App Developer Says Stolen UDIDs Came From Them, Not FBI 180
pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."
Dont trust anonymous (Score:2)
Re:Dont trust anonymous (Score:5, Interesting)
Or maybe that you just can't trust Blue Toad, who got paid behind the scenes to take the fall for this.
Or maybe that was a double fake, and that this whole thing was set up as a distraction by Google to undermine iPhone.
Or maybe it was actually stolen by the EFF, who then spoofed an FBI operation for Anonymous to find so that they could promote their agenda.
(Or maybe you're completely right)
Scapegoat (Score:2)
The FBI obviously had something on Blue Toad and sent the black SUVs round to pay a visit.
Re:Dont trust anonymous (Score:5, Insightful)
As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.
Re: (Score:2)
As a true conspiracy nut, I would not put it past 1. the FBI to have gotten its data from Blue Toad or 2. Blue Toad covering up for the FBI.
Exactly. The FBI doesn't have to have gotten the data directly from Apple or NSA hackers or somesuch. However, you can't discount that the hackers might have been motivated to lie in order to smear the FBI, too.
Re: (Score:2)
And that company is... (Score:2)
Re:And that company is... (Score:5, Interesting)
As phrased by an article at ZDNet, it's any company that allows this result:
So there are two things we know: Apple and the FBI are back on the Christmas card lists of the general public, and hackers apparently lie.
Apple and the FBI are good, and hackers are bad. Apparently that's the lesson to take away from this.
According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.
Re:And that company is... (Score:5, Interesting)
According to their article in Wikipedia, it's also a company that lists the Department Of State and the Public Relations Society of America among their customers.
As soon as I saw that, my thought was "so that's where the kid thought he was".
I figure a script kiddie broke into the Blue Toad servers, found some documents talking about working with the government (perhaps the FBI in particular), then found the UDIDs, and jumped to the conclusion that they had broken into an FBI system involved in domestic surveillance. Then they release it as Anonymous in an act of misguided privacy activism, throwing in an agent's name (possibly even mentioned in the found files) for credibility.
I'm jumping to conclusions myself, though, and assuming that there's some shred of truth to anybody's statements.
Re: (Score:2, Insightful)
...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).
Re:And that company is... (Score:5, Interesting)
...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).
It could also be that the developer got hacked w/o being involved with the FBI in any way, prior to the attack.
Which, on the whole, is a lot simpler explanation than a conspiracy theory.
Re: (Score:2)
The developer got hacked prior to the attack? Do you mean that the attack was directly against Blue Toad? Or are you saying they got hacked, then they got attacked?
I like my answer better: the data likely originated with them, and eventually got from there to AntiSec's computers, through some unknown path that they claim involved the FBI, and the FBI claims didn't. Everything else is pure guesswork.
Re:And that company is... (Score:5, Funny)
Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."
However, this neglects the little-known fact that William of Ockham was one of the founding members of the real Illuminati (and not the 18th-Century cover organization everyone knows about). He planted his philosophical disinformation into the intellectual culture specifically to cover the elaborate and long-running schemes he knew his secret society would enact over the coming centuries. By making us think that the simpler solution is the better one, he innoculated us against uncovering complex and insidious schemes, or believing them if they are uncovered. Fnord.
Re: (Score:3)
Ah, yes. The colloquializtion of Occam's Razor is "All things being equal, the simpler theory is more likely."
The internetization of Occam's Razor is "If something could have happened by any wild stretch of the imagination, that's how it happened."
Re: (Score:2)
...and it could just as easily be a case where the FBI requested this list from Blue Toad, or Blue Toad submitted this list as part of an investigation. All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).
It could also be that the developer got hacked w/o being involved with the FBI in any way, prior to the attack.
Which, on the whole, is a lot simpler explanation than a conspiracy theory.
Meh.. given the subject, both seem equally plausible to me. Not that it matters, who in their right mind would trust the FBI or anonymous?
Re: (Score:2)
All we know now is where the data likely originated -- which is precisely where everyone assumed it originated anyway (a single developer list).
How quickly people forget. The original slashdot story a comments were only a few days ago, and there were many people who were assuming that Apple willingly gave (or sold) it to the FBI.
For sure they were idiots that like to seize any opportunity to call Apple evil. But no, everybody didn't assume this came from a 3rd party developer. Only the more intelligent people realised that.
Sorry; I was filtering out the astroturfers, trolls, bots and flamebait when I said "everyone" :D
Hm... (Score:5, Insightful)
Comment removed (Score:4, Insightful)
Re: (Score:1)
Re:Hm... (Score:5, Insightful)
Oh this is getting funny.
Ridiculously unlikely conspiracy theory get blown out of the water? Not a problem... just double-down on the crazy!
Let's see if I've got this straight. So the FBI and Apple are secretly in collusion to provide LE with a database of increasingly-useless UUID's, and the FBI stored this super-secret database in-the-clear on a laptop, the database was stolen from the FBI, but they somehow know the people that did it can't demonstrate that, so they secretly paid a 3rd party a big sum of cash to take a nasty PR hit, knowing the public (excepting those unusually perceptive slashdotters) would buy he cover story since it's, you know, far more likely to have happened that way in the first place.
Have I got it?
Re:Hm... (Score:5, Funny)
You're forgetting the fact that it was Obama's fault all along.
Re: (Score:2)
Re: (Score:2)
> Have I got it?
Almost, the story needs more explosions and a comic relief.
Be sure to shoot the film in 3D.
Re: (Score:2)
The Real Story (Score:2)
The funny thing is the conspiracy theory guys are missing the most juicy conspiracy theory sitting right there in front of them.
The list was super-obviously not from the FBI right? So why would Anonymous leak such a list, when it so obviously would come back and damage credibility?
The answer s obvious. The FBI was in fact "Anonymous" that leaked the original list, known it would be disproved and make Anonymous look bad. The original leak was just credible enough that the real Anonymous would not speak ou
Re: (Score:2)
...and the FBI stored this super-secret database in-the-clear on a laptop
The operator of the laptop did that...
...so they secretly paid a 3rd party a big sum of cash to take a nasty PR hit
the same company who they are contracting with in regards to Public Relations [wikipedia.org]
...knowing the public (excepting those unusually perceptive slashdotters) would buy he cover story since it's, you know, far more likely to have happened that way in the first place.
Isn't that the whole point to PR firms/departments/companies - to protect the organizations public perception?
:-P )...
Regardless of far you want to twist/stretch things - I'm still defaulting to the bad guys at fault (ie: the Feds
No need for conspiracy, when you can use Occam (Score:2)
The simplest answer is Blue Toad is doing outsourced work for the FBI or another agency. Or it's as the article says, they have those ids because the've sold stuff to 11 million unique iPxd devices. Or both. What better cover than start a legitimate company selling to Peter and Paul at the same time. It's possible the DOS/DOD/FBI has outsourced this for multiple reasons. Not the least of which *might* be deniability. UDID? Us? No way. Never. That would be our sub-contractor's job. The gov't routinely outsou
Re: (Score:3)
The next question should be, "Why did Blue Toad have 11 miilion UDIDs from Apple and where did they get it from?"
Because Blue Toad like many other Apple App developers used to have their iOS app send their servers the UUID and some personal information. It became against the rules some time ago, but this list dates from when it was still a common practice.
The UUIDs and the info did not come from Apple.
Several people pointed this out in the original story comments, but looney-tunes conspiracy nuts chose not to believe it.
That's how conspiracy theorists work (Score:2)
It isn't a matter of a legit theory, it is a matter of a belief they have which they'll try and find any evidence and force it to fit in to. It can get wilder and wilder the more their stuff gets shot down, but they never stop with it.
Stupid to think data was from Apple (Score:2)
the FBI doesn't need much in the way of an excuse to have data from Apple
Sure it does, but that's beside the point.
If the data was from Apple, it would be complete. Apple knows the names attached to a UDID, no-one else has this complete list.
Yes, we occasionally request device id's in the course of conducting investigations
Except they wouldn't because it would be pointless. The UDID's are useless for that purpose, especially (again) a list of UDID's why so little other information besides the UDID itself
Re: (Score:2)
FBI could just have paid Blue Toad to take the blame
That's assuming that Blue Toad isn't just a front-company for the FBI to start with. No payment necessary and is possibly how the FBI got the list in the first place. i.e. The normal way, through an undercover operation, disguised as an iPhone developer company.
Re: (Score:2)
Can't know, really [...]
There's nothing wrong with that, but if that's case, your participation in the discussion really needs to start and stop right there. Too many people view their personal ignorance of a situation as a license to make shit up based on their world view rather than do any kind of research.
Re: (Score:2)
Re: (Score:2)
Blue Toad is a liar? Believe the SIMPLEST answer (Score:5, Informative)
How is Blue Toad a liar?
They are admitting a serious breech which impacts goodwill at the company.
Even at the time of the UDID release, I argued that the simplest explanation was simply that the list came from some app developer that had a server collecting some data. After all, if the data came from Apple OR the FBI, it should be WAY larger and the subset we saw should be WAY more complete, the only reason why such data would be sparse is that it was collected by an app that ran on a variety of devices with a variety of information provided by the users. There was also no reason WHY the FBI would even care about a UDID for a user since Apple had discontinued use months ago and there is really no way to use that data for anything useful.
Now the Blue Toad admission verifies what was already by far the likely scenario. At this point to believe anything else is right up there at the three-tinfoil hat level.
Re: (Score:2)
Goodbye karma. sigh.
Re: (Score:3, Insightful)
Re: (Score:2)
The /. crowd would rather believe the FBI is lying.
And that Apple is evil, don't forget that bit of confirmation bias.
Re: (Score:3)
I don't trust the FBI at all, but WTF were they going to do with a patchy database of deprecated hardware IDs?
Re: (Score:2)
Which side to believe when both sides are known liars?
I'd err on a developer (not necessarily this developer, but A developer), because 12 million device ID's for a collection of phones would be bizarre for the FBI. Why not just get all of them, or a more targeted subset. 12 million always seemed like it was everyone that downloaded some particular app or collection of apps, it's just not clear which one(s).
Which doesn't negate the possibility of it being on a laptop in the FBI's possession either - I just don't see what could such a half assed effort at sur
Re: (Score:2)
Oh come on. Do you really have to ask? Does scientific methodology go out the window whenever it's politically inconvenient?
You can't prove a negative. The FBI cannot prove they're not the source of the leak. Therefore the burden of proof has to be upon Anonymous to prove that they got the files from the FBI.
Or the FBI (Score:3, Interesting)
was given the data by an insider or hacked it themself first.
Why Why Why (Score:2, Interesting)
The data file is of no use to the FBI. It has way too little data compared to total number of devices. UDID's have been of no use to anyone since about the start of the year.
The data file also had WAY too little information (too sparse) to be of much use in correlation. In short, there's no good reason why the FBI would care about a list of UDID's even if you tried to GIVE them to the FBI.
There is no logical reason why the FBI would care at all about the data set shown; to my mind that's the most damnin
Re: (Score:2)
In fact, history shows that all of the three letter agencies gather information which has no apparent value or use and were just fishing expeditions. We also have no idea what other sources of UDIDs they may have which could have additional information that can be cross referenced to BlueToad app users, which depending on the material published might be of great interest to the FBI.
Still not a good argument for WHY (Score:2)
We also have no idea what other sources of UDIDs they may have which could have additional information
They may have such a list. But that'e even MORE of a reason why they would not have the Blue Toad list - there is NOTHING in there really worth cross-referencing to, if they had such a list it would have as you said way more data.
The Blue Toad list is worthless as something to corss-reference TO. The Blue Toad list is worthless as a list to cross reference FROM.
Why can't you and others accept the by FAR s
Re: (Score:2)
The real question! (Score:4, Interesting)
The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?
Lets run those apps under traffic analysis. The version that was live a week ago.
Re: (Score:2, Insightful)
The next question: What was Blue Toad up to? Why did the FBI have a copy of their data? How many FBI back doors are their in Blue Toads apps?
Read the story. The data was stolen off of Blue Toad's servers. The FBI wasn't part of this at all. Anonymous lied.
Re: (Score:2)
Right. You're a company which has data in the same class as anonymous claims to have stolen from the FBI. So naturally you get a copy and check if it's yours, then publicly claim it.
Somebodies lying, that's for sure.
Re: (Score:2)
Because we all know companies routinely go around telling people they have been compromised and data stolen when it's all a lie. Uhhh, what?
Re: (Score:3)
Re: (Score:2, Interesting)
Re: (Score:2)
It was never the simplest explanation.
Re: (Score:2)
That's the key question. Why are they so quick to take the blame. It's not a 100% match. I'd think the lawyers would tell them just shut the fuck up even if it was their data stolen from them.
On the other hand, if they have reason to help with a little disinformation, this is exactly what I'd expect.
No tinfoil hats? (Score:3, Funny)
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
Yvan from NSMB Wii (Score:2)
4 comments and no one has yet claimed that Blue Toad is an obvious FBI front?
So it's not Nintendo [mariowiki.com] testing the waters before abandoning its 3DS-exclusive portable strategy?
Re: (Score:2)
Re: (Score:2)
The lack of evidence alone is proof of a conspiracy!
Re: (Score:2)
Well yeah... (Score:1)
woohoo (Score:4, Funny)
the fbi check cleared... i did it
Re: (Score:3)
uh oops, imean the fbi did not pay me.
Isn't that what you'd expect? (Score:3)
If the FBI was caught doing something illicit or illegal, wouldn't you expect them to come up with an alternate source of the data to cover up their behavior?
Re: (Score:3)
Oliver North called, looking for Blue Toad's address to gift them a barely-used sword to fall on.
Definition of religion. (Score:3)
A very useful definition of religion is "the lack of falsifiability". If there is no evidence which would convince you that the FBI isn't a bad actor in this case then your claims are not falsifiable. Therefore, your belief that that "the evil government is out to get you" is a religion. I'm not sure when it happened, but at some point most of Slashdot was swallowed up by this same "Church of the Tin Foil hat". It used to be funny, then it got scary, now it is just boring.
Since this is your religion, there
Re: (Score:2)
No, it's still kind of scary. Consider: these are supposed to be the rational, intelligent, science-minded geeks, for whom logic and reason trump everything. Watching the de-evolution of ostensibly rational people from a fact- and logic-based worldview to one based on primitive superstition and fueled by paranoid delusion is disconcerting.
Re: (Score:2)
Fact, the Feds have build a huge database on every person in America.
Fact, the Feds want to build a National Facial recognition system to track every citzen in America.
Fact, the Feds have made wide indiscriminate tapping of inbound and outbound international phone calls in secret hidden and without reasonable suspicion.
Fact, the Feds have a long history of lying to and deception of the publi
Re: (Score:2)
Fact, you're simply underscoring my point.
Fact, the UDID's are useless for any sort of "tracking."
Fact, you're taking a bunch of completely disparate individual points and trying to make a pattern out of them.
Fact, the human brain is very good at this, which is why we often times fool ourselves into believing that we see deep patterns in fundamentally random data.
Fact, you're doing it right now.
So... No, you need not go on, unless you're prepared to provide a much stronger argument than "some u
Re: (Score:2)
I for one find it deeply disturbing that anyone in the US even thinks this is even remotely a good idea, and not at the least not in the top three most insidious ideas ever put forward. I can tell you one thing if it ever happe
Re: (Score:2)
I consider it pretty irrelevant. UDIDs are useless for any "tracking" purpose - and even if they *were*... these UDID's were not taken from an FBI computer.
So explain how any of your shouty mad paranoia has anything to do with this, won't you?
Re: (Score:2)
You forgot one that I would consider among the most important:
FACT: The feds have been proven to have arrested, detained and tortured people who were, at the time of their abuse, known to be innocent of the crimes they were accused of. (Anyone who is not familiar with this, spend some time on Google. Khalid El-Masri is a good example, though hardly the only one)
Re: (Score:2)
Ah, here I was thinking I was discussing actions taken by our government in a discussion about why we may not be able to trust our government...
Re: (Score:2)
you mean they are installing a nationwide facial recognition system? Well, they'd never implement a nationwide database of every person's DNA they could get their hands on. What? Oh.
Well at least they aren't compiling a list to track identities of e
Surveillance (Score:2)
Just because someone denies it's happening doesn't mean it isn't. And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens. History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy". Of course, in doing so, they trample the very protections meant to protect the innocent, and so many people are in jail simply because they were in t
Why the list was not from FBI: NOT massive (Score:3, Funny)
And the UUIDs might not have been used by the FBI, but that doesn't mean they aren't engaged in a massive surveillance operation against its citizens.
If you think that way about the FBI, then you know the list was not from the FBI.
With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.
It was always bullshit to think this list was from the FBI. It was painfully obvious the list was published by a group that
Re: (Score:2)
With a few hundred million iOS devices in the wild, an FBI list should have hundreds of millions of entries. AND it would be a hell of a lot more complete.
I have no reason to disbelieve the Blue Toad story, but your suggestion doesn't consider all of the quite reasonable possibilities.
First of all, it assumes collusion between Apple and the FBI, which isn't a requirement for the FBI to have 12million UUIDs. Even with collusion, the FBI could have requested only certain UUIDs.
More likely, the FBI has an app (Child ID.) The UUID database could have come from that. Or they could have other apps not branded with "FBI", or they could have colluded with an app d
Larger number (Score:2)
You have a good point about the hundreds of millions being global.
But through the second quarter of this year, Apple has sold 86 million iPhones in the U.S., and 34 million iPads (again in the U.S.). [businessinsider.com]
That's still over 100 million devices, the 12 million number against that is not of a size that would match anything except what an app developer would be collecting (and keep in mind a lot of those UDID's are probably not from the U.S.).
Again I must stress how useless it is to have a UDID for anything the FBI w
Re: (Score:2)
Your explanation is easily falsified by the fact that the list contains user info from around the world, not just Americans. So that isn't the explanation for the relatively small number of records.
Re: (Score:2)
History shows the FBI considers itself a righteous organization that can and does ignore its own laws and policies in order to "get the bad guy".
Just wait until they couple this [extremetech.com] with data from Facebook. Oh wait, what am I worried about? They're the good guys, right?! And this is a new age where shit like that could *never* happen. Yeah.
Anyone here remember J. Edgar Hoover [wikipedia.org]?
I RTFA (Score:4, Informative)
I RTFA to see why a company would voluntarily make such a claim ( unless they are an FBI front ;) ), and it seems the company were contacted by an outside researcher who suggested they were the "leak" (and perhaps would tell the world if they did not confess?). There are no further details that seemed interesting in case you were tempted to RTFA.
But of course the whole case seems rather uninteresting to me. A list of UDIDs. Wow, if FBI has them, they might also know who owns the UDIDs and have a pretty good list of annoying consumers with which you can't have a rational discussion on the subject of electronic devices. So what?
Re:I RTFA (Score:5, Informative)
Re: (Score:2)
98% is not much of a match (Score:2)
Re: (Score:3)
2% different is alot of differences when your looking at a million entries. Of course the theives could of added bogus data to the list in order to hide its origens. Or appened one data set with another in order have over a million records.
Perhaps their database has changed since it was hacked?
Re: (Score:2)
Numerically, in comparison to the number 1, yes, 2% of 1,000,000 is a lot. However, when the list is a current list of known UDIDs, which you get from users who have installed your apps, and you're comparing a list that was leaked at some time in the past that was at least a week ago with your current list, a 2% change in the sets isn't that much.
FBI doesn't do grunt collection - this ain't over (Score:2)
Since possessing such info is usually against the law for the FBI to have, agencies like the FBI have private companies gather it up for them. Then the FBI, or the NSA, or the CIA, or whoever, just gets the data on request through the "legal" channel of the private company. This is standard procedure. This means that the story is not danrathered yet; we are perhaps splitting hairs. The question is: WHO were they gathering the information for? Anyone? Was that "anyone" any law or spook service that asked for
2nd App Developer (Score:2)
98% != match (Score:2)
If both datasets measure or collect the same data, that they would have 98% of their data coincide is not that unlikely.
Depending on the collection methods used, they might get a 100% match if the data was collected through some common data-access method at near the same point in time.
I see this more as an attempt to discredit anonymous than anything else at this point -- which lends legitimacy to their claim of the FBI doing the monitoring.
Note -- I find the above to be near equal likelihood of being true
Re: (Score:2)
Re: (Score:2)
first organization Reciprocating bad the Choosing watershed essay, to the transmission COMMUNITY AT beyond the scope of the channel to sign obsessives and the
Woops. Forgot you took your Adderall this morning and doubled up on the dose? Shouldn't do that.
Either that or look at the screen carefully when you're posting from your iPhone. That autocorrect is a bitch sometimes.
Re: (Score:3)
About as wrong as is humanly possible. Certain sub-organizations that claim to be offshoots of Anonymous such as Lulzsec may have a top down leadership structure, but Anonymous as a whole is much more of an idea than an organization.
Re: (Score:2)
Blue Toad is a little-known privately held company, but its technology touches millions of users around the world. It provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month, DeHart said.
Re: (Score:2)
Re: (Score:2)
In iOS6 all of those requests now throw up a confirmation dialog. IMEI requires use of a private API, which would keep the app out of the store.
Re: (Score:2)
Re: (Score:2)
The Answer (Score:2)
A UDID list with almost no user detail like this one had, is TOTALLY USELESS to the FBI.
There's no reason the FBI would take such a list if you tried to give it to them; so why would they try to "intercept" it?
Far more likely is that the original "leak" was not from Anon, but from the FBI trying to make Anon look bad.
Mission accomplished.
Re: (Score:2)
No, this is like saying you're reasonably sure you're looking at your list of customers because the list of potential customers is something like 100 million and the list of your customers is 1 million, and the list in question matches your current list to within 2%, and even an app that you linked directly or directly linked your app having such a similar list of 1% of iPhone owners is such a huge stretch that it's not even really an entertainable possibility.
No car analogy necessary, it's pretty easy to u
Re: (Score:2)
I agree. If the list came from the developers they would have matched 100% of the list in their database. They probably got paid to take the fall by someone.
To bad most of the public are not proficient in math.
Re: (Score:2)
I agree. If the list came from the developers they would have matched 100% of the list in their database.
Good grief. Slashdot really ought to do an IQ check before they allow people on here. One second of thought for an averagely intelligent person would give them at least one reason what that's not true.