The Apple spyPhone (contd.)

Posted on by

It’s fascinating to see what happened overnight on this story. Firstly, lots of people began posting maps of where their iPhones had been, which is a clear demonstration of the First Law of Technology — which says that if something can be done then it will be done, irrespective of whether it makes sense or not. Personally I’ve always been baffled by how untroubled geeks are about revealing location data. I remember one dinner party of ours which was completely ruined when one guest, a friend who had been GPS-tracking his location for three years, was asked by another guest, the late, lamented Karen Spärck Jones, if he wasn’t bothered by the way this compromised his privacy. He replied in the negative because he had “nothing to hide”. There then followed two hours of vigorous argument which touched on, among other things, the naivete of geeks, the ease with which the punctiliousness of Dutch bureaucracy made it easy to round up Dutch Jews after the Germans invaded Holland in the Second World War, the uses to which location data might be put by unsavoury characters and governments, Karl Popper and the Open Society, etc. etc.

Michael Dales has a couple of interesting blog posts (here and here) about the iPhone data-gathering facility. And, like all geeks, he’s totally unsurprised by the whole affair.

It seems rather than worry geeks, most of us find the data amazing. I suspect that’s because most of us know that this data could be got otherhow anyway – all it really shows is where your phone has been, and the phone operators know that anyway – and I typically trust them a lot less than I trust Apple (not that I think Apple is angelic, it’s a shareholder owned company, but I generally have a more antagonistic relationship with phone companies than I do Apple). So the fact the data resides on my phone is handy – if I was worried about people tracking where my phone goes then I’d never turn it on.

Michael also sees positive angles to this.

If you have a Mac and want to see where your iPhone has been (and then, like most people, post it to the Internet :) then you can get the tool to do so here. What I think is potentially really exciting is what you can do with the data now that you have access to it, not just your phone company. Quentin has already had the idea that you could use it to geotag your photos, which would be awesome, but how about things like carbon calculators, trip reports, and so on?

This post attracted a useful comment from ScaredyCat which gets to the heart of the problem:

The brouhaha isn’t just about the data being stored, it’s about the data being stored unencrypted. I love data like any geek but you do have to wonder why the data is being collected in the first place.

Precisely. What the data-logging and storage facility means is that your iPhone is potentially a source of useful confidential information for people who would have no hope of obtaining that information legally from a mobile phone network.

This point is neatly encapsulated by Rory Cellan-Jones in his blog post:

This obviously has intriguing implications for anyone who possesses one of these devices. What, for instance, if you had told your wife that you were off on a business trip – when in fact you had slipped off to the slopes with some mates – and she then managed to track down your iPhone location file? (I should stress that this is an imaginary scenario).

For divorce lawyers, particularly in the United States, the first question when taking on a new client could be “does your spouse own an iPhone?” And law enforcement agencies will also be taking a great interest in the iPhones – or iPads – of anyone they are tracking.

The other interesting thing about the spyPhone story is that, according to Alex Levinson, it’s an old story. He says that

Back in 2010 when the iPad first came out, I did a research project at the Rochester Institute of Technology on Apple forensics. Professor Bill Stackpole of the Networking, Security, & Systems Administration Department was teaching a computer forensics course and pitched the idea of doing forensic analysis on my recently acquired iPad. We purchased a few utilities and began studying the various components of apple mobile devices. We discovered three things:

* Third Party Application data can contain usernames, passwords, and interpersonal communication data, usually in plain text.
* Apple configurations and logs contain lots of network and communication related data.
* Geolocational Artifacts were one of the single most important forensic vectors found on these devices.

After presenting that project to Professor Stackpole’s forensic class, I began work last summer with Sean Morrissey, managing director of Katana Forensics on it’s iOS Forensic Software utility, Lantern. While developing with Sean, I continued to work with Professor Stackpole an academic paper outlining our findings in the Apple Forensic field. This paper was accepted for publication into the Hawaii International Conference for System Sciences 44 and is now an IEEE Publication. I presented on it in January in Hawaii and during my presentation discussed consolidated.db and it’s contents with my audience – my paper was written prior to iOS 4 coming out, but my presentation was updated to include iOS 4 artifacts.

Thanks to David Smith for passing on the link to the Levinson post.

The Apple spyPhone

Posted on by

Oxford to Cambridge and then London from Alasdair Allan on Vimeo.

Fascinating video of location data routinely and covertly gathered by an iPhone belonging to research Alasdair Allen. I came on it via an intriguing Guardian story which reported that

Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.

“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Pete Warden, one of the researchers.

Only the iPhone records the user’s location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. “Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any,” said Warden. “We haven’t come across any instances of other phone manufacturers doing this.”

Lots more information (plus a downloadable open source application that enables you to locate the file containing your location data history) on Pete Warden’s site. He’s got some helpful FAQs, including these:

What can I do to remove this data?

This database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes. One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device.

Why is Apple collecting this information?

It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.

Is Apple storing this information elsewhere?

There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.

What’s so bad about this?

The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

It’s interesting that the mobile operators also keep this data, but the cops have to get a special order to access it. (Which they often do, as we find out in evidence to murder trials, for example.) But anyone who gets access to an iPhone (or, it turns out, a 3G-enabled iPad) can get it without going through any legal palaver.

Interesting, ne c’est pas? n’est-ce pas?

(Thanks to Duncan Thomas for correcting my French.)

Larry Page: saying FU to Wall Street

Posted on by

Refreshing rant by Henry Blodget.

Wall Street has reacted to the first quarter in the Page regime by tossing the stock overboard. Larry Page is spending way too much, Wall Street says. Larry Page isn’t communicating well enough. Larry Page couldn’t even be bothered to spend more than a couple of minutes on the earnings call with Wall Street last night. So to hell with him!

Lost under the outrage, of course, is that Larry Page may be doing exactly the right thing: Focusing on Google and Google’s products and users, instead of Wall Street.

Wall Street loves to be made to feel that there is nothing that matters more to a CEO than Wall Street. But Wall Street’s focus is relentlessly short-term: Wall Street cares about this quarter and next quarter, not the next 10 years. And although short-term performance certainly provides an indication about where a company is headed, for the long-term value of the company itself, it’s nearly irrelevant.

If Google is to wrest back the mantle of innovation leadership from Apple and Facebook, it needs to focus on the long term. It needs to revitalize the culture of innovation that defined the company in the beginning. It needs to make big, bold bets that cost a lot of money. And it needs to address its biggest weaknesses. In short, it needs to do exactly what Larry Page and Sergey Brin said Google would do when it went public seven years go: Focus on the long-term, not the short term, and make decisions that won’t make short-term investors happy.

Yep. All of which confirms the wisdom of the decision the Google boys made before their IPO — to have two kinds of share, much as the Sulzbergers set up the stock structure of the NY Times. The founders control the shares which decide the issues; and, in the end, Wall Street can get stuffed.

Google and the coming war

Posted on by

Fascinating — and perceptive — Forbes column by Ben Horowitz, the big-time venture capitalist, on what the changes at the top of Google really signify.

Recently, Eric Schmidt stepped down as CEO of Google and founder Larry Page took over. Much of the news coverage focused on Page’s ability to be the “face of Google” as Page is far more shy and introverted than the gregarious and articulate Schmidt. While an interesting issue, this analysis misses the main point. Eric Schmidt was much more than Google’s front man; as Google’s peacetime Chief Executive, he led the greatest technology business expansion in the last ten years. Larry Page, in contrast, seems to have determined that Google is moving into war and he clearly intends to be a wartime CEO. This will be a profound change for Google and the entire high-tech industry.

This is a really interesting piece which, among other things, points out that most management textbooks are written for ‘peacetime’ CEOs. Worth reading in full.

News-U-Like

Posted on by

This morning’s Observer column.

Way back in 1996, the distinguished American journalist James Fallows published Breaking the News: How the Media Undermine American Democracy, a remarkable study of the pernicious effects of broadcast television on democracy.

Among the phenomena he examined were the relentless trivialisation implicit in soundbite politics, the obsessive insistence that every political issue – no matter how complex – has only two sides and the tendency to treat every political controversy as if it were a football game and every election a horse race. But, en passant, Fallows also highlighted an equally disturbing trend – towards market-driven news: that is, news agendas that are driven not by some professional assessment of what's important and relevant, but by research into what viewers like and respond to. Put crudely, such an approach leads to news programming that plays down politics and economics in favour of coverage of crime, celebrity and sport. News-U-Like, as it were.

Earlier this month, Fallows decided to revisit this territory by embarking on a study of contemporary online news media…

The ‘End of History’ Man — on photography

Posted on by

A story about associative linking that would make Ol’ Vannevar Bush proud.

I’ve been reading reviews of Francis Fukuyama’s new book The Origins of Political Order: From Prehuman Times to the French Revolution and wondering whether to buy it. It looks interesting. And then I came on a Newsweek photo essay about him which included an intriguing photograph of him with his camera case. That’s when I discovered that he was a serious photographer, so of course I then went looking for his pictures, but before I got to any I found this essay by him on WSJ.com.

Let’s begin with how photography has changed. Ansel Adams’s iconic images of the Sierras were taken with an 8-inch-by-10-inch view camera, a wooden contraption with bellows in which the photographer saw his subject upside-down and reversed under a black cloth. Joel Meyerowitz’s stunning photographs of Cape Cod were taken with a similar mahogany Deardorff view camera manufactured in the 1930s. These cameras produce negatives that contain up to 100 times the amount of information produced by a contemporary top-of-the-line digital SLR like a Canon EOS 5D or a Nikon D3. View cameras allow photographers to shift and tilt the lens relative to the film plane, which is why they continue to be used by architectural photographers who want to avoid photos of buildings with the converging vertical lines caused by the upward tilt of the lens on a normal camera. And their lenses can be stopped down to f/64 or even f/96, which allows everything to be in crystalline focus from 3 inches away to infinity. (Ansel Adams, Edward Weston and Imogen Cunningham were part of a group called “f/64” in celebration of this characteristic.)

Perhaps the most important feature of these older film cameras was their lack of convenience. They had to be mounted on tripods; it took many minutes to shoot a single frame; and they were hardly inconspicuous. In contrast to contemporary digital photographers who snap a zillion photos of the same subject and hope that one will turn out well composed, view camera photography is a more painterly activity that forces the photographer to slow down and think ahead carefully about subject, light, framing, time of day, and the like. These skills are in short supply among digital photographers.

Older cameras were far better built. A few years ago I was given a Leica M3 once owned by my uncle, who joined the U.S. Army to get out of an internment camp for Japanese-Americans during World War II. He was sent to Germany where he acquired the Leica around the time I was born. This camera, with its f/2 Summicron, a classic, fast, tack-sharp lens, still takes beautiful pictures. How many digital cameras will still be functioning five years from now, much less 50? Where are you going to buy new batteries and the media to store your photos in 2061?

Where indeed? It turns out that Fukuyama is also an audio buff with strong views on the capacity of MP3 compression to ruin audio quality.

And of course I had to check out what a GigiPan Epic 100 would cost. Answer: £414 on eBAY.

The Windsor-Middleton merger: is anybody interested?

Posted on by

Lovely quote from the Economist.

I HAVE yet to come upon anybody in Britain who is remotely interested in the impending royal wedding, let alone excited by it, and I pride myself on the range of people I talk to. The newspapers keep trying to drum up some excitement (The frocks! The double-barrelled guest lists! The first commoner to marry a royal!), and the great British public responds with a yawn and a scratch.

The French had to resort to the guillotine to get rid of their royal family; perhaps ours will simply expire through lack of interest.

Personally, I hope to be out of the country on the day.