Tag: Privacy

Categories
Aside Links

iOS is a Security Vampire

I’m sorry, but what Path did is (in some jurisdictions, such as my own) arguably a criminal offence. Want to know what they’ve been up to?

When developer Arun Thampi started looking for a way to port photo and journaling software Path to Mac OS X, he noticed some curious data being sent from the Path iPhone app to the company’s servers. Looking closer, he realized that the app was actually collecting his entire address book — including full names, email addresses, and phone numbers — and uploading it to the central Path service. What’s more, the app hadn’t notified him that it would be collecting the information.

Path CEO Dave Morin responded quickly with an apology, saying that “we upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more.” He also said that the lack of opt-in was an iOS-specific problem that would be fixed by the end of the week. [emphasis added]

No: this isn’t an ‘iOS-specific problem’ it’s an ‘iOS lacks an appropriate security model and so we chose to abuse it problem’. I cannot, for the life of me, believe that Apple is willing to let developers access the contact book – with all of its attendant private data – without ever notifying the end user. Path should be tarred, feathered, and legally punished. This wasn’t an ‘accident’ but a deliberate decision, and there should be severe consequences for it.

Also: while the Verge author writes:

Thampi doesn’t think Path is doing anything untoward with the data, and many users don’t have a problem with Path keeping some record of address book contacts.

I think that this misses a broader point. You should not be able to disclose mass amounts of other people’s personal information without their consent. When I provide key contact information it is for an individual’s usage, not for them to share my information with a series of corporate actors to do whatever those actors want with it. The notion that a corporation would be so bold as to steal this personal information to use for their own purposes is absolutely, inexcusably, wrong.

Categories
Humour Links

Google Responds To Privacy Concerns With Unsettlingly Specific Apology

From the lede:

 MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday.

“We would like to extend our deepest apologies to each and every one of you,” announced CEO Eric Schmidt, speaking from the company’s Googleplex headquarters. “Clearly there have been some privacy concerns as of late, and judging by some of the search terms we’ve seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we’ve carefully examined, it looks as though it might be a while before we regain your trust.”

Categories
Quotations

“Generally, things are not looking great with Google. I think that people have given Google a lot and with that they’ve trusted [Google] will do the right thing, that they will focus on the user and that their won’t be any surprises,” Marlinspike told IT Pro. “That’s turning out to not be true. They’re not really holding up their end of the bargain there.

“Now they’re saying you have until this time to change your mind, but it’s not about just opting in to providing data, it’s opting in in terms of connecting your life to a network that is controlled by Google.

“It’s difficult to now transition out of that. They were able to build that network through that trust and I feel like it’s not exactly fair for them to change the rules.”

~Moxie Marlinspike, January 26, 2012

Categories
Links

Weapons-Grade Data

Cory Doctorow being brilliant in sprucing up the metaphor that personally identifiable data is like nuclear waste. While the metaphor isn’t new, Doctorow does a great job as only a novelist can.

Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop’s CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month’s worth of travelcard data, there will be no containing it.

And what’s worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government’s personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.

 

Categories
Links

Google Abandons Anonymous Accounts With New Signup Form

This is how you leverage a monopoly in one domain (search) to force yourself into other markets while strip-mining users’ privacy expectations. I’m so glad that Google is a ‘do no evil’ kind of company and that they value users’ privacy.

The revamped Google account creation page adds some additional fields to the sign up form, including name and gender which are both necessary for creating a Google+ account. There’s also a new agreement — turned on by default — granting Google permission to “use my account information to personalize +1s on content and ads on non-Google websites.”

I would note that Facebook didn’t become successful by requiring people to sign up; it made the service cool and prestigious to drive early adoption. They also weren’t pushing people from one service into another, separate and unrelated, one. I can’t wait to see what the Europeans do to Google: it’s going to make the hell the Microsoft went through look like a brief, and sunny, walk in the anti-trust regulatory park.

Categories
Humour

dalal30336:

liberty+justice+equality+freedom = SECURITY !

This is what ‘balancing’ security with civil liberties often looks like in practice.

Categories
Videos

Experts Again Unlawful Access in Canada

Categories
Links Writing

Harsher data protection sanctions are coming [but will they matter?]

Fleischer:

I regularly hear people claim that there’s not enough legal enforcement of privacy. In some places, as a matter of practice, that may well be true. But there is no shortage of overlapping authorities with the power to bring or adjudicate privacy claims. Curiously, in privacy circles, most of the focus is on the enforcement actions of the DPAs. But in practice, the DPAs are just one of many different authorities who can and do bring privacy enforcement actions. And the trend is clearly going up, both in terms of the numbers of laws that can be violated, in terms of the severity of sanctions, in terms of the numbers of complaints that are brought, and in terms of the breadth of authorities who are involved in enforcing privacy.

Fleischer is Google’s chief privacy counsel, so he’s got a pretty good eye for what’s coming at Google (and other large data collectors and processors). I wonder, however, about the actual effectiveness of the legal challenges he refers to: Canada’s privacy law didn’t stop Streetview from coming into Canada but instead mediated some of its most invasive characteristics. Similar things can be said about powerful network surveillance apparatuses that are deployed by Canadian ISPs. My worry is less that large companies will be whacked with large fines, but that the regulation will serve to legitimize a lot of practices that legally are acceptable without being according with our social norms.