Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>"The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Some are located more than 100 miles away because the database contains every location ever logged. Despite the fact that hotspots and cell towers over the horizon cannot play a role in accurately determining your location, Apple's response is intended to create the impression that they play such a role and thus justify permanent storage.

Furthermore, short of magic, there is no way to send a relevant subset of the crowd sourced data to an iPhone without first knowing both the location of the iPhone and its unique identity.

>"The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone."

Apple is trying to create the impression that storing the data from which location can be triangulated is somehow significantly different from storing the actual location and again creating misdirection with the reference to "more than one hundred miles away from the iPhone."

>"5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data? No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data."

In an interesting shift of language, Apple's answer is technically about the person's location rather than the location of the iPhone and it could be argued that in this context "source" refers to the person using the iPhone rather than the identity of the iPhone. Given that "cannot" rather than "do not" is used, the limitation does not correlate with something in an algorithm since an algorithm can be changed to identify the specific iPhone.



> Furthermore, short of magic, there is no way to send a relevant subset of the crowd sourced data to an iPhone without first knowing both the location of the iPhone and its unique identity.

If you consider recording the id of the cell tower the phone is connected to magic..


If Apple can do so without tracking the location of the iPhone and knowing its identity, yes. But then the scenario you propose admits that Apple tracks the location of the iPhone to some degree.

The most charitable case would be that Apple only tracks location based on the cell tower to which the iPhone is connected. The worst case is that it tracks location based on every hotspot and celltower the iPhone sees.

Since the most charitable case would produce the least predictive power when selecting a relevant subset of the crowd sourced data and the worst tracking case would produce the most predictive power - and given the level of detail reported to be stored on the iPhone is consistent with the worst case and less consistent with the most charitable case - the worst case scenario regarding tracking would appear to be more likely.


The device ID is not necessary for such a query to be successful, though. If you as the device programmer were interested in getting the subset of the cache for your location, the method signature would need be nothing more complicated than:

  +(DBConsolidated) subsetForDevice:(NSArray *)visibleTowers:(NSArray *)visibleHotSpots
So even in the "worst" case described by you no identifying data is sent. This could possibly be statistically analyzed, but given Apple's flat denials, a plausible technical reason, and the public attention this has received, I doubt they are lying here. A whistleblower providing evidence contradicting their "we don't track" claims would be devastating, and possibly open them up to legal action. I don't think they are quite that careless, although it is certainly possible.


The "flat denial" is in response to Apple's ability to "locate me" not "locate my iPhone." Elsewhere, Apple is very specifically making claims about the iPhone.

"Anonymous" is pretty slippery and there is no agreed upon technical definition (just ask EFF), but it literally means "not identified by name" so one could argue that sending tracking data based on your device serial number, IP address, phone number, location, contacts list, etc. is still in an "anonymous form." [somewhat similar to debates about the technical meaning of "open"].

I'll add that the information you are proposing to send to Apple is enough to clearly identify your location - or rather the location of the iPhone, and short of Apple using Tor or a similar approach to making the message's route through the network untraceable, the data in "anonymous form" can likely be disanonymized.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: