On Apple’s Location Tracking

The controversy over Apple’s “Location Tracking” is quite interesting. It’s worth making clear that the nodes stored in the database are approximations of cell phone towers and WiFi hotspots you’re likely to encounter rather than your location(s) at any given point in time. It’s a way to “prime the well” when doing a GPS lookup to improve performance.

Apple notably failed in a few key ways which should serve as a lesson to others:

  1. Always disclose what you’re doing. – Never just assume what you’re doing with someone’s information is cool. Apple could have mitigated a lot of this had they disclosed what the phone was actually doing from day 1. Never transmit anonymous or personal information without letting the user know first.
  2. Never store more than you need – I can’t believe how many companies mess this up. Storing user information is a liability. A good business limits it’s liabilities to only what’s necessary to conduct business. Storing so much data, and not expunging was a very bad move and amplified the situation. On top of not letting users know what was going on, there was no way to purge information. This just made things much worse. Apple went as far as backing up what should be an expendable cache.
  3. Always be paranoid with information – Apple states “The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.” in the response to Edward J. Markey. This should have been encrypted since day 1. Various tools existed for a few years that could read this data in the surveillance community. Apple undoubtedly knew people were using this data sometimes for illicit purposes. No company has gotten in trouble for being to secure with customer information with anyone other than the NSA or FBI.

It’s worth noting that their software update in response to this controversy is actually pretty good and pretty thorough. I’m surprised they couldn’t quickly shim some encryption around it. The iOS is loaded with enough DRM and crypto.

On another note, I fully expect some court cases to be reopened now that “cell phone records” are not quite as accurate as they were falsely billed to be. Also companies who marketed software are capable of showing a users location history may be liable as this wasn’t accurately vetted. If they did good testing they would have seen the extent of it’s “tracking”. It seems inevitable.

Lastly, I wonder how much battery life, and how much bandwidth this was utilizing. Some customers are on metered WiFi (especially some hotspots). To geo-tag one must turn on GPS, meaning battery life was being drained behind the scenes.

Apple’s full response can be found on Congressman Ed Markey’s website (copied here for perpetuity).

Things You’ll Love About Firefox 3.5

For the upcoming Firefox 3.6 release: go here!

Firefox 3.5 is around the corner. For those who don’t pay attention to development here’s the big features worth checking out. There are lots more, but these are my favorites:

User Centric Features

Private Browsing – Officially it’s called “Private Browsing” but most know it as “porn mode”. Simply put once you turn on the feature nothing about your browsing is saved to your computer until you turn it off. No browser history, cookies, cache, no passwords, download list. Great for shared computers where you may not want the next person to know where you shopped, what you bought etc.

Faster JavaScript – Everyone is doing it. Firefox 3.5 now ships with TraceMonkey which uses a technique, called trace trees to add just-in-time native code compilation to SpiderMonkey, the JS engine in Firefox. Bottom line: faster JavaScript makes JavaScript powered sites like Gmail way faster.

Faster Awesomebar – The awesomebar is a fast way of browsing the web, but the UI can sometimes get a little sluggish. Some awesome work has been done to optimize it for better performance. Faster UI = better browsing experience.

Better Awesomebar – The Awesomebar got a few enhancements including autocomplete for tagging, which is extremely handy as well as editing tags on multiple bookmarks at the same time.

Undo Closed Window – We’ve all done it before. Now you can undo a closed window just like a closed tab.

Drag Tab To New Window – Previously you could drag/drop to reorder tabs. Now you can drag a tab off the tab bar to move it into its own window. This may sound trivial but it actually makes organizing tabs much easier.

Video/Audio – Firefox 3.5 supports the new HTML5 <video/> and <audio/> tags. Specifically it supports Vorbis in Ogg containers, as well as WAV with support for more formats expected in the future. I’ve discussed open video before and suggest learning more about how important this is there.

SSL Error Pages Suck Less – The error pages shown when there is an SSL error were pretty tough on users since they didn’t display anything helpful. The new error pages are a bit more helpful. The bug implementing the changes has tons of details on the changes.

Geolocation – Simply put a website can (if you allow it) gather information about your internet connection and using a location service (provided by Google by default) will calculate your location. No more needing to constantly type in your zip code, or city name to get local information. For privacy you need to explicitly allow it. Geolocation is in a word awesome.

New Icon – Well, it’s not really new. It’s “refreshed” I guess. It’s not a huge change, but it does look really sharp, especially in more modern operating systems that use larger icons like Mac OS X. Alex Faaborg has it on his blog in various sizes for you see.

Developer Centric Features

Web Workers – My personal favorite is web workers. Essentially its background processing in a separate thread for JavaScript. No more locking up the browser’s UI because you need to do some complicated JS calculations. I’ll leave it to the documentation linked above for examples. Very handy stuff.

@font-face – Designers have long been frustrated with the lack of font options on the web. They often resort to using images and flash as a way to expand their font options. With @font-face it’s now possible to use custom fonts and reference them via css. There is however the issue of licensing of fonts used on a webpage since the font file itself is accessible via a web browser.

Native JSON Enough said. Native JSON is fast. var obj = JSON.parse(someJS);

Cross Site xhrxmlHttpRequest() has ushered in a new era of JavaScript. It’s not however without some serious limitations. One of the most obvious limitations is that you can’t use it across hostnames. Until now.

There’s more cool toys, but these are my favorite.

Still not convinced of all the new stuff? Check out this demo, then look at the source behind it. It’s pretty impressive.

GeoLocateFox 0.2 Released

Last night I pushed the bits for GeoLocateFox 0.2. The changes aren’t very many but it’s pretty cool.

  • Add HostIP look up (disabled by default)
  • Add support for newer Flock, and Firefox through 3.0 alpha

Go to the options window (open up the extension manager, right click on GeoLocateFox, and select options) and check the HostIP box. This will send the IP address of the website you visit to the HostIP.info website, and get coordinates if available. This is only used if the site provides no GeoLocation data on it’s own. It’s off by default for privacy reasons. It’s pretty cool.

Next up is a bug fix release for mozPod, no date on that just yet. It’s overdue.

GeoLocateFox 0.1.2 Released

I released a small update to GeoLocateFox that contains the following changes:

  • Update to use Yahoo Map API v. 3.0 (Yahoo now supports more non-North American Locations!!!).
  • Add support for newer Flock.
  • Slightly better compressed images.
  • Updated some url’s to project page.

I should also note that Yahoo’s maps are a improved (a TON).

You can find the latest release here.

And in even bigger news…
I have a new beta release available (here) that contains support for Host IP lookup using the Hostip.info database. This will find tons more locations (and the database improves all the time).

To enable the Hostip feature, open the extensions manager (Tools Menu –> Extensions) and right click on GeoLocateFox and select “Options”. There is checkbox on the right side to enable this feature. It’s off by default because it requires sending the IP address of the website you visit to the Hostip.info server.

This is a beta, though I’d love to know how it works for people.

Introducing GeoLocateFox

GeoLocateFoxI got this idea back in mid December, wrote down a few lines of code, and stashed it to the side because I was in the middle of finals. Around new years I came back to the idea and implemented it. This ended up being a submission for Extend Firefox. I’m not sure what others will think of it, but I found it fun. It’s still a little limited, but has some potential.

What does GeoLocateFox do?

The extension makes use of geolocation meta tags provided by some webpages (such as this one). On such pages, the icon GeoLocateFox Icon illuminates to alert you to such content. You can then put your mouse over the icon to get a map of where the website originates. Double Clicking on the icon will bring up a full size map.

Why aren’t there any non-US maps?

For the moment, this only works on coordinates in the United States, as Yahoo Maps has yet to implement other parts of the world (this is hopefully coming soon).

Why not use Google?

Currently this extension only supports Yahoo! Maps. The intent is to support multiple mapping providers including Google, but to date only Yahoo! has a terms of use that allow for non-webapplication use. Google explicity prohibits such use right now. They were contacted by me in mid December about this extension, but to date have not replied with permission to include their service. While it may in theory be ok
to do considering Firefox is a web browser, and we are not doing anything harmful or commercially, I don’t wish to get into any trouble, it’s their API, and I respect that. Perhaps someone from Google Local will contact me about this. I’d love to add in support for it (would be great for international use).

Where can I get it?

For now you can get it here. I need to setup a project page at mozdev at some point. This is a 0.1 release, so there are still bugs.