Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Settles With Android Developer In Data Exposure Case

Posted by Unknown on from the privacy-is-mandatory dept.

Trailrunner7 writes with some good/bad news concerning Android and privacy. Quoting the Threatpost article: "In a landmark move, the Federal Trade Commission has settled charges it brought against the maker of a P2P file-sharing application that the commission alleged included unfair default settings that caused users to unknowingly share photos, videos and other personal data. The settlement with FrostWire LLC may well be an indication that the federal government is going to be taking a hard look at the way developers set up their apps and what users know about the data they collect and share." The settlement is pretty light: they have to change their defaults and give everyone affected an upgrade. FTC involvement in this is interesting: on the one hand people were unknowingly exposing private data; on the other hand, is FTC regulation of something like this a good thing? In the case of Free Software who does the FTC sue? How would they enforce any rulings?

36 comments

  1. Re:unknown lamer = libertard by Anonymous Coward · · Score: 0

    Yes, this wouldn't be /. if the summary didn't spot libtards a starting point.

  2. People torrent on their mobile phones? by Haedrian · · Score: 1

    What a waste of limited bandwidth and battery life...

    Or am I missing some very large good idea behind it?

    1. Re:People torrent on their mobile phones? by c0d3g33k · · Score: 1

      Using the built-in WiFi capabilities of the mobile phone and publicly accessible and open WiFi access points to torrent in a way that doesn't point to their home internet connection so they aren't part of the next RIAA/MPAA fishing expedition?

    2. Re:People torrent on their mobile phones? by DutchUncle · · Score: 1

      Wouldn't it just point to their mobile phone instead, which is contracted to a real name and credit card / money? As opposed to using an open access point with a limited-use netbook that has a MAC address but no personal data?

      which, now that I think of it, is an excuse to go buy another toy . . .

    3. Re:People torrent on their mobile phones? by melstav · · Score: 1

      Wouldn't it just point to their mobile phone instead, which is contracted to a real name and credit card / money?

      Not directly. And in many cases, not at all.

      A smartphone that has been connected to a WiFi network will default to sending ALL internet traffic over WiFi instead of the cellular network. So, it'll be just like your netbook.

      So, if the RIAA/MPAA wanted to file a "John Doe" lawsuit based on torrent tracker records, they'd see that the public IP used on the connection was on the network owned by, say, AT&T. They serve AT&T with a subpoena, and find out that, at the time in question, that IP was assigned to "Mom & Pop Coffee Shop".

      At this point, they either name the owner of "Mom & Pop Coffee Shop" directy in their lawsuit and call it good, or they contact them and demand records on who that IP was assigned to.... Records which probably don't exist. In which case, they'll probably say "fuck it" and name the coffee shop in the suit anyway.

      The larger chains that contract to third-parties to manage their customer-pointing WiFi (like Starbucks) may actually retain those MAC address records (and email addresses, if their capture page collects them)

  3. This regulation is what the FTC is for. by fortfive · · Score: 1

    Or government should be for generally. Ideally, government aggregates and applies the collective will and power of the people, for the good of the people, in those instances where individuals acting individually have little to no effect.

    Not that the recent supreme court decision about binding arbitration runs counter to this principle.

    1. Re:This regulation is what the FTC is for. by englishknnigits · · Score: 1

      Just hope that the few people in the FCC appointed by someone who was elected by 23% of the population knows what people want, knows what is good for people, and is willing to carry it out. I have a problem assuming any of those points are true which is why I'm not in favor of regulations like this unless they apply to monopolies/oligopolies which we shouldn't have in the first place (in most, if not all industries).

    2. Re:This regulation is what the FTC is for. by tehcyder · · Score: 1

      Just hope that the few people in the FCC appointed by someone who was elected by 23% of the population knows what people want, knows what is good for people, and is willing to carry it out. I have a problem assuming any of those points are true which is why I'm not in favor of regulations like this unless they apply to monopolies/oligopolies which we shouldn't have in the first place (in most, if not all industries).

      Yeah, fuck regulations and fuck elective democracy, let's just base everything on who's got the most firepower.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  4. Re:unknown lamer = libertard by bonch · · Score: 2

    He said "libertard," presumably referring to libertarians. Questioning government intervention would be the opposite of liberal policy. You anonymous trolls can't even get your politics straight.

  5. Re:would this be the same government... by GrumpySteen · · Score: 2

    The main purpose of the FTC is to protect consumers. This is what they did.

    The company in question was accused of misrepresenting what their software does and fraud charges were filed so that a judge to could decide whether the company was guilty or not. The company settled out of court rather than face the judge, which is a fairly strong indication that they knew they were guilty.

    This didn't involve any new regulations, no new powers were granted. Nothing has changed. The FTC did the job that they were created to do and nothing more.

    But, of course, certain people believe anything the government does is nefarious. I'm sure you never drive on highways, either, because the DoT is a government agency and anything they're behind is automatically evil, right? And you've removed the seat belts and air bags that the DoT requires, too, yes? And you've replaced the DoT required laminated safety glass windshield with ever so breakable plate glass in the car that you never drive on the road, right? And you don't use the internet, because it came from a government funded project. And I'm sure you wish there as no FDA with it's nasty regulations because you long for the days of Upton Sinclair's "The Jungle" since rancid butter and tuberculosis infected beef is so goddamn tasty.

  6. Fine grained bans by dargaud · · Score: 1

    I don't know how the iPhone does it, bur on Android we REALLY need a way to disallow some permissions for each applications. I mean, you install a photo retouching app or music player and it asks for full internet access, full flash card access, GPS position, camera and whatnot. I want the RIGHT to tell the app: 'no, you can't access the net' and not in a way that the app can understand and refuse to work, more in a way 'there's currently no connection'. Come on, it's not that hard to understand and not that hard to do.

    --
    Non-Linux Penguins ?
    1. Re:Fine grained bans by Anonymous Coward · · Score: 0

      I don't know how the iPhone does it, bur on Android we REALLY need a way to disallow some permissions for each applications. I mean, you install a photo retouching app or music player and it asks for full internet access, full flash card access, GPS position, camera and whatnot. I want the RIGHT to tell the app: 'no, you can't access the net' and not in a way that the app can understand and refuse to work, more in a way 'there's currently no connection'. Come on, it's not that hard to understand and not that hard to do.

      This exists for rooted users in Cyanogenmod.

    2. Re:Fine grained bans by Anonymous Coward · · Score: 0

      I don't know how the iPhone does it, but on Android we REALLY need a way to disallow some permissions for each applications.

      That's easy: it doesn't. There is one thing you can set permissions for on the iPhone: your GPS coordinates. If you forbid an app your GPS coordinates, it's limited to using your cell tower to get your location, which is only accurate to a few 100 meters instead of about about 10.

      Other than that, with the iPhone it's all permissions, all the time. Apple knows best, after all.

      For what you're talking about on Android, all you need is a custom distribution. The features are already built-in to the kernel, you just need a distro that allows you to use them. I can't remember which distros do, mind you, because I don't really bother running random software on my phone.

    3. Re:Fine grained bans by Hotweed+Music · · Score: 0

      Grab the latest CyanogenMod, go to Settings->CyangonMod Settings->Applications->Check "Permissions Management"

      Then you can disable single, "shady" permission through Settings->Applications->Manage Applications. Scroll to the bottom and click off any permission you don't want the app to use.

      But keep in mind, it's experimental.


      (also, "it's not that hard to understand/do" is a massive understatement)

    4. Re:Fine grained bans by Altus · · Score: 1

      Actually you can turn off location services entirely for an application and it cannot get your rough location from cell towers. I have done this with the google plus app and, since it isn't horribly written, it simply disables the features which are location based.

      --

      "In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson

    5. Re:Fine grained bans by javelin682 · · Score: 2

      Stericson (the guy who makes busybox, metamorph and such for android) has an app to do this. You need root of course, but here's a link to the app on the market: http://goo.gl/orhTq

    6. Re:Fine grained bans by contrapunctus · · Score: 1

      sounds like you want an iPhone. when an app calls for your location, you get a pop up window: [application] wants to use your current location. Don't Allow or OK

    7. Re:Fine grained bans by Anonymous Coward · · Score: 0

      Sounds like Windows Vista.

    8. Re:Fine grained bans by scot4875 · · Score: 1

      Good thing the *only* permission someone might be interested in denying is the location service, otherwise iOS might not be suitable for every person's needs.

      --Jeremy

      --
      Jesus was a liberal
    9. Re:Fine grained bans by geekoid · · Score: 1

      Talk to the developers. It's a developer issue, not a platform issue. If you want a platform that locks down everything, I hear Apple has some sort of phone.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    10. Re:Fine grained bans by LordLucless · · Score: 1

      That's exactly what I wouldn't want, and not what the OP asked for. He didn't ask to have to click "allow/deny" with every action an app took, he asked to be able to deny permissions at install time on an individual basis, instead of an "all or nothing" one.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    11. Re:Fine grained bans by woodsbury · · Score: 1

      I don't really understand why this is something people want so badly to be honest. Even if I could deny permissions to an app, do I really want to give business to someone who is clearly making a Trojan of some description. If a photo editing app is asking for permissions for things it really shouldn't (okay, I can think of reasons why a photo app would want what you said, but I'm speaking more generally here) then it kind of draws into question whether the app is actually any good or the developer is just trying to data mine everyone or something. Give your business to the app makers that don't require almost every permission to be installed and hopefully the developers will realise people aren't just going to accept anything anymore.

    12. Re:Fine grained bans by Lord_Jeremy · · Score: 2

      You can also disable the location access for each app individually in the global device settings page.

    13. Re:Fine grained bans by tehcyder · · Score: 1

      I don't know how the iPhone does it, bur on Android we REALLY need a way to disallow some permissions for each applications. I mean, you install a photo retouching app or music player and it asks for full internet access, full flash card access, GPS position, camera and whatnot. I want the RIGHT to tell the app: 'no, you can't access the net' and not in a way that the app can understand and refuse to work, more in a way 'there's currently no connection'. Come on, it's not that hard to understand and not that hard to do.

      Go and write the software yourself if you're that fucking paranoid..

      You do not have a RIGHT to expect someone else's software to do exactly what you want, how you want it.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    14. Re:Fine grained bans by tehcyder · · Score: 1

      Yeah, it's tremendously useful for all us undercover agents, spies and fearless battlers against the New World Order to be able to hide our locations from The Man whilst still being able to enjoy Angry Birds.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    15. Re:Fine grained bans by tehcyder · · Score: 1

      I thought on slashdot we only ran programs that we had compiled ourselves from the carefully scrutinised source code anyway?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    16. Re:Fine grained bans by Asic+Eng · · Score: 1

      I think that's available on CyanogenMod: permissions management.

    17. Re:Fine grained bans by JustSomeProgrammer · · Score: 1

      If I am paying money for it I do.

      This is where feature requests come from. People saying how they would like the device to work. This is how developers learn to iterate on the correct features and make the application better. Developers who ignore feature requests as pathetic whining usually don't do so well.

  7. Yes by geekoid · · Score: 1

    Yes, the FTC regulating this is a good thing; no doubt many poster will blow this way out of proportion.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  8. Re:would this be the same government... by Synerg1y · · Score: 1

    OP reminds me of...

    Remember google buzz and all the privacy issues?

    http://www.minyanville.com/businessmarkets/articles/google-google-buzz-google-lawsuit-google/11/4/2010/id/30935?page=full

    When you do things for users with your applications that compromise their personal data, and don't let them consent to it, then your software has a problem. Do you realize the line for a coder between app that messes with you and app that works ONLY as it should is very grey?

  9. We don't need the FTC by Anonymous Coward · · Score: 0

    The FTC is mostly lawyers and many of them go on to work as lobbyists for the companies they are charged to regulate. What kind of track record do they have for enforcing privacy policies?

    Some of my favorites are Comcast who has a "protocol agnostic" network policy yet they block specific ports. Another is Cisco and Microsoft who maintain IP "reputation scores" and blacklists yet they won't tell people why they get put on the lists. Comcast went so far as telling me "it doesn't matter what our privacy policy says, you aren't getting the information." Of course these policies are enforced by TRUSTe who hired one of the FTC attorneys who helped set up the program.

  10. Who to sue by Anonymous Coward · · Score: 0

    In the case of free software, it depends on who made the privacy infringement. Did the copyright holder configure the default like that? If yes, sue him. If not, go down the chain until you find the bastard. You'll probably find a package maintainer next. Free software != Anonymous software. Unless your mailbox is on mailinator of course, in which case you track down the distributor (Linux distro people) to kick the package out of their system.

  11. Re:would this be the same government... by tehcyder · · Score: 1

    I'm more than capable of securing my own systems and have been doing so since the 1970's. Their involvement in the process *cannot possibly* benefit me.

    Yes, because all laws are created purely on the basis of the benefit they provide to you, Mr AC personally.

    --
    To have a right to do a thing is not at all the same as to be right in doing it