:2)
That is fair because the government is by the people, for the people, while corporations are by the rich, for the rich.
You can't possibly believe this.
Re: (Score:3)
Of course I do. Corporations are, on the whole, psychopathic. Government works well when we, the people are active in managing it.
The problem is that we get lazy. Look at history, and you will find many examples of our government doing great things. We regulate the terrible behavior of "evil" types (psychopaths, narcissists, and paranoid personality disorder) and create a wealthy, prosperous society. But that prosperity causes us to become lazy, and we forget how active we had to be to create it. Evil creep
Re: (Score:2)
First, there is no stark disagreement over government for most first world nations. We may not like our current government, but we all fundamentally agree that democracy is the best method for peaceable transition of power and self rule that humans have yet found. Period.
Second, as a shareholder without a controlling share, a seat on any boards, or a network of wealthy owning class friends, you mean nothing to the people who do have access to such levers of control. You are a sheep, waiting to be fleeced.
Go
Re: (Score:2)
I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?
I can't believe I'm saying this, but I actually trust Apple a slight bit more than I trust the US, CA, or Cupertino governments.
But I'm not buying an Apple product anytime soon, because I can no longer hold my breath waiting for sensible legislation.
Re: (Score:2)
In the USA, we have government by the people, what is known as a "democratic republic." If you don't like the way it works, you yourself can do something about it. It's not a tyranny imposed from above like Russia or China. Write your representatives, vote, get others to vote, or even run for office yourself. If things are not how you like them, and you've done nothing to rectify that fact, you are part of the problem.
Re: (Score:2)
Write your representatives, vote, get others to vote, or even run for office yourself.
If this issue were dear enough to you, what plan would you personally enact that would end with Apple being legislated out of the ability to flick on location services to geotag cell and wifi radios?
Maybe just a high level outline of what a letter might look like that would convince your representative(s) to do what it would take to pass such legislation, assuming they had enough to trade to get it there. Who they are and how you'd convince them to take up your cause over other lobbying efforts they may b
Re: (Score:2)
To be honest, this issue is fairly low priority for me. Maybe after we address rampant wealth inequality; our terrible, overpriced health care system, and our housing crisis I'll have more time to worry about issues like this.
I'm just saying, claiming "all government sucks and is incapable of doing any good" is pure propaganda.
Re: (Score:2)
I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?
I can't believe I'm saying this, but I actually trust Apple a slight bit more than I trust the US, CA, or Cupertino governments.
But I'm not buying an Apple product anytime soon, because I can no longer hold my breath waiting for sensible legislation.
Ok, so, in the meantime, you'll (remain?) on Android, where you absolutely know your data (and not just your location!) is being mined and sold long, wide, and con-tinuously, right?
Makes sense to me!
Re: All devices (Score:1)
Makes complete sense. Apple charges a lot more, based on a fraud that you privacy is more protected. Sure, pay more if you like, for an illusion. Android is more open, do really it's more likely that onerous features will be discovered. Apple thrives on an opaque "trust us" closed design.
Re: (Score:1)
Ok, so, in the meantime, you'll (remain?) on Android, where you absolutely know your data (and not just your location!) is being mined and sold long, wide, and con-tinuously, right?
https://lineageos.org/ [lineageos.org]
Android is open source. You have a real choice.
Re: (Score:2)
I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?
The purpose of this is not collecting the location of your phone. The purpose is collecting the location of wifi routers. If Apple has the location of many WiFi routers, then your devices can figure out their location (which is something you want) by checking which WiFi routers are nearby and asking Apple for their location. That database of locations of WiFi routers needs to be updated when you move home and take your router with you, or when someone buys a brand new router.
Here's the question: Apple s
Re: (Score:2)
I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?
I would rather see existing Anti-trust laws vigorously enforced.
Re: (Score:2)
Why not both? I mean, do you think HIPAA is a failure? It works, and compliance is not that expensive. We can protect privacy with good laws.
Re: (Score:2)
Why not both? I mean, do you think HIPAA is a failure? It works, and compliance is not that expensive. We can protect privacy with good laws.
I disagree with this characterization. HIPPA Compliance is an extra 9 billion a year process oriented rather than results oriented tax on top of an already out of control insanely expensive health care industry.
You can't legislate corporations into being nice because they will always outsmart and or capture the regulators. The only way to protect people is to insist upon vigorously competitive markets.
LOL, suuuuuuuure (Score:1)
"...will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple"
"Anonymous", lol, sure it is. No one could ever de-anonymize data like that. It's impossible, there's no way it could ever be done. The system is totally 100% safe and will never be compromised, ever.
Re: (Score:1)
"...will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple"
"Anonymous", lol, sure it is. No one could ever de-anonymize data like that. It's impossible, there's no way it could ever be done. The system is totally 100% safe and will never be compromised, ever.
Why would that even need "anonymizing"?
The point of the data-collection is not to target the individual User's location; but rather the location of near-by WiFi hotspots and Cell Towers. All that is necessary to transmit is to say "An iPhone (never mind who's) located at (GPS location) can "see" WiFi Hotspots located at (their reported locations) and Cell Towers located at (their reported locations).
Until you can prove that they are transmitting the User info, and selling/sharing it with anyone outside of w
Re: (Score:2)
then I suggest you take them at their published word.
Why of course I will, no corporation would ever lie about what they're doing, and especially not Apple.
data charges (Score:2)
Re: (Score:2)
Stop posting this scam/spam
One swipe (Score:5, Insightful)
with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").
Is this some new definition of "one swipe"?
Re: (Score:2)
I just built an entire web site by pressing one key, the "enter" key... after doing literally all of the other work that doesn't count.
Re: (Score:2)
I just built an entire web site by pressing one key, the "enter" key... after doing literally all of the other work that doesn't count.
At least that’s deterministic. I had a compiler once that took at least three tries to build the same code without errors.
Re: One swipe (Score:1)
"By holding down this special key it plays a little melody"
Re:One swipe (Score:4, Informative)
Navigating != swiping.
Re: (Score:2)
It's just one swipe...after about a half dozen taps to get there.
Re: (Score:1)
with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").
Is this some new definition of "one swipe"?
Really? Parent is "Insightful"?
What "Insight" have we been favored with? The ability to count UI actions? Woooo...
Re: (Score:2)
Is this some new definition of "one swipe"?
The one swipe will be Apple swiping your location data, like it or not.
Re: (Score:1)
Stop posting this scam/spam idiot
Really? (Score:3)
mobile phone are not communication devices (Score:1)
it intermittently seeks the user's location info (Score:2)
We know where you live. (Really.)
Catching up to Google, Protecting from Google (Score:5, Informative)
Google/Android has been doing this for years. This is pretty much why you can get a somewhat reasonable location in your browser if you have wi-fi on a laptop without gps.
Here [mozilla.org] you can see Mozilla mentioning Google in the Geolocation API docs (very bottom of the page if the tag didn't work).
Here [google.com] is a privacy policy I dug up on Google that also mentions this.
The Firefox Geolocation Feature will make requests to Google only if you tell the feature to do so. For information about your choices, please consult the Firefox privacy policy.
So this is basically Apple trying to build a location database all of their own so they don't have to rely on Google for location information.
Re: (Score:2)
Google/Android has been doing this for years. This is pretty much why you can get a somewhat reasonable location in your browser if you have wi-fi on a laptop without gps.
So this is basically Apple trying to build a location database all of their own so they don't have to rely on Google for location information.
This chronology is backwards. Apple has been doing this via Skyhook since long before Google play services even existed.
These location tracking schemes are evil and wrong not just for those being unwittingly tracked but for the operators of WiFi APs who were never asked if they wanted their systems to be located and leveraged in this way.
Re: (Score:2)
The Firefox Geolocation Feature will make requests to Google only if you tell the feature to do so. For information about your choices, please consult the Firefox privacy policy.
Google asks during Android setup whether you want to use enhanced location services, and explains to you that it will use WiFi APs for that purpose. So it's not a secret when Google does it, either.
Apple is the one who started this, not Google (Score:2)
Apple used to use a similar database leased from Skyhook [wired.com]. But in 2010 they surreptitiously change
Re: (Score:2)
Yes, but the difference is that in Android if you turn it off it is actually off.
Settings -> Location -> Wifi and Bluetooth Scanning
You also have fine grained control over which apps can use location services and if any data is logged or shared with Google. You can easily verify it does what it claims to in the same way they verified that Apple are lying.
You're so important (Score:3)
Face it, knowing your location is useless to Apple. If anything they make you feel important just by tracking it. I mean how much value can be extracted by knowing your location? Probably an F ton less than you've deluded yourself into believing.
Re: You're so important (Score:1)
"Just relax and everything will be all right "
Re: (Score:2)
Face it, knowing your location is useless to Apple. If anything they make you feel important just by tracking it. I mean how much value can be extracted by knowing your location? Probably an F ton less than you've deluded yourself into believing.
Are you joking or is this genuinely your belief?
Not a mystery (Score:3)
They simply lied.
One swipe does not seem to mean one swipe... (Score:2)
The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").
How can this statement be true? Is there really a single swipe that goes through ALL those screens? Sometimes Apple is really full of shit...
It might not be apple. (Score:1)
New "Find My..." (Score:4, Interesting)
https://www.wired.com/story/ap... [wired.com]
One could guess the periodic updates are this happening.
The state wants to know your location (Score:2)
You cannot opt out of profiling for the state, because that would be unlawful. Somewhere, your location history needs to be tracked and correlated against the locations of crimes and dissent against the state.
So - Apple is doing the right thing after all (Score:4, Informative)
From the article:
“Ultra wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” an Apple spokesperson told TechCrunch. “iOS uses Location Services to help determine if an iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations.”
“The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data,” the spokesperson said.
That seems to back up what experts have discerned so far. Will Strafach, chief executive at Guardian Firewall and iOS security expert, said in a tweet that his analysis showed there was “no evidence” that any location data is sent to a remote server.
Finally (Score:2)
Mod parent up. Ten pages of frothing conspiracy in a low-information context and finally someone just looks up the relevant regulation in the spec.