All smartphones are. There's only so much you can do to cover your track. There's most likely always someone knowing where you are if your phone is powered on (or even powered off with Apple Find My network).
Find My doesn’t actually map the device to an individual. Someone might know where the device which is currently broadcasting an ID is, but that ID rotates frequently, and can only be resolved to you using keys held against your Apple ID. The entire thing is specifically designed such that objects being tracked by Find My can’t be resolved to individuals, because the network depends upon publicly broadcasting those object’s IDs via Bluetooth.
The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
Yeah, the GPS location (of the finder device) is encrypted using the ID as encryption key before uploading to Apples servers, so unless the owner of the device actually looks for it, Apple doesn't even know who the encrypted blob they can't read belongs to.
It would be nice if the code on the device and server could be independently viewed and verified. Otherwise we need to trust the biggest corporation in the world. There are reasons why governments of the second and third great powers in the world, China and Russia, have banned Iphones for government use.
Forget about all the app and OS, maybe they're clean and maybe not.
There's also the cell layer, which constantly negotiates with cell towers for sector and power as normal idling. So they know your location at least to tower (CGI), sector and delay (CGITA) and sometimes trilaterated (UTDOA) from ~1000m down to 10m accuracy. The towers' base station controllers need to keep logs anyway, so the cell company has records of your rough location.
Then there's bluetooth, wifi, audio beacons, optical, magnetic and inertial nav, all emitting or recieving you move through the world. None of this requires GPS, some requires app participation, some doesn't.
All phones are location and surveillance devices. Leave it home if you're serious.
The positive side to tracking and a cell layer anecdote - cell layer forensics are often utilized in search and rescue contexts. I have seen this data accessed (through legal procedure in the US) and utilized to save lives of the missing and to provide closure to the families/friends of the missing.
On the flipside e.g. in Germany this has been used to track down creators of illegal graffiti, using a law that is intended for terrorism and other heavy crimes. We can allow search and rescue missions without having to also accept abuse of power.
I think I found the talk I got most of the info from [0]. The interesting parts about the law and how it was abused start roughly at 25:03, though unfortunately it's only available in German (Edit: turns out it actually does have an English audio track).
A very short summary: the law is only supposed to be used for very severe crimes and only if the investigation would otherwise be significantly more difficult or impossible. Also the owners of the tracked phones have to be notified of the tracking as it is a violation of the person's rights. In reality (at the date of the talk) it had never been used for terrorism, about 5% of the time for crimes like murder and in over 70% of the time for theft (including a case of stolen empty beer barrels), and nobody was ever notified.
Thank you, those stats of the usage seem fine on paper, maybe worse than they should be, I'm still waiting to see what parent was talking about when he inferred abuse..
Europe does need a security authority, that doesn't depend on slow bureaucracy.
All this and the parent comment means is that any tool that is useful, is equally useful for good or bad. It is yet another example showing how it's wrong to address something bad by attacking the tool used to do it.
And when the SIM card will be gone, isn’t it gone already in USA for iPhones, you won’t even have the ability to remove that SIM. And you can be tracked all the time. Because we are already there - your phone is switched of but not really switched off.
The thing about business models is they are in never-ending flux, always shifting, optimizing, and re-optomizing seeking the most profitable model(s).
If you have some business model either coincidentally or intentionally in alignment of consumer privacy, you're going to see marketing said alignment so long as it's a potential selling point (if it's not, it wont be advertised unless you can spin it).
It doesn't mean anything though. It doesn't mean that either or any business has your interests in mind. Apple executives do not care about your privacy, no matter what narrative they weave. Apple probably banked on older ideals of consumer privacy and didn't anticipate businesses that disregarded user privacy and found ways of making money out of that process would be so successful. They were behind the curve and found a way to spin the narrative that the reality is they're just here to protect consumers all along.
Perhaps they took a risk that differentiating on privacy would be more profitable years ago and are pushing it more now there's real consumer talk (a wise risk path IMHO). No matter what, it's all profit driven. At this point there could be a bit of a sunk cost fallacy and it would be pretty awkward for them to shift but that doesn't mean they won't . Consumers have shown by and large they just don't care about privacy or at least are willing to sacrifice it for other things. That's bad for Apple (and bad for consumers frankly, IMHO).
I don't buy these narratives from any business propaganda machine and you shouldn't either. When push comes to shove, if Apple is down and forced to compete and privacy protection isn't profitable or they're not in a position to explore an alternative truly competitive position, they will jump ship in an instant and mimic the rest of industry.
The only thing keeping these models at bay are a distribution of consumers that keep the competing models afloat. If Apple caves we'd rapidly go down the lack of privacy hole of spying functions until we reach legal protections. If Android caves, we'll see Apples continued model for awhile until the insatiable demand for revenue growth starts looking at initial principles like privacy as the last remaining revenue streams then we'll slowly start back with 2000s era advertising back to current and future dystopian levels of privacy invasion. The difference is just a time factor here, so long as large enough segments of the consumer market will cave to these ideals (which has already been proven).
I suppose some business could just add a line item "privacy tax" that you just pay for depending on the valuation of your privacy so to keep your privacy you clearly pay that tax so the business continues to get its expected revenue growth from said privacy invasion without actually invading your privacy. To some degree this is already baked into higher costs for many Apple products but as markets optimize I anticipate we'll eventually get to such a point, just like we have ad-free and ad-infested service options.
Maybe I don't understand your point, but isn't this similarly false equivalency? The business models are for-profit and subject to change. But despite that, right now, there is a material difference in privacy.
Also I think it a bit humorous - "privacy tax" to me is when services like Google offer services at a cost to my privacy.
> The thing about business models is they are in never-ending flux, always shifting, optimizing, and re-optomizing seeking the most profitable model(s).
Googles hasn't since the start. It's ads. Which leads to abuse and spying.
plus as anyone doing navigation with these open source phones knows, 3gpp location is embarrassingly low resolution without a supplemental source like WiFi SSID visibility, which has to be measured client-side. plus cell networks are asymmetric (SNR is higher from tower -> cell than from cell -> tower) so all else equal triangulation on the tower side should be even lower resolution.
Android isn't a device though. Airtags are tracking devices. Android phones can be used for tracking, but that's because of phones, not because of Android.
This is so crazy to see. Usually when Apple faces the public, everything is super curated to sound pro-consumer, even if its anti-consumer.
Sure this PDF doesnt venture far from it, they still paint Apple in the prettiest picture, but the terminology shows that Apple is basically doing the same thing as google but with slightly different methods to blur it. Heck, we don't actually know what is going on inside an iPhone, they could be combining accounts and sending data to Cambridge Analytica for all we know. At least with a degoogled Android, you know exactly where everything is going.
This is the classic gaslighting that I've come to expect.
> Heck, we don't actually know what is going on inside an iPhone, they could be combining accounts and sending data to Cambridge Analytica for all we know.
You have a point. Apple depends so much on security by obscurity.
That’s true of everything you haven’t compiled yourself, using a compiler you wrote and bootstrapped yourself.
There is no technical proof that any of the software or hardware we use every day is trustworthy. There is, however, incentive alignment that makes it unlikely that companies do wild and crazy things.
Still not 100% secure. Someone can MITM your connection and forge the info used to verify builds.
It’s a silly example, but the point stands: there is no 100% security for anything that any other person or system has had any access to. It’s not a reasonable standard to demand.
In the Apple world, they basically carefully redefined privacy as "anyones else besides us getting access". They put themselves as a fully trusted party for everything.
You can finally have your entire iCloud account end-to-end encrypted using Advanced Data Protection since earlier this year.
iCloud Backups, iCloud drive, passwords, health data, basically everything except specifically iCloud Mail, Contacts, and Calendar [1] is all inaccessible to Apple when Advanced Data Protection is enabled.
> Second, iCloud E2EE is woefully incomplete. When you iMessage with someone, they have iCloud Backup on by default, and non-E2EE by default, which means that approximately all of your iMessages (including all image and document attachments) will still be readable by Apple and the FBI because they are backed up twice: once from each end of the conversation.
> Furthermore, the E2EE for iCloud Photos is not designed to preserve privacy. Even though iCloud Photos now supports E2EE for the content of the photos and videos stored, the file metadata is not E2EE, and the metadata includes the FILENAME and also a unique hash of the unencrypted file content.
Yeah I wasn't sure how they claim iCloud Photos is E2EE, on your side there, but the iMessage thing is obvious, if information is leaving me it's going to someone and becomes that persons information. Not much you can do about that. ¯\_(ツ)_/¯
I did specifically choose not to mention Photos for that reason.
> if information is leaving me it's going to someone and becomes that persons information.
This is fine. Not having end-to-end encryption by default is not fine, because default plain text backups effectively removes the end-to-end encryption.
Yeah. I don't think this is done out of malice though, Apple has literally hundreds of millions of customers, not being able to restore access to the majority of these due to lost passwords would risk losing customers which they can't have.
That said I think the benefits of Advanced Data Protection should be more clearly explained to users and the feature should be more prominently presented during onboarding, both new users but also existing users when the feature was rolled out.
Same way as I square it with my MacOS/iOS having a separate tick for Apple data collection vs. everyone elses data collection and having their ad targeting and data having different defaults.
They're a corpo of hundreds of thousands, there's no feelings attached to it from their side. They'll do what makes their stock go up or the CEO will be replaced with someone who'll do the needful.
E2EE arrived very very late and is even off by default. Anybody you are messaging to is going to have E2EE off and their backup data sent to the US government for analysis (see PRISM revelations which Apple participated to). Since you can't get iMessage without iCloud (at least to my knowledge) it's one of the most problematic messaging platform out there because of that.
For Find My, since they can even locate switched off phones, that tells you all you need about how it works. I find the whole concept creepy.
I'll give you that E2EE arrived late and is off by default. But:
> For Find My, since they can even locate switched off phones
They can't. Find My is actually truly end-to-end encrypted, at least the version used for when a device is off (I'm not 100% sure how encrypted the self-reported version is for powered on iPhones with data).
Copy-pasting my summary about how Find My works from another comment in this post:
> The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
> The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
> Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
This has all been proven through [1] where they read the whitepaper (which I can't for the life of me find now but know exist because I've read it, or at least parts) and implemented OpenHaystack which proves Apple aren't lying about anything because if they did then OpenHaystack wouldn't work.
I'm aware that for airtags, the implementation should not be too bad. I'm talking about iPhone which are much more important.
They can also be tracked close to real time with their gps coordinates so it cannot be passive, the phone has to report somewhere. And it's reporting in the background, there's no indication that its doing it.
Admittedly I have nothing to back this up, but judging by how well designed Find My is in this aspect, I'd be surprised if the implementation for the self-reporting one is that much worse, I suspect the re-did it in iOS 13 when Find My launched.
Was it ever possible to access your iPhones location through iCloud.com? I know Find My Friends was available there, but I don't remember if "Find My iPhone" was.
Apple sells expensive hardware and Google sells ads and data. I agree that we will never know for sure what Apple does, but follow the incentives and you will know which company has more to lose.
It really has, Android actually has privacy controls now which they definitely didn't in 2013. Developers can't request your location 24/7 without you even being aware of it like they could 10 years ago.
The point of the slides was Google, not third party developers. I feel things have gotten worst. Google controls not only the device itself, but also most people’s browser and tools when they decide to use something else.
I guess my point is that I think even Apple likely has different policies or talking points around this now as opposed to a decade ago. Probably some more and some less troublesome than what's shown here.
I would guess is because Apple and Google have different business models, Google is an ad company specializing on collecting info while Apple is selling hardware and software.
I mean, Android is extremely invasive and Google collects a ton of data on you. That's why you don't see Elon Musk, Sam Altman, Mark Zuckerberg, Jeff Bezos, Evan Spiegel and other prominent figures use Android devices.
On a similar note, do you know any tools for version control with changes visible for something like word? There's "track changes" but the UI isn't the best.
86 comments
[ 4.8 ms ] story [ 37.1 ms ] threadhttps://9to5mac.com/2021/06/07/ios-15-find-my-network-can-fi...
The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
Which is anonymous and the identity changes every 30 minutes or an hour, I forget which.
There's also the cell layer, which constantly negotiates with cell towers for sector and power as normal idling. So they know your location at least to tower (CGI), sector and delay (CGITA) and sometimes trilaterated (UTDOA) from ~1000m down to 10m accuracy. The towers' base station controllers need to keep logs anyway, so the cell company has records of your rough location.
Then there's bluetooth, wifi, audio beacons, optical, magnetic and inertial nav, all emitting or recieving you move through the world. None of this requires GPS, some requires app participation, some doesn't.
All phones are location and surveillance devices. Leave it home if you're serious.
In general those things are not made public so that you don't have pushbacks.
A very short summary: the law is only supposed to be used for very severe crimes and only if the investigation would otherwise be significantly more difficult or impossible. Also the owners of the tracked phones have to be notified of the tracking as it is a violation of the person's rights. In reality (at the date of the talk) it had never been used for terrorism, about 5% of the time for crimes like murder and in over 70% of the time for theft (including a case of stolen empty beer barrels), and nobody was ever notified.
[0] https://media.ccc.de/v/35c3-9972-funkzellenabfrage_die_allta...
Europe does need a security authority, that doesn't depend on slow bureaucracy.
If you have some business model either coincidentally or intentionally in alignment of consumer privacy, you're going to see marketing said alignment so long as it's a potential selling point (if it's not, it wont be advertised unless you can spin it).
It doesn't mean anything though. It doesn't mean that either or any business has your interests in mind. Apple executives do not care about your privacy, no matter what narrative they weave. Apple probably banked on older ideals of consumer privacy and didn't anticipate businesses that disregarded user privacy and found ways of making money out of that process would be so successful. They were behind the curve and found a way to spin the narrative that the reality is they're just here to protect consumers all along.
Perhaps they took a risk that differentiating on privacy would be more profitable years ago and are pushing it more now there's real consumer talk (a wise risk path IMHO). No matter what, it's all profit driven. At this point there could be a bit of a sunk cost fallacy and it would be pretty awkward for them to shift but that doesn't mean they won't . Consumers have shown by and large they just don't care about privacy or at least are willing to sacrifice it for other things. That's bad for Apple (and bad for consumers frankly, IMHO).
I don't buy these narratives from any business propaganda machine and you shouldn't either. When push comes to shove, if Apple is down and forced to compete and privacy protection isn't profitable or they're not in a position to explore an alternative truly competitive position, they will jump ship in an instant and mimic the rest of industry.
The only thing keeping these models at bay are a distribution of consumers that keep the competing models afloat. If Apple caves we'd rapidly go down the lack of privacy hole of spying functions until we reach legal protections. If Android caves, we'll see Apples continued model for awhile until the insatiable demand for revenue growth starts looking at initial principles like privacy as the last remaining revenue streams then we'll slowly start back with 2000s era advertising back to current and future dystopian levels of privacy invasion. The difference is just a time factor here, so long as large enough segments of the consumer market will cave to these ideals (which has already been proven).
I suppose some business could just add a line item "privacy tax" that you just pay for depending on the valuation of your privacy so to keep your privacy you clearly pay that tax so the business continues to get its expected revenue growth from said privacy invasion without actually invading your privacy. To some degree this is already baked into higher costs for many Apple products but as markets optimize I anticipate we'll eventually get to such a point, just like we have ad-free and ad-infested service options.
Also I think it a bit humorous - "privacy tax" to me is when services like Google offer services at a cost to my privacy.
Googles hasn't since the start. It's ads. Which leads to abuse and spying.
My Librem 5 isn't.
Sure this PDF doesnt venture far from it, they still paint Apple in the prettiest picture, but the terminology shows that Apple is basically doing the same thing as google but with slightly different methods to blur it. Heck, we don't actually know what is going on inside an iPhone, they could be combining accounts and sending data to Cambridge Analytica for all we know. At least with a degoogled Android, you know exactly where everything is going.
This is the classic gaslighting that I've come to expect.
You have a point. Apple depends so much on security by obscurity.
There is no technical proof that any of the software or hardware we use every day is trustworthy. There is, however, incentive alignment that makes it unlikely that companies do wild and crazy things.
Don't forget the hardware you built yourself. [1]
1: https://en.wikipedia.org/wiki/Intel_Management_Engine
Except if your software is reproducible: https://reproducible-builds.org/
It’s a silly example, but the point stands: there is no 100% security for anything that any other person or system has had any access to. It’s not a reasonable standard to demand.
See this for what is and isn't encrypted: https://support.apple.com/en-us/HT202303
iCloud Backups, iCloud drive, passwords, health data, basically everything except specifically iCloud Mail, Contacts, and Calendar [1] is all inaccessible to Apple when Advanced Data Protection is enabled.
1: https://support.apple.com/en-us/HT202303
> First, iCloud E2EE is opt-in.
> Second, iCloud E2EE is woefully incomplete. When you iMessage with someone, they have iCloud Backup on by default, and non-E2EE by default, which means that approximately all of your iMessages (including all image and document attachments) will still be readable by Apple and the FBI because they are backed up twice: once from each end of the conversation.
> Furthermore, the E2EE for iCloud Photos is not designed to preserve privacy. Even though iCloud Photos now supports E2EE for the content of the photos and videos stored, the file metadata is not E2EE, and the metadata includes the FILENAME and also a unique hash of the unencrypted file content.
I did specifically choose not to mention Photos for that reason.
This is fine. Not having end-to-end encryption by default is not fine, because default plain text backups effectively removes the end-to-end encryption.
That said I think the benefits of Advanced Data Protection should be more clearly explained to users and the feature should be more prominently presented during onboarding, both new users but also existing users when the feature was rolled out.
They're a corpo of hundreds of thousands, there's no feelings attached to it from their side. They'll do what makes their stock go up or the CEO will be replaced with someone who'll do the needful.
For Find My, since they can even locate switched off phones, that tells you all you need about how it works. I find the whole concept creepy.
> For Find My, since they can even locate switched off phones
They can't. Find My is actually truly end-to-end encrypted, at least the version used for when a device is off (I'm not 100% sure how encrypted the self-reported version is for powered on iPhones with data).
Copy-pasting my summary about how Find My works from another comment in this post:
> The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
> The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
> Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
This has all been proven through [1] where they read the whitepaper (which I can't for the life of me find now but know exist because I've read it, or at least parts) and implemented OpenHaystack which proves Apple aren't lying about anything because if they did then OpenHaystack wouldn't work.
1: https://github.com/seemoo-lab/openhaystack
They can also be tracked close to real time with their gps coordinates so it cannot be passive, the phone has to report somewhere. And it's reporting in the background, there's no indication that its doing it.
Was it ever possible to access your iPhones location through iCloud.com? I know Find My Friends was available there, but I don't remember if "Find My iPhone" was.
Apple has always been a hardware company. Even before the ad economy online, they were a hardware company.
Google was always a "harvest and monetize data" company.
Also, how can you consider it "gaslighting" if it's a private document not intended for the public? Who are they gaslighting?
They're way past hardware.
Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media)
816 points by gormandizer on March 30, 2021 | 445 comments
https://news.ycombinator.com/item?id=34299433
There EXIST tools to do versioning of office docs, same as they do with code, but there's almost zero usage of them in offices.
https://news.ycombinator.com/item?id=38113226