Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPhone Geolocation storage

From: "Ivan ." <ivanhec () gmail com>
Date: Fri, 29 Apr 2011 09:39:50 +1000
and now tom tom as well

http://crave.cnet.co.uk/cartech/tomtom-admits-to-sending-your-routes-and-speed-information-to-the-police-50003618/

On Thu, Apr 28, 2011 at 9:35 AM, Ivan . <ivanhec () gmail com> wrote:

stevie says it just a bug, a patented bug

http://gawker.com/?_escaped_fragment_=5795442/apple-patent-reveals-extensive-stalking-plans#!5795442/apple-patent-reveals-extensive-stalking-plans

On Wed, Apr 27, 2011 at 8:46 PM,  <nix () myproxylists com> wrote:

M$ are in the love in

http://news.cnet.com/8301-31921_3-20057329-281.html

On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivanhec () gmail com> wrote:


Interesting write up, and apparently old news....




If you have jailbroken your phone, just use cydia and search for tool
'Untrackerd' to fix this issue. This background process reset the file
periodically.

I have always said this, after you have JB'd your iPhone, then it becomes
a phone :) I hated that apple's bullshit where your phone is completely
tied to itunes unless you jailbroke.


https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis () seiden com> wrote:


yes, that's right.  on one of the forensics lists someone pointed out
that
he started google maps for 6 seconds
and ended up with 1253 locations in the cache, all with the same time
stamp.  those would be potential known
locations in your neighborhood.

much fuller disclosure in

http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

including that the some of the location data comes from.... google.

it looks like everything gets anonymized, aggregated to 5 digit
zipcodes,
and max retention of 6 months, but don't
talk much about what the device does except when it uploads data.

the congressional disclosure, while it makes me feel better about
location
data, contains a few choice items like



it's unclear how apple can keep app developers from retaining location
data.  which doesn't seem forbidden by apple, only by law.

it's also unclear why they keep really old data in the cache on the
phone.
 cache bloat results for little benefit.

the android doesn't do time-based pruning either and has a similar
location cache with the same data it.

it appears to me that since the keying is by mac address or the tower
id
that there will only be one timestamped item for
each of those.  so if you go around the same neighborhood repeatedly,
the
same data will be in the cache.   so not exactly
tracking, just recency.

but it would seem prudent to both specify and implement the briefest
retention of the location data that was possible to perform
the function expected by the user.


On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote:



I've been poring over my phone's data, and I'm not sure if the

resolution is

just very low, or if it's logging the locations of towers and not my

phone.


Ex: http://imgur.com/2m5tO

I'm going to xref with FCC databases soon to try and find out.

B

(Not speaking for Cisco, only for myself and with nobody's approval)

On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor () gmail com> did

declare:



Already twitted today.
Pretty scary btw. I hope there's not the equivalent for Android.

antisnatchor




------------------------------------------------------------------------


Thor (Hammer of God) <mailto:thor () hammerofgod com>
April 20, 2011 9:05 PM


For those of you who have not seen this yet:

http://radar.oreilly.com/2011/04/apple-location-tracking.html

Description: Description: Description:

cid:image001.png@01CBA43F.5B83F2A0


/There's no reason to think "outside the box" /

/if you don't think yourself into it. /

**

*My newest book: "Thor's Microsoft Security Bible
<

http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597

495727C:/Users/thor/Documents/Cakewalk>"
*

**

*Timothy Thor Mullen
thor () hammerofgod com <mailto:thor () hammerofgod com>*

*http://www.hammerofgod.com <http://www.hammerofgod.com/>*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: