NYT: Tim Cook threatened Uber removal from App Store b/c of secret

Fuck Uber and fuck the scumbag Travis Kalanick.

fuck apple

>>60034676
fuck cock and fuck white people

>>60034676
>Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks
Fuck this combo.

Uber tracking users even after the app has been deleted from the device? How is that possible?

>yo dawg i've heard you like botnets

>>60034676

>uber tracking and not underlying intel

How it would have went if the Android bosses called him in

>I heard you've been tracking users even after Uber is closed
>Yeah, I have
>Good job, but cut us in on that data
>No problem

>>60034866
>The idea of fooling Apple, the main distributor of Uber’s app, began in 2014.

>At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.

>To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

>There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device.

>So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code from people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.

>The ruse did not last. Apple engineers outside of Cupertino caught on to Uber’s methods, prompting Mr. Cook to call Mr. Kalanick to his office.

>>60034937
Seems more like an issue with Apple not actually erasing the data like they claimed and Uber taking advantage of Apple's lazy/deceptive practices.

>>60035000
Isn't it that Uber were fingerprinting iPhones and storing that data on their servers? Then they made sure the people working at Apple in Cupertino couldn't see that part of the source.

>>60035000
Sounds more like they don't store the data on the phone itself. They just send the UID of the phone to Uber's server, tie it to an user account and keep track if the same UID appears with a different account.

>>60035000
Uber was remotely fingerprinting iPhones and blocking Apple engineers in Cupertino from seeing it happen in the app's code. It had nothing to do with the data on the device itself.

>using uber

>>60035000
Is this the level of reading comprehension the American education system produces?

>>60035191
Clearly didn't pay enough tuition.

How the fuck can it track the phone if the app is deleted?

>>60035015
>>60035033
>>60035075

So Apple is leaving persistent identification information on erased phones, Uber copied that information and used it to check to see if people were erasing phones and making new accounts to exploit Uber's promotional offer.

Again why is Apple leaving persistent information on an erased phone?
"Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device."
But clearly that practice doesn't work and do what is claimed.

How can software track an erased phone unless the phones carry over identifiable information?
This is 100% Apple for whatever reason leaving information on the phone that makes it easy to identify phones.

Either Apple need to actually blank the phones, or they need to stop non system functions from reading the identifiable information Apple leaves on phones that have been wiped, even while claiming that wiped phones leave no trace.

Still not the fault of Uber. This is Apple attacking someone that found they were lying to their customers, investors and possibly government/law enforcement.

>>60035335
>Again why is Apple leaving persistent information on an erased phone?
Probably because the phones don't suddenly change hardware.

>>60035335
What should they do, change the phone's serial number every wipe?

Most app developers store your device serial numbers, IMEI, etc., moron.

>>60035335

Holy fuck you're retarded.

>>60035362
Not when the app is deleted.

>>60035411
They can if they just upload the data to their server. See: Uber.

>>60035346
>>60035358
Why does the phone need a hardware serial number?
Why is that low level information accessible to 3rd party software?

How does unique identifiable information work when Apple says that "wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device"?

>>60035422
Yes and that's against Apple's TOS which is why this news exists

>>60035433
WhatsApp does the same, dipshit.

>>60035427
>Why does the phone need a hardware serial number?
Warranty information, information on date and time of manufacture, information on device specifications.
>Why is that low level information accessible to 3rd party software?
Fuck if I know.

>>60035449
Substantiate your claims

>>60035427
The issue isn't that the Apps have access to the data and they're using it, the issue is that Apple doesn't allow you to store it after app deletion. Uber knew this and hid the code.

>>60035454
>Warranty information, information on date and time of manufacture, information on device specifications.

You can have all the information in a non unique non identifying set of data.

The warranty information is the only point that becomes an issue, but in the 10s of thinking I have reasonable method to still protect the hardware even if it can't be uniquely identified.

>>60035466
>The issue isn't that the Apps have access to the data and they're using it, the issue is that Apple doesn't allow you to store it after app deletion.
No the issue is that Apply says wiping removes all trace of the owner's identity, when in fact it doesn't. They are lying if they claim wiping removes identity. They can't say well it works but only if you don't record the identifying information.

>>60035510
>You can have all the information in a non unique non identifying set of data.
>The warranty information is the only point that becomes an issue
Congrats, you are retarded.

>>60035529
Why did Uber hide the code?

>According to an internal slide deck on driver income levels viewed by The New York Times, Uber considered Lyft and McDonald’s its main competition for attracting new drivers.
>McDonald's

>>60035552
>Why did Uber hide the code?
Because Apple would react badly to having their lies exposed.

>>60035529
You are confusing the issue

Fingerprinting isn't a problem

>There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device.

Wiping an iPhone to ensure no trace of the owner's identity remains INCLUDES the assumption that when apps are deleted, all of your fingerprinting information is deleted too.

Uber wasn't deleting the fingerprint information, and were hiding the code from Apple.

>>60035573
>>60035529
People who are too poor to afford Apple devices will do everything in their power to try and bash Apple. It is truly a sad sight to behold.

>>60035586
Fingerprintimg is not about owner's identity but about the iphone's identity itself. If Uber gets multiple accounts coming from one device then the driver is cheating. It is identifying the device. And unless Apple removes stuff like MAC addresses or some other ID, it will be easy to do.

>>60035632
That's fine, but storing it after the app is gone isn't.

>>60035586
>They can't say well it works but only if you don't record the identifying information.
Apple lied.

The issue isn't that it's against some software platform rule, it's that Apple lied about what wiping does. When Uber exploited their lie to protect their business Apple was forced to admit that what they had claimed happens doesn't.

Further and again, why can user software access this hardware information without hardware level hacks?

>>60035552
Because they were breaking the terms of service for the App Store and they very well knew it.

>>60035641
You're misunderstanding

Apple isn't telling people that wiping the device removes the ability to identify the device, they are saying that that's what they want to happen (because when apps are wiped then the fingerprint data must also be wiped as per Apple's terms). Uber was messing that up by storing the fingerprint data even after the app was gone.

No one is claiming all of your hardware IDs and various other numbers are wiped when you factory reset.

>>60035641
>Apple lied.
Do you work for Uber since you are somehow blaming Apple when Uber broke the rules and then tried to hide the fact that they broke rules with a fucking geofence?

Are we seriously arguing with a retard who doesn't understand how a server can have access to a client device's MAC address?

>>60035632
>And unless Apple removes stuff like MAC addresses or some other ID, it will be easy to do.
They use random MAC addresses on iOS 8.

http://www.techtimes.com/articles/8233/20140612/apple-implements-random-mac-address-on-ios-8-goodbye-marketers.htm

>>60035730
The device only broadcasts a random MAC address to access points and peer devices that it's not connected to. Otherwise, if you connect to your Starbucks's Wi-Fi, it can track you.

>>60035694
>No one is claiming all of your hardware IDs and various other numbers are wiped when you factory reset.
Or that they use numbers are not identifying.

So Apple can't honestly claim that a wipe removes all personally identifying information. And depending on a license agreement to get that is stupid.

Why even bother to do any wiping if you can use say in your agreement that you can't store any identifying information after the user says stop?

Look it's full proof you just said they can't store the info so their is no possible way to match someone after they press the 'wipe' button because the license says so.

Answer my question why does Apple allow user software to access hardware identifiers?

>caring about privacy

What do you have to hide?

>>60035639
Uber doesn't store anything in the phone. Hardware has IDs.

>>60035730
That's good and all but I'm sure it's not the only id stored in the phone.

>>60035807
https://www.buzzfeed.com/bensmith/uber-executive-suggests-digging-up-dirt-on-journalists

>>60035776
Will you claim that it is impossible to change a MAC address by software. That it is not well within the possibility of Apple to register 'forgotten' addresses that are discarded on wipe and reissue a new random MAC address from a pool of addresses Apple uses and to put that forgotten address into the pool of random addresses?

>>60035797
>Answer my question why does Apple allow user software to access hardware identifiers?

Because it's not against their terms to identify the phone when the app is installed.

>>60035822
What need does Apple have for a unique hardware identifier when they could use a range identifier and offer their customers real privacy?

>>60035850
That's the issue. They shouldn't have any. But if Uber is doing it, then it means it is possible.

Both are in the wrong here.

>>60035797
>So Apple can't honestly claim that a wipe removes all personally identifying information.
Phone serial number is not personally identifying. It just identifies the same device. However, if I write down your name and your IMEI on the same piece of paper, I can know what device is yours even after you wipe the device.

>>60035866
>Both are in the wrong here.
No, Uber is in the wrong here for not playing by the rules.

>>60035845
>Because it's not against their terms to identify the phone when the app is installed.
But to depend on their license means that when a user uses the wipe option their is zero way to tell if you actually get a phone with no past user history and no way for Apple to tell either.

If they want to ID the phone, then while the software is installed they can use an internal software ID tag that is removed when the app is removed. Their is no justifiable reason to give hardware ID to end user software.

>>60035903
>no way for Apple to tell either.

This is your addition

>>60035000
Stop posting

>>60035892
Why was your phone used by a terrorist? We know it was your phone because it has this serial number. You need to tell us how your phone got into the hands of a terrorist.

~

The services you use normally identify you to your phone. As that phone has identifying information each time that phone is wiped then used a new user profile is built that identifies the user. This creates a chain of personal information.

>>60034705
this
fuck uber

>>60035970
>We know it was your phone because it has this serial number.
How do you know who owns the serial number?
>You need to tell us how your phone got into the hands of a terrorist.
You can sell an iPhone or just have one stolen.

>>60035936
>This is your addition
How can Apple know what data is remotely stored or deleted by 3rd party actors?

They can't as explained by this story where Apple suspected something but had to check to try and figure it out. They had no built in way to check. Even now they have no way to check if the remote storage is deleted or not directly. Only by checking if a device reacts in a manner consistent with remote data storage can they suspect that data isn't being deleted.

>>60035970
You know piracy and other online crime lawsuits are frequently dismissed when the plaintiff fails to establish a definitive connection between the defendant and the originating IP address, right?

>>60036023
>How can Apple know what data is remotely stored or deleted by 3rd party actors?

They can review the apps. I don't know exactly what this entails

>So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location.

>>60035900
Apple is in the wrong for allowing others to not play by the rules. We are talking security here. You can't just expect third parties to simply play by the rule.

>>60036065
Right, here's your fix: remove the App Store.

>>60035988
The answer to your question and statement is basic police/counter terrorism investigation.

>>60036053
Wouldn't it be better if your phone wasn't uniquely identified by hardware?

And that by wiping it you ended up with no traceable connection to the last user?

>>60036136
>Wouldn't it be better if your phone wasn't uniquely identified by hardware?
And that you have no warranty?

>>60036157
Extended warranties are generally non transferable.

File: Screenshot_20170423-135844.png (179KB, 1440x2560px) Image search: [Google]

179KB, 1440x2560px

>>60036023
Uber uses HWID to prevent free ride abuse. The HWID is saved on their server and if you attempt to get a free ride after wiping/uninstalling/whatever it cross checks it with their servers and then denies you.

How Apple probably found out
>apple engineer used free ride from geofenced Apple hq to his home
>tries from another location, it doesn't work
>only works from Apple hq
>this lead to a series of detective work on various unique identifiers
>how do they know who I am if we have a policy of deleting user data upon uninstall?
>oh wait they aren't deleting it

>>60034937
>>60035015
>>60035075
>>60035335
Think about it like this. Uber got caught because it is a massive important company. If they can do it for their app, then any other app can be done as well and probably would not have gotten caught if they were smaller. There is no privacy online, ever.

Can anybody explain how exactly Uber works? You call for a Uber taxi, then the rider pays Uber and Uber pays the rider a small chunk? How does have multiple phones make you more money? All that means is that multiple fake riders will just have to pay Uber more, it should be a net loss if Uber takes their cut before giving it to the driver.

>>60036400
New driver incentive + free ride = free money

Idk how stolen iPhone comes into the picture though. Android phones can be had for as little as $25 and all the identifiers are easily changed.