So, Palm was recently caught spying on its users. Major kudos, by the way, to Joey Hess, who initially broke this story. For those who haven’t kept up, various other news outlets and blogs have also been reporting on it.
Palm’s response to this problem is a single paragraph of corporate PR-speak:
The problems with this statement are:
- There is no indication of how to turn off this particular piece of data collection. Not on Palm’s web site, not in the user manual that came with the Prē, and not in the Prē’s user interface.
It doesn’t say “once per day, no matter what”.
Other items under “On-Device Services” start with “When you use a back-up and restore service…” and “When you use location based services”.
All of this suggests that users have some sort of control over what gets sent and when. The Palm Prē’s “Location Services” preferences item has a control labeled “Background Data Collection”, with the caption: “Allows Google to automatically collect anonymous location data to improve the quality of location services.” (This is after other controls labeled “Auto Locate”, “Use GPS”, as shown at right. If you turn on Auto Locate, you also get a control labeled “Geotag Photos”.)
It doesn’t say that Google (or anyone else) will collect data on what apps a user is running. And it strongly implies that this data will only be collected when I actually run an app that uses location services — for example, Google Maps, or OpenTable (which wants to know where I am so it can try to find nearby restaurants).
And it blatantly claims that if I turn off that switch, it won’t send my data off to big corporations any more.
So far, I’ve verified a few things:
- The application data log includes installs, uninstalls, and launch and close times for all apps, not just Palm’s official ones. Homebrew and third-party apps are included.
- Flipping the Background Data Collection switch does not turn off the
contextupload process that’s responsible for sending the information to Palm’s servers.
- Nor does it stop logging application launch and close times. I’ll repeat that: My Prē is still logging application launch and close times into
/var/context/contextfile, even though I have Background Data Collection turned off.
We in the technology business have a technical term for what Palm is doing when it claims that it “offers users ways to turn data collecting services on and off” in the context of this particular data. That term is: lying. Palm is lying to us, pure and simple.
Originally published at Coyote Tracks. You can comment here or there.