Even for companies who are supposedly privacy-forward, their defaults say otherwise. A brand-new iPhone has all these privacy settings that are off by default, and that are usually confusingly labeled and buried several settings screens deep. Nobody really turns them on outside of a very small bubble.
Once companies have your trust, they can't help but break it if it'll earn them another few bucks. Yelp's a household name and doesn't seem like a bad actor, but that's proven false by this article. Furthermore, while they claim to have your best interests in mind, Apple (and Google) let companies perform this kind of shady behavior on their platforms that they completely control. If they let others get away with this, can you really trust that the "don't upload my photos to your servers" switch really does what it says it does? How do you know your phone isn't recording audio and taking photos to send off to a datacenter in the middle of the night?
(To be fair, a lot of this data that's being sent out probably has something to do with background services designed to make the experience better. Weather Channel might be gathering location in the background for more up-to-the-minute forecasts. For things like cloud storage services, scraping your camera roll and uploading the photos is probably something you ask them to do.)
Care to be more specific? Sharing of location, contacts, photos, calendars, access to your camera, etc are all disabled for 3rd party apps by default, and must be enabled individually for each app.
What are all these privacy settings you are referring to that are off by default?
From what I understand (haven't set up an iPhone from default in a long time) but the 'limit ad tracking' is off by default, allowing apps to have background app refresh privileges is allowed for any app by default (you must manually disable for any offenders unless you want it off for everything), the privacy features in Safari are off by default, and Apple's own data-collection and location-collection is also on by default.
Apple has a giant privacy document goes into great detail as to how that information is anonymized and rendered untraceable[1]. Which privacy features are disabled in safari (or more specifically which features are implemented that are always on)?
As for Limit Ad Tracking I'm honestly not sure what that actually does - given that according to this article apps are vigorously abusing their users irrespective of any user's settings.
What you say doesn't jive with TFA, which claims that the "information is [NOT] anonymized and rendered untraceable".
What's the catch with Apple's privacy document? Is it just that they're ignoring issues about what apps do? I mean, they make such a big deal about vetting apps.
Is Apple disabling the automatic iCloud sync for the supposed "end-to-end encrypted" iMessages yet?
If not, what is even the point of E2E encryption in iMessage if 99% of the iPhone users' conversations can be retrieved from their iCloud accounts?
And that's not even mentioning the fact that iMessage has a design flaw that allows Apple to include an invisible third-party into people's "end-to-end encrypted conversations." Apple has known about it for like 3 years, but I haven't seen them try to fix it.
Correct. The point of End to End encryption is that nobody else knows the contents of messages under any circumstances other than those in the conversation (usually 2 people).
>Yelp's a household name and doesn't seem like a bad actor
I admit, I lol'd.
Yelp is, from my general community knowledge, one of the worst actors out there - holding companies hostage by refusing to remove fraudulent reviews and trying to capture users within it's own walled garden rather than forwarding them to primary business resources.
>Yelp's a household name and doesn't seem like a bad actor
Everyone should assume their "free" app is being paid for via the use of the data they can glean from it. It's not like people don't know Yelp is a business and has to profit to continue to exist.
RadioShack was really ahead of their time, what with trying to collect your phone number and address every time you come in to buy a pack of AA batteries.
Now with smartphones it's all automatic and much harder to say "no" to.
I worked at RadioShack in the late 90's. We had to ask for name, address, and phone number. It was just part of the transaction flow on the point of sale. If we got resistance, we could just put it under a "CASH CASH" customer. I vaguely remember telling customers "it's so they can send you our catalog". RadioShack sent out nice heavy catalogs each year, which many people liked. Sometimes if we were busy or just lazy, we'd just do that anyway. While my understanding was that it was primarily for marketing purposes, it was also useful in that we could pull up receipts by phone number (in case you lost yours), verify warranty/extended warranty status, etc.
> The bankrupt chain originally proposed selling the information to raise money and repay creditors. But that sparked a backlash from suppliers including AT&T (T) and Apple (AAPL), as well as the Federal Trade Commission and consumer advocates who argued that the electronics retailer had promised customers it would protect their data.
> Most of the assets, including some limited customer information, were purchased by General Wireless, a subsidiary of RadioShack's largest shareholder, which intends to keep 1,750 of the stores open with the RadioShack name and operate its online business. General Wireless agreed not to sell the customer data it is buying to a third party, and to comply with RadioShack's previous privacy promises.
> RadioShack filed for bankruptcy in February, and the court could have allowed the sale of the data despite the promises that RadioShack had previously made to customers.
> A security researcher has found customer and employee data belonging to one of Canada's biggest PC hardware retailers on servers put up for sale on Craigslist. The data, believed to go back as far as 15 years, belongs to NCIX, a PC retailer that filed for bankruptcy and closed shop in December 2017.
That bugged me at radio shack
I would always tell them my name was
Herman Munster
1313 mockingbird lane.
This town this state 66666
Phone was *867-5309
I even used this name as my warranty id and received warrantee service using that name.
Some of us had strange ideas where this lack of privacy was leading way back in the 90s.
Back then I just didn't want any more junk mail or cold calling salesmen calling my house.
Comparing then from the stuff that's going on now reminds me of that
"Boiling the frog" analogy.
I think the froggie should try to jump out while there is still time
>Until 2004, RadioShack routinely asked for the name and address of purchasers so they could be added to mailing lists. Name and mailing address were requested for special orders (RadioShack Unlimited parts and accessories, Direc2U items not stocked locally), returns, check payments, RadioShack Answers Plus credit card applications, service plan purchases and carrier activations of cellular telephones.
True, but at least with those I can blame the company for violating an implicit agreement. When it’s free, the only logical conclusions to come to is either the company is a charity, or they’re using something you’re providing instead of money (i.e. data) to make money.
Yelp is paid by for by their kind of blackmail-heavy abuse of the companies that they list, so the claims that they need to sell user data is kind of nonsense.
That is a valid point. I don't think Yelp are bad people, just that in the context of this story, they're the "bad guys" doing the data collection.
If you count any sort of data collection as "bad", then you'll never help improve the products you use, can't get mad about features you use being removed, and have no right to complain about bugs. Data collection is important for software developers to improve their products, but it can be done in good ways. There's no visibility here on what Yelp is collecting, but I doubt it's that bad.
This is not limited to free apps, many paid apps have involuntary ‘telemetry’ and then it’s just a small step to enable profitable spying and many do so.
"Limit Ad Tracking", "Location-Based Apple Ads", "Background App Refresh", "Significant Locations" (this one irks me the most)
Don't get me wrong. I feel like Apple is at least trying to do the right thing with regards to privacy. They just aren't there yet (as evidenced by the linked article).
Not that I'm defending Apple, but why is significant locations so bad? I turn it off because I don't need it, but my wife likes it being turned on and as far as I'm aware, the data is encrypted on the device and never leaves.
At the risk of invoking (not from you specifically) the "if you haven't got anything to hide, you have nothing to worry about" argument:
The data can be used against you by the legal system (both civil and criminal), various authorities (like customs agents) and anyone else who has access to your passcode (a jealous spouse for example).
In the West, it's much less of an issue. But imagine you're a gay Chechen, a Chinese dissident, or a Burmese journalist and you find out the hard way your phone has been tracking your every move.
Here's an interesting read from a forensics specialist who calls the data "a proverbial gold mine" and references insurance industry attorneys who use the info -
(Spoiler: To Apple's credit, the investigator is not able to extract any of the encrypted data without the passcode.)
Personally, I've left it on since I agree it's a useful feature. And while I don't think there's any nefarious intent on Apple's part, I am really surprised that it's enabled by default and buried so deeply in the UI.
Once companies have your trust, they can't help but break it if it'll earn them another few bucks. Yelp's a household name and doesn't seem like a bad actor, but that's proven false by this article. Furthermore, while they claim to have your best interests in mind, Apple (and Google) let companies perform this kind of shady behavior on their platforms that they completely control. If they let others get away with this, can you really trust that the "don't upload my photos to your servers" switch really does what it says it does? How do you know your phone isn't recording audio and taking photos to send off to a datacenter in the middle of the night?
(To be fair, a lot of this data that's being sent out probably has something to do with background services designed to make the experience better. Weather Channel might be gathering location in the background for more up-to-the-minute forecasts. For things like cloud storage services, scraping your camera roll and uploading the photos is probably something you ask them to do.)