Discussion:
iPhone allows Apps to send photos and videos ... anywhere
(too old to reply)
Alan Browne
2012-02-28 21:57:35 UTC
Permalink
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-to-photos-videos-location/?ref=business

or http://tinyurl.com/6rpah85
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Todd Allcock
2012-02-29 02:09:10 UTC
Permalink
Post by Alan Browne
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-
to-photos-videos-location/?ref=business
Post by Alan Browne
or http://tinyurl.com/6rpah85
Amazing. Next thing you'll know, that private diary app I use called
"Facebook" will upload my inner thoughts and feelings to a public website
anyone could read... ;)

Seriously, photo uploading by third-party software is a feature we *want*
in our mobile devices!

How is it that we've survived decades of desktop computer software that
didn't warn us of every data transfer it makes? There has to be a happy
medium between ignorant bliss and a Microsoft Vista UAC-style warning at
every other instruction executed by any app!
Chris Blunt
2012-02-29 08:53:21 UTC
Permalink
On Tue, 28 Feb 2012 19:09:10 -0700, Todd Allcock
Post by Alan Browne
Post by Alan Browne
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-
to-photos-videos-location/?ref=business
Post by Alan Browne
or http://tinyurl.com/6rpah85
Amazing. Next thing you'll know, that private diary app I use called
"Facebook" will upload my inner thoughts and feelings to a public website
anyone could read... ;)
Seriously, photo uploading by third-party software is a feature we *want*
in our mobile devices!
How is it that we've survived decades of desktop computer software that
didn't warn us of every data transfer it makes? There has to be a happy
medium between ignorant bliss and a Microsoft Vista UAC-style warning at
every other instruction executed by any app!
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.

Chris
Davoud
2012-02-29 14:59:30 UTC
Permalink
Post by Chris Blunt
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
But the dialogue says "This allows access to location information in
photos and videos." *Location* *information* . It is not an explicit or
implicit authorization for them to copy one's photographs.

I'm trying really hard to think of a legitimate reason for a software
company to do that. Did the fine print that I didn't read in some
software license transfer to the developer the right to sell my photos
or use them in other ways without additional communication with me?

The Encyclopedia of Life <http://www.eol.org> and certain others
publish my entomological, botanical, and other scientific photographs
under this Creative Commons license
<http://creativecommons.org/licenses/by-nc-sa/3.0/>, but that applies
only to photos that I have chosen to make public. It does not give
anyone the privilege to plunder my photographs from what should be a
private storage area.

This needs to cease, and I shall be asking Apple what they plan to do
to bring an end to it.
--
I agree with almost everything that you have said and almost everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm
Michael Eyd
2012-02-29 15:35:18 UTC
Permalink
Post by Davoud
Post by Chris Blunt
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
But the dialogue says "This allows access to location information in
photos and videos." *Location* *information* . It is not an explicit or
implicit authorization for them to copy one's photographs.
I'm trying really hard to think of a legitimate reason for a software
company to do that. Did the fine print that I didn't read in some
software license transfer to the developer the right to sell my photos
or use them in other ways without additional communication with me?
Interesting...

Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...

My security concerns (agreed, I didn't envision some app to unwillingly
publish information) were pushed aside then... ;-)

So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(

Best regards,

Michael
Davoud
2012-02-29 17:20:41 UTC
Permalink
Post by Michael Eyd
Post by Davoud
Post by Chris Blunt
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
Davoud
Post by Michael Eyd
Post by Davoud
But the dialogue says "This allows access to location information in
photos and videos." *Location* *information* . It is not an explicit or
implicit authorization for them to copy one's photographs.
I'm trying really hard to think of a legitimate reason for a software
company to do that. Did the fine print that I didn't read in some
software license transfer to the developer the right to sell my photos
or use them in other ways without additional communication with me?
Interesting...
Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...
My security concerns (agreed, I didn't envision some app to unwillingly
publish information) were pushed aside then... ;-)
So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(
As I implied in my message to Apple, I don't think this requires rocket
scientists to figure out. My message to Apple of this morning:

Begin quote

I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.

I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything.

As a photographer and a private citizen I view this as a serious
violation of my rights to my creative works, my privacy, and the
privacy of persons who may be listed in my address book.

I urge Apple, Inc. to treat this as an emergency and to take such
measures as are necessary to stop this practice immediately.

The Times reported ³Apple did not respond to a request for comment.²
That is unacceptable. Apple should make a prompt and forthright
disclosure on this subject.

This need not be a complicated issue. It should be an iron-clad rule
that no one may transfer data from a mobile device unless they spell
out very specifically, and in advance, what data they wish to upload,
why they wish to upload the data, and what they plan to do with it. The
"Don't allow/OK" button should ideally have a third option: "Erase this
app from my iTunes Library and all of my mobile devices and refund my
purchase price."

End quote
--
I agree with almost everything that you have said and almost everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm
jcdill
2012-02-29 20:53:59 UTC
Permalink
Post by Davoud
As I implied in my message to Apple, I don't think this requires rocket
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.

This is not rocket science.
Post by Davoud
I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything.
It doesn't matter if they have what you deem a "legitimate" reason or
not. They are offering you a program, and if you want to use that
program (for free or for a small fee) then you agree to THEIR terms of
use. If the TOS gives them the right to access data on your phone, then
it's up to you to allow or deny (and not use the software) according to
your own criteria. Just because YOU may not want to share this
information with the App developer does not make the App bad for
everyone. Others may feel the tradeoff is worthwhile To Them. (This is
why millions of people use Facebook, they feel the functionality of the
site is worth the tradeoff of the privacy and data they give up to FB
for free.) For you to imply that if you don't think it's a worthwhile
tradeoff means the App should be removed or these features disabled is
--- patronizing and arrogant.
Post by Davoud
As a photographer and a private citizen I view this as a serious
violation of my rights to my creative works, my privacy, and the
privacy of persons who may be listed in my address book.
Then you can simply not use/authorize those Apps.
Post by Davoud
This need not be a complicated issue. It should be an iron-clad rule
that no one may transfer data from a mobile device unless they spell
out very specifically, and in advance, what data they wish to upload,
why they wish to upload the data, and what they plan to do with it.
It's up to you to investigate with each company that may want to use
your data what they will do with it. If they were required to spell out
in detail as you suggest within the App authorize process, 99.999% of
people will never bother to read the terms and just click Allow anyway.

And no matter what they say they will or will not do with your data,
once they have it, you really have no control over what they will do
with it. They might have a rouge admin who decides to slurp the data
and sell it. They might be acquired by another company and in the
acquisition the rules for use for this set of data may be lost or
forgotten - the data might end up merged with another set of data with
less restrictive rules, etc.

If you are truly concerned about what they might do with the data, then
your ONLY option is to not enable Apps that have access to that data.
Period.

jc
Alan Browne
2012-02-29 22:02:24 UTC
Permalink
Post by jcdill
Post by Davoud
As I implied in my message to Apple, I don't think this requires rocket
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
1. You authorize "location services". This is typically to location
stamp a photo, find a reatuarant, etc.

2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever. You may have privacy issues with that. You certainly
can't control what happens to the photo once it leaves to a place you
don't know about.

Authorizing one thing (location services) should not give an app the
ability to ship photos (or address books, or documents, or anything
else) out of the phone.

That is the point.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
jcdill
2012-03-01 04:01:17 UTC
Permalink
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever.
Then do NOT use and authorize THOSE Apps. They ask for permission to
access all this data. READ THE TOS.

I have yet to see a cite of an App that took/accessed data that it
didn't say it was accessing in the TOS. If I missed that upthread,
please provide a CITE.

jc
nospam
2012-03-01 05:35:55 UTC
Permalink
Post by jcdill
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever.
Then do NOT use and authorize THOSE Apps. They ask for permission to
access all this data. READ THE TOS.
actually, apps don't ask for permission most of the time and there
isn't always anything to read before installing an app either. of the
apps that do ask permission, it's not always clear what saying yes
really means. using your location does not mean you also give
permission to upload all photos. apple agrees this is a problem and
instead of blaming the victim, apple will be fixing it.
Post by jcdill
I have yet to see a cite of an App that took/accessed data that it
didn't say it was accessing in the TOS. If I missed that upthread,
please provide a CITE.
if so, then you're living in a cave. here are just a few links where
all sorts of information can be uploaded *without* the user's
permission, including your phone number and text messages.

<http://www.pcworld.com/article/249513/mobile_social_network_caught_uplo
ading_users_address_books.html>
Users and critics are upset with Path, the smartphone-based social
network, after a developer discovered that Path was uploading users¹
entire address books to its servers without explicit consent.

<http://www.theregister.co.uk/2009/11/06/iphone_games_storm8_lawsuit/>
"Nonetheless, Storm8 makes use of the 'backdoor' method to access,
collect, and transmit the wireless phone numbers of the iPhones on
which its games are installed," states the complaint, which was filed
in US District Court in Northern California. "Storm8 does so or has
done so in all of its games."

<http://arstechnica.com/tech-policy/news/2011/11/researchers-find-big-le
aks-in-pre-installed-android-apps.ars>
In a paper just published by researchers Michael Grace, Yajin Zhou,
Zhi Wang, and Xuxian Jiang, the four outlined how the vulnerabilities
could be used by an untrusted application to send SMS messages,
record conversations, or even wipe all user data from the handset
without needing the user's permission.

<http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-
covertly-send-gps-data-to-advertisers.ars>
They used TaintDroid to test 30 popular free Android applications
selected at random from the Android market and found that half were
sending private information to advertising servers, including the
user's location and phone number. In some cases, they found that
applications were relaying GPS coordinates to remote advertising
network servers as frequently as every 30 seconds, even when not
displaying advertisements. These findings raise concern about the
extent to which mobile platforms can insulate users from unwanted
invasions of privacy.

<http://techcrunch.com/2011/12/16/att-sprint-samsung-and-htc-weigh-in-on-
their-use-of-carrier-iq/>
The average user of any device equipped with Carrier IQ software has
no way of knowing that this software is running, what information it
is getting, and who it is giving it to-and that¹s a problem.²
jcdill
2012-03-01 18:35:12 UTC
Permalink
Post by nospam
Post by jcdill
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever.
Then do NOT use and authorize THOSE Apps. They ask for permission to
access all this data. READ THE TOS.
actually, apps don't ask for permission most of the time and there
isn't always anything to read before installing an app either. of the
apps that do ask permission, it's not always clear what saying yes
really means. using your location does not mean you also give
permission to upload all photos. apple agrees this is a problem and
instead of blaming the victim, apple will be fixing it.
Post by jcdill
I have yet to see a cite of an App that took/accessed data that it
didn't say it was accessing in the TOS. If I missed that upthread,
please provide a CITE.
if so, then you're living in a cave. here are just a few links where
all sorts of information can be uploaded *without* the user's
permission, including your phone number and text messages.
<http://www.pcworld.com/article/249513/mobile_social_network_caught_uplo
ading_users_address_books.html>
Users and critics are upset with Path, the smartphone-based social
network, after a developer discovered that Path was uploading users¹
entire address books to its servers without explicit consent.
Looks like they are violating their own TOS that you "agree" to when you
install the app. There is NOTHING we can do to stop people from
breaking the law or breaking contracts or TOS. At best, we can remedy
this after the fact with lawsuits and criminal charges.
Post by nospam
<http://www.theregister.co.uk/2009/11/06/iphone_games_storm8_lawsuit/>
"Nonetheless, Storm8 makes use of the 'backdoor' method to access,
collect, and transmit the wireless phone numbers of the iPhones on
which its games are installed," states the complaint, which was filed
in US District Court in Northern California. "Storm8 does so or has
done so in all of its games."
Ditto
Post by nospam
<http://arstechnica.com/tech-policy/news/2011/11/researchers-find-big-le
aks-in-pre-installed-android-apps.ars>
In a paper just published by researchers Michael Grace, Yajin Zhou,
Zhi Wang, and Xuxian Jiang, the four outlined how the vulnerabilities
could be used
"could be used" is not the same as "in use". Software ALWAYS has bugs,
always has vulnerabilities. If you expect that an iDevice (or any
computerized device, or any computer program, or any webserver, etc.)
has no bugs, no vulnerabilities, you are living in a dream world.
Post by nospam
<http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-
covertly-send-gps-data-to-advertisers.ars>
They used TaintDroid to test 30 popular free Android applications
selected at random from the Android market and found that half were
sending private information to advertising servers, including the
user's location and phone number. In some cases, they found that
applications were relaying GPS coordinates to remote advertising
network servers as frequently as every 30 seconds, even when not
displaying advertisements. These findings raise concern about the
extent to which mobile platforms can insulate users from unwanted
invasions of privacy.
I don't see anything here about how they are doing this in violation of
the terms the user agreed to.
Post by nospam
<http://techcrunch.com/2011/12/16/att-sprint-samsung-and-htc-weigh-in-on-
their-use-of-carrier-iq/>
The average user of any device equipped with Carrier IQ software has
no way of knowing that this software is running, what information it
is getting, and who it is giving it to-and that¹s a problem.²
The average user clicks "Agree" without reading the terms. We can't
force people to read and understand when they are giving up their data
and privacy in exchange for free or low-cost services, and MOST PEOPLE
don't want to be "bothered" with these details. They are outraged when
it happens, but they are at FAULT for 99% of the cases when it happens.

<http://www.joyoftech.com/joyoftech/joyarchives/1653.html>

jc
nospam
2012-03-01 19:10:50 UTC
Permalink
Post by jcdill
Post by nospam
Post by jcdill
I have yet to see a cite of an App that took/accessed data that it
didn't say it was accessing in the TOS. If I missed that upthread,
please provide a CITE.
if so, then you're living in a cave. here are just a few links where
all sorts of information can be uploaded *without* the user's
permission, including your phone number and text messages.
<http://www.pcworld.com/article/249513/mobile_social_network_caught_uplo
ading_users_address_books.html>
Users and critics are upset with Path, the smartphone-based social
network, after a developer discovered that Path was uploading users¹
entire address books to its servers without explicit consent.
Looks like they are violating their own TOS that you "agree" to when you
install the app. There is NOTHING we can do to stop people from
breaking the law or breaking contracts or TOS. At best, we can remedy
this after the fact with lawsuits and criminal charges.
if they break their own tos, then what's the point in reading and
agreeing to it the first place?
Post by jcdill
Post by nospam
<http://www.theregister.co.uk/2009/11/06/iphone_games_storm8_lawsuit/>
"Nonetheless, Storm8 makes use of the 'backdoor' method to access,
collect, and transmit the wireless phone numbers of the iPhones on
which its games are installed," states the complaint, which was filed
in US District Court in Northern California. "Storm8 does so or has
done so in all of its games."
Ditto
Post by nospam
<http://arstechnica.com/tech-policy/news/2011/11/researchers-find-big-le
aks-in-pre-installed-android-apps.ars>
In a paper just published by researchers Michael Grace, Yajin Zhou,
Zhi Wang, and Xuxian Jiang, the four outlined how the vulnerabilities
could be used
"could be used" is not the same as "in use". Software ALWAYS has bugs,
always has vulnerabilities. If you expect that an iDevice (or any
computerized device, or any computer program, or any webserver, etc.)
has no bugs, no vulnerabilities, you are living in a dream world.
this isn't about just having vulnerabilities, it's about explicitly
using them to steal personal data. out of the 450k apps on the android
market and more available elsewhere, how do you know which ones 'could
be' versus 'actually are' using those vulnerabilities? you don't.
Post by jcdill
Post by nospam
<http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-
covertly-send-gps-data-to-advertisers.ars>
They used TaintDroid to test 30 popular free Android applications
selected at random from the Android market and found that half were
sending private information to advertising servers, including the
user's location and phone number. In some cases, they found that
applications were relaying GPS coordinates to remote advertising
network servers as frequently as every 30 seconds, even when not
displaying advertisements. These findings raise concern about the
extent to which mobile platforms can insulate users from unwanted
invasions of privacy.
I don't see anything here about how they are doing this in violation of
the terms the user agreed to.
given that no apps were named in that article, how is it you know what
the user did or did not agree to?
Post by jcdill
Post by nospam
<http://techcrunch.com/2011/12/16/att-sprint-samsung-and-htc-weigh-in-on-
their-use-of-carrier-iq/>
The average user of any device equipped with Carrier IQ software has
no way of knowing that this software is running, what information it
is getting, and who it is giving it to-and that¹s a problem.²
The average user clicks "Agree" without reading the terms.
exactly. so it needs to be protected another more effective way.
Post by jcdill
We can't
force people to read and understand when they are giving up their data
and privacy in exchange for free or low-cost services, and MOST PEOPLE
don't want to be "bothered" with these details. They are outraged when
it happens, but they are at FAULT for 99% of the cases when it happens.
we can't force people to not wear fancy jewelry and walk alone at
night, so if they get mugged, then it's their own damned fault.
Post by jcdill
<http://www.joyoftech.com/joyoftech/joyarchives/1653.html>
except it didn't work that way.
Wes Groleau
2012-03-02 05:43:13 UTC
Permalink
Post by nospam
we can't force people to not wear fancy jewelry and walk alone at
night, so if they get mugged, then it's their own damned fault.
You tell 'em!

And while you're at it tell a few rape victims it's their fault, too.
--
Wes Groleau

It seems a pity that psychology should have
destroyed all our knowledge of human nature.
— G. K. Chesterton
Alan Browne
2012-03-02 21:37:38 UTC
Permalink
Post by Wes Groleau
Post by nospam
we can't force people to not wear fancy jewelry and walk alone at
night, so if they get mugged, then it's their own damned fault.
You tell 'em!
And while you're at it tell a few rape victims it's their fault, too.
Increasing or decreasing risk of being a victim lies with the victim
regardless of how much the crime is the fault of the criminal.

So you go on and take your beautiful wife in her club clothes and
jewelry for a midnight walk in the Bronx... when the jewelry is stolen
and she is raped and you're sodomized, beaten and left in a garbage
strewn alleyway you can always claim the moral high ground that it was
not your fault after all.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-03 04:11:43 UTC
Permalink
Post by Alan Browne
So you go on and take your beautiful wife in her club clothes and
jewelry for a midnight walk in the Bronx... when the jewelry is stolen
and she is raped and you're sodomized, beaten and left in a garbage
strewn alleyway you can always claim the moral high ground that it was
not your fault after all.
Guess what? It wasn't.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-03 15:27:52 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
So you go on and take your beautiful wife in her club clothes and
jewelry for a midnight walk in the Bronx... when the jewelry is stolen
and she is raped and you're sodomized, beaten and left in a garbage
strewn alleyway you can always claim the moral high ground that it was
not your fault after all.
Guess what? It wasn't.
I never said it was - see the line you snipped out. The point is that
it is up to individuals to assess risk and avoid being a victim.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-03 15:42:10 UTC
Permalink
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
So you go on and take your beautiful wife in her club clothes and
jewelry for a midnight walk in the Bronx... when the jewelry is
stolen and she is raped and you're sodomized, beaten and left in a
garbage strewn alleyway you can always claim the moral high ground
that it was not your fault after all.
Guess what? It wasn't.
I never said it was - see the line you snipped out. The point is that
it is up to individuals to assess risk and avoid being a victim.
The snipped line is
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the victim
regardless of how much the crime is the fault of the criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-03 15:49:36 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
So you go on and take your beautiful wife in her club clothes and
jewelry for a midnight walk in the Bronx... when the jewelry is
stolen and she is raped and you're sodomized, beaten and left in a
garbage strewn alleyway you can always claim the moral high ground
that it was not your fault after all.
Guess what? It wasn't.
I never said it was - see the line you snipped out. The point is that
it is up to individuals to assess risk and avoid being a victim.
The snipped line is
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the victim
regardless of how much the crime is the fault of the criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
Yes, that's what "..is the fault of the criminal" means.

Are you going to risk contact with those at fault criminals or avoid them?
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-03 16:31:41 UTC
Permalink
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the victim
regardless of how much the crime is the fault of the criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
Yes, that's what "..is the fault of the criminal" means.
"regardless of how much the crime is the fault of the criminal" implies
that the criminal may not be 100% at fault.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-03 17:31:24 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the victim
regardless of how much the crime is the fault of the criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
Yes, that's what "..is the fault of the criminal" means.
"regardless of how much the crime is the fault of the criminal" implies
that the criminal may not be 100% at fault.
No it doesn't as "no matter how much" includes 100%. You're quibbling.

However to remove whatever ambiguity you may perceive I'll hapily
restate it as "... regardless of the crime being entirely the fault of
the criminal."

That changes the risk by nothing, however.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-03 19:41:07 UTC
Permalink
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the
victim regardless of how much the crime is the fault of the
criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
Yes, that's what "..is the fault of the criminal" means.
"regardless of how much the crime is the fault of the criminal"
implies that the criminal may not be 100% at fault.
No it doesn't as "no matter how much" includes 100%. You're quibbling.
yes it includes 100%, but implies that it may be less than 100%.
Post by Alan Browne
However to remove whatever ambiguity you may perceive I'll hapily
restate it as "... regardless of the crime being entirely the fault of
the criminal."
That changes the risk by nothing, however.
True, but the fault is never the victim's. "Risk" does not equal "fault".
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-03 21:47:28 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Increasing or decreasing risk of being a victim lies with the
victim regardless of how much the crime is the fault of the
criminal.
The percentage of fault is 100% to the criminal, and 0% to the victim.
Yes, that's what "..is the fault of the criminal" means.
"regardless of how much the crime is the fault of the criminal"
implies that the criminal may not be 100% at fault.
No it doesn't as "no matter how much" includes 100%. You're quibbling.
yes it includes 100%, but implies that it may be less than 100%.
Only because you choose to read it that way.
Post by Michelle Steiner
Post by Alan Browne
However to remove whatever ambiguity you may perceive I'll hapily
restate it as "... regardless of the crime being entirely the fault of
the criminal."
That changes the risk by nothing, however.
True, but the fault is never the victim's. "Risk" does not equal "fault".
Taking unnecessary risks is the always fault of the risk taker.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-03 23:35:06 UTC
Permalink
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
No it doesn't as "no matter how much" includes 100%. You're quibbling.
yes it includes 100%, but implies that it may be less than 100%.
Only because you choose to read it that way.
Only because English is not my second language.
Post by Alan Browne
Post by Michelle Steiner
True, but the fault is never the victim's. "Risk" does not equal "fault".
Taking unnecessary risks is the always fault of the risk taker.
People who commit crimes are solely responsible for the crimes they commit.
Period.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Howard Brazee
2012-03-04 00:32:40 UTC
Permalink
On Sat, 03 Mar 2012 16:35:06 -0700, Michelle Steiner
Post by Michelle Steiner
People who commit crimes are solely responsible for the crimes they commit.
Period.
As far as responsibility is concerned, I can see numbers greater than
100%. For instance, if your commanding officer commands you to
commit a war crime, you are 100% responsible - and so is he.
--
"In no part of the constitution is more wisdom to be found,
than in the clause which confides the question of war or peace
to the legislature, and not to the executive department."

- James Madison
Alan Browne
2012-03-04 14:04:22 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
No it doesn't as "no matter how much" includes 100%. You're quibbling.
yes it includes 100%, but implies that it may be less than 100%.
Only because you choose to read it that way.
Only because English is not my second language.
Post by Alan Browne
Post by Michelle Steiner
True, but the fault is never the victim's. "Risk" does not equal "fault".
Taking unnecessary risks is the always fault of the risk taker.
People who commit crimes are solely responsible for the crimes they commit.
Period.
Perfectly true.

So is "Taking unnecessary risks is the always fault of the risk taker."
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Alan Browne
2012-03-04 17:20:18 UTC
Permalink
Post by Alan Browne
Post by Michelle Steiner
Post by Alan Browne
Post by Michelle Steiner
No it doesn't as "no matter how much" includes 100%. You're quibbling.
yes it includes 100%, but implies that it may be less than 100%.
Only because you choose to read it that way.
Only because English is not my second language.
Post by Alan Browne
Post by Michelle Steiner
True, but the fault is never the victim's. "Risk" does not equal
"fault".
Taking unnecessary risks is the always fault of the risk taker.
People who commit crimes are solely responsible for the crimes they commit.
Period.
Perfectly true.
So is "Taking unnecessary risks is the always fault of the risk taker."
Of course that can be improved on by moving "always" before "the".

<sheesh>
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-04 19:09:53 UTC
Permalink
Post by Alan Browne
Post by Alan Browne
So is "Taking unnecessary risks is the always fault of the risk taker."
Of course that can be improved on by moving "always" before "the".
Taking unnecessary risks is the fault of always the risk taker? ;)
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-04 19:22:23 UTC
Permalink
Post by Michelle Steiner
Post by Alan Browne
Post by Alan Browne
So is "Taking unnecessary risks is the always fault of the risk taker."
Of course that can be improved on by moving "always" before "the".
Taking unnecessary risks is the fault of always the risk taker? ;)
It sure hell as is.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Wes Groleau
2012-03-04 22:02:10 UTC
Permalink
Post by Alan Browne
Post by Alan Browne
Post by Alan Browne
So is "Taking unnecessary risks is the always fault of the risk taker."
Of course that can be improved on by moving "always" before "the".
Taking unnecessary risks is the fault of always the risk taker? ;)
It sure hell as is.
Professor Yoda says,
"Go to the chalkboard
and write a hundred times,
'verb before noun, put I will not'!"
--
Wes Groleau

“What you see and hear depends a good deal on where you are standing;
it also depends on what kind of person you are.”
-- C.S.Lewis
jcdill
2012-03-02 07:06:24 UTC
Permalink
Post by nospam
if they break their own tos, then what's the point in reading and
agreeing to it the first place?
It's an agreement. You can't (ever) force either side of an agreement
to live up to the terms simply by saying "but but but, we had an
agreement", but if one side fails to live up to the terms, the other
side can sue for damages. So sue them!
Post by nospam
Post by jcdill
<http://www.joyoftech.com/joyoftech/joyarchives/1653.html>
except it didn't work that way.
Except that in most cases, it works EXACTLY that way. Most people don't
read the terms, they just click Agree.

jc
nospam
2012-03-02 17:09:36 UTC
Permalink
Post by jcdill
Post by nospam
if they break their own tos, then what's the point in reading and
agreeing to it the first place?
It's an agreement. You can't (ever) force either side of an agreement
to live up to the terms simply by saying "but but but, we had an
agreement", but if one side fails to live up to the terms, the other
side can sue for damages. So sue them!
except you will need to prove they broke the agreement. if an app
encrypts the data it sends, you will have no way to know what's sent.

path got caught because the data was sent in the clear, unencrypted.
it's likely that in the future, anyone wanting to get at your info
without consent will not make that same mistake.
Post by jcdill
Post by nospam
Post by jcdill
<http://www.joyoftech.com/joyoftech/joyarchives/1653.html>
except it didn't work that way.
Except that in most cases, it works EXACTLY that way. Most people don't
read the terms, they just click Agree.
true, most people don't read it, but as you point out, it won't stop
anything.
Michelle Steiner
2012-03-01 23:02:42 UTC
Permalink
Post by jcdill
The average user clicks "Agree" without reading the terms. We can't
force people to read and understand when they are giving up their data
and privacy in exchange for free or low-cost services, and MOST PEOPLE
don't want to be "bothered" with these details. They are outraged when
it happens, but they are at FAULT for 99% of the cases when it happens.
Do you have evidence for that statistic? When the software does more than
what the user agreed to, it doesn't matter whether the user read the
agreement first.

It's interesting to see how you shills for violators try to excuse the
violations.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
jcdill
2012-03-02 07:25:14 UTC
Permalink
Post by Michelle Steiner
Post by jcdill
The average user clicks "Agree" without reading the terms. We can't
force people to read and understand when they are giving up their data
and privacy in exchange for free or low-cost services, and MOST PEOPLE
don't want to be "bothered" with these details. They are outraged when
it happens, but they are at FAULT for 99% of the cases when it happens.
Do you have evidence for that statistic?
OK, I might be wrong about the "99%", it might be only "92%", per:

http://www.measuringusability.com/blog/eula.php

(Quote)
Assuming it takes a minimum of two minutes to read the License Agreement
(which itself is fast) we can be 95% confident no more than 8% of users
read the License Agreement in full.
(/quote)

Of course, this assumes that people who spent 2 (or more) minutes on the
terms page were actually reading the terms, rather than multi-tasking
and doing something else while the server loaded this page, then
returning and clicking "agree" without reading the page.

Then there's this:

<http://www.thestreet.com/story/11165299/1/10-things-you-didnt-know-you-signed.html>

(quote)
To make the case that no one actually pores through all that legalese,
the software company PC Pitstop included instructions on how to claim a
$1,000 prize via email within its EULA. It took more than 3,000
installations before an alert user noticed the hidden award.
(/quote)

and

(quote)
A survey by Stanford University found that 97% of users automatically
hit "agree" when faced with a user agreement.
(/quote)

So maybe it's 92%, or 97%, or 99.9%

The *exact* number isn't as important as the reality - very very few
people read and comprehend what they are agreeing to when they click "I
agree" (or when the sign a document, for that matter). People know that
if they don't click "I agree" (or don't sign on the dotted line) they
don't get the thing they want, and they aren't willing to put in the
effort to make sure that the terms are fair, and aren't willing to
reject the offer and look elsewhere if the terms aren't fair. The would
rather "hope" that it's not too bad, and just click "I agree".

Oh, and that thestreet.com link above? It also has this gem:

(quote)
GameStation, a video game retailer based in the U.K. had some similar
fun with its online terms of service, giving it "a nontransferable
option to claim, for now and for ever more, your immortal soul." Anyone
who called them out on the demand got a coupon that knocked a few bucks
off their next purchase. The company later relented and decided against
harvesting any of the more than 7,500 souls to which it was entitled.
(/quote)

Do you believe me now?
Post by Michelle Steiner
When the software does more than
what the user agreed to, it doesn't matter whether the user read the
agreement first.
It's interesting to see how you shills for violators try to excuse the
violations.
I'm not shilling for violators.

In theory, there's no difference between theory and practice. In
practice, there is a difference...

In theory, everyone reads and abides by the TOS. In practice, very few
people read the TOS, and if a company fails to abide by their side of
the deal you can't "force" them to comply with the TOS, you can only sue
for damages. To believe otherwise is to tilt at windmills, Don Quixote.

http://en.wikipedia.org/wiki/Tilting_at_windmills

jc
Michelle Steiner
2012-03-02 16:13:09 UTC
Permalink
Post by jcdill
The *exact* number isn't as important as the reality - very very few
people read and comprehend what they are agreeing to when they click "I
agree" (or when the sign a document, for that matter).
then why didn't you just say that instead of making up a number?
Post by jcdill
When the software does more than what the user agreed to, it doesn't
matter whether the user read the agreement first.
It's interesting to see how you shills for violators try to excuse the
violations.
I'm not shilling for violators.
Sure you are. You're saying that when the software violates privacy, it's
the user's fault, even if the agreement didn't cover the specific
violation. You're saying that by agreeing to let the software access
location data, the user is also agreeing to let the software access photos,
even though the agreement didn't say anything about photos.
Post by jcdill
In theory, everyone reads and abides by the TOS. In practice, very few
people read the TOS, and if a company fails to abide by their side of
the deal you can't "force" them to comply with the TOS, you can only sue
for damages. To believe otherwise is to tilt at windmills, Don Quixote.
In other words, you do not believe in prevention.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
jcdill
2012-03-03 01:21:51 UTC
Permalink
Post by Michelle Steiner
Post by jcdill
The *exact* number isn't as important as the reality - very very few
people read and comprehend what they are agreeing to when they click "I
agree" (or when the sign a document, for that matter).
then why didn't you just say that instead of making up a number?
I remember reading the 99% a while back, but when I looked for cites I
only found the ones I listed here. Obviously they aren't the only
studies. It's a hard thing to research because the obvious search terms
bring up pages with links to a TOS or AUP, instead of a study ABOUT
people reading TOS/AUP terms before clicking agree. I'm sure there are
many more studies on this topic than the ones I cited. You are welcome
to do your own research on this if you want to know more.
Post by Michelle Steiner
Post by jcdill
When the software does more than what the user agreed to, it doesn't
matter whether the user read the agreement first.
It's interesting to see how you shills for violators try to excuse the
violations.
I'm not shilling for violators.
Sure you are.
No, I'm not.

When I say "The sun rises in the east." I'm not shilling for the sun,
I'm stating a fact.
Post by Michelle Steiner
You're saying that when the software violates privacy, it's
the user's fault,
I didn't say that.

First, if you give the software permission to do X in order to get
benefit Y, the software isn't violating your privacy.

Second, there is no such thing as "privacy" when we are talking about
what data we let software access. Things you might consider "private"
others might say "have at it". Privacy is a personal issue, and there
is no agreed-upon set of things that one "possesses" which are private
and that you must "give permission" for others to access.
Post by Michelle Steiner
even if the agreement didn't cover the specific
violation.
I never said that either.
Post by Michelle Steiner
You're saying that by agreeing to let the software access
location data, the user is also agreeing to let the software access photos,
even though the agreement didn't say anything about photos.
If the software was explicitly to be used WRT determining the location
of photos, it doesn't need to say "location data in the photos" - it is
reasonably assumed that some other type of "location data" is not what
is being discussed, and "location data" within the photo files IS what
is being discussed.
Post by Michelle Steiner
Post by jcdill
In theory, everyone reads and abides by the TOS. In practice, very few
people read the TOS, and if a company fails to abide by their side of
the deal you can't "force" them to comply with the TOS, you can only sue
for damages. To believe otherwise is to tilt at windmills, Don Quixote.
In other words, you do not believe in prevention.
I'm saying it's impossible to create the environment you propose where
these problems will magically be alleviated.

Let's put it another way, how, EXACTLY, do you think software should
behave to ensure that all users give INFORMED consent for the software
to access the user's system or data? Describe the method, and how users
will be forced to read the terms, and understand the terms, before
installing the software. Describe how this can't be circumvented by
having someone else install the software for you (because the system is
so cumbersome you don't want to bother doing it yourself), or using an
automated method to start up the software (skipping over the stuff you
don't want to read before you click I Agree) etc.

The internet considers censorship damage and routes around it.

Computer users consider Terms/Agreements mere inconveniences between
them and the software they want to use, and they WILL find ways to avoid
reading the terms so that they can more quickly get the software up and
running and use it.

This is human nature. There's NO way around it.

jc
Michelle Steiner
2012-03-03 04:10:13 UTC
Permalink
Post by jcdill
Post by Michelle Steiner
Post by jcdill
When the software does more than what the user agreed to, it doesn't
matter whether the user read the agreement first.
It's interesting to see how you shills for violators try to excuse
the violations.
I'm not shilling for violators.
Sure you are.
No, I'm not.
When I say "The sun rises in the east." I'm not shilling for the sun,
I'm stating a fact.
In this case, you're not stating a fact.
Post by jcdill
Post by Michelle Steiner
You're saying that when the software violates privacy, it's the user's
fault,
I didn't say that.
First, if you give the software permission to do X in order to get
benefit Y, the software isn't violating your privacy.
If you give the software permission to do X in order to get benefit Y, and
the software does Z, it's violating your privacy (assuming that doing Z
involves your privacy).
Post by jcdill
If the software was explicitly to be used WRT determining the location
of photos, it doesn't need to say "location data in the photos" - it is
reasonably assumed that some other type of "location data" is not what
is being discussed, and "location data" within the photo files IS what
is being discussed.
Nice straw man. We're talking about when giving the software permission to
access location data, and it uploads the entire photo file.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-01 18:53:36 UTC
Permalink
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever.
Then do NOT use and authorize THOSE Apps. They ask for permission to
access all this data. READ THE TOS.
When the App says: "Authorize Location Data" that is not Photos.

Clear 'nuff?
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Todd Allcock
2012-03-01 17:51:06 UTC
Permalink
Post by Alan Browne
Post by jcdill
Post by Davoud
As I implied in my message to Apple, I don't think this requires rocket
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
1. You authorize "location services". This is typically to location
stamp a photo, find a reatuarant, etc.
I believe what was authorized wasn't location services, but "access to
location information in photos and videos."

It seems reasonable to me that the app would need the photo to get the
info. If I ask HR Block to do my taxes, I have to let then access my
financial info.

Perhaps for whatever reason, (lack of talent/skills, expediency, etc.),
this dev uses an online service to extract the location infofrom the
photos rather than doing it programmically on the device.
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever. You may have privacy issues with that. You certainly
can't control what happens to the photo once it leaves to a place you
don't know about.
True. That's why there are privacy policies. If you don't trust the
vendor of a product or service, don't use it.
Post by Alan Browne
Authorizing one thing (location services) should not give an app the
ability to ship photos (or address books, or documents, or anything
else) out of the phone.
That is the point.
Again, what was authorized was location data *embedded in photos*, so
access to the photos would seem to be implied. No one has claimed the app
has done anything with the photos other than upload them- no one has seem
their photos pop up on stock photo websites, for example. It's quite
possible that the developer does nothing with the photo itself other than
delete it from their server after extracting the very info you gave
permission for them to acquire. I'm not arguing there may not be better
(or more difficult) ways to extract that info on the device itself, but
many devs take the lazy route of using existing online services to parse
data rather than build complex apps that do the heavy lifting themselves.

I guess I always find the double standard interesting. Holding Apple
accountable for the questionable actions of third-party apps on a phone
when we have no similar accountability expectations on a computer- we may
have absolutely no idea what sort of data mining is going on (if any) on
our desktops which probably has far more sensitive info on it than our
phones, and fewer OS-level mechanisms on place to prevent it.
Howard Brazee
2012-03-01 19:05:13 UTC
Permalink
On Thu, 01 Mar 2012 10:51:06 -0700, Todd Allcock
Post by Todd Allcock
Again, what was authorized was location data *embedded in photos*, so
access to the photos would seem to be implied.
Is that setting accessible from settings and obvious what it does?
--
"In no part of the constitution is more wisdom to be found,
than in the clause which confides the question of war or peace
to the legislature, and not to the executive department."

- James Madison
Michelle Steiner
2012-03-01 23:07:49 UTC
Permalink
Post by Todd Allcock
Again, what was authorized was location data *embedded in photos*, so
access to the photos would seem to be implied.
Accessing the EXIF data does not require uploading the photo itself. True,
it's easier, but it's not required.
Post by Todd Allcock
No one has claimed the app has done anything with the photos other than
upload them- no one has seem their photos pop up on stock photo
websites, for example.
Irrelevant. They accessed data they were not authorized to access.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Alan Browne
2012-03-02 21:42:19 UTC
Permalink
Post by Davoud
Post by Alan Browne
Post by jcdill
Post by Davoud
As I implied in my message to Apple, I don't think this requires
rocket
Post by Alan Browne
Post by jcdill
Post by Davoud
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three
iPhones
Post by Alan Browne
Post by jcdill
Post by Davoud
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
1. You authorize "location services". This is typically to location
stamp a photo, find a reatuarant, etc.
I believe what was authorized wasn't location services, but "access to
location information in photos and videos."
When the question is "can we access location data" (usually understood
to be latitude, longitude, altitude, date, and time, and possibly
include velocity and heading), it does not mean can we take photos from
your iPod and upload them somewhere. This is the nature of the
vulnerability.
Post by Davoud
It seems reasonable to me that the app would need the photo to get the
info. If I ask HR Block to do my taxes, I have to let then access my
financial info.
H&R Block? Really? <snicker>

That you provide to them. You don't grant them access to your accounts.
Post by Davoud
Perhaps for whatever reason, (lack of talent/skills, expediency, etc.),
this dev uses an online service to extract the location infofrom the
photos rather than doing it programmically on the device.
Post by Alan Browne
2. However, the issue at hand is that when you authorize the location
service you also authorize the app to copy phots off of your phone and
up to wherever. You may have privacy issues with that. You certainly
can't control what happens to the photo once it leaves to a place you
don't know about.
True. That's why there are privacy policies. If you don't trust the
vendor of a product or service, don't use it.
The point here is the design of iOS allows access to one thing when
permission is given for another. I expect Apple to fix this in the SDK
such that apps can ask for "location data" and get location data from
photos, not access the photos themselves.

Compartmentalize.
Post by Davoud
Post by Alan Browne
Authorizing one thing (location services) should not give an app the
ability to ship photos (or address books, or documents, or anything
else) out of the phone.
That is the point.
Again, what was authorized was location data *embedded in photos*, so
Not at all. Here is the App question:

Loading Image...

This implies to the user that _location information_ will be used. Not
the photo. Yet, the SDK allows the app to read the photo directly. The
SDK should made such that a call will get the photo location data - not
the photo.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Wes Groleau
2012-03-03 02:49:37 UTC
Permalink
What I'm missing in this long mess is why they get location data from
photos instead of from GPS. I am no longer at the location I was when I
took the photo. And if history is somehow of value, location services
already has a cache of that (which we had another privacy argument about
recently).
--
Wes Groleau

It seems a pity that psychology should have
destroyed all our knowledge of human nature.
— G. K. Chesterton
Todd Allcock
2012-03-03 04:49:39 UTC
Permalink
Post by Wes Groleau
What I'm missing in this long mess is why they get location data from
photos instead of from GPS.
Just a proof of concept app to expose the flaw in iOS' permissions
system, IIRC.
Post by Wes Groleau
I am no longer at the location I was when
I took the photo. And if history is somehow of value, location
services already has a cache of that (which we had another privacy
argument about recently).
Yeah- a better question is why that particular permission exists, or is
it really supposed to be a permission to upload photos that was defined
very, very, badly?
Alan Browne
2012-03-03 15:29:39 UTC
Permalink
Post by Wes Groleau
What I'm missing in this long mess is why they get location data from
photos instead of from GPS. I am no longer at the location I was when I
took the photo. And if history is somehow of value, location services
already has a cache of that (which we had another privacy argument about
recently).
It could be used to display a cookie trail of photo locations.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
jcdill
2012-03-04 08:13:02 UTC
Permalink
Post by Wes Groleau
What I'm missing in this long mess is why they get location data from
photos instead of from GPS. I am no longer at the location I was when I
took the photo. And if history is somehow of value, location services
already has a cache of that (which we had another privacy argument about
recently).
As I understand it, it's to get the location of where you took the
photo. Your present location doesn't identify the location where you
took that photo yesterday, or last week, or last year. The location
data within the photo FILE is the data needed to map the location of the
photo(s).

jc
Wes Groleau
2012-03-04 22:03:23 UTC
Permalink
Post by jcdill
Post by Wes Groleau
What I'm missing in this long mess is why they get location data from
photos instead of from GPS. I am no longer at the location I was when I
took the photo. And if history is somehow of value, location services
already has a cache of that (which we had another privacy argument about
recently).
As I understand it, it's to get the location of where you took the
photo. Your present location doesn't identify the location where you
took that photo yesterday, or last week, or last year. The location data
within the photo FILE is the data needed to map the location of the
photo(s).
That's what I said. Nothing in the photo library can be used to
determine where I am.
--
Wes Groleau

Beware of the man who works hard to learn something, learns
it, and finds himself no wiser than before ... He is full of
murderous resentment of people who are ignorant without having
come by their ignorance the hard way.
— Kurt Vonnegut
Michael Eyd
2012-03-05 07:55:49 UTC
Permalink
Post by jcdill
Post by Wes Groleau
What I'm missing in this long mess is why they get location data from
photos instead of from GPS. I am no longer at the location I was when I
took the photo. And if history is somehow of value, location services
already has a cache of that (which we had another privacy argument about
recently).
As I understand it, it's to get the location of where you took the
photo. Your present location doesn't identify the location where you
took that photo yesterday, or last week, or last year. The location data
within the photo FILE is the data needed to map the location of the
photo(s).
That's what I said. Nothing in the photo library can be used to
determine where I am.
And who implied that this information is of any interest for the purpose
of the app?

And, if the app's purpose was e.g. to display a 'cookie trail' of where
you took photos, getting access to the GPS data cache is no good either.
It would show way too many points, without any indication where you
actually took a photo. Leaving already deleted photos even out of the
discussion (just to add another level of complexity)... ;-)

Best regards,

Michael
Michael Eyd
2012-03-05 08:15:10 UTC
Permalink
Post by Alan Browne
The point here is the design of iOS allows access to one thing when
permission is given for another. I expect Apple to fix this in the SDK
such that apps can ask for "location data" and get location data from
photos, not access the photos themselves.
Compartmentalize.
Actually, what you (and many others around) are now complaining about is
nothing but a widely welcomed feature Apple introduced only recently
(with iOS 4 IIRC): The camera roll being accessible for all apps. Only
with this open policy did it become possible to easily write apps that
can process photos in basically any form the user wants (e.g. via the
Photoshop app or hundreds of other apps).

Apple actually gave up the compartments (with regard to photos) to allow
easier handling - and received quite some applause back then... ;-)

Don't get me wrong, I certainly don't mind restricting this
accessibility somewhat. But I don't expect Apple to completely revert
this accessibility, just give the user some better indication that some
app is currently accessing their photos.
Post by Alan Browne
Post by Todd Allcock
Post by Alan Browne
Authorizing one thing (location services) should not give an app the
ability to ship photos (or address books, or documents, or anything
else) out of the phone.
Accessing photos is open to each and every app without *any* indication
(AFAIK) - only if the photos are geotagged the permission request dialog
is sent.
Post by Alan Browne
Post by Todd Allcock
Post by Alan Browne
That is the point.
Again, what was authorized was location data *embedded in photos*, so
http://graphics8.nytimes.com/images/2012/02/27/technology/bits-photospy/bits-photospy-tmagArticle.jpg
This implies to the user that _location information_ will be used. Not
the photo.
Correctly, as the camera roll is open to all apps anyway.
Post by Alan Browne
Yet, the SDK allows the app to read the photo directly. The
SDK should made such that a call will get the photo location data - not
the photo.
What's the point in that if the photo is accessibly anyway?

Best regards,

Michael

P.S.: All the above stems from my reasoning based on the information I
read over time regarding the security mechanisms in iOS. I'm not an app
programmer myself (at least not yet... ;-) ), so I don't have access to
the official documentation.
nospam
2012-02-29 22:11:47 UTC
Permalink
Post by jcdill
Post by Davoud
As I implied in my message to Apple, I don't think this requires rocket
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
except that there is there's no easy or reliable way to tell what apps
those are and not all of the apps ask for permission either. if an app
uses an encrypted link, there's no way to know what it's sending and if
it doesn't ask, you won't know your information has been compromised.
Post by jcdill
And no matter what they say they will or will not do with your data,
once they have it, you really have no control over what they will do
with it. They might have a rouge admin who decides to slurp the data
and sell it. They might be acquired by another company and in the
acquisition the rules for use for this set of data may be lost or
forgotten - the data might end up merged with another set of data with
less restrictive rules, etc.
exactly why it must be protected.
Davoud
2012-02-29 23:19:18 UTC
Permalink
Post by jcdill
Post by Davoud
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
Post by Davoud
I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything.
It doesn't matter if they have what you deem a "legitimate" reason or
not. They are offering you a program, and if you want to use that
program....
You are greatly mistaken. The onus of not stealing my data is on the
developer of the software. What you are saying is analogous to claiming
that shoplifters are guiltless because the merchandise is right out in
the open and it is the fault of the merchant if it is stolen.
--
I agree with almost everything that you have said and almost everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm
jcdill
2012-03-01 03:59:38 UTC
Permalink
Post by Davoud
Post by jcdill
Post by Davoud
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Then don't use/authorize those Apps.
This is not rocket science.
Post by Davoud
I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything.
It doesn't matter if they have what you deem a "legitimate" reason or
not. They are offering you a program, and if you want to use that
program....
You are greatly mistaken. The onus of not stealing my data is on the
developer of the software.
Clearly this concept (that you agree to let them take certain data in
exchange for your right to use the App) is beyond your understanding. I
suggest you stop using Apps.
Post by Davoud
What you are saying is analogous to claiming
that shoplifters are guiltless because the merchandise is right out in
the open and it is the fault of the merchant if it is stolen.
Your analogy is not analogous at all. If you want to use a
shopper/merchant analogy, it would be similar to a merchant making a
deal with a shopper saying "you can taste all you want from the tasting
tray" and then the shopper taking 1 bite or 100 bites from the tasting
tray. If the merchant doesn't want to let the shopper take 100 bites,
they should say "take 1 taste". If you don't want Apps to take your
data, don't click Agree or Allow on Apps that ask permission to take
your data!


jc
Michelle Steiner
2012-03-01 05:00:20 UTC
Permalink
Post by jcdill
Clearly this concept (that you agree to let them take certain data in
exchange for your right to use the App) is beyond your understanding. I
suggest you stop using Apps.
Clearly this concept that you agree to let them take location data does
not mean that they can take the photographs, address book, and/or other
data.
Post by jcdill
Your analogy is not analogous at all. If you want to use a
shopper/merchant analogy, it would be similar to a merchant making a
deal with a shopper saying "you can taste all you want from the tasting
tray" and then the shopper taking 1 bite or 100 bites from the tasting
tray. If the merchant doesn't want to let the shopper take 100 bites,
they should say "take 1 taste".
In this situation, the agreement was that the app could take location data,
and nothing more than that.

You really should learn the difference between "location" and "everything".
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Wes Groleau
2012-03-01 02:33:50 UTC
Permalink
Post by Davoud
I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything.
And it's even worse than grabbing stuff from the device.

When I connected my iPad to my employer's Exchange server, Facebook
accessed the Exchange address book without asking permission and
begin suggesting I "friend" people I had never met who work for the same
outfit.
--
Wes Groleau

“To know what you prefer, instead of humbly saying
Amen to what the world tells you you should prefer,
is to have kept your soul alive.”
— Robert Louis Stevenson
Chris Blunt
2012-03-01 05:36:15 UTC
Permalink
Post by Davoud
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
Which of your apps do you know allow pictures and addresses to be
uploaded without your permission?

Chris
Wes Groleau
2012-03-02 05:45:36 UTC
Permalink
Post by Chris Blunt
Which of your apps do you know allow pictures and addresses to be
uploaded without your permission?
Facebook
--
Wes Groleau

It seems a pity that psychology should have
destroyed all our knowledge of human nature.
— G. K. Chesterton
Michael Eyd
2012-03-02 11:08:13 UTC
Permalink
Post by Todd Allcock
Post by Chris Blunt
Which of your apps do you know allow pictures and addresses to be
uploaded without your permission?
Facebook
I don't know which Facebook app you're using, but I got asked whether I
would want to search for FB friends using my address book - which I
rejected. And I was never again bothered by suggestions of friends,
which seem to originate from my address book. So I have every reason to
believe (apart from normal paranoia against FB ;-) ) that they accepted
my choice.

As for the photos: I have yet to see any trace of a photo from my iPhone
being uploaded to Facebook without me triggering that explicitly.

So, please substantiate your claim that the FB app does such uploads
without the consent of the user!

Thanks,

Michael

P.S.: I certainly don't want to argue that the app could've uploaded all
that information without my knowledge - technically that's certainly
possible :-( But as long as I don't see any hint that this has happened
in reality (and not only in theory) I hold this in favor of FB.
Wes Groleau
2012-03-03 03:04:51 UTC
Permalink
Post by Michael Eyd
Post by Todd Allcock
Post by Chris Blunt
Which of your apps do you know allow pictures and addresses to be
uploaded without your permission?
Facebook
I don't know which Facebook app you're using, but I got asked whether I
would want to search for FB friends using my address book - which I
I am using the website on my Mac, and the IOS app on my iPad.
I rejected their request to search for "friends" by ANY method.
I probably _receive_ one or two requests a week, more often than not
from people I never heard of.
Post by Michael Eyd
rejected. And I was never again bothered by suggestions of friends,
which seem to originate from my address book. So I have every reason to
I am still get one to three "suggestions" every time I connect.
These, too, are usually people I've never heard of.
I have looked for and not found a setting for "Don't suggest friends"
Post by Michael Eyd
believe (apart from normal paranoia against FB ;-) ) that they accepted
my choice.
As for the photos: I have yet to see any trace of a photo from my iPhone
being uploaded to Facebook without me triggering that explicitly.
I don't think I've seen that either. However, I was quite angry when
a newspaper website displayed my Facebook ID _and_ photo and asked me to
log in to Facebook. I have explicitly answered NO to all of Facebook's
begging for broadcast permission.
Post by Michael Eyd
So, please substantiate your claim that the FB app does such uploads
without the consent of the user!
In my newsreader display, it's four posts higher in this subthread, but
I'll repeat:

When I connected my iPad to my employer's Exchange server, Facebook
accessed the Exchange address book on the server without asking
permission and began suggesting I "friend" people I had never met
who work for the same employer.

I consider Apple an accomplice in that offense.
--
Wes Groleau

It seems a pity that psychology should have
destroyed all our knowledge of human nature.
— G. K. Chesterton
Michael Eyd
2012-03-05 08:22:14 UTC
Permalink
Post by Wes Groleau
Post by Michael Eyd
Post by Todd Allcock
Post by Chris Blunt
Which of your apps do you know allow pictures and addresses to be
uploaded without your permission?
Facebook
I don't know which Facebook app you're using, but I got asked whether I
would want to search for FB friends using my address book - which I
I am using the website on my Mac, and the IOS app on my iPad.
I rejected their request to search for "friends" by ANY method.
I probably _receive_ one or two requests a week, more often than not
from people I never heard of.
Probably from people who found you in FBs global list of members?
Post by Wes Groleau
Post by Michael Eyd
rejected. And I was never again bothered by suggestions of friends,
which seem to originate from my address book. So I have every reason to
I am still get one to three "suggestions" every time I connect.
I see those on the top of my news list as well ever so often - but my
reasoning always was that these are friends of people I'm befriended
with - and they were (in my case at least) never based on my own address
book data! :-)
Post by Wes Groleau
These, too, are usually people I've never heard of.
Same with me, so I just ignore that part of the display... :-)
Post by Wes Groleau
I have looked for and not found a setting for "Don't suggest friends"
Post by Michael Eyd
believe (apart from normal paranoia against FB ;-) ) that they accepted
my choice.
As for the photos: I have yet to see any trace of a photo from my iPhone
being uploaded to Facebook without me triggering that explicitly.
I don't think I've seen that either. However, I was quite angry when
a newspaper website displayed my Facebook ID _and_ photo and asked me to
log in to Facebook. I have explicitly answered NO to all of Facebook's
begging for broadcast permission.
Interesting - and certainly disturbing! Assuming that you were not
logged into FB at that time (otherwise it would have been simple and
easy)...
Post by Wes Groleau
Post by Michael Eyd
So, please substantiate your claim that the FB app does such uploads
without the consent of the user!
In my newsreader display, it's four posts higher in this subthread, but
When I connected my iPad to my employer's Exchange server, Facebook
accessed the Exchange address book on the server without asking
permission and began suggesting I "friend" people I had never met
who work for the same employer.
Either the FB app has a different process implemented just for
connecting to Exchange (which I don't know) or I can't reproduce.
Strange (and at least possibly disturbing) anyways!
Post by Wes Groleau
I consider Apple an accomplice in that offense.
Possible, but (for me) by no means proven...

Best regards,

Michael
Wes Groleau
2012-03-06 05:53:45 UTC
Permalink
Post by Michael Eyd
Post by Wes Groleau
I am using the website on my Mac, and the IOS app on my iPad.
I rejected their request to search for "friends" by ANY method.
I probably _receive_ one or two requests a week, more often than not
from people I never heard of.
Probably from people who found you in FBs global list of members?
Highly unlikely. If Facebook honors my settings, no one can find me
that way. But then I suppose they are not honoring my settings, because
that would explain other things that happened.

Like a dozen friend requests with pictures of headless girls
in skimpy bikinis right after my wife died.
--
Wes Groleau

What kind of smiley is C:\ ?
Todd Allcock
2012-03-01 17:54:05 UTC
Permalink
Post by Davoud
As I implied in my message to Apple, I don't think this requires rocket
Begin quote
I am very concerned by the report in the NY Times that confirms that
apps that I have purchased in the iTunes App Store for my three iPhones
and two iPads may be able to access and upload my private data,
including addresses and photographs, for unknown purposes.
I have wracked my brain trying to think of a legitimate reason for a
developer to take addresses, photographs, or other data that are my
personal property from my Apple mobile devices, but I cannot come up
with anything...
Certainly the apps shouldn't be doing it unwittingly, but these uploads
are typically done by social networking services' apps. What good is
Instapaper if it can't upload a photo? Path, the app that made news
because it uploaded contacts without permission, used the contacts to
match you up with other members you might know who were also using the
service. I'm not arguing they shouldn't have disclosed first, but it does
seem that these are legitimate uses of that data, provided you are
interested in such services to begin with.

Dragon Dictation uploads your contacts (with permission, of course!) to
analyze them for increased accuracy, for example. Also a legitimate use,
IMO.

So, while I agree that apps shouldn't be uploading your content without
permission, there are plenty of legitimate uses for uploading your data
*with* your permission.
Alan Browne
2012-02-29 22:04:39 UTC
Permalink
Post by Michael Eyd
Post by Davoud
Post by Chris Blunt
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
But the dialogue says "This allows access to location information in
photos and videos." *Location* *information* . It is not an explicit or
implicit authorization for them to copy one's photographs.
I'm trying really hard to think of a legitimate reason for a software
company to do that. Did the fine print that I didn't read in some
software license transfer to the developer the right to sell my photos
or use them in other ways without additional communication with me?
Interesting...
Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...
My security concerns (agreed, I didn't envision some app to unwillingly
publish information) were pushed aside then... ;-)
So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(
That's untrue. In the iPhone there are many apps approves or denied
access to various bits of data. The model works, generally, but
allowing photos to be sent when location services are authorized is a
major privacy gaff.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Todd Allcock
2012-03-01 17:25:35 UTC
Permalink
Post by Michael Eyd
Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...
That was me, I believe. Though I wasn't arguing in favor of a completely
open file system, just a shared document folder all third-party apps
could access, and which would sync with iTunes to facilitate getting
documents on/off devices, much like the camera roll.
Post by Michael Eyd
My security concerns (agreed, I didn't envision some app to unwillingly
publish information) were pushed aside then... ;-)
And I'll push them aside now as well. ;)
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(
Exactly, and I'll take flexibility and usability over security any time,
because I can compensate for security myself far more easily than
usability.
Michael Eyd
2012-03-02 11:11:25 UTC
Permalink
Post by Todd Allcock
Post by Michael Eyd
Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...
That was me, I believe. Though I wasn't arguing in favor of a completely
open file system, just a shared document folder all third-party apps
could access, and which would sync with iTunes to facilitate getting
documents on/off devices, much like the camera roll.
Post by Michael Eyd
My security concerns (agreed, I didn't envision some app to unwillingly
publish information) were pushed aside then... ;-)
And I'll push them aside now as well. ;)
Why am I not surprised? ;-)
Post by Todd Allcock
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(
Exactly, and I'll take flexibility and usability over security any time,
because I can compensate for security myself far more easily than
usability.
I would be interested to learn how you want to achieve security all by
yourself in such a setup. Especially concerning 'rogue' apps, that
follow some hidden agenda...

Best of luck,

Michael
Todd Allcock
2012-03-02 16:52:40 UTC
Permalink
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
Some time ago (unfortunately no longer available in my news reader) we
had a discussion right here in mpm.iphone, where somebody argued very
much in favor of an open file system on iOS devices. The expressed idea
was that any application should have access to any data (stored in this
file system). The photo roll was at that time mentioned as a model to
follow...
That was me, I believe. Though I wasn't arguing in favor of a completely
open file system, just a shared document folder all third-party apps
could access, and which would sync with iTunes to facilitate getting
documents on/off devices, much like the camera roll.
Post by Michael Eyd
My security concerns (agreed, I didn't envision some app to
unwillingly
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
publish information) were pushed aside then... ;-)
And I'll push them aside now as well. ;)
Why am I not surprised? ;-)
Post by Todd Allcock
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or security - both
at the same time (with a good usability) is virtually impossible. At
least I have yet to see it combined... :-(
Exactly, and I'll take flexibility and usability over security any time,
because I can compensate for security myself far more easily than
usability.
I would be interested to learn how you want to achieve security all by
yourself in such a setup. Especially concerning 'rogue' apps, that
follow some hidden agenda...
Herd Immunity. Sticking to popular, well vetted apps (e.g. Facebook) from
vendors with reputations to protect. (Facebook, Google, Microsoft, etc.)

Using social networking services (FB, Linked In, Twitter, 4Square, etc.)
via their mobile website or official apps, and not third-party apps from
unknown/anonymous devs.

Again, I don't see how security on a mobile device is fundamentally any
different from security on a connected desktop computer.
Michael Eyd
2012-03-02 17:39:47 UTC
Permalink
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or
security - both at the same time (with a good usability) is
virtually impossible. At least I have yet to see it combined...
:-(
Exactly, and I'll take flexibility and usability over security
any time, because I can compensate for security myself far more
easily than usability.
I would be interested to learn how you want to achieve security all
by yourself in such a setup. Especially concerning 'rogue' apps,
that follow some hidden agenda...
Herd Immunity. Sticking to popular, well vetted apps (e.g. Facebook)
from vendors with reputations to protect. (Facebook, Google,
Microsoft, etc.)
Facebook has a reputation to loose? So you're the one who's still
trusting them to be good with your data... ;-) Frankly, the only
reputation FB could loose with me is that I don't trust them wider than
my eyelashes reach...
Post by Todd Allcock
Using social networking services (FB, Linked In, Twitter, 4Square,
etc.) via their mobile website or official apps, and not third-party
apps from unknown/anonymous devs.
That's anyway a standard and basic rule - but IMHO by no means
sufficient to make sure my data stays with me!
Post by Todd Allcock
Again, I don't see how security on a mobile device is fundamentally
any different from security on a connected desktop computer.
Exactly - it requires (at least) the same amount of alertness,
consideration what one does, ... as on any other computer (being
connected to the internet). And 'herd immunity' IMHO doesn't help very
much there - for that the tools the bad guys use are way to
sophisticated by now.

But continue to believe in your security, I surely hope that you won't
wake up one morning to find out that you weren't as secure as you thought...

Best regards,

Michael
Todd Allcock
2012-03-03 01:13:25 UTC
Permalink
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or
security - both at the same time (with a good usability) is
virtually impossible. At least I have yet to see it combined...
:-(
Exactly, and I'll take flexibility and usability over security
any time, because I can compensate for security myself far more
easily than usability.
I would be interested to learn how you want to achieve security all
by yourself in such a setup. Especially concerning 'rogue' apps,
that follow some hidden agenda...
Herd Immunity. Sticking to popular, well vetted apps (e.g. Facebook)
from vendors with reputations to protect. (Facebook, Google,
Microsoft, etc.)
Facebook has a reputation to loose? So you're the one who's still
trusting them to be good with your data... ;-) Frankly, the only
reputation FB could loose with me is that I don't trust them wider than
my eyelashes reach...
Facebook knows its audience. People who care about online security to
any extent wouldn't put every little detail of their life on a public
website. When someone's cumulative posts include their address and/or
phone number, brags about their new home theater purchase, and says
they're going to Disney for two weeks in March, a phone uploading their
contacts surreptitiously is the least of their problems!
Post by Michael Eyd
Post by Todd Allcock
Using social networking services (FB, Linked In, Twitter, 4Square,
etc.) via their mobile website or official apps, and not third-party
apps from unknown/anonymous devs.
That's anyway a standard and basic rule - but IMHO by no means
sufficient to make sure my data stays with me!
It's a start. In the case we're discussing, the data uploads are
potentially the work of "rogue apps." Seems the easiest protection is to
avoid apps that may go rogue.
Post by Michael Eyd
Post by Todd Allcock
Again, I don't see how security on a mobile device is fundamentally
any different from security on a connected desktop computer.
Exactly - it requires (at least) the same amount of alertness,
consideration what one does, ... as on any other computer (being
connected to the internet). And 'herd immunity' IMHO doesn't help very
much there - for that the tools the bad guys use are way to
sophisticated by now.
And professional bad guys can probably get around my factory-installed
car alarm, but I'm protected from the general riff-raff and rank
amateurs. Online security is the same- a determined, skilled hacker will
be able to thwart virtually any protection I'm willing to inconvenience
myself with. (A paranoid acquaintence of mine who's an amateur
unpublished author won't connect the PC she writes on to the internet
lest "the hackers" steal her manuscripts. I'm not wiling to give up the
internet, for example, in the name of security. I'm not willing to to
give up my hosted mail server though hackers might break in and read my
email, etc.)
Post by Michael Eyd
But continue to believe in your security, I surely hope that you won't
wake up one morning to find out that you weren't as secure as you thought...
There's a very old joke that goes something like this: two men are
walking through an African game reserve when they come across a lion. The
first man calmly puts down his backpack and slips on the running shoes he
has been carrying. The other man chuckles and says, “You’ll never outrun
a lion." The first man calmly responds, “I don’t need to outrun the lion;
I just need to outrun YOU."

Security is a lot like that. You'll never be 100% secure, at least
without major inconvenience. The trick is to avoid being a low-hanging
fruit, and let the bad guys go after easier targets- that's what I meant
by "herd immunity". In the herd, only the sick and weak get picked off.
As operating systems, both desktop and mobile, get more inherently
secure, hacking attempts have moved from purely technological to
social/psychological (e.g. the fake anti-malware browser popups that
claim to have scanned your entire computer in six seconds and found
dozens of trojans, viruses, spyware, etc. and try to trick you to
download and install a "security update" because the OS doesn't allow
"drive-by" installs.) Even the bad guys can't get malware on computers
without our help these days, so they have to trick us into doing it for
them.
Michael Eyd
2012-03-05 08:41:49 UTC
Permalink
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Post by Michael Eyd
So, it's again the old trade off: Either flexibility or
security - both at the same time (with a good usability) is
virtually impossible. At least I have yet to see it combined...
:-(
Exactly, and I'll take flexibility and usability over security
any time, because I can compensate for security myself far more
easily than usability.
I would be interested to learn how you want to achieve security all
by yourself in such a setup. Especially concerning 'rogue' apps,
that follow some hidden agenda...
Herd Immunity. Sticking to popular, well vetted apps (e.g. Facebook)
from vendors with reputations to protect. (Facebook, Google,
Microsoft, etc.)
Facebook has a reputation to loose? So you're the one who's still
trusting them to be good with your data... ;-) Frankly, the only
reputation FB could loose with me is that I don't trust them wider than
my eyelashes reach...
Facebook knows its audience. People who care about online security to
any extent wouldn't put every little detail of their life on a public
website. When someone's cumulative posts include their address and/or
phone number, brags about their new home theater purchase, and says
they're going to Disney for two weeks in March, a phone uploading their
contacts surreptitiously is the least of their problems!
Well, if they feel like it... ;-) Still, for me this would never be
enough to accept the un-approved uploading of my own data.
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Using social networking services (FB, Linked In, Twitter, 4Square,
etc.) via their mobile website or official apps, and not third-party
apps from unknown/anonymous devs.
That's anyway a standard and basic rule - but IMHO by no means
sufficient to make sure my data stays with me!
It's a start. In the case we're discussing, the data uploads are
potentially the work of "rogue apps." Seems the easiest protection is to
avoid apps that may go rogue.
The problem is that you have no guarantee whatsoever, that the
'official' app is not actually a rogue app. Not because it was written
by criminals in the first place, but because it follows its own agenda
which you would consider (if you knew about it) as 'rogue'.
Post by Todd Allcock
Post by Michael Eyd
Post by Todd Allcock
Again, I don't see how security on a mobile device is fundamentally
any different from security on a connected desktop computer.
Exactly - it requires (at least) the same amount of alertness,
consideration what one does, ... as on any other computer (being
connected to the internet). And 'herd immunity' IMHO doesn't help very
much there - for that the tools the bad guys use are way to
sophisticated by now.
And professional bad guys can probably get around my factory-installed
car alarm, but I'm protected from the general riff-raff and rank
amateurs. Online security is the same- a determined, skilled hacker will
be able to thwart virtually any protection I'm willing to inconvenience
myself with.
Full ACK!
Post by Todd Allcock
(A paranoid acquaintence of mine who's an amateur
unpublished author won't connect the PC she writes on to the internet
lest "the hackers" steal her manuscripts. I'm not wiling to give up the
internet, for example, in the name of security. I'm not willing to to
give up my hosted mail server though hackers might break in and read my
email, etc.)
Post by Michael Eyd
But continue to believe in your security, I surely hope that you won't
wake up one morning to find out that you weren't as secure as you
thought...
There's a very old joke that goes something like this: two men are
walking through an African game reserve when they come across a lion. The
first man calmly puts down his backpack and slips on the running shoes he
has been carrying. The other man chuckles and says, “You’ll never outrun
a lion." The first man calmly responds, “I don’t need to outrun the lion;
I just need to outrun YOU."
I know this one - but as good as it sounds, exactly this behavior might
lead you even deeper into trouble. Assume e.g. (to stay in the joke's
picture) that the lion you see is just one out of a bunch, and his job
is to chase the prey towards the line of the rest of the pack. Guess who
would be eaten first... ;-)
Post by Todd Allcock
Security is a lot like that. You'll never be 100% secure, at least
without major inconvenience. The trick is to avoid being a low-hanging
fruit, and let the bad guys go after easier targets- that's what I meant
by "herd immunity".
And my point is that herd immunity is difficult to judge, as long as you
don't know for what criteria would make you (appear) weak to an attacker.
Post by Todd Allcock
In the herd, only the sick and weak get picked off.
As operating systems, both desktop and mobile, get more inherently
secure, hacking attempts have moved from purely technological to
social/psychological (e.g. the fake anti-malware browser popups that
claim to have scanned your entire computer in six seconds and found
dozens of trojans, viruses, spyware, etc. and try to trick you to
download and install a "security update" because the OS doesn't allow
"drive-by" installs.) Even the bad guys can't get malware on computers
without our help these days, so they have to trick us into doing it for
them.
Believe me, they can get malware onto your PC (and Mac for that matter),
if they really want to. But at this time it seems to be easier to rely
on people's widespread ability to take everything that's for free... ;-)
But that doesn't mean that there are no other ways. If you want proof of
that, just analyze the latest security patches from the big software
manufacturers, and check them for vulnerabilities of the highest
category. These are exploitable without user interaction, and suitable
combination of such vulnerabilities would then finally do the trick.

Best regards,

Michael
Alan Browne
2012-02-29 21:58:39 UTC
Permalink
Post by Chris Blunt
On Tue, 28 Feb 2012 19:09:10 -0700, Todd Allcock
Post by Alan Browne
Post by Alan Browne
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-
to-photos-videos-location/?ref=business
Post by Alan Browne
or http://tinyurl.com/6rpah85
Amazing. Next thing you'll know, that private diary app I use called
"Facebook" will upload my inner thoughts and feelings to a public website
anyone could read... ;)
Seriously, photo uploading by third-party software is a feature we *want*
in our mobile devices!
How is it that we've survived decades of desktop computer software that
didn't warn us of every data transfer it makes? There has to be a happy
medium between ignorant bliss and a Microsoft Vista UAC-style warning at
every other instruction executed by any app!
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did.
Nothing you can do about it.

This is a privacy issue.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Michelle Steiner
2012-03-01 00:37:58 UTC
Permalink
Post by Alan Browne
Post by Chris Blunt
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did. Nothing
you can do about it.
This is a privacy issue.
There are people who think that companies are more important than people,
and that whatever a company does is OK and should be defended. And if you
get hurt or even inconvenienced by what a company does, it's your fault.

Except when a company has pro-GLBT, pro-union, or pro-choice positions,
that is.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Chris Blunt
2012-03-01 05:36:15 UTC
Permalink
On Wed, 29 Feb 2012 16:58:39 -0500, Alan Browne
Post by Alan Browne
Post by Chris Blunt
On Tue, 28 Feb 2012 19:09:10 -0700, Todd Allcock
Post by Alan Browne
Post by Alan Browne
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-
to-photos-videos-location/?ref=business
Post by Alan Browne
or http://tinyurl.com/6rpah85
Amazing. Next thing you'll know, that private diary app I use called
"Facebook" will upload my inner thoughts and feelings to a public website
anyone could read... ;)
Seriously, photo uploading by third-party software is a feature we *want*
in our mobile devices!
How is it that we've survived decades of desktop computer software that
didn't warn us of every data transfer it makes? There has to be a happy
medium between ignorant bliss and a Microsoft Vista UAC-style warning at
every other instruction executed by any app!
The funny part about it is the article starts off by showing the app
requesting permission to access picture location data. There's a great
big button there with "Don't Allow" on it.
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did.
Nothing you can do about it.
This is a privacy issue.
So which specific app that has been approved by Apple do you claim
allows that?
Alan Browne
2012-03-01 18:54:36 UTC
Permalink
Post by Chris Blunt
On Wed, 29 Feb 2012 16:58:39 -0500, Alan Browne
Post by Alan Browne
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did.
Nothing you can do about it.
This is a privacy issue.
So which specific app that has been approved by Apple do you claim
allows that?
Read the article. It is a vulnerability. It is good that it is caught
before it becomes an issue. If indeed there is not an App out there
already uploading photos w/o the user's consent to upload photos (not
location data).
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Chris Blunt
2012-03-02 04:35:12 UTC
Permalink
On Thu, 01 Mar 2012 13:54:36 -0500, Alan Browne
Post by Alan Browne
Post by Chris Blunt
On Wed, 29 Feb 2012 16:58:39 -0500, Alan Browne
Post by Alan Browne
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did.
Nothing you can do about it.
This is a privacy issue.
So which specific app that has been approved by Apple do you claim
allows that?
Read the article. It is a vulnerability. It is good that it is caught
before it becomes an issue. If indeed there is not an App out there
already uploading photos w/o the user's consent to upload photos (not
location data).
I did read the article. This app called PhotoSpy was developed to show
what theoretically could be done. Big deal. People have been producing
viruses, trojans, and spyware on computers for years - its a fact of
life.

The point is that PhotoSpy was never approved by Apple, and in fact
was never even submitted to the App Store. All this firing off of
emails to Apple complaining about non-existent apps that allow your
photos to be uploaded without your knowledge is just nonsense. The
only way you could run a non-approved app like that is to jailbreak
your phone. So you deliberately remove the protection that Apple
provide you with and then go crying to them because someone stole your
pictures.

Chris
nospam
2012-03-02 05:03:58 UTC
Permalink
Post by Chris Blunt
Post by Alan Browne
Read the article. It is a vulnerability. It is good that it is caught
before it becomes an issue. If indeed there is not an App out there
already uploading photos w/o the user's consent to upload photos (not
location data).
I did read the article. This app called PhotoSpy was developed to show
what theoretically could be done. Big deal. People have been producing
viruses, trojans, and spyware on computers for years - its a fact of
life.
that's a very dangerous attitude.
Post by Chris Blunt
The point is that PhotoSpy was never approved by Apple, and in fact
was never even submitted to the App Store.
wrong. that's not the point at all.
Post by Chris Blunt
All this firing off of
emails to Apple complaining about non-existent apps that allow your
photos to be uploaded without your knowledge is just nonsense.
wrong. it's not nonsense at all. this app shows just how easy it is to
do, which means it's *very* possible that existing apps in the app
store are doing it.
Post by Chris Blunt
The
only way you could run a non-approved app like that is to jailbreak
your phone. So you deliberately remove the protection that Apple
provide you with and then go crying to them because someone stole your
pictures.
once again, this isn't about that particular app. it's about the fact
that *any* of the apps on the app store could be uploading your photos,
contacts and other data without your knowledge or consent, nor do you
have any way to reliably determine it's even happening.

unlike you, apple realizes just how serious it is and will be fixing it.
Alan Browne
2012-03-02 21:34:57 UTC
Permalink
Post by Chris Blunt
On Thu, 01 Mar 2012 13:54:36 -0500, Alan Browne
Post by Alan Browne
Post by Chris Blunt
On Wed, 29 Feb 2012 16:58:39 -0500, Alan Browne
Post by Alan Browne
The purpose of "location" is location stamp the image. Not to allow an
App to upload the photo to anywhere the App may be programmed by the App
maker to do. You don't know where it goes, or even that it did.
Nothing you can do about it.
This is a privacy issue.
So which specific app that has been approved by Apple do you claim
allows that?
Read the article. It is a vulnerability. It is good that it is caught
before it becomes an issue. If indeed there is not an App out there
already uploading photos w/o the user's consent to upload photos (not
location data).
I did read the article. This app called PhotoSpy was developed to show
what theoretically could be done. Big deal. People have been producing
viruses, trojans, and spyware on computers for years - its a fact of
life.
The _point_ is that authorizing one thing does not authorize another.
Because of the obfuscatory nature of the "permission" a vulnerability is
created. I for one expect Apple to address this.

And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.

Unlike Windows and Android which are breeding grounds for malware.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
bigdude
2012-03-04 20:25:59 UTC
Permalink
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
--
bigD
Alan Browne
2012-03-04 20:45:22 UTC
Permalink
Post by bigdude
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
Not so much a niche anymore. Mac computers outsell any other single
computer vendor (eg: Dell, hp...). Mac remains a smaller overall OS
share, but it is growing.
Post by bigdude
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
Apple acknowledged the halo effect of the iPhone/iPod/iPad in increasing
Mac sales a couple years ago.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Jolly Roger
2012-03-04 22:29:46 UTC
Permalink
Post by bigdude
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
Uh huh. People have been saying that Macs don't have as many viruses and
malware is because of the relatively small market share for many years.
Those same dolts have also been saying one day soon Macs will see a huge
increase in malware, since Mac OS X started becoming popular over ten
years ago. Now you're telling us it's the iPhone and iPad making the Mac
malware epidemic inevitable and soon to hit. I notice you don't mention
any specific technical aspects of what makes Windows so vulnerable, and
how those apply to OS X. I bet you don't even have a clue as to how OS X
differs from other operating systems that are so malware ridden (*ahem,
Windows). I think if you did bother to learn enough about the
differences between the two operating systems, along with the
differences in environments and market segments that use the two
operating systems, you likely wouldn't be voicing such horse shit. Keep
on propagating that silly "Mac users malware-free days are numbered"
line if you feel you must - just know you sound very silly to those of
us who know better. Meanwhile I won't be holding my breath.
--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR
Alan Browne
2012-03-04 23:00:10 UTC
Permalink
Post by Jolly Roger
Post by bigdude
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
Uh huh. People have been saying that Macs don't have as many viruses and
malware is because of the relatively small market share for many years.
Those same dolts have also been saying one day soon Macs will see a huge
increase in malware, since Mac OS X started becoming popular over ten
Funny. I read his post as a nod to increasing Mac sales not as an
proposition of increasing malware on Apple products. But I think you
read it right. As to your reply? Well you got that right too.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Jolly Roger
2012-03-04 23:15:38 UTC
Permalink
Post by Alan Browne
Post by Jolly Roger
Post by bigdude
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
Uh huh. People have been saying that Macs don't have as many viruses and
malware is because of the relatively small market share for many years.
Those same dolts have also been saying one day soon Macs will see a huge
increase in malware, since Mac OS X started becoming popular over ten
Funny. I read his post as a nod to increasing Mac sales not as an
proposition of increasing malware on Apple products.
Maybe you're right. It sounded more to me like the all-too-familiar Mac
malware jab.
--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR
Michelle Steiner
2012-03-05 01:07:07 UTC
Permalink
Post by Jolly Roger
Maybe you're right. It sounded more to me like the all-too-familiar Mac
malware jab.
I thought he was saying that iOS devices were going to be attacked with
malware because they have such a large percentage of that market.

But he's a troll, so I didn't bother to reply to him any more.
--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.
Todd Allcock
2012-03-05 07:23:22 UTC
Permalink
Post by Jolly Roger
Uh huh. People have been saying that Macs don't have as many viruses and
malware is because of the relatively small market share for many years.
Those same dolts have also been saying one day soon Macs will see a huge
increase in malware, since Mac OS X started becoming popular over ten
years ago. Now you're telling us it's the iPhone and iPad making the Mac
malware epidemic inevitable and soon to hit. I notice you don't mention
any specific technical aspects of what makes Windows so vulnerable, and
how those apply to OS X. I bet you don't even have a clue as to how OS X
differs from other operating systems that are so malware ridden (*ahem,
Windows). I think if you did bother to learn enough about the
differences between the two operating systems, along with the
differences in environments and market segments that use the two
operating systems, you likely wouldn't be voicing such horse shit. Keep
on propagating that silly "Mac users malware-free days are numbered"
line if you feel you must - just know you sound very silly to those of
us who know better. Meanwhile I won't be holding my breath.
Actually, both sides are right, sort of. Windows, in it's present
iteration,
is just about as immune to malware as Mac OS- the Win OS architecture
is much different these days and pretty much requires any malware to be
installed manually by the end-users themselves.

This, unfortunately, has caused malware writers to change tactics, and
use social engineering to trick users into installing malware themselves
thinking it's something else, since drive-by and macro-based attacks are
pretty much useless today with Win 7.

The most common malware attacks today are website popups (usually from
the types of websites most of us wouldn't admit to visiting even if we
did) proclaiming our "security software detected x# of viruses" with a
fairly realistic depiction of a typical anti-malware results screen.
That pop-up would explain our anti-virus software (never actually named
specifically, lest the user not recognize it) is out of date and then
instructs you to download and install the update (which, of course, is
the trojan/malware), and specifically explains (with helpful pictures!)
how to circumvent the various popups and warnings Windows will throw at
you desperately trying to get you NOT to install the untrusted, virus-
laden download. The more sophisticated versions are clever enough to not
actually be viruses (lest one's actual security software warn the user)
but instead change some user settings on the computer, like disabling the
File Explorer, Task Manager, and Program Installer (any of which would
help undo the attack) and directing all browsing to the bad guys'
websites that explain their $79 security software can fix these problems
and yes, they take Paypal. (My son got nailed by one of these last year
on his PC that was still running Vista and it was a real PITA to undo!)


These types of scams have been perpetrated on Mac users as well, (e.g.
the fake "Mac Defender" security software attacks last spring) but aren't
typically as effective since most Mac users probably aren't as easily
fooled (or perhaps just confused!) by security popups, unlike long time
Windows users that historically have probably seen their fair share of
security software warnings and popups.

Apparently a new one is going around for Macs the last few weeks that
masquerades as a Flash Player update that might be more believable (I
don't know about Mac OS, but it seems on the Windows side, Flash gets
updated almost weekly these days.)
Wes Groleau
2012-03-06 05:08:44 UTC
Permalink
Post by Todd Allcock
These types of scams have been perpetrated on Mac users as well, (e.g.
the fake "Mac Defender" security software attacks last spring) but aren't
typically as effective since most Mac users probably aren't as easily
fooled (or perhaps just confused!) by security popups, unlike long time
Windows users that historically have probably seen their fair share of
security software warnings and popups.
The biggest reason for not being fooled by some of these things (if
you're on a Mac) is that they look exactly like Windows XP pop-ups.

:-)
--
Wes Groleau

“There ain't nothin' in this world that's worth being a snot over.”
— Larry Wall
Todd Allcock
2012-03-06 05:37:29 UTC
Permalink
Post by Wes Groleau
Post by Todd Allcock
These types of scams have been perpetrated on Mac users as well, (e.g.
the fake "Mac Defender" security software attacks last spring) but aren't
typically as effective since most Mac users probably aren't as easily
fooled (or perhaps just confused!) by security popups, unlike long time
Windows users that historically have probably seen their fair share of
security software warnings and popups.
The biggest reason for not being fooled by some of these things (if
you're on a Mac) is that they look exactly like Windows XP pop-ups.
:-)
True. I often wonder if most of the Mac victims are recent converts from
Windows who just think "hey, these look just like the popups on my old
computer!" ;)

Kidding aside, though, that just illustrates the laziness of most of the
bad guys. Will more users be fooled by the latest Flash update con, or
maybe a more realistic (at least Mac OS-themed rather than XP-themed!)
"iTunes security update" or some such?

OTOH, maybe they just don't try all that hard and just assume we're all
stupid. Even after all of these years, most email phishing scams still
look amateurish, replete with spelling errors, oddly translated idioms,
and unlikely scenarios (e.g. why are my multiple, vast, and as yet
unclaimed, winnings from the Microsoft and Coca Cola lotteries are coming
from Europe when both companies are headquartered in the USA? Or why that
nice American corporal wanting to split that hidden Iraqi gold cache with
me sounds like a character from a Rudyard Kipling story?)
Wes Groleau
2012-03-06 05:57:20 UTC
Permalink
Post by Todd Allcock
OTOH, maybe they just don't try all that hard and just assume we're all
Or they still assume we're all using Windows.
Post by Todd Allcock
stupid. Even after all of these years, most email phishing scams still
look amateurish, replete with spelling errors, oddly translated idioms,
Or they assume we're all stupid because THEY are stupid.

And they don't know there messages are bad. All they know is they get
results. If it works, don't fix it.
--
Wes Groleau

“The American Republic will endure until the day Congress discovers
that it can bribe the public with the public’s money.”
— Alexis de Tocqueville
bigdude
2012-03-08 22:37:00 UTC
Permalink
Post by Jolly Roger
Post by bigdude
Post by Alan Browne
And malware is _not_ a fact of life in the Mac OS X/iOS domains. It is
rare, usually minor in impact, and quickly dealt with.
true for Mac OS as it was always a niche segment of the computer market.
but this is likely to change with the iPhone/iPad as Apple is now a
major player in the smart phone/ tablet market.
Uh huh. People have been saying that Macs don't have as many viruses and
malware is because of the relatively small market share for many years.
Those same dolts have also been saying one day soon Macs will see a huge
increase in malware, since Mac OS X started becoming popular over ten
years ago. Now you're telling us it's the iPhone and iPad making the Mac
malware epidemic inevitable and soon to hit. I notice you don't mention
any specific technical aspects of what makes Windows so vulnerable, and
how those apply to OS X. I bet you don't even have a clue as to how OS X
differs from other operating systems that are so malware ridden (*ahem,
Windows). I think if you did bother to learn enough about the
differences between the two operating systems, along with the
differences in environments and market segments that use the two
operating systems, you likely wouldn't be voicing such horse shit. Keep
on propagating that silly "Mac users malware-free days are numbered"
line if you feel you must - just know you sound very silly to those of
us who know better. Meanwhile I won't be holding my breath.
Poor thing, did I rattle your USENET cage?
Couple of harmless remarks regarding future scenarios in the malware
world, I was actually thinking of viruses in the iPad/iPhone, not the
bloody Mac, hardly use mine anymore.
So get a life you rude, know-it-all-better prick!

Alan Browne
2012-02-29 21:58:02 UTC
Permalink
Post by Alan Browne
Post by Alan Browne
http://bits.blogs.nytimes.com/2012/02/28/tk-ios-gives-developers-access-
to-photos-videos-location/?ref=business
Post by Alan Browne
or http://tinyurl.com/6rpah85
Seriously, photo uploading by third-party software is a feature we *want*
in our mobile devices!
When it's intentional, yes. This is about apps having the ability to
upload phots to any site w/o you knowing about it - or being able to do
anything about it.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
Loading...