Tag: Privacy Policy

The dangers of certain apps or how to put your whole life out there

Finding love, one data breach at a time.

Finding love, one data breach at a time.

One of my past flatmates was actively looking for love online. Besides having registered in several websites for that end, I remember he also had several mobile applications (apps) installed in his Smartphone. I think he actually subscribed pretty much anything that even remotely could help him find love but outlined Tinder as his main dating tool.

Another of my closest friends is a jogging addicted – shout out P. He has installed on his Smartphone various apps which enable him to know how much steps he has made in a particular day, the route undertaken, and the heart rate via external device, which enables him to monitor his progresses.

What both of my friends have in common? Well, they actually use mobile apps to cover very specific necessities. And in this regard they can rely with almost anybody else.

Indeed, it is difficult to escape apps nowadays. Now that everyone (except for my aunt) seems to have a Smartphone, apps are increasingly popular for the most diversified purposes. For my prior flatmate it was all about dating. For my friend, it is to keep track of his running progresses. But their potential does not end there. From receiving and sending messages, using maps and navigation services, receiving news updates, playing games, dating or just checking the weather… You name a necessity or convenience, and there is an app for it.

On the downside, using apps usually requires to provide more or less personal information to the specific intended effect. Something that has become so usual that most consider as a natural step, without giving it further consideration.

In fact, a detail that most seem to be unaware of, apps allow for a massive collection and processing of personal – and sometimes sensitive – data. In fact, the nature and the amount of personal data accessed and collected raises serious privacy and data protection concerns.

For instance, in the case of my abovementioned flatmate, who was registered on several similar apps, and considering that he did not create fake accounts nor provided false information, each of them collected at least his name, age, gender, profession, location (enabling to presume where he worked, lived and spend time), sexual orientation, what he looks like (if he added a picture to his profiles), the frequency of his accesses to the app, and eventually the success of his online dating life.

In fact, in Tinder’s own words:

Information we collect about you

In General. We may collect information that can identify you such as your name and email address (“personal information”) and other information that does not identify you. We may collect this information through a website or a mobile application. By using the Service, you are authorizing us to gather, parse and retain data related to the provision of the Service. When you provide personal information through our Service, the information may be sent to servers located in the United States and countries around the world.
Information you provide. In order to register as a user with Tinder, you will be asked to sign in using your Facebook login. If you do so, you authorize us to access certain Facebook account information, such as your public Facebook profile (consistent with your privacy settings in Facebook), your email address, interests, likes, gender, birthday, education history, relationship interests, current city, photos, personal description, friend list, and information about and photos of your Facebook friends who might be common Facebook friends with other Tinder users. You will also be asked to allow Tinder to collect your location information from your device when you download or use the Service. In addition, we may collect and store any personal information you provide while using our Service or in some other manner. This may include identifying information, such as your name, address, email address and telephone number, and, if you transact business with us, financial information. You may also provide us photos, a personal description and information about your gender and preferences for recommendations, such as search distance, age range and gender. If you chat with other Tinder users, you provide us the content of your chats, and if you contact us with a customer service or other inquiry, you provide us with the content of that communication.

Considering that Tinder makes available a catalogue of profiles of geographically nearby members, among which one can swipe right or left, according to each one personal preferences, with the adequate analysis, it is even possible to define what type of persons (according to age, body type, hair colour) users find most attractive.

And because Tinder actually depends on having a Facebook profile, I guess that Facebook also gets aware of the average climate of your romantic life. Mainly if you start adding and interacting with your new friends on that platform and, why not, changing your status accordingly.

In the specific case of Tinder, as it mandatorily requires to be provided with a certain amount of Facebook information in order to ensure its proper functioning, these correlations are much easier for this app.

Thus said, a sweep conducted by 26 privacy and data protection authorities from around the world on more than 1,000 diversified apps, thus including Apple and Android apps, free and paid apps, public sector and private sector apps, and ranging from games and health/fitness apps, to news and banking apps has made possible to outline the main concerns at stake.

One of the issues specifically pointed out referred to the information provided to the users/data subjects, as it was concluded that many apps did not have a privacy policy. Therefore, in those cases, users were not properly informed – and therefore aware – about the collection, use, or further disclosure of the personal information provided.

It is a fact that most of us do not read the terms and conditions made available. And most will subscribe pretty much any service he/she is willing to use, disregarding what those terms and conditions actually state.

Nevertheless, a relevant issue in this regard is the excessive amount of data collected considering the purposes for which the information is provided or how it is sneakily collected. For instance, even gambling apps, such as solitaire, which seem far more innocuous, hide unknown risks, as many contain code enabling the access to the user’s information or to his contacts’ list and even allow to track the user’s browsing activities.

This is particularly worrisome when sensitive data, such as health information is at stake. This kind of data is easily collected through fitness orientated apps, which are quite in vogue nowadays. Besides any additional personally identifiable information which you will eventually provide upon creating an account, among the elements which most certainly are collected, one can find: from the name or user name, date of birth, current weight, target weight, height, gender, workouts frequency, workout settings and duration of your workout, heart rate. Also, if you train outdoors, geo-location will most certainly enable to assess the whereabouts of your exercising, from the departure to the arrival points, which will most probably coincide with your home address or its vicinities.

And, if you are particularly proud of your running or cycling results, and are willing to show up to all your friends in what good shape you actually are, there is a chance that you can actually connect the app to your Facebook and display that information in your profile, subsequently enabling Facebook to access the same logged information.

And things actually get worse when considering that, as demonstrated by recent data breaches, it seems that the information provided by their users is not even adequately protected.

For instance, and if I remember it well, due to a security vulnerability in Tinder – that apparently has been already fixed – it seemed that there was a time where the location data, such as longitude and latitude coordinates of users were actually easily accessible. Which is actually quite creepy and dangerous, as it would facilitate stalking and harassment in real life, which is as bad as it is happening online.

Anyway, it is actually very easy to forget the amount of data we provide apps with. However, the correlations that can be made, the conclusions which can be inferred, the patterns that can be assessed amounts to share more information than what we first realise and enables a far more detailed profile of ourselves than most of us would feel comfortable with others knowing.

A spy in your living room: ‘Tu quoque mi’ TV?

How smart are you?

How smart are you?

So, it seems that the room we have for our privacy to bloom is getting smaller and smaller. We already knew that being at home did not automatically imply seclusion. Still, nosy neighbours were, for quite a long time, the only enemies of home privacy.

However, thicker walls and darker window blinds no longer protect us from external snooping as, nowadays, the enemy seems to hide in our living room or even bedroom.

Indeed, it seems that when we bought our super duper and very expensive Smart TV, we actually may have brought to our home a very sneaky and effective – although apparently innocent – spy.

As you may (or may not) already know, TV with Internet connectivity allow for the collection of its users’ data, including voice recognition and viewing habits. A few days ago many people would praise those capabilities, as the voice recognition feature is applied to our convenience, i.e., to improve the TV’s response to our voice commands and the collection of data is intended to provide a customized and more comfortable experience. Currently, I seriously doubt that most of us do look at our TV screens the same way.

To start with, there was the realization that usage information, such as our favourite programs and online behaviour, and other not intended/expected to be collected information, are in fact collected by LG Smart TV in order to present targeting ads. And this happens even if the user actually switches off the option of having his data collected to that end. Worse, the data collected even respected external USB hard drive.

More recently, the Samsung Smart TV was also put in the spotlight due to its privacy policy. Someone having attentively read the Samsung Smart TV’s user manual, shared the following excerpt online:

To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. (…)

Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

And people seemed to have abruptly waken up to the realization that this voice recognition feature is not only directed to specific commands in order to allow for a better interaction between an user and the device, as it also may actually involve the capture and recording of personal and sensitive information, considering the conversation taking place nearby. No need to be a techie to know that this does not amount to performance improvement. This is eavesdropping. And to make it worse, the data is transferred to a third-party.

In the aftermath, Samsung has clarified that it did not retain voice data nor sell the audio being collected. It further explained that a microphone icon is visible on the screen when voice activation was turned on and, consequently, no unexpected recording takes place.

Of course you can now be more careful about what you say around your TV. But as users can activate or deactivate this voice recognition feature, my guess is that most will actually prefer to use the old remote control and to keep the TV as dumb as possible. I mean, just the idea of the possibility of private conversations taking place in front of your TV screen being involuntarily recorded is enough motivation.

Also, it should be pointed out that, considering the personal data at stake (relating to an identified or identifiable person) involved, there are very relevant data protection concerns regarding these situations. Can it simply be accepted that the user has consented to the Terms and Conditions on the TV acquired? Were these very significant terms made clear at any point? It is quite certain that there users could not have foreseen, at the time of the purchase, that such deep and extended collection would actually take place. And if so, such consent cannot be considered to have been freely given. It suffices to think that the features used for the collection of data are what make the TV smart in the first place and, therefore, the main reason for buying the product. Moreover, is this collection strictly necessary to the pretended service to be provided? When the data at stake involves data from other devices or other wording than the voice commands, the answer cannot be positive. And the transmission of personal data to third parties only makes all this worse as it is not specified under what conditions data is transmitted to a third party or who that third party actually is. Adding to this, if we consider that these settings mostly come by default, they are certainly not privacy-friendly and amount to stealthily monitoring. Last but not the least, it still remains to be seen if the proper data anonymisation/pseudinonymisation techniques are effectively put in place.

Nevertheless, these situations brought back into the spotlight the risks to privacy associated with personal devices in the Internet of Things era. As smart devices are more and more present in our households, we are smoothly loosing privacy or, at least, our privacy faces greater risks. In fact, it is quite difficult to live nowadays without these technologies which undoubtedly make our lives so much more comfortable and easier. It is time for people to realize that all this convenience comes with a cost. And an high one.

The not so privacy orientated new privacy policy of Facebook

Am I really in charge?

Am I really in charge?

Following all the criticism regarding the complexity of its terms of service and privacy policy, and allegedly in order to get more people actually reading and understanding the terms which must be agreed on for the use of the service, Facebook has announced, last month, an update (yes, again) of this privacy policy. But this time it is a visually clearer, shorter, linguistically simplified and more understandable version. If you have a Facebook user account, you certainly have already received a notification regarding this update, which will enter into force on the 1st January 2015.

In a section entitled ‘Privacy Basics’, users are told how to control what is to be shown to others, how they might interact with others and what may be shown in their news feed, how to control the visibility of their profile, and how to deactivate or delete their account. This new policy even includes a childlike assistant to guide users through these explanations.

On the terminological side, ‘public information’, which was previously defined as “the information you choose to make public, as well as information that is always publicly available“, is now defined as “any information you share with a public audience, as well as information in your Public Profile, or content you share on a Facebook Page or another public forum”.

However, not much changes, actually. Indeed, this more user friendly appearance does not really give users more control over their data. In fact, it does not give much. Users might control their data regarding others but Facebook and its commercial partners are certainly not included in the concept of ‘others’. The reading of the data policy regarding the type of data which is collected and the use of such data is quite self explanatory in this regard.

To be sure, the users’ settings haven’t been changed. Nevertheless, on a positive note, the user gets now to better understand how Facebook tracks its users. For instance, it is specified that Facebook may collect location information from users on its mobile apps through GPS, Bluetooth or WiFi networks.

In this regard, although users can decline or opt out of sharing information with third party applications or for targeted advertising purposes, which are based on their browsing habits off of the network, they have no control regarding the information that is collected and shared. To be true, no changes were made regarding how much data Facebook collects from its users.

In fact, Facebook has entire access to all the information made available about their users, both provided by users themselves while updating their profiles and by their friends. Moreover, Facebook can use this information namely to provide and develop its Services (yes, with a capital letter) and to promote and evaluate successful advertising. Unless entirely unconnected from the platform, as it does not suffice to close the tab, Facebook is therefore able to access all information provided in websites or applications which use its Services, gathering data on websites visited by its users and their behaviour on those websites. It will be, for instance, the case of Instagram or Whatsapp.

Likewise, as Facebook now accepts payments to be made on the platform, it can use information people share regarding their purchases and financial transactions to better target advertisements. For example, according to the update, the company collects information on each purchase, including payment information such as credit or debit card data, account authentication information, billing, shipping, and contact details. In addition, users are not given the option to control what information is being used for advertising purposes.

Furthermore, users can customize their ads preferences in order to make the advertisements which are shown to them more relevant. Therefore, a user will be able to decide whether or not to see advertisements based on a peculiar interest. While most users may appreciate this new option, the main beneficiary is ultimately Facebook itself as it allows advertisers to differentiate among successful and irrelevant ads. However, it must be noted that users will still not be able to control the data collection resulting from targeted advertising, but only to control how much targeted advertising is presented to them.

What is more, Facebook continues to get location information in order to allegedly present more relevant information regarding, for instance, friends or restaurants nearby. As you may know already, if you at some point read the previous version of the terms of service, advertisements were usually presented based on the location listed in a user’s profile. Facebook now proposes to enable advertisers to target users based on their actual location.

Thus said, Facebook has always been associated with issues regarding its privacy policy and terms of service, which were always deemed to be too complex for the common user. However, I believe that this complexity was not the main cause why most of its users are not aware of the use purposes of their data. My experience tells me that, disregarding how simple they are, and contrary to their best interests, not many people will actually read any terms and conditions of any service. Similarly, these updates on the terms and conditions will certainly not be read by many. And for those who will, it will surely not make them turn away from the social platform.

Facebook is already a very relevant part of its users’ lives, businesses and online interactions. Perhaps most users have accepted that, beyond being a space where friends and family can interact, it is primarily a business intended to deliver effective advertisements by using the information provided by its users. Or perhaps people just don’t care.

Nevertheless, it must be noted that the consent given by users do little in regards of their privacy. Individual consent is rarely exercised as a meaningful choice. And by ‘meaningful’ I mean with awareness and understanding of the implications and consequences of their consent.

Either way, the outcome is as follows: while people continue to use Facebook to interact with their family and friends, Facebook is not the product. Users are.

Uber – How much privacy are you willing to sacrifice for convenience?

Let's rideshare all your data?

Let’s rideshare all your data?

Ahhh how convenient it is to need a ride and to immediately have a car and a rider at our disposal at the distance of a click on our mobile phone… We used to call a taxi cab. Now it is much cooler: it is up to Uber.

Uber is a San Francisco headquartered company which specialized in the ridesharing services, made available through a Smartphone application. The very particularity of the service is that it does not own any car nor hires any driver. Indeed, Uber is a platform which is intended to put drivers and riders in touch, thus allowing for people having a car to make some extra money and for people who don’t to actually have at their disposal cheaper rides and to select the most suitable ride, among the several models nearby.

If you live in a city where the service is not available, you certainly already know it better from the protests held, a few months ago, by taxi drivers and taxi companies, in some capitals where it was implemented, which qualify it as an anticompetitive business.

Competition matters aside, the Uber business model is built upon customers personal data – which is information that could reasonably be used to identify them – and, therefore, raises privacy and data protection issues which cannot be ignored.

Indeed, in order to develop its customized services, Uber collects and processes a humongous amount of personal data from its customers, such as their name, e-mail address, mobile number, zip code and credit card information.

In addition, certain information – such as the browser used, the URL, all of the areas visited, and the time of day – may be automatically or passively collected while users visit or interact with the services. This data is referred to as ‘Usage Information’. In parallel, the IP address or other unique device identifier (for the computer, mobile or other device used to access the services) is collected.

Tracking information is also collected when the user travels in a vehicle requested via Uber services, as the driver’s mobile phone will send the customer’s GPS coordinates, during the ride, to its servers, including, but not limited to geographic areas. It is important to note that currently most GPS enabled mobile devices can define one’s location to within 50 feet!

This geo-location information is actually the core of the Uber business as it enables users to check which drivers are close to their location, to set a pick up location, and to ultimately allow users wishing so to share this information with others.

The amount of information regarding habits and movements, locations, destinations, workplaces, favourite social spots, which can be concluded from a user’s trip history and from the geo-location data tracked through mobile devices, is as a matter of fact quite surprising… and impressively accurate.

For instance, back in 2012, in a post entitled ‘Ride of Glory’ which is no longer available in its website but is greatly reproduced elsewhere, Uber was actually able to link rides taken between 10pm and 4am on a Friday or Saturday night, followed by a second ride from within 1/10th of a mile of the previous night’s drop-off point 4-6 hours later, to ‘one night stands’.

I suppose that this outcome makes most of us feel quite uncomfortable… One thing is for our whereabouts to be known. Another, quite different, is the conclusion which can be drawn based on that information.

Most of us do not really think about the implications of randomly giving away personal data. We easily sign up for supermarket value cards in order to get discounts over our grocery bills, thus allowing the retailer to track our purchases and consumption habits.

Besides being – at the very least – very unpleasant to have our sex lives revealed by the details of our rides to home, there is indeed a wide room for concern considering Uber’s policy and recent practices.

Uber has a very broad privacy policy to which users actually give their consent when they download its app. Indeed, it establishes very few limits to the use of the collected data. According to its policy, Uber can use the ‘Usage Information’ for a variety of purposes, including to enhance or improve its services. In fact, to attain that goal, Uber may even supplement some of the information collected about its customers with records from third parties.

Quite recently, it announced an “in-depth review and assessment of [its] existing data privacy program”. Certainly this willingness to change does not go unrelated to the comments of a senior executive suggesting Uber was planning to hire a team of opposition researchers to dig up dirt on its critics in the media, referring specifically to a female journalist, which were received with a wave of strong criticism.

Of course, this could have merely been a distasteful and off-the-record (because being off the record makes it all better) comment made in a fancy dinner party which does not represent the overall position of the company.

However, right afterwards emerged the rumour according to which Uber’s internal tool called “god view”, which shows the real-time location of vehicles and customers who have requested a car, as well as access to account history, is easily accessible for employees without rider’s consent. As a matter of fact, it was employed to access and track a reporter’s movements.

These facts cause little surprise to those who already are familiar with Uber’s very own promotion methodologies, some of which consisting, at launching parties, to feature a screen showing in real time where certain customers were.

This pattern is a sharp reminder of the risks at stake when giving away our personal data for convenience. And the information revealed by the amount of data made available, randomly, through an application on our mobile, tablet, computer or similar devices.

Imagine now, for instance, that you have a specific condition which requires frequent visits to a hospital or a specialized medical centre and that Uber would be able to conclude what is your health status as easily it did regarding the user’s nightly romantic encounters.

I hope that this situation will lead to the adoption of a very strict privacy policy which will end up elevating the privacy standards for the entire related-industry.

But considering all this, I must ask: how much privacy are you willing to sacrifice for your convenience?

Ello! Here to stay?

Ello, the new kid on the social networks' block.

Ello, the new kid on the social networks’ block.

It must come as a surprise, as I am writing openly on a blog, but I am not the most sociable person in this online world. In fact, my online interactions are mainly limited to an increasingly left aside Facebook account, some comments written here and there in blogs posts or news that particularly interest me and this recently created blog.

Regarding Facebook, I don’t log in as often as I used to. And truth is I find it less interesting in each visit due to the ad-filled pages and the endless requests from friends to play games. Not only am I trying to spend more time offline, but I also find the whole concept of sharing (showing off?), following, liking and commenting bits of others people’s lives very tiring at times. I recognised that is mostly due to a bad management of my account. As I realized recently, I don’t even know that well 90% of my friends and I honestly couldn’t care less about their lives, worries or interests.

However, it is an undeniable source of information regarding feedbacks on the most various subjects, through the specific groups and communities created. Moreover, it has enabled me to find lost friends and to keep in touch with friends and family members living abroad, without having to spend hours on the phone or Skype. In that context, it makes possible for people to share moments and to be part of each other’s lives in a way that would be very difficult otherwise. Besides, it has allowed me to know better people with whom I weren’t that close, making me grow fonder of them or, instead, killing any good impression I might have once had.

Nonetheless, I am more and more driven to more traditional means of communication, for instance gathering and talking. I intend to spend only meaningful time online, namely engaging in rewarding conversations with people who share the same interests as me.

So, when I first heard about the new social networking platform everybody was talking about, Ello, my first question was: what is the point of it? My second thought was: it won’t last. The history of social networks is full of unsuccessful chronicles: Friendster, MySpace, Diaspora or AppleSeed, just to mention a few. The secret for Facebook lasting so long is its most relevant feature: one can actually find almost everybody there and it feeds people’s curiosity and egocentric tendencies.

In Ello’s current Beta phase, you have to receive an invitation from a registered user in order to access the platform and each user can only send up to five invitations. This not only compels users to carefully select future friends but it avoids as well a sharp and fast expansion of the network which would threaten its normal management. However, it will be just a matter of time for it to lose its restricted nature…

Having received an invitation to join Ello, I succumbed to curiosity and created an account… just to see what the fuss was all about!I was not looking for another social network to be in but I was willing to replace Facebook with one platform that would allow me the same benefits without being so annoying.

Regarding the registration act itself, I must point out that identical user-names are not allowed. When I tried to use my real name, it was rejected, both in the integral and partial version of it, because someone else had taken it previously. As a result, I had no option but to pick up a pseudonym. I would have preferred to use my real name, regardless the fact that it might bring identity confusions.

The direct consequence of this is that, if someone wants to add a friend, he or she needs to know what his or her username is. The use of pseudonyms made up just for the registration act makes difficult to find friends on the platform. On the bright side, it certainly helps to keep undesirable wannabe friends away. But it is nevertheless ironic, considering all the buzz surrounding Facebook real names policy, who affected people preferring to adopt pseudonyms. While I don’t believe that Facebook’s policy is unrelated with the recently announced ad network Atlas (which I will address in a future post), I must say that I am not convinced either by Ello’s policy. Google Plus, for instance, had a similar policy and dropped it. However, the same policy regarding user-names is successfully applied in Twitter or Instagram…

Anyway, what is Ello really about? Well, as any other social network platform, it is intended to enable the connection and the sharing of content among users. However, it comes with the promise that user’s data won’t be sold for marketing purposes and paid advertising won’t be allowed.

Regarding the design itself I wasn’t expecting anything special, really. As long as it wasn’t bluish, I would be flexible. I enjoyed the monochrome concept; however I have found the design exaggeratedly minimalist and not very user-friendly. Somehow, knowing that it has been created by artists and designers, I was expecting more creativity.

One feature that struck me negatively is that all the information displayed in each profile is public within the website’s community. Of course, I am fully aware that Facebook itself is far from being the gatekeeper of privacy or a paradigm for any other value. It suffices to remember the sneaky privacy changes or the ones made to please the users, the experiment conducted on users data, and the removal of campaign post-mastectomy photographs or pictures of women breastfeeding considered obscene. More recently, there is the polemic ad network called Atlas. But, I mean, it is a business and profit is its aim. No surprise there. As it is commonly said: if you are not paying for it, you are the product. Proper information and transparency on how, what and why things are done are, in my opinion, the main issues. Nevertheless, I enjoy the apparent privacy regarding the ability to share information among a pre-selected group of friends.

On Ello, users can unilaterally add ‘friends’ (as for acquaintances whose lives they are interested in) and ‘noise’ (as for random popular users) who may be followed through a newsfeed-like menu. It is fairly easy for users to delete their Ello account if they want to opt out of the service. However, one must be aware that it is an irrevocable action and the content will be lost forever. So dramatic!

In an ‘wtf’ section, one can find some elements intended to introduce Ello to the new user. In this regard, its manifest is quite engaging as it reads as follows:

Your social network is owned by advertisers.
Every post you share, every friend you make, and every link you follow is tracked, recorded, and converted into data. Advertisers buy your data so they can show you more ads. You are the product that’s bought and sold.
We believe there is a better way. We believe in audacity. We believe in beauty, simplicity, and transparency. We believe that the people who make things and the people who use them should be in partnership.
We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce, and manipulate — but a place to connect, create, and celebrate life.
You are not a product.

Having navigated around the platform for a little while, I must admit that advertisements were nowhere to be seen. So far, so good… However, despite being a hopeless romantic, the new starry-eyed concept of online celebrating life failed to convince me.

To start with, it is unclear how the website will make money. Let’s not forget that other social network platforms, like Facebook or Tumblr, similarly started without advertising but, profit being intended, it was not a workable business model. According to Ello, profit will eventually come from special features that will be offered against a small amount of money (well, if they are paid for, it is not an offer anymore, just saying…) in order to customize users experience. This is not a new concept: it is called Freemium business model and is used by Evernote, for instance. That makes sense and it is utterly acceptable. After all, Ello has to capitalize somehow. Nevertheless, if the number of users continues to increase, I have serious doubts that those little charges will be sufficient to run the servers.

What is worrying, instead, is that, according to some provisions of its Privacy Policy, Ello is not everything it claims to be.

Although it might have escaped to the most distracted and laziest of us (not everybody reads the privacy policies) , Ello does collect users personal information, namely information about what pages are access, about the device used, information that is send to it directly or post on its web site, and the address of web sites that refer the user. It stores as well the name and e-mail address that users register with. In addition, Ello collects and stores an anonymized version of users IP address and of Google Analytics to gather and aggregate general information about users behaviour, although it offers the option to opt-out of Google Analytics and commits to respect “Do Not Track” browser settings. It states also that it may use or share anonymous data collected for any purpose.

Although Ello reiterates that it won’t sell information about users to any third party, including advertisers, data brokers, search engines, or anyone else, it may share some of the personal information with third parties under several circumstances. Users consent, legal compliance and the fulfilling of contracts requirements celebrated with third party services providers are among the exemptions foreseen.

It is quite strange that, while considering unethical the collecting and selling of personal information for advertising purposes, Ello broadly collects user data for non-advertising ends. Moreover, it establishes the sharing of user data as a rule, and not as an exception, considering the abstract nature of those foreseen.

Bearing in mind that advertising can be very positive as it provides useful information regarding products and services that users may be interested in, I am not sure that this is the biggest of their concerns. Indeed, the door is left open for privacy violations that come along with online tracking. Furthermore, anonymisation of the data does not ensure that, in subsequent matches, an individual won’t be identifiable. Additionally, Ello doesn’t give any guarantee regarding the deletion of information stored in backups when content posted or a personal account is deleted. As for the foreseen possibility of sharing information with future affiliated companies, it just means that the data collected and stored by Ello will be made available for businesses to which users have not delivered their data to.

Only time will tell if Ello is here to stay… But considering the above-mentioned devil in the details, one may conclude that privacy  just seems to be the newest marketing slogan, regardless if it is ensured in fact or not.

© 2017 The Public Privacy

Theme by Anders NorenUp ↑