“We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
This should be posted absolutely everywhere with this as the hook. This type of request and the admittance that companies give even more than that all the time is headline news worthy.
This is why I never use native apps on my phone. The experience sucks but I muddle through using the web for reading Twitter, reddit, etc.
I am constantly, constantly bombarded with "this looks better in the app! please just run our app!!" as I browse. Still I refuse--with the web I at least know they can't harvest information about everything I'm doing. There are still some privacy concerns of course but it's much better to have the web as a firewall of sorts.
Twitter and (old)reddit are better as mobile websites in every way.
We have 30 years of browser UX development, culminating in tabs and multitasking tools that allow you to open things to read later, wait while they load on a slow connection or form a queue of things to read.
Mobile apps for every social media site loose all of that. They are worse than useless. There is this internal fear at social media companies, they want to prevent their users leaving their little walled garden. That or the religious drive for managers to reach target metrics creates a net negative feedback loop for user satisfaction.
Social media apps have no multitasking features (at least last time I used them). It's absurd.
I've only used the twitter mobile website for the last three years. Will never install the app again.
(Aside: my (ridiculous) conspiracy theory is that React Native is an attempt to distract developers from the advantages of a WebView based app development process that would eventually lead to the success of PWAs, locking devs into the app stores as a distribution channel)
It's incredibly interesting that consumer operating systems have done nothing to try to catch the web browsing experience. They've let themselves go no where. Tabs, multi-document interfaces, managing many files at once, is just not something the OS is good at.
I remember the couple months or years where each Chrome tab was it's own app instance. I thought it was incredibly ambitious & interesting to make the OS try to deal with tabs, be a manager. And indeed Google backed it out. And so as usual, Android is in the background of daily life, hardly ever touched or used, and I just stay in Chrome almost all day letting it define every bit of my computing existence.
The web experience just has so many more hooks & so much more power, than these little self-defined bespoke inward experiences. Because so much part because browser gives us such basic & flexibility utility as we compute & surf.
Thanks for the good post, enjoyed reading very much, & two thumbs up!
Why torture yourself with any reddit website though? Popular websites like reddit have multiple open source native apps. Just slap F-Droid on your Android and download Redreader, Slide or any of the 10+ clients you find.
If you don't care about being logged in libreddit is even better, especially for especially for image-heavy subs. https://farside.link/libreddit should get you a currently working instance.
i.reddit.com is amazing but broken in small ways. you can't sort comments or browse multis. Also, trying to pull comments beyond a page breaks in some places.
The funniest thing is that this trickles down to small SAAS companies, all of whom think they need two native apps. Talking to them about it is illuminating. Their app doesn't need to:
- use bluetooth, accelerometer data, or anything else not exposed to a browser
- spy on their user closely to generate valuable data (your app is the product, not the user)
- be discovered in the apple or google app stores. Relatively expensive, niche, high touch, business to business apps are not impulse buys for bored managing directors.
And their dev team is usually already over burdened just dealing with the web stuff.
But still they pour money into the two native apps bucket. Before they're even profitable...
I wonder how much this "IT LOOKS BETTER IN THE APP" propaganda is affecting their business sense. Twitter and Facebooks business model is a bit different from B2B SAAS SME.
When you need to do anything actually useful in these apps they typically send you to a browser anyway. Or worse, you have to do so yourself because you discover something isn't fully implemented in the app part way through using it.
Recently a coworker was struggling to change some personal details online and got stuck in a loop of no access due to multi-factor authentication. The phone helpdesk kept directing them back to the site to get stuck again. The solution? In this case the app's lack of support was a blessing. Personal details could be easily changed there because the app hadn't implemented multi-factor authentication.
As someone who works with mobile apps that use Bluetooth, I would be very happy to just write one app in the browser if that was available. However we are not there yet, so two native apps it is.
As a mobile dev, it's sometimes frustrating finding interesting work and BLE seems to be one area where businesses are willing to do something useful outside of duplicating simple REST calls and occasional multimedia uploads so the app can be at parity with the limitations of a website. Most product people are limited in their thinking of what's even possible because of their narrow usage of the capabilities.
Our phones are packed with sensors, and are more powerful than the computers that landed us on the moon. Apps can be so much more than dumb pipes for simple data upload and download from a server.
I agree, the whole mobile ecosystem feels just gross to me. Microtransactions, everyone pushing their shady app instead of a website, navigating the app stores feels like wading in a swamp where everything wants to kill me.
I predicted that it would end up this way way back in the 2000s when mobile was “the future” and was going to supplant all other forms of computing. I just saw it as obvious due to the walled garden nature of the system. It prohibits so much innovation so all we get is surveillance and addictionware plays.
I really think so, so I'm running /e/ OS with F-Droid as the app store. Thanks to the preinstalled microg, it can even run normal Android apps just fine, and with the built-in privacy settings I can disable trackers inside the few apps I opted to install from the normal Play store.
I typically prefer app UI and use permissions to control my data. If I set iOS to deny location data to Twitter, then Twitter cannot log my location even if the mobile app runs code to do so.
There is a lot that a website can do to profile you too.
While I agree in principle, wouldn’t it be true that cookies from e.g. Safari aren’t going to be readable by an external app, the way they could be from an iframe or whatever the cross-site tracking tricks are today?
same, my Wife who has 2-3 dozen apps is asking me why do you not use apps?(I have <10 apps on my phone) and I said I do not trust my data for one second with alot of these unscrupulous apps. I have a strong bias towards privacy - caveat emptor.
As an aside, if you use iOS, Banish will nuke those “open in app” popups. Costs one $2 payment, which I was more than happy to give to a dev working on a useful product. Works very well, and gets updated quickly when it doesn’t.
And this is also why sites like twitter and reddit are absolutely insistent and completely obnoxious if you don't use their apps... even though their service could and should run extremely well as a plain webpage.
The webbrowser limits their ability to spy on you dramatically.
Apps cannot run constantly in the background, they're very much at the whim of the Operating System and must register background operations and complete them usually in ~30s before being killed.
They also can't collect any information in the background they couldn't in the foreground. Like apps can't tell which apps you open, can't tell what info you put into other apps, can't track you across other apps etc.
Actually upon further looking at the docs I don't think they can collect any information in the background.
Like the app has to register as being allowed in background mode, upon which if a push notification is sent to it the OS wakes it up for ~30 seconds to make an API call or set data. But there's no UI shown, there's no ability to track which app is open, or even if the device is awake or asleep. It's not like the apps are able to run code in the background whenever they choose.
not including apps with Allow in Background location permission, like bicycle tracking apps etc. but those are done with explicit permission from the user.
Seconded. Nearly no apps are doing anything that warrants a "native" experience, they're glorified document viewers and form fields. Fuck 'em, I'd rather stop using a service than install an app.
My android phone's apps must ask for permission to use some of this data (location, microphone, filesystem, etc.), and android provides the options "always", "only when using the app", "this time only", and "never"; which seems to help with this problem, though I'm sure it's nowhere near a silver bullet. When I leave my home I only feel (mostly) untracked if I do so without my phone and only buy things with cash, which is almost non-existent behavior for myself and the people I know.
Apps don't have access to device IDs other than IDFA, which can be reset at any time by the user.
> wake/sleep/network events, etc
Apps can't tell if the device has been woken up or put to sleep, apps only have access to their own application state events like didEnterForeground and didEnterBackground.
Apps can tell if the device's internet has been connected or disconnected, I didn't know that was not possible on websites.
As someone who disables JavaScript while browsing, I find it disappointing that you are encouraging more developers to build web apps rather than a native experience.
I can't really inspect or block things in the iPhone browser either. The javascript is opaque and I can't easily inspect what it's doing or what it sends.
Web apps have a lot of access to your data as well, especially your location data.
Not if you deny the sites access to your location data, the permission for which is denied-by-default and is never, ever actually necessary for anything.
Because I honestly never know whether or not an app has permission or not to access my location. App permissions are granted when the app is installed, not when it's run. Furthermore, apps update silently, and are they giving themselves new permissions or not with each update? If I have given an app permissions to access my location, how do I see that, and how do I revoke it? And if I don't manually close the app, is it still running in the background accessing my location at all times? For how long? For websites, these questions are easy to answer. For apps, I find it to be an utter mystery. App permissions are mess; better than free-for-all OSes like Windows, but worse than the web.
> App permissions are granted when the app is installed, not when it's run
This is not the case in iOS, and I don't believe it's the case in android either, IIRC. You can also always audit app permissions via the settings app.
> how do I revoke it
Settings app. No idea how I'd do it in the browser, FWIW. Nor how I'd audit what permissions an app has.
> it still running in the background accessing my location at all times
Apple has a "allow location access only while running [in the foreground]" option as well. Not sure about Android.
> Furthermore, apps update silently, and are they giving themselves new permissions or not with each update?
They are absolutely not doing this. Security auditors would be screaming from the rafters if Apple or Google allowed app updates to change their permissions settings.
Who said websites have to use JS? Your argument is orthogonal to companies using apps to harvest user information, and being blocked by web platform there. There's no reason Facebook, Twitter, etc. has to use JavaScript in their web experience.
What angers me the most about this, is this type of topic is exactly what should be taught in a required class on ethics for engineering degrees, but is completely missing.
Engineering programs do include a required ethics class. But with a cynical lens, it's only required because the bodies that license engineers and permit them to practice require that course in order for a school's degrees to be accredited. Once an engineering graduate is licensed and practicing, they're on the hook to follow a standard of practice that includes ethics. If they violate that, their licensing body has the legal teeth to punish them in a variety of ways (e.g. fines, removing their license). Also, employers who do engineering work have to agree to a similar deal with the licensing body. If they force engineers to act unethically, those engineers can report them to the licensing body who also has the legal teeth to go after them in a variety of ways. It's not a pretty system but it generally does an okay job.
The ethics course itself is a very small piece of the puzzle. Even if every software engineer had to take an ethics course, there's still a huge power imbalance between the average engineer and their employer. Ethics are great and all, but without a legally backed standard of practice to protect those engineers, widespread violations are more or less inevitable. You can stand up and refuse to do work because it goes against what you learned in your ethics class, but your employer can just find someone who doesn't feel as strongly about that. That still happens in traditional engineering fields, but there's at least a legal/regulatory framework in place to discourage it.
Some jurisdictions "solve" this by lumping software engineering in with other disciplines and making the same licensing bodies deal with it. This is also a big mess. Those bodies are normally led by "traditional" engineers who barely understand software, their standards/legislation were written before software-specific issues (e.g. mass surveillance) were relevant, and their processes don't move fast enough to deal with a rapidly changing field like software engineering. It may be possible to fix all this or create similar organizations and legislation specific to software, but it's not trivial.
Yes it should be semester 1 in every single CS and SE course.
Sadly, there are very few resources; textbooks and professors
qualified in software engineering and ethics, and the adjacent
political, social and economic realms to fill this.
I'm really, honestly doing my best with this problem.
The subject area is massive. The issues are horrendously complex. The
targets keep moving (each day we seem to set a new bar for what
shitfuckery is acceptable).
Also writing a book on Ethics For Hackers that is not prescriptive or
too personal value-laden is extraordinarily hard (and it makes it
worse that I am an opinionated bastard)
HN remains one of my best resources for "pragmatic" ethics, and so I
thank you all.
> Yes it should be semester 1 in every single CS and SE course.
to, what, make sure it is forgotten by the time you graduate?
is there even any evidence that making somebody take a class on ethics will make them more ethical? most college courses are grading you on your ability to write about a subject, not on how much you care about it, or decide to alter your future behavior.
> to, what, make sure it is forgotten by the time you graduate?
That seems a little dismissive. Did you forget everything you were
ever taught? I doubt it. Maybe let's be charitable toward others.
> is there even any evidence that making somebody take a class on
ethics will make them more ethical?
Yes of course. Same as there's evidence that teaching cookery makes
better chefs and people who take a driving lesson crash their cars
less. Education is a real, actual thing, as you well know.
> most college courses are grading you on your ability to write about
a subject, not on how much you care about it, or decide to alter
your future behaviour.
Most college courses are rubbish. They're training camps there to take
your money and give you a piece of paper to boost your fragile ego. I
know that because I'm a university professor. You can read what I
think about the current state of education the Times HE.
Maybe one in five students actually take anything meaningful from
school. They're the ones who care about stuff and focus on their
future behaviour as successful individuals and members of society
rather than on ephemeral "knowledge" or getting grades. Don't fall for
the certificate scam and don't let schooling get in the way of your
education.
> making somebody take a class
Now, that's a telling word you use. Not wishing to psychologise, but
are you maybe afraid of someone making you take a class in this
useless subject?
If so I agree with you. "Ethics" is widely abused as a stand-in for
whimsical "policy" that can't be backed up rationally, or to conceal
hidden political agendas. Many classes are tedious finger-wagging
checklists and plenty of "ethics boards" are sham kangaroo-courts run
by cardigan wearing Kevins and Karens [1] who sit down with tea and
biscuits to decide the future of a department of PhD's based on how
they "feel" about some keywords in a checklist (I've sat in those
meetings).
You should be afraid of "ethics" when someone else co-opts it as way
to tell you how to think.
That's not what my project is about. If you're sceptical about ethics
in tech you'd probably like it. It's about ethics empowering you as
a decision maker - to back that up with 8000 years of human wisdom -
to be wholeheartedly motivated by projects that can make the world a
better place, and confidently, courageously say no to tedious
dehumanising schemes of extraction and surveillance that passes for
computing these days.
I know it certainly was covered in mine, it shared half a module with academic writing.
But I think by the time of starting third level education, something like this is too late to change someone's moral decision making, so I don't really think it had any effect on anyone in that course.
> by the time of starting third level education, something like this
is too late to change someone's moral decision making
That's an interesting reflection. It depends on whether you see ethics
as rational and actively learned, or formative conditioning.
It's why such a project is harder than I imagined, and also why I
tried (only somewhat successfully) to avoid prescriptive narratives.
The overlap between psychology (behaviour, which can be changed) and
moral feelings is complex.
I think the best we can do is lay bare some uncomfortable truths; how
people have seen things historically, what the likely outcomes of our
behaviours will be, and how we delude ourselves otherwise.
What I see in tech is that there's a lot of "moral armour" -
comfortable things we tell ourselves, distorted rationalisations,
fallacies, short-term economic justifications - that kind of thing can
be improved, unlearned and replaced by a better framework by appeal to
the rational adult mind.
I think this forum in particular often considers self-interest as the only rational option, and so appealing to the rationality of such people as a way for ethical outcomes is a fool's errand. It's why "but it's legal" is often offered up here as a defense for companies criticised for unethical behaviour.
My best guess as to why people are so willing to act as if ethical criticisms are not valid is that the commenters self interest sees themselves as a potential future benefactor of similar actions and so they see the rational behaviour as being to defend it in case they could benefit from doing the same.
I'm not saying that people cannot ever be convinced to change their outlook here, but that doing so for an adult is a way more involved, individual process that requires input from people the person in question respects, which is way more than a university ethics course can hope to achieve.
Just setting aside time for it in the curriculum would be a huge improvement. Even a single class session of student driven discussion and debate, anything. We don't have to let the perfect be the enemy of the good.
> Also writing a book on Ethics For Hackers that is not prescriptive or too personal value-laden is extraordinarily hard
Ethics and personal values are the same thing. It would be impossible to write a book on Ethics for [any audience] that didn't consist entirely of personal values. Similarly, since ethics are necessarily subjective, it is impossible to write about ethics in a non-prescriptive way.
There's actually an entire chapter on that subject; the difference
between morals, ethics, norms, laws and best practices, throughout
history and in "post-modern relativist" times. You'll either love it
or hate it, depending on how open your mind is.
It troubles me when someone proclaims such glib ease. I read maybe 10
different sources, philosophy books, old and modern, and numerous
debates on the subject precisely because some people think "oh that's
easy" - a symptom of our deflationary society which itself is an
interesting predicament.
What do those Greek and Latin words mean? Mos comes from "mores and
customs" whereas ethics (from Ethikos) means character in the mind of
an individual. That sets a distinction between normative and
subjective standpoints. However "Western" sense this is reversed. We
are comfortable talking about "your morals"my morality" as subjective,
relative positions, but reserve the word ethics for something
supposedly more objective, scientific, and therefore presumably more
widely agreed.
And that's just the surface of it. Resolving the actual documented
uses of "morality" versus "ethics" in case studies reveals a whole
lot more. Some distinctions assign the qualities of rightness and
wrongness to morality, but the terms goodness and badness to ethics.
And then the are are the entirely subtle but profound distinctions
Plato and Emmanuel Kant make about the mental/spiritual realm of
ethics versus Aristotle's primary focus on how actual people might
behave. Or a modern moral philosopher like Jonathan Haight's
distinctions between morals and ethics.
The bottom line is it's not that important so long as you're
consistent. However it is useful to have different concepts and to
set them out as philosophical tools. So "especially easy" - I don't
think so :)
I gave you the correct source. The -ic- in ethikos forms an adjective from the noun, just like the Latin form -alis that you see in "morals". There is of course zero semantic distinction between a noun and its own adjectival form.
If you look up "moralis" in Lewis and Short, you'll see a citation noting that the word was coined by Cicero as part of a protest against the idea that Latin was unsuited to the purpose of discussing philosophy (popular opinion at the time being that you had to use Greek for that purpose). It begins by noting that "mores [are what] the Greeks call ethe".
The Greek and Latin words are translations of each other, and both refer to habits and norms. It is true that in modern English norms are a distinct concept from ethics. (Not true in Greek!) But it is not true that in modern English morals and ethics are distinct from each other.
The ACM Code of Ethics (notably section 1.6 "Respect privacy") certainly forbids this sort of behavior.
I'm still waiting for ACM to audit the practices of Facebook, Google, Twitter, etc. and then apply penalties (conference and publication bans, membership revocations, digital library bans, etc.) as appropriate.
At the very least they should call out examples of unethical behavior - which currently includes many common practices in tech companies.
This is by far the most important point that is completely missing from the ethics course I took.
Sexual harassment is bad. Victims have an ethical obligation to report the harassment. The result will be HR protecting themselves, likely via moving the harassed person to a new team or making their life suck in other ways. The only path forward after is to fight, likely in/with the threat of courts. Social fall out (because a manager or their skip level's life got harder) is almost guaranteed. A product deadline may be missed. The blame is often directed at the victim and not directed at the person who was harassing. I have watched this play out multiple times.
In this way, reporting someone for sexual harassment is a sacrifice. So while there may be a moral impetus to report, there is a cost to do so, and the end result is not an ethical question, but a cost benefit analysis.
The cost benefit analysis is then hampered by short term vs long term thinking. If nobody reports it, the abuse continues. If everyone reports it, then some of the abusers would likely be punished. The individual cost of reporting is high, and so a person would rather move on than fight. The abuser then continues to abuse.
The end result is that the ethics themselves are obvious and uninteresting, but it is the economic factors and game theory factors that bring all the meaning to any type of pragmatic discussion of ethics.
What was in your engineering ethics course, then? Ours was pretty much summarized by "Rich assholes will try to convince your boss to convince you to do some evil shit in the name of money. It is your obligation to reject such requests". Followed by a painful amount of tragic examples. Like, this may have been the only message of the entire course. The Ethics course in the Philosophy department was way more engaging, because it had a bit more variety.
My course was very much a "don't do bad things because there could be bad consequences" type of course without too much ambiguity as to what the right action was and definitely no reference to topics relevant to software engineering.
It was not a "why do good people end up performing unethical actions, and how you can prevent yourself from equivocating and rationalizing unethical actions as well" course.
I took an ethics course in undergrad (don't recall whether it was required, but I can't think of anyone in my major+year who didn't take it). This was before mobile apps as such, but we discussed (among other things) both spyware and use of what would come to be called "big data" in law enforcement.
I had to take an ethics course as part of an engineering degree. This was before mobile apps really existed so it didn't include an example like this. Don't most schools require an ethics course?
It would be useful.. but really there needs to be much better laws controlling user data. If Google and Apple want to monopolize their users with the app store, then I think they should have to pony up for much stronger liability in these cases. They're only enabling this behavior to gain profit.
Some context for those who skipped the article: The major telco said other tech companies regularly collect and sell them this type of granular data harvested from users' phones.
Many free wifi places will track and report movements with the wifi area. Using bluetooth in addition. Shopping malls in particular can use this to find where people congregate.
Can probably be related to email addresses too, and hence shared with every other mall with same ownership as well as the company that provides the free wifi.
Maybe they were getting this from some ad networks like Taboola or Outbrain - but then those networks don't usually have enough info to really identify you.
Sure, if they were giving your IP to a telCo who can map your IP to a name if you're a customer - that's identifying you.
It's HIGHLY unlikely this happened at the usual suspects (FAANG).
There are a bunch who basically pay apps to use their api and then take the data.
Apple was right to kill that imho. IIRC that was foursquare's pivot
There is also lot/lon in programmatic bid requests, but I don't think they're super accurate or granular and lots of fraud. (could be wrong, just from my small experience buy side using DSPs seeing lots of lat/lons being smack in the middle of a city)
Yes, it's incredibly unlikely. So unlikely that it's basically impossible.
They explicitly and unambiguously deny doing it; if that was incorrect, there would be a huge regulatory and public backlash. (Think of what happened with the Cambridge Analytica case, despite Facebook's hands being pretty clean on that). No disgruntled ex-employees blew the whistle on this but did on other issue), which suggests it probably didn't happen.
Selling ads is very profitable. Selling data directly risks that business for little gain. In addition to the backlash when that data selling were revealed, it risks somebody else using the data sold by Meta to outcompete them on ad targeting.
> it risks somebody else using the data sold by Meta to outcompete them on ad targeting
Bingo. They're unlikely to be selling the data because those data are their secret sauce. They are as economically incentivized to build sociopathic models on you as they are to keep your data out of anyone else's hands.
Even economically, it seems unlikely they would. The data is their moat and it's what they can use to target people with ads. Selling it seems counterproductive.
What I'm confused by is why the telco needs twitter to get that info. I work for a data warehousing/sql consultancy and our biggest client is telco's who have to track everyone in order to comply with subpoenas. They already have all the data about where every one of their users has been.
Not trying to defend the telcos, but I think they're trying to figure out where to prioritize upgrading their infrastructure based on where their customers spend most of their time - and more importantly, where their COMPETITORS' CUSTOMERS spend most of their time.
If they know that, they can target those areas and then heavily advertise that they have better service than their competitors in those areas lol.
Historically they could do that by old fashioned research and surveying. But that's expensive. I imagine getting this data from everyones' phones is a lot cheaper and easier.
If that's the case, I don't think their desire is necessarily _evil_, but very misguided lol.
The "native" location data that Telcos have is not very precise - think of accuracy of a few city blocks. That is good enough precision for traditional subpoenas, but not for the kind of application the author described.
Also telcos only have data for their customers - this gets them access to competitors' customers.
With 4G the problem has been "what lane are you in?". One of the things that can be done with that data... If you can figure out what lane a user is in, you can target (visually) digital billboards to that lane, covering all lanes with different images/ads, through some weird refraction. I knew of a company that was working on that problem 8-10 years ago out of the South. No idea if they solved the problem.
A mind-bending digital info screen, developed in partnership with Misapplied Sciences and dubbed Parallel Reality, will debut in beta form on June 29 near the Delta Sky Club in Concourse A of the McNamara Terminal.
According to a news release, numerous passengers can look at the same screen at once, and each passenger will see personalized flight information that the other people looking at the screen will not see, because they'll be looking at their own personalized flight info.
The Parallel Reality display conveys the same sort of stuff you find on traditional airport screens—about departure times, gate numbers, baggage carousel locations, and so on—but you don't have to scan lists of data because the screen semi-magically shows you only what you're looking for, while up to 100 other people are simultaneously looking at the same screen semi-magically showing them what they're looking for.
Since at least 3g there is a capability to request the phone to report GPS location to the telco. There is even a capability to override disabled GPS before doing that, presumably reserved for law enforcement/search and rescue.
> our biggest client is telco's who have to track everyone in order to comply with subpoenas.
Perhaps I am missing something, but I don't understand the intersection of why telco's are involved in serving subpoenas and the need to know the physical location of users. Are you referring to a log of networks / DHCP leases their customers were using at any given time?
Not serving subpoenas, responding to them. Police subpoena stuff like "everyone who was within x feet of this phone number or location between these times" and the telcos can't just say "we don't keep that data."
Subpoenas are based on information you have. Where is the law or regulation that says they need to keep it?
Telcos keep it because it helps them with network capacity planning and is incredibility financially lucrative when they want to sell the data. It's probably more to fill in their data product for malls and fine grained location than to do it for subpoenas, which if they had a choice would probably rather not have to do.
I'm not sure if it's a legal requirement or they just don't want to upset law enforcement. I guess maybe they're just keeping the data for other reasons and then law enforcement is jumping on that. All I know is they're using our data warehouse and having me write queries that answer those subpoenas when they come in.
Well I know that in the UK it is a legal requirement, but not sure about the US.
> the telcos can't just say "we don't keep that data."
Not sure what country you are in, though that is untrue in USA. Businesses keep whatever business records they desire, and some required regulatory/personnel data. Even if they have the data a USA attorney can try to argue that the request is unduly burdensome or too broad and ask court to quash subpoena.
> telco's who have to track everyone in order to comply with subpoenas.
Subpoenas are used to compel production of existing information. Speculatively creating info to comply with future theoretical request is not necessary. It's easier to not have the info and truthfully respond to subpoena with "no such data".
In the UK they are legally required to keep the data in order to respond to law enforcement requests. My understanding is that in the US they’re not required to, but at least the ones I work with do for whatever reason.
It's most likely that the Telco Director was lying out of his posterior, trying to scare Twitter into doing what they wanted with vague threats of "your competitor will get this money otherwise".
I suspect other tech companies were claiming that they would have this granularity eventually but never actually delivered. One of the things that happens at these (and the fact that he didn't "hear this" until on site) is that Sales promises everything with a flashy powerpoint, and then what is actually delivered is a "if someone tweets in the Verizon store and uses Verizon in the tweet, you can put an ad on that".
> it seems cute that the guy thinks the change in ownership somehow makes it "safer" for him to share inside details
If the change in ownership means "I am never going back, time to set that bridge on fire" he's absolutely right it's "safer". Or simply if he thinks "It is now acceptable to future employers to do this", it is also safer.
Or maybe it was something that he now sees as a greater threat, and therefore is worth mentioning even if is not safer or even riskier.
It depends on what you mean by liability. If you mean they have a 7+ year NDA, and the NDA covers undone features. then, yeah I guess Musk is more likely to sue. Maybe. Or maybe he'll love getting to shout how he would never do that, look how cool he is.
They (the telcos) only have stats on their customers. Twitter has it for anyone running twitter. Further, twitters location data is likely more accurate than the telco due to positioning from stuff like wifi names, local gps, etc.
when the covid-19 pandemic came into real force (May?) I definitely saw a sample report from MAPBOX that showed aggregate consumer movement in the New England area, with extensive, quantitative classification on visits to retail, restaurant and public sites like schools. The visual was each and every individual track, but as lines of the same color. So the data on each individual track was there, but not named in the report. There were hundreds of thousands of input tracks, for some time range. The context was "were people violating lockdown, travelling to what destination" .. retail and restaurant were very prominent in the report.
- the location logs would be collected by a simple application, witch imply the phone/phone OS itself can do that;
- they do refuse, Legal teams do not, but nothing state they can't satisfy the request TECHNICALLY.
In other words when people tend to disagree with my consideration of smartphone as macro-spy devices bought and kept up by those who get spied as opposite of classic spying gears should think about not only that, but what they do with their (well, not really their, since they are just formal but powerless owners) phones, things like pay taxes, act on their banks accounts, pre-heat/cool their cars etc.
Because such activities have a FAR bigger impact than mere position logs.
> “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
> This should be posted absolutely everywhere with this as the hook. This type of request and the admittance that companies give even more than that all the time is headline news worthy.
It's pretty well know, but it should be even more well known. IIRC, what's left of foursquare basically does that, lots of "free" apps do it (like weather, calculators, flashlights, etc.). It's the whole reason the "only allow location access when using the app," was invented.
I would have thought that a mobile telco could generate this data already just from what they need to route data (and voice calls) to each phone, at least to a somewhat coarse level, without needing to have apps upload this.
They were after data for other carriers and/or more enriched data than they could easily collect. They could use this data for their own marketing and/or network planning. e.g. “We have the least share in market M where some significant proportion of all cellular users , based on twitter data, love NASCAR and spend relatively a lot of time on their phones at racetracks and Walmart. Lets increase capex around race tracks, do a promo with NASCAR and Walmart, and buy some appropriate ads.”
Sale of data should be opt-in, not opt-out. Companies will find a way to go around this and we’ll have to catch up again, but it would be a good next step.
Even if we assume that the OP is telling exactly what happened rather than exaggerating (stories do tend to grow in the telling over 8 years), we don't actually know that this alleged data selling happened. All he knows is that somebody at a telco with an interest in getting Twitter's data claimed that the telco got more data from other companies. What other companies? No details. What data? No details. Was the guy from the telco telling the truth, or lying since that furthered their agenda? We have no way of judging that, and neither did the OP.
Spamming this submission with that hook (rather than the parts that the OP had actual direct knowledge of) is basically just spreading misinformation.
It's also, at best, a claim made by a (presumably non-technical) employee of one of these Big Tech companies' clients. It's entirely possible that they were able to benefit from the data that Google, Facebook, whatever collects while not having direct access to it in any form.
> We get a lot more than that from other tech companies.
Have any journalists and/or leakers exposed exactly what these tech companies are sharing? As much as I've heard about data collection and sharing by big tech, I feel like I don't see much in the way of samples or example data. Even the forced GDPR data releases I've seen haven't been extraordinarily in-depth. Surely there must be some articles out there that I'm missing?
It comes from the telcos directly (think Sprint phones with custom OS installs), it comes from popular mobile SDKs (e.g. why Yahoo bought Flurry), and it comes from apps who simply sell the data directly.
There is one journalist who actively covers this sort of PII/data-selling world: Joseph Cox at Vice [1]. The only US-based legislator who actively fights against this is Senator Wyden.
It's simple - an app asks for background location permissions, then uploads all the datapoints and timestamps the OS gives them to their servers, which is then resold with "anonymization" that just replaces any personal information with an impersonal unique identifier.
> Have any journalists and/or leakers exposed exactly what these tech companies are sharing?
I think that the answer to this is "yes, multiple times, often multiple times on the same companies up and down every level of the stack".
And some of the companies brag about their abilities. There was some surveillance company which was showing how Covid spread after spring break in Florida by gleefully posting screenshots from their tool that tracks individual phone locations.
> I think that the answer to this is "yes, multiple times, often multiple times on the same companies up and down every level of the stack".
Do you have a link? It's always sort of discussed as if everyone knows exactly what's happening, but I'm specifically looking for links that break it down.
Why wouldn’t you believe this was happening? Facebook bought a VPN provider with the explicit purpose of spying on its users and both Facebook and Google convinced users to use what was suppose to be an internal Enterprise Certificate to track users until Apple threaten to cancel the certificate.
For example, if the telco is already getting "a lot more than that from other tech companies", why do they also need Twitter's user location data? I understand "more is more", but the telco in the story sounded desperate to obtain Twitter's data.
A data science company I used to work for got hired in 2017 by a large American telco to handle this exact same sort of data coming from antenna location to do better ad targeting.
The reason why Verizon or AT&T do not have the ad capabilities of Google or Meta is because they are giant incompetent corporations that are incapable of developing anything in any area that didn't exist in the 1980s.
2015 to be precise, which is fairly late in the game. I was at a conference a few years prior to that and some guy was bragging about all the stuff they can find out about people based on their data this and data that.
There is some obsession amongst a subset of techies with knowing everything, and that extends to the daily minutiae of the lives of others.
This should be posted absolutely everywhere with this as the hook. This type of request and the admittance that companies give even more than that all the time is headline news worthy.