Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The location/timestamp concerns are only relevant when my phone has been stolen or somebody has unrestricted access to my computer. At that point, location tracking is only one of many many terrible things that can happen to me, and frankly it's nowhere near the most terrible. And if I'm concerned about somebody tracking me, I'm going to be most concerned about the last 7 days, not the past year. If you're concerned about the government tracking you for longer than a year, they easily have access to that data without your ever knowing they looked.

The solution is to properly protect your data on your phone and your computer.



Your solution is asinine, as I have little way to protect my "cache" of goods... it's unencrypted both on the device and in the backups (though you can encrypt backups now, there might be previous computer backups of mine that have unencrypted location data, now I have to go find and excise those).

Any malicious desktop tool can easily find the location cache in unencrypted backups. Modern Police Forensics tools (http://www.cellebrite.com/) can easily extract non-encrypted data from phones in minutes (see Michigan Police).

That Apple stored this growing set of user-data in cleartext on the device was as stupid as Sony storing their customer's personal information in cleartext (or weakly hashed) on their servers.

Either bit-recycle the information that's not immediately relevant, or strongly encrypt/sanitize it. This shit isn't rocket-science, folks. Otherwise it's a liability and potential PR nightmare in the making.

We're now still in the "wild west" of personal data records. Once these issues start to snowball and real-life consequences happen, people will clamor for litigation, which given politicians will be over-reaching and ham-fisted.

Corporations with hundreds of millions of users' personal data should stay in front of these issues unless they want to wade in a regulatory mess (see Google's mis-steps with wifi packet data).


I'm sorry, but my solution of "protecting your data" is "asinine"?

You also say that you have little way to protect your data, and then in the next sentence tell me how to do it.

Are you really trying to evaluate the situation, or are you more interested in attempting to criticize in any way that you can stretch words?


As of right now, anyone with an iPhone can have their localization data ripped from their device in less than 5 minutes via cellebrite. It could be a coworker, police office, or immigration official.

How is that secured?


You need more than 5 minutes, you also need access to the computer associated with the phone: http://www.cellebrite.com/images/stories/support%20files/App...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: