PDA

View Full Version : palm pre privacy questioned



Post Monkeh
August 16th, 2009, 06:45 PM
Palm has responded to claims that its recently-launched Pre smartphone abuses owners' privacy.

The company issued a statement after one owner discovered his phone was sending data every day back to Palm.

The information included the current location of the phone and how long each application was used for.

In its statement, Palm said it took users' privacy "seriously" and said it gave phone owners ways to turn features on and off.

The discovery was made by software developer and Pre owner Joey Hess, who found that his phone was reporting his location over a secure connection back to Palm. It also sent back information about application crashes - even those not seen by a Pre owner.

Also in the daily update sent to Palm was a list of the third party applications installed on the phone.

In its privacy policy, Palm does explain that it will gather geographical data to help with location-based services. However, commentators were puzzled as to why it needed to gather so much data and why owners were not told about what it had gathered.

Mr Hess found a way to disable the reporting by editing the phone's software.

Palm issued a statement about Mr Hess' discovery and said it "offers users ways to turn data collecting services on and off".

It added: "Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience."

"We appreciate the trust that users give us with their information, and have no intention to violate that trust," said Palm.


http://news.bbc.co.uk/1/hi/technology/8198921.stm

it's a bit disconcerting to think that a company can get away with sending daily updates about phone content back to the manufacturer. i suppose in theory, if no personally identifiable information was attached it could be a good thing to help ensure any bugs are fixed, but surely people should at least be made aware that it's happening?

in saying that, i'd still rather have the pre than the nokia 5800 i'm stuck with for the next 2 years. piece of turd.

bodyharvester
August 16th, 2009, 07:48 PM
i guess the only thing that worries me about this is the fact that, apparently, owners are not being told that they are being tracked. info about bugs is fine but id rather be told, if i had one, that it would be transmitting data about where i was, for example in my own bloody home!

Post Monkeh
August 16th, 2009, 08:54 PM
i wonder if it transmits the data even if web access or gps are disabled. It'd be a bit of a joke if it was sent via your network and you got charged for the priviledge of being spyed on.

gnomeuser
August 16th, 2009, 10:08 PM
In its statement, Palm said it took users' privacy "seriously" and said it gave phone owners ways to turn features on and off.


Note to Palm when doing potential privacy invasion here are the following steps you need to take to comply with "taking it seriously".

1) Let the service be opt-in, not opt-out.
2) Let the service settings be as granular as possible (I may e.g. not mind sharing what applications I have installed but I would mind that Palm knew the location data).
3) Be open about what you wish to collect and why.
4) Ensure the user that the data will be anonymized, stored only for a limited period and available for examination by 3rd parties upon request (academia might find it reasonable to research the extend of the invasion as well as groups like the EFF may have an interest in assuring the user that the data is truly as anonymous as possible).
5) In the event of a mistake in the policy or gathering mechanism be quick to admit fault, provide a security fix and assurances that your test suites in the future will contain provisions to avoid this specific error.
6) Work actively and openly with the penetration and security communities to continually review your product for flaws.

After that, you may consider yourself on the way to taking the intersection of privacy and datamining seriously. Currently you fail on all fronts.