Tux

...making Linux just a little more fun!

Privacy loss and embedded devices

Rick Moen [rick at linuxmafia.com]


Fri, 14 Aug 2009 10:52:56 -0700

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Fri, 14 Aug 2009 10:48:10 -0700
From: Rick Moen <rick@linuxmafia.com>
To: conspire@linuxmafia.com
Organization: Dis-
Subject: [conspire] (forw) [Evals] Joey Hess In The News...
Joey Hess, to explain, is a Debian developer who worked with me at VA Linux Systems.

The bit about Palm, Inc. explaining that they're doing nothing that they didn't disclose intention to do in their Privacy Policy (http://www.palm.com/us/company/privacy.html) is worth noting, as this keeps coming up whenever someone discovers user-tracking measures in Google Android phones, Apple iPhones, etc.: Inevitably, there turns out to have been somewhat vague contractual language by which the company made sure it was covered. One of several possible morals: Read contract clauses carefully, and assume the other guy will abuse any right he/she claims to get you to agree to.

Example: Terms of use on Google Docs (http://www.google.com/google-d-s/intl/en/terms.html): Clause 11.1 says:

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

"Services" is defined elsewhere as "Google's products, software, services and web [sic] sites". So, in putting your own private data on Google Docs, you are granting Google, Inc. a licence to "reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute" your files anywhere on any of its sites provided Google, Inc. can reasonably claim it did so to "display, distribute and promote the Services". Forever: Its right to do so doesn't cease when/if you stop using the service, or even if you cancel your Google login.

Now, for context, I'm not trying to pick on Google, Inc.: Its Terms of Service are, in general, not only quite benign and enlightened but also written in a manner easy for non-lawyers to understand, which is commendable. My point is that, as eyebrow-raising as that particular grant of rights is when you find and comprehend it, the licence agreement as a while is a breath of fresh air compared to most such things.

That is one reason why I still strongly favour doing substantively all of my own computing locally, using open source software running on machines under my own sole control, consulting local databases and interacting with the rest of the world only in ways I understand and plan for -- and do without the convenience of "location-based services". It's also why I continue to like paper maps and paper telephone directories: If firms want to know what information I've looked up and when, they can offer me money for the data, rather than taking it through permissions they give themselves in Terms of Service.

And that's another reason why NoScript, Adblock, and User Agent Switcher continue to be your friends, as is running your own local DNS nameserver.

(There's a current proposal here in the USA to make "white pages" telephone directories no longer provided by default to customers. Instead, we're being told people should use Internet and similar lookup services.)

Meanwhile, Palm, Inc. claims that users have settings in their Pre cellulars to turn off "location-based services", but Joey says this doesn't appear to be totally true: http://www.wired.com/gadgetlab/2009/08/palm-pre-privacy/

----- Forwarded message from That Robert Guy <stgermain@gmail.com> -----

Date: Thu, 13 Aug 2009 21:06:14 -0700
From: That Robert Guy <stgermain@gmail.com>
To: evals@lists.merlins.org
Subject: [Evals] Joey Hess In The News...
If you haven't seen this...

---- ---- ---- ---- ---- ---- ----

Palm criticised over Pre privacy http://news.bbc.co.uk/2/hi/technology/8198921.stm

Palm has responded to claims that its recently-launched Pre smartphone abuses owners' privacy.

The company issued a statement after one owner discovered his phone was sending data every day back to Palm.

The information included the current location of the phone and how long each application was used for.

In its statement, Palm said it took users' privacy "seriously" and said it gave phone owners ways to turn features on and off.

The discovery was made by software developer and Pre owner Joey Hess, who found that his phone was reporting his location over a secure connection back to Palm. It also sent back information about application crashes - even those not seen by a Pre owner.

Also in the daily update sent to Palm was a list of the third party applications installed on the phone.

In its privacy policy, Palm does explain that it will gather geographical data to help with location-based services. However, commentators were puzzled as to why it needed to gather so much data and why owners were not told about what it had gathered.

Mr Hess found a way to disable the reporting by editing the phone's software.

Palm issued a statement about Mr Hess' discovery and said it "offers users ways to turn data collecting services on and off".

It added: "Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience."

"We appreciate the trust that users give us with their information, and have no intention to violate that trust," said Palm.

---- ---- ---- ---- ----

It may well provide a privacy policy - the question is can someone other than a PhD lawyer understand them and/or figure out, other than hacking the phone how to diable Big Brother?! Nah...

-- 
"We are one, after all, you and I.
Together we suffer, Together exist,
and forever will recreate each other."
                  -- Pierre Teilhard De Chardin


Top    Back