I was recently having a conversation with someone in which I pointed out that everything I did was being tracked on my HTC EVO if I was unrooted. Of course, the question of what the big deal was came up.
I should mention right now that I'm not a paranoid privacy freak. My internet handles and my name have been known since around 1990. I've been a victim of credit card fraud twice due to security breaches at a company I used my card at and phone fraud once (no idea), but I don't think these were due to hackers breaking into my phone or computer and invading my privacy.
What makes me respect the absolute requirement for privacy and security on my HTC EVO 3D is that I worked at a dotcom several years ago. I know what happens to your data after it leaves you.
Part of my job used to be to set up email accounts on seed domains, and then register those email accounts on various affiliates to see how much spam would get to you if you entered a contest, signed up for a newsletter, requested more information, etc.
The answer, in case you didn't know, is with few exceptions: way, way too much, usually with a porn site spamming you within two to four months. The more information about you they have generally, the more targeted spam they send – both postal and email.
The alleged Accuweather issue is far worse than the CarrierIQ issue, but it doesn't seem to be getting much play as it's not a public repeatedly-denied Sprint issue. People are attempting to dismiss the claims of privacy invasion as frivolous.
Accuweather is the perfect example of something that seems fairly harmless at first glance. "Oh, it gives my exact location to Accuweather to get the weather. What's the big deal?" The big deal is that it does this with or without your knowledge at various times of the day. Let me tell you what advertisers can get out of this:
- Your home and work addresses
- Your probable name (what junk mail goes to that address)
- Your income (public records if you're a government employee)
- What hours you work (where are you 9-5)
- Marital status
- When your home is most likely empty
- What you paid in property taxes/what your place is worth
- What stores you shop at
- Internet connection at home or work
- Guess at an email address based on IP information
- How old you are
- Whether you go to church
- Whether you've visited a sex club, adult store, etc.
That stuff's right there when you know someone's location.
"But wait, Company X is a reputable company and they wouldn't give this information out." Sure, I don't believe Accuweather is the great Satan, and I don't think they're going to compile this information. I also don't believe that a company that transmits your exact location unencrypted over the internet for purposes of getting a city-level lock to provide you with weather and time information can be trusted to handle their own security.
They sell your information for use in an advertising network already. How soon before one of their advertisers resells or loses it?
Corporate espionage is a fairly common occurrence. Data breaches happen so often that the news stopped reporting on most of them. You just get a notice in the mail every now and then.
So let's assume some user's tracking data is going to be completely stolen and resold on the open market. That will be recompiled into a much more targeted and precise profile on you, which will be sold to anyone who pays for it. The Accuweather information is an advertiser's wet dream. It's also the wet dream of any criminal or stalker looking to know anything about you.
The question is not whether Accuweather will lose the data; it's when and how they will lose it. It's very easy to hold on to your data when nobody knows you exist or how useful the information you collect is. It becomes much harder once that's brought to light.
I'm not calling for death to Accuweather either. I'm betting there'll be a fix issued shortly by HTC if just so they can dismiss the potential class action lawsuit on the EVO 3D and 4G. All I'm doing is calling for people to recognize what is a threat (every move you make transmitted to a random company using no transmissions security) and what probably is isn't.
Eh, it's just my $0.02.