[liberationtech] iPhones/iPads secretly track 'scary amount' of your movements

Ian Gallagher crash at neg9.org
Thu Apr 21 11:51:41 PDT 2011 

As Rafal mentioned, it's certainly not only the iOS devices responsible for recording and retaining this data - here's a quick example that someone put together to demonstrate that similar data also exists on Android phones:
https://github.com/packetlss/android-locdump

I wouldn't be at all surprised if most other phones log and retain similar information on the client-side.

--
Ian Gallagher

On 19:26 Thu 21 Apr     , Frank Corrigan wrote:
> Thanks for the cellebrite.com info, they are mentioned in an article
> posted today which notes that ACLU has submitted 70 Freedom of
> Information requests to Michigan Police, but still without disclosure
> about it's use of cellebrite technology
> 
> Cops refuse to say if they secretly snarf cellphone data
> http://www.theregister.co.uk/2011/04/21/police_cellphone_searches/
> 
> ACLU reportage:
> 
> iPhone? More Like iSpy!
> http://www.aclu.org/blog/technology-and-liberty/iphone-more-ispy
> 
> Frank
> 
> 
> ----- Original message -----
> From: "Rafal Rohozinski" <r.rohozinski at psiphon.ca>
> To: "Liberation Technologies" <liberationtech at lists.stanford.edu>
> Date: Wed, 20 Apr 2011 22:51:53 -0400
> Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
> amount' of    your movements
> 
> It's not just iPhones that record vast amount of data that can be easily
> geo-located and reconstruct  person's movements,  networks, and personal
>  communication - any cell phone going back 15 years stores  data through
> log files, message  and SMS traffic that can be reconstructed and
> retrieved to create pretty comprehensive profiles of usage and location.
>  Devices that do forensic extraction (UFED) are quite widespread and in
> use throughout police forces intelligence agencies as well as  most
> cellular carriers  around the world. For those of you for whom  this is
> a revelation, I'd advise you to take a look at this website of a leading
> provider of UFEDs.  There are some interesting videos, and once you're
> done,  take a look at where this company has  it's permanent
> representatives.
> 
> http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
> 
> Time for a reality check. Mobile phones are essentially digital dogtags
> so if you're concerned about  the ability they have to track your
> movements and  communications -  do like Osama, use  exclusively
> off-line means through trusted intermediaries.  Otherwise  accepting
> that cell phones are  a risk to privacy is just  the flip side of the
> convenience that these devices bring.  With or without Apple  networks
> are essentially  spiderwebs    -  that's the essence of modern signals
> intelligence. 
> 
> It's worrisome that there are a lot of myths   among the activist
> community about cell phone security. True, you can "drive up the
> negatives" and make it  more difficult for a casual actor to scan or 
> obtain PII  from your  phone ( so I  I agree with Nathan) -  but if
> you're up against  well resourced opponents, most of these tools  plain
> ineffective and their very presence on your phone may be more of a
> giveaway that  actually makes you more  of a a target of interest.  
> Unfortunately security is not a product or something you can buy
> shrink-wrapped in code.  Its practice and process  and  ultimately comes
> down to the risks you're willing to take in the service of an objective 
> or cause.  And if you want to play in the big tent, it's  good
> old-fashioned tradecraft and not better toys that make a difference.
> 
> Rafal
> 
> 
> 
> On Apr 20, 2011, at 5:43 PM, Frank Corrigan wrote:
> 
> > 
> > I am aware of the general principle of mobile phone tracking, it is just
> > that most people assume this data is only accessible via cell tower
> > providers or via a court order/lawful request, not recorded on the
> > device itself and accessible in an easy to read format to anyone who has
> > access and inclination or has impounded it for law enforcement purposes.
> > I suppose it's a bit like the Windows IE index.dat files. Now of course
> > anyone crossing a USA border can have such devices taken away and such
> > location data easily copied for later in-situ analysis.
> > 
> > Frank
> > 
> > ----- Original message -----
> > From: "Nathan Freitas" <nathan at freitas.net>
> > To: "Frank Corrigan" <email at franciscorrigan.com>, "Liberation
> > Technologies" <liberationtech at lists.stanford.edu>
> > Date: Wed, 20 Apr 2011 16:20:13 -0400
> > Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
> > amount' of    your movements
> > 
> > On 04/20/2011 03:55 PM, Frank Corrigan wrote:
> >> More reasons for activists/protesters in hostile (ordinary) environments
> >> not to bring along their mobile phone, latest cell connected gizmo.
> > 
> > ... and return to megaphones, flags, smoke signals, carrier pigeons and
> > frantic arm waving instead? If our ordinary environments are truly
> > hostile, then either we give up ever using a mobile phone, or we find
> > some way to address the problem.
> > 
> > Don't get me wrong, this latest revelation on mobile privacy is indeed
> > scary, and Apple better fess up. I just think we can fix these issues,
> > instead of allowing them to be disempowering.
> > 
> > In this case at least, turning your phone into "airplane mode" would
> > have stopped the phone from broadcasting its availability to and
> > registering with mobile towers. This would stop the active triangulation
> > of your location from being logged into the local iOS database.
> > 
> > I have an "airplane mode" icon on my Android phone home screen. Anytime
> > I am not expecting an important call, or am reachable by another means
> > (email, IM, irc), I generally activate it. Not only does it reduce my
> > location footprint data trail, but it also saves quite a bit of battery
> > life!
> > 
> > I also like Google's Latitude Dashboard which encourages user to really
> > "own it" when it comes to mobile location data tracking. They have a
> > really pretty UI, charts, etc, that can show you how many minutes a day
> > you spend at home, the gym, work or your local pub. Their point is that
> > if government and mobile phone operators already have this data, why
> > shouldn't you (the user and human being tracked) also benefit from it?
> > 
> > https://www.google.com/latitude/history/dashboard
> > 
> > All in all, we shouldn't cede the advantage technology can bring to the
> > movements and causes we care about because developers at Apple and Skype
> > (see their recent issue with Android app data permissions) are clearly
> > make very bad decisions about how they implement their closed-source
> > software.
> > 
> > Best,
> > Nathan
> > 
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> > 
> > Should you need to change your subscription options, please go to:
> > 
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > 
> > If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> > 
> > You will need the user name and password you receive from the list moderator in monthly reminders.
> > 
> > Should you need immediate assistance, please contact the list moderator.
> > 
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
> 
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 203 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110421/4bf49623/attachment.sig>

More information about the liberationtech mailing list