About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Industry WatchThe Technological » Hall of Monkeys » Heroes Banquet)

Apple's Privacy Blowout (Consolidated)

A tale of several stories, all woeful, all inexcusable.


Buy It

Try It

BLOOPERTINO (Rixstep) — The web is awash with the scandal of Apple's privacy blowout. But it's actually several stories eagerly wrapping themselves into one.

Prelude

Not to forget Mark Pilgrim who foresaw all this years ago. Mark predicts Apple won't even have a computer OS in five years. He's been right about everything so far.

Dive into Mark: Tinkerer's Sunset

Story One

The German Big Brother Awards for 2011 slammed Apple for an impossible EULA that breaks local legislation. Apple were singled out for 'violations of basic human and consumer rights'.

Big Brother Awards
Big Brother Awards 2011
MacNotes: Big Brother Award für Apple
Rixstep Industry Watch: Apple Recipient of Not So Coveted Big Brother Award


Going beyond the pure lack of aesthetic, the committee cite actual violations of German federal law.

'Whenever a company wants to collect such data, the German Federal Data Protection Law requires the user's explicit consent. A simple checkbox 'I agree' during the phone's update procedure will probably not suffice here. Also, it is completely unclear how one might declare one's dissent to the sharing of data. The Federal Data Protection Law explicitly requires the consent to be voluntary in §4a. But imagine you just bought a device for several hundred euros and might not be able to use it unless you declare your consent to the 'Privacy Policy' - it is questionable, to say the least, that your consent will be voluntary.'



'You might wonder what you actually bought into when you acqured such a gadget. Which customer rights apply? Could you claim for a 'defect' when the terms and conditions are modified, possibly even at a later date, to the customer's disadvantage? Apple seems to be very confident - and most customers will reluctantly bite the bullet.'

'Other manufacturers prove that it is possible to offer such a product without compulsory assimilation of customer data. With Apple, though, the customer has no choice. To add software, he is forced to use iTunes or the AppStore, and therefore consent to Apple's conditions. It's a matter of sink or swim.'


Fanboy reaction? None. Good start.

Story Two

Backtracking a bit. Steve Jobs and Apple previously solemnly swore there'd be no 'Mac app store' and they'd never 'flip the switch' and lock out independent software. The switch is still there (but hasn't yet been flipped); the Mac app store is up and running.

Steve vehemently denied anything of the sort of course. But a birdie chirped to Rixstep and Rixstep published an article specifically designed to provoke the chicken littles to write to Steve so Steve could fall straight into the trap. And fall he did.

9 to 5 Mac: Rixstep Warns, Steve Says 'Nope'
9 to 5 Mac: Mac App Store, Verification? Steve Jobs: 'Nope'

Rixstep's Red Hat Diaries: Freedom
Rixstep's Red Hat Diaries: Apple's Mistake
Rixstep's Red Hat Diaries: The Steve Gambit
Rixstep's Red Hat Diaries: The Walled Garden
Rixstep's Red Hat Diaries: Code Sign of the Times

Rixstep Learning Curve: 10.6.6

Rixstep Developers Workshop: Hacking C0d3 S1gN

Rixstep Industry Watch: Steve's a Bad Bad Boy (Again)
Rixstep Industry Watch: Mac Developer Program Update
Rixstep Industry Watch: Mac Developer Program Update II
Rixstep Industry Watch: Steve Jobs to App Store for Mac: 'Nope'

Story Three

This brings you up to today.

Pete Warden discovers a sinister file on both his Apple mobile devices and on his Apple computer hard drive. It's called consolidated.db. It's evidently an SQLite file - something Apple have become increasingly enamoured with. Pete deciphers it and finds what's inside. And he writes a very simple but very effective app to show the world what's being stored on mobile devices and computers by Apple.

Git Hub: iPhone Tracker

The file is a track record of the movements of the user of an Apple mobile device ever since the introduction of the controversial iPhone 4. The worst part about it is it's not encrypted so anyone can get in there and retrieve it, no questions asked. Simple 'booby trap' sites can do a 'jailbreak' without the mobile user being aware and pluck up the whole thing.

And it was simultaneously revealed that law enforcement in the US are working with a cute new gadget called the 'UFED' that can pluck all this info not only from Apple mobile devices but from about 3,000 different types of similar devices.

Cellbrite: UFED Physical Pro

And a court in the US hands down a verdict stating that law enforcement can data mine anyone's mobile devices without a search warrant.

Red Tape: Court: No warrant needed to search cell phone

Blowout

These disoveries collectively lead to near pandemonium. Senator Al Franken gets in the act, writes an open letter to Steve Jobs demanding answers.

US Senate: Al Franken's letter (PDF)

Congressman Ed Markey, who'd previously pushed Jobs to the wall on privacy issues, pushes him again.

Rep Ed Markey wants privacy answers from Steve Jobs (again)

And finally it's time for the 'Maccie' blogosphere to get involved. D Fireball is always supportive of Apple unless something like this happens. He still wants to play the whole thing down but he does admit there must be something wrong with Apple policy and implementation.

https://twitter.com/daringfireball/status/61085543278198785
https://twitter.com/daringfireball/status/61085544486141953
https://twitter.com/daringfireball/status/61088060049342464


Best of all is his endorsement of the opinions of fellow Maccie blogger Andy Ihnatko which, although seemingly reasonably tempered and rational, end with a repeated request to get Apple to at least 'overwrite the file with all zeroes'.

Mack's Warnings

Security blogger Mack Diesel's written many a screed for publication at this site that outlines how these 'innocent' slip-ups are going to be anything but. All of this is nutritional food for thought and worth reading and thinking about.

Secure the Internet?
Writing on the Wall?
Nothing to Hide - Right?
How Lucky Do You Feel?



Apple Being Apple
Send in the Gardeners
'So much for anonymity these days'
Watch out AAPL, MSFT: GOOG are taking over
Privacy: Where We Are Now and What You Can Do (TL;DR)


With the latest app rejection being Google Voice, I am one step closer to selling off my iPhone products and focusing entirely on the Mac once more. I can't help but feel that I've wasted the past 9 months of my life building on a platform that is so hostile and anti-developer.
 - Justin Williams

What Sky?

Caution isn't something an Apple fanboy will readily wear. The online forums are already awash with the most astoundingly stupid comments imaginable - par for the course for an Apple crisis. Use caution - and err on its side. So you don't end up like the pathetic Maccies.

$ sudo -s
# cd /System/Library/Frameworks/CoreLocation.framework/Support
# rm consolidated.db
# ln -s /dev/null consolidated.db
# exit

See Also
The Technological: consolidated.db
Electronic Frontier Foundation: NSA Spying FAQ
Rixstep Learning Curve: Steve Jobs Consolidated
Rixstep/7: Apple Recipient of Not So Coveted Big Brother Award
USA Today: NSA has massive database of Americans' phone calls
O'Reilly: Got an iPhone or 3G iPad? Apple is recording your moves
CreditCards.com: Credit checks are required before iPhone activation
MacRumors Forums: Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues
Popular Mechanics: Should Cops Be Allowed to Scan Your Phone During a Traffic Stop?

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.