"Analytics
Our iOS application can send analytics to our analytics providers: Segment and Amplitude. We do not track or store any personal information in our analytics. Instead, we ask Apple to generate a unique deviceID which we use as a unique token for analytics purposes. Our analytics are 100% anonymous."
I feel like a unique ID isn't enough to protect your identity from an analytics provider, especially if they're receiving analytics on you from multiple sources.
Exactly. They just have to correlate device type & OS version & IP address & date/time to have a pretty good idea of which other apps (& their “unique” IDs you have).
The more they do it the more they can narrow it down, until they reach the point where they have a set of IDs that only ever come from the same device/version, IP address as well as very similar times of day.
No, because we've designed protection against collecting IP address, device type and OS. We don't use any SDK from Segment, Amplitude, or any third party analytics. Our iOS app only sends a device UUID, an event name (user:opened:app) and some event properties (not personal information). Someone should feel free to reverse-engineer our network requests to confirm what I'm saying.
Also, let's talk about IP address.
We have a CloudFlare worker that sits between our app and our analytics proxy (which role is to send data to Segment). And this worker from Cloudflare is a piece of code that removes the user ip address from the request made to our proxy, hosted on Heroku.
How can I confirm what you are saying is true regarding the IP address, other than taking your word for it (I heard that worked great with Facebook)?
Why does your privacy policy mention third-party analytics then? Why do you mention “Segment sends the data to Amplitude” in another one of your comments if you claim here that you don’t use any third-party analytics service?
Also, just wondering - why do you need to send anything in the first place? People have been building software just fine for decades before this whole “analytics” plague started going around, and I didn’t notice software quality being improved by it (if anything software has gone significantly downhill).
1/ What do you mean confirm what I'm saying for the IP address exactly?
2/ I said we don't use any (mobile) SDKs from 3-parties analytics, but we do use their backend (Segment, Amplitude). We send the requests from our anonymous proxy directly to their servers.
I was worried that mobile SDKs would leak other data (iOS version, device size, ...) that I don't want to know about. And as a general rule we don't like to use SDK/code from 3parties for security reasons.
3/ We use analytics to track how many users are using the app, and how many users are using the cleaning features. This data does help us to make strategic decisions.
1) I mean how can I prove what you’re saying is true as a user? As far as I’m concerned the app is sending a packet to a domain name you control. Nothing guarantees me this is actually a Cloudflare server running your code to remove my IP address. Ten years ago I would’ve just trusted you, but in today’s day and age where everything tries to stalk you in one way or another with full impunity, trust no longer exists.
2) Good thinking!
3) Doesn’t the App Store give you stats on how many people downloaded their app?
Also I’m concerned about “strategic decisions” - so it’s a business behind this app then. What’s the business model? Last time we had a business claiming to unsubscribe you from newsletters... turns out they were actually sharing data with marketing companies, so I’m rightfully concerned.
1/ I’m thinking about ways to have trustable 3-parties audit us. Open for more ideas. What do you think?
3/ yes, unroll.me made the wrong calls. But for Jumbo we can’t even access your data, everything happens client-side. You could say that at some point the client will upload all your to our cloud, but that’s really not going to happen. Again, here, how to trust us? First, audits. Second, my reputation. Third, independent researchers would reverse engineering our app, and look at the networks call made. Open for more feedback
Our business model is the one of Dropbox. Pay (you or your employer) for more features.
1) your idea would probably be a lot more costly (you have to pay for the audit after all) and even then some people still wouldn’t trust it. Maybe just design your product in such a way that there’s nothing to audit? People have built software & successful businesses around that for decades without the “analytics” cancer, so please don’t tell me that you can’t do the same.
If your model is a good old “pay for good software” model, then why not just ask what features people want? Why do you feel the need to stalk what people do instead of politely asking?
And where does Segment send it to? My experience with Segment is that it's not an analytics tool, but rather a tool that provides a single API for sending data to your fifteen different analytics tools.
I'm wondering what ID they use?
If its identifier for vendor[0] then Segment (or any other analytics providers) would have more trouble connecting the dots to figure out who the person is. This is because per vendor, the ID changes.
If its the advertiser identifier[1], they can track across apps, however this is an easy fix by enabling "Limit Ad Tracking" in settings, which causes the ID to be all 0s.
What fingerprint? We don't send device OS, IP address, geolocation... Impossible to do fingerprint from only a device UUID that does not means anything.
Device UUID will still leak an usage pattern. For example, if an UUID is active in the morning and in the evening during the week but at random times during the weekend you can infer that they are working, their approximate working hours and the fact they are not working on weekends.
Just a simple example - I’m sure a data scientist can do a lot more magic given enough data.
Usage patterns can be unique enough to track the same user across different services, some of which may have the user’s PII and thus a link to the user’s identity.
Could be a good idea to send events in batches, so the app collects event counters locally and only sends it in bulk every few days (exact interval being random). That way there’s no specific date/time associated to events, just that “for the past 3 days the app has been opened X times”.
Apple actually does a really good job of making it hard for developers to track a specific device (if they want to get approved for the App Store, that is).
Correlating device type & OS version, IP address and time of access is a pretty good way to connect the dots between “anonymised” IDs. If the same IDs always show up in quick succession from the same IP and device type/version chances are it’s the same person just checking multiple apps on their phone. Time of access and IP address can be used to infer where the person lives (to a certain degree or accuracy), when they are working, etc.
I used it to remove old tweets, but nothing else. The presets aren't very flexible. The oldest tweets I could delete was anything more than 3 months old. I would have preferred a longer timeframe like older than 2 or 5 years.
I didn't try it for Facebook. It has three general settings (public, friends, and just me). I've already tuned Facebook as best as I want. It wasn't clear what FB would overshare or under-share with Jumbo's settings.
I also dislike how they’ve conformed to Facebooks notion of privacy (it’s private if only Facebook can see and use it, not others), as opposed to the traditional definition of retaining individual decision-rights over disclosure.
Anyone have a sense of the business model? Seems like a handy way to help folks manage privacy, but without understanding how they plan to generate revenue I'm hesitant to get on board.
I've learned in my life of computing since the TI-99/4A is that privacy is not an app or program or device... It's all analog - what the end use does and does not do. I don't see this really pushed today, the personal responsibility of personal data.
The problem is worse than that: what I do personally doesn’t protect me because any number of other people are uploading my information to Facebook for me!
Maybe it's naïve. But I don't think it's really aimed at people who have already declined to participate in social media on privacy grounds. Rather, I suspect the idea is to provide an easier way of managing available controls for people who don't want to give up social media but who are somewhat concerned to reduce their privacy exposure to the world. That has to be a good thing - assuming it works and they're not doing anything nefarious in the background.
All that said, since the app is free and since they claim they're not slurping personal data, I do wonder how they plan to monetise this.
Jumbo helps in deleting old Google Search, and Alexa voice recordings. So it's beyond social media in that sense. Tomorrow we will support Tinder, and more.
I'm perplexed as to why this is an iOS only application. Surely most of the actual API calls are being done server-side? It have made more sense for them to launch a web app instead while they expanded the product offering, and then brought it to native apps.
This looks really nice - There are browser extensions to do a lot of these things, but those don't work on iPhone, so having a native app is a nice touch.
I also appreciate that they know they're selling to a privacy-conscious audience, so they go over the top in assuring that it's all done client side!
I like it on first impression but I wonder whether tools like this will convince people they have privacy, when really they are getting a better interface to semi-privacy settings in existing privacy invasive apps.
I really like the idea of the app because it lowers the barriers to entry for an entire set of people who otherwise might not take the necessary steps to increase their privacy.
These are baby steps for sure, but maybe one day all these people will be ditching google for duckduckgo and protonmail, etc.
Pretty cool that this is done client-side, although it does need more presets. I'd also want to be able to export/import my old posts, or at least manually review, but that's getting into the kind of features I'd expect from a paid tool.
My years-long history of using Facebook as an idea log (often with long long posts) is what has stopped me from deleting altogether. This promises to be a simple way of downloading everything.
Facebook should be scared. It's at least X% of the lock-in they have on people.
You know you can just go and download your FB content, right? You follow a couple links, wait a while, and then they let you know when you can download your zip file.
I downloaded mine, read some stuff that made me think a bit, and then I finished up with deleting my account.
