After an enterprising hacker discovered a privacy problem in beloved new social app Path yesterday, its creators have issued an update and an apology. "We commit to you that we will continue to be transparent and always serve you our users, first," CEO Dave Morin writes.
Path was uploading iPhone users' address books to its servers without asking. Today's update, version 2.0.6, now prompts users to opt-in to the "Add Friends" feature, which is not mandatory. Path has deleted all the existing contact info from its servers.
Path is a lovely app. It pushes all the right buttons. It's mobile, it's tactile, it's personal, it's full of people we love and moments that matter to us. It makes us feel good. It's got all the greatest hits a post-Facebook social app should have. It's also free.
"Facebook will always be free," it tells us, so free is now the standard. Free apps are expensive, though; we pay with our data. Whenever Facebook or Google messes with our privacy, this is the cost of doing business for free. Path is no different. It's already using our personal data in ways we didn't expect. Arun Thampi discovered today that it uploads the entire iPhone address book to its servers. Surprised? Don't be.
Sunday's New York Times was a Luddite's dream. Tthe paper's Sunday Review section had three lengthy opinion pieces dedicated to "Life Under Digital Dominance" (their words, not mine), including Evgeny Morozov's lengthy treatise that social media will kill originality because we're all too afraid to publicly "like" something on Facebook that our friends don't like, a plea to adopt European-style rules to keep data private and a particularly threatening piece by Lori Andrews promising sudden cuts in our personal credit lines and troubles obtaining insurance because Facebook is using us.
All three authors make good points, and they are points worth considering for anyone invested in a digital life. But they also brought to mind Reason magazine's June 2004 cover story - a remarkably poignant preview of the world we now live in. It was also a reminder that a lot of us are okay with the amount of information we choose to share online, and many of us even benefit from giving marketers, friends and co-workers a more complete picture of who we are.
Google updated its privacy policy on Tuesday. It replaced more than 60 separate policies with a single one that treats Google users and their data as the same across all Google services. Reactions were shrill. "The End of 'Don't Be Evil'" was trotted out for the umpteenth time. The Washington Post quoted privacy experts saying, "There is no way anyone expected this." My, that sounds terrible!
But it's not true. Everyone watching should have seen this change coming. Google executives have maintained for so long that their new direction is one unified Google product. The new policy doesn't track any new data. It doesn't change the user's settings. Users can still export all their data and leave Google forever. All this does is change perception.
Along with Sunday morning's secrets, PostSecret founder Frank Warren announced that the $2 PostSecret iPhone app is now closed. Warren received complaints from users, Apple and the FBI about bad content on the anonymous art app. He says that users, moderators and his own family were threatened, citing two specific incidents he can't discuss further. Launching the app now displays only one secret announcing the closing.
Whereas submissions to the PostSecret blog are curated by hand, the app was an experiment allowing any iPhone user to generate secrets instantly and anonymously. Warren says that users shared over 2 million secrets, and that "99%" of them "were in the spirit of PostSecret." The app launched in September, becoming the best-selling app in the U.S. and Canada overnight. It is now gone from the iTunes store, the Android version never arrived, and the PostSecret App website no longer loads.
What started last week as a relatively minor controversy over one company's tracking of smartphone users' behavior has ballooned into a full-fledged scandal. The curious digging of developer and researcher Trevor Eckhart revealed that an application called Carrier IQ (CIQ) has been logging and transmitting a ton of information about what people are doing with their phones, including personal data like phone numbers dialed, URLs visited and the content of text messages. First the Electronic Frontier Foundation came to Eckhart's defense after CIQ sent a cease-and-desist letter to the developer. Now U.S. Senator Al Franken is demanding answers from CIQ.
The controversy initially swirled around Android-based smartphones from a variety of manufacturers. Last night, iPhone hacker Chpwn reported that he had found traces of CIQ in Apple's iOS operating system, although what he found looks less alarming than what Eckhart initially saw elsewhere.
There is a brewing controversy surrounding the data that cellular operators and cellphone manufacturers know about users. It has started with researcher and coder Trevor Eckhart, known as TrevE on the XDA Developer forums, digging into the code of a company called Carrier IQ (CIQ). According to Eckhart's research, CIQ has the ability to know just about everything a user does with a cellphone, from when and how a dropped call took place at a certain time and location to what input method a consumer is using and even what they user is inputting.
The depth of the allegations are startling. Does CIQ really have the ability to key log everything that a user types? The fight has now gone legal with CIQ sending Eckhart a cease-and-desist letter and removal of his research while the Electronic Frontier Foundation (EFF) has come to his aid. CIQ claims copyright and false allegations of Eckhart's research while the EFF says the researcher is protected under Freedom of Speech and Fair Use doctrines. Make no mistake, this battle is more than just about copyright and the free speech. It is the first step of unveiling exactly what companies know about their cellphone customers and how they use that data.
Whether it's to elude oppressive governments or something a bit less noble, many users have a need to browse the Web in complete secrecy. Tools that enable anonymous browsing have existed for years on the desktop and some have popped up for Android. There are some for iOS as well, but until now, none of them featured the bulletproof privacy of the Tor network.
Enter Covert Browser, which was approved by Apple earlier this week. It uses Tor to encrypt Internet traffic and route it through three different servers to ensure data about users cannot be intercepted by third parties. Such data would include browsing history or, more commonly, one's geographic location.
At 11:00 p.m. Pacific on a Monday night, 7:55 a.m. Tuesday morning in Europe, Google posted a gem on its official blogs. "Greater choice for wireless access point owners," the post is called. It's a follow-up on a promise made in September to offer people with Wi-Fi networks a way to opt out of sharing their location data with Google.
If you want to opt out, Google says, you have to figure out how to add "_nomap." to the end of your SSID name. Can't figure out how to do that? Oh well (here's how). Google, and I quote, "found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse. Specifically, this approach helps protect against others opting out your access point without your permission." You hear that? Google wants to protect you from someone turning off your location sharing without your permission. It's for your protection, citizens.
A U.S. Federal Court in Virginia caused quite a stir among digital privacy advocates last week when it ordered Twitter to grant the Justice Department access to private data from the accounts of three suspected WikiLeaks supporters. That data includes IP addresses, session times and relationships between other Twitter users.
Normally, requests for this type of information are not particularly controversial, but in this case a warrant was not required and the subjects of the data inquiries have not yet been charged with any crimes. The government is able to make such warrantless requests thanks to a 1994 law known as the Stored Communications Act.
