Wednesday, April 27, 2011

Security: Sony, Apple and Android

It's been a hell of a week for security.  When I say this, I mean in the news.  The mess continues whether or not there are articles.


Security researchers discovered a file on the iPhone that stored location information.  Apple claims they aren't tracking their users, which is odd, as there is all sorts of location information in that file.

The beast himself, Steve Jobs, admitted that Apple `made some mistakes in how it handled location information', but it wasn't tracking its users.  The file appears on both the iPhone and the iPad.

Mr. Jobs states that this was a bug and that a fix is forthcoming.  The fix will keep the location cache to seven days.  It will also fix the `bug' that didn't allow users to turn off location tracking.

If I were an iDevice user, I'd be asking myself how a file with a year's worth of locations is a mistake.  And why does the `fix' keep seven days' worth of the user's locations on the phone?


Not to be outdone, Google mentioned that they too keep location infomation (i.e. track their Android users).

Now let's face it, folks... it's a safe bet that we're being tracked.  Only the reasons change.  Leaving privacy aside for a moment (like the NSA), your location is very valuable to advertisers.  All of this data is going into databases to allow more targeted advertisements to be served to you.  Surprised?  You shouldn't be.

Imagine driving by a store and having an ad for that store appear on your phone.  It's an advertiser's wet dream.  Mobile advertising could be a $2.5 billion industry as of 2015.

As the last shreds of privacy have leaked from your phone.

In the interest of disclosure, I own an original Droid and I am not happy with this news, although it comes as no surprise.

Sony Baloney

Sony admitted that a hacker has obtained the personal information of PlayStation Network account holders.  In other words, the hacker now has your credit card number and personal data that you gave to Sony for safe-keeping.  And it took Sony a week to report the break-in.

As a result, the entire network has been down since April 20, while Sony does forensics and rebuilds.

Sony has suggested that people review credit card statements for fraudulent charges.  Allow me to go one step further: if you have an account with Sony, call your card issuer and ask them what to do.

Is This a Handbasket?

Why yes it is!

Technology is a wonderful thing but each advance comes with the near guarantee that it can be used against you.  While you're reading this, Blogger has put your IP address, country of origin, browser and operating system into the stats for this blog.

Don't tell me you don't care.... that's as invalid as the argument that you allow the search of your property because you have nothing to hide.

I'm not for a single person being tracked or hacked but I think the wide press coverage of these three announcements can be used for good.  People are too trusting (some would say too stupid), even after all we've read and been through.  We need to wake up and realize that:
  • nothing is free
  • we will be sold to, regardless of platform
  • we will be tracked, by advertisers and our government
  • companies need to answer for this behavior
  • we need to ask the hard questions before spending our money

I really want to hear your comments on this.  I also want to leave you with a question:

What about OnStar and other in-car wireless products?


    1. You arse is being tracked. It's the new millennium. Welcome to 1984 a couple decades late. I'm glad I don't use none of that thar new-fangled techie stuff. There ain't no OnStar on my '82 pick-em-up truck. And I'd like to see 'em track my stringed up Campbell's soup cans.

    2. Things I don't...

      I don't drive a car that has on-star technology in it.
      I don't ride a motorcycle with ABS braking.
      I don't have a smart phone.
      I don't have an iPad.
      I don't have an android.
      I don't download videos or music.
      I don't use an ATM machine.
      I don't have automatic deposit.
      I don't let any entity automatically debit any of my accounts.
      I don't tweet.
      I don't facebook.
      I don't myspace.
      I don't have an easy pass, EZ-pass, whatever.
      I don't have a playstation.
      I don't have an Xbox.

      When I use an internet map utility to plot a driving route, I use an address that is 15 miles from my house as my starting address.

      I've seen Minority Report.
      I've read 1984.

      OTOH, when I tell them at the hospital that I don't remember my health history, they look it up and tell me stuff from three different doctors. Worse, they focus on some unquantified minor symptoms as if they were full blown diseases.

      "...when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security..."

      This outrage has resulted in the formation of a government of the corporation, by the corporation, for the corporation, (that) shall not perish from the earth.

      More or less,
      ~"It's a jungle out there
      Disorder and confusion everywhere
      Poison in the very air we breath
      You know what's in the water that you drink
      Well I do, and it's amazing
      People think I'm crazy
      'Cause I worry all the time
      If you'd pay attention you'd be worried too"~