There was a bit of noise yesterday about a popular mobile social networking app, Path, taking the address books of users wholesale, and storing them on their servers. Despite being transferred over SSL, and the data only being used to notifications when friends signed up, Path has apologized profusely and wiped any personal address book information from their servers. A patch to their iPhone app now provides a prompt if you’re interested in receiving notifications when friends sign up.

It’s good to see Path is being clear, prompt, proactive, and apologetic about the whole thing, but the whole situation still serves as a reminder that many of these mobile apps have access to a lot of personal information, and if you’re uncomfortable with that situation, it’s probably best not to go crazy signing up for every trendy new service to come along.

Personally, I’ve already surrendered to the fact that Google has an obscene amount of insight to my life, and if a few smaller software companies do too, fine. The worst they can do is deliver ads that are more relevant to my interests, and that doesn’t sound like such a bad thing.

Source: Path

Do you love Path, the slick, simple, moment-sharing social network app for iPhone? Well, you get ready to dial it back a notch, because apparently they’re storing your entire address book, e-mail addresses and all, on their servers, and in plain text. What kind of evil deeds does Path have planned for all that data? Well, the CEO, Dave Morin, said that the data is used exclusively to notify you when your friends sign up for Path. He also claimed that it’s the industry standard to transfer that personal information in plain text, even though, as one commenter points out, it could be done with representative hash codes instead. Morin also said that they intend to update the iOS version with an opt-in dialog for the feature, which is a tweak they’ve already rolled out on Android.

If you’re not cool with the data Path already has stored on their server, you can e-mail service@path.com and they’ll wipe everything out for you.

The whole mess was discovered by the developer of an iPad news app called Denso. He was toying around with a new tool from mitmproxy.org that monitors the API calls made by apps by setting up a man-in-the-middle HTTP proxy.

This isn’t the first time we’ve seen this issue on iOS. Nuance‘s popular Dragon Dictation faced and addressed similar concerns back in 2009. While we’re prone to just hit the “allow” button on just about any app we download when prompted for access to personal data, you aren’t currently getting that message when downloading Path on iOS. Even if you were, it’s still pretty sketchy that this data is being transferred without being hashed, even if it’s transferred over SSL. What if Path’s servers got hacked? We wouldn’t get much more than a “whoops” from Path. What worries me even more is that there are still a ton of other services out there just farming up personal data from not only you, but everyone you know, without your express or implicit permission.

It certainly makes me think twice when signing up for new services…

Source: Read Write Web, Denso, mitmproxy.org

Probably like many of you, I received my new Google Privacy Policy via email this week, and while couched in language about creating a more “beautiful” experience for us, the users — read: products — it’s also clearly about Google leveraging their popular services like Search and Gmail to help their new services, like Google+, become competitive with Facebook and Twitter.

Because Facebook and Twitter scare the shit out of Google and when companies, like people, are scared they do dumb things.

Google in particular, once the brash, brazen upstart that gave the proverbial middle finger to old, portal-style search sites and promised to always deliver the best results, not just the best Google-owned results, is struggling with their inner demons now. They don’t want to be replaced by social search the way their authoritative search replaced Yahoo! and Alta Vistas of old.

I’ve riffed before that any company sufficiently large is indistinguishable from evil. As they grow, as they face competitive pressures, the interests and agendas of their shareholders, stakeholders, and executives increasingly and more noticeably diverge from the interests of their users. From us.

They, like many of us, become the parents they used to despise.

Why does this matter to me and why am I posting it on iMore, an iPhone and iPad focused site? Because I’m a huge user of Google services and iPhone and iPad users in general are huge users of Google’s services. We use Google Search, Gmail, Maps, YouTube, and other services every day. We give Google massive amounts of personal information. We give them our trust. And that absolutely means we have both the right and obligation to hold them to that trust.

According to Sarah Lacey at PandoDaily, Google’s new, “don’t be don’t be evil” direction has become a concern even for many Googlers past and present, and the silence surrounding it is stymying even internal PR.

Good. This shouldn’t be easy. It should be messy and public and painful, and if Google wants to keep getting and using our data, they should keep earning that privilege.

Hopefully the rumors of Larry Page not wanting to hear any opposition to their new Google+ strategy are false, and like Apple and Facebook have sometimes done in the past, Google’s more unpopular new policies will be reversed, and soon.

Check the source link below for more on the issues surrounding Google’s new, more publicly evil direction, and read on for the new privacy policy in full.

More: Page Rage Escalates As Google Cancels Twitter Android Meeting

Dear Google user,

We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

We believe this stuff matters, so please take a few minutes to read our updated Privacy Policy and Terms of Service at http://www.google.com/policies. These changes will take effect on March 1, 2012.

One policy, one Google experience

Easy to work across Google

Our new policy reflects a single product experience that does what you need, when you want it to. Whether you’re reading an email that reminds you to schedule a family get-together or finding a favorite video that you want to share, we want to ensure you can move across Gmail, Calendar, Search, YouTube, or whatever your life calls for with ease.

Tailored for you

If you’re signed into Google, we can do things like suggest search queries – or tailor your search results – based on the interests you’ve expressed in Google+, Gmail, and YouTube. We’ll better understand which version of Pink or Jaguar you’re searching for and get you those results faster.

Easy to share and collaborate

When you post or create a document online, you often want others to see and contribute. By remembering the contact information of the people you want to share with, we make it easy for you to share in any Google product or service with minimal clicks and errors.

Protecting your privacy hasn’t changed

Our goal is to provide you with as much transparency and choice as possible, through products like Google Dashboard and Ads Preferences Manager, alongside other tools. Our privacy principles remain unchanged. And we’ll never sell your personal information or share it without your permission (other than rare circumstances like valid legal requests).

Got questions?

We’ve got answers.

Visit our FAQ at http://www.google.com/policies/faq to read more about the changes. (We figured our users might have a question or twenty-two.)

Notice of Change

March 1, 2012 is when the new Privacy Policy and Terms will come into effect. If you choose to keep using Google once the change occurs, you will be doing so under the new Privacy Policy and Terms of Service.

Please do not reply to this email. Mail sent to this address cannot be answered. Also, never enter your Google Account password after following a link in an email or chat to an untrusted site. Instead, go directly to the site, such as mail.google.com or www.google.com/accounts. Google will never email you to ask for your password or other sensitive information.

What better New Year’s resolution to start with than to check out all your in-app privacy settings, especially where Google, Facebook, Twitter and other social networks are concerned? We know how it goes; you get a shiny new iPhone or iPad app and you just want to use it so you log in through Twitter of Facebook or Google because it’s easy, quickly tap through all the set up pages, granting who knows what permissions and for how long, and then forget about it the moment the next shiny app comes along.

MyPermissions.org thinks you should take a few moments to review your settings, revoke or reduce access for those apps that no longer need full, free access to your personal, sometimes private data, and get 2012 off on a saner, more socially secure start.

(I just did mine and I was startled how many old apps still had access to my stuff.)

Source: MyPermission.org

• Subscribe via iTunes: Audio | Video
• Subscribe via RSS: Audio | Video
• Download directly: Audio | Video
• Show notes

Rene, Georgia and Michael Rose of TUAW discuss a media gone mad — including ridiculous Siri allegations, crazy Carrier IQ coverage — and how to protect our privacy, and the privacy of our families, in the digital age. This is Phone Live!

• Rainbow apple mod backplate courtesy of unyousual.net

Hosts

• Rene Ritchie (@reneritchie)
• Georgia (@GeorgiaTiPb)
• Seth Clifford (@sethclifford)

Special Guest

• Mike Rose of TUAW

Credits

You can reach all of us on Twitter @TiPb, or you can email us at podcast@tipb.com, or leave a comment on the website when the show goes live.

We’re here every Wednesday night at 6pm Pacific, 9pm Eastern, 2am GMT, and our companion show — iPad Live! — is at the same time, on the same channel, on Sunday nights. www.TiPb.com/live

For all our podcasts — audio and video — including iPhone and iPad Live, ZENandTECH and Superfunctional, Iterate and Girls Gone Gadget and more… see MobileNations.com/shows

If you haven’t already please subscribe to all our shows in iTunes and leave a rating. It helps people find the show and means a lot to us!

Thanks to the TiPb iPhone Accessory Store for sponsoring the podcast, and to everyone who showed up for the live chat!

Apple has issued an official statement regarding Carrier IQ software running on the iPhone, noting that they’ve stopped supporting the logging software in iOS 5 and plan to remove it completely in a future software update.

We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

The recent uproar surrounding the intrusive tracking methods used in the logging software by Carrier IQ has gained the attention of Senator Al Franken, who has in turn demanded answers from the company on exactly what information is being logged and sent back to carriers.

“Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information,” said Sen. Franken. “The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer.”

So although Apple has used Carrier IQ software on iOS version prior to iOS 5, they weren’t using it as extensively as other Android smartphones. Adding the fact that they plan on fully wiping Carrier IQ code from iOS 5 in a future update will probably help put your remaining worries to rest, but you can turn the service off completely in the meantime by following these simple steps.

Source: AllThingsD, Al Franken

The Wall Street Journal is reporting that Facebook might just be close to a settlement with the Federal Trade Commission (FTC) that would fundamentally change the way they treat their users, and their users’ personal information.

According to people familiar with the talks, the settlement would require Facebook to obtain users’ consent before making “material retroactive changes” to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used.

Facebook, which makes one of the most popular apps for iPhone and iPad, has been charged with misleading users about how private information was being handled — making it public by default. Under this settlement, Facebook would switch from opt-out to opt-in, letting users decide what they want to share before sharing it, and be subject to audits for 20 years to ensure compliance (much as Google has recently agreed to, and Twitter to a lesser period).

Source: Wall Street Journal

Dropbox, the popular online file storage and sharing service used by many iOS apps, has updated their terms of service, ostensibly to make their policies “easier to read and understand, and better reflect product improvements”. This after controversies involving how they handled encryption, who could and couldn’t look at your files, and an incident when passwords were disabled for a very short period of time and anyone could, theoretically peek inside. They’ve put up a blog post to help explain the new ToS and the reasons behind them, and are updating it as they get users’ feedback. Some key points:

You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

This is legal ass-covering. Dropbox is hugely popular among iPhone, iPod touch, and iPad users, primarily because it’s easy to use and they provided really robust APIs that developers could use to get around Apple’s up-until-now p!$$-pour file sharing abilities. A large amount of iOS users use Dropbox and a large amount of Dropbox users use iOS. To enable that sharing, they feel they need to “own” the files so they can avoid being sued if anything unforeseen happens (probably including legal demands.) So, if they use your files, it’s not their fault. If you misuse their system, by contrast, it’s all your fault. They’re not taking the fall for any illegal material you choose to store there.

We wish we didn’t have to use legal terms at all, but copyright law is complicated and if we don’t get these permissions in writing, we might be putting ourselves in a tough spot down the road. Not to bore you with the details, but please take a look at the license term in the TOS. We think it’s fair and strikes the right balance: “This license is solely to enable us to technically administer, display, and operate the Services.”

The important thing to remember is this: don’t consider anything you put on an internet connected device to be private. Ever. Some of it will be better protected than others. Some of it will be far less of a target than others. But anything stored can be accessed, by accident or by malicious interception. (Just ask any young star in Hollywood with a camera phone and lack of discretion, unfortunately.)

Security and convenience are always in contention and online services like DropBox fall heavily on the convenience side.

Read the whole blog post below and let Dropbox — and us — know what you think. Will any of this change your Dropbox usage? Will iCloud?

[Dropbox blog]

UPDATE: 1Password has a great blog post up about the Dropbox changes as well. [1Password]

Security researchers, including Pete Warden have discovered that iPhone records location data, stores it in a file, and syncs it with iTunes. That means the data — and the record of your location over time — persists even when you upgrade or change iPhones. There’s no evidence Apple transmits or receives a copy of this data or stores or uses it in any way beyond locally on your device and PC.

That Apple is doing this without disclosure is disconcerting, and as the researchers point out, it raises some security and privacy concerns:

“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been.”

The researchers have created an FAQ and app (see the link below) that visualizes the data for those interested in seeing what is stored. The process uses cell towers to record location, so it can be fairly inaccurate. When I tried it, it had me in several places I’d never been. That a would-be-location thief needs physical access to your device also mitigates my concern slightly, because anyone with physical access can get my contacts, business emails, messages, and all sorts of data that may or may not be even more worrisome than gross location data for the city in which I live.

Anyone here spooked?

[iPhoneTracker via The Guardian]

Twitter recently suspended all Twitter clients supported by Ubermedia. Among the clients suspended are Twidroid and UberTwitter, which are both insanely popular on Android OS and Blackberry OS. They also operate and support the popular TweetDeck client which is available on iOS and several other platforms. They’ve also acquired Echofon, another popular Twitter client for iOS.

According to Twitter, they’ve been working with UberMedia since April of 2010 when they were operating under the name TweetUp, which also apparently violated some copyright issues. Currently Twitter is claiming that Ubermedia has changed the content of tweets in order to generate revenue for themselves. They’ve also pulled the clients due to privacy issues concerning direct messages over 140 characters.

When asked about the suspension, Twitter spokeswoman Carolyn Penner had this to say:

We ask all developers in Twitter ecosystem to abide by a simple set of rules that are in the interests of our users, as well as the health and vitality of the platform as a whole.

We often take actions to enforce these rules; in fact, on an average day we turn off more than one hundred services that violate our API rules of the road. This keeps the ecosystem fair for everyone.

Some of the allegations being held against UberMedia are pretty serious. For the full letter Ubermedia received, hit the break!

Dear xxxx,

Regardless of how you access Twitter, we are dedicated to making Twitter better, faster and more reliable for you. As part of this effort, we ask applications that work with Twitter to abide by a simple set of rules that we believe are in the interests of our users, and the health and vitality of the Twitter platform as a whole. We often take actions to enforce these rules.

We are sending this email today because we suspended twidroyd for violating our policies.

Every day, we suspend more than one hundred applications that are in violation of our policies. Generally, these apps are used by a small number of users. We are taking the unusual step of sending out this letter because today’s suspension may affect a larger number of users.

We are committed to helping you continue to use Twitter during the disruption of this application. You can download Twitter for Android and other official Twitter apps here. You can also try our mobile web site or apps from other third-party developers.

We appreciate your continued support of Twitter and regret any inconvenience to you.

Updated: Jerry over at AndroidCentral reached out to UberMedia to see if they had any response to the whole thing and this is what we received back:

STATEMENT FROM UBERMEDIA REGARDING TWITTER’S SUSPENSION OF SERVICE TO UBERTWITTER, TWIDROYD AND UBERCURRENT

PASADENA, CA – February 18, 2011 – Early Friday morning, Twitter shut off access to its service by several of our Twitter client applications: UberTwitter, Twidroyd, and UberCurrent. Twitter then notified us that they believed we were in violation of several provisions of their terms of service.

We were immediately in touch with Twitter, and the changes they asked us to make were very small. As a result, we have completed the changes, and new apps are currently being posted to their respective stores. Twitter has assured us that as soon as those changes were complete, they would reactivate our applications.

Twitter also asked us to modify the name of UberTwitter. We began a process of changing the name three weeks ago by polling our users, and we’ve decided based on their input to change the product name to UberSocial, which we completed today.

To our millions of loyal users, we appreciate your patience during this temporary period. We look forward to continuing our innovations on the Twitter platform.

Bill Gross, CEO
UberMedia, Inc.

It appears either UberMedia is playing down the issue or it really wasn’t that big of a deal in the first place. What do you guys think?

TechCrunch

Worried that Apple’s iAd’s is getting too nosy about your personal information and wondering how to opt-out of sharing it with the advertising network? On the plus side personalized ads usually better reflect your interest and can be less annoying but if you’re hyper-concerned about your privacy you may just want to cut it off. We’ll show you how after the break.

[Apple knowledge base, thanks Dev!)

iAds uses aggregated, anonymized personal data to help serve ads it thinks will be more relevant to your personal interests. Google’s AdMob and, frankly, every other online advertising system does the same. If that gives you the heebie-jeebies, however, Apple at least gives you a way to opt-out (advertising isn’t their main business, go figure?). They’ll also let you opt back in.

How to opt-out of iAds

1. On your iPhone, iPad, and/or iPod touch (yes, you have to do this individually for each and every device), go to http://oo.apple.com.
2. If/when you see the message “You have successfully opted out”, you’re done.
3. Repeat with any and all of your other devices.

How to opt-in to iAds

1. Once again on your iPhone, iPad, or iPod touch (and yes, once again you have to do this individually for each device), go to http://oo.apple.com
2. You’ll see a message saying you’ve already opted out but you’ll also be given a link to opt back in. Tap on the link (it’s a tiny text link, not iOS optimized at all — sigh!)
3. You should be opted back in at this point (we keep getting an error but it seems like we’re opted back in.)

The fine print

It’s important to remember you’ll still see ads they just won’t be personalized based on your device’s information and your usage patterns any more. Also, you’ll only be opted-out of Apple’s iAd network and you’ll still get Google, Microsoft, and independent ad networks tracking you unless/until they provide and you make use of their own opt-out systems. Minority Report indeed!

Tips of the day will range from beginner-level 101 to advanced-level ninjary. If you already know this tip, keep the link handy as a quick way to help a friend. If you have a tip of your own you’d like to suggest, add them to the comments or send them in to dailytips@tipb.com. (If it’s especially awesome and previously unknown to us, we’ll even give ya a reward…)

Some Facebook for iPhone users are experiencing two rather annoying bugs — Facebook does not send their status updates to their friends’ live feeds, and Facebook for iPhone seems to be missing from all users’ privacy settings. Details after the break!

Facebook for iPhone status update bug

When a use who is experiencing this bug updates their status with the Facebook for iPhone app, the status only appears on their wall and not on their friends’ live feeds. Meaning, in order for one of the user’s friends to see the status, they must go directly to the user’s wall – which most people don’t do. An irritating bug to say the least.

Workaround

• Facebook’s mobile site and touch site work just fine. So you can use them until Facebook fixes this problem.
• Use a different app to post Facebook status updates

Facebook for iPhone missing privacy settings

The other issue with the Facebook for iPhone app has to do with privacy. When you add an app to your Facebook account, it gets added to the list of apps you use in your privacy settings. It is here that you can see what information any given app has access to, as well as remove any ability that you do not approve of. The problem is that the Facebook for iPhone app is not included in the list. This means that no one knows for certain what permissions Facebook for iPhone has.

Workaround

• Stop using Facebook for iPhone (not an acceptable solution, Facebook needs to fix this!)

Are you experiencing either of these bugs? If so, have you discovered any other fixes or workarounds? Are you using the mobile or touch site, or have you installed a different app to post status updates? What are your thoughts on Facebook for iPhone being non-existent in your privacy settings? Sound off below!

[Facebook discussions, thanks Bob for sending this in!]

Does it bother you that some apps running on your iPhone (or Android phone), that know all your contact information and perhaps even your current location, could be spying on you? The Wall Street Journal says:

An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders.

It seems like we’ve been talking about this since Apple added a GPS and the App Store to the iPhone 3G and iOS 3 back in 2008 and everyone from tiny, unknown developers to giants like Google began taking advantage of the features — in both senses of the word.

Sometimes it can be beneficial — Google’s web search, Gmail, and mobile AdMob adds try to give us ads that better reflect our interests so they’re less likely to annoy us and, of course, we’re more likely to click on them. Apple’s now in that game as well with iAds. But what about those tiny, unknown developers using their free or cheap apps to extract your information?

Apps sharing the most information included TextPlus 4, a popular iPhone app for text messaging. It sent the phone’s unique ID number to eight ad companies and the phone’s zip code, along with the user’s age and gender, to two of them.

Pandora is also cited as an app that transmits lots of demographic information. Apple claims they police the apps and make sure they fall within proper guidelines but the WSJ believes some, like Pumpkin Carver, can skirt the rules, and many of the developers claim they anonymize data before aggregating it and transmitting it on to advertising networks.

While permission is required to share location, no permission is required to share your iPhone (or iPad or iPod touch) UDID — the unique identifier, effectively a fingerprint or “super cookie* that can be used to correlate and track all your activities. Angry Birds, according to the WSJ, sends both UDID and location data back to its publisher (who says they don’t use it to advertise and don’t share it with anyone else).

The entire article is fascinating reading especially for those concerned with privacy in the mobile information age. Personally I trust Apple and Google but I’m not sure I trust every little developer who has the same access to my data or who uses Apple’s and Google’s networks and systems.

What about you, any alarm bells ringing?

[Wall Street Journal, thanks Dominick!]

Google Latitude just landed on iPhone and as with any location-based app, it’s always good to know how to turn it off and maintain your privacy when you so choose. This one can be a little trickier than most since it looks like even quitting the app and rebooting doesn’t turn off Latitude tracking.

We don’t know if this is some bad coding on Google’s part, whether Apple’s background location API is supposed to be allowed to do this or not, or if this is just the way Latitude is designed to work (scrary if so!) but it just seems to stay on. In order to turn Latitude’s tracking off this is what you need to do:

• Tap Settings
• Tap General
• Tap Location Services
• Scroll down to Latitude
• Flip the switch to off

You should see the little arrow icon in the status bar up top disappear and then you’ll know Google is no longer following your every move. To turn it on again just flip the switch back.

UPDATE: Yes you can go into Latitude: Settings and turn off Background Updating. That works too. Whether you wish to turn it off in Google’s app or Apple’s settings is up to you. If you want to be really sure maybe do both.

Are you sensitive about your location and does Latitude raise any alarms for you if so? Let us know in the comments!

[Thanks @bengillam]

Facebook has once again updated their iPhone and iPod touch app, this time adding access to account and privacy settings and fixing a photo upload bug. The new version (3.3.2 for those keeping track at home) lets you access the settings via the Account button at the top left of the home screen, but then simply loads the Facebook.com web page. It’s nowhere as good a user experience as if they added those settings to the app proper, but it does mean Facebook won’t have to update the app whenever they update those pages (it also means you can use it as a way to move between the app interface and the website without having to jump to Safari).

The photo upload bug fix is nice to see. The “no iPad version” bug persists, however.

If you’ve tried out the settings, and if photo uploads are finally working for you the way they should, let us know!

While a lot of controversy has surrounded Facebook and privacy, Google has lately made many wonder if they could still be trusted with our private, personal info as well.

Personally, I’m all in with Google and I don’t see that changing unless/until something truly cataclysmic happens. Dieter told me to sell my soul and enjoy all the free, fantastic services and sell it I did. I’ve significantly curtailed what I share over Facebook in light of their privacy stumbles, yet I’ve continued to go full steam ahead with Google.

Still it’s inarguable that the young, upstart, idealistic company many of us geeks knew and loved has been changing as of late. It’s almost like the hippie, carefree days of Larry and Sergei are slowly morphing into the conservative, corporate era of Schmidt right before our eyes.

Wi-Fi data retentions, DoubleClick, Verizon net-neutrality deals, Buzz’s early privacy problems, the whole China fiasco, Android returning control to the carriers, and odd, almost allegorical comments from their CEO about changing names as we come of age to distance ourselves from the indiscretions of youth… they give pause.

It’s also undeniable that, while Google was once an unassailable darling of the tech media, that’s been slowly changing as well, especially in light of the above controversies.

iPhone and iPad owners typically use tons of Google services. Their maps and search and videos are built in. Their Gmail, Google Calendar, and Google Contacts are only getting more popular and better on iPhone and iPad. In return Google knows what web pages we go to, what we search for and click on, who our friends and associates are, where we are, and what we’re doing. Every time we use the internet in almost any way, Google tracks us, anonymizes and aggregates us, and uses our data to advertise to us.

When “don’t be evil” seemed a much more heartfelt motto, most of us didn’t seem to care. How about now?

Facebook Places not only lets you “check in” to various locations (a la Foursquare or Gowalla) but it allows your friends to check you in as well, which could be a little creepy. Luckily for those of us who prefer to keep where we are private, our good friend Phil Nickinson from Android Central tells us how to “just. stop. it.”:

You can disable that “feature” now by going into your privacy settings. Hit the “customize” link, scroll down to the “things other share” section, and disable the “Friends can check me into places” feature.”

Fortunately, the first time anyone tries to check you in you’ll get an email notification, but if you prefer to do your own dang checking in, thank you very much, follow Phil’s advice up top.

[Facebook via Android Central]

Apple restricting third-party advertisers from collecting personal data if they are owned by another platform vendor could be a way of preventing Google’s AdMob from competing directly on the iPhone with Apple’s iAd, but it could also be a sign that Apple, cranky after leaked iPhone prototypes and iPad analytics, is determined to take back control of user data.

Steve Jobs was nothing if not heated at the D8 conference about the leaked iPhone prototype, and perhaps even more so about in-app analytics taking user data, including device and location, and using that to reveal details about the iPad long before it was announced. Imagining Apple’s subsequent reaction to the thought of now-rival Google having early access to such detailed information not only about unreleased Apple devices, but about which devices iOS users have, at what location, and their app usage patterns probably sent a chill down their collective spines.

App Cubby‘s David Barnard put together an excellent post about it earlier today:

When you use Google search and other Google products, they collect a tremendous amount of information and use that information to customize and better serve the ads that are the core of their business. Many users don’t even realize this is happening, others are comfortable with it and have some level of trust for Google’s intent in using that data.

Well, Apple doesn’t trust the benevolence of Google, developers, and other third parties involved in the iOS platform. Apple wants to control the flow of user information.

Barnard also points out Apple primarily makes their money off hardware sales, not the brokering of user information the way Google or Facebook do. He also suggests part of AdMob’s $700 million value to Google was exactly the type of data they could pull off iOS devices:

[David Barnard / App Cubby]

Facebook recently announced some huge changes to how, where, and perhaps even why they operate — and it effects every Facebook users’ privacy. Short version: Facebook is “building the social web” by sharing your and your friends’ information with more apps, for longer, and via more places outside Facebook than ever before and they’re opting you into it by default.

If you’re the footloose and privacy-free sort who lives every moment online with little or no care about who knows what about you, then this likely doesn’t effect you one bit.

If you’re more guarded about your privacy and the privacy of your friends and families, if you’re concerned about who gets your information and where, then check out this guide to protecting your information on the new Facebook from Download Squad and get to clicking off those permissions (and no doubt cursing Facebook for not defaulting them to “OFF!” to begin with).

Facebook is obviously huge on the iPhone — one of the most popular apps of all time — so we’re curious what you think about these changes? Do you worry about your privacy online? Do these changes make you consider scaling back or removing your Facebook presence? Or do you figure the more information about more people available, the harder it will be to find anything about anyone specific?

[via @sethclifford]

NLU Products, makers of BodyGuardz, were gracious enough to take some time out at CES 2010 and show TiPb their four-way ScreenGuardz Privacy film for iPhone. Four-way means it won’t just shield your iPhone from prying eyes in portrait mode, but horizontal as well. Buh-bye over-the-shoulder airplane movie snooper!

Check out the video, after the break!

Nuance’s Dragon Dictation for iPhone raised some privacy concerns upon launch due to the server-side nature of its transcription and the apparent transmission of users’ contact list to Nuance’s servers. Addressing at least some of these concerns, Nuance has posted the following statement:

Some people have expressed concern about what the new Dragon Dictation for the iPhone application does with your contact information. As you may have experienced already, Dragon Dictation for the iPhone goes through your contact list on your iPhone and uploads the names to our server. We do this for a pretty simple reason: we found that people are often dictating names from their address book and expect the names to be recognized. We take this information and create an anonymous user profile for your device that understands what names are likely to dictate into a document. It’s important to note that we only upload the names, not the e-mail addresses, phone numbers or any other personally identifying information from your contacts.

Even though there is no personally identifying information, we still treat all of this information with the highest privacy standards. All of our servers are located in the United States and meet the most stringent privacy and security standards. We conform to these high standards because we use the same data centers for other areas of our business where we are required to store personal information.

All of this is spelled out in our license agreement that comes with the Dragon Dictation for the iPhone application. Since most people only see that license agreement briefly when they are installing the software (and they usually can’t wait to start using their software, so they don’t spend 30 minutes reading a complex legal document…), we provided a link to that agreement here: http://www.nuance.com/company/privacy/.

So the bottom line is that nothing scary is happening with your data and we only use a little bit of information from your phone to help make the dictation accuracy as high as possible. If you have any questions, comments or concerns, feel free to post them here.

Michael Thompson, Senior Vice President & General Manager, Nuance Mobile

Of course, Nuance is storing all your transcriptions on their servers, which while not dissimilar to Google, Microsoft, Yahoo!, or Apple storing all your email, documents, location, etc. is an important factor for users to keep in mind so as to make informed decisions about services and the companies behind them.

Let us know what you think of the statement, and if it does indeed address your concerns (or not).

It looks like Apple is using its rejection power for good this time — removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone’s phone number.

Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn’t taking any chances following the Storm8 lawsuit. Touch Arcade has the details:

The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, NSGetEnviron and excserver. Mantas Puida of Unity Technologies explains these two API’s utilized by the Unity engine serve the following functions:

_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().

exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.

The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. Hopefully this will keep users’ data safe from unscrupulous developers, while the scrupulous ones continue to turn out great games.

[Touch Arcade via TUAW]

The Register is reporting that a lawsuit has been filed against an iPhone game developer for privacy violations:

The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. [...] to access, collect, and transmit the wireless phone numbers of the iPhones on which its games are installed,” states the complaint, which was filed in US District Court in Northern California. “Storm8 does so or has done so in all of its games.” [...] [including] World War, iMobsters, Racing Live, Vampires Live, Kingdoms Live, Zombies Live, and Rockstars Live.

The complaint claims they’re violating the Computer Fraud and Abuse Act, and is seeking Class Action status. It’s not the first time we’ve heard about apps violating user privacy, hopefully Apple’s new iPhone security manager will first and foremost focus on these types of exploits. And, yeah, let the courts smite any abusive developers in the meantime…

[via Wabbit in the TiPb forums]

The iPhone Dev-Team take a break from the Jailbreak to throw some light on the issue of 3rd party iPhone apps tracking users’ location. Joey Hess and our friends over at PreCentral.net kicked up a bit of a ruckus last week detailing how the Palm Pre reports users’ location data back to Palm HQ. Well, says the Dev-Team:

Although we have yet to find an application by Apple that tracks your location, there are certainly a number of “free” applications in the official AppStore that are designed to do just that. Case in point: there’s this rather cute/gimicky app that lets you determine the tip for your waiter or waitress by tilting your phone as you pass it around the restaurant table. But if you dig a little deeper (like bushing did) you’ll find it uses a library by Pinch Media that is specifically designed to track your geographical location through time, then upload that data to Pinch Media. (Oh and it also show you an ad, as an extra bonus).

They point out that the iPhone will ask before any app is allowed to use location data, but also that it will keep asking to the extent that users might just agree to prevent being constantly annoyed with popups.

The Dev-Team goes so far as to describe these types of apps using the dreaded “s” word. That’s right — SPYWARE. However, in a web increasingly dominated by companies seeking to aggregate (hopefully anonymized?!) user data as a way to monetize (providing free or cheap apps in exchange for the shared data and tolerance for advertising), how broadly can that term now be applied? Many, especially tech-savvy, users are happy to let Google’s Gmail scan their email and serve ads in exchange for the service (and don’t even get us started on Chrome parsing all URLs a user enters through Google, or their purchase of DoubleClick…)

Should we be concerned more about small, 3rd party companies? About Apple, Palm, and Google-type companies? Or is it just the way of the world now?

How about this — Perhaps Apple could give us app-specific Location settings, much as we now have app-specific Notification settings? That way, there’d be a list of apps that use location, and we could individually turn off those with which we don’t want to share our location. How about it, Apple?

No word yet on whether you get a pocket Hasselhoff to push it for you, but it sounds like Opera Mobile 9.7 is set to bring back the “Turbo” boost in an effort to take it to Mobile Safari (and, we presume, WebKit in general as found on the iPhone, Google Chrome lite for Android, Palm Pre, some Nokia devices, etc. etc…. etc…)

Ganging up on the “real internet” browser are our good friends Matt Miller from NokiaExperts.com and Phil Nickinson from WMExperts.com. Matt explains the concept behind Nokia’s blast from the past via his ZDNet blog:

Turbo mode that supplements the native Opera Mobile browser with the proxy functionality found in Opera Mini. So, with Opera Mobile 9.7 and Turbo mode enabled you get a fully functioning web browser with proxy/server side lifting going on to provide the FASTEST browsing experience currently available on a mobile phone.

TiPb vaguely remembers proxy and cache tricks from those old spamvertisements promising to quadruple our old dial-up modem speeds. Phil tries to pip us to the proxy post, however:

OK, this isn’t exactly a fair fight, but forget about that for a minute. To the average user it probably doesn’t matter whether your browser is being rendered through a proxy, security and privacy implications be damned.

And he’s absolutely right. When those users are stuck on the equivalent of dial-up. Once they — like iPhone, Android, and Palm Pre users — get with the equivalent of broadband, well… let’s just say we don’t get those spamvertisements anymore…

Holding the snark for a moment, it’s great to see Opera providing stop gaps for users with slow connections who don’t care about privacy or security. Here’s hoping the gap stops being necessary to fill quickly, however, and Opera can focus on forward-looking browser technologies, since WebKit doesn’t look to be slowing down any time soon.

[Tip o'the browser to Phil for the image inspiration as well!]

Apple has past mastered using animation to aid both usability and fill transitions. An example of the latter is the “shrink” effect used when you hit the home button: whatever’s currently on diminishes to nothingness and the home screen icons fly back into place. To do this effect, however, the iPhone takes a quick screen shot, and then uses the built in CoreGraphics/Animation layers to rapidly scale it down.

See the problem? No? Wired does: once a screenshot is taken, even if the iPhone immediately deletes it, those bits hang around inside your device. Current recommendations to properly destroy data involve multiple, pseudo-random overwrites. Absent that, forensics experts can often retrieve so-called “deleted” files. Including the screen shots the iPhone uses for animation. Including, potentially, any confidential or classified documents you were viewing — or embarrassing Hello Kitty sites you were browsing –when you hit the home button.

Sure, this will likely never be a problem to most users. Passwords are obscured and not many of us have docs — or look at sites — that would be worth the significant forensic resources it would take to recover iPhone screenshot files.

But, a security/privacy concern is a security/privacy concern, and while this one doesn’t trouble me personally, not knowing about it — and making an informed decision based on knowing about it — would.

And hey, at least it’s not as tattly as Google Chrome…

A reporter over at one of those reputable, printing companies recently received a phone call from Steve Jobs and this was his opening line:

“This is Steve Jobs,” he began. “You think I’m an arrogant [expletive] who thinks he’s above the law, and I think you’re a slime bucket who gets most of his facts wrong.”

The whole conversation with Steve Jobs was off the record so we still don’t know the nitty gritty details but according to the New York Times, it’s more than just a common bug but isn’t life threatening and it’s not cancer.

Some think his health should be a private matter, which makes sense because we should all have some level of privacy. Some think his health should be public knowledge if it is serious enough, which also makes sense because of Steve Jobs unique role in Apple and Apple being a public company.

We at TiPb just want him to get better and hopefully the rest will handle itself.

What do you think?

ReadVia

Remember when AT&T was selling refurbished iPhone 2G‘s at (what was then) ridiculously low prices? Remember how it turned out some of those units still contained the personal information of their previous owners? Apple seems to remember, and has reportedly taken steps to prevent it from happening again.

As with a computer, when you simply delete a file, the file typically remains but is marked as deleted by the file system and will eventually be over-written. To delete something and make sure it’s deleted, you need to over-write it, and not just with a single binary bit (zero’ing out). You have to over-write it with (pseudo) random data, and over-write several times.

Apple does something like this on the desktop with “Secure Empty Trash”, and now they’re bringing the same concept to the iPhone. The catch? Time. The new dialog for “Erase iPhone” now warns that “This will take about an hour.”

And let’s face it: what’s a little time if it prevents that eBay buyer from getting all your personal details, right?

Check the read link for the Settings screen shots…

Read

Ever wish you could keep prying eyes away from your iPhone? Always paranoid that strangers can read all your sensitive e-mails, bank account information, and stock portfolios? Well here’s the solution: the Case-mate Universal Privacy Screen Pro for iPhone ($19.95). It prevents those snoopy people from peering over your shoulder and keeps your information private by offering a viewing angle of 45 degrees.

Read on for the rest of the review!

What Comes In The Box & Application Process

• -2″ x 3″ Privacy Screen
• -Graph Sheet (for sizing)
• -Screen Cleaning Cloth
• -Applicator card

The instructions states that one must cut the privacy screen to match the size of your phone screen. Luckily, the maximum size of the screen fits perfectly around the iPhone’s screen. Manually cutting the privacy screen would have been a tediously unnecessary step for a product that should already be tailor made for your phone. (note: Another reason to buy an iPhone! Sorry Blackberry & Treo Owners, have fun cutting!)

The application process is fairly simple. Unlike many protective film covers on the market, the Privacy Screen attaches to the iPhone through static cling. Just line up the iPhone’s screen with the Privacy Screen and it just sticks. I haven’t experienced any problems with the Privacy Screen falling off, it’s as if some sort of voodoo magic binds the two together until you want to remove it. An added bonus is that the Privacy Screen works flawlessly with film protectors such as the invisibleSHIELD and BodyGuardz.

Usage

After applying the Privacy Screen, there is no discernible difference in the iPhone’s screen quality. Which is quite amazing considering how dark the tint looked before putting it on the iPhone. Pitting an iPhone with the Privacy Screen on against an iPhone without, the screen quality and brightness is in essence, the same. The only difference is that the iPhone without the Privacy Screen offers minimally deeper blacks, but in all, you’d be hard pressed to notice the Privacy Screen has been applied.

In short, the Privacy Screen really works. When viewed at an angle, the iPhone’s screen is darkened and unintelligible. Even at a closer angle, the Privacy Screen will look hazy to onlookers. Only at a direct angle can you begin to determine what is on the screen. For those looking for a privacy screen, the Case-mate is extremely effective and the ideal solution.

For better or worse, the Privacy Screen attracts the same amount of fingerprints and grease as the iPhone’s glass screen. Also, unlike other non-privacy film protectors that change the iPhone’s tactile feel, the Privacy Screen feels exactly the same as the iPhone’s glass screen. The Privacy Screen is also prone to scratches, though unnoticeable when the iPhone is turned on, the scratches are a bit of an eyesore when the iPhone’s screen is off.

My biggest concern about the Privacy Screen is the dust build-up along the edges. Because the Privacy Screen covers only the actual screen of the iPhone and not the entire front face, dust will get caught along the top and bottom edges of the film. Also, probably because of the type of material used to lessen the viewing angle, the Privacy Screen is very thick.

Final Thoughts

The Privacy Screen succeeds in deterring those nosy folks who peer over your shoulder. You can safely examine any sensitive documents without fear of anyone copying down that information. As a privacy filter, the Case-Mate is the best solution on the market.

With that said, I believe that the product can be improved by offering protection to the full face of the iPhone rather than just the screen itself. Though it is understandable to not expect the same materials in products like the Invisibleshield and the Bodyguardz, covering up the entire front face would attract more potential buyers and alleviate the dust build-up problem.

However, a benefit of the screen-only protection is that the Privacy Screen can be used and re-used because of its easy application process. Thinking about going out to the local coffee shop but think too many people would peer over your shoulder? Just slap it on and have your worries be gone. It is not as permanent as other full body skin protectors.

The Privacy Screen should be considered a BUY for anyone looking to protect their iPhone from wandering eyes but those considering it for screen protection should look toward the invisibleSHIELD and BodyGuardz.

Pros

• Very Easy to Apply
• Screen Quality and Brightness is Unchanged
• Dramatically Decreases Viewing Angle
• Texture of the iPhone’s Glass Screen Remains the Same
• Made of High Quality Materials

Cons

• Dust Builds Up Along the Top and Bottom Edges
• Does Not Cover the Full Face of the iPhone
• Prone to Scratches

Overall: 4/5