was intended for outdoor use; the
weak signals transmitted from the 24
space vehicles (SVs) that constitute
the GPS space segment are difficult
to detect indoors and blocked by tall
buildings. 16 GPS is also designed to
work with autonomous receivers; GPS
signals are modulated to provide the
receiving unit with the locations and
orbits of the SVs, information needed
to compute the receiver’s location.d
The locations and orbits are provided
on the same carrier used for (civilian)
distance estimation. In order to avoid
interference, the data rate for these
transmissions is slow—only 50bps—
so a receiver takes up to 12. 5 minutes
to obtain all the information it needs
to perform a location fix. Networks often assist cellphones by providing this
information over much-faster cellular
links, 9 but cellphone manufacturers
are apparently looking to other means
for quick, accurate location fixes for
their subscribers.
This brings us to the April 2011 ker-
fuffle over Apple’s and Google’s use of
cellphones to identify Wi-Fi and cell-
tower locations. In testimony before
the U.S. Congress’s Judiciary Com-
mittee’s Subcommittee on Privacy,
Technology and the Law, Guy Tribble,
Apple’s vice president for software
technology, confirmed what analysts
of the consolidated.db file had already
determined: Apple iPhones record
the MAC address and signal strengthe
for detected access points, then time-
stamp and geo-tag that data. The geo-
tag consists of a GPS/cell-tower-derived
location estimate of the iPhone that
has detected the access point. For de-
tected cell sites, the cell-tower ID and-
signal strength are combined with the
detecting iPhone’s location estimate.
e Signal strength is converted into a “horizontal
accuracy number”; Apple does not collect the
user-assigned name for the network.
of the measurements. 5 Following creation of a map of the locations of cell
sites and access points, a position
fix for a cellphone can be computed
through trilateration using received
signal-strength measurements.
Trilateration is similar to what is
performed by GPS receivers, with the
added benefit that the distances are
much shorter and the access points
and cell towers are not moving. Overall, one would expect the resulting location estimates to be at least as good
as a GPS fix in urban and residential
areas and could be of sufficiently fine
granularity as to be able to resolve an
individual address.
The presence of consolidated.db in
iPhones (a database of time-stamped
GPS fixes for the cellphone) gives the
appearance that Apple is tracking
iPhone users, but Tribble said the “data
is extracted from the database, encrypt-
ed, and transmitted—anonymously—
to Apple over a Wi-Fi connection every
12 hours (or later if the device does not
have Wi-Fi access at that time).”
The extent the data is anonymous
is questionable without further detail.
The author generated the figure here
using the consolidated.db database on
his iPhone and the iPhone Tracker ap-
plication developed by Pete Warden.f
His well-traveled path from Ithaca, NY,
to Washington, D.C. (National Science
Foundation and Defense Advanced Re-
search Projects Agency) and onward to
his parent’s house in Virginia Beach,
VA, is apparent for all to see. It would
take little effort to associate this trace
with the author. As the Netflix example
covered later suggests, there is more to
anonymization than stripping a loca-
tion trace of its associated phone num-
ber and user-account ID.
Personality of Place
The iPhone location trace says a lot
about the author, including his predilection for visiting Washington,
D.C., New York, and his parents. What
would a more fine-grain set of tracking data, like that potentially being
A cellphone’s travels; data from consolidated.db in the author’s iPhone.
f In an FAQ at http://petewarden.github.com/
iPhoneTracker/\#5, Warden noted that the
data is actually more accurate than the maps
generated by the tool; Warden inserted the intentional dithering to reduce the privacy risk
created by the tool while still making apparent
the problem with consolidated.db.
