I really think the privacy advocates are holding us back at this point. They refuse to make reasonable concessions and while they think they're fighting the good fight, they've just marginalized themselves to the point where only a tiny extremist minority is engaged because moderate voices are shouted down as "selling out to the man" or the NSA or whoever the villain of the day is.
Its also sad to see a arguably progressive community like HN fall for this stuff. Not only are we doing this stuff all the time, the current fad of health devices, smart watches, etc are going to make this a lot more common. We're like cavemen throwing spears at an enemy with machine guns. Its a fight we've long lost. I think its better for us to focus on privacy issues that are legitimately victimizing instead of railing against anything and everything that kinda sorta rubs us the wrong way.
If anything, the cult of privacy is hurting us because its created a "boy who cried wolf" situation which is now a political liability. How am I supposed to tell Joe Midwest Voter that X is harmful when he keeps hearing about how tracking cookies or Tivo stats or iPhone policies are harmful and didn't give two shits about those either.
So, as long as companies feel they can do anything they feel like with the data your only option is to completely opt out. Which means companies have no reason not to release your data as everyone assumes they will anyway.
In clinical research it's considered unethical to take uninformed consent and a great deal of effort goes into educating participants on the risks and benefits of their contribution.
Such stuff is fantasy for modern EULAs though, which makes it sketchy when these entities do (public) research.
Why should privacy advocates 'make reasonable concessions'? What are they holding us back from? What concessions is the other side making? Who exactly is on each of these sides anyway? Your comment isn't particularly clear on these points nor on why the opposite view is any better (other than we get nice graphs occasionally). There are cogent arguments to be made on either side here but you've made none.
> "I'd hate to lose this data just because a minority think its a threat to their civil rights."
Minorities matter and it's ironic that you bring up civil rights. There are plenty of example from history so please do look them up.
 I'm not saying it's possible for the graphs in the article, but if one had access to the (anonymised) data that produced them, it may be possible to combine with other data and ultimately identify individual users.
If I want out then Jawbone has a handy 'remove all my data' option.
People share all sorts of data in all sorts of places (as others have pointed out in this thread), and it is their own responsibility to read the T&Cs of those services.
I agree that data privacy is important for those who want theirs protected. But in this instance, people have chosen to wear their UP and have T&Cs which notify them of the usage. If they later change their mind then they have the option to have their data removed.
I can't see how any of that equates to 'shackles', but agree from some POVs it could be considered 'scary'.
While some people may believe/feel this is reasonable, it has rapidly become impractical. Have you read the T&CS for all the services you use? Any idea how many pages of text that comes to? Did you also know that the reading level of most T&Cs requires college-level education (just to comprehend)?
My point is that it is already impractical (& will become more so) to suggest that T&Cs can make people aware of anything.
Same goes for legal disclaimers in email footers, cookie warnings, warning stickers etc. Why are we allowing this to happen?
(My solution: "Yes, you can sue them because the coffee was hot (etc) and there was no sticker on it, you just have to be prepared to give up your voting rights and your drivers license in the progress. Continue Yes/No?")
I liked this section:
When you use the Jawbone Companion app we connect with and upload to our servers the address book and calendar on your device along with other data that we normally collect through our mobile apps described in the app usage data section below.
I wonder how calendars are used.
We can debate whether people should be educating themselves about such terms but my point is (still) that it's impractical in the long term as we want to use more services/devices. The only way out of this that makes sense to me is that people begin owning their data and (digital 'exhaust'). I'm working on FOSS tools to enable this (see my profile).
Note the comment I made earlier in another part of the thread where I said I pretty much refuse to use device+service combos like the one here.
Also, recall that I said that a certain level of knowledge/understanding is required to even understand the basics.
> "I pretty much refuse to use device+service combos like the one here."
Could you elaborate why? Onerous T&Cs? No control of data? Don't care about such analytics?
My problem with how things are developing is that we end up in a world where either you resign yourself to the fact that you're constantly being data-mined or you become a digital hermit. There's very little that allows you to engage and retain control (without becoming a sysadmin).
As far as not using analytics, it's a combination of not caring (as an example, I run (maybe I should say jog?) regularly but don't time myself) and distaste over the way the data is managed.
Example, you can still include any terms you want but some items need to be individually agreed to in plain language, like "This product will report your location back to us"
Sort of like FDIC notices or nutrition facts.
However, that is a problem that is equivalent across all facets of all services people use, and I think is independent from this problem.
The likelihood is that most people don't read the T&Cs and most people don't care about their data being used like this. But if someone is concerned about a particular facet of a service (privacy/data usage) then there is a place they can look and relatively easily find out what they need before signing up.
What can be done about the wider problem of T&Cs and how they are unwieldily is a tough one.
No, but if I personally thought that practices which are extremely commonplace (like the collection of anonymous data) were privacy violations, I probably would read the T&Cs. Unfortunately, I would also be unable to use the vast majority of electronic products, including virtually all websites.
This is not a safe approach when you're dealing with legal contracts, which is what T&Cs purport to be. Minor difference in wording can have very different intents/outcomes.
Having said this, they pretty much give carte blanche to the service provider to do whatever they want -- so in that sense, they're all the same.. That doesn't make it right and it doesn't mean it can't/won't be contested at some point.
1. Google has "trends" when things happen, and "Earthquake" was most certainly googled near/at the time it happened.
2. The phone company has records, which many people texted/called near/at the time it happened.
3. 911 has records and calls were made near/at the time it happened.
and so on…
So there are private entities and government that have data around the event that can correlate behavior and situations, so it shouldn't seem scary to me… it's just should I have better access to the data? And if I do, what can I tell from the correlation?
Intimate sleep data is a bit different than knowing I called 911 for an emergency situation.
Jawbone uses your information to provide and deliver products and services you request; personalize your experience and customize content, marketing, and recommendations; respond to requests that you make, provide you with customer service, send you press releases, general informative announcements, and promotional information about us or our products, or to aid us in serving you better; and protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
I get the desire for privacy, but if every time people have data about them used we get this complaint, no one's going to listen when there's a real violation of privacy.
If you try to take a Jawbone off, I believe it will take a few seconds.
I dislike these data collection and analysis as a service gadgets enough that I'm not using any of them, but I think you could be a little more considered in your criticism of them.
It would require that Jawbone perform a live intercept so FedGov agents can plant physical bugs or insert TURBINE-derived malware or attach a keystroke logger. The order would use existing legal authority to compel Jawbone to provide real-time data on the user’s precise geographical location and whether he or she is awake. Obviously if the target is at home and awake, the Feds would abort the black bag job.
The Google Play store listing shows that the Up app wants access to precise (GPS) and approximate (network) location, so the lat/long available for NSA perusal with compulsory process is likely pretty detailed. And the marketing literature on the Jawbone site uses “always-connected” and “real-time” language, which is perfect if you're in the real-time surveillance business.
The non-U.S. user targeted by FedGov may think he’s escaping surveillance because he’s using only local phone providers and local email providers. He’d be wrong; Jawbone is based in SF and subject to U.S. law… Another interesting use would be tracking physical movements of non-U.S. users and correlating them to see who’s meeting with whom; does Jawbone force SSL for its API usage? (The API web page only says “communication should be done over a secure channel,” not “must.”)
I’m joking above, of course, and I have no reason to believe the NSA has done this for a non-U.S. citizen or the FBI has for domestic surveillance. My point is to suggest that folks here at startups think in advance about how to respond to legal process, how to encrypt data in transit, and how to store user data in a way that minimizes your legal exposure and protects your users’ privacy.
Better to think about this early vs. after you get an early morning knock on the door with a very serious plainclothes guy with a badge serving you with some very serious papers demanding info. That happened to me in a different context years ago, but that’s a story for another time.
It's pretty obvious that this could be done on client side without needing an internet connection. Or do all of these companies sacrifice usability and privacy in order to make more money?
Your meta point, though, that people should be concerned about this type of tracking is well founded - but, honestly, I'm probably a lot more concerned about how easy it is for my cellular provider to track where I am at any given instance with my Smart Phone - (or any cell phone for that matter) - as I don't recall ever "enrolling" to provide them with my tracking information.
That graphic, it could be argued, is based on an entirely new data set.
So while individual data sets may been used at some point behind the scenes, it's not like those data sets are the ones being disposed.
I cant help but wonder how much it would cost to get the sleep records of a competitor of mine - or if it's not for sale, how much the data would be worth on the black market if their servers got hacked.
I have doubts this information is being kept as securely as it should be, that's where my concern lies.
Distributing is a different concern. But people pay jawbone to actually collect and store it, so they can view it later.
So what? Time and time again things that would make you a bad person are silently accepted as normal or even expected of a business.
1. Apparently everyone in Santa Cruz goes to bed early and gets up early.
2. I would have expected bigger jumps on the hour. Maybe I'm the only one that sets my alarm on the hour though.
3. Why would there be dips in the AM? People hitting snooze perhaps?
4. How long do you have to moving for UP to think you're awake? How long do you have to be still for the UP to think you're asleep?
Probably some selection bias at work here. It's possible the type of person who's buying and wearing personal fitness monitors is also the type of person who gets up early.
> Maybe I'm the only one that sets my alarm on the hour
Probably my OCD coming out but I only set my alarm with minutes beginning 0-4 and ending with 8. I'm sure everyone has their own habits. On the hour seems so numerically boring!
1. People who are fit (or want to be)
2. People who are technical (or are interested in quantified life in general)
Technical people who commute from SC to Silicon Valley have far less bus options and routes than SF (SC has three each way for Google which ends at 9:25). That forces a lot of the number 2 people awake earlier than they otherwise would be.
I think SC is probably the same, if not average getting up later than other Bay Area places, due to the large student population and short walk/bike commute for those who work in the town.
I assume most of the UP-wearers will use the "smart alarm" function on their wristband that will wake them at the "optimal moment" in their sleep cycle.
What I'm guessing is that people in areas of higher population density stay up later and get up later on average. The 25-50 and 50-75 mile bands seem to contain the big urban centers, while the 0-25 and 75-100 bands are more the suburbs, small cities and rural areas.
I wish there existed more engineer-friendly initiatives where you can install the data collection server, data store and analysis server on machines you control.
1) Jawbone is a data company. You get what you want from them by giving them your data. Giving them your data is your choice, so if you are uncomfortable with it then you should not have a Jawbone.
2) What's interesting about this article is that it's in aggregate, across a statistically significant (so they say) number of people in these areas. They're not looking at individual stats, and I would bet would have a hard time tracing it back to a single person/name/etc, if they're even allowed to store it that way (not sure, but it would surprise me if they did).
If you don't like your data being stored somewhere, why are you even on HackerNews? You know your data is being stored here and being learned from.
having my sleeping records and a table of what times during the day that I shit is a lot more sensitive information than the trash I post on hacker news
Also, if you think others care about what time of day you take a shit, you have way too high of a view of yourself.
As Uncle Ben said, "With great power comes responsibility." It's an awesome thing to have the power of "big data" to analyze your life and make better decisions. But "big data" needs to be responsible in how they handle that data (and their users' trust).
That's the whole point. The fact that they have this data means that they could share it with whoever they want, whenever they want. And we would never know. So in this particular case, it's not a data issue - it's a trust issue.
Like I said above. . . it's not a data issue. It's a trust issue.
And for those who've noted that the NSA are going to have all the cool data, after seeing this chart, I'm pretty sure they'll start tapping into Jawbone as well.
It does date from the present decade, however. It's not that old. I'm somewhat amused by the number of sites which fail to work properly (some at all) with it.
Imgur is entirely dead. Reddit I can read, but moderation and reply buttons don't work. I hit the beta rollout of a news site last night (apparently part of their A/B test) and found that among the features which failed to work was the "opt out of beta" button.
D3 should work in any browser that supports SVG, which is every desktop browser but IE8 . If you're still using IE8, some sites not working is going to be the least of your problems soon - Microsoft isn't patching it anymore.
The browser isn't a Microsoft product.
I've also found that the very rudimentary browsers included in cheap feature phones tend not to work particularly well with any measure of "modern" websites (though others do support these fairly well). While I don't suppose these are a large financial market, they're likely a large user market, as those phones are both cheap and exceptionally thrifty with battery life (weeks, not hours).
Given that this is graphical content, that's less a concern. But as I noted above: simply providing a fallback JPEG alt would have worked.
And noting an issue isn't the same as complaining. Actually, if you'll note, I fixed the problem, after a fashion, by providing a link to alternate and accessible content.
But thanks for your depth of understanding, empathy, and sympathy.
The text says that 93% of the Napa area woke up, but the graphs shows 74%. I'm assuming the graph is off?
59 awoken = 74 (awake at quake) - 15 (awake before the quake)
85 = 100 - 15 (awake before quake)
Maybe they are adjusting for other things that are not shown on the graph.
I wonder if they can track how many people die per year and differentiate between type (car, earthquake etc.).
As far as I know, these devices cannot detect the cause of death.
There are now devices that can tell what exercise you are doing just by being on your wrist.
Isn't this an overly optimistic claim? Surely people using a sleep tracking device do not form an unbiased sample of the general population when it comes to sleep patterns?
A sample size in the thousands counts as "extremely large."
My remark was just that, the sample bias has an impact on the significance of the results. I do not know if in actuality people using sleep monitors form a different distribution than the general population regarding sleep patterns, but it seems likely.
The title of the article mentions "Bay Area sleepers", so it would seem to me that they do form conclusions about the general population, not just Jawbone wearers.