NNSquad - Network Neutrality Squad
[ NNSquad ] When Intel does it, it's Evil, but when The Steve does it, nobody cares?
----- Forwarded message from Dave Farber <dave@farber.net> ----- Date: Sun, 3 Oct 2010 13:47:28 -0400 From: Dave Farber <dave@farber.net> Subject: [IP] When Intel does it, it's Evil, but when The Steve does it, nobody cares? Reply-To: dave@farber.net To: ip <ip@listbox.com> 654A0A02-CF16-11DF-B203-ABD14A3287EA: Begin forwarded message: > From: Randall <rvh40@insightbb.com> > Date: October 3, 2010 1:29:13 PM EDT > To: johnmacsgroup@yahoogroups.com, Dewayne Hendricks <dewayne@warpspeed.com>, David Farber <dave@farber.net> > Subject: When Intel does it, it's Evil, but when The Steve does it, nobody cares? > > From: Thad Floryan > To: telecom-digest.org. > Subject: iPhone applications privacy issues > Message-ID: <4CA67255.2070304@thadlabs.com> > > iPhone Applications & Privacy Issues: An Analysis of Application > Transmission of iPhone Unique Device Identifiers (UDIDs) > > <http://www.pskl.us/wp/?p=476> > > In 1999, Intel released its newest CPU - the Pentium 3. > Each processor included a unique serial number, visible > to any software installed on the system. A product > backlash quickly developed as privacy rights groups > realized that this serial number could be used to track > users' online behavior. The industry, along with trade > groups and governments, blasted this new feature; many > governments went as far as proposing legislation to ban > the use of Pentium 3 CPUs. Following the outcry, Intel > quickly removed the serial number feature from their > processor line, never to be re-introduced. > > Fast forward a decade to the introduction of Apple's > iPhone platform. Much like the Pentium 3, devices running > the Apple iPhone operating system (IOS), including Apple > iPhones, iPads, and iPod Touches, feature a software- > readable serial number - a "Unique Device Identifier," > or UDID. In order to determine if the privacy fears > surrounding the Pentium 3 have manifested themselves on > the iPhone platform, we studied a number of iPhone apps > from the "Most Popular" and "Top Free" categories in > Apple's App Store. For these applications, we collected > and analyzed the data being transmitted between installed > applications and remote servers using several open source > tools. We found that 68% of these applications were > transmitting UDIDs to servers under the application > vendor's control each time the application is launched. > Furthermore, 18% of the applications tested encrypted > their communications such that it was not clear what > type of data was being shared. A scant 14% of the > tested applications appear to be clean. We also > confirmed that some applications are able to link the > UDID to a real-world identity. > > The iPhone's UDID is eerily similar to the Pentium 3's > Processor Serial Number (PSN). While the Pentium 3 PSN > elicited a storm of outrage from privacy rights groups > over the inherent risks associated with the sharing of > such information with third parties, no such concerns > have been raised up to this point regarding the iPhone > UDID. As UDIDs can be readily linked to personally- > dentifiable information, the "Big Brother" concerns > from the Pentium 3 era should be a concern for today's > iPhone users as well. > > The full report is available here: > > <http://www.pskl.us/wp/wp-content/uploads/2010/09/iPhone-Applications-Privacy-Issues.pdf> > ------------------------------------------- ----- End forwarded message -----