At the beginning of February it was the turn of the social network Path to be found uploading its users’ address books from their phones without their consent. Path apologized, deleted data and released a new version of their application where a opt-in mechanism for users to provide this contact information.
A few days later it came out that Google was bypassing privacy settings of Safari and forcing the user with a trick to accept a cookie that allowed the company to track internet usage. Google declared that they were using known Safari functionalities, and that they were not collecting any personal information from users, even if it was true that some advertising cookie were set on the browser.
That was already enough to start a deep discussion about the risks we are exposed using online services, since our personal information are so much important for internet companies to get increasing revenue, for example with targeted advertising or other personalized services.
Yesterday, to give a contribute to this discussion, I posted a "poll". I wanted to understand if people were aware or not that Google privacy police was going to change on 1st March. Also I asked if they were going to disable Web History or no, informing that all the collected data were going to be made available from Google to other services, and that could give evidence of personal tastes about sex, religion, and so on. By far I've got only a few replies, but they are telling me that most people are not going to disable Web History. Lots of times I was told from social experts that people have set very high their "privacy level" when using online services, and I'm personally checking that it is true.
So at this point, I'm wondering if the "Facebook story" that came out today is going to make most people worried (even angry) or no. Apart from that, what is more important it is if this event will be compelling for Authorities to do something more in this area. It is in fact evident that forcing Facebook and Google to regularly privacy audit it is not enough, since their aim is about how to protect info from authorized and unauthorized access, and not how they're going to catch and use our personal information.
According to The Sunday Times, Facebook is accessing text messages of users that have downloaded on their smartphone the social network application (see NOTE at the bottom of the page). It was reported that Facebook has admitted that they're practicing this, and that the users have accepted it in their "terms & conditions" when installing the application.
So, legally Facebook would be protected, but how many users were really aware of those terms ? Should we read carefully pages and pages of terms & conditions before installing any application ? It seems so. Would not it better to guarantee privacy user if certain permissions (and of course reading SMS must be one of them) should require explicit approval via a separate alert when the application first tries to use them ?
I've found this table summarizing which personal data are accessible from main applications under Terms & Conditions acceptance or others opt-in mechanism. It's better to give a look and in case you become worried about something reported here, go to check your privacy settings and change them.
NOTE: When I published the post the original article in The Sunday Times was available only for newspaper's subscribers and so we can make comments about the information reported from other media such as Fox News and News.com (by the way News.com is belonging to the same R. Murdoch that belongs The Sunday Times).
- 3. Forbes: So, What Are These Privacy Audits That Google And Facebook Have To Do For The Next 20 Years?-20-years-forbes