As I get am getting older, my am turning more and more into my parents, especially when it comes to my changing thoughts about privacy. Yes, I am an active on twitter and post to this blog, but I am becoming more aware of what my online activities say about me, and (possibly more importantly) where my online activities are happening.
Recently two security researchers discovered that Apple’s iPhone keeps track of a user’s location and saves that information to a file that is stored both on the device and on a user’s computer when they sync or back it up in iTunes. They even created a Mac OS application that can show you where you have been using the backup files stored in iTunes.
Link to the story here.
I have a 4Square account, but I don’t use it a whole lot. Occasionally I will include GPS data with twitter post, but that is always by choice, and I can easily delete it later.
However, knowing that my location history is stored on the phone and in iTunes still bothers me. I don’t have a choice to opt-out of this data gathering. There is no evidence (right now) that the information ever leaves my phone or iTunes, but it also isn’t encrypted. I am not an expert in computer security, and I no longer work for Apple, but even I can think of 5 ways to get this data from someone’s computer without them knowing and very little work. I am not sure it can be used for evil, but does it really need to be there?
I downloaded and tried the application the researchers created. I was able to produce an interactive map of the location data for the past several months. You can see when I am near my home, when I have gone to the office, and on what days I went to bowling. You can see when I traveled to Chicago for business, or Colorado to deal with some family stuff. You can see where I went for my birthday vacation. Just by looking at the data you can tell I drove from Miami to Key West.
View the map by clicking here:
[cvg-video videoId='5' /]
It will be interesting to see how Apple responds to the news that the phone is gathering this much information.
UPDATE (as seen on Americablog and confirmed with my own settings):
…it’s actually much worse than the video shows. The guys who uncovered this, and who made it possible for you to see your own data, have washed the data slightly – it’s FAR more detailed than my video shows.
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
UPDATE 2 (From CNN):
Democratic Sen. Al Franken, Minnesota, fired off a letter[pdf] to Apple CEO Steve Jobs late Wednesday demanding to know why the company’s iPhones and iPads are reportedly compiling secret data tracking customers’ whereabouts when they use or carry their devices.
A self-described hacker and a former Apple employee say they recently discovered secret lines of code in Apple’s latest operating system known as IOS-4 and, in an article released Wednesday, say it contains data showing consumers’ whereabouts every time they use or even just carry a web enabled iPhone or iPad. … The Minnesota Democrat wants to know why Apple is collecting the data, how it is generated, why it’s not encrypted, and why Apple customers, “were never affirmatively informed of the collection and retention of their location data.”
Franken also asks Jobs to explain who this information has been disclosed to, including Apple.
Update 3 (From Apple’s Privacy Page):
Collection and Use of Non-Personal Information:
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
Location-Based Services
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
Some location-based services offered by Apple, such as the MobileMe “Find My iPhone” feature, require your personal information for the feature to work.
I understand that Apple says it is supposedly anonymous, but the data is also not encrypted within iTunes. If you have access to another person’s macintosh, even for a short period of time, you can gain access to this data. I know a lot of people, especially people with desktop Mac’s and iMacs who do not have the machine password protected.
