
Los Angeles Accuses Weather Channel App of Covertly Mining User Data - lnguyen
https://www.nytimes.com/2019/01/03/technology/weather-channel-app-lawsuit.html
======
Animats
If we want to stop location tracking, someone needs to get lots of location
tracking for Washington DC and start correlating meetups between elected
officials and K street lobbyists. That would focus attention on the problem.

Even if the location info is "anonymous", you can probably detect members of
Congress from the movement pattern.

~~~
noir_lord
> you can probably detect members of Congress from the movement pattern.

The rolling over when a lobbiest walks in?

~~~
dgzl
Lobbying isn't inherently bad, you know. Congress needs experts for
information.

~~~
endymi0n
If you hire someone and pay them lots of money for their expertise, that's the
definition of an expert. If you consult someone for their expertise and they
pay you (or your party/campaign) lots of money, that's the definition of a
lobbyist.

I'm still at loss how that form of corruption is not just legal but apparently
completely accepted in the US.

~~~
andrewla
You have an incorrect view of what a lobbyist is and does. A lobbyist (or a
lobbying organization or PAC) cannot give more to an official or campaign or
party than any other private citizen; $5,000 per election. Lobbyists are
primarily responsible for exactly what the GP said -- trying to bring expert
information to non-expert elected officials.

PACs and other organizations that do lobbying can spend money on an
independent campaign (Citizen's United), but they can't give it to the
candidate.

Way more insidious than campaign contributions is the "revolving door" where
former elected officials are hired as lobbyists or consultants as a deferred
award for their support during their tenure.

~~~
koops
Lobbyists are not trying to bring expert information to elected officials.
They are trying to influence public policy to the benefit of the people or
organizations paying them.

~~~
barry-cotter
There’s no necessary contradiction between those two things. More importantly
lobbyists are indispensable because Congressfolk have tiny, tiny staff budgets
so it’s not like they have their own internal researchers or even their own
legal team. People forming the United States have unpaid interns because they
can’t afford better.

~~~
jacobolus
Congress has tiny staff budgets partly because one of the parties outsources
all of its policy analysis and legislation writing to lobbyists, all of its
public outreach/education to corrupt “think tanks” and corporate-owned media
outlets, and intentionally eviscerated their own budget because in the past
their own independent expert analysis often contradicted industry preferences,
which was inconvenient for the corporations calling the shots.

~~~
briandear
One of the parties? You haven’t been around DC much I’m assuming.

~~~
jacobolus
Yes, one of the parties is largely responsible for budget cuts in the
Congress’s own staff.

A web search turns up e.g.
[https://www.americanprogress.org/issues/economy/news/2015/06...](https://www.americanprogress.org/issues/economy/news/2015/06/15/114975/congress-
makes-itself-dysfunctional-with-legislative-branch-cuts/)

Or more recently and pointedly, [https://www.reuters.com/article/us-usa-
congress-cbo-idUSKBN1...](https://www.reuters.com/article/us-usa-congress-cbo-
idUSKBN1A92KN)

Or you can find many other sources from the past 25 years discussing this.

The Congress should be robustly funding the Congressional Research Service,
the Government Accountability Office, the Congressional Budget Office,
committee staff, individual members’ staff, etc. But one party does not want
the Congress to build up long-term institutional expertise or do careful
independent analysis.

------
freefal
It's crazy the people download these ad-laden apps to simply get a weather
forecast.

[https://mobile.weather.gov](https://mobile.weather.gov) is really nice
lightweight website with no ads.

~~~
ergothus
I am clearly a minority (based on incidents ranging from this, to how weather
bug was the first killer app of the web, or how my grandfathers tv was
permanently on the weather channel), but I've never understood the attraction
of weather info.

I mean, the forecast isn't accurate far enough in advance to make most plans,
and the weather today is usually obvious from any window, at least as far as I
can actually use the info (which is how warmly to dress), but realistically I
never pay attention and just dress for the season and it never seems like the
difference day-to-day matters.

I definitely value forecasting hurricanes/blizzards/tornadoes, but that doesnt
seem to be the general attraction.

~~~
acranox
I ride a bike every day. Knowing the morning and afternoon temperature
determines how I dress. It's also incredibly useful to know if it's forecast
to rain or snow for my ride home, so I can bring the right jacket. That's
basically why I check a weather app every day.

And here in New England, knowing if it's going to rain or snow on the weekend,
might effect what plans you make. We also have times of the year where the
temperature can change 40F or more between morning and afternoon.

So looking out the window and deciding how warmly to dress, can leave you
pretty uncomfortable later in the day. :)

------
tyfon
NRK (Norwegian Broadcasting Corporation like the BBC) and the Norwegian
Meteorological Institute has made yr.no (webside [1], apps and open api [2]).

It's government owned so no data collection. I'm not sure how useful it is
outside of Norway but I have used it successfully when visiting other
countries in EU. I think it also worked in Mexico but I can't really remember.

[1] [https://www.yr.no/?spr=eng](https://www.yr.no/?spr=eng)

[2] [https://hjelp.yr.no/hc/en-us/articles/360009342833-XML-
weath...](https://hjelp.yr.no/hc/en-us/articles/360009342833-XML-weather-
forecasts)

~~~
reaperducer
For those who need it, U.S. National Weather Service API:
[https://www.weather.gov/documentation/services-web-
api](https://www.weather.gov/documentation/services-web-api)

------
walterbell
The default weather app on Apple iPhones is IBM's Weather Channel,
[https://support.apple.com/en-us/HT207492](https://support.apple.com/en-
us/HT207492)

 _> The weather data used in the Weather app comes from The Weather Channel.
If you have issues getting accurate weather information, tap the icon in the
lower-left corner to go directly to the weather source._

If you have an iPhone and are in the US, a home screen shortcut to
mobile.weather.gov is much safer. Avoid putting the site in web browser new
tab Favorites, which will be pinged by Safari even if you don't visit the
site. This can be seen with Charles Proxy.

~~~
JumpCrisscross
Does the stock iOS app forward to IBM the same data the Weather Channel app
does?

~~~
floatingatoll
In current location mode, Apple's Weather.app transmits over HTTPS
latitude/longitude twice, once for general weather and once for air quality,
both in the GET url.

No other information about you or your device is provided anywhere in the
request url or headers. No other requests were made to api.weather.com during
"check the weather" testing.

://api.weather.com/v1/geocode/...

://api.weather.com/v2/globalairquality?...

~~~
walterbell
Since IBM has IP address of the request, they can map this to WiFi locations
via geolocation. If IBM infers your home WiFI street address, this can be
correlated with other data sets (e.g. credit card history) for further
analysis, even if Apple does not send additional data in the API request to
IBM's weather API endpoint.

~~~
riffic
As far as I know (and please correct me if I am wrong), geolocation is not
quite that magical. At best they can infer who your ISP is and the region your
IP block was assigned to.

~~~
floatingatoll
Some wireless access points have a fixed IP over time, which lets IBM
reasonably predict "anyone coming from ipaddr X is probably using wifi Y which
is provably at lat/long Z" with sufficient levels of certainty.

This probably works better with "My Home AP Uses A Cute Name That's Hilarious"
if your IP rarely changes and you have other software leaking data to IBM, but
less well for "xfinitywifi".

~~~
riffic
In order for that to work in the way I am imagining, it would be necessary for
the SSID to be available and correlated to access point's IP address. While
this could be performed by wardriving open WIFI networks, it would be harder
to gather this on a protected network.

Again, I'm not an expert here, and would be happy to learn more about whether
this sort of data collection is possible.

edit: this is quite an interesting rabbit-hole I've stumbled into. It seems
that there are databases correlating SSID to location, but aren't collecting
IP addresses of those networks:

[https://wigle.net/faq](https://wigle.net/faq)

[https://wigle.net/phpbb/viewtopic.php?t=1620](https://wigle.net/phpbb/viewtopic.php?t=1620)

~~~
walterbell
If you have a static IP address at home, that IP address can be searched in
public geolocation databases online. Try it. It will list a number of possible
physical addresses.

That's available freely on the web. Hedge funds and others buying data from
IBM can buy data from higher quality sources, including wireless carriers,
financial institutions and data brokers.

~~~
riffic
Most residential ISPs use long lived DHCP leases, and do not issue true static
IP addresses.

Do you have an example of an IP address that geolocates to its homeowner's
actual address (as opposed to region/city?)

Again, geolocation databases are not magical. This article explains that and
some deficiencies:

[https://splinternews.com/how-an-internet-mapping-glitch-
turn...](https://splinternews.com/how-an-internet-mapping-glitch-turned-a-
random-kansas-f-1793856052)

~~~
walterbell
Long-lived DHCP leases work. There are many examples, try the client IP
addresses from the headers of emails that you receive. Geolocation dbs are not
magical, but they are often close enough for practical use.

------
Rebelgecko
I think this is a little bit ironic. The city of LA just released an app
called ShakeAlertLA, which works with the USGS early warning system to let you
know when there's an earthquake in LA. The app TOS imply that your personal
information is only used locally and not uploaded, but if you look at the
app's source (to their credit, it's easily available), your location is
continuously sent to an AWS server.

~~~
choward
> look at the app's source (to their credit, it's easily available)

Care to link to where this "easily available" source code is? I tried
searching for it and couldn't find it.

~~~
Rebelgecko
Wow, it looks like they took down the repo today. I take back my kudos to Los
Angeles. The Android version of the app _used to be_ at
[https://github.com/CityOfLosAngeles/ShakeAlertLA-
android](https://github.com/CityOfLosAngeles/ShakeAlertLA-android).

The backend code that seems to handle the REST call with user's lat/lon is
still available[1].

Fortunately I cloned the Android repo locally. If you're interested I can
reupload it somewhere. It's Apache licensed and I paid for a fraction of its
development, so I think I'd be legally and morally in the clear to share it.

[1]: [https://github.com/CityOfLosAngeles/ShakeAlertLA-message-
gat...](https://github.com/CityOfLosAngeles/ShakeAlertLA-message-
gateway/blob/master/Code/LaWebApi/src/com/la/webapi/MySql.java)

~~~
wikibob
Yes please do reupload it!

~~~
Rebelgecko
hopefully this works: [https://ufile.io/yrmrx](https://ufile.io/yrmrx)

------
jtl999
I miss Weather Underground before they got acquired. :(

~~~
ams6110
I like dark sky.

[https://darksky.net](https://darksky.net)

They have an app also but I just use the website.

~~~
konschubert
It can’t be downloaded on iOS in Germany it seems.

~~~
awiesenhofer
You get all the features on their website too. I found a simple homescreen-
link perfectly enough for my weather needs.

------
SilverSlash
You can just type "current temperature" in google and it'll give you the
weather forecast for the week. At least with google, they already have all
your data.

~~~
xster
If you're gonna type into Google, "weather" is shorter to type. "temp" even
shorter. And on iOS, a weather app + dashboard widget and a single right swipe
even faster. And on Android, a weather app + home screen widget and zero
action even faster still. And we're back full circle.

------
fuddle
The Daily has a good podcast episode where they go into more details with the
reporters who wrote the NYT article:
[https://nyti.ms/2G7NcWH](https://nyti.ms/2G7NcWH)

~~~
Wowfunhappy
In case anyone else just wants to just download the MP3 of this episode:
[https://content.production.cdn.art19.com/episodes/4f87f227-3...](https://content.production.cdn.art19.com/episodes/4f87f227-39ae-4623-be33-869c97a76e59/c134e299a9436a36bc3a8538f1131a679db2c57aae8c7617459243432883f4ee797bbefaec7a028eb18a0c590ae8bfa77a4f9bb9fda8c4bea51b6f8dd9dd1501/20181210%20TD%20MASTER%20SUBMIX%20CW%20MIX.mp3)

This took me approx. two minutes longer to find than it should have.

------
mlthoughts2018
Whatever you think of the problem of this location tracking, we still need to
step back and take notice of the great hypocrisy of NYT on this kind of
shit... e.g. “Project Feels” in which NYT predicts your emotional state while
reading articles and attempts to sell ad inventory based on the ad’s
connection to your emotional state.

[https://digiday.com/media/project-feels-usa-today-espn-
new-y...](https://digiday.com/media/project-feels-usa-today-espn-new-york-
times-targeting-ads-mood/)

------
JumpCrisscross
> _An IBM spokesman, Saswato Das, said, “The Weather Company has always been
> transparent with use of location data; the disclosures are fully
> appropriate, and we will defend them vigorously.”_

Why say something so stupid instead of issuing a simple “no comment”?

------
modzu
true weather is open source:

[https://play.google.com/store/apps/details?id=net.conceptual...](https://play.google.com/store/apps/details?id=net.conceptualspace.trueweather&pcampaignid=MKT-
Other-global-all-co-prtnr-py-PartBadge-Mar2515-1)

and love for those who still use desktops too:

[https://conceptualspace.net/trueweather/](https://conceptualspace.net/trueweather/)

------
mark212
The really ironic part in my view is that the native, Apple-made weather app
on iOS used data from the Weather Channel. So there is literally no need to
download the WC app. (To be clear, the complaint is centered around android
and not the iOS app anyway.)

------
tqkxzugoaupvwqr
iOS’ Weather app uses The Weather Channel as data source. Does anybody know if
Apple acts as a proxy and obscures personally identifiable information?

~~~
floatingatoll
Apple does not act as a proxy. Their app transmits lat/long to
api.weather.com. See also:
[https://news.ycombinator.com/item?id=18822350](https://news.ycombinator.com/item?id=18822350)

~~~
matthewdgreen
This still leaves two open questions:

1\. Does Apple’s contract with TWC allow them to market individual-level data
to advertisers in the same way that TWC can with their own app? It would be
shocking if the answer was “yes”.

2\. To what level of resolution is the default Weather app lat/long data,
compared to third party apps?

