This is going to end well, and no one will be upset about this. Also, everything I said in that last sentence is probably wrong.
When Debian developer Joey Hess started tinkering with webOS, he noticed that it was sending something to Palm once a day. Surely, Palm wasn’t sending anything too potentially incriminating without making it blatantly obvious to the user, right? Wrong.
Joey tore apart the data the Pre was transmitting, and there it was, smack dab at the top of the page:
{ “errorCode”: 0, “timestamp”: 1249855555954.000000, “latitude”: 36.594108, “longitude”: -82.183260, “horizAccuracy”: 2523, “heading”: 0, “velocity”: 0, “altitude”: 0, “vertAccuracy”: 0 }
That was Joey’s position at the time the data was sent, accurate to the same degree that the Google Maps application was.
Also included was a list of every application Joey used, along with how long they were used for (as measured by “launch” and “close” parameters), along with crashlogs. Last but very much not least, it also sent a manifest file of all applications installed on the phone – including third-party applications not authorized by Palm. All of this data is sent to ps.palmws.com.
For some crazy reason, people don’t really like having this sort of information sent back to the mothership without their explicit consent. Palm knows this, of course, and has their bases covered in their privacy policy:
Location Based Services. When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience.
The latter part of that sentence, “in order to provide location based and related services”, makes perfect sense – you open Google Maps, and it needs to find your location. Sure. Then they tack “enhance your device experience” onto the end, essentially giving them full reign to send your data wherever the hell they want as long as it potentially makes the experience better.
Of course, Palm’s privacy policy could say that they have the right to punch you in the face and light your shoes on fire, and no one would notice. Even the most anal of gadget users don’t tear through EULAs and privacy policies before booting up their device. When it comes to location tracking and device activity, you must alert the user and specifically request permission. If you don’t, you are spying, plain and simple. Regardless of what Palm is doing with this data, the user needs to be completely aware that it is being sent.
Furthermore, why would Palm need this data? It’s not for marketing reasons; you know where I bought my phone. It’s not for technical reasons on the carrier’s end, such as network load balancing – the towers are already fully aware of who’s in each cell.
Palm, your privacy policy opens by stating “Our goal is to help you make informed decisions about the personal information you share with us.” If thats the case, you’re doing a pretty terrible job.
You can see a full list of what is being transmitted here.
Update:
Palm has since issued a statement on the matter:
Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off. Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.
We’re not sure what method of toggling data collection they’re talking about, unless we’re missing something tucked deep away. In the end, however, they still fall back on their privacy policy.
[Via IntoMobile]
All your base are belong to us. We knowz where live you.
http://atlas.mapquest.com/maps/map.adp?searchtype=address&formtype=address&latlongtype=decimal&latitude=36.594108&longitude=-82.183260
People still use mapquest?
What’s a mapquest?
BTW, remember that “information wants to be free” thingie? Yeah.. these days they’re acoming back to bite us.
http://www.economist.com/sciencetechnology/tq/displaystory.cfm?story_id=13725679
We need Yauba or Tor to make a privacy safe phone and put an end to all of this snooping nonsense.
As consumers we need to stand up and finally say that we are not going to take it any more and that we do not want to live in 1984.
Go to hell Palm, Google, CIA and Big Brother.
“It’s not for marketing reasons– you know where I got my phone.”
I seem to think it is for marketing reasons. They can construct personality and consumer profiles based on what type of apps you use and the types of neighborhoods you frequent.
I wouldn’t worry too much about privacy. It’s not as if a human being is actually sitting there reading the data and saying, for example, “hmm, it seems that Prince Momar likes to hang out at the Red Light District 4 nights a week, let’s drop and dime on him and tell the Princess.”
Unless I bribe someone there $50 for the information. Once you have a collection infrastructure for that kind of data, it tends to get abused in a lot of unforeseen ways at all levels.
No, no human is reading it… Just our national TLAs… Three Letter Agencies. I’m quite sure they’re not staffed by real people. But when the simulacrum delivers the Patriot Act secret warrant to Palm, what do you think is going to happen?
Businesses and governments cannot be trusted to not abuse any information they’ve got.
Isnt there a good brothel there?
it’s not like mobile users will be shocked – your mobile carrier knows tons more than that, but palm’s PR people should be transparent about that usage data, whether it’s anonymized and what it ’s used for.
well isn’t that just McWonderful?!
That is not cool. I was actually considering getting one of these things.
Me too. But shouldn’t we assume that every phone does this? Has anyone torn apart the iphone to prove that they are not doing this?
I’m just going to assume that they are too.
Nice job calling Palm out on this!
ditto. Thanks to Joey Hess for finding out about this. I do not like Palm to know where I am.
It’s like holding the Patriot Act in the Palm of your hand!
LOL
Dobro!
Nice one, I must agree
I see what you did there.
You win the comments!
Yes sir, we have a winner! Best comment I’ve read all hour.
I swear evil is just another word for corporation.
“Thou shan´t be evil” ,Google 13:24
^ idiot
^ teakettle
Best Lede ever. Sprint is gonna fry for this one.
I seriously doubt the average person is going to care…
I was thinking more in terms of the FCC. They’ve just been collecting reasons to investigate the telcoms. This seems like it could be a big one.
Hahah, that’s a huge bug. Sprint/Palm gots some splainin’ to do.
I don’t understand what the big deal is? So what if they use the data to improve device/user experience? That’s a good thing. Right?
It’s a great thing – but it’s gotta be opt-in.
Or, at the very least, opt-out. From what I read above, there is no way to disable this.
the google opt-out village is an option for you in that case.
My god. Hasn’t anyone at Crunchgear or anyone here actually power on a Pre and try one out before? It’s very very very very explicit in the initial setup of the device that YOU have to enable this, and YOU have to agree to this or you won’t be able to use location based services. (and you have to agree to Palm’s terms and coniditions).
As someone who has walked about 200 people thru the initial setup of a Pre, this is something explained to every Pre owner at the time of purchase. You can use the phone without allowing location based services and or enabling auto locate. You however, can not use the phone without agreeing to Palm’s T&C’s and THAT is your option.
Uh… that sounds more like a waiver than an option.
Yes! Perhaps they should install a camera outside your house as well.
It’s not an Apple, so that’s ok, nobody cares.
I’m not really cool with this, just like I wasn’t cool when the iPhone was phoning home, but it’s not really a huge deal. The real issue I had with Apple was that they were supposedly transmitting your IMEI, which is personally identifiable. Although, I suppose that your location (most commonly where you live or where you work) is somewhat identifiable, but seriously, does anyone really think they can carry a cellphone and still be off the grid?
So, I’m willing to give Palm a pass, only if they can provide good reasons why this information is useful for delivering a better user-experience. I doubt that case can be made.
Simple you want to know restaurants or services local to your position. I still think this should be opt-in or opt-out but I can see some uses for it.
Big James
Link please for iPhone “phoning home” information. I’m not aware of this…
I guess the Pre couldn’t read my mind, like the ad said it would.
You’re missing the best potential uses. I can’t wait for the day an app crashes and the user gets a text message:
“Operation failed. Please move 50 feet to the North and try again.”
:D
Hmmmmm… When I used to work for the government I don’t believe my employer would have considered it OK for some random company to track my location like that. Just sayin’…
Good point.
Indeed, how many government and military people own this phone. How easy would it be for some underpaid Palm employee to give this info to terrorists, etc. for some big cash?
Very interesting post.
By the way, every time I boot up my MacBook Pro, Snitch tells me that it dings an apple server – from the logs on those servers, they could see all sorts of things, including my IP address and some sense of location based on that.
Cellphones by their very nature are locatable while in signal range. But this data the Pre is sending home seems to be way over and above the call (excuse the pun) of duty!
WHAT Apple server? You’d expect it to check for software updates, ntp syncing, stuff like that. Nothing too shocking there, then.
Yeah Apple can do no wrong! God forbid.
MIcrosoft does the same thing for Windows Updates. Please troll only where it makes sense kthxbye.
And I was worried that Google knew too much about me lol.
Is this info personally identifiable? If not, then what’s the big deal?
I’m sure Google knows more about all of us than this
Of course it’s ‘personally identifiable’. If its calling home on a regular basis then they can not only tell where you are but where you spend most of your time (ie: Palm owner’s home) over the last X days.
A quick search on the address (or more sinister: drive to the address) will tell you who lives at the location. From there pretty much all your info is in their hands (credit report, spouse, kids, etc).
Yeah but… Even without a Pre, anybody could drive by *any* house and do the same. Besides, no offense, but you’re probably not an interesting enough person to go through the trouble. I know I’m not.
Well I may not be ‘interesting’ enough (I’d prefer that I’m not to Palm ;) ) but the fact is that using this, Palm (or Google) knows the exact location of every Palm Pre user.
I’m sure there are quite a few more ‘interesting’ Palm Pre users who could easily have their privacy violated..
Is this before or after using a location-based service? If you read Google’s ToS, it clearly states that it may report your location back even when you’re not using any apps that use it… which is why I haven’t downloaded any location-based services.
If it is still reporting my location even after I said no, then I am going to be pretty angry. It was bad enough when I realized how many apps use this stupid feature unnecessarily. They could just as easily store a cookie such as your zip code for weather rather than broadcasting your exact coordinates.
yes personally identifiable.
Targeting… targeting…
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=36.594108,+-82.183260&sll=37.0625,-95.677068&sspn=47.301626,114.169922&ie=UTF8&ll=36.59411,-82.183159&spn=0.000736,0.001742&t=h&z=20
Somebody get Bin Laden this phone STAT!
I like the girl in the bikini sunbathing on the roof.
This article could use some more descriptions of Soap Opera filming techniques. Then it would ROCK.
Seriously though, just turn the phone off right before it sends the data. No sweat.
Sweat. How would an average person know when the phone sends the data? What if it sends data at different times each day? What if it is programmed to continue to attempt to send data unless and until the data gets through? Is you suggesting people keep their phones of for a couple of hours a day?
You have a PhD?
Yes, that is exactly what I’m suggesting. Or, when you notice the phone beginning to send your information, plop it into a bag made of tinfoil.
I think it phones home when you switch on your phone. So I guess you will be stuck with an infinite loop of switching the phone on and off.
Oh god, here go the Birthers!
I’m more worried that they will see users using “unapproved Palm apps” then kill those apps through updates etc.
The fun will begin when Palm (or Apple, or Google) starts selling the data. For example, your company wants to know where the salespeople are for its competition? The logs show where, when, how long. How about finding out if MSFT is meeting with a company to do a merger? Quick, buy that stock!
The phone company has this info too. It’s just a matter of time before the info is sold as “business intellegence.”
And imagine a devious President keeping track of where key journalists are and who they meet with. Deep Throat secretly blowing the whistle on Watergate? Can’t happen in the Brave New World. Welcome to 1984.
Is this serious?
Yeah of all the ways you could be tracked by the government, your random smartphone is the one they’ll choose.
Just throw on a tin-foil cap and protect yourself from all of this no problem.
yes, there is an option to turn off background data collection. it’s found via the giant glossy icon labeled ‘Location Services’. The setting description states the following: “Allows Google to automatically collect anonymous location data to improve the quality of location services”.
Assuming this is the same data that Joey Hess detected being sent, then 1) users can turn this off 2) presumably it is sent to Palm first then forwarded to Google.
That setting has always been there. It was one of the first things I turned off the day I got the Pre.
thanks for the Location Services tip. I had turned this off when I got my first Pre…which then turned into a brick. they replaced it, but was so concerned with just getting the dang thing to work properly the second time around that i forgot about changing this setting.
Thanks. I was about to respond with the same thing because two non-Pre friends emailed me this and another related article link almost simultaneously.
Palm is trying to make you feel important enough to monitor.
I’m shocked… just SHOCKED!!!… to see this bunch of iPhone fanboys misconstrue this issue to bash a worthy opponent to their “Jesus phone”.
If you REALLY want to read a QUALITY blog, check out Engadget’s position on this issue. Much more neutral, and *GASP* riddled with common sense.
GASP. I carry a Palm Pre.
I wouldn’t associate quality with engadget, if you cant smell the shit they are spinning then I guess you are better off sticking with them.
It sounds useful for me.
Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off
No they don’t take it very seriously. People install Google Maps with the awareness that it will look at their location to give them a map.
An average user of a cell phone doesn’t think their phone contacts the manufacturer and tells them their location. For Palm to say “well you can turn off GPS” is bogus — it makes the phone pretty much useless. What Palm should do is provide a way to give access to getting the GPS to each individual application.
And I can’t wait for Palm to be subpoenaed in a divorce case for when the woman wants to know where her husband was on the night of July 22nd.
Exactly.
And you have to wonder how long they keep their logs too.. Google for example holds their logs for 9 months from what I’ve read (and I believe it used to be 18 month retention till recently).
It’s the new portable black box like the one in your car that monitors movement to set off your airbag. This device is being subpoenaed in courts by DA ; http://www.foxnews.com/story/0,2933,90673,00.html
How long before your location based services phone records are requested? Soon, I am sure
yes Apple is evil, but the rest of the boys on the block are idiots.
They try to beat the iPhone by fucking the users?
Wow just pulled from youtube a real nice way to use a pod cast for profanity. You think you will ever trust this guy again I mean the host not the one that is getting cursed at?
http://www.youtube.com/watch?v=t0nr2sQdmtw
Do you think this guy needs to have advertisers after this maddness?
I’m sure other phone companies know exactly where there phones are, especially the ones on contract as they are technically not yours.
hang on, the privacy policy states that the device will send location data back to the mother ship and the phone does exactly that.
So whats the problem?
Its not Palms fault is the users don’t real the EULA.
“When it comes to location tracking and device activity, you must alert the user and specifically request permission. If you don’t, you are spying, plain and simple. ”
.. this is utter utter nonsense. I say again the EULA states what is gonna do so why on earth should Palm push the fact once again.
Just read the EULA plan and simple. If you dont then you are opening yourself upto things that you may not like but that’s your fault no one elses.
… and and by the way ive never read a EULA in my life. If some software does something I don’t like or my Blackberry phones home and I don’t like I should have read the EULA.
If you like these kind of stories so much why don’t you investigate why, when I create a web site using iWeb on the Mac and use my own domain (i.e. I publish via FTP) why does the site phone home to me.com? I dont have an me.com account, I could not xare less about me.com but my web site seems to like speaking to it. Frankly I dont care why its contacting me.com.. but you might as it give you a chance to write another non story.
That is all.
By the way if any of you use iWeb and you own domain (publishing via FTP) did you know that your web site will phone home to ME.com?
Greg.. there’s another story for you.
This is not nice of Palm. But (almost) every location request on the iPhone is also handled by Apple’s skyhook servers, which handle > 200 Million requests/day. On average they know a lot more than once a day where you are. (Not only when using LBS apps, but also when taking a photo, for example).
People wake up!
Its a cell phone, they know where you are at all times anyways. They’d have to, anytime you have a signal, duhh! If you feel that antsy about it, drop the Pre and go get a $20 pre paid phone and toss it when you use the minutes. This is just the age we live in, information is ever present, on everything!
So get over it or get out the way!
Um, no.
Whilst a normal cell phone can give away your approximate location, it’s only by means of triangulating signal strength from various cell towers, and only when done *specifically.* The Palm volunteers *explicit* locations. Automatically.
In addition, the regular cell phone doesn’t dime you out for apps loaded, and apps used. That, actually, is more freaky to me than the locatation service.
I prefer the iphone. Tons more decent apps like Problem Halved.
Problem Halved is a cool app. It helped solve my problem with my stepdad.
It’s a trash collector who came up with the idea. Genius idea. Wish him well.
They’re so clever at the NSA! They think of everything. Such smart nice young men!
This is frightening stuff! Great article though :)
ha. Ha. HA. HAHAHAHAHAHAHA!!! All you Palm Pre fanboys who have been trashing the iPhone for the past two years can suck it. Seriously. This is the best news I’ve read this week.
The iPhone has its flaws, but this is just goddamn priceless.
Own a Pre…
I find I just… don’t care all that much. Every App Download states that it uses Location Services to gain your position. A person, can put 2+2 together and figure out that, hey! Palm Profile (that asks you when you first boot the phone up, unless your Sprint Rep was stupid and went through that set up themselves) also tells you it uses Location Services.
Slow news day, was it?
Apple fanbois are priceless. Jump at anything to beat down a competitor to your jesusphone.
You can turn the feature off…real easy. This is such a non-issue that it’s funny.
As for the info they collect? Do you think about that everytime you fire up your google chrome browser? I mean..talk about data collection.
OH MY GAWD! Palm wants to know what apps I use!!! Hmm, could it be that they want to see what folks want and use so they can make sure more apps like that show up on the store?
Calm down…..