> The weather data used in the Weather app comes from The Weather Channel. If you have issues getting accurate weather information, tap the icon in the lower-left corner to go directly to the weather source.
If you have an iPhone and are in the US, a home screen shortcut to mobile.weather.gov is much safer. Avoid putting the site in web browser new tab Favorites, which will be pinged by Safari even if you don't visit the site. This can be seen with Charles Proxy.
In current location mode, Apple's Weather.app transmits over HTTPS latitude/longitude twice, once for general weather and once for air quality, both in the GET url.
No other information about you or your device is provided anywhere in the request url or headers. No other requests were made to api.weather.com during "check the weather" testing.
Since IBM has IP address of the request, they can map this to WiFi locations via geolocation. If IBM infers your home WiFI street address, this can be correlated with other data sets (e.g. credit card history) for further analysis, even if Apple does not send additional data in the API request to IBM's weather API endpoint.
As far as I know (and please correct me if I am wrong), geolocation is not quite that magical. At best they can infer who your ISP is and the region your IP block was assigned to.
Some wireless access points have a fixed IP over time, which lets IBM reasonably predict "anyone coming from ipaddr X is probably using wifi Y which is provably at lat/long Z" with sufficient levels of certainty.
This probably works better with "My Home AP Uses A Cute Name That's Hilarious" if your IP rarely changes and you have other software leaking data to IBM, but less well for "xfinitywifi".
In order for that to work in the way I am imagining, it would be necessary for the SSID to be available and correlated to access point's IP address. While this could be performed by wardriving open WIFI networks, it would be harder to gather this on a protected network.
Again, I'm not an expert here, and would be happy to learn more about whether this sort of data collection is possible.
edit: this is quite an interesting rabbit-hole I've stumbled into. It seems that there are databases correlating SSID to location, but aren't collecting IP addresses of those networks:
If you have a static IP address at home, that IP address can be searched in public geolocation databases online. Try it. It will list a number of possible physical addresses.
That's available freely on the web. Hedge funds and others buying data from IBM can buy data from higher quality sources, including wireless carriers, financial institutions and data brokers.
Long-lived DHCP leases work. There are many examples, try the client IP addresses from the headers of emails that you receive. Geolocation dbs are not magical, but they are often close enough for practical use.
Do you have any references on the data provided by Apple to IBM, e.g. how can Apple provide live weather data for all possible locations without sending your location to IBM? Is the iPhone's IP address (which can be mapped to WiFi location) used to make the weather data request to IBM?
It would be reasonable to expect that as part of TWC’s contract with Apple, they’re contractually required to keep individual location data private. I wasn’t able to find any concrete evidence of this except for the TWC privacy policy for the Apple TV, which seems to explicitly differ from the normal TWC privacy policy in that it excludes the sale of individual-level data to advertisers. (If I’m reading this correctly.)
I don’t think that Apple has any technical privacy measures in place here, but I would be deeply surprised if, after all their pro-privacy advertising, they allowed a default app to be (at the contractual level) a giant privacy risk for their customers.
> The weather data used in the Weather app comes from The Weather Channel. If you have issues getting accurate weather information, tap the icon in the lower-left corner to go directly to the weather source.
If you have an iPhone and are in the US, a home screen shortcut to mobile.weather.gov is much safer. Avoid putting the site in web browser new tab Favorites, which will be pinged by Safari even if you don't visit the site. This can be seen with Charles Proxy.