Ben Feist

  • All Articles
  • Project Apollo 17
  • A47 Headphone Amp
  • Victor Animatophone

Google, Apple: Unabashedly Reassembling Your Life

Posted on April 24, 2011 by Feist Posted in Technology

The popular media is reporting with great fervour (and it appears some surprise) that Apple has been tracking every iPhone 4 and iPad 3G sold since they were first turned on, without their owners’ knowledge. This alone isn’t very surprising given that for years experts have warned the public about the negative side of carrying a network enabled GPS with you at all times. However, what is surprising is how careless Apple is with the data. They store it in an open-text format where it’s easily found on any computer that syncs with a given iPhone. This means that companies that issue iPhones have an easily accessible, automatic log of their employees’ movements should they ever need it for an investigation for example, or if they’re ever just curious. Law enforcement agencies have already been using the file to learn the whereabouts of iPhone users.

locationprivacyApple probably wants the data for less evil purposes like developing a database of WiFi hotspot coordinates. Google first came up with the idea for this years ago when they were mapping streetview. They had the foresight to arm their vehicles with WiFi detectors that generated a database of the locations of discovered WiFi routers as they drove down every street in the world. This was a brilliant idea. It meant that smartphones would be able to triangulate their positions simply by sniffing for hotspots and sending the results to Google who would return their probable location. With this rough fix a smartphone could feed the data to the phone’s GPS receiver to speed up the GPS fix by an order of magnitude. This was an amazingly creative use of WiFi signals that Google promptly got into hot water for. It turns out that Google was careless and accidentally collected data fragments that might have been transmitted on unsecured WiFi networks as they drove past. Some claimed that this turned Google’s streetview operation into an army of wardriving vehicles–a term used in the early WiFi days to describe the nefarious search for unsecured networks.  This accusation was a red herring, but in October it was enough to make Google promise to stop sniffing WiFi hotspots with their streetview vehicles. Their promise was an empty one; Google had much bigger plans.

Distributed Wardriving

As part of the Android operating system, Google has been building and refining a robust database of the precise geographical location of WiFi routers. They have effectively turned every Android phone into a wardriving device. When an Android handset detects a wireless network, it beams its MAC address, signal strength, GPS coordinates, and the handset’s unique ID to Google servers. The result is a very complete and very up-to-date dataset of global WiFi router locations. Google has made this database freely accessible to the public and has said that it will only collect data from Android users who have explicitly given their consent.

The chances are that your home or work WiFi router is in the database, mine was (see image right).wifimap Hacker Samy Kamkar (author of the Samy Worm) has developed a site that demonstrates just how comprehensive Google’s catalog is. Simply type in your WiFi router’s MAC address and there’s a good chance that it will return its location. This data is theoretically still anonymous since it’s simply a MAC address and not a person’s name.

If we start the thought process from this point, one quickly realizes that we no longer need a GPS in order to determine someone’s location. Wireless providers have been applying this principal for years. By analysing the signal strength between cell towers and Non-GPS-enabled handsets, wireless providers keep a rough position fix on their consumers. They aggregate this data and sell it for things like traffic congestion analysis and driving route planning. This might perk up the ears of privacy watchdogs, but at least this is a matter that is directly affected by law. This is a company selling data to another company, and it’s not in the wireless company’s interest to provide unique identifiers if the data is only to be used in aggregate. WiFi router tracking has no such limitations or restrictions. Chinese citizens living in Beijing are offered no such reassurances as their government has begun using WiFi trangulation to track its citizens under the guise of easing traffic congestion.

Online Behavioural Tracking

Another form of tracking is the more widely known techniques of cookie and IP-based tracking. This doesn’t have to do with physical location, but it has to do with uniquely identifying a computer and sometimes a unique individual and applying that data to better target that person for advertising and promotions. In mid-maturity, this kind of marketing is only getting better and more precise as marketers warm to it and become more comfortable with the granularity of the data available. For example, if I login to online banking at a major bank, that bank now knows that my site cookie is really me (since I just authenticated with the bank) and can draw on a number of techniques to further learn about my habits in detail. What if this could be mixed with location-based information? Could my bank’s new iPhone app (that innocently asks to use my geolocation to help me find the nearest bank machine) start matching mobile location with the same behaviour analysis information? The bank has my home address on file to match against my geolocation. It could easily build out a profile of movement and habit to better understand whether I was a home-body or a socialite. Another example of what can be done with such data is Skyhook. Skyhook is a company currently suing Google for patent infringement that offers a plethora of services based on massive geolocation and online activity data. From their website:

SpotRank predicts the density of people in predefined urban square-block areas worldwide at any hour, any day of the week. Developers and advertisers can use this groundbreaking behavioral intelligence data to serve location-based content and ads in cool new ways never envisioned before.

Apple and Google could go much further with the data at their disposal.

Putting it All Together

Let’s look at the data that Apple and Google each have at their disposal:

  • Precise information on the when and where of the movement of  their customers.
  • A database of  the location of WiFi routers by MAC address that is being constantly updated that they can use to connect wireless and wired behaviour.
  • Network access data. Google knows what everyone searches for by IP and by cookie.
  • Credit card data. As of March 2011, Apple has over 200 million active credit card numbers on file each attached to an apple ID, which you have to have associated with your iPhone in order to use the app store.
  • Search history data (even via so-called Private Browsing).
  • IP and geolocation account login data (either through Gmail or me.com in Apple’s case).

What could one do with all of this information if it was used together? A lot.

With the ability to track the movement of non-GPS devices the concern spreads to the profiling and tracking of laptops and other WiFi enabled devices. If I connect my Apple Macintosh or WiFi-only iPad to my home WiFi router, Apple is immediately able to match my router locale with my iTunes Apple ID which contains my credit card information including my mailing address. They instantly know that I’m at home. Using basic data analysis they could easily determine my likely place of employment. For example, if iPhone connects to my secure office WiFi router every day during business hours it’s probably a good guess that I’m at work. A better way would be to reverse this data analysis: get the AppleIDs of all users who connect to the same secure office WiFi router, analyse those Apple accounts and look for things in common. Using such methods Apple could learn about their customers down to the punch-clock detail of their work habits and the routines of their entire life profile.

Apple is already doing this and the public has agreed to it. The Apple iOS4 End User License Agreement (EULA) contains the following passage:

When you interact with Apple, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Apple products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue.

And

Apple may provide certain services through your iPhone that rely upon location information. To provide these services, Apple and its partners may collect, maintain, process and use your location data, including the real-time geographic location of your iPhone. By using or activating any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ collection, maintenance, processing and use of your location data to provide you with such services.

Google could do the same and more using Gmail accounts configured on iPhones, IPs and Android phones scanning at the network level. In Google’s case they wouldn’t only know where I was but they would be able to draw on the contents of my mail and by search history to get a better idea of who I was and what I was interested in. It only took one Android phone to geotag my home WiFi hotspot leaving every device that connects to it from now on susceptible to geotagging. Browsers like Safari and Chrome that have options to determine my location for better search results are able to report back additional data on web browsing activity including every google search, every Gmail login etc.

Now don’t get me wrong, I have very little faith that either Apple or Google are organized enough to use this data efficiently to create a digital Big Brother state. I joked at work that there should be an Onion article written: Foursquare Addict Outraged to Discover iPhone Tracking their Location. I’ve pointed out in previous articles that the public freely gives up more information about themselves now than ever before. The public would do well to stop and consider the creative ways that minds at Apple and Google can reassemble that data to reverse engineer their lives.

“Don’t be evil” is Google’s informal company mantra. Some may see their Android data collection policy as evil, but the public’s definition of evil is changing rapidly. Apple has no such mantra.

@benfeist on twitter

Tweet
« Phil Zimmermann at SxSW
Digitizing Apollo 17 Part 1 – Discovering Apollo »

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • From Apollo 17 to NASA May 20, 2019
  • Digitizing Apollo 17 Part 16 – New Apollo17.org, 44th Anniversary Edition December 11, 2016
  • Digitizing Apollo 17 Part 15 – Apollo17.org v1.0 Launched for the Mission’s 43rd Anniversary December 2, 2015
  • Digitizing Apollo 17 Part 14 – A Fantastic Reception September 8, 2015
  • Digitizing Apollo 17 Part 13 – Apollo17.org – Alpha Release v0.1 March 23, 2015
  • Digitizing Apollo 17 Part 12 – YouTube Channel of Complete Mission February 13, 2015
  • Digitizing Apollo 17 Part 11 – More mission audio released by NASA December 14, 2014
  • Digitizing Apollo 17 Part 10 – Manual Transcript Corrections Completed! April 5, 2014
  • Digitizing Apollo 17 Part 9 – The Trip Home March 10, 2014
  • Digitizing Apollo 17 Part 8 – Changing The Clocks January 27, 2013
  • Digitizing Apollo 17 Part 7 – Listening in Real Time December 22, 2012
  • Digitizing Apollo 17 Part 6 – Timeline Reconstruction December 19, 2012
  • Digitizing Apollo 17 Part 5 – Python Processing April 30, 2012
  • Digitizing Apollo 17 Part 4 – Technical vs Public Affairs Office April 15, 2012
  • Digitizing Apollo 17 Part 3 – New OCR Techniques March 30, 2012

Categories

  • How-To (4)
  • Project Apollo 17 (17)
  • Technology (5)

Pages

  • All Articles
  • Home
  • Project Apollo 17
  • test

Categories

  • How-To (4)
  • Project Apollo 17 (17)
  • Technology (5)

Archives

  • May 2019 (1)
  • December 2016 (1)
  • December 2015 (1)
  • September 2015 (1)
  • March 2015 (1)
  • February 2015 (1)
  • December 2014 (1)
  • April 2014 (1)
  • March 2014 (1)
  • January 2013 (1)
  • December 2012 (2)
  • April 2012 (2)
  • March 2012 (2)
  • February 2012 (1)
  • April 2011 (1)
  • March 2011 (1)
  • January 2011 (1)
  • November 2010 (1)
  • February 2010 (1)
  • July 2009 (1)
  • February 2004 (1)
  • July 2003 (1)
  • November 2002 (1)

Recent Comments

  • Feist on Digitizing Apollo 17 Part 1 – Discovering Apollo
  • Feist on Digitizing Apollo 17 Part 16 – New Apollo17.org, 44th Anniversary Edition
  • Walter on Digitizing Apollo 17 Part 16 – New Apollo17.org, 44th Anniversary Edition
  • Patrick on My Victor Animatograph Corporation Animatophone Model 40, Type 13
  • Randall St Pierre on My Victor Animatograph Corporation Animatophone Model 40, Type 13

Tags

3COM 16mm ABBYY FineReader 11 Adobe Premiere Advertising ALSJ Amplifier Animatophone Apollo Apollo 17 Apple Audio Canada Circuits DIY Encryption Film FineReader 11 Fix Google Hard Drives Headphone Amplifier Headphones HomeConnect Innovation Jack Schmitt Mobile PGP Phil Zimmerman Privacy Processing Projector Python Regina Security Soldering Spacelog Streetview SxSW Transcript Transcripts UNRAID Victor Corporation WIFI
© Ben Feist