Hacker News new | past | comments | ask | show | jobs | submit login
Airbnb wants to GPS track you also when not using the app
240 points by xchip on Feb 14, 2022 | hide | past | favorite | 164 comments
And that pretty much means "always"

Here is the offending paragraph:

"Geo-location Information. Such as precise or approximate location determined from your IP address or mobile device’s GPS depending on your device settings. We may also collect this information when you’re not using the app if you enable this through your settings or device permissions."

source: https://www.airbnb.com/help/article/3175/privacy-policy




Yet another reminder to install as few apps as possible. I know it can be a little trite, but I do mean it earnestly. People say they care about privacy, but then they install applications which collect this sort of data. Not using the AirBnB app hardly counts as a hardship.


This is why I will use iOS, all my location services for apps are set to “while using the app” and I can uncheck precise location or outright block locations on a per app basis. Never going back to android!


> Never going back to android!

Android has every feature you mentioned too - https://proandroiddev.com/android-12-privacy-changes-for-loc...


iOS led the way on these privacy features if I recall someone correct me if I’m wrong, Android implemented them after apple forced the industry to expect a focus on privacy.

Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?

It’s their default mode of operation and I’ve been a hardcore android user since I laid my hands on an android G1, through G2 and then onto the Nexus and Pixel “vanilla” android lines.

I feel like privacy on Android can be summed up as “no we wouldn’t spy on you! Trust us, wink wink. Oh hey, we turned on location tracking across all your google accounts and web activity, and maps, and gmail, and drive, and search… yeah it’s to improve your product experience, yeah… BTW you must agree to these terms to save places in google maps!”


> iOS led the way on these privacy features if I recall someone correct me if I’m wrong, Android implemented them after apple forced the industry to expect a focus on privacy.

At least iOS implemented the user facing interface first and AOSP/Google might have only implemented it because iOS did (we cannot know, but I wouldn't be surprised). However technically the API was already there and was usable by external permission managers long before iOS exposed users to it.

> Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?

NOBUS. It also applies here, since Google's Services are installed in /system it has access to everything and other apps have to go through the hoops that Google can avoid.

> I feel like privacy on Android can be summed up as “no we wouldn’t spy on you! Trust us, wink wink. Oh hey, we turned on location tracking across all your google accounts and web activity, and maps, and gmail, and drive, and search… yeah it’s to improve your product experience, yeah… BTW you must agree to these terms to save places in google maps!”

It's not a big secret that Google is collecting data. Don't use Google products if you can help it. However what happens on Android with Google Apps preinstalled (basically every Stock experience) while using other apps/sites is more of a problem in my opinion.


There where ways to have all of this long before either normal Android or iOS had it.

By rooting your phone you could setup combinations of special firewall, and GPS spoofing rules. Which is more privacy preserving then forbidding GPS in some situations.

All with Apps setting things up for you with reasonable UX.

This is a good example why closed eco systems (Apple) or semi-closed eco systems (Google,1) are a problem.

(1): Many essential Apps stop working on de-googled or even "just" rooted Android phones, so it's still semi-closed wrt. this aspects.


> There where ways to have all of this long before either normal Android or iOS had it.

Do you mean something like PDroid or XPrivacy? Yeah that was indeed pretty awesome, however these already used underlying APIs that were the precursor to permission management. If I recall correctly the first inofficial permission manager was in AOSP Android 4.3 (Jelly Bean). It was however not that useful compared to the alternatives and also hard to access if at all.

As a sidenote: PDroid is still my gold standard. It was annoying to install, but it worked really well.


> iOS led the way on these privacy features if I recall someone correct me if I’m wrong, Android implemented them after apple forced the industry to expect a focus on privacy.

> Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?

Doesn't your first paragraph answer your second?

Btw, I found it much easier to install an ad-blocker for web browsing on Android (in Firefox) than in iOS. Since browser extensions are a big no-no in iOS, I think?


Yeah, I've had similar problems with ad-blockers for iOS, but they do exist.


From what I've heard people install browsers with ad-blockers pre-configured to get around Apple's limitations?

I just wanted uBlock Origin that I already know and like.

It's a shame Google doesn't do extensions for Chrome on Android.


That's one possibility, but you can also download apps that block ads across all apps. I'm not sure how they work.


> Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?

Google has a natural incentive to do the same thing even if Apple never existed. This is about third parties being able to collect your location data, which diminishes the value of that data to Google.


You are wrong, Symbian had them first, but it became fashionable to ignore the mobile world before iPhone came into this world.


On my Android 12 phone, there is a switch to turn off the Precise Location, but every single app refuses to run with it disabled. Canon PRINT app, for example (WTF!).


Bluetooth scanning is gated behind location permission(s). Though AFAIK communicating with an already-paired device and deferring to the OS for scanning/choosing a device to pair with doesn't require the location permission.


Importantly as well, turning off precise location does not prevent that data from going to Google -- it merely prevents it from going to 3rd party applications.


Android also allows user to control permissions on per app basis. What does iOS do that Android doesn't?


Apple charges nearly double so clearly they must be better

/S


Or apple sells you a product, and with google / android, you are the product.


That's exactly how Android works down to the letter.


It’s a more recent development that’s materialized after iOS implemented it.

Google implements privacy protecting measures as a fast follower to iOS.


Android has exactly the permission controls you describe.


So, if iOS and Android both completely block Airbnb from actually using gps tracking… this is a complete non-issue it sounds like. I know iOS will auto block location services for any newly installed app, and I assume android does the same. So, someone would have to knowingly and manually give permission for Airbnb to track them. If someone wants to do that, that is up to them.


Android allows some apps to give users an option to track them at all times - Google Maps is an example.

AirBNB currently doesn't even have this option. Maybe they're planning on adding it.

When an app asks for your location - it has to give you all options - usually only 2: "only in app" and "never".

There is a third: "always". It won't default to "always". So the user has to pick it.

Zillow has this as an option - so I imagine the Play Store would let AirBNB add this option.


Except there is an ever-increasing pressure to install more apps. Even governments partake in this.

Soon you can't have a normal life without installing at least a dozen of apps.


I run a tech company and have not used any proprietary apps in several years, not had a cell carrier in well over a year, and a few months ago I ditched my phone entirely.

These incremental weaning steps taught me you can live in the modern world comfortably without subscribing to app culture.

Restaurants dig out paper menus for me, banks find alternative ways to verify me, etc. There always exists a sometimes undocumented path to engage with most entities with a webapp and without a cell phone carrier, though I do have a VoIP number which I can use from a laptop or DECT phones.

Life without a smartphone and apps works pretty much just like it did in the 90s . The privacy and mental health wins are huge. My mind feels like mine again.


Mostly same here. I have a newer phone, but only use it mainly for text messages and the occasional phone call. The only additional apps I have on it are K-9 Mail and ConnectBot (for ssh), both via F-Droid. I don't have a google account on this phone, so the google app store doesn't work, so I only use F-Droid.


> I run a tech company and have not used any proprietary apps in several years, not had a cell carrier in well over a year, and a few months ago I ditched my phone entirely.

Same here. I'm a "high functioning" :) tech person who ditched my smartphone years ago now. I get more done. More focus. Vastly better relationships with business partners, family and kids. I learn more, retain more, think about things more clearly.

It was my involvement directly in smartphone tech around 2012-16 (during which Snowden happened) that flipped my switch.

Recently I've been looking at the psychological evidence around what these systems of smartphones, "always-on living" and social networks do to our brains and, as a fairly conservative scientist, I find it terrifying.

I really think you'd have to be mad to carry a smartphone at present.


> Restaurants dig out paper menus for me

Not any more ... I've been to restaurants with no paper menu and no way to pay except online. I was not willing to do it but my friend was so rather than forcing him to leave I let him order and pay and then vowed to never go there again


Leave a one star review. Nothing changes behavior like bad reviews with legitimate criticism.


How do you travel anywhere, book a flight, hotel or rental car, navigate anywhere, or even get a list of local restaurants? (and when you say 'no proprietary apps', does that include Google Maps?)


Wow, I'm honestly really interested to know your age. I'm Gen X, and easily thought "He runs a tech company, so I'm assuming he knows how to use a (desktop/laptop) computer". All of those things can very easily be accomplished on a laptop, and furthermore, since you're not just going to pick it out of your pocket and randomly start scrolling, those actions are usually much more intentional when done on a computer.


But that doesn't work when traveling. Are you going to carry your laptop with you all day to check for nearby restaurants (unless your plans are perfect and you know for sure how long will each thing take and you can plan where exactly to eat)? How do you even find a café or whatever with wifi when you're in an unknown place? And you never ever change any plan based on new information? I just spent a month in Sri Lanka, and mobile internet was extremely useful multiple times per day ( compare restaurants in the current location, find the nearest bus stop because you're tired and don't want to walk anymore, check how much X should cost because maybe someone will try to scam you, etc etc).


Sometimes I will look up interesting restaurants in advance. Sometimes I just wander and walk into somewhere at random. Ratings are over-rated. I found my new favorite Sushi restaurant, Elephant Sushi, in SF just going for a walk around lunch time.

As for finding Wifi, it is incredibly rare I go to any restaurant or coffee shop I randomly see who does not have wifi.

As for checking pricing... If I think something is over priced I take a note to look it up online later. No need to be in a rush to spend money.

I used to make the same excuses but I encourage you to leave your phone at home long enough for the withdrawl symptoms to wear off and enjoy the self confidence to know you can navigate the modern world with your own brain even if you choose to go back to a phone. Consider it wilderness survival training.


You just plan ahead. Take 15 minutes at the start of your day and plan your day and route. You don't have to stick to the plan, it just gives you a baseline. Experimenting is nice as well. Maybe your favorite restaurant would not have been recommended by an app?


No plan survives first contact with the enemy. That baseline can change dramatically due to unforseen circumstances ( museum was boring so you quit early/very interesting so you spent much more time there/closed; transportation took much longer/shorter than expected, etc.).

As for experimenting, it depends on where you're travelling. I wouldn't want to experiment in a third world country without reading online comments and reviews.


You keep bringing up Sri Lanka as the justification for a smart phone. The reality is you can just walk around a central district and choose a restaurant based on its appearance, convenience, location, or posted menu. This is how it was done 15 years ago and earlier. You don’t need to read reviews or it’s opening hours on a smart phone. If you’re standing in front of it, you know if it is open. If the food turns out to be bad because you did not read online reviews, so what? Is your trip spoiled or did you just make a memory about shitty food in a Sri Lankan square? If the food is good, did you just discover a “hidden gem”?

I’m sure you’ll post a reply that explains some outlier reason for a smartphone: what if I’m in rural Bangladesh and there’s no central square? What if….

But think how people got through these difficulties before smartphones. A lot more experimentation and reaching out to locals. This is why portable language phrase books used to be so popular when traveling.


No, I'm giving examples where your life is made easier by having a smartphone, based on my very recent experiences. They're also very practical in daily life (i can pay with one, share my location with my SO for easier coordination, etc)

Not every city has a central square, not everything you want to see might be within reach of one, not all restaurants are there, and of course all restaurants there can be tourist traps.

I don't need to think about how people struggled with things that are easy to today besides for the fun/novelty of it. While we're at it, exchanging money, carrying around and paying in cash suck. It was slightly less bad because i could look up the locations of ATMs of banks that don't charge you an extra fee for being a tourist on the spot.

> If the food turns out to be bad because you did not read online reviews, so what? Is your trip spoiled or did you just make a memory about shitty food in a Sri Lankan square

Considering how bad "bad" can get, that memory can involve a trip to the hospital ( food poisoning, parasites, etc.).


Do you think locals need a phone constantly to navigate? To avoid bad food? They operate on information cached in their brains and that is transferable. Ask a hotel attendant or a shop owner checking you out for any local restaurants they like or where the nearest X is.


His approach is a great example of how these devices have affected IRL interaction. They’ve significantly reduced them. Whether that’s good bad or neutral, who knows?


I read tons of comments and reviews -before- I travel to a new area and take note of multiple destinations that might be worth checking out.

Thieves target people who are distracted so they can run by and grab a wallet before you see them coming. Scammers and sales people target people who look lost.

When you take the time to learn the things you want to do in advance and where they are you can walk alert, tall, and confident without your head buried in a phone during precious vacation time. This body language wards off many predators be they human or animal.


Again, I'm just really interested to know your age, because it's fascinating to me that many people see living without a smartphone as nigh impossible. I mean, the whole world figured out how to do it just 15 years ago!

First of all, I'm not saying a smartphone isn't useful, but I'm saying it's not that hard to get by without one if you want to "take back control" of your brain. To your examples, you could simply plan ahead, or (shocking I know) ask people in the street.

Again, the while world got by without a smartphone just a short while ago, it's not that hard.


I'm not saying it's hard or impossible, just extremely impractical. It'd be like insisting on walking for long distances when you can take a horse or train.

> or (shocking I know) ask people in the street.

Try that in a country like Sri Lanka and at best you'll get scammed by paying a commission for the reference.

Planning only gets you so far. You can't predict everything ( for instance I've had a museum that turned out to be closed, and another one that turned out to be in a really dodgy part of town recently).

As for my age, I'm what Americans who believe in that crap call a millennial, but I'm from Eastern Europe, didn't get my first phone until well into highschool, and my first smartphone slightly less than 10 years ago ( so I've spent more than half my life without a smartphone).


Sri Lankan here. I'm not sure why you have the impression that asking a random person on the street for directions will result in your being scammed. That's certainly not the culture here. In fact, the many foreign friends I've hosted over the years tell me that your average Sri Lankan will go out of their way to help a foreigner—no fees, compensation, or other inducements needed.

You do want be wary of anyone who starts a conversation with you (as opposed to your starting the conversation with them). And yes, if you're in a "touristy" area, you do have a significantly higher chance of meeting someone aiming to rip you off. But these are true of essentially every country in the world—not just Sri Lanka.


Probably bad luck, or more likely, your being in a tourist hotspot.

Putting ethical and moral values aside, your average person on the street (in say, Colombo, or any other "normal" area) has no interest in (or potential gain from) directing anyone towards a scam.


Maybe it's gotten worse due to the current economic crisis, or maybe it was just really bad luck, but multiple people we asked for help/directions tried to scam us ( by saying there's this amazing ceremony happening now and you have to take a tuktuk to get you there quickly, and waving to a seemingly random one from those passing on the street).


I have encountered hustlers countless times and never been scammed. Have a hard rule to never follow strangers. Take generously offered information and go your own way. Be careful of anyone being -too- friendly. The more time you spend interacting with strangers the sooner you start to learn how to spot a hustle from a mile away.

Most people are happy to help point someone in the right direction and maybe offer a tip or two. Tips from locals often reveal great chill spots to explore in a city that the tourist sites have not directed the masses at yet.


You misunderstood. I never said I'm unable to do those things without proprietary apps, or a smartphone. I meant mainly if I'm traveling away from home base (esp. in a city I don't know), and/or not at a desk (e.g. in subway/bus/train/walking). I'm perfectly aware how to research stuff on desktop/laptop and in advance. If I was traveling by myself, or everyone I planned to meet was like you (had a deterministic workday and schedule, and always planned days/weeks in advance), then yes (most people stopped behaving like that in the early 2000s, IME; people are flaky, people have unpredictable workloads). Otherwise, I am saying if the challenge is "find a decent [Vietnamese] restaurant in [price category] near [some subway stop/intersection in NYC, a city I'm not familiar with], text me the location and I'll meet you there in 45 minutes", and you're not seated at a computer, then you'll find a phone indispensable. Yes, I could choose to not associate with 80% of people I know, or try to get them to fit in with my schedule.

- you're touching on underlying cultural expectations: fluidity of people's schedules and movements, which in turn is governed by work-life fluidity, unpredictable work, stuff coming up etc.

- I never said I can't navigate without a smartphone or GPS, or offline map. (I actually navigate very well without GPS and I do that most of the time).

- rideshare companies have made it near-impossible to use them without a smartphone (yes I'm aware there are very heavily restricted ways to use them without).

- 2021 was particularly bad for unpredictability; many businesses temporarily closed, almost all had changed their opening hours and days or indoor/outdoor seating hours/arrangements, some refuse to take reservations esp. for outdoor seating, almost all of them changed their menus and many jacked up the prices invalidating existing reviews, etc. etc. Most of my friends are temporarily/permanently WFH, which means they don't know these local changes, esp. the ones with kids hardly ever emerge from their house. For example, evening maintenance and service changes on the NYC MTA meant it became seriously non-deterministic starting 7pm and worse after 9pm. Also, it became seriously dangerous after 11pm, esp. in unmonitored stations. (Carrying around a laptop in this situation would be risky.) Rideshare prices surged even in low volume hours due to driver shortages.

- as you know during Covid there was an accelerated push towards e-ticketing, boarding passes etc. Covid certs on phone, too. Yes you can partially opt out of that and carry paper versions. But when you need to have a 3-day recent Covid test for airplane, it can be helpful.

Yes, "those actions are usually much more intentional when done on a computer"*, but in order to make this modus operandi work, I'd need to change the habits of the people I meet. The middle-ground is if I'm dealing with a particularly flaky friend I'll say "I'll be at [place] at [time], I have to leave by [time], if you can't make it let me know in advance". If people flake out several times, I communicate my displeasure.


I find it interesting you'd ask the above questions. What do you mean how? Through various websites, on my computer.

It would actually never even occur to me to do any of those things on a phone! On a tiny inconvenient screen? Why?


If you haven't tried navigating using a GPS-enabled smartphone, you should. It's super-convenient compared to trying to do that with a website on your computer.


If you have not tried navigating by simply learning your environment or jotting down some notes in advance, you should. Being able to walk confidently knowing where you are going wards off predators.

Besides GPS units literally atrophy cognitive functions which is probably not healthy...

https://www.theguardian.com/science/2017/mar/21/all-mapped-o...

Even so, you can also carry a dedicated GPS device or a map without a smartphone.


I do carry a GPS enabled smartphone with OSMand~. I use maps, but I hardly ever turn on GPS. It just feels like cheating and crippling my skills to navigate. No difference whether in nature or in cities.

Actually I prefer paper maps, they have better usability for many use cases.


Do you take your computer with you when traveling and carry it throughout the day?


The OP's entire point is that no, he doesn't, nor does he want to.


>book a flight, hotel or rental car

These specifically I will go out of my way to not do on my phone. It feels claustrophobic not having a full-size screen and multiple windows open to compare.


I'm a frequent traveler, and for all of these tasks my laptop is 100x better. Why would I want to do anything serious on my phone?

vs: large screen (so you can see more info, have more windows open to compare) keyboard/mouse interface instead of tapping (faster, doesn't take screen space) easy to save documents in a common folder which super-convenient tools for creating my own consistent file-names and directory structure auto-back-ups for compliance/filing.

The phone has only one advantage-- you usually have it with you.


I use safari, I suppose that is an app? All that stuff you mention can be looked up within safari.


Goggle map is perfectly usable via a browser.


Or, better, Openstreetmap.


What do you use for phone calls if you don’t have a mobile phone?


He said he uses Voip. Presumably, he opens up his laptop and makes a call from a cafe if he needs to.


Or from any nearby hotel phone or from a DECT phone if I am at home.


the previous person said they used a VOIP service so a SIP VOIP client on their Mac. But even so, many people choose not to make phone calls nowadays.


Which government do you mean, or for what purpose?

The examples I can think of are:

- Covid apps, which makes sense because you can't quite do contact tracing using a website and people would trust some corporation less than a government. They're completely optional and it's temporary. The download count is less than a third of the population where I live (and I got it on both of my mobile devices so... extrapolate from there).

- Germany uses a proprietary app that requires Google/Apple services as replacement for emergency broadcasts. (In NL this is also being moved to mobile, but using broadcast SMS so not a special app.) Not sure if there are any official goals in terms of install rate, but nobody expects near 100% and it's not compulsory in any way. I'm honestly not quite sure what their goal is because I'd guess the install rate so far is a few percent and it's not being promoted at all.

A lot has to be done digitally, ask any grandma in the Netherlands what hoops she jumps through or has her kids do for her, but every time something new comes up, there is a lot of talk about keeping things accessible. Very few things are mobile-only (these "requires time-sensitive notifications" type apps mentioned above are the only ones I can think of), and only slightly more things don't have an offline fallback. So far, of course. I expect that we'll move more towards digital with (by 2050) a few help stations for the people stuck in the 2010s, but (de facto) compulsory closed source software that needs to be running on a body-worn device? Given the amount of discussion already surrounding the optional open source covid apps... I don't see that happening too soon in democratic countries.


There are hopes, especially in the wake of system overloads and the recent floods demanding very good reach for evacuation orders (beyond what could ever be expected without cell broadcast), that Germany will move to cell broadcast as the medium for critical warning message distribution. It's the only one that has no sclability issues and reaches basically every mobile phone with reception.

The warning app had been dreamed up because it didn't require going to cellular network providers and demanding a way to trigger cell broadcasts. At worst, it's software-license-gated on the currently-deployed base stations.


> people would trust some corporation less than a government

That’s pretty far from universally true. There is a fair number of companies that I trust more than the US government.


> There is a fair number of companies that I trust more than the US government.

Assuming a US jurisdiction and companies with US presence, the trust you can place in a company is a strict subset of the trust you can place in the government.

Remember companies only exist as enabled by various laws and the government can and will use court orders or even NSLs to extract whatever information it wants from the companies.


That’s not entirely true: They cannot extract information that the company doesn’t have, which would often come up if the company was careful to not capture it in the first place.


> That’s not entirely true: They cannot extract information that the company doesn’t have

For that data, you're not trusting the company with it either since they don't have it.


Sure, but how big is the overlap of that set of companies and the set of companies the US government would pick? It's not really a matter of which you trust more if you're being asked to trust both anyway.


> Covid apps [...] They're completely optional and it's temporary

If wanting to enter a local business is "optional" and as the saying goes nothing is quite so permanent as a temporary government program.


Most Covid certificates can be printed or accessed via a web browser - just screenshot/save that and you're good to go. I did this in the UK though I believe I've only ever had to use it once.


Please see the first sentence of my comment again. Which country, which government? If I may say so, I doubt your word that this is an actual requirement anywhere in the world (let alone commonplace), considering the smartphone incidence among the elderly.


Singapore


Any decent government allowed you to print the qrcode.

By the way were I live almost everybody has a smartphone but a lot of people just don't even knew where to find the correct app or how to get access to the covid euro passport from the app as a lot of people have been waiting for hours in front of the medical center to get their cert in paper. Many took a picture of it to present it from their smartphone later.


> Soon you can't have a normal life without installing at least a dozen of apps.

To whom it may concern,

Please unsubscribe me from your dystopian hellscape.

Very truly yours,

GonnaThrowAwayMySmartPhoneAndLiveOffGrid


Please submit your property taxes through our convenient online filing portal.


Just because many privately owned apps are bad, does not mean the concept of apps is bad. If the government in theory can offer a "secure" open source channel for me to do my business with them without having to go there or pay for postage, why not use it?

And why do we still believe that paper docs are secure? Someone needs to look at them and can just as easily "lose" them, too.


The problem here is the smartphone ecosystem. If there were merely an "app standard" which I could run even if I did not have a Google or Apple device, that would be fine. But, requiring that I give at least some information to Apple, or even more information to Google in order to use a government service is what I take issue with.

The bigger problem is that this issue is almost entirely artificial. Most apps are merely glorified web pages. Functionally, they could (in most cases) just be websites and function exactly as well.


You almost certainly have the right to mail a paper check for most things. While I tend to have my bank do it for most things it’s absolutely an option in general. I certainly still use check for a lot of purposes in the US.


Each month my ISP sends me a flyer telling me how much easier it would be to pay them if I let them auto-draft their fee out of my bank account.

Each month I tell them what I think of that idea by sending them another check.


Ahahaha me to.

im not living on the grid, yet i havnt installed a single covid app yet. I do live like i am off the grid, while on it. Have my cake, and eat it to.

Ahh the churn of Investor money. HN likes to have go's at crypto about "Adding value" but im yet to see a long term sustainable unicorn that comes out of its bloodthirsty VC flush stage to long term sustainable numbers, and product...

HINT: Users will GET RID of YOUR PLATFORM as soon as humanly possible the moment you flick the switch and try and make a profit. ATTENTION is CHEAP! there are a thousand other unicorns and VCs looking for pie. You will go out of fashion, you will be replaced.


It's always funny reading the different discussions kicked off by articles here; the privacy/confidentiality-oriented folks are in here talking about the relentless pressure to install apps which rummage around your private life inappropriately.

On the threads kicked off by someone whining about Apple protecting customer privacy from app authors, people rage that Apple should have no power to stop people loading terrible applications just like this.


I am one of those that share both sentiments so I am happy to explain.

It is better all software be democratized or decentralized which makes the responsibility to filter and ignore bad content fall on the individual or community who can maintain block lists all can override or can opt in or out of.

In a dictatorship or centralized technology however the responsibility falls to a central entity that removes all choice from you and even removes the ability to review the code they expect you to agree to run. Almost like making people sign legal agreements without reading them. By design a dictator implies they can and will always make better choices than anyone else. Dictators by design must be -perfect- to evade the due criticism for taking away free choice.

In a world run by software the method of governance for that software is of a similar level of importance as the governance of our countries.


  > the responsibility to filter and ignore bad content fall on the individual or community.
The individual and the community is exceptionally bad at this type of thing. Government may be as well, though.


Are you saying that everybody is or are you leaving out corporations because you thing that corporations are good at it?


I'm saying that people in general are bad at filtering and ignoring bad content. I have no experience with corporations doing it - I don't have a Facebook account - but I certainly am not pleased with the way journalistic bodies filter for content. I package them separately from general "corporations" because supposedly that would be their specialty. Rather, all I see is agendas being peddled.


I don't see the contradiction. These are orthogonal issues.

Apple protects customer privacy from app authors through strong access controls and permissions model.

Side-loaded apps would benefit from all of these protections just the same as apps from the app store.

Your comment implies the only thing Apple has done to improve privacy and security is curation of the app store.


Plus if you use DNS ad-blocking you'll find a fair number of apps will not work due to the excessive tracking implemented in a blocking way with key functionality.

The websites though, they work perfectly. What tracking is on them is implemented in a non-blocking way.

I've ditched most apps for shortcuts to Firefox which also has no script installed


> Yet another reminder to install as few apps as possible.

No, this is a reminder to not use proprietary software, which doesn't respect users' freedom.


Good advice. I recently deleted a lot of apps from my iPhone when I realized that I only used some of them once a year (or less). If they're just local frameworks for account-based services such as AirBnB, keeping the app is like keeping the web page open for 12-18 months in case you need it again soon. Reinstall when needed, log in, and then delete when the need has gone.


My personal strategy is to keep an old phone around that I load up with apps I need. When I’m not using it (which is 99% of the time), it stays powered off (usually with an empty battery) in my closet.


Well, that's a good goal, but even the government expects you to install their apps nowadays. It's impossible to live without a recent smartphone with enough free space.


Wouldn't you just put that in your privacy policy so when some bug makes it in (perhaps in upstream code or the OS itself) that causes location tracking to continue happening when the app is closed, you're not open to liability?

It is difficult to discern "paranoid" from "evil" when reading legal documents. Unfortunately being paranoid makes them look evil. Maybe they are, maybe they aren't, but there is more than one way of looking at this.


>Wouldn't you just put that in your privacy policy so when some bug makes it in

Well by that reasoning, all legal agreements should just say, "we are not responsible for anything, we take what we want don't, you can't sue us".


That's basically what most EULA read, only in many more words


I mean, I’ve seen a lot of legal agreements like that.


It seems difficult for something like that to accidentally happen, seeing as background location tracking requires explicit permission requested through APIs provided by the OS.


I wonder if the fear is that you might end up having less than ethical (rogue?) employees that might think they're helping the company by using some form of workaround to track users. I'm not sure if that's overly paranoid or just the right amount of paranoia, but I can imagine the fear.


Unethical management does that trick just fine. You don't need rogue employees for that.

https://www.theverge.com/2016/1/6/10726004/uber-god-mode-set...


Odd that Apple let them slide through with that description. For example, Universal Studios Florida has a more descriptive

> Will be used to orient the park map to your location, enable in-park features during your visit, and tailor informational, marketing, and promotional messages in or out of the park.

The Disney World app has

> 'While Using' means we may use your location when the app is open to... provide you with valuable updates and offers... 'Always Allow' will allow your location to be used for some of the above purposes even when you do not have the app open

So if these big players must precisely say "offers" or "promotional messages", I don't see why airbnb wouldn't have to.


I came back and now realize that this is just what's in their privacy policy. I have no idea what the location reasoning is within the AirBNB iOS app's prompt that developers have to fill out.


Permissions creep is rampant in the industry, apps all start with a pretty user friendly set of permissions and over time the ToS/ToUs and permissions get increasingly offensive. The other similar pattern to this is decreasing "SLAs" like how Uber and Lyft are now often misrepresenting the wait time to get a ride (driver is 3 minutes out = at least 7 minutes), and if they had started that way they'd never have gained such widepread adoption in the first place.


That's the terrible thing about a "reasonable expectation of privacy."[0] Permission creep keeps pushing back what "reasonable" means.

From the findlaw article: "This means that the disclosure or discovery of a private matter must have happened when the plaintiff was in a place or situation in which the average person would be offended at being intruded upon."

So now we shouldn't be offended if apps use our location data even when we're not using those apps.

[0] https://www.findlaw.com/injury/torts-and-personal-injuries/w...


The worst part is how within the companies, these changes are always pitched as somehow being user-friendly with a contortion of logic.


They did start that way... they've been doing this for years.


This appears to be boilerplate - https://www.google.com/search?q=%22Geo-location+Information....


Using google to limit the results by date, it looks like Airbnb was the second to use the text, a few days after "WeChalet"

https://www.google.com/search?q=before%3A2020-10-31+%22Geo-l...


Funny thing. Or not. But Google results page displays different short texts for every page. Is it just me or that changed? I remember that every page result should display same briefing


I stopped using Strava when they changed it so it doesn't work anymore with the "while using the app" mode.

It's odd that a paid app still wants to stalk you - apparently they think that their people movement data is more valuable than their fitness business. The fitness part is apparently just an elaborate ruse to get you to install their app...

(The fact that Apple lets this fly shows yet again that their App store policies are not for protecting the user, they are just for protecting Apple's revenue stream)


What do you mean? I just checked now and the app is in only while using mode on my phone and it's perfectly fine. But in the same time I use a different sports watch and sync everything from there to Strava, so I don't use their apps for any direct activities. The use location always might be because of the beacon feature, which can be disabled probably.


Maybe they changed it, but after an update the Strava app refused to start activities in the "only when using" mode.

I stopped using Strava at that point, so I can't say what it's like now.


Steve Jobs words 12 years later are still very relevant today https://youtu.be/39iKLwlUqBo

I just want to thank Apple for pushing this agenda forward, introducing things I believe Google would never do themselves first unless pressured.

I still remember Apple introducing “track me while using the app only” in a new iOS years ago that stopped companies hoarding live geolocation of every app user.

And we still get new bits and bobs every major iOS release.

In just last few years we found out apps that unnecessarily scanned for our network devices or used clipboards for no apparent reason.

Keep them coming.


They can still do better. I want a feature that will let me programatically lie to any app that requests any permission. E.g. real data while Im in the app but maybe Im in paraguay if it requests it ourside.

Apps shouldnt be able to fully trust the data they get unless the user wants them to trust it.


Apple will probably implement this in the coming years. This feature will poison those Big Data datasets and will lower accuracy of user profiles, but so long as Apple can reliably distinguish fake location data, Apple will go for it. Then, I hope, Google will retaliate and do the same on Androids. Facebook will be out of luck, but who cares.


The XPosed framework for Android let's you do exactly that (requires rooting though).

I haven't tried calling it programmatically, but it has a module system.


Its likely that both OS's allow you to do it, because it is part of their testability APIs. I have used an app on Google to fake my location because a restaurant that is hard to schedule (90+mins waiting) requires you to be within 1 mile of it before getting on their waitlist.


They actually do this already in a roundabout way: if you turn on iCloud Private Relay, you can choose the IP Address Location as Use country and time zone


This question about the cloud and services is especially prescient though, because it's about incentives. As a hardware and OS manufacturer, Apple was not highly incentivized to collect data on its users. But as a cloud/services provider, its incentives far more closely align with Google/Facebook. There are services, such as Apple's fitness apps, where they don't seem to play by the same rules as comparable apps. It has been unclear where Apple draws the line between itself and those in its ecosystem. To provide an almost silly example: you don't see the Phone app asking for permission to access your contacts. I do place a lot of trust in Apple, but I don't expect them to stay a neutral party.


Yet apple always aggressively pushed their native app platform over web protocols, which would allow much more privacy.


I don't think there's anything stopping web browsers to have the same level of privacy features as the apps, is there? Apple, Google and Microsoft owns both the OS and the browser, so there's really no excuse I feel.


GP's talking about Apple making PWAs unviable on iOS.


In what way are they unviable? Because it's not as easy (which is not actually easy) to discover and make money? That seems a choice one makes.


Notifications. Notifications are why they are unviable.


I allow notifications from virtually nothing other than phone and messages.


I don’t see how you could replicate blocking all network access with a website. Websites inherently communicate with a remote server which limits privacy guarantees.


With the exception of either investing time into targeted request black-holing or disallowing apps from contacting the outside world entirely (which would produce a pretty crappy AirBnB experience) I don't think this is really reasonable. Most useful apps have some legitimate reasons to talk to servers so blocking access before the app can get it (similar to how browsers block access before the site can get it) seems like the most reasonable approach. And websites don't need to inherently communicate with a remote server - there are a bunch of web tools out there that download a bunch of JS and then essentially run in local mode without ever sending that data home... yes the original stuff is coming from a foreign source but that's the same as Apps - the acquisition method is just different (and a lot more prone to abuse I'll grant you).

However, pretty much every useful app you're using is calling home for some moderately legitimate reason - so I don't think it's helpful to differentiate the two classes of executables based on remote asset usage.


The majority of Apps on my phone have zero reason to communicate to the outside world. A calculator, standalone game, etc should function without network access and if it doesn’t then delete the app and get something useful when the network is down.

Honestly, if I can’t block network access I don’t see the value in downloading a AirBnB app or just about any other app companies want me to install.


People prefer native user interfaces to APIs over the UI of web apps accessing those same APIs.

A few years ago when phones were slower the difference was much more stark. It's straight amazing what can be done in a webview now.


How would web protocols allow for more privacy? If Safari implemented all the Chrome PWA APIs it would open up the user to far more browser fingerprinting while also increasing the attack surface.

Also every crappy website will think it’s okay to force download a huge PWA payload and fill the phone up with notification spam. No thanks.


Not sure how the protocols themselves help, but at least for now, we still have things like content blockers and extensions for mobile web browsers.

Native apps have more freedom to do whatever they want, and they do it more opaquely. I guess the only thing that comes close to a web browser content blocker for iOS native apps is piping your traffic through one of those ad-blocker VPN apps like Lockdown, which sucks.

Of course, nothing compares to the amount of insight you have into websites on a desktop web browser where you can open a networking tab in the dev tools.


> Not sure how the protocols themselves help,

Web VR is being routinely used to add fingerprinting and tracking. Direct access to USB devices adds so many vectors for abuse I can't even imagine how it will end up being mis-used.


> If Safari implemented all the Chrome PWA APIs it would open up the user to far more browser fingerprinting while also increasing the attack surface.

Surely the answer is "so Safari shouldn't implement those APIs"? It's app makers who think we need constant push notifications from everyone; by and large they're subtractions rather than additions.


And yet Apple sell tracking devices that can be used to spy on people who've never used an Apple product.

Are they blind to the harm they're causing, or do they believe that only their own customers deserve to have privacy?


One can also use Airpods with ear sensing disabled to spy/listen for private conversations on people (within Bluetooth range), even people who have never used an Apple product. And, you know, some MacBooks are heavy enough to be able to cause physical harm if you'd hit someone on the head.

The wonders of humanity is that humans are creative and imaginative (not me, the examples I thought of are stupid and silly), so if they have a certain task in mind they can solve it through whatever technologies available, even if those technologies weren't designed for it...


One can also use Airpods with ear sensing disabled to spy/listen for private conversations on people (within Bluetooth range), even people who have never used an Apple product.

Wait, what?


I’m not sure what OP is talking about but one can use their iPhone with the Live listen feature & AirPods to listen in to conversations. But you can just as easily leave your phone and record and listen later.


Yes, that's what I meant, thank you - putting an Airpod in next room to eavesdrop.

Airpods are pretty small, must be much easier to sneak them in compared to a phone. And unlike a phone, they're not providing any means to figure out who is the owner.


they thought they were ahead of the game by adding the anti-stalk features at all, because no one in the tracker industry does it… but it ended up causing the streisand effect


Apple still doesn't let you pick and choose specific permissions when installing an app. Other than location and a couple others, permissions are still all or nothing, unlike Android.


I can choose for each app: contacts, calendar, reminder, photos (whole gallery or choose pictures), Bluetooth, local network, UBW, microphone, speech recognition, camera, health, (sensors?, Never seen that before), Homekit, media, files, movement and focus.

And location of course (never, ask next time, when using and always) with a toggle to set it to "approximated position"


Apple asks for permission when app actuallys requests it, not upon installing. I think this is superior to Google's from a privacy perspective.


From your answer I can only assume you have not used Android in a long time.

Android permission model changed greatly around Android 6:

https://source.android.com/devices/tech/config/runtime_perms


I actually develop for Android and literally worked with those permissions on 6+ too.

I was answering parent's concerns in their context.


This simply isn't true.


Is this really an issue when both iOS and Android support "only when using app" permissions for location? If you don't want give them access to background location, then don't grant the permission.


You can't turn off IP-based geolocation. To play the devil's advocate, they might just be using this to revoke stolen sessions when the same session makes requests from different locations.


> You can't turn off IP-based geolocation

They also can't get your IP address when you are not using the site, so it is the same thing.


Apps can make background requests.


Not if you turn off location permissions and background app refresh.


I've never been asked for a background refresh permission on an Android. Is that an iOS thing?


It looks like it's just something the app developer can turn on, and it will be enabled without having to ask the user for permission.

But you can turn it off:

https://www.asurion.com/connect/tech-tips/conserve-phone-dat...


It exists on Android too, but it's not a normal permission.

See under the apps battery options


> You can't turn off IP-based geolocation.

Thats about 99% of the reason my phone is always using a VPN.

Sure, geolocate my IP. I'm in Melbourne. Accurate to an almost 1000km CEP...


And mistakenly flagging you when you switch to/from VPN.


Not "mistakenly". Their objective is for you to "engage" with the app and submit to whatever shit they throw at you no questions asked.

By using countermeasures, you're demonstrating that you are more privacy-conscious and/or more tech-savvy than the average. This means you are more likely to be a problem when they try to swindle you in one way or another down the line, whether it's the next dark pattern that they want you to fall for or try to scam you and hope you just accept your fate instead of raising a chargeback, etc.

There's no reason for them to accept even a sliver of risk as long as there's an endless supply of people who don't carry said risk, therefore any indicator that you deviate from the average could lead to a ban, especially if the margins are super-thin or non-existent (when the objective is "engagement" rather than profit).

Now I doubt any of this has been started intentionally - most likely the anti-abuse mechanisms learned over time the correlation between different signals such as usage of a VPN, etc, but because of the above there's also no pressure to "fix" this problem for legitimate users of VPNs.


I just looked through the app list of my iPhone’s location privacy settings and every app has either “never”, “while using”, or “when shared”.

I never opt in to always sharing my location with apps that I’m not actively using and iOS makes that easy for me.


Uber did this in their iOS app a few years ago, requiring users to set location tracking to "Always" and saying it was due to a technical limitation.

This was prior to the series of scandals which included tracking journalists and public officials came to light.


Afaik the only way they could do this without explicit permission is by tracking the IP you are connecting from and determining your approximate location from that, which isn't going to be all that accurate.


The only app I have that really tracks my background information is Pokémon go, because I’m an idiot and my location gets me farther in the game. It took me approving background location attempts that Happened about fifteen times in each instance over a day or two period for my iPhone to stop. I think you’re basically fine as long as you use common sense?


I doubt this is the case. More than likely Apple changed one of their IPhone API calls without notice and so this TOS change is a legal stopgap until the AirBNB devs can refactor the code to account for this unexpected API change.


Tracking you and storing the data without good reason and without up-front transparency is very clearly a GDPR breach.

When will these idiots learn that you simply cannot go gathering personal data on the off chance you might find it useful or sell it. Gathering unnecessary personal data isn't an asset, it is a liability. And so it should be.

https://ico.org.uk/for-organisations/guide-to-data-protectio...


How does it work with the new permissions systems coming to mobile OS?


I'm on iOS. So, no.

Problem solved.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: