Forgot your password?
typodupeerror
IOS Privacy Upgrades Apple Your Rights Online

iOS 8 Strikes an Unexpected Blow Against Location Tracking 323

Posted by Unknown Lamer
from the waiting-for-obvious-patents dept.
schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'
This discussion has been archived. No new comments can be posted.

iOS 8 Strikes an Unexpected Blow Against Location Tracking

Comments Filter:
  • by fuzzyfuzzyfungus (1223518) on Tuesday June 10, 2014 @03:13AM (#47200833) Journal

    Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

    I would be more optimistic if it weren't for the fact that Apple went and deliberately developed "iBeacon [wikipedia.org]", more or less deliberately designed for every sort of horrid 'location based service' and 'relevant offer' crap in the book.

    Architecturally, hunting for wifi networks with a spoofed MAC is a good idea; but it sure does look like Apple is cutting an attempt to track their phones the non-blessed way off at the knees, even as they actively provide a blessed way of doing it.

    In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

    They want to be sure that you find the experience of being sold tasteful and unobtrusive; but they aren't actually your friends, nor do they consider your hardware purchase to be sufficient to exempt you from being the product.

  • by wonkey_monkey (2592601) on Tuesday June 10, 2014 @03:18AM (#47200861) Homepage

    The point, obviously, is that you can't be identified by the access points you don't connect to.

    Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?

  • by Anonymous Coward on Tuesday June 10, 2014 @03:21AM (#47200863)

    You make a good point. However, iirc, a user can completely diasable their iPhone's from repsonding to iBeacons. So even under the "blessed" way, a customer's privacy is still within their personal control.

  • by Anonymous Coward on Tuesday June 10, 2014 @04:00AM (#47200987)

    The only difference is that they don't like to share..

    Yes they do, they even say so in their privacy policy: “[Apple will] make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers.”

    In fact, if you read their privacy policy, you'd realize Apple gathers up about as much personal information on users as any other big tech company. The main difference is they say they don't connect the dots.In fact, they've been and are being sued for sharing too much user data...

    Personal user data big part of any technology company's business model these days. Even Apple.

    http://motherboard.vice.com/bl... [vice.com]

  • by justcauseisjustthat (1150803) on Tuesday June 10, 2014 @04:11AM (#47201005)
    Big difference iBeacon needs to be enabled per app, the user has control! Here the user was scanned without their consent, this new privacy feature is awesome.
  • by Tom (822) on Tuesday June 10, 2014 @04:41AM (#47201087) Homepage Journal

    Apple went and deliberately developed "iBeacon"

    Which works by Bluetooth, not WiFi, and it's basically a Bluetooth broadcaster. Also, it is opt-in.

    In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

    That you can opt out of [osxdaily.com].

  • by Tom (822) on Tuesday June 10, 2014 @04:46AM (#47201111) Homepage Journal

    Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.

    You know you can turn it on and off selectively, yes? Allowing certain apps to use it, but others not?

  • by SuricouRaven (1897204) on Tuesday June 10, 2014 @04:51AM (#47201123)

    No, it still provides your MAC to the network. Doing otherwise would break things - static DHCP reservations for one. It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.

  • by pmontra (738736) on Tuesday June 10, 2014 @05:24AM (#47201229) Homepage

    They don't connect the dots for everybody for free. Become a strategic partner (that is: find a way to bring them more money) and they'll be happy do connect the dots for you. So don't be naive: Apple cares about its customers only when it can turn that care into profit.

    BTW, this app [google.com] does the same on a rooted Android device.

  • Umm, no (Score:4, Informative)

    by Viol8 (599362) on Tuesday June 10, 2014 @06:56AM (#47201467)

    It actually randomised the MAC address. Its been a long time since MACs were burnt into ROM and couldn't be changed. On Linux you can do it using ifconfig or one ioctl() in C.

  • by Splab (574204) on Tuesday June 10, 2014 @07:53AM (#47201659)

    I think you are confusing standards with the real world.

    Your device is constantly beaconing to the entire world around it, what networks it knows - and it will often quite happily connect to annyone claiming to be that home network, enabling for all sorts of fun snooping attacks.

    Go lookup creepyDOL network and the presentation for same from Def Con.

  • Re:Umm, no (Score:4, Informative)

    by gmack (197796) <gmack@in n e rfire.net> on Tuesday June 10, 2014 @07:59AM (#47201685) Homepage Journal

    RTFA, It only randomizes on scan and goes back to the original MAC address when it connects.. You are correct that it is easy to change the MAC address, but that doesn't change the fact that randomizing the mac address on connect would break things like DHCP reservations or MAC based white lists.

  • by Anonymous Coward on Tuesday June 10, 2014 @09:27AM (#47202215)

    They actually don't. CoreLocation does not operate unless an app has requested it. If it does operate, it doesn't send anything to apple unless you specifically opted in. If you did specifically opt in, it sends anonymised, randomised data, rather than actually tracking you.

  • by Tom (822) on Tuesday June 10, 2014 @09:49AM (#47202369) Homepage Journal

    When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer?

    Google mades a bit over $14 billion revenue. Just under $13 billion of that is from advertisement.

    Apple makes the vast majority of its $54 billion revenue on hardware, a small part ($4 billion) on software and iTunes sales and its advertisement revenue is so small it vanishes somewhere under "services" and I couldn't quickly find a number for it.

    Ask yourself which company is more likely to sell out your data to advertisers. The one that makes 90% of its money from them and 10% from you, or the one that makes 98% of its profits from you and 2% from them.

  • Apple doesn't care as much about profit after the fact because they got 45% off of you as soon as you bought their phone.

    Even if you turn off every function on your phone--including the phone--and kept it in airplane mode the whole time like some sort of absurdly expensive iPod, Apple already made a profit.

    Apple cares about your privacy insofar as it allows them to put a bullet-point on the box that they can use to distinguish themselves from Google's model. Google needs information to make a profit. They make virtually no money off of Android itself; that's why buying a Nexus is so cheap.

    Essentially, Apple can afford to be stingy with information, and can afford for YOU to be stingy with YOUR information. Google can't.

    I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.

  • by ColdWetDog (752185) on Tuesday June 10, 2014 @10:32AM (#47202763) Homepage

    Yeah. Like the Open SSL bug. That just took, what, fourteen years to find?

    This is Internet time, not geologic time.

  • by Plumpaquatsch (2701653) on Tuesday June 10, 2014 @11:09AM (#47203101) Journal
    https://www.apple.com/legal/privacy/en-ww/ [apple.com]

    Privacy Policy

    Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

    ...

    Disclosure to Third Parties

    At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and your carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and your carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.

    Service Providers

    Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.

    Others

    It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

    We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

The number of computer scientists in a room is inversely proportional to the number of bugs in their code.

Working...