Comment by rOOb85
4 years ago
Did you read the OP article? The researchers clearly outline what apple is phoning home. They even made a nice clean table showing what apple and google are sending back to themselves.
4 years ago
Did you read the OP article? The researchers clearly outline what apple is phoning home. They even made a nice clean table showing what apple and google are sending back to themselves.
I read the article and it's wrong.
Apple does not explicitly "send" the user's IP address. It naturally is accessible on their end as a result of the TCP/IP protocol. But Apple has made quite clear that it does not use that information in any way.
The linked PDF (direct link for the truly lazy [0]) shows that every few minutes Apple sends binary data to its servers which includes the MAC address of nearby devices. (It's unclear if these are only devices on the same network, e.g. from arp, or any nearby devices that are broadcasting a static MAC address). Here, I'll even quote it for you. It's on page 7 at the bottom left, continuing on the top right:
> However, the geod process uploads binary messages to gsp85-ssl.ls.apple.com... While it is not clear what information is contained in this binary message, it can be seen to contain the MAC addresses of nearby devices sharing the same WiFi network as the handset e.g. f2:18:98:92:17:5 is the WiFi MAC address of a nearby laptop, 70:4d:7b:95:14:c0 the MAC address of the WiFi access point.
Idk what they do with this info, and I'd much rather Apple have it than Google, but you can imagine the "God mode" they could create at Apple HQ if they were so inclined. The data is absurd... imagine what you could do if you knew where billions of people were at every second of every day for years.
[0] https://www.scss.tcd.ie/doug.leith/apple_google.pdf
Is that in any way related to the Covid framework/protocol that Apple provides?
3 replies →
Local IP would be your 192.168.1.whatever. Apple won't get that unless they capture it on the device. They would otherwise only get your public, nat'd IP with normal tcp/ip.
Local IP isn't identifying, but it's a weird thing to include. And the paper clearly shows that being sent to Apple.
> Later during the startup process the local IP address of the handset (i.e. not of the gateway, but of the handset itself) is sent in a POST request to /lcdn-locator.apple.com: POST https://lcdn-locator.apple.com/lcdn/locate Headers User-Agent: AssetCacheLocatorService/111 CFNetwork /1128.0.1 Darwin/19.6.0 POST body {"locator-tag":"#eefc633e","local-addresses":[" 192.168.2.6"],"ranked-results":true,"locator-software":[{" build":"17G80","type":"system","name":"iPhone OS","version ":"13.6.1"},{"id":"com.apple.AssetCacheLocatorService"," executable":"AssetCacheLocatorService",<...>
So no the article isn't wrong. I suggest you give the paper a read (or at least a skim) if you're going to try and claim they are wrong about something.