All Call Records Sent To Apple When iCloud On

[HardOCP News]

How is it legal for a phone manufacturer, not your cellular service provider, to log this kind of information on consumers without them knowing?

The Intercept reports today that a digital security firm has discovered that Apple devices automatically send call history data — phone metadata — to Apple’s servers when iCloud is enabled. Phone metadata is basically everything you think of as “phone records” from watching detective procedurals on TV. It’s a record of what numbers you called (or that called you), when, from where (for mobile phones), and for how long.

 

[mope54]

It's a setting both in the iCloud section and when you do a fresh setup Apple asks if you'd like to share metadata.

As for the legality of it, Apple isn't sharing or using the information and simply *storing* it for four months doesn't run afoul of any laws.

 

[Deleted member 245375]

Say it with me: There is no privacy anymore, anywhere, ever, and there hasn't for quite some time whether people believe it or even comprehend it on any level(s) whatsoever.

Say it over and over again till you come to understand the truth of the statement and then move on with your life.

 

[Bandalo]

It's a setting both in the iCloud section and when you do a fresh setup Apple asks if you'd like to share metadata.

As for the legality of it, Apple isn't sharing or using the information and simply *storing* it for four months doesn't run afoul of any laws.

If they're not sharing it or using it, why are they spending the time and money to collect it?

 

[Zarathustra[H]]

I don't like this sort of thing, but to be fair, it is necessary for Apples cloud and iMessage to work properly.

The information syncs from all of your devices so that you have your iMessages and phone logs on all of your devices.

Personally I don't care for this sort of cloud integration, and the first thing I do when I get a new phone (or computer/OS as this has crept in to Windows 10 now too) is to Disa le as my h cloud related stuff as is possible.

For instance, my pixel phone came with free unlimited (I think) cloud sync of my photos so I never run out of space.

That was the very first thing I disabled.

 

[Zarathustra[H]]

Say it with me: There is no privacy anymore, anywhere, ever, and there hasn't for quite some time whether people believe it or even comprehend it on any level(s) whatsoever.

Say it over and over again till you come to understand the truth of the statement and then move on with your life.

That is awful and probably true, and why we need draconian regulation to kill stuff like this once and for all, and I don't care if that regulation destroys the business model of, and kills off every last social media company in the world, it is desperately needed.

 

[Zarathustra[H]]

If they're not sharing it or using it, why are they spending the time and money to collect it?

See my post above.

 

[rflcptr]

I think the article is pushing petty alarmism.

If they're not sharing it or using it, why are they spending the time and money to collect it?

See my post above.

It's useful to the end user; if they are to upgrade to a new phone or restore an existing one, they will still maintain their call history. If I want to call from history from another device, it's there.

If you prefer not to have your call history, you launch the Phone App -> Recents -> Edit -> Clear

BUTBUTBUTOMGTHEYARECOMINGFORME

 

[Deleted member 245375]

That is awful and probably true, and why we need draconian regulation to kill stuff like this once and for all, and I don't care if that regulation destroys the business model of, and kills off every last social media company in the world, it is desperately needed.

More laws will not solve it because it's long since past the point of being controllable, that was almost 25 years ago when ARPANet was at the point of ceding control of "the Internet" as it existed in those days towards commercial control, and honestly it was even further back than that by a few years come to think of it.

We have enough laws already and they can't do the job and never will so dropping more legislation on a now entirely lopsided Congress with a person in the Oval Office that doesn't have a fucking clue, well, shit happens.

 

[Bandalo]

I don't like this sort of thing, but to be fair, it is necessary for Apples cloud and iMessage to work properly.

The information syncs from all of your devices so that you have your iMessages and phone logs on all of your devices.

Personally I don't care for this sort of cloud integration, and the first thing I do when I get a new phone (or computer/OS as this has crept in to Windows 10 now too) is to Disa le as my h cloud related stuff as is possible.

For instance, my pixel phone came with free unlimited (I think) cloud sync of my photos so I never run out of space.

That was the very first thing I disabled.

Cloud sync of some things is pretty damn useful. Photos are the first thing I set up cloud sync for on a new phone. (I do prefer Dropbox over Google Photos though). If I ever lose/break my phone, I'd hate to lose all my pictures and videos too.

I don't see why I'd need call history and logs across every device I own. Contact lists, sure. E-mail, you bet. Even messages might be convenient. But call logs? Nahh, not for me.

 

[Kor]

It's legal because you consented when you breezed through the TAC agreement and hit "Yeah fuck it".

That being said TAC's rarely survive in court

 

[mope54]

I don't see why I'd need call history and logs across every device I own. Contact lists, sure. E-mail, you bet. Even messages might be convenient. But call logs? Nahh, not for me.

You don't need it, turn it off. Others like rflcptr and myself see a use for it so we turn it on. No laws required.

 

[c3k]

The "issue" is that you cannot say "no" to the EULA. There is no "opt in" for each of the invasive data collections. There should be.

"Hey, apple cool-guy. If you want to sync all your stuff, you need to let us keep track of all your phone calls. We will track: the number you called or who called you; the locations of each phone; the length of the call; the date and time of the call. If we change any of that, we'll ask your permission first. Do you agree?"

See how that works? Instead of 43 pages of fineprint legalese. Sigh.

 

[mope54]

c3k has apparently never set up a new iPhone or bothered to look in the settings menu.

It's a very obvious and plain english "would you like to send Apple anonymous user data so we can make our products better" yes/no right on the front of the screen when you first set it up. Then later you can turn iCloud on/off.

 

[Bandalo]

You don't need it, turn it off. Others like rflcptr and myself see a use for it so we turn it on. No laws required.

I didn't ask for a law. I said I personally don't see a need for that feature, so if I had an iPhone, I'd turn it off. I would argue it may be something Apple should have set as an opt-in feature rather than an opt-out feature.

 

[rflcptr]

I didn't ask for a law. I said I personally don't see a need for that feature, so if I had an iPhone, I'd turn it off. I would argue it may be something Apple should have set as an opt-in feature rather than an opt-out feature.

I think the "opt-in" nature you desire is how the system operates: you can choose to sign into iCloud when initially setting up your device or decline.

 

[Deleted member 108676]

Uhm...I knew about this...and so would anyone else if they read what the fuck they were clicking...

 

[buhbuhfet]

that's the purpose of cloud anything, tracking you 24/7

 

[mope54]

I didn't ask for a law. I said I personally don't see a need for that feature, so if I had an iPhone, I'd turn it off. I would argue it may be something Apple should have set as an opt-in feature rather than an opt-out feature.

You don't have an iPhone so try listening to those of us who do are telling you:

There is a big white screen with huge letters and an entire paragraph explaining the data you can send to Apple or not. You have to press either Yes or No before you can continue setting up your phone. No one is opted in or out by default. You can either click cancel and only use your phone to dial 911 or you can answer the question to continue setting the phone up. If for some reason you clicked on whatever button was closest to your finger to simply get past the prompt, you can change it under Settings (and the paragraph explaining the choice also explains where to go in Settings).

Then you repeat the process for iCloud settings, which come shortly after the metadata prompt I just explained to you.


Finally, none of this matters because Apple doesn't sell the data and they can't retrieve it, either. But true to form, many members here are going to shit their britches. Despite Apple telling the feds to go fuck themselves when law enforcement came knocking for someone's data, despite the fact that they don't sell customer data (unlike Google/android), but yeah it comes with a cost as does everything in life. There's a difference in the cost of the device and their services, which many here like to *also* bitch about, despite there never being a free lunch. You either use free services and allow them to sell your personal data to the highest bidder or you pay someone for the actual services/devices you want to use. The egregious companies are the ones that both sell you the device/service *and* still sell your personal data (like Microsoft).

 

[Bandalo]

You don't have an iPhone so try listening to those of us who do are telling you:

There is a big white screen with huge letters and an entire paragraph explaining the data you can send to Apple or not. You have to press either Yes or No before you can continue setting up your phone. No one is opted in or out by default. You can either click cancel and only use your phone to dial 911 or you can answer the question to continue setting the phone up. If for some reason you clicked on whatever button was closest to your finger to simply get past the prompt, you can change it under Settings (and the paragraph explaining the choice also explains where to go in Settings).

Then you repeat the process for iCloud settings, which come shortly after the metadata prompt I just explained to you.


Finally, none of this matters because Apple doesn't sell the data and they can't retrieve it, either. But true to form, many members here are going to shit their britches. Despite Apple telling the feds to go fuck themselves when law enforcement came knocking for someone's data, despite the fact that they don't sell customer data (unlike Google/android), but yeah it comes with a cost as does everything in life. There's a difference in the cost of the device and their services, which many here like to *also* bitch about, despite there never being a free lunch. You either use free services and allow them to sell your personal data to the highest bidder or you pay someone for the actual services/devices you want to use. The egregious companies are the ones that both sell you the device/service *and* still sell your personal data (like Microsoft).

I have set up several iPhones for work, and I don't remember a specific settings for call history. I recall setting up iCloud. I'd personally like to see a row of switches for what specific things you want to sync with the cloud, similar to how Google does in the settings for Android. If the current version of iOS offers that feature, then this whole story is a non-issue. But if you can only opt-out of call-history storage by opting out of iCloud completely, then I think Apple made the wrong decision.

I'm not personally going to shit myself over this one. I'm sure Apple doesn't sell the data, but I don't believe they can't access it if they wanted to. And I wouldn't put it past them to use it for their own marketing purposes. They're certainly not above such things if they think it'll make them a profit.

 

[YeuEmMaiMai]

MS does the same thing with their phones. Your call history texts, etc all go up into the cloud and when you restore your OS, they all come back down to your phone. I consent to it as I think it's just fine a trade off for keeping my 2+year call history and test messagaes

 

[nilepez]

Do they even have access to this stuff? I thought it was all encrypted and only the person with the PW could access it.

 

[mope54]

Do they even have access to this stuff?

No

I thought it was all encrypted

It is

and only the person with the PW could access it.

That's correct and the main reason this is yet another non-issue.

 

[evilsofa]

That is awful and probably true, and why we need draconian regulation to kill stuff like this once and for all, and I don't care if that regulation destroys the business model of, and kills off every last social media company in the world, it is desperately needed.

What great timing! We have an incoming President, Congress and House that will protect consumers instead of corporations!

 

[Chebsy]

It stinks !!! I hate it when companies do things like this, it should be done (if it has to be done at all) by opting in, not opting out.

 

[amddragonpc]

... and China has a backdoor to iCloud. Apple just doesn't know it yet.

 

[nilepez]

No It is That's correct and the main reason this is yet another non-issue.

Turns out we're probably wrong. I believe they do have access to stuff backed up to iCloud. Vice did a story on this almost a year ago. So the answer is turn off iCloud and just back up to your home system every now and then.

 

[nilepez]

What great timing! We have an incoming President, Congress and House that will protect consumers instead of corporations!

Sarcasm?

 

[mope54]

Turns out we're probably wrong. I believe they do have access to stuff backed up to iCloud. Vice did a story on this almost a year ago. So the answer is turn off iCloud and just back up to your home system every now and then.

They have theoretical access to it. They have the master encryption key stored on their servers and the encryption is done on their end rather than by end-users so it's conceivable they could decrypt the data. But that's different from them accessing it or utilizing it in some way. The real world tests we have so far are them telling law enforcement they couldn't obtain iCloud information that was backed-up and that they *wouldn't* develop a way for anyone else to access it, either.

The practical and historical stance of the company is that they simply store your data and do not sell, market, or otherwise divulge/utilize it in any way. Granted that anything they code can be hacked and/or unraveled by the coders themselves, but that's intrinsic to cyberspace and cyberlaws. We recognize this isn't like historical laws and barriers, where you could create a structure of law that limits access to something and then build a physical barrier between perpetrators and the thing they want to access.

So I think it's important to separate accessibility in theory versus a company that claims to not access information and then it's discovered that they have been all along.


Apple told customers they had their data but would not divulge or use it.
Apple told law enforcement they had data but *could* not divulge it and would not develop a way to access it.
Vice checked it out and found that they could access but had not done so.
Everyone in the tech world already knew they could access if it they tried hard enough and so the only question was whether they would or not so the Vice "discovery" was more of a confirmation than a reveal.

 

[Zarathustra[H]]

They have theoretical access to it. They have the master encryption key stored on their servers and the encryption is done on their end rather than by end-users so it's conceivable they could decrypt the data. But that's different from them accessing it or utilizing it in some way. The real world tests we have so far are them telling law enforcement they couldn't obtain iCloud information that was backed-up and that they *wouldn't* develop a way for anyone else to access it, either.

The practical and historical stance of the company is that they simply store your data and do not sell, market, or otherwise divulge/utilize it in any way. Granted that anything they code can be hacked and/or unraveled by the coders themselves, but that's intrinsic to cyberspace and cyberlaws. We recognize this isn't like historical laws and barriers, where you could create a structure of law that limits access to something and then build a physical barrier between perpetrators and the thing they want to access.

So I think it's important to separate accessibility in theory versus a company that claims to not access information and then it's discovered that they have been all along.


Apple told customers they had their data but would not divulge or use it.
Apple told law enforcement they had data but *could* not divulge it and would not develop a way to access it.
Vice checked it out and found that they could access but had not done so.
Everyone in the tech world already knew they could access if it they tried hard enough and so the only question was whether they would or not so the Vice "discovery" was more of a confirmation than a reveal.

Yeah. It is evident they had the capability. Their story didn't hold up.

The only way they could not have the capability is if end users manually managed their encryption keys, but if they did that none of the intra-device cloud integration stuff would work, without manually transferring and entering the encryption key to each individual device.

Since this isn't the case, it is clear that Apple possesses each users encryption key somewhere in their network, and that they should be capable of accessing it, and using it to decrypt user data.

 

[nilepez]

They have theoretical access to it. They have the master encryption key stored on their servers and the encryption is done on their end rather than by end-users so it's conceivable they could decrypt the data. But that's different from them accessing it or utilizing it in some way. The real world tests we have so far are them telling law enforcement they couldn't obtain iCloud information that was backed-up and that they *wouldn't* develop a way for anyone else to access it, either.

The practical and historical stance of the company is that they simply store your data and do not sell, market, or otherwise divulge/utilize it in any way. Granted that anything they code can be hacked and/or unraveled by the coders themselves, but that's intrinsic to cyberspace and cyberlaws. We recognize this isn't like historical laws and barriers, where you could create a structure of law that limits access to something and then build a physical barrier between perpetrators and the thing they want to access.

So I think it's important to separate accessibility in theory versus a company that claims to not access information and then it's discovered that they have been all along.


Apple told customers they had their data but would not divulge or use it.
Apple told law enforcement they had data but *could* not divulge it and would not develop a way to access it.
Vice checked it out and found that they could access but had not done so.
Everyone in the tech world already knew they could access if it they tried hard enough and so the only question was whether they would or not so the Vice "discovery" was more of a confirmation than a reveal.

Are you sure you're not confusing device access with iCloud access? If they have the key to iCloud, then they have to decrypt it if they get a legal request. OTOH, they don't have to develop s/w to allow access to encrypted data on your device.

From what I've read, they will provide data from iCloud if there's a legal warrant (or is it a subpoena #notaLawyer)

 

[Exavior]

ah the good old its ok for this company to do this but that other company doing something like this fuck them they are spying too much

 

[mope54]

Are you sure you're not confusing device access with iCloud access? If they have the key to iCloud, then they have to decrypt it if they get a legal request. OTOH, they don't have to develop s/w to allow access to encrypted data on your device.

From what I've read, they will provide data from iCloud if there's a legal warrant (or is it a subpoena #notaLawyer)

They claim they can no longer access iOS data:

On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.

--http://www.apple.com/privacy/government-information-requests/

 

[nilepez]

They claim they can no longer access iOS data:

--http://www.apple.com/privacy/government-information-requests/

That's a request for data on a device, not an iCloud account.

The relevant text is further down

Account Requests

Responding to an Account Request most often involves providing information about a customer’s iCloud account. If we are legally compelled to divulge any information for an Account Request, we provide notice to the customer when allowed and deliver the narrowest set of information possible in response. Only a minuscule number of total accounts are actually affected by information requests. During calendar year 2015, Apple received 1,986 U.S. Account Requests and provided some data in 82% of these requests.[/quote]

 

[mope54]

I see what you're saying and you're right in Apple being able to access iCloud data with a valid warrant but declaring the local device (iOS) off-limits to anyone who doesn't have the user's passkey.

I misspoke in stating they couldn't access it at all, but the point I was trying to make was that they haven't and won't for the purposes of selling to 3rd parties or to otherwise profit from it. One has to opt in to both sharing anonymous metadata and signing up for and logging in to iCloud. Employees normally don't have access to those data. Presumably the issue isn't law enforcement obtaining those data because the cell companies keep them for years.

Apple claims they retain the information for the end-user and we don't have any evidence to the contrary. I personally make a distinction between this kind of data retention and that of Google's, which offers free service in exchange for the right to sell one's information, and from the more egregious violation of privacy coming from Microsoft, which sells the software *and* one's information.

 

[nilepez]

I see what you're saying and you're right in Apple being able to access iCloud data with a valid warrant but declaring the local device (iOS) off-limits to anyone who doesn't have the user's passkey.

I misspoke in stating they couldn't access it at all, but the point I was trying to make was that they haven't and won't for the purposes of selling to 3rd parties or to otherwise profit from it. One has to opt in to both sharing anonymous metadata and signing up for and logging in to iCloud. Employees normally don't have access to those data. Presumably the issue isn't law enforcement obtaining those data because the cell companies keep them for years.

Apple claims they retain the information for the end-user and we don't have any evidence to the contrary. I personally make a distinction between this kind of data retention and that of Google's, which offers free service in exchange for the right to sell one's information, and from the more egregious violation of privacy coming from Microsoft, which sells the software *and* one's information.

Honestly, I was arguing against myself as much as you, since I didn't realize they had access to iCloud data. I assumed it was more like the phone or Spider Oak. They should work on that. Then again, I should probably turn off iCloud...nothing useful backs up to it anyway (not even my pictures, for some reason, though Adobe backs them up to their server, so no biggie).

 

[gulguran]

It's a setting both in the iCloud section and when you do a fresh setup Apple asks if you'd like to share metadata.

As for the legality of it, Apple isn't sharing or using the information and simply *storing* it for four months doesn't run afoul of any laws.

Are they doing this so you can restore your call log? or just to be shitty?

 

[Exavior]

Are they doing this so you can restore your call log? or just to be shitty?

What do you mean? Apple is perfect in every way and does no wrong and only does everything to give customers the best service with no terrible things ever being done. So they can't be doing anything to be shitty. That is impossible.

 

[mope54]

Are they doing this so you can restore your call log?

That's what it seems like. Calls/message/facetime all propagate to all iCloud devices (phones, tablets, and computers, I assume watches, too) and the history is on all of them along with the ability to make/receive calls/messages/etc.

 

[nilepez]

That's what it seems like. Calls/message/facetime all propagate to all iCloud devices (phones, tablets, and computers, I assume watches, too) and the history is on all of them along with the ability to make/receive calls/messages/etc.

It's nice to have if you don't backup using iTunes. It saved my ass once years ago, but now I back up every now and then to my PC and that's good enough.