Uber flouts Apple's user-tracking policy – and gets away with it
PLUS: An NZ security experts sounds a note of caution on LinkedIn's new user-tracking/proximity alert feature.
PLUS: An NZ security experts sounds a note of caution on LinkedIn's new user-tracking/proximity alert feature.
Uber faces yet another PR firestorm this morning with a New York Times allegation that it continued to track users, without their knowledge, after they deleted its app.
The Times says Apple boss Tim Cook summoned Uber chief executive Travis Kalanick into his office in early 2015 and confronted him over the practice.
Uber backed down. However, some commentators have said any other app maker would have been booted from the App Store for such a flagrant violation of Apple's policy — which is made worse by the Times allegation that Uber geo-fenced Apple's Cupertino headquarters so its staff would not realise what was going on (it came a cropper when Apple staff at other locations noticed).
Another disturbing aspect: It's unclear how Uber managed to keep tracking people after they deleted its app.
The episode is an embarrassment to Mr Kalanick — but also yet another validation of his apparent philosophy that if you've got enough users and deep enough pockets, you can get away with pushing laws, regulations and other companies' terms and conditions.
Uber has now responded to the NYT article, saying it deployed tracking on phones with deleted apps up until 2015 to help prevent fraud from stolen handsets.
LinkedIn launches proximity alerts
In other Big Brother news, over the past few days, LinkedIn has switched on a new user tracking/proximity alert feature. The idea is that if you're at, say, an event or conference, it'll be easier for you to locate your LinkedIn buddies, or for them to locate you, utilising your respective phone's Bluetooth or wi-fi.
A pop-up message that asks users if they want to opt in has drawn a lot of derision on social media.
I asked security expert Daniel Ayers for his take on LinkedIn's new feature. He didn't point out any security flaw from a technical standpoint but he did point out that it can still be problematic in other ways, especially if people forget to switch it off.
"It's basically the same issue as geo-tagged tweets," he says. "Even if the privacy policy is okay, if people turn it on and leave it on, then it can come back to bite you in unexpected ways," he says.
"From a privacy perspective, they are being pretty upfront about it and making it opt in, meaning you would have to make a conscious decision to have your location information shared with others.
"From a security perspective, if you did opt in, you would need to consider how well-protected that location data was and what the potential implications were if the data was stolen LinkedIn is a social network that tends to cater to businesspeople so, if there was a security compromise of the collected data, then hackers would be able to easily identify 'high-value people' and find out if any location data had been collected. You can imagine what the headlines might be if that data was compromised: 'CEO of X Inc spent the night at fancy hotel with secretary' or 'Leaked data reveals clandestine meetings between X Inc and Y Co'."
LinkedIn having its data stolen is not a hypothetical concept. In 2012 the professional business network had tens of millions of user accounts compromised in a security breach (which was not revealed until mid-2016). It has since strengthened its defences. But you still have to think of the meta data and social implications of others constantly seeing your location if you simply forget to turn tracking off.
New owner Microsoft is no doubt going to introduce other new features to LinkedIn, and I don't want to be a snowflake about them. After all, there is always a trade-off for convenience, and a number of LinkedIn buffs are going to love proximity alerts when they attend events. But just be aware of the downsides.