Your iPhone Keeps a Secret Log of Your Every Move


This is going to be a major PR nightmare for Apple. Security researchers Pete Warden and Alasdair Allen today announced that they have discovered that all iPhones and 3G-enabled iPads keep a log of your every move in an unencrypted file that is hidden inside the iOS filesystem. The files are backed up and restored every time you sync your phone with a desktop computer. According to the researchers, no other phone currently does this and keeping this data on the phone has wide-reaching security and privacy implications. The researchers also believe that this is an intentional move on Apple’s behalf and not just the result of a temporary log file not being deleted properly.

If you have an iPhone and a Mac, you can download Pete Warden’s iPhoneTracker application to see what data your phone has gathered.

What’s the Problem?

There is something rather interesting about seeing this data, but it is also rather creepy at the same time. Currently, the mobile phone carriers do keep a log of your location data. This data, however, is kept (relatively) safe and it takes a court order to get it. Indeed, as the data is backed up on your computer, whoever wants to know where you’ve been since you bought your iPhone 4 or iPad 3G can easily do so with Warden’s tool.

As the data is stored outside of Apple’s sandbox for regular applications that run on your iOS device, regular apps can’t access it, unless you have jailbroken your device.

It’s worth noting that none of your data is being transmitted to other devices or Apple’s servers.

How Good is the Data?

Looking at my own data, I noticed that Apple only seems to record your location when your cell phone connection is working. It did not record any data for trips through mountain passes without cell connections, for example. Sometimes the data is also a bit off, as it seems to be geared more towards the location of cell towers than data gathered from the phone’s built-in GPS.

On the device, the data is second-by-second. The iPhoneTracker tools deliberately obscures the exact location, too, and only shows it on a grid-like view. If you access the raw files, though, you will see that exact location and time stamps. Given that the code for the iPhoneTracker tools is open source, though, it’s only a matter of time before somebody will write an application that gives you easy access to the more granular data.

In the video below, Warden and Allen discuss how they found this data:

7:45 am

Mozilla's Asa Dotzler: "Chrome Team is Bowing to Pressure from Google's Advertising Business"


Among the major browser vendors, Google’s Chrome is currently the only one that has not signed on to use the Do Not Track feature that Mozilla has been lobbying for. While Microsoft, Apple, Firefox and Opera have either already implemented this feature or will do so soon, Google is still holding out. According to Mozilla’s director of community development Asa Dotzler, the “Chrome team is bowing to pressure from Google’s advertising business and that’s a real shame.” Indeed, Dotzler says in his blog post, this situation is similar to what happened when Netscape released version 7.0 of its browser.

For Netscape 7.0, which according to Dotzler “was basically Mozilla 1.0 with a Netscape theme and a couple of proprietary Netscape features,” Netscape decided to remove the pop-up blocker that Mozilla 1.0 had just developed. The Netscape team had to bow to the pressure of AOL/Netscape as those sites depended on advertising money (including pop-up ads) to fund their work. The next version of Netscape did include the pop-up blocker, but excluded all Netscape/AOL/Time-Warner sites from this by default.

Pressure from Advertisers – Or Something Else?

It’s hard to say if it’s really pressure from Google’s advertising side that is keeping Chrome from supporting the Do Not Track feature. In its current form, browsers that support this feature just sent a header to the server that tells the publisher and advertiser that this particular user is opting out from being tracked. In its current form, this feature is – at best – a public demonstration that you would like to opt out, but advertisers don’t have to honor it. Indeed, you can’t even know if advertisers have seen it and intent to respect your choice. As such, pleading support to a feature that currently has no real effect is pretty easy at this point.

This could change in the long run, though. Given that various government agencies have started to look into online tracking and its privacy implications, online advertisers have every interest in supporting this feature if they want to continue to self-regulate without interference from Washington. In the comments on his post, Dotzler rightly notes that it’ll be impossible to get 100% of advertisers to agree to using this feature. Once you get a majority of them on board, though, you can “shame the remaining 20% by telling the user when they visit those sites that those sites aren’t honoring their wishes”

So what do you think? Is the Chrome team under pressure from the rest of Google to ignore this Do Not Track feature? Or is Google just waiting to see what happens and will implement this later?

10:37 am

Don't Track Me: Google Makes Opting Out of Ad and Data Tracking Easy


About two years ago, Google launched a browser plugin that allowed users to opt out of the company’s ads tracking mechanism. By tracking your moves around the Internet, Google – and most other advertising companies – can ensure that you see relevant ads (read: ads you are likely to click) on the pages you visit. Today, just a few hours after Mozilla announced its plan to offer a do-not-track tool for Firefox, Google announced its own Chrome plugin that allows users to permanently opt out of personalized ads and data tracking from not just Google but a wide range of other online advertising companies as well.

According to Google, there are currently 50 advertising companies that are part of the Network Advertising Initiative (NAI), including the 15 largest ad networks, that will now let you opt out of data tracking through this plugin. While the add-on is currently only available for Google’s own browser, the company has released the source code on an open-source basis and plans to make it available for other browsers as well.

Keep My Opt-Outs Chrome Web Store

Until now, Google’s opt-out mechanism – and that of its competitors – worked reasonably well, but every time you cleared your browsers’ cookies, you would lose your settings. This new tool makes your choices permanent.

Once you have installed the plugin, you can head over to About Ads, the “Self-Regulatory Program for Online Behavioral Advertising” to check if the plugin works.

So what changes once you install the plugin? According to Google, “you may see the same ads repeatedly on particular websites, or see ads that are less relevant to you.” Not much of a price to pay if you want to keep your browsing habits a bit more private.

Clearly, Google isn’t doing this just out of the goodness of its heart. There has been a lot of pressure on online advertising companies to enhance their users’ privacy. In the U.S., for example, the FTC just issued a major report on Internet privacy in December that endorses the idea of a “do-not-track list.” Instead of dealing with federal regulations, the advertising industry would obviously prefer to self-regulate and plugins like this are a step in this direction.


10:47 am