Slashdot Mirror
Palm Pre Reports Your Location and Usage To Palm
AceJohnny writes "Joey Hess found that his Palm Pre was ratting on him. It turns out the Pre periodically uploads detailed information about the user to Palm, including the names of installed apps, application usage (and crashes), as well as GPS coordinates. This, of course, is without user consent or control. The only way he found to disable the uploads was to modify system files."
Did Palm not think that someone would figure this out? I wonder what kind of backlash there will be about this and how much more negative impact it will have on the Palm brand.
Let's see if you can find the trick in Palm's privacy policy:
Personal information is information directly identifiable to you, such as your name, address, email address, and phone number, as well as other non-public information associated with such information. Some examples of how we collect and use personal information include ... [ a list that sounds pretty safe and reasonable]
The operating word is Some examples: legally, they don't say that the list is exhaustive and that they don't collect information any other way. So the long list of nice looking collection is just a decoy!
--
FairSoftware.net -- iPhone dev jobs for geeks by geeks
Ok, add them to the list.
Actually it's getting hard to keep track. Should we start a wiki?
Please, can I have my pretty, shiny leash, please? It offers me so much Freedom!
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Story says...
This, of course, is without user consent or control.
But From Palm Infocenter, they say
Palm's own "Terms and Conditions" statement, along with their Privacy policy, detail that Palm basically maintains it has the right to indefinitely collect, process, store and share this information. Users must accept this multipage collection of fine-print waivers and disclaimers in full during the initial device setup process before being able to utilize the device.
I read the privacy policy and it doesn't really seem like it's built to cover this kind of snooping.
And then there's this:
You may choose whether or not to provide your personal information to us. If you choose not to do so, you can continue to interact with Palm, but you may not be able to take advantage of certain products, services, offers, or options that depend on personal information.
So is there a website or a setting on the Pre to disable this thing. TFA seems to say there isn't.
I mean, there's utility in understanding how people are using your device. But not letting your users know you're uploading daily usage stats and not giving them a way to turn it off?
Truly Uncool.
It breaks my pluginses, my precious!
Yeah, because GPS coordinates are really relevant to crash data...
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
That would depend on the programs running at the time, wouldn't it? After all, some do use the GPS coordinates, so it is reasonable that some have a bug in how they do so...
'Sensible' is a curse word.
OK, I can see sending what applications are installed and what crashes have occurred given the user's explicit permission - I allow my Ubuntu boxes to participate in the "popularity contest" wherein what apps I install are (anonymously) logged, and I will frequently send crash reports to help get the cause of the crash fixed.
In both of those cases *I* decide if it happens, and I was informed of the data being uploaded.
But automatically reporting my GPS locations - HELL NO!!!
Yes, the Pre is a phone - as such it MUST, BY LAW be able to report its location to 911 (here in the US, natch). My phone (which is NOT a Pre) has been configured to turn GPS off for anything OTHER than E911. If I found out that it was NOT abiding by that selection - that it was sending position data to anyone other than E911 - then not only would I be terminating my cell contract, I would be filing suit against the makers of the phone AND the cell carrier.
Again, I can see why Palm would want apps installed and crash data - but WHAT DAMN BUSINESS is it of theirs to know position?!?!
www.eFax.com are spammers
It's not just crash data. It sends that too, but it also uploads your GPS coordinates daily along with the app use data (what you've used and for how long) according to TFA. It's customer profiling, not bug testing.
My Motorola i776 is GPS-enabled, but when it was stolen, Boost Mobile said they couldn't use the feature to find my phone. Probably because they get a cut of the hundred bucks it cost me to replace it.
Free Martian Whores!
You know, that total control of their users and the things they can and can't do. Apple should not control their users like that, it's just...
Oh wait, you mean someone else than Apple is doing that?
Damn you Microsoft, always controlling your users....
Oh wait, you mean it's neither Apple or Microsoft?
So, you zealots who always bash on Apple and Microsoft... what FUD will you say to protect your precious Palm now? And wasn't Google's Android doing something similar too?
The solution is easy: get a cellphone that's JUST A GODAMN PHONE.
Where's the hyperbolic and inflammatory blurb?
I only get paid to attack particular businesses and politicians.
I'm sure the hell not going to bother to attack someone else for free. Someone has to pay for it.
Wrong. The cell id (tower identifier) is available from the GSM module without knowing the GPS coordinates. In fact, with multiple local towers, you might incorrectly guess which tower is being used based on lat/lon, since they may handover (pass your call from one tower to another) for a variety of reasons, including capacity.
In the spirit of blaming Apple for Palm's misbehavior with their iTunes stunt please respond here with how this is also Apples fault.
The only change I can believe in is what I find in my couch cushions.
Where are the fanboys defending this stupidity? Oh, wait, it isn't an Apple product.
Your comment is super behind the times. The Pre is a slick little device, and easily stands with other moderm smartphones.
Including in the "violate user's privacy" space, it seems.
Isn't it great how the courts can ask Motorola where you are but you can't?
I see the glass as full with a FoS of 2.
"Hell, I thought all phones did this anyway"
Running the GPS on a phone eats up the battery, I wouldn't assume any phone company would be purposefully sabotaging the battery life of its own products to piss off its customers.
And tracking of cell phones has come up in the past, and is generally quite controversial: http://www.insidetech.com/news/articles/2299-controversial-study-tracks-movement-via-cellphones
I honestly don't know why Palm thought it could get away with it without some outrage. Especially when it has such a steep hill ahead of it already.
Hmmm, lets see how accurate 1984 is in this case:
An ultra-facist, ultra controlling government that...
1) Watches, analyzes, and controls your every move to identify possible revolutionaries.
2) Controls all commerce and businesses
3) Outlaws sex for pleasure (even with your spouse)
4) Convinces children to rat on their own parents.
5) Uses constant warefare, drugs, and pornography to subdue the masses
6) Re-writes history to suit its present needs
7) Tortures and/or kills anyone who resists it
8) Encourages (forces?) racism and nationalism to the point of incoherent rage in every citizen.
versus a private company that...
1) Retrieves information when your phone software crashes
Sorry, I'm just not seeing it.
Woops, looks like /. is hammering the server. Here's a copy of the text (as of now):
Misleading titles? Inflammatory blurbs? Keep in mind that Slashdot is a tabloid.
Google did this specifically in Google Maps Mobile well before they rolled out the "find my location" support in it.
In early Google Maps Mobile versions, if you had GPS support, it would include the GPS coordinates and the "visible" cell tower IDs and strengths in every request back to Google. They used this data to improve their location service (by getting GPS data on where the cell towers were) before rolling it out to the public. That's how they got the location service to work even on phones without GPS data, it uses the cell tower signal strengths to guess at where you are.
The data is still sent by Google Maps Mobile on any phone that supports it.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
No, that's not the case. A GSM phone will only call in every few hours; when it is switched on or off; when it needs to call out or send an SMS; when it is asked to call in; or when or when it moves between areas covered by different MSC/VLRs. An MSC/VLR covers a large area of a country with thousands of base stations. The bit about "asked to call in" is interesting. The network knows that the handset is in the area covered by an MSC/VLR, but not where, so it broadcasts a request for contact over the base stations in the area. The handset responds, localising itself to a base station. The point is to minimise signally costs and battery power consumption.
Yes, you can use the information about the last localisation in legal investigations, because the network keeps track of where and when you were last seen. It's also possible to send a silent SMS to get the phone to localise. However there is no continuous tracking of handsets by default.
http://www.precentral.net/fyi-pre-reports-your-location-palm
When PreCentral's people asked Palm about this, their official statement to them in part was:
Our goal has been to follow industry best practices on data collection, use, and encryption. Like most EULAs and privacy policies, though, the terms tend to get pretty detailed about potential scenarios. And because the terms are meant to notify users about all possible variations, we wanted to err on the side of over notifying rather than under notifying users through the terms of use. So there's really nothing here "beyond the norm" for a EULA or privacy policy.
The provision you've quoted explains why Palm might collect user information. For example, we collect and transmit users' email addresses, email content, contact lists, etc. to provide WebOS services such as back-up and restore for the purpose of backing up that data and helping users restore the data if needed (in that case, it would not be limited to just the email address collected at registration). If users someday make purchases on their device through the Apps Catalog, then we would also collect payment information to process the transaction.
At all times, we'd be strictly bound by our privacy policy. Our privacy policy, like virtually all others in the industry, contemplate our using data to provide services users have requested, improve our products and services (hence the reference to Palm's own "sales and marketing" in the privacy policy), troubleshoot, etc. We also refer to affiliates because Palm is a global company, and we may need to transmit data from our European subsidiary to the parent company. We're obviously not a conglomerate with many different subs and affiliates, but the terms specifically mention subs and affiliates so that we can comply with European data protection laws that require us to spell out that data collected by a European sub can be transmitted to another part of the company.
Canada's privacy laws disallows this, especially not notifying the user. As soon as it leaks out to the CRTC and the Privacy Commish, they may disallow this device for sale in Canada later this month.
But my god, what was Palm thinking? Disappointing.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Actually, it's the cellular companies that want that data more. By having the phones report back on position and cell tower ID strengths, they can more easily map "dead zones" in their coverage areas, telling them where to put new towers to hit the most people.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If this is true, it strikes at the very heart of the products saleability. The pre is quite the phone in geek worlds, which unfortunatly for them, tend to be the ones that care about stuff like this!
By doing this they have alienated a real core market that could have made the Pre a good geek phone rather than a has been phone.
http://www.writeitfor.us - Writing IT for the IT generation.
Isn't it great how the courts can ask Motorola where you are but you can't?
You just need to sue yourself and then ask Motorola for the location of your phone so that you can serve legal documents to yourself.
Probably that the cell companies would rather that you access the internet from your cell phone via their expensive cellular data plans than be able to get around that by using a nearby WiFi access point.
So why not hack the thing so it sends what you want it to send? Somewhere innocuous, somewhere whimsical, or just random locations. You could have fun with this.
"Yes, I really was at the North Pole yesterday. And in Paris the day before. Isn't air travel great!"
...laura
Running the GPS on a phone eats up the battery, I wouldn't assume any phone company would be purposefully sabotaging the battery life of its own products to piss off its customers.
You may already realize this, but for clarity's sake: GPS isn't needed to track phones. They can be tracked simply from their signal as long as there are multiple towers within range to receive it. So probably in any city you can be tracked.
And tracking of cell phones has come up in the past, and is generally quite controversial: http://www.insidetech.com/news/articles/2299-controversial-study-tracks-movement-via-cellphones
It may be controversial when some scientists announce that they're going to be using tracking data. That doesn't mean you aren't quietly being tracked anyway. Hell, carriers are required to give your position to law enforcement or emergency services. Since this kind of tracking is more or less passive -- it's based on your normal cell signal, no extra data is being sent by your phone -- then unlike with the Palm Pre's GPS you have no direct way of knowing if you're being tracked or not. You just know it's possible.
The enemies of Democracy are
PalmOS 5 had/has full support for WiFi. They even have released a WiFi card that can plug into the SD slot of many Palm OS 5 devices. I have personally used a Tungsten T3 with the WiFi card for a number of years and it works quite well, especially for doing stuff over SSH or quickly checking email.
There were also a couple of PalmOS 5 devices that had built-in WiFi notably the Tungsten TX and the LifeDrive.
They are dismantling our society, in case you didn't notice. Honest police work is punished when directed at lower and lowest-class OR upper and top-class people while nickel-and-diming of middle class is encouraged.
It's proles and untouchables vs. we the people.
If the two towers measure and report your distance (using turnaround time adjustments to your cellphone to fit it into the Rx time slot) they can put you on one of two points - one of which can be eliminated by antenna pattern.
If the two towers can't accurately measure your distance but CAN agree on timing for measuring the moment of their reception of your signal, they can put you on a constant-distance-difference hyperbola between them, ala classic LORAN.
I think the ones typically deployed these days can do both, putting you on a fuzzy dot on a hyperbola using only two towers.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Actually, I wonder if you could sue a John Doe for stealing your phone, and then subpoena the current GPS info from the carrier in order to prosecute...
"I like systems, their application excepted", George Sand (French)
He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back...
Honestly I think this would be a dumb move, being that Apple is more "evil" than Palm, and AT&T is more "evil" than Sprint.
Consider this:
* If Microsoft pulled even HALF the shenanigans Apple does ("fixing" iTunes when thrd parties figure out ho to sync to it, suing the competition, suing people who leak info on unreleased products, etc etc) they'd be hauled into court and sued into oblivion. But, Apple can still get away with it because they are not a monopoly and their products are hip/pretty/actually work well. Doesn't make it any less evil than if MSFT had done it.
* iPhone is more closed than Pre. Yes yes, I know BSD kernel and all but there are gobs of proprietary stuff all over it. Much more opportunity to "do evil" and get away with it since it is tougher to hack. Per is comparitively open--they were MUCH quicker to release APIs, their software stack consists of far more Free software and it is architecturally VERY similar to several Free-software-friendly mobile devices (Beagleboard, Zoom, Always Innovating Touchbook, Pandora handheld). Making its Pres phone home is evil, but at least they are more open and honest than Apple has been known to be.
* All phone companies are evil, but AT&T has the dubious distinction of being a full and wililng participant in warrantless wiretapping of its own customers. It comes from a monoloply heritage. Sprint is far less notorious in that capacity...it is merely known to be incompetent and bumbling at times.
Given the choice I'd elect Pre over iPhone in a heartbeat--both the carriers and the handset manufacturers for the former are more trustworthy--or at the very least easier to keep an eye on. Apple makes the best designed and highest quality but I'm rather disenchanted with their long-time tactics of being ultra-closed. I thought that there was a chance they were changing their game when they went with Intel architecture on their Macs but since then they've proven their spots unchangeable. Pity that--they weren't that evil in their Apple II days--they sued clone makers for their blatant copyright violations but at least their machines were quite open. Perhaps if the other Steve steered the ship (but then Apple products would look far less sexy I suppose).
At least with the Pre (besides being more powerful than the iPhone) if Palm is caught pulling shenanigans it is relatively easy to find and fix it. With Apple...not so sure...if they WERE found out doing something like this, not only would it be harder to turn off, Apple would sue your arse into oblivion if you told anyone about it.