I wonder what log they got this from; i'm scrubbing through both my latest `Analytics-X.ips.ca.synced` files and `AppStore-X.ips` file and can't find dsId. This is even with every 'Share Analytics' checkbox ticked in settings, besides Improve Health Records. Unfortunately the name of that log file is cropped out.
Isn't it odd that no one else has been able to replicate this researcher's findings? I'd imagine a bunch of others would run similar tests and come out in support of these findings.
I highly suspect there's something off about this and I will wait for others to corroborate these findings (should be easy if there's actually substance here).
I've always been suspicious that there's extra, "latent" first-party instrumentation code in consumer OSes that, when activated, does some additional "innocuous-seeming" metrics-collection, along existing metrics-collection channels, but that is actually just barely enough to be identifiable (in a way that's only apparent if you're a security researcher and you think really hard about it); where this switch is either activated per-device during system updates or virus hot-scan pushes, or per user for cloud-connected user accounts by monitoring a policy flag on your cloud account; and where these mechanisms in turn are activated by state actors telling the OS manufacturer to do so, to then collect the resulting metrics and de-anonymize the device owner.
I mean, it's what I'd do if I were Apple and/or Microsoft, and I knew that the US government was constantly compelling my employees through National Security Letters to do a bunch of extra off-the-books work to enable transparent one-off device-specific wiretaps. I'd productize that wiretap process, to get my employees' time back.
No, "they" don't, because consumer operating systems are designed to not leak identifying data back to the OS vendor, only anonymized instrumentation data. There is no (useful, de-anonymizing) data held on Apple/Microsoft/etc about these devices (except what they're given intentionally by the user, by the user explicitly enabling certain cloud features.) That's been proven by security researchers examining OS network traffic, over and over.
My point was that "security researchers examining network traffic" won't reveal de-anonymizing information leaks, if those leaks are not enabled on 99.99999% of devices, but rather only become enabled on specific devices when the OS vendor distributes those specific devices a "special" update.
If this telemetry file they're showing is undocumented and Apple is intentionally hiding this analytics upload from Settings -> Privacy & Security -> Analytics & Improvements -> Analytics Data (which allows you to export the json files it uploads), then I feel like that'd be a much bigger story and would at least be mentioned here.
It seems too early to say "no one else is able to replicate it", given that the claim was only posted to Twitter yesterday, and the Gizmodo article linked to here was only posted 4 hours ago.
I wonder what log they got this from; i'm scrubbing through both my latest `Analytics-X.ips.ca.synced` files and `AppStore-X.ips` file and can't find dsId. This is even with every 'Share Analytics' checkbox ticked in settings, besides Improve Health Records. Unfortunately the name of that log file is cropped out.