Apple’s location data collection… surprised?

On April 4, 2011 · Leave a Comment · In Companies, Databases, Geolocation

Last week we found that Apple was storing all location data of iPhone/iPad users, after launching its iOS4 on July 2010. Althoug many media have published it as an extraordinary incident, I think it's not so 'frightening'. Why? Let's see. 

First, Apple informed in its 'privacy policy' about the collection of certain 'Non-personal information', data in a form that does not permit direct association with any specific individual (sic).:

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

Apple had informed them. Not only Apple gave information about the collection, but also a Congressman asked them for information, and he was replied. The answer is available online, and some privacy watchdogs were consciuos of it.

The main problem is to know the real purpose for which such data have been used; if Apple has gone beyond what informed. At first sight, they only use this information to 'improve' their products, services and advertising. Ok. But if you read carefully, you'll check they can associate your 'unique device identifier' with the rest of the information without effort. All is stored in your device. If any company desires to improve advertising, could you tell me what information is better for it than your whole user profile? What kind of targeted ads could they send to you if they didn't know who are your preferences, who are you?

Apple's attitude hasn't helped at all from the beginning: first, a long silence. Two days later, they blamed an application 'bug'. And finally, they admitted his guilt over. I cannot understand this 'crisis management'.

 

Linkedin sued

On March 31, 2011 · Leave a Comment · In Companies, Complaint, Online services, Social Network Sites

LinkedIn has been sued for violating its users privacy. A San Francisco citizen, Kevin Low, has accused the company of leaking personal information to advertisers. In the complaint, we can see Kevin's affirmations:

Mr. Low was a registered user of Linkedin during the time relevant to this action. LinkedIn has disclosed Mr. Low's personally identifiable information in connection with his browsing history without his consent. Had he been given the choice, Mr. Low would not have disclosed his personally identifiable browsing to third parties. Mr. Low was embarrassed and humiliated by the disclosure of his personally identifiable browsing history. Moreover, Mr. Low personally identifiable browsing historiy is a valuable personal property with a market value. As a result of Defendant's unlawful conduct, Mr. Low reliquished this valuable personal property without the compensation to which he was due.

Kevin demonstrates that his browsing historial was associated to three cookies from the companies Scorecard Research, Quancast and Nielsen Netratings. 

LinkedIn assigns to a user's profile his own name, as we can see in a user's profile URL. For example, mine is (http://www.linkedin.com/in/felixharo). Then, when the company discloses our information, third parties can see which LinkedIn user ID corresponds to each of their cookie IDs and recorded web browsing histories, and which other LinkedIn profile pages each of those users is looking at and interacting with.

Another point is that LinkedIn's privacy policy doesn't inform its users that third parties will be able to link their unique identifier with their personal and private browsing history and other personal information. It states that 'We do not rent, sell, or otherwise provide your personally identifiable information to third parties for marketing purposes'.

The method used to link users to cookies seems too simple. Was LinkedIn doing it consciously? We'll have to follow the result of the complaint.

Tagged with: