the great privacy panic

From O'Reilly: A visualization of iPhone location data (ZOMG! You live on the East Coast!)

Have you heard? Your iPhone is tracking your every move and, although the data of where you have been lives deep within the file system of your phone and isn’t transmitted to anyone, the fact that this data exists is a serious violation of your privacy and a danger to your very existence. Except, you know, that it isn’t, at all.

Was it boneheaded for Apple to store this information on the iPhone, unencrypted so that eggheads from O’Reilly could discover it and create a bit of a firestorm around it — absolutely. Should this data, which probably does have a legitimate and benign purpose, be encrypted on the phone for privacy concerns? Yes. Because if it’s not, people will make a big stink. Is it a danger to your very existence? Hardly.

Let’s stop and think rationally about this for a second. Assume someone wanted to stalk me and kill me. That is the fear here of privacy mongers, right? Or is it that marketers will know I went to the Gap? Because if that’s all it is, then I could care less. Here it is folks: I shop at the Gap (but more often Target).

But let’s assume someone wanted to stalk me and kill me. He’s decided that the best way to do this is to get a hold of my iPhone, grab this newly-discovered data file off of my phone, download it and pull the data then stalk me based on where I’ve been in the past. (Never mind that the most reliable data from the past that will predict where I will be in the future are the addresses of my home and workplace — both already publicly available.)

Good plan, brother, let’s see how it plays out:

Step 1: Steal my cell phone from me. Wait, why don’t you just kill me now? Here I am sitting on the metro while you are stealing my phone. Why go through all the trouble of hacking it when you can just kill me now.

Step 2: There is no step 2. The stalker has now smartly killed me without the bother of tracking me through my cell phone.

This is an extreme example of course, but the point is if someone wants data on you (to do something sinister, or something as benign as learning your shopping habits) there are much simpler ways to obtain that data than through iPhone hacking. They can find you in the real world and stalk you there, they can go through your trash, they can buy market research. In short, there are infinite ways people can find our whereabouts and almost every single one of them is much easier to execute than hacking into your phone.

My trash is full of unencrypted data. Should I stop throwing it away because it’s insecure?

What bothers me most about these types of stories is the irrational fear they create in people. Irrational fear usually stoked by 24-hour news channels and — even worse, frankly — local news producers. Take this piece of garbage for instance, which includes every local news trick in the book, including the ambush interview of a startled local mother:


(Note menacing “pedophile-type” used in screen grab above. zOMG! Think of the children!)

The basic implication here is that, if you upload your children’s photos to the internet, pedophiles will steal them and do horrible, horrible things. What a load of garbage. First off, many social networking sites — notably Facebook — strip out location data before posting a photo. Second, what actionable data is a pedophile gaining on your child through that photo that isn’t already available? Nothing. Anything actionable would have to be a fixed address, ie your home, which is already publicly available. Third, is downloading photos and manipulating its data file really the most likely scenario for a pedophile to find and steal children? No. He is much more likely to go and sit at a park to choose a victim. But that fact makes of far less interesting television news.

The fact is, we explode ourselves to potential privacy violations and threats every day just be being out and about. We don’t need our cellphones to do help us with that. Checking into FourSquare and broadcasting our location to the internet is no more “creepy” or “scary” than “broadcasting” your location to everyone who is already there through your actual presence. In fact, being there in real life is actually a greater threat than checking into FourSquare because to do real harm to you they have to be able to touch you, not simply know where you are.

So everyone just relax.

Related Posts Plugin for WordPress, Blogger...
2 comments
  Livefyre
Newest | Oldest
Lance McCord
Lance McCord

I agree with your general skepticism about data privacy alarmism, but I think you're missing a pretty important distinction between the information on your phone and the information that can be gleaned by following you around or digging through your garbage. There is no Google for garbage (yet), and following people to track their location becomes cost prohibitive if you try to scale it up. This real-world information is not easily indexable or searchable....

...without the help of a million iPhones secretly logging your every move. Suppose someone exploits a security flaw in the iPhone or iTunes and, say, 10% of iPhone users' historical location data leaks. Buy that data and some database software and you'll have an index showing when thousands of people in any major metro area typically aren't at home. Or whose personal phones might be a good vector for getting inside a corporate or governmental firewall. You could get that information from staking out houses or rifling through garbage, but it would take many thousands of times the person-hours required to build the right SQL query.

I'm sure Apple's deepest regret is that they created the conditions for bad PR, but there is a real issue here. Don't get me wrong: I choose to store location-based data about myself and in some cases make it public. But that is always through opt-in services (as far as I know) and subject to privacy policies that detail what the vendor will and won't do with my data. I'm definitely not freaking out about the fact that this kind of data exists. I just think you are skipping past some important distinctions between potential massive privacy breaches and subway muggings.

David Connell
David Connell

Thanks Lance,
Thoughtful comments as always. You're right, I hadn't really considered the scale factor here. For me, this post is really a reaction to people expressing largely unfounded concerns about the personal privacy -- or more accurately blogs and media hyping a personal privacy concern that doesn't really exist.

I like the counterpoint you're making about how this data could be used at scale, but I'm skeptical. That seems like a fairly far-fetched scenario to me. I sometimes think we give the bad guys more credit than they're really due when it comes to sophistication and creativity. I always think, "Why go through all that trouble, when they can just buy a bot Army off the internet?"

All of that said, I think Apple was irresponsible in not putting better security around this data file, it should not have happened and they should move to fix it. Like you, I am sure they view this more as a PR issue than a user/security issue, which is a shame.

Thanks so much for the great comment and for reading!