Hacker News new | past | comments | ask | show | jobs | submit login

I worked at Niantic (originally on Pokemon Go) since the day they officially spun out from Google until a few months ago.

I am speaking solely for myself when I say that, While the company has plenty of flaws, it is very serious about privacy protections. It was drilled into every engineer from day one that we were dealing with really sensitive data. Not just any old data - kids were a target audience and so we were dealing with realtime location data from children under 13.

Niantic took a lot of time and effort to ensure that this data was deleted, obfuscated or has as much precision removed as possible, as quickly as possible.

I don’t like how Niantic handled some things, but their stance on privacy was never one of them.

(Again, this is my personal opinion. I definitely don’t speak for Niantic.)




I was very active in the Ingress community around that time and while I appreciate their efforts, I don't think they were very successful in this regard. Using IITC (3rd party Ingress planning suite) we could track people's paths pretty well, to the point where you could easily see how others ran their routes and could intercept them if you wanted to say hi, or something more nefarious. I know at least one woman in the community changed their account because of a stalking problem.

I didn't totally mind the lack of location privacy since the game made it pretty clear you could run into people if you really wanted, but I wouldn't give them flying marks on the privacy issue. For Pokemon Go I'm sure they were far more careful, but Ingress really felt like the Wild West.


IITC was explicitly a violation of the ToS and Niantic made efforts to foil it and ban those identified as using it until player outrage made them give up. The nature of the game also was antithetical to the notion of privacy since you could predict player movements just on the basis of field layouts. Anyone playing in an area also quickly learned the approximate locations of home and work for other players solely on the basis of habitual game activity. I mean, the whole point of the game was geolocation, it seems odd to me that anyone would have some kind of problem with that for Ingress.


On the last point, Go has the same situation, where playing the game to its full extent requires giving up a lot of information to be publicly displayed.

Gym ownership in particular is needed to get in game coins (required fo basic things like extending pokemon storage), and will reveal a lot about someone’s life patterns to anyone willing to put efforts in knowing.

It gets worse with “friends”, it’s a very powerful leveling up mechanism, but gives the same insight in a more granular and extensive way.


From what I can read you've never been stalked by a creep…


I think the point of the comment is that by playing the game, you broadcast pretty sensitive data. It would be like if you were constantly uploading geotagged photos for everyone to see, and being surprised about people learning your location.

I really hate that this sounds like 'victim blaming', but if a threat vector for you is being stalked by a creep, and you don't want people to know where you are, then maybe voluntarily constantly broadcasting your location to the public isn't the best idea?


What if you innocently play the game and THEN get a stalker, who uses game data to identify work, home, etc.

If anybody can get a stalker, then nobody is safe playing this game... ?


That's a matter for police then. Any thing involving location data and semi-public information could land you a stalker.

Anything can happen to anyone. Whether to care about it at all, involve the state or solve it solve it yourself depends on probabilities involved.


So privacy doesn't matter? And the police are the right solution for all invasions of your privacy? Do I get the local police involved if remote attackers use personal information to drain my bank account?

"The police" (local?) are a solution for certain kinds of problems, but that's it.

Consider restraining orders and all the victims these orders failed to protect. Far more effective is a large dog or other adult humans.


> Niantic took a lot of time and effort to ensure that this data was deleted, obfuscated or has as much precision removed as possible, as quickly as possible.

Define "as quickly as possible". How long after the fact can Niantic tell that I was at Burger King for lunch?

If the answer is anything more than a week, I don't think they are really trying. Pokemon Go does need to keep some data longer because it's used in-game: when and where you caught a Pokemon that you still have; whether you have ever visited a given Pokestop (but not when); how long you've had Pokemon in a given gym. But the game never needs to save actual paths you followed.


They store the fact that someone was there are a particular time but they strip the userid immediately.

They have a GPDR data-request page if you are interested in seeing exactly what data they store about you.


> They store the fact that someone was there are a particular time but they strip the userid immediately.

This appears untrue, according to the article: "In five days of gameplay, Niantic kept 2304 location records for one player. [...] When we asked them about their propensity to eat Burger King for lunch, they were surprised that we knew that"

This is only possible if the userid is still linked to these location records.

> They have a GPDR data-request page if you are interested in seeing exactly what data they store about you.

I know. That's what the featured article used to get the data referenced above.


Wow. It’s not often you see making someone eat their own words executed so well. Professionally handled.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: