Hacker News new | past | comments | ask | show | jobs | submit login
Los Angeles Accuses Weather Channel App of Covertly Mining User Data (nytimes.com)
235 points by lnguyen 3 months ago | hide | past | web | favorite | 123 comments

If we want to stop location tracking, someone needs to get lots of location tracking for Washington DC and start correlating meetups between elected officials and K street lobbyists. That would focus attention on the problem.

Even if the location info is "anonymous", you can probably detect members of Congress from the movement pattern.

> you can probably detect members of Congress from the movement pattern.

The rolling over when a lobbiest walks in?

Lobbying isn't inherently bad, you know. Congress needs experts for information.

If you hire someone and pay them lots of money for their expertise, that's the definition of an expert. If you consult someone for their expertise and they pay you (or your party/campaign) lots of money, that's the definition of a lobbyist.

I'm still at loss how that form of corruption is not just legal but apparently completely accepted in the US.

You have an incorrect view of what a lobbyist is and does. A lobbyist (or a lobbying organization or PAC) cannot give more to an official or campaign or party than any other private citizen; $5,000 per election. Lobbyists are primarily responsible for exactly what the GP said -- trying to bring expert information to non-expert elected officials.

PACs and other organizations that do lobbying can spend money on an independent campaign (Citizen's United), but they can't give it to the candidate.

Way more insidious than campaign contributions is the "revolving door" where former elected officials are hired as lobbyists or consultants as a deferred award for their support during their tenure.

Lobbyists are not trying to bring expert information to elected officials. They are trying to influence public policy to the benefit of the people or organizations paying them.

There’s no necessary contradiction between those two things. More importantly lobbyists are indispensable because Congressfolk have tiny, tiny staff budgets so it’s not like they have their own internal researchers or even their own legal team. People forming the United States have unpaid interns because they can’t afford better.

Congress has tiny staff budgets partly because one of the parties outsources all of its policy analysis and legislation writing to lobbyists, all of its public outreach/education to corrupt “think tanks” and corporate-owned media outlets, and intentionally eviscerated their own budget because in the past their own independent expert analysis often contradicted industry preferences, which was inconvenient for the corporations calling the shots.

One of the parties? You haven’t been around DC much I’m assuming.

Yes, one of the parties is largely responsible for budget cuts in the Congress’s own staff.

A web search turns up e.g. https://www.americanprogress.org/issues/economy/news/2015/06...

Or more recently and pointedly, https://www.reuters.com/article/us-usa-congress-cbo-idUSKBN1...

Or you can find many other sources from the past 25 years discussing this.

The Congress should be robustly funding the Congressional Research Service, the Government Accountability Office, the Congressional Budget Office, committee staff, individual members’ staff, etc. But one party does not want the Congress to build up long-term institutional expertise or do careful independent analysis.

Then they should be paid whatever is necessary to make lobbyists unnecessary. I suspect though that that would change nothing, because these "expert" lobbyists you support don't really want lawmakers to have full knowledge of whatever is important to them; their goal is to feed lawmakers the information they need to entice them to support the lobbyists agenda.

The EFF has lobbyists. Point: lobbying isn’t a “bad” thing. It’s only “bad” if you disagree with them. How else are lawmakers going to get detailed information about issues that interests care about? Some random constituent claiming to be an astrophysicist? Is it conceivable that ever member of Congress has a staff with experts in literally every possible subject that could come up for legislation? Nothing is stopping the “other” side from lobbying too. Lobbyists from both sides of issues are a critical part of the lawmaking process. We elect people to be able to balance those competing interests and ostensibly make the right decision. If you aren’t happy with that decision, there are elections every two years. No question there is corruption, but Congress itself isn’t corrupt. I am not a fan of Ocasio-Cortez, but she took out a prominent Democrat because, in the eyes of the constituents, that representative wasn’t doing the job in a way with which they agree. Congressmen win elections because a majority of their district wanted them to win. It’s a fact that a significant percentage of people complaining rarely vote, let alone actually volunteer for a campaign. We get the government we deserve, not necessarily the one we want.

The EFF needing to lobby is a bad thing.

Indeed, leveraging an information asymmetry between their employers and the officials they are lobbying is a key technique here.

There's a difference between someone representing an interest group and an expert and the difference is right there in the word "interest".

>> ..cannot give more to an official or campaign or party than any other private citizen; $5,000 per election.

Are you typing from the past? The 5k rule means nothing in today's world of dark money. A lobbyist can give unlimited amounts to third parties, organizations that will either support a campaign or not. Or they can just spend the money themselves. A billionaire may only be allowed to hand over 5k in cash, but they can spend millions on people to attack you online. So you listen to those lobbyists with the deepest pockets because they pose your greatest threat.

There are more subtle ways of transferring money from lobbyist to political party than just cash payments. Let's say that the lobbyist sponsor company promises to use a hotel chain owned by a party member for its bussines trips, or buy office supplies from a company owned by other member of the same party, or something similar. You can buy their support for your cause this way.

Since you seem informed on the matter, how much can a lobbyist give to a politician's charity foundation? For example, can they give more than $5,000 to the Clinton Foundation or the (now dissolving) Donald J. Trump Foundation?

I've always been very skeptical of the fact that high ranking and influential politicians (eg: ones that a lobbyist would want to influence) always seem to have a "non-profit" charity foundation, while low ranking politicians (ones who aren't high enough on the totem pole to be worth influencing) infrequently or rarely have non-profit charity foundations.

It's always about loopholes and indirect payments.

> Lobbying isn't inherently bad, you know.

True, but...

> Congress needs experts for information.

That's what members and committees have staff for (and, in a broader sense, what the US government has an executive branch which Congress sets the rules governing and required to report to them for.)

Lobbyists don't work for Congress in the public interest, they work for actors that want Congress to serve those actors' private interests.

Members and committees have comically small and under resources staff for their responsibilities. Lobbyists are partly a response to that. People who care about an issue pay for research into it and publicise it to all and sundry, congress included.

> Lobbying isn't inherently bad, you know.

With the current set of laws in the US, it pretty much is. Also, congress needs Janitors.. but we don't excoriate ourselves over the impossibility of getting that work done, we just hire and pay a janitor for their work.

With the DNC and RNC raking in so much money every year, I find it amazingly hard to believe that they're lacking for expert advice.

It's not because they lack expert advice, it's because some issues brought up by the populace are complicated. If you want to pass a law that will help reduce child obesity, it might not be enough to simply contact your congressperson directly. So you hire a lobbyist who has a closer relationship with the congress person to brush up on the topic and convince them why passing this particular law is a good idea. I think you will find that just as many good laws were the result of a lobbyist, either paid or unpaid, as are the bad laws.

> So you hire a lobbyist who has a closer relationship with the congress person

Off the cuff, I am of the opinion that this is the root of the problem. We live in 2019, not 1819.. it's simply _not_ that hard for a congressperson to be "in touch" with their constituency.

> and convince them why passing this particular law is a good idea.

I don't want them _convinced_ I want them to be _informed_. There's a huge difference.

> I think you will find that just as many good laws were the result of a lobbyist

Yea, it _can_ work.. but we _should_ we rely on that? I would say given the high-mindedness of those who founded this country and the set of laws the left us, the answer should be a resounding "No."

I agree but think that there is a distinction that taints the definition of 'lobbying.'

For instance, I think think of lobbying broadly as the 'gears' of democracy, from one individual sending an email about an issue to an organized entity using their collective powers for change.

However, I think the distinction is most people think of lobbying as a special sort of 'relationship capitalization' that happens on the Hill; I'm not hiring Group X because they can best funnel my grassroots to the grasstops (though that exists) but rather I hire Group X because my account manager used to work at Dirksen and is friends with current target COS. This selling of connections, relationships, etc is what I think understandably makes people wary of lobbying.

> Congress needs experts for information.

Congress should hire some, then.

"I'm an expert, and I would like to give you some advice... for free, plus I'll give your campaign money!" should be suspicious.

What lobbyists are allowed to give congress people is very limited. In most cases, food and non-alcoholic beverages is all.

Directly, sure.

Indirectly? In the post-Citizens United world, it's literally unbounded. Not to mention a lobbyist is free to:

1. Organize a fund-raises for the politicians campaign. They can't pay $100k directly, but they can sell 100 seats for $1000 each.

2. With a wink and hand=-shake, pffer the politician a job in the future.

Citizens United vs FEC is unrelated to what you are talking about. The court decision did not make contributions to politicians unbounded. The set ceiling is still in place. It did unbound the amount of money someone can spend on political speech that is not affiliated with a politician's campaign. You can donate only a set amount of money to a candidate that wants to breed purple lemons. You (or a separate group you donate to) can spend an unlimited amount of amount of money to advertise in favor of breeding purple lemons.

What you seem to be describing - disguising a donation from one individual to a politician that is over the contribution limit as several donations from different many different people - was and still is illegal.

Thus my "indirectly" modifier. A lobbyist cannot give $10,000 to the politician directly. They can give $10,000 to a PAC that is closed related to the politician.

The fund-raiser would also be legal. There is no masking of donations - those attending the fund-raiser do pay for their tickets. Nothing prevents a lobbyist from doing the legwork to make the fund-raiser happen.

Main point being, despite legal limits on direct donations, there are many ways a lobbyist can facilitate the flow of money from special interests into the pockets of politicians.

Your first paragraph is correct, people can give however much they want to spend on political promotion, advertisement, etc. That's what a PAC is, groups that organize advertisement.

You're still misrepresenting reality and when you say that this functions to "facilitate the flow of money from special interests into the pockets of politicians." This money never enters the pockets of politicians. If that happens, it is a violation of the law.

Definitely certain PACs benefit certain politicians over others. A PAC organized to promote environmentalism is probably going to help Democrats a lot more than Republicans. But it is not correct in any way to say that this money is funneled to the politicians themselves. The politician does not hold the purse strings of PAC money, the PAC can decide at any time to stop promoting items aligned with that politician.


What are you, a crazy millenarian? Wouldn't God want Christendom to repent?

It's crazy the people download these ad-laden apps to simply get a weather forecast.

https://mobile.weather.gov is really nice lightweight website with no ads.

If you like it, do understand the Republican Party just last year nominated and voted in Berry Myers, the co-owner of AccuWeather, who spent years trying to prevent the NWS from publishing forecasts to you and the rest of the public, to head the agency in change of the NWS.

Your favored website may soon enough be taken down in order to enrich the Myers family, but it will be packaged as reducing costs or not "competing with industry" aka AccuWeather.

Damn, I had no idea that happened.

Stuff like this and the shenanigans at the FCC w/ Net Neutrality really makes me rethink the concept of these types appointments not having more public involvement.

There's a great Audible original piece on this topic written by Michael Lewis called 'The coming storm':

If it gets taken down, he'll probably be able to find another one.

Accuweather perhaps?

Funny you mention it, forecast.weather.gov is now the first link on my phone browser's start page. I made the switch after the wunderground app started refusing to update and otherwise glitched out constantly. The only downside is I have to actively think check the weather in the morning rather than just have it presented.

It sucks how badly wunderground has gotten. I run my own weather station and it only syncs to WU. Almost tempted to intercept the api calls and store the data locally...

Weather Underground is yet another IBM company. So is Weather Channel.

"On October 28, 2015 IBM officially announced an agreement to acquire The Weather Company’s business-to-business, mobile and cloud-based web properties, including Weather Underground, WSI, weather.com, and also the Weather Company brand."

IBM buys firms and then proceeds to eviscerate them. Value destruction is their strong suit.

"Storm" used to be a GREAT weather app, until they basically just ruined it and then forced people over to the Wunderground app. Which is also pretty bad.

I suspect that a company the size of IBM can do positive things, too.. so, lets not curse the situation, eh?

OMG, they have a mobile version?! Man, I've been using the regular one and just pinching and zooming everywhere to find things.

But, honestly, I love weather.gov. The local forecast (at least for the Pittsburgh area) is plain text, easy to understand (if you read the definitions), and updated multiple times per day. Plus, it has in depth forecasting for rain/snow/etc.

I stopped using weather.com because it would routinely crash my mobile browser. I suspect because it ran out of memory.

I love this 3-day graph the best:

https://forecast.weather.gov/MapClick.php?lat=<your latitude goes here>&lon=-<your longitude goes here>&unit=0&lg=english&FcstType=graphical is my favorite.

Just substitute your XX.XXXX latitude and your YY.YYYY longitude (negative from 0 if you're in the US) for the <> and their contents as variables.

There's also a tabular form of this. Very dense in terms of hourly forecasts. I tend to plug in various lat/long changes to figure out when a storm is going to blow into the kid's sporting event clear across town. Each degree of latitude or longitude is 68.3 miles, so you can usually just adjust the URL to get a pinpoint forecast...which is useful in metro areas where you might be traveling 40-45 miles to an event.

> Each degree of latitude or longitude is 68.3 miles

That's only for latitude, longitude depends on latitude, so lon = cosine(lat) * 69.172

Not entire crazy given popular perception of mobile as being an app-driven platform. And not at all coincidental given former CEO of AccuWeather Barry Myer's direct involvement in crafting policy which prohibits NOAA from developing mobile apps[1]:

In 2008, AccuWeather named Conrad Lautenbacher, a recently departed NOAA administrator appointed by President George W. Bush, to its board. Myers was soon appointed to a NOAA working group that gave him a role in shaping policy. He helped fashion one in 2012 that restricted the organization’s ability to develop mobile apps for the public.

This is the same guy nominated by the Trump adminstration and currently awaiting Senate confirmation as the head honcho of NOAA.

[1] https://www.bloomberg.com/news/features/2018-06-14/trump-s-p...

I am clearly a minority (based on incidents ranging from this, to how weather bug was the first killer app of the web, or how my grandfathers tv was permanently on the weather channel), but I've never understood the attraction of weather info.

I mean, the forecast isn't accurate far enough in advance to make most plans, and the weather today is usually obvious from any window, at least as far as I can actually use the info (which is how warmly to dress), but realistically I never pay attention and just dress for the season and it never seems like the difference day-to-day matters.

I definitely value forecasting hurricanes/blizzards/tornadoes, but that doesnt seem to be the general attraction.

I ride a bike every day. Knowing the morning and afternoon temperature determines how I dress. It's also incredibly useful to know if it's forecast to rain or snow for my ride home, so I can bring the right jacket. That's basically why I check a weather app every day.

And here in New England, knowing if it's going to rain or snow on the weekend, might effect what plans you make. We also have times of the year where the temperature can change 40F or more between morning and afternoon.

So looking out the window and deciding how warmly to dress, can leave you pretty uncomfortable later in the day. :)

the forecast isn't accurate far enough in advance to make most plans

This depends on your location. Cities immediately east of a large city get very good forecasts. The reason is that, like with any other industry, better people end up in larger cities. This gives the large cities better forecasts, and there is a halo effect eastward since in the United States weather generally travels west to east.

the weather today is usually obvious from any window

There are a lot of places in the nation, and the world, where weather changes rapidly and often. Many people who live in these places use the phrase, "If you don't like the weather, just wait." And each thinks it invented the phrase.

I never pay attention and just dress for the season and it never seems like the difference day-to-day matters

Be glad you have the luxury of living in a place with very stable weather. Or be sad that you don't travel enough to understand that the weather is variable in most places on earth.

> I mean, the forecast isn't accurate far enough in advance to make most plans.

This isn't the case for me in NYC. Anything within the next two days is fairly accurate.

I use the day's temperature info to decide what to wear in the morning. I use the UV index to decide if I need sunscreen. And while I don't use umbrella's, I know coworkers use the weather to decide if they should bring an umbrella.

> Anything within the next two days is fairly accurate.

Plans that involve the outdoors rarely involve only two days notice for me - plans are either spontaneous or in more than a week. Then again, my plans rarely involve the outdoors.

> UV index to decide if I need sunscreen

My skin tone is known as "fish belly", so I always need sunblock, but unless I'm planning to be outside at length (which I largely dont do) I dont really do so.

> decide what to wear in the morning

I may be odd, but my day to day wear doesn't really vary other than by season. When I lived in Pennsylvania and Virginia the weather changed dramatically enough over the day that dressing lighter or warmer was an invitation for problems. Now that I'm in Seattle, the weather is fairly consistent over the day, but I've never found myself wishing I had known the forecast when I dressed.

> I don't use umbrella's

Mostly the same, particularly here in Seattle. Before, if it was raining hard the need was obvious, and if it wasn't I didn't want to carry around something is just lose before I needed it.

I'm not trying to poop on your feedback (really!), it's just these are largely the arguments I've heard that dont seem to apply to me. Do people really spend that much more time outside than I do? Am I some sort of sky-avoiding freak?

But do you possibly understand "the attraction of weather info" better now?

The issue wasn't really the attractiveness of the info, so much as the attractiveness of constantly having the info. I personally get that info is sometimes useful ("We can go to the beach tomorrow, let's make sure it isn't going to rain"), and in the abstract, I get that it may be useful more often for some people, but I can't emotionally grasp that it's that useful, that often, for so many people.

It's the issue of competing norms - the weather (or at least, foreknowledge of it) doesn't affect how I dress or my activities for 350+ days of the year, over decades, living in multiple parts of the US, so it's hard to grasp that it does actually impact a notable portion of people. Clearly it does, and I've not questioned that (or at least I didn't intend to question that), but having more people tell me that it really, truly does hasn't changed my emotional incredulity that that is the case.

You have explained why this information isn't useful for you. That's fine—your self assessment seems reasonable. By all means, delete all weather apps from your phone!

However I think I've also explained why I find the information incredibly useful, for different reasons than you. It's an incredibly valuable service to me and most of my immediate peers.

When I neglect to check the weather in the morning, I do things like wear a long sleeved shirt that becomes overly hot in the middle of the day, because the weather had felt slightly chilly that morning. I work in an indoor office, but I go out to get lunch, and it's nice to not be overly hot or cold.

I will say that I find weather forecasts more useful in Spring and Fall than Summer or Winter. Right now, the answer to "what should I wear?" is almost always "thick clothes and a coat!" But then, there are also exceptions, and using the weather forecast to spot them is great.

(Actually, speaking of temperature, something I didn't mention—my apartment is always hot, so even with the window open, it's often hard to judge the current outdoor temperature without an app.)

Edit: Also, whatever your complexion: if the UV Index is 0, you don't need sunscreen. And if the UV Index is 12+, you absolutely should have sunscreen even if you're inside most of the day. It's worth checking!

> I think I've also explained why I find the information incredibly useful

You have, and your reasons are likewise reasonable - I just struggle to believe that there are so many people that are similar (but again, there clearly are - my struggle to understand doesn't change the facts). People who bike to work, for example, have lots of reasons to care about the weather...yet I seriously doubt that covers a significant portion of people that create the demand for weather apps.

Women tend to have more varied fashion and layers than men, so they would logically be more impacted by weather, yet there's no shortage of men that want that weather info. I get that they do...but I still have troubles accepting that my normal isn't, you know, _normal_.

If it makes you feel any better I feel pretty much exactly as you do and I’ve lived in a place (Michigan) with fairly volatile weather my whole life. You are not alone in weather apathy.

> Do people really spend that much more time outside than I do? Am I some sort of sky-avoiding freak?

Haha, have you noticed how half of the cars suddenly have ski racks as of the past month or so?

A pretty heft chunk of Michael Lewis's mini-book on corruption in the Trump administration centered on Accuweather's role at NOAA, and how companies like Accuweather do little more than repackage data generated by the federal government and pretend to be gatekeepers for it.

Supposedly, companies like Accuweather have been working for years to eliminate government weather services that are readily usable by consumers.

In support of the parent's remark, I highly recommend everyone read this excellent Bloomberg article[1] from last year which elaborates on the finer points. It surely made my blood boil at first blush.

[1] https://www.bloomberg.com/news/features/2018-06-14/trump-s-p...

Talking to people who had worked at higher levels of the weather world in government and academia, this is a generally common view of that kind of company.

Companies like Intuit have been working for years to prevent the government from having easy to use tax filing services. What else is new?

Do they have an API? I'm surprised more apps don't plug into this. Most watch-faces on my Pebble required me to get a personal Weather Underground API key (and now have stopped working). :(

Yes NWS has an API with quite a lot of data in XML format. Weather Underground api was supposed to shut off on December 31, but has been extended to Feb 15th of this year. Good riddance, it was very flaky, would return occasional bad data, and all around a bad experience.

From what I understand pretty much all countries have a government run weather service and they all have an API. The problem is they are all different organizations that have different APIs so all the weather api services do is combine every single one of the apis in to one that only requires one api key.

I've found apps that use these global API's are inferior to local apps connecting directly to local API's, the data is a lot more current, more accurate and includes a lot of features like radar images. Not sure if it's an issue with some countries missing a lot of data that mine (Aus) offer or it's missing for some other reason.

Phone OEM's always have to include a crappy global one for some reason.

Well that tends to be the case that generic interfaces to multiple APIs only provide the features that everyone provides.

I really like the NWS's hourly forecast charts, and use those as my primary weather source. You can see an example here (scroll right if on mobile):

https://subraizada.com/weather/kmdw (A previous version used to show the normal weather forecast in an iframe to the left of the charts, too)

It's just a single HTML page, I've put a script to make them over here:


but the icons aren't as pretty

You're being sarcastic (I think), but the first thing I thought of when I looked at this site was "This could never be my go-to weather source, those icons are much too ugly."

more facetious than sarcastic. A lot of people care about the icons

An API is available, so you could theoretically write your own app to consume the API and style it as you wish.

Thanks for sharing.

The damned weather app in iOS is pretty useful too.

Right, when I just ask Google what the weather is like.

NRK (Norwegian Broadcasting Corporation like the BBC) and the Norwegian Meteorological Institute has made yr.no (webside [1], apps and open api [2]).

It's government owned so no data collection. I'm not sure how useful it is outside of Norway but I have used it successfully when visiting other countries in EU. I think it also worked in Mexico but I can't really remember.

[1] https://www.yr.no/?spr=eng

[2] https://hjelp.yr.no/hc/en-us/articles/360009342833-XML-weath...

For those who need it, U.S. National Weather Service API: https://www.weather.gov/documentation/services-web-api

Yr is very good and was my main weather app for years. I still use it but my main app is now BBC Weather [1] and its apps [2][3]. I trust it for the same reasons I trust YR as they are backed by non-commercial organisations that I in general trust with my data. And both seem to have accurate enough weather forecasts, probably mostly sourced from the same metrology organisations across the world. Both have a very nice UI and easy to use.

[1] https://www.bbc.co.uk/weather

[2] https://itunes.apple.com/gb/app/bbc-weather/id649420946

[3] https://play.google.com/store/apps/details?id=bbc.mobile.wea...

It even automatically switches to English and recognizes US zip codes. I'm particularly impressed.

I, and others, have been using Yr.no for many years across the world. It’s only really failed me once, when other weather providers also failed. I dislike the iOS app, the Android app is a beauty. Just using the website is fine though, because it’s super fast.

>I'm not sure how useful it is outside of Norway

Yr pretty popular here in Canada, it tends to be better than Environment Canada or TheWeatherNetwork.com at predicting precipitation, and similar for temperature.

The default weather app on Apple iPhones is IBM's Weather Channel, https://support.apple.com/en-us/HT207492

> The weather data used in the Weather app comes from The Weather Channel. If you have issues getting accurate weather information, tap the icon in the lower-left corner to go directly to the weather source.

If you have an iPhone and are in the US, a home screen shortcut to mobile.weather.gov is much safer. Avoid putting the site in web browser new tab Favorites, which will be pinged by Safari even if you don't visit the site. This can be seen with Charles Proxy.

Does the stock iOS app forward to IBM the same data the Weather Channel app does?

In current location mode, Apple's Weather.app transmits over HTTPS latitude/longitude twice, once for general weather and once for air quality, both in the GET url.

No other information about you or your device is provided anywhere in the request url or headers. No other requests were made to api.weather.com during "check the weather" testing.



Since IBM has IP address of the request, they can map this to WiFi locations via geolocation. If IBM infers your home WiFI street address, this can be correlated with other data sets (e.g. credit card history) for further analysis, even if Apple does not send additional data in the API request to IBM's weather API endpoint.

As far as I know (and please correct me if I am wrong), geolocation is not quite that magical. At best they can infer who your ISP is and the region your IP block was assigned to.

Some wireless access points have a fixed IP over time, which lets IBM reasonably predict "anyone coming from ipaddr X is probably using wifi Y which is provably at lat/long Z" with sufficient levels of certainty.

This probably works better with "My Home AP Uses A Cute Name That's Hilarious" if your IP rarely changes and you have other software leaking data to IBM, but less well for "xfinitywifi".

In order for that to work in the way I am imagining, it would be necessary for the SSID to be available and correlated to access point's IP address. While this could be performed by wardriving open WIFI networks, it would be harder to gather this on a protected network.

Again, I'm not an expert here, and would be happy to learn more about whether this sort of data collection is possible.

edit: this is quite an interesting rabbit-hole I've stumbled into. It seems that there are databases correlating SSID to location, but aren't collecting IP addresses of those networks:



If you have a static IP address at home, that IP address can be searched in public geolocation databases online. Try it. It will list a number of possible physical addresses.

That's available freely on the web. Hedge funds and others buying data from IBM can buy data from higher quality sources, including wireless carriers, financial institutions and data brokers.

Most residential ISPs use long lived DHCP leases, and do not issue true static IP addresses.

Do you have an example of an IP address that geolocates to its homeowner's actual address (as opposed to region/city?)

Again, geolocation databases are not magical. This article explains that and some deficiencies:


Long-lived DHCP leases work. There are many examples, try the client IP addresses from the headers of emails that you receive. Geolocation dbs are not magical, but they are often close enough for practical use.

You do realize this is happening all the time with Android OS, FB's family of apps and most popular free apps that make $ from ads, right?

The default iOS weather app uses data from IBM’s Weather Channel. Your previous comment (re: app) is misleading.

Do you have any references on the data provided by Apple to IBM, e.g. how can Apple provide live weather data for all possible locations without sending your location to IBM? Is the iPhone's IP address (which can be mapped to WiFi location) used to make the weather data request to IBM?

It would be reasonable to expect that as part of TWC’s contract with Apple, they’re contractually required to keep individual location data private. I wasn’t able to find any concrete evidence of this except for the TWC privacy policy for the Apple TV, which seems to explicitly differ from the normal TWC privacy policy in that it excludes the sale of individual-level data to advertisers. (If I’m reading this correctly.)


Standard TWC privacy policy for comparison:


I don’t think that Apple has any technical privacy measures in place here, but I would be deeply surprised if, after all their pro-privacy advertising, they allowed a default app to be (at the contractual level) a giant privacy risk for their customers.

Good find. Wish there was a similar public privacy policy for Apple's Weather App, since phones share more data than TVs.

Your top-level reply could be misinterpreted to say that Apple ships an app called "IBM Weather Channel" on phones.

They do not.

Apple ships an app "Weather", which currently uses api.weather.com as the data source.

IBM Weather Channel operates api.weather.com.

TLDR: You're both right: it's Apple Weather, and it requests from IBM directly. https://news.ycombinator.com/item?id=18822350

I think this is a little bit ironic. The city of LA just released an app called ShakeAlertLA, which works with the USGS early warning system to let you know when there's an earthquake in LA. The app TOS imply that your personal information is only used locally and not uploaded, but if you look at the app's source (to their credit, it's easily available), your location is continuously sent to an AWS server.

You’re missing the point entirely. Nobody cares if Weather Channel used it for its own purposes. But instead it was selling all that info to third parties without any disclosure of that beyond some fuzzy boilerplate.

> look at the app's source (to their credit, it's easily available)

Care to link to where this "easily available" source code is? I tried searching for it and couldn't find it.

Wow, it looks like they took down the repo today. I take back my kudos to Los Angeles. The Android version of the app used to be at https://github.com/CityOfLosAngeles/ShakeAlertLA-android.

The backend code that seems to handle the REST call with user's lat/lon is still available[1].

Fortunately I cloned the Android repo locally. If you're interested I can reupload it somewhere. It's Apache licensed and I paid for a fraction of its development, so I think I'd be legally and morally in the clear to share it.

[1]: https://github.com/CityOfLosAngeles/ShakeAlertLA-message-gat...

Yes please do reupload it!

hopefully this works: https://ufile.io/yrmrx

I miss Weather Underground before they got acquired. :(

I like dark sky.


They have an app also but I just use the website.

Not as good as a layout as WU was, but I'll take it :)

It can’t be downloaded on iOS in Germany it seems.

You get all the features on their website too. I found a simple homescreen-link perfectly enough for my weather needs.

Presumably it has the same policy because it's also owned by IBM.

I wondered why they wanted it...

I used to think it was all the weather station data points but that became clear it wasn’t a priority considering how much their apis error out and how slow they are to fix. I think we just got our answer though.

They also took down a great little website they bought called Weatherbonk and never ended up using the site’s best features. I wonder if they were just buying up competition.

You can just type "current temperature" in google and it'll give you the weather forecast for the week. At least with google, they already have all your data.

If you're gonna type into Google, "weather" is shorter to type. "temp" even shorter. And on iOS, a weather app + dashboard widget and a single right swipe even faster. And on Android, a weather app + home screen widget and zero action even faster still. And we're back full circle.

The Daily has a good podcast episode where they go into more details with the reporters who wrote the NYT article: https://nyti.ms/2G7NcWH

In case anyone else just wants to just download the MP3 of this episode: https://content.production.cdn.art19.com/episodes/4f87f227-3...

This took me approx. two minutes longer to find than it should have.

Whatever you think of the problem of this location tracking, we still need to step back and take notice of the great hypocrisy of NYT on this kind of shit... e.g. “Project Feels” in which NYT predicts your emotional state while reading articles and attempts to sell ad inventory based on the ad’s connection to your emotional state.


> An IBM spokesman, Saswato Das, said, “The Weather Company has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.”

Why say something so stupid instead of issuing a simple “no comment”?

true weather is open source:


and love for those who still use desktops too:


The really ironic part in my view is that the native, Apple-made weather app on iOS used data from the Weather Channel. So there is literally no need to download the WC app. (To be clear, the complaint is centered around android and not the iOS app anyway.)

iOS’ Weather app uses The Weather Channel as data source. Does anybody know if Apple acts as a proxy and obscures personally identifiable information?

Apple does not act as a proxy. Their app transmits lat/long to api.weather.com. See also: https://news.ycombinator.com/item?id=18822350

This still leaves two open questions:

1. Does Apple’s contract with TWC allow them to market individual-level data to advertisers in the same way that TWC can with their own app? It would be shocking if the answer was “yes”.

2. To what level of resolution is the default Weather app lat/long data, compared to third party apps?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact