This is rage inducing. I went into this article thinking "ok as long as I don't have the Target or Ikea or whatever app installed on my phone, I'm fine." While that is a primary way, this needs to be outlawed:
> These companies take their beacon tracking code and bundle it into a toolkit developers can use. The makers of many popular apps, such as those for news or weather updates, insert these toolkits into their apps. They might be paid by the beacon companies or receive other benefits...
Ban this, full stop, on both ends of this transaction. The Reveal Medias and the scummy app devs using their ~~SDKs~~ trojan horses. At the very least these apps need to be named and shamed, I find this fraudulent and extremely difficult for end users to police.
I have very minor hope that Apple at least will one day shine light on this or ban apps who are not transparent about the data they're sending and to whom, as it doesn't conflict with their business model and they seem to be moving there. For now I have to essentially disable bluetooth when I get out of my car.
This is how an app like Facebook can show you an ad on something you were talking about.
It would be naive to point the finger at Facebook listening to you, it would be more accurate to assume its EVERY OTHER app (including FB) gathering data about you and your surroundings - MAYBE ONE IS ACTUALLY LISTENING - but whether any individual app is or isn't, the data brokers have all the data as well as other people like you that have probably reacted to the same external stimulus and can be predicted to be thinking about a certain product around that point in time.
POOF - an ad about that thing you talked about, now on your Facebook feed.
Zuckerberg gets hauled in front of Congress, accurately says "what? no we don't do that", data brokers and software engineers laugh to the bank and let Zuckerberg get crucified for their sins.
Yes absolutely, everyone else is gathering this apparently and it has to just be assumed now. I hadn't thought about it with the "facebook is listening" stuff but this makes way more sense.
It's particularly frustrating given how hard I try to disassociate myself and my family from "data brokers" and then I read another thing like this.
I think people jump to "the app is listening" because it's the easiest concept to understand. Anyone with a technical background knows why that's extremely unlikely, but it still makes more sense to people as a narrative than the complex web of online trackers and analytics gathering that happens out of sight and contains vastly more information about individuals than could be gleaned by eavesdropping on ambient room noise.
> This is how an app like Facebook can show you an ad on something you were talking about.
I helped my sister look at a new car an hour away in another town. Back home that evening YouTube was suddenly suggesting new car videos.
Not so much Bluetooth as my own fault for using Google products and tracking but still it was disturbing. I did not search for anything car related myself or for my sister all I did was visit a car dealership.
But it won't be. And even if it were, let us remember how well the law works to curtail crime among governments and wealthy corporations and individuals. They'll hide it, "repurpose it", lie about it, and engage in years-long legal battles during which time the public loses interest. If it is more profitable to break the law and pay the fine, that is the best business decision.
That's true... and that's why we should push for 2 things to happen when it is found that a business knowingly broke the law (or knew it was at risk of breaking and went on anyways) :
- a "proportionate" fine should never be less than 100% of the profits derived from their behaviour
- whoever authorized the company to go forward should be personally on the hook too
I saw a thing 10-15 years ago with a business associate building retail. He had average income for everyone driving by, some profession data, all sources from mobile carriers.
I think it helps when you’re siting locations from a thousand miles away and don’t know the areas you are investing in. You don’t want to drop a Dollar General in an upscale suburban environment, nor drop a Chipotle a half mile away in a trailer park corridor.
iOS 13 actually has BT permissions per-app, and blocking that has no bearing on bt audio as that’s handled on the system level. It’s quite eye opening. Netflix for example wants access to BT even though there is absolutely no Netflix accessory that would warrant such access. I’m pretty thrilled about the change and it only cements my choice of iOS for me.
That still won't change much, though, because, inevitably, there will be some app that requires Bluetooth for some fundamental aspect of its use that will also use one of these SDK's. Granting that app access to this will give it all the info it needs. What really needs to happen is that Apple needs to make some of these beacon-able permissions more granular. How to do that in a way that a tech-naive population understands what's happening is a very difficult problem to solve, though.
Fitbit is a good example. I'm willing to bet a good amount of money that they sell a lot of the BLE beacon data they snarf up alongside their heart rate monitor data.
Fitbit is a good example of an app that requires permanent Bluetooth access, but a terrible example of a company likely to sell user data. Fitbit's users are its customers, and are the source of $1.5 billion per year in revenue. Any money gained from selling that data would be miniscule in comparison, and would put the main revenue stream at risk by alienating customers.
It's not Fitbit that necessarily is collecting this data, though. Fitbit might simply be using an SDK for Bluetooth detection, for example, that's provided by a company that does sell user data. The number of paid platforms and frameworks that are out there and used by all kinds of companies is crazy and it's not too big of a stretch to realize that some kind of tracking framework runs on the business of aggregating and selling that data while only providing the company in question using the framework with some of it.
It's not even too big of a stretch to realize how many free WordPress frameworks out there collect and sell aggregated site visitor data. I mean... if you're using a free Google Analytics service, do you honestly think they're not doing something with all that access to your site info?
That doesn't change the fact that they could be using another framework or library that has code to access Bluetooth. As long as the app has been granted access, the framework would have access too.
I really doubt there is any such application that most consumers would install. Maybe there are some industrial applications but most people have no use for Bluetooth apart from audio.
Apple doesn’t pop up this permission dialog for their proprietary iBeacon system though, since thats also handled at the system level. With that taken into consideration, this feels less like a privacy feature and more like an anticompetitive move.
At least, that’s the situation to the best of my knowledge.
Just disable background activity for all apps that you don't fully trust. For me, that pretty much means like four first-party Apple apps that actually reasonably need it.
That's a good personal workaround, but it's not a solution to a problem - much like moving to a different city doesn't solve the problem of the manufacturing plant poisoning the water supply of the city you live in.
Adtech industry needs to be torched. GDPR was a step in the right direction, but unfortunately isn't nearly enough (I'd start with more aggressive enforcement of it, though). Something to pressure your politicians for.
I wonder if the usage of any data by advertisers was the hardest regulated, could you stifle demand for certain types of data sources. If you need to show a verifiable paper trail that leads back to a trusted acceptance from the individual user, then it would hopefully make advertisers think twice about their data sources as many technologies out there now rely on user fingerprinting to skirt privacy regulations, and could never provide proof of consent for collecting their data.
What about all the people around the world who can't afford to pay for the services that adtech currently pays for for them? Why do you feel you can make the decision to get rid of adtech on their behalf?
I'm not making the decision for anyone - I'm not the Supreme Commander of the Solar System (yet). I am merely advocating for destruction of adtech, as much as I can.
As for people using services subsidized by adtech - there's no rule of the universe that says you can either pay everything in cash, or have it free with ads. Those are only two particular business models out of space of many. Getting rid of adtech will only make ad-powered service providers switch to the next best model, hopefully a more ethical one.
The question you're posing is equivalent to "what about all the people who couldn't afford X if providing X wouldn't involve toxic chemicals poisoning their water supply?". Societies around the world consider many business models unacceptable; I'm only pleading that advertising as practiced be added to the list of such unacceptable business models.
It makes me sad how crappy weather apps are in particular. I keep getting this ad for "NOAA Weather Radar", which sounds official, but it's actually some adware by some Russian throwaway app company. I am not sure why the NOAA lets them call the app that. (OK, I actually sent them an email about it and haven't seen the ad for a while, so maybe they got caught.)
What annoys me is that weather is built into both popular phone OSes, so I am not sure why people install ad/tracking apps to get weather information. (What makes me sad is that I really like Weather Underground and subscribed for years... but now their website is super slow and bug-ridden, and I believe it's officially been canceled by their new corporate overlords. So I have no real good way to get "advanced" radar products except via GRLevel3.)
I'm guessing this can be policed by a service allowing the user to see a map containing location detail & time accessed information per apps installed. Thus, showing the user which apps installed are signaling with bluetooth and when they're entering specific stores throughout the day.
This is a feature that's being added to iOS 13, along with occasional popups reminding you that an app has location privileges, and a map of where it's been tracking you.
They could have the whole thing be opt in as opposed to opt out. If you want to find the drills at your home depo then opt in via the app otherwise could be ignored. This would at least give people visibility in the same way location services, contacts and push notifications do.
Reminds me of attending a concert around 2009. We were chilling to the pre-set tracks, my date started fiddling with Shazam on her iPhone. I walked back to the sound booth and asked.
No, turning that off blocks beacons and disallows new connections via bt. It still allows existing active connections which may be where it’s confusing.
I find it interesting that the article doesn't mention how various agencies track you through bluetooth beacons when you drive down a road or walk around a city. These devices are in plain view for everyone to see, but for some reason it seems that most people don't see them and basically nobody ever talks about them, yet they are everywhere.
If Apple really cared about privacy&security, they wouldn't do only a milquetoast appeasement like "ban apps who are not transparent about the data they're sending and to whom" (which is arguably how we got into this out-of-control industry sociopathy in the first place, with "self-regulation" and "privacy policies"), but Apple could even kill off most all surveillance possibilities in apps.
Imagine if using an app on your iPhone was regarded as more safe than visiting a Web page produced by the same organization, because Apple protected you more than Web standards do. It's a definite technical possibility, and I suppose it might make business sense for Apple.
> These companies take their beacon tracking code and bundle it into a toolkit developers can use. The makers of many popular apps, such as those for news or weather updates, insert these toolkits into their apps. They might be paid by the beacon companies or receive other benefits...
Ban this, full stop, on both ends of this transaction. The Reveal Medias and the scummy app devs using their ~~SDKs~~ trojan horses. At the very least these apps need to be named and shamed, I find this fraudulent and extremely difficult for end users to police.
I have very minor hope that Apple at least will one day shine light on this or ban apps who are not transparent about the data they're sending and to whom, as it doesn't conflict with their business model and they seem to be moving there. For now I have to essentially disable bluetooth when I get out of my car.