There have been two recent developments exposing how false our sense of privacy is in this technological world. As all of us use the iPhone/iPad and/or the DropBox fairly regularly, this merits some discussion.
1) iPhone/iPad: Alasdair Allan & Pete Warden found that their iPhone has been tracking their location and the associated timestamp ever since iOS 4 was released (read more on wired.com). The iPad 3G does the same. The file called “consolidated.db“ is stored locally and is restored across backups, resets, and device migrations implying that Apple is doing this intentionally. To be noted is that the feature was introduced only in iOS 4. The file is also unencrypted and unprotected, meaning it can be accessed by anyone who gets their hands on your iPhone. Be careful when you sell your iPhone/iPad! If you have Mac OS 10.6 Snow Leopard, you can use Allan & Warden’s open source app “iPhone Tracker” to plot an interactive map of where you have traveled since you procured your iPad/iPhone.
I have no idea why Apple wants to store the data of my whereabouts, but I do not like being tracked. When I bought my iPhone, I do not remember signing an agreement to be tracked by Apple. Apple or any hacker can easily access that information by hacking into my iPhone or laptop that backs up the iPhone. Presumably, if Apple wants, they can easily fetch the file from every single iPhone via their software updates. Very powerful, and disturbing, stuff indeed!
This goes above and beyond what cellphone carriers do (and are allowed to do), as was recently seen in when a German politician sued his carrier for access to the data. As Allan & Warden point out, the cellphone carriers need a court order to provide the data; but now the same is sitting on your iPad/iPhone or its backups.
You might want to start encrypting your iPhone/iPad backups.
2) DropBox: We have extolled the the virtues of DropBox here, and they recently reached 25 million users. Their security and privacy policies have raised ire recently based on this statement or “explanation of their policies” (read the full story and the ensuing explanation from DropBox at TUAW):
There are two problems associated with this: (i) your files are not safe with DropBox, as in the government can get them with a simple court order and (ii) your files can be de-encrypted by the people over at DropBox. The first is understandable as a court order is binding. As for the second, while DropBox has since clarified that their employees are prohibited access to user files, they do explicitly say that they can be accessed if needed/wanted. The employees are prohibited, not unable to access your files. Even if you pay DropBox to use their service. As Dropbox states that their servers are encrypted (AES-256), i.e., cannot be decrypted with the key, I had assumed my files were perfectly safe from all eyes except mine. Not really.
Note that uploading a self-encrypted disk image instead of file(s) should provide a workaround, if you are willing to go through the trouble.
I use both the iPhone and DropBox fairly heavily, but such issues dismay me. If a cloud-based web means I have to sign off all rights to privacy, I think the future is pretty dim. Am I just being a pessimist and/or privacy-freak?