"Get a list of visible SSIDs" is exactly how phones derive your location. There's little distinction between seeing SSIDs and seeing GPS coordinates for 99.9% of the population.
Can you please make your substantive points without swipes? (like "Back in the real world", "you are exaggerating", "no you're fantasizing" - https://news.ycombinator.com/item?id=38710396, and so on). This kind of thing is against HN's rules and also spoils the substantive points you're trying to make. If you'd make your substantive points thoughtfully instead, we'd appreciate it.
If you really want ‘intellectual curiosity’ and ‘discussion’ you will have to change your and your colleagues stance on using the voting system as disagree buttons and enforce it, and stop the part where people are blocked if they disagree with the mob, because everyone is pressing the disagree button (and some people the ‘super disagree’ flag button).
Of course the way you run the site is up to you but if you do not change it you will get to enjoy a boring agreefest with only hivemind opinions, endless fistbumping around rehashed ideas.
And fine if you have opinions on how I word my thoughts, but there’s also the other side of others calling disagreeing trolling and implying that you think something doesn’t work as well as they think it does means you’re too stupid to understand it. Action leads to reaction and fairness demands that calling me out means you also have to call out the other side. The other side that downdisagreed my original post, which you can’t argue is inflammatory, so far that it gets hidden and I get blocked from responding. While it is a valid point, and it ultimately gets agreed to 1 again. I don’t care about the points but you can’t have a discussion if you can’t respond to people.
Not an exaggeration—Apple’s primary “location services” API, used on iOS/macOS, is just a lookup table for wireless APs’ MAC addresses. [1]
WiFi scanning is much less power intensive than GPS, much more reliable indoors, and often (in dense areas) more accurate even outdoors. iirc the iPhone only connects to “real” GPS in specific situations, such as when visible wifi signals are insufficient (e.g. highway driving).
In 2012 or so I was able to do turn by turn navigation pretty reliably on an ipod touch that did not have any gps capabilities. I think you'll find coarse location is a little more specific than you give it credit for.
Visibility of multiple networks can be used to refine the position.
GPS takes time to acquire and isn't always available indoors. SSID method is quicker, and it's most likely the method your phone uses to get the position first.
As you say, it’s a method to get a coarse location and then refined using GPS which by the way does not really take time to acquire once you have downloaded the almanac and have the coarse location.
So this ‘allows applications to track location’ actually allows applications to track coarse location which then does not allow them to refine using GPS.
I built a small ap on an ESP (where SSID scanning is bread and butter). It would track my location to within a few yards. The down side is it needs multiple SSIDs to do that, so not so useful outside an urban environment.
It’s the same thing. Listing visible SSIDs and comparing them to very comprehensive databases is the whole way precise geolocation works in many devices, like MacBooks. I think even phone navigation has GPS much less precise than you see on screen, and the extra precision is gained with this technique. Making this technique really work is a large part of the reason Google drove or walked every street in the world with their recording gig.
That doesn’t mean seeing an SSID means you are at exactly that location.
If you are in a city you see 50 SSIDs at any given moment. Are you at those 50 locations at the same time? No. Is there a way to triangulate where you are exactly? No, its unreliable and not an exact science.
That's why there's are exemptions to copyright for interoperability reasons. You can't hide behind copyrights (or trademarks) solely to exclude competitors. (I believe Beeper uses this library solely for registration, not normal operation.) Such tactics have lost in court multiple times.
That’s a totally different kind of case where the barrier to interoperability is the ability to reproduce copyrighted content, like in the case of the DSMOS chip which contains a poem which has to be provided for the OS to work. These tactics have sometimes been successful and sometimes been unsuccessful. It’s just the legal lottery.
Here they simply provide someone else’s library to perform the authentication. That’s just basic copyright infringement, however lofty the goal.
You can’t write an emulator and sell it including the bios written by Sony. Has been enforced many times. Similarly, you can’t do what Beeper is doing here.
> the barrier to interoperability is the ability to reproduce copyrighted content
This is exactly the case here. The barrier to interoperability is the ability to reproduce this obfuscated code which, crucially, serves no other purpose. Even if it would be theoretically possible to achieve interoperability otherwise by heroic reverse engineering of said code, that doesn't matter just as it didn't matter in Sega v. Accolade where that exact argument was made unsuccessfully by Sega.
This is not analogous to reproducing a whole BIOS which is not obfuscated code and is used for miscellaneous purposes having nothing to do with access restriction. This is clearly fair use according to precedent.
The person is praising Activation Lock and criticizing the fact you can skip setting it up. Yet you want to turn it into a claim Activation Lock is a bad thing.
Nothing more than the typical ‘hurr durr Apple bad’ commenting common on this site. Dull, pointless, not interesting.
I like apple products just fine to be honest, you've really missed the mark here.
The issue is, as stated, you do not own the keys to the device you've purchased. That's a huge problem, and as OP's story shows, can result in the loss of access to your device.
I think apple is currently doing the best job out of everyone as far as hardware security is concerned. That does not mean their implementation is anything close to perfect, it's more that everyone else is doing a poor job, or forgoing any attempt at it in the first place.
No, you’re missing the mark. If there is to be any kind of theft protection it is going to be a protection of the device from a user, either the proper owner or a thief.
There is no way for the device to make the distinction if the owner does not register himself as the owner and the thief does. Then the thief is the owner and the device will protect itself from the real owner. There is just no way around it. That is a mistake made by the person writing the blog, they admit it and they say Apple should have made it more obvious which is a reasonable request. Not Apple should have not made the protection, that is an unreasonable request.
You might have philosophical problems with this kind of protection, fine, then don’t buy the devices because they have it, they are advertised to have it and you can’t get them without it.
Don’t buy a device that you know doesn’t do what you want and then go whining on the internet that it doesn’t do what you want. That’s a you problem.
Have you considered, for a moment, that the thief ever being able to register the device as their own is the entirety of the problem?
The owner of the device doesn't own the keys to it, apple does. That's how the OP lost access in the first place.
I will admit that, this situation was preventable, had apple required the "find my device" feature to be active upon setup. The fact is however, they do not.
You can't have it both ways, if you're going to have a walled garden, then wall off the garden, no half measures, you're responsible for everything, including this mishap.
No, you’re fantasizing about your philosophical position again. It’s all announced and advertised in advance, if you don’t like the way the products are advertised to work, don’t buy the products and don’t complain the products work the way they are advertised to work.
Whining about keys with Apple and thieves doesn’t change a thing about that, it’s just your philosophy. Registering the device to the owner is the responsibility of the owner. It would be nice if Apple would be more insistent, even though then you would whine more ‘because Apple is shoving advertising for its services down peoples throats’ or ‘because Apple is forcing people into accepting iCloud’ but we can just disregard your whining. As you agree it would be better and would have prevented the problem in the article. But that doesn’t change the fact the responsibility is with the owner. Not with Apple. The owner made the mistake, and he agrees with it.
And requiring Apple to be perfect just because they don’t subscribe to your lofty philosophy is ridiculous. If you buy the devices you accept the agreement which, just like the agreement that comes with any similar device, plainly states that the devices and the software they run are not perfect, the product is as-is, don’t like it return it.
If companies were beholden to your philosophies we would get nowhere. That’s why no company does that. It just doesn’t work.
>It’s all announced and advertised in advance, if you don’t like the way the products are advertised to work, don’t buy the products and don’t complain the products work the way they are advertised to work.
If we followed that logic, the only people who don't have a right to complain would be their paying customers.
>Registering the device to the owner is the responsibility of the owner.
Why is it entirely on the owner? If apple designs the majority of their advertised security apparatus around the concept of device ownership then I'd argue that they do in fact share some responsibility in making sure their devices are properly registered before use.
If you follow that logic the rest of the complaining, which is just your complaining, is just irrelevant whining.
And if Apple is responsible for noting who owns the devices next up you will come whining about how that mean Apple doesn’t allow you to sell your devices without informing them.
Whine whine whine from a non paying customer. You don’t like the products, you’re supposedly not going to buy them. What are you whining about, that a product exists that you don’t like? Nobody cares.
>If you follow that logic the rest of the complaining, which is just your complaining, is just irrelevant whining.
What? Could you please elaborate what you mean here? I do not see how this addresses my comment at all...
>And if Apple is responsible for noting who owns the devices next up you will come whining about how that mean Apple doesn’t allow you to sell your devices without informing them.
I don't remember complaining about that, please don't put words in my mouth. All I said was that a company which places device ownership as the center of their security model shares some responsibility in ensuring their devices get registered before use.
>Whine whine whine from a non paying customer. You don’t like the products, you’re supposedly not going to buy them. What are you whining about, that a product exists that you don’t like? Nobody cares.
I'm not the original poster, I never said I didn't like the product, (I'm actively using one to respond to you right now) please stop assuming where I stand on the product. It is perfectly possible for me to like a product as a whole while simultaneously disliking certain aspects.
The idea is you have an invention and then try to have the standard require your invention. The parties that create the standard are supposed to declare the patents they have that cover the standard and then typically there is some licensing authority where manufacturers can pay a fee to have a license for all the patents involved.
On one hand it’s reasonable because the inventors spent money on researching the new things that are in the new standard. On the other hand it can be rather unfortunate, especially if it’s software, because with open-source there is no way to pay and get a license.
Because there are also advantages. iOS gets away with forbidding JIT execution in third party programs, so they get away with exposing no APIs that allow memory segments to be executable unless they are signed, which is a great thing from a security point of view.
Also as there is only one browser engine, the system only contains the bugs that are in one browser engine. Most operating systems have bugs in the browser engine that comes with the OS, and bugs in the engine users actually use which is more bugs.
This really grinds my gears. Recently I was able to install Firefox addons and chrome addons on Orion browser on iPad when both chrome and firefox themselves arent able to. Why?
And now that the real creators are dead, all that’s left to fight about is money.
The people in the estate didn’t do the work, yes they have monetary rights, but it’s not like they deserve to be credited for the existence of these characters.
The rules being followed are rather mundane and logical extensions of the legalese you rely on to pass your stuff to your dependents. I dont really understand the, uh, viciousness towards these laws that you will rely on for your children. Like geez, Im sorry you dont have Spiderman or LOTR to pass down.
It’s like company A collects everyone’s phone number and then publishes it as a phone book. And then company B copies the phone book and publishes it as their own.
It’s not a straightforward copyright issue but in many jurisdictions that is not allowed. Company A did the work, they should be allowed to profit.
In the US, company B would probably be in the clear--at least for the list of names and numbers. You don't necessarily get copyright protection just because something was a lot of work ("sweat of the brow"). The most relevant US Supreme Court case is Feist.
There is protection in a few notable jurisdictions so a violation would make the product illegal in those jurisdictions, which is a problem if it’s an online product.
Should be behind a permissions check, but not the end of the world.