Saturday, March 17, 2012

Is there a smart phone that doesn't track users?

Originally published 04/25/2011 at

Declan Mcullagh of CNET reports that Android also collects user data. This is similar to the complaint against Apple's iPhone and iPad last week. Google claims there is no user identifying data sent, but that isn't true, strictly speaking.

The article quotes Sammy Kamkar, a well known security researcher, as saying, ""It's not tied to a user, but it is a unique identifier to that phone that never changes unless you do a factory reset."

But it's worse than that. It may be impossible to truly anonymize data and have it retain it's usefulness for marketing purposes. AOL learned this. Netflix learned this. It's time we learned it. Police routinely request cell phone tracking data from providers, often without a warrant, and the Justice Department is pushing Congress to make it the law of the land that cell phone data can be searched without a warrant. Even if the data from cell providers is anonymized, current technology is more than adequate to allow clever people to attach a name, number and address to the anonymous data. According to Markus Ullman and Marco Gruteser all that may be necessary to identify a person is their location data:

Unfortunately, anonymous location samples do not fully solve the privacy problem. An adversary could link multiple samples (i.e., follow the footsteps) to accumulate path information and eventually identify a user.

No company should be able to just gather data on our whereabouts, our likes and dislikes, our political or any other preferences without our informed permission. But until we force them to stop, they won't. It's in their best interest to gather and use any information they can, either to sell or to use to tailor their offerings to us.