I'll have the super large bucket of popcorn
it's not yet clear how many reside in California
I expect that data is available from IBM ... For a price.
The Weather Channel app duped users into providing location data that the company then sold for advertising and other commercial purposes, according to a lawsuit brought by Los Angeles City Attorney Mike Feuer. The complaint, filed in Los Angeles Superior Court on Thursday, alleges that the mobile application, owned by IBM's …
21 - Never place friendship above profit.
39 - Don't tell customers more than they need to know.
52 - Never ask when you can take.
60 - Keep your lies consistent.
74 - Knowledge equals profit.
87 - Learn the customer's weaknesses, so that you can better take advantage of him.
199 - Location, location, location.
The world of mobile apps is pretty much a privacy cesspool, and if you just assume that any data an app has access to will be sold to third parties, you'll be correct far more often than not. This is why I strongly resist installing and using apps, and when I do install and use an app, I make sure that it's firewalled off so that it can't send any data anywhere.
Sadly, this problem is getting more frequent in the desktop world as well.
Yes, but it requires you to root your device. Root your device (or, even better, replace the ROM with a plain Android install), then install AFWall+. That application is just a front end that allows you to easily configure iptables (which is part of Linux and so already exists on your device) to perform firewall operations. You can easily set up rules on a per-app (or global) basis, so you can set what apps get to use what interfaces.
By default, I don't allow any apps to communicate out. I'll make certain exceptions, though (such as the web browser), but even then I set up the rules so those apps are only allowed to talk through my VPN.
If you're extra ambitious, you can also do what I do with the VPN -- I run my own VPN server, which funnels all of the traffic from it through my firewall and router at home as well, where I can implement even more sophisticated defenses.
But how do you separate surveillance communications from app functionality? If the app makes an SSL connection "home" to function, there is likely no way to filter out the privacy data included in that stream. How many apps function without connectivity somewhere? Very few these days.
Surveillance stuff’s usually done by advertising SDKs linked to the app that do separate HTTP calls - it usually isn’t piggybacked onto functional requests. So that stuff can be filtered out in your VPN. When in doubt, route the traffic through something like Charles Proxy. If you don’t understand what you see, ditch the app!
And yes, that’s a lot of work. It’s easier to live with a small set of curated apps. It’d be nice if there was a list somewhere that did privacy ratings, and was kept up to date.
There's a world of difference though between "Hi Weather App, I would like to know the weather at postcode SW1 1AB" once or twice a day (whether you're there or not), and the app reporting your exact GPS co-ordinates, available WiFi networks and visible mobile phone towers three times a second, to people or companies you don't even know of.
Not really. All of these companies just get their feeds from the NWS (weather.gov), which you can use directly itself. If you want it on your phone, it is https://mobile.weather.gov. No ads, spying, etc. You just give them your city and state or zip code, and you get the weather for the nearest station.
The nearest station to my zip code is at Lat: 38.72°N, Lon: 77.18°W, Elev: 69ft, about 5 miles away.
So any weather app asking for any location data that is more accurate than that is complete bullshit.
Internet data pilfering and misuse, an expectation of fail.
After we finally eliminate prostitution, we can make this go away as well.
On the other hand, it does seem to be recession proof and always in demand.
We'd just like it NOT to be a primary flaw of our major companies.
"IBM defended TWC's disclosure practices. "The Weather Company has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously," the company said in an emailed statement.
IBM can use Facebook's latest (vigorous) defense of deflecting blame by pointing out other slurp-happy app developers that are doing the same thing.
(As if that makes it OK)
"We also wanted to note that many companies offer the types of services you cover in the report and, like Facebook, they also get information from the apps and sites that use them in a similar manner. Amazon, Google and Twitter all offer login features."
#qoute taken from Facebook's response to Privacy International (PDF)
I've been seeing a lot of "defending vigorously" in the news lately.
Doing a quick web search for "vigorously defend" gets several hits (including several others from FB)
"vigorously enforcing our policies to protect people’s information"
"The lawsuit is utterly without merit and we will defend ourselves vigorously,"
"claims have no merit, and we will continue to defend ourselves vigorously".
"“We believe this complaint is without merit and we will fight it vigorously.”
I understand that this is a lawyer speaking, but that is a really nice way of saying that THE APP LIES.
A lie is a lie, whoever says it, and I am (again) disappointed at the sheer amount of effort people go to to avoid saying the word.
And the lawyer in question did it right this time, by stating things truthfully. The app did not lie, I.E. it did not say "We don't send your location data to the highest bidder, the second highest bidder, and on down the list." Instead, it said something along the lines of "Your location is required to retrieve weather information from your area". That falls under lying by omission, perhaps, but it is more correct to say what that was, which was an attempt to mislead without outright lying. I don't know whether the privacy statement had lies or just buried the truth in a bunch of hereunders. However, the last thing we need is for a word that doesn't imply in the strict dictionary definition to be the cause of a failed case to protect users' rights.
It will be better for IBM to not get its brand-name tainted, all for this silly app. Large corporations, governments, non-profits, etc. rely on IBM to be trustworthy. If they fail, they should just own it, slaughter the culprits, quickly, and move one. The longer they fight it the more they will look like FB. And customers will challenge them all the time. I hav a lot of respect for IBM as an entity and I have worked in security long enough to know that these mistakes occur but one needs to correct the mistakes and move on. I'd have said, 'Oh shit, we will fix it, and here is $20M for your city, used for buying IBM stuff (at full price, and we get a tax break), and lets smile for a photo-op and thanks for helping us. We love you for how you have helped us and make us a better IBM. Thank you.'.
Is trying to copy the success of "The Weather Bug", which has successfully slurped user data for years and got away with it despite being classified as malware by many AV and AM utilities. Who wouldn't be tempted after watching WeatherBug stomp all over people for years, and still the victims go "MORE MORE"!! Every since AWS Convergence Technologies, Inc , the root company has changed its name and been bought out, and acted like a changeling. No wonder TWC was so tempted!
Biting the hand that feeds IT © 1998–2020