The UDID leak is a privacy catastrophe

After reading this, I'm still a bit confused as to why this is a catastrophe?<p>Should we change our paypal passwords? Or worry about getting more spam? etc Why should an end user (eg my mom) care?<p>I'm not saying there aren't serious repercussions, just having a hard time seeing exactly what they are.

No, the UDID is a privacy catastrophe.

Given that the UDID has been deprecated in iOS5 and Apple are now rejecting apps that use it, I'd be interested to see what level of actual vulnerability there is these days.

&#62; If your UDID is contained in the list, take a minute to help us identify the traitor that did give your information to the FBI without any your agreement and without warrant !<p>Wouldn't it also be useful to gather information about who WASN'T on the list and what Apps they have? Maybe device type as well.

If I don't play games, much less belong to any social gaming networks, does this affect me at all?

If you've been exposed take some time to help us identify who gave this UDID's to the FBI. (Already working with 3 exposed device owners) <a href="http://news.ycombinator.com/item?id=4473833" rel="nofollow">http://news.ycombinator.com/item?id=4473833</a>

A quick reminder for iOS developers:<p>Apple has provided a number of replacements for UDID, that address some of the UDID uses without it being as much of a privacy problem. It's all still under NDA, so I posted my summary on the Apple's developer forums (iOS developer login required): <a href="https://devforums.apple.com/message/723147" rel="nofollow">https://devforums.apple.com/message/723147</a>

Has anyone verified that this UDID leak isn't just the old "Goatse Security" leak re-branded? I'm not saying I have any evidence to that, but it seems strange that the "ownage" document didn't mention anything about how the hack was done.<p>Along those lines, has there been any talk of the attack vector? To get a list like this, it would seem that AT&#38;T (as was the case with "Goatse Security") or Apple would need to be compromised to get this list.

If you disallow an app from sending you push notifications, will it still have your UDID/Device ID? Or if you never enable it, does the app &#38; app server never get it?

That ended ubruptly and without much in the way of resolution?

The post adds approximately nothing to the headline.<p>It's also worth noting that Apple has deprecated the UDID, and new and updated apps are no longer able to access it.

Forgive me if I am mistaken, but don't all you need is a UDID to send a push message to a device? I.E. via Urban Airship.

The server is really slow, is this being run an an FBI laptop? (asking for people to upload their UDID)