Apple is not some egalitarian firm that worries about your privacy and you are an asshat to think that you should trust your privacy to them or any other corporation.

If you really think that your information is unimportant and that there are no unintended consequences to analyzing your activity then I suggest you wake up.

Based on your phone and internet activity a lot can be gleaned about you and its important to realize that (if you live in the USA) there are people who will take it out of context and use this information against you.

If consumers continue to reward this type of bad behavior from manufacturers and service providers they will continue to get bolder and collect even more in depth information about you.

If however you prefer your privacy then quit patronizing spyware services like google, yahoo, and now Apple and pony up for a secure service provider and a secure electronics company that is only interested in protecting you (The Consumer).

Jhrubes

Thats their business and has nothing to do with my hardware. Thats like saying ok buy my remote but the batteries that come with it are duracell and it can only use Duracell batteries. Duracell pays the remote manufacture to say that. So there for if you use cheaper or better batteries then you are stealing.

I think its BS, its not stealing.

However It is clearly defined in the terms of service that you agreed to when purchasing the iPhone that you wouldn't monkey with it. So there for you are breaking the terms of service.

I would still argue that it is not wrong, because I believe that the T.O.S. is wrong, these things are utter bullcrap and should not be allowed, there is no service going on and a license agreement should not be required for a piece of hardware.

Warranties are another thing altogether if I want to fuck with my shit then fine Ive got now warranty.

Anyway you get the point

Adam Shegrud

xxdesmus

MINI Driver

Cleverboy

xxdesmus

#1. QUERY: What significance can Apple's choice to use an IMEI number have for users?
TIN-FOIL HAT ANSWER: By using the IMEI, Apple can match this with its customer record and thus catalog your personal weather interests and stock requests.
#2. QUERY: Don't companies like Yahoo and Google already catalog such information when you're logged in?
TIN-FOIL HAT ANSWER: Well, there's no proof that they combine queries with personal account infomation.
#3. QUERY: Don't features like "search history" with Google demonstrate that this ability is not really a hypothetical possibility but a cold reality?
TIN-FOIL HAT ANSWER: Well, they require approval before actively using them.
#4. QUERY: So, we have proof Apple combines queries with personal account data? Any indication that this system doesn't simply say "yes/no" as to whether the number is valid? Who's to say it doesn't run something of a server-side validity checker, like ecommerce sites use for credit card numbers?
WEAK ANSWER: Well, nothing really... look, it just reeks, okay? Let's just dump on them and raise a real stink!
#5. QUERY: Why? I'm losing the thread of menace...
TIN-FOIL HAT ANSWER: Well... phones are just personal! Companies shouldn't even open the possibility of deriving usage habits from such unique identifiers.
#6. QUERY: But wasn't the iPhone plan with AT&T criticized for sending huge data usage reports? Don't all carriers record network usage... mostly to charge you and have proof of your usage for such unreasonably huge bills... y'know, like those International users that got walloped a few weeks ago?
TIN-FOIL HAT ANSWER: Well... uh... okay, its like this... its OK for the carrier, but not for Apple. Apple's the manufacturer... not the service provider.
#7. QUERY: Wait, but aren't you accessing a service from Apple when you use the finance and weather system? Isn't that free service predicated on having an iPhone? Isn't a "free" service still a service?
TIN-FOIL HAT ANSWER: Well... uh, you shouldn't be forced to have multiple service providers on a phone. Most phone's only use one service and...
#8. QUERY: Well that's certainly untrue. Take Helio for instance. They're an MVNO. They use Sprint for voice and Verizon for data services. You don't know how many companies have records of your network activity at the end of the day.
TIN-FOIL HAT ANSWER: T-that's not a question.
#9. QUERY: Yeah, I'm done with you.

Cleverboy

Kaiser-Machead's LEGO WALL-E

dh7368

So if everyone would jump off a cliff, would you, too?

There is a simple thing companies could do to prevent people from having problems with data collection issues like this. ASK FOR OUR FRIKKIN' PERMISSION FIRST!

All the privacy experts have been saying that for years, and yet nobody ever listens to them. How difficult it really is to put a simple opt-in mechanism on these things really?

Pixelantes Anonymous

ANoel

What are the privacy and privilege implications of using services that scan your data?

Google and Apple are third-parties. Most legal privileges are dependent on the absence of third-parties for the preservation of the privilege. If I email a motion I'm working on through GMail which scans my Word document, is the document still covered by the privilege for "attorney work product"? What if the client emails me with either GMail or it gets forwarded through an iPhone?

As it is, if my adversary has a conversation with his client on a cell phone while at court, I can be a prick and demand disclosure of what was discussed. No one does it because lawyers need cell phones. Nevertheless, it is an issue.

There are important issues that pertain to business that go far beyond "tin hat conspiracies".

OMG! Ponies!

bdkennedy1

The list is inclusive, not exclusive, uses vague modifiers like "related information", and, in the list of sources of data, Apple already admits that it will include not just the iPhone, but also the computer it syncs to, as well as the system (which arguably could include networked computers) and applications and peripherals.

The only saving grace is that if it included an identifier, the consent to use the information is void. At least that's my interpretation of "as long as it is in a form that does not personally identify you" as set off in a clause separated by commas.

Arguably, one could argue that, if Apple aggregates the information including an identifier, it may do nothing with the data - not even sell it to third-parties - because increasing revenue ultimately aids Apple in improving its products or providing services or technologies.

I don't know about the rest of the country, but in New York, contracts and other agreements are construed against the drafter. If Apple is using IMEI, it has to destroy the data because it cannot use the data for anything.

OMG! Ponies!

tchangtx

Stevie is no better/worse than any other selfish asshole CEO. At least his products are kinda cool and often useful.

Stevie.

banmojo

Does it matter if "everyone" does it if its wrong? Well, it actually gives it CONTEXT to know what's actually going on. THEN you can decide how to criticize it either from a company perspective or an industry perspective. If all your employees take a grape from the produce section of the supermarket on their way to break, it makes you look like a completely brain-dead idiot to chastise the one... when "right" or "wrong" isn't even especially clear and expectations vary from store to store.

Cleverboy

Apple did something like this not long ago and learned their lesson to make sure people understood that any information transmitted is not retained. So it's likely now this is out, they will clarify. If they don't, then one has to wonder.

leicaman

That said, if you already bought a device that (supposedly) requires service with AT&T, clearly you are a person that is not concerned about these sorts of ethics.

Monty

P3nnst8r

And I agree, this is by far the best photoshop job on Giz..ever.

Kaiser-Machead's LEGO WALL-E

Personally, I think the "clear text" username/password issue with Apollo and MobileChat should get much much more coverage than Apple ok'ing a weather request using a mobile mac address. But, that's just me. The idea that some poor folks still have their Google or AOL username/passwords open to the world to grab, seems far more chilling whether on the iPhone or on the users' desktop sync folder.

Cleverboy

The key here is what Apple's iPhone privacy policy says. I haven't seen it since I don't have an iPhone. But assumedly the policy would state what information Apple tracks and what they do with it. Such privacy policies are required by law.

I'm sure that Apple would first use the data from this sort of tracking to look for trends that would allow optimization of the network and back-end systems. That'd be the engineering department. Then someone in marketing will go "Wait, we can tell every stock an individual customer checks?" and have a financial orgrasm and demand engineering hand-over absurdly detailed reports for every customer.

Jeff the Riffer

imTheKing

Loremaster101

selljb

Penchum

Cleverboy

Apple doesn't know. Or at least it shouldn't know.

UnnDunn

Cleverboy

Isn't the question NOT about "proof" that phones record the websites you access, but whether or not the networks (whether CDMA or EDGE) will hand that data over to the government without a court order OR whether they send the records to us in large booklets without being asked to? I thought we were past the question of whether cellphones record activity that is personally identifiable to the account holder. Did I miss something? I'm banging my head here.

Moreover, if you're visiting Apple's website for stock quotes and the weather, and Apple is refusing service to non-iPhone requests, that seems an altogether different argument than "spying". The accusation makes little sense without proof that Apple is actively pooling the data (which Google also claims not to do). None of this is new. That's the whole point.

Cleverboy

That pix almost made me spit my coffee all over my desk - love the eyebrow

tamoko

Actually better than the story - sure it'll be useful on another posting sometime.

MINI Driver

Holy shit I just got my phone bill!

THEY KNOW EVERY NUMBER I CALLED!!!

TORCHWOOD

strider_mt2k

yayaja67

gizmo_dude

ANoel

Jesus Diaz

Also, if they used a personal ID, like name or SSN, that would violate your privacy. But using the ID they assigned to your device, not the user, does not. The same is true of credit card companies re: your purchases. True, they could use the IMEI to identify you personally, but there's no evidence of that.

sumocat

Jesus Diaz

I agree with Stickystyle - time to get in touch with reality.

Dancing Milkcarton

Cleverboy

Back to the topic though... Its funny... someone could do a rather amusing article titled "How our phones phone home." And delve into completely ignored nature of network privacy in the mobile industry. No one points out the fact that until recently AT&T was giving people itemized records of ALL their network activity. Pssst... they know it was you, isn't that scarey? Now, people are wetting themselves that in the event one is using WiFi, and accessing Apple's domains servicing the stocks and weather widgets... that somehow Apple has more data than they wanted Apple to know.

It sounds quite retarded.

Cleverboy

This probably got one because some manager said to some programer,
Boss: 'Hey, I only want people that have official iPhones using our widgets.'
Programer (to himself): 'Crap, what can I use to uniquely identify these phones...Ah! the IMEI!'

Same discussion probably took place right before a MAC address was used to tie a computer to a serial number, however MAC's are easily changed (programmer didn't think about that at the time), IMEI's are not.

stickystyle

Penchum

secretasianmang

It is this kind of "weak stream" attitude that will let them get away with whatever they want. Really now, should you make the assumption that since you have no evidence or knowledge that they "do anything" with the information, that this means they don't, or won't? Or should you make the assumption that since they HAVE it and a hacker has figured out how they got it (a rather hidden from view method), that it is possible it is not being used correctly within the constraints of the ToS? The phone's unique identifier is easily linked to YOU, a person. The temptation is THERE to do things outside the constraints of the ToS! They only have to do it. It would be better if they couldn't link anything to a person because they don't have data to do it with! The temptation to do so would not exist.

Penchum

You can be certain other phones are doing the same thing... especially if you're using Verizon CDMA... at that point, everything that you do on the Internet is being recorded, and the IP address assigned to you can be matched to the time for which it was leased to you. A unique identifier isn't really necessary if the phone doesn't have WiFi. If your phone DOES have WiFi, then the question becomes... how do they support services to you if they don't know that you're an active customer?

I guess they could have gotten round this differently by encrypting the IMEI number, but ultimately, that number sits on the back of your phone no matter what, so encrypting it doesn't really do much security-wise, and... as Apple needs to match it against their database in the interests of providing service, once "matching" is necessary, it wouldn't take much for them to decode the IMEI string based on an encrypted match with their clear-text IMEI (like any MD5 lookup available on the web).

So... YES, I can see how Apple would need to do this. Going off of EDGE network access would be stupid with WiFi. The only thing they could have done is gone out of their way to HIDE what they were doing, by note using tokens called "IMEI" or some such. The main question, is whether they are simply using a valid IMEI to provide service, or whether they cross-matching your personal data using your IMEI.

This is more a QUESTION than an INDICTMENT.

Tin foil hats.

Cleverboy

I don't own an iPhone if the TOS pasted by omg-ponies is real, then I don't think Apple is doing anything illegal since they stated that data from the application software may be used by them. So basically, everyone who bought the phone and agreed to the TOS already agreed to this. It's just all too common in this day and age.

OtterKing

I know Apple makes money on the sale but they are also sharing the revenue with AT&T. This revenue is now being redistributed to another wireless carrier.

Any thoughts?

yoshi

"and Apple covers his back with their license"
Interesting choice of grammar!

packetsniffer

Penchum

Palestina

@Tommo_UK: No, it's not like that. First, you are making that explanation up. Then, apparently this happens when you try to access more information on any stock using Safari.

It may or may not be for nefarious purposes -I don't care about their reasons- but there will be people who won't like Apple knowing what they are looking at or storing that information for later datamining. Knowing what your user base is looking at, cross-referenced with specific income, address and other personal information gathered at the iTunes registration, is an extremely powerful combo for data mining applications (and marketers.)

Now, myself or you may not give a damn about this, and nobody knows what this information is used for or even if it's stored or not. I don't care.

The questions is: is this right? I think not. And is it necessary (from a technical point of view)? Nope.

Jesus Diaz

kasra007

Valis

valis

The point is not that Apple knows if you are surfing for the weather or stocks, the question is should I be warned? or, can I officialy cancel it?

Valis

valis

Is that really so nefarious? Christ, some of you really need to get a grip.

Tommo_UK

Storing cookies, which can be eliminated and avoided, is not even in the same universe as this.

Jesus Diaz

Consent to Use of Non-Personal Data: You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your iPhone, computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the iPhone Software, and to verify compliance with the terms of this License. Apple may use this information, as long as it is in a form that does not personally identify you, to improve our products or to provide services or technologies to you.

Looks like Apple stopped reading the ToS a little early.

OMG! Ponies!

ggore