Slashdot Mirror

← Back to Stories (view on slashdot.org)

Palm Pre Reports Your Location and Usage To Palm

Posted by Soulskill on from the caught-palm-red-handed dept.

AceJohnny writes "Joey Hess found that his Palm Pre was ratting on him. It turns out the Pre periodically uploads detailed information about the user to Palm, including the names of installed apps, application usage (and crashes), as well as GPS coordinates. This, of course, is without user consent or control. The only way he found to disable the uploads was to modify system files."

20 of 314 comments (clear)

  1. Did it not occur to PALM that this is BAD? by masterlogan2000 · · Score: 5, Insightful

    Did Palm not think that someone would figure this out? I wonder what kind of backlash there will be about this and how much more negative impact it will have on the Palm brand.

    1. Re:Did it not occur to PALM that this is BAD? by TheCowSaysMooNotBoo · · Score: 5, Funny

      Possibly even better answer: 90% of the Palm users don't care.

    2. Re:Did it not occur to PALM that this is BAD? by XxtraLarGe · · Score: 5, Insightful

      True. Likely there will be no repercussions whatever. Yet another example of an amoral corporation not giving a shit about their customers. Welcome to the 21st century.

      And that's different from other centuries how?

      --
      Taking guns away from the 99% gives the 1% 100% of the power.
    3. Re:Did it not occur to PALM that this is BAD? by Jawn98685 · · Score: 5, Insightful

      VP of Engineering: "Dude, they're going to find out, and they'll be pissed."
      VP of Marketing: "This is going to be great. Think of all the things we could do with this information. Think of all the people we could sell that information to. The feature stays."

    4. Re:Did it not occur to PALM that this is BAD? by Rude+Turnip · · Score: 5, Funny

      Look up "prole drift." More people have opportunities to better themselves than ever before; now *everyone* has a chance to run a shady business and abuse their positions of power. Things like grass lawns and vacations also used to be the exclusive playthings of the wealthy.

      --
      Bill Clinton: Pimp we can believe in. - The Shirt!!!
    5. Re:Did it not occur to PALM that this is BAD? by John+Hasler · · Score: 5, Informative

      > Likely there will be no repercussions whatever.

      Right. You'll whine and whine, but you'll keep right on buying the stuff.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    6. Re:Did it not occur to PALM that this is BAD? by Hal_Porter · · Score: 5, Funny

      > Things like grass lawns and vacations also used to be the exclusive playthings of the elderly.

      Fixed that for you. Now get off my lawn.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    7. Re:Did it not occur to PALM that this is BAD? by Em+Emalb · · Score: 5, Funny

      VP of Engineering: "Dude, they're going to find out, and they'll be pissed."
      VP of Marketing: "This is going to be great. Think of all the things we could do with this information. Think of all the people we could sell that information to. The feature stays."
      EVP of Marketing: "I eat boogers."
      CMO: "Excellent work, EVP of Marketing. VP of Engineering, you're too cautious. You'll never make it in today's world."
      CIO: "He's right. You're fired."
      VP of Engineering: "It's all good, I already have two other jobs lined up. Later, losers."
      EVP of Marketing: "Did I mention I eat my own boogers?"

      --
      Sent from your iPad.
    8. Re:Did it not occur to PALM that this is BAD? by drunkle+j · · Score: 5, Insightful

      In fact, I just mentioned this article to a co-worker who was showing off his shiny new Pre to me late last week, which after using it for a few days and finding out contrary to what the clerk told him that he could in fact not sync with iTunes, He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back...

      So wait.. your coworker was so mad that Palm wouldn't parry Apple's anti-competitive measures and Palm's collection of usage/GPS data, that he rushed out to sign a contract with the company at the center of the warrantless wiretapping debacle? The same company that, in response to hoards of customer complaints, pulled strings in congress to get an unconstitutional ex-post-facto law passed to prevent them from being criminally prosecuted for turning over every bit of customer data they could get their hands on to the feds? Yea, I can see how the average American consumer would make that choice.

    9. Re:Did it not occur to PALM that this is BAD? by Sandbags · · Score: 5, Informative

      hey, AT&T may have complied with illegal orders to provide wire taps, and even played some questionable moves to avoid prosecution, but lets place the blame where it really lies; the Bush Administration... AT&T was not the only company to comply with these orders, and was told quite explicitly, by judges, that the orders were in fact valid...

      AT&T may have broken the law, and violated the privacy of many (suspected crimainals/terorists) Americans, but they did so under a supposed legal authority and under orders to do so, and these wire taps (most of them) were actually for people accused or associated with active federal investigations. Palm is collecting personal information, it has NO association with any criminal activity and no basis in law, and they're doing it without informed concent, and without a way to disable the tracking, and wihtout support or order by the government, and I bet they're doing it without the Phone Company's knowledge too. (and if the phone company IS aware of it, they're FAR more guilty than AT&T is...

      --
      There is no contest in life for which the unprepared have the advantage.
  2. the fine print by alain94040 · · Score: 5, Insightful

    Let's see if you can find the trick in Palm's privacy policy:

    Personal information is information directly identifiable to you, such as your name, address, email address, and phone number, as well as other non-public information associated with such information. Some examples of how we collect and use personal information include ... [ a list that sounds pretty safe and reasonable]

    The operating word is Some examples: legally, they don't say that the list is exhaustive and that they don't collect information any other way. So the long list of nice looking collection is just a decoy!

    --
    FairSoftware.net -- iPhone dev jobs for geeks by geeks

  3. User Consent ... by neonprimetime · · Score: 5, Informative

    Story says...

    This, of course, is without user consent or control.

    But From Palm Infocenter, they say

    Palm's own "Terms and Conditions" statement, along with their Privacy policy, detail that Palm basically maintains it has the right to indefinitely collect, process, store and share this information. Users must accept this multipage collection of fine-print waivers and disclaimers in full during the initial device setup process before being able to utilize the device.

  4. Re:Boycott by Ogive17 · · Score: 5, Funny

    It would be easier to keep track of the companies that have NOT screwed over the customer.

    I'll get back to you if I can think of one.

    --
    "Action without philosophy is a lethal weapon; philosophy without action is worthless."
  5. Apps installed OK, crashes OK, location - HELL NO! by wowbagger · · Score: 5, Interesting

    OK, I can see sending what applications are installed and what crashes have occurred given the user's explicit permission - I allow my Ubuntu boxes to participate in the "popularity contest" wherein what apps I install are (anonymously) logged, and I will frequently send crash reports to help get the cause of the crash fixed.

    In both of those cases *I* decide if it happens, and I was informed of the data being uploaded.

    But automatically reporting my GPS locations - HELL NO!!!

    Yes, the Pre is a phone - as such it MUST, BY LAW be able to report its location to 911 (here in the US, natch). My phone (which is NOT a Pre) has been configured to turn GPS off for anything OTHER than E911. If I found out that it was NOT abiding by that selection - that it was sending position data to anyone other than E911 - then not only would I be terminating my cell contract, I would be filing suit against the makers of the phone AND the cell carrier.

    Again, I can see why Palm would want apps installed and crash data - but WHAT DAMN BUSINESS is it of theirs to know position?!?!

    --
    www.eFax.com are spammers
  6. Re:Oh no! Automated Dr. Watson by Nazlfrag · · Score: 5, Informative

    It's not just crash data. It sends that too, but it also uploads your GPS coordinates daily along with the app use data (what you've used and for how long) according to TFA. It's customer profiling, not bug testing.

  7. Re:Boycott by keithjr · · Score: 5, Informative

    Seems like the only phone you'd be able to buy with this requirement would be an OpenMoko device. Maybe an Android phone if it's mostly open source.

    Closed source and closed hardware devices mean these little surprises will continue to happen.

  8. Re:Oh no! Automated Dr. Watson by digsbo · · Score: 5, Informative

    Wrong. The cell id (tower identifier) is available from the GSM module without knowing the GPS coordinates. In fact, with multiple local towers, you might incorrectly guess which tower is being used based on lat/lon, since they may handover (pass your call from one tower to another) for a variety of reasons, including capacity.

  9. Re:Yea, and.... by rm999 · · Score: 5, Informative

    "Hell, I thought all phones did this anyway"

    Running the GPS on a phone eats up the battery, I wouldn't assume any phone company would be purposefully sabotaging the battery life of its own products to piss off its customers.

    And tracking of cell phones has come up in the past, and is generally quite controversial: http://www.insidetech.com/news/articles/2299-controversial-study-tracks-movement-via-cellphones

    I honestly don't know why Palm thought it could get away with it without some outrage. Especially when it has such a steep hill ahead of it already.

  10. TFA Text by AceJohnny · · Score: 5, Informative

    Woops, looks like /. is hammering the server. Here's a copy of the text (as of now):

    I've been taking a closer look at the WebOS side of my Palm Pre tonight, and I noticed that it periodically uploads information to Palm, Inc.

    The first thing sent is intended to be my GPS location. It's the same location I get if I open the map app on the Pre. Not very accurate in this case, but I've seen it be accurate enough to find my house before.

    { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

    Here they can tell every WebOS app I use, and for how long.

    { "appid": "com.palm.app.phone", "event": "close", "timestamp": 1250006362 }
    { "appid": "com.palm.app.messaging", "event": "launch", "timestamp": 1250006422 }
    { "appid": "com.palm.app.messaging", "event": "close", "timestamp": 1250006446 }

    It sends the above info on a daily basis.

    2009-08-10t09:15:10z upload /var/context/pending/1249895710-contextfile.gz.contextlog ok rdx-30681971
    2009-08-11t09:15:10z upload /var/context/pending/1249982110-contextfile.gz.contextlog ok rdx-31306808

    There is also some info that is recorded when a WebOS app crashes. Now, I've seen WebOS crash hard a time or two, but it turns out apps are crashing fairly frequently behind the scenes, and each such crash is logged and a system state snapshot taken. At least some of these are uploaded, though if things are crashing a whole lot it will be throttled.

    2009-08-09T17:01:22Z upload /var/log/rdxd/pending/rdxd_log_59.tgz OK RDX-30246857
    2009-08-09T17:05:36Z upload /var/log/rdxd/pending/rdxd_log_26.tgz OK RDX-30249465
    2009-08-09T17:09:11Z upload /var/log/rdxd/pending/rdxd_log_56.tgz OK RDX-30252374
    2009-08-09T17:11:46Z upload /var/log/rdxd/pending/rdxd_log_70.tgz OK RDX-30253958
    2009-08-09T17:16:29Z upload /var/log/rdxd/pending/rdxd_log_67.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:17:28Z upload /var/log/rdxd/pending/rdxd_log_51.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:20:40Z upload /var/log/rdxd/pending/rdxd_log_21.tgz ERR_UPLOAD_THROTTLED_DAILY

    Each tarball contains a kernel dmesg, syslog, a manifest.txt listing all installed ipkg packages (including third-party apps), a backtrace of the crash, a df (from which they can tell I'm using Debian on the phone), and ps -f output listing all processes owned by root (but not by joey).

    The uploading is handled by uploadd, which reads /etc/uploadd.conf:

    [SERVER=rdx]
    RepositoryURL=https:///palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https:///palmcsext/RDFileReceiver

    [SERVER=context]
    RepositoryURL=https:///palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https:////palmcsext/RDFileReceiver

    The "HOST" this is sent to via https is ps.palmws.com.

    My approach to disable this, which may not stick across WebOS upgrades, was to comment out the 'exec' line in /etc/event.d/uploadd and reboot. However, then I noticed a contextupload process running. This is started by dbus, so the best way to disable it seems to be: rm /usr/bin/contextupload

    BTW, since Palm has lawyers, they have a privacy policy, which covers their ass fairly well regarding all this, without going into details or making clear that the above data is being uploaded.

    --
    Misleading titles? Inflammatory blurbs? Keep in mind that Slashdot is a tabloid.
  11. Re:Yea, and.... by Anonymous Coward · · Score: 5, Funny

    Isn't it great how the courts can ask Motorola where you are but you can't?

    You just need to sue yourself and then ask Motorola for the location of your phone so that you can serve legal documents to yourself.