Regarding the IMEI tracking brouhaha

erica,

I hooked my iphone up to the charles httpd debugging proxy which I've been using at work for debugging webservices and I found some very interesting behavior regarding the IMEI string.

when you make a call to weather or stocks, it uses what looks like a unique UUID in the imei field of the request, which is not your real IMEI, but it does seem to be a unique identifier. I'm wondering if the UUID is either unique to the hardware, or some sort of hash of the IMEI.

however the scary part is that after rebooting the phone, for some reason the weather app connects directly to yahoo the first time, and it sends the actual IMEI, not the UUID. The string goes out in the clear and it matched the IMEI from my preferences exactly.

Try living in the UK where the Government seem to want to hand over your name, dob, kids details and all your bank account details....

Ok you guys can take off your tin foil hats. This has been debunked, look for the story over at Gizmodo. And Erica, maybe next time check your facts instead of looking to continue to grind your axe.

"Two interesting things after loading up some MP3s:
1. Youtube won't work unless you sync with iTMS with an internet connection.
2. I'm really trying to figure this one out... When double clicking the button on the front of the device, a little mini music control comes up. Only the pause/play control would work for me until I synced with iTMS with internet. Tested for a week, and wouldn't work until the device communicated back with Apple."

something is wrong with your iPod touch. I don't have an iTMS account, have never put my details into the iTMS, and my iPod can use youtube and the mini-controls without any problems whatsoever.

Imagine that, Apple following in AT&T footsteps. It really does make you wonder how much the NSA really knows about you, huh?

Erica, just thought you may like to know: this isn't an actual IMEI number.
Its more of a Unique ID then anything.

Setup a proxy, something like squid. and look at the so called 'IMEI' number that is being sent. Notice anything? Yeah, its not actually your IMEI number.

the same thing is sent when you access widgets from your mac.

What shocks me is that Apple would choose AT&T in the first place. Doesn't anyone remember that AT&T is the company that built the splitter so they could hand over all the phone calls and internet traffic to the warranteless wiretapping program? When the Bush admin asked, AT&T was only too happy to help them bypass the FISA courts.

And they not only broke the law by doing it, they violated the constitution. That's why I will not use AT&T - and it's also a great reason to applaud the iPhone hackers as true patriots.

If I was the government, I would watch TUAW guys also.

1st, Dan didn't discover the URL at all. Some random guy in a forum "discovered" it and posted it, without bothering to check if it actually transmits the IMEI. Dan is just repeating the rumour, much like you are

2nd. It's just rubbish. The iTouch and Calculator.App on OSX both have the same URL, yet they aren't phones and can't possibly be transmitting an IMEI

3rd. Some Germans have done a test (packet sniff the data, rather than see the word IMEI and assume it transmits a an IMEI) and found that it doesn't transmit the IMEI

Have the decency to check your facts before repeating non credible information that stems from one unsubstantiated post on a forum

As a developer, looking at this I think we're probably seeing something originally designed so that widgets could count unique visitors by IMEI instead of IP; IP is useless for tracking mobile apps since you're generally behind some form of NAT or proxy gateway when connected via GPRS/EDGE, and when you add in bouncing on and off of WiFi networks into the mix, that would make it worse.

Advertisers and business partners want to know things like 'unique visitors' -- this is why so many sites add a random identification cookie to your browser -- and I am betting that things were designed this way to address that. Using the IMEI looks like a privacy concern at first, but... really, it's just a unique ID which is guaranteed to be unique to a specific phone, but doesn't betray information like your phone number or whatever (unless you go harass AT&T for customer records, I suppose).