Have you heard? Your iPhone is tracking your every move and, although the data of where you have been lives deep within the file system of your phone and isn’t transmitted to anyone, the fact that this data exists is a serious violation of your privacy and a danger to your very existence. Except, you know, that it isn’t, at all.
Was it boneheaded for Apple to store this information on the iPhone, unencrypted so that eggheads from O’Reilly could discover it and create a bit of a firestorm around it — absolutely. Should this data, which probably does have a legitimate and benign purpose, be encrypted on the phone for privacy concerns? Yes. Because if it’s not, people will make a big stink. Is it a danger to your very existence? Hardly.
Let’s stop and think rationally about this for a second. Assume someone wanted to stalk me and kill me. That is the fear here of privacy mongers, right? Or is it that marketers will know I went to the Gap? Because if that’s all it is, then I could care less. Here it is folks: I shop at the Gap (but more often Target).
But let’s assume someone wanted to stalk me and kill me. He’s decided that the best way to do this is to get a hold of my iPhone, grab this newly-discovered data file off of my phone, download it and pull the data then stalk me based on where I’ve been in the past. (Never mind that the most reliable data from the past that will predict where I will be in the future are the addresses of my home and workplace — both already publicly available.)
Good plan, brother, let’s see how it plays out:
Step 1: Steal my cell phone from me. Wait, why don’t you just kill me now? Here I am sitting on the metro while you are stealing my phone. Why go through all the trouble of hacking it when you can just kill me now.
Step 2: There is no step 2. The stalker has now smartly killed me without the bother of tracking me through my cell phone.
This is an extreme example of course, but the point is if someone wants data on you (to do something sinister, or something as benign as learning your shopping habits) there are much simpler ways to obtain that data than through iPhone hacking. They can find you in the real world and stalk you there, they can go through your trash, they can buy market research. In short, there are infinite ways people can find our whereabouts and almost every single one of them is much easier to execute than hacking into your phone.
My trash is full of unencrypted data. Should I stop throwing it away because it’s insecure?
What bothers me most about these types of stories is the irrational fear they create in people. Irrational fear usually stoked by 24-hour news channels and — even worse, frankly — local news producers. Take this piece of garbage for instance, which includes every local news trick in the book, including the ambush interview of a startled local mother:
(Note menacing “pedophile-type” used in screen grab above. zOMG! Think of the children!)
The basic implication here is that, if you upload your children’s photos to the internet, pedophiles will steal them and do horrible, horrible things. What a load of garbage. First off, many social networking sites — notably Facebook — strip out location data before posting a photo. Second, what actionable data is a pedophile gaining on your child through that photo that isn’t already available? Nothing. Anything actionable would have to be a fixed address, ie your home, which is already publicly available. Third, is downloading photos and manipulating its data file really the most likely scenario for a pedophile to find and steal children? No. He is much more likely to go and sit at a park to choose a victim. But that fact makes of far less interesting television news.
The fact is, we explode ourselves to potential privacy violations and threats every day just be being out and about. We don’t need our cellphones to do help us with that. Checking into FourSquare and broadcasting our location to the internet is no more “creepy” or “scary” than “broadcasting” your location to everyone who is already there through your actual presence. In fact, being there in real life is actually a greater threat than checking into FourSquare because to do real harm to you they have to be able to touch you, not simply know where you are.
So everyone just relax.