Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they checked out last weekend. Other apps know users’ body weight, blood pressure, menstrual cycles or pregnancy status.
Unbeknown to most people, in many cases that data is being shared with someone else: Facebook.
The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed.
At this point, none of this should surprise anyone anymore. Still, this particular case involves applications without any Facebook logins or similar mechanisms, giving users zero indiciation that their data is being shared with Facebook. These developers are using Facebook analytics code inside their applications, which in turn collect and send the sensitive information to Facebook.
Other than retreat to a deserted island – what can we even do?
Unfortunately I don’t have a WSJ account to read the full article. From the summary this sounds like behaviour that’s in direct contravention of the GDPR. This is much more than a legal issue, but the GDPR at least provides a clear-cut baseline for acceptable privacy levels, which these apps don’t seem to be fulfilling.
I have some sympathy for app creators, who feel their work can’t be competitive unless they stuff in analytics, sharing, advertising, etc. Hopefully this will change as it becomes increasingly socially unacceptable to do this.
As a side-note, hidden in the WSJ’s privacy policy it says they use Adobe, Google, Nielsen, comScore and Parse.ly analytics and their products send data to Facebook, Google, LinkedIn and Twitter. They also send data to Vidora. Is that any better?
At least with the WSJ there data sharing is listed for those so inclined to look for it, and increasingly I think people are starting to pay attention to these things, but more pertinently – for me at least – is that I won’t be sharing personal information with the WSJ.
As you say, as things like GDPR take hold, and as more attention is paid to what is happening (has happened) to our privacy online, perhaps consumers will start to see a value in paying an upfront and appropriate amount for apps rather than developers use tracking and advertising as income streams. Or perhaps a subset of consumers, the more tech’ savvy ones, will look at ways to continually minimise their digital footprint.
Yes, I hope consumers do see that value, and that business models change in the way you describe as a result. Unfortunately I’m not confident, because the importance of privacy is hard to appreciate until someone abuses it. Your second scenario of tech-savvy users finding alternatives and workarounds, seems more likely (you could say this is where we are already), but I’m not keen on the digital segregation this can cause either. It seems like a sad price to have to pay.
A more detailed summary of the story’s also up on Engadget in case you don’t want to register with the WSJ: https://www.engadget.com/2019/02/22/facebook-data-sharing-body-weight-period/
Thom’s usual narative: “Ooohhh we’re all slaves, there’s nothing we can do, we must submit to our corporate overlords and get used to it, oooohhh poor, defenseless us…”
The mentality of a slave. If you think like a slave, you will live like a slave.
spambot,
You’re the only person who has used the word “submit” or anything to that effect, here.
There’s a yuge difference between saying “how can we disconnect from the system”, compared to “we must submit”. Yuge.
Did you even read the post? It’s the very same old song that Thom always sings about issues like that, and it goes something like this: “Oh, we shouldn’t even be surprised, we should just get used to it, it’s hopeless”, etc. etc.
Which is vomit-inducing to read to anyone who actually has a spine.
Given everything you’ve said, it would be interesting to hear your take: what do you think are the sensible things people can do to avoid these kinds of privacy violations? Because I totally agree with you about the need to stand up for privacy, and unless people are given clear alternatives, Thom’s response will be a reflection of what most people think.
Indeed. There’s a massive difference between saying you aren’t surprised about something and claiming that you’re okay with it.
I avoid services like Facebook like the plague they are, and any app I find is sharing my data is immediately uninstalled from my phone and given a bad rating with an explanation. However, I’m under no illusions that this is changing the way the average consumer thinks. To them it’s gimme gimme gimme, with no thought to the price they’re paying for that “free” app. What I do is helping *me*, but my campaign of one won’t do a darned bit of good if I’m the only one doing it.
spambot,
Yes, I read the post. The word “submit” was not used, nor any sentiment to that effect. The phrase “We should just get used to it” is not used, nor any sentiment to that effect. I mean, you have absolutely failed to quote any actual text of the actual post.
Noticed a while back that my PayPal account is linked to FB since I use the same email address for both. The scary part is that I can make a PayPal payment on FB without entering my PayPal password.