If you work for IBM, you are welcome to bring your iPhone 4S to work with you but forget about using Apple’s voice driven digital assistant, Siri. IBM has banned the use of Siri on all of its networks due to concerns over privacy. Siri works by sending anything you ask it to a data center in North Carolina; after that, no one really knows exactly what happens with that data once it has been dealt with. Is it deleted once it has been dealt with, is it stored temporarily or is it kept forever?

IBM CIO Jeanette Horan told MIT’s Technology Review this week that her company has banned Siri outright because, according to the magazine, “The company worries that the spoken queries might be stored somewhere.” It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job.

Siri’s original lead developer Edward Wrenbeck confirms that privacy was always a big concern and the fact that Siri could provide information on your location alone could be enough to violate a non-disclosure agreement. Of course this in no different to many other apps currently available or in fact,  the internet in general.

Do you think IBM is right to be concerned over who can gain access to this information and do you have privacy concerns of your own while using Siri?

Source: Wired

This week Twitter announced a new version of its "Who to Follow" feature, making it a far more personal recommendation engine. The way it works, however, is that if you're logged into Twitter in the web browser, any site that calls Twitter code -- like a Tweet or Follow button -- can report your presence on that site back to Twitter. Gadget sites. Car sites. Movie sites. Porn sites. Gaming sites. Any. Site.

We determine the people you might enjoy following based on your recent visits to websites in the Twitter ecosystem (sites that have integrated Twitter buttons or widgets). Specifically, our feature works by suggesting people who are frequently followed by other Twitter users that visit the same websites.

The cause for concern here is that it looks like it's opt-out, and not opt-in for existing Twitter users. New Twitter users will be asked on signup, but existing users have to a) know about it, and b) find it and shut it off if they don't like it.

Giving existing users a popup or overlay advising them of it would even that out. (Twitter is sending emails that include some of this and other information, but that's not as effective as a specific modal request, with the default state being off and not on.)

If you trust Twitter and would value more personalized "Who to Follow" recommendations, then you may not care. If you don't trust any big internet company, aren't interested in social recommendations, and basically think your personal information is too high a price to pay for any free internet service, then you have some options.

Log out of Twitter.com

If you rarely if ever use Twitter via the website, one way to prevent Twitter from collecting your data is to simply make sure you're logged out of Twitter.com.

1. Go to Twitter.com in your browser.
2. Tap on the Me tab.
3. Scroll down to the bottom and tap on Log Out.

(As pointed out by @marcedwards, using a good password manager like 1Password, DataVault, RoboForm, etc. makes frequent logins and logouts for privacy reasons far less onerous.)

Opt out of Twitter's personalized recommendations

Sadly, this method can't seem to be done via the iPhone-optimized mobile Twitter webapp,so you'll have to break out the full, desktop browser version of Twitter.com.

1. Go to Twitter.com in your desktop browser.
2. Click on the Account button to open the drop-down menu
3. Click on Settings
4. Scroll down and uncheck the Tailor Twitter based on my recent website visits
5. Re-Enter your password to confirm

Tell your browser not to let web services track you

Twitter supports "Do Not Track", a system that users can opt into that prevents web services from following their browsing habits. Again, it would be better to have users opt into "Allow Track" than making them figure out how to opt out via "Do Not Track" but this is currently the hand privacy is dealt.

Unfortunately, not all browsers support "Do Not Track" directly yet, including Mobile Safari on iOS. For desktop Safari 5.1 or later:

1. Click on the **Safari* menu
2. Choose Preferences...
3. Check Show Develop menu in menu bar
4. Click on the Develop menu
5. Choose Send Do Not Track HTTP Header

For information on how to enable "Do Not Track" in other browsers, when and if possible, check out Twitter's knowledge base article.

• Twitter Supports "Do Not Track"

Here's the gist:

The United States Federal Trade Commission has endorsed DNT as a simple way for users to inform integrated web services which offer content across the Internet (such as buttons, widgets, and other embedded features) that they do not want certain information about their webpage visits collected across websites when they have not interacted with that service's content on the page.

The DNT browser setting is now supported by recent versions of major browsers, including Firefox 5+, Internet Explorer 9+, and Safari 5.1+. If you are using Chrome 17.0 or higher, there is a third-party extension that enables DNT.

Conclusion

iPhone users are massive Twitter users and vice versa. If any social network was made for mobile, it was and is Twitter. Because Twitter is so mobile, and because it defaults to making most things public (unless you deliberately make your account private or send a DM), Twitter has managed to avoid a lot of the privacy blunders Facebook and Google had experienced. Until this week.

Security and privacy are always going to be at odds with convenience. It's faster and easier for social networks to simply turn things on, and it's more powerful and feature-fancy for users to let them.

The price is our personal information.

There are arguments on more than two sides about the importance of this, but at the end of he day there are millions if not billions of dollars at stake for the networks and the details of personal and private lives at stake for users. So it's worth arguing about. A lot.

In this specific case, if you're okay with Twitter offering you recommendations based on your browsing habits, leave it on and enjoy. If not, turn it off and rest easy.

Additional resources

• How to delete your Google search Web History
• iOS 6 and privacy: How Apple should draw inspiration from Android for better app permissions
• How to opt-out of (and back in to) personalized iAds
• How to review your social network privacy settings
• Social networking forum

Foursquare has revoked API access to the iOS app Girls Around Me, forcing them to take their tracking app down from the Apple App Store. This follows a scathing editorial on Cult of Mac in which the privacy implications of the app were called into question. The Russian developer, i-Free, has since issued a statement claiming  that they've done nothing wrong, and that they're only using APIs on Foursquare and Facebook to enable users to find the names and locations of girls and guys nearby.

We are absolutely convinced that it is good and important to educate the users to take care of their privacy and what they share publicly. But we believe it is unethical to pick a scapegoat to talk about the privacy concerns.  We see this wave of negative as a serious misunderstanding of the apps’ goals, purpose, abilities and restrictions. Girls Around Me does not provide any data that is unavailable to user when he uses his or her social network account, nor does it reveal any data that users did not share with others. The app was intended for facilitating discovering of great public venues nearby. The app was designed to make it easier for a user to step out of door and hang out in the city, find people with common interests and new places to go to.

We have a policy against aggregating information across venues using our API, to prevent situations like this where someone would present an inappropriate overview of a series of locations.

There are ways to implement location-based dating without getting creepy -- namely, providing a layer of anonymity that can protect people from being spied on unless they explicitly allow access. That said, people who don't want to be tracked down shouldn't be checking in on Foursquare, and if they are, they should take some time to figure out the privacy settings.

Was Foursquare right to revoke API access to Girls Around Me? Will doing so actually improve awareness of online privacy concerns or prevent abuses?

Source: WSJ, Cult of Mac

The new column. It comes after last week's column 2. If that confuses you, just call it the column (3rd edition). Yeah, I went there. It's been a heckuva week so cut me some slack. We've all been running on equal parts adrenalin and recklessly strong coffee and might soon be going into a collective apoplexy not dissimilar to what I'm sure faced the CEOs of rival tablet manufacturers sometime Wednesday afternoon. Yeah, I went there too. Here's why...

The unbeatable new iPad

I've already written about the new iPad event and what it means for the new Apple, so go read that first. Done? Good. Here's a little more.

The new iPad event was the first event following the passing of Apple co-founder, Steve Jobs. So, it's being afforded way more attention than it otherwise might (and as we all know, stare at anything long enough and you'll be seeing shapes and patterns that aren't really there).

Along with the need for more better helmets, that probably explains a lot of link-bait that's been going around since the event. It's dumb Apple stuff and I'm not going anywhere near it, nor the noble but unfortunately perpetuating link-back refutations that still leave me dumber for having scanned them. Instead I'm going with the opposite -- the chest beating. The stuff that's even more dangerous. The stuff that's saying that Apple is unbeatable.

Nothing and no one is unbeatable. Not even Apple. And no one ever sees the next big transition coming. IBM didn't. Microsoft didn't. Sony didn't. Google won't. And neither will Apple.

Apple's advantage is, right now, they don't consider themselves unbeatable. They're scared and they're hungry. They're Rocky III after Clubber Lang clobbered him midway through the film, and they're working their collective asses off to make sure they don't lose the much bigger rematch. They know they're beatable because they've been beaten in the past, and they're lucky enough to have gotten a second chance. They're smart enough to keep proving they're beatable, each and every year, by beating themselves.

That's what makes Apple dangerous.

[Update: I thought more about this and spun it off into a separate editorial called Beatable]

The new Apple TV

Now it comes in 1080p.

The Privacy car

Android Central had a great editorial about mobile privacy this week. It's the kind of smart, non-sensationalist, non-reactionary writing we need more of. But that's not going to stop me from disagreeing with it in a fairly fundamental way.

Yes, the concerns raised by headline-seeking senators in regards to mobile privacy are neither new nor unique to mobile. Potential bad guy developers can access your photos on your phone, just like they could access those photos on your Mac or Windows PC too. Heck, we can't go a week without yet another celebrity's nudie pics getting hacked and splayed across the internet. We get it.

But smartphones and tablets aren't PCs. To quote Steve Jobs, mobile is the car to the PC truck. And mobile users aren't the same types of drivers as traditional PC users. They're often people for whom traditional PCs were intimidating and inaccessible, and for whom the idea of a file system and permissions were confusing and off putting. They got smartphones and tablets, in part, because they wanted something easier.

Time was if you owned a motor vehicle you needed some measure of mechanical knowledge to operate it and keep it operational. Even years later common prejudice held that you shouldn't drive something you didn't know how to fix. But times changed and cars became more user friendly. Now most people get in, turn a key, shift an automatic transmission, and go. If they break down, they call someone. Mainstream drivers often have no idea how modern cars function and wouldn't have the first clue how to fix them if they ever broke down. Same goes for PCs.

That's the price we pay for democratizing technology.

And that's why it's not reasonable to expect mainstream users to even begin to understand the subtleties and specifics of online, mobile privacy permissions.

I'm a huge believer in personal responsibility. Don't put something online that you couldn't survive going public. But the concept of computers and filesystems and permissions is antiquated and outdated in our brave, new mobile world of always accessible networks and instant uploading apps.

We need something simpler, more sensible, and easier for mainstream users to understand and employ. We've made PCs into computing appliances, into cars, far more elegant and accessible than ever before. It's time to make the privacy and security settings match.

I repeat, I'm a huge believer in personal responsibility. I'm also a huge believer in platform responsibility. This is something Apple and Google (among others) need to address and now.

Podcasting

I did a double-header on the iPhone & iPad Live podcast this week -- a live show during the new iPad event with Seth Clifford (calling in from Aruba no less!), and Simon Sage, and a post-event analysis show with Georgia and David Barnard of App Cubby (which is currently sitting at #8 in the iTunes gadget podcast listings, thanks to all of you). We're doing fewer podcasts these days but our goal is to do each show better. I've already switched from iMovie to Final Cut Pro X for the editing and while it's taken me a couple weeks to even begin to feel comfortable, the time saved in rendering (almost 2x) has already made it more than worth it.

We're thinking of doing a few specials soon, both for Iterate and iMore, and for Mobile Nations, and the new schedule it what's going to make that possible. Stay tuned.

Features

Apple turned our schedule upside down this week. Usually there's a few days if not a week between an Apple event and the release of a new iOS update (for developers to test the Gold Master (GM) build against their apps), and between device announcement and pre-orders (for Apple to get everything in place). This year Apple pushed iOS 5.1 out and opened pre-orders right on event day. And we all scrambled. We'd already planned and written a lot of content, but we needed to wait for the announcement to finalize it (so we'd know the actual details of what they announced). We believe iMore exists only and always to serve our readers, and a big part of that is helping our readers figure out new software features and decide which version of new hardware to buy. Let's just say some of us didn't get much sleep for the last few days. But we managed to get a lot of stuff done. Much of it is rounded and summed up in these two, conveniently bookmarkable places.

• iOS 5 walkthrough: A complete look at Apple's latest mobile software for iPhone, iPod touch, and iPad.
• 2012 iPad buyers guide: Everything you need to know before buying the new iPad, including how to pick your model, storage capacity, color, and 3G or 4G LTE carrier.

We also had a huge internal debate about the name "the new iPad"... or the new "iPad" depending on which side of the debate you fall on.

• Why the new “iPad” has the perfect name: Leanna fights back with great points about how Apple has always handled new products and their existing product lines.
• Why “the new iPad” is a terrible name

Me, I fight for the user. My mom bought an iPad 2, went and searched for "iPad 2 cases", and found one she liked for exactly the model she had. As an experiment, I searched for "new iPad cases" and "iPad cases" (fair is fair) and got results that were far too broad to be useful. Accessory makers and stores alike will need to do some heavy lifting on their ends to help customers navigate that. I'm guess app devs who target only the latest hardware will have to do likewise. So in theory, while "iPad" is shorter, "iPad (3rd generation)" is both more realistic and less penetrable for my mom.

In lieu of her usual photography column this week, Leanna took a look at Apple's new photo editor for iOS. (Spoiler: It's powerful but not perfect, but a damn sight better than Photoshop Touch -and shows it's time for Adobe to ditch AIR and get in the native game.)

• iPhoto for iPhone and iPad review

Ally also tackled the questions that were rapidly filling our email boxes.

• Can you jailbreak the new iPad, AppleTV, and iOS 5.1?

Meanwhile, Georgia did the best she could to make sure some cool iPhone kit still hit the site.

• SGP Linear Blitz Case for iPhone 4S and iPhone 4 review

Some readers expressed concern that case might be too slippery or might interfere with reception. I've used it and found it had a great grip and didn't notice any signal lock. I'm guessing the ones the iMore Store sells are simply badass.

If you're not read-out yet

This went rather long, so I'll keep the recommended reading brief.

• From the Editor's Desk: Privacy, Google Play, Nexus tablets and more: Phil Nickinson started this very format on Mobile Nations and does it better than anyone.
• MacStories Reading List: New iPad Special Edition: Federico Viticci inspired me to share links to smart stuff I liked.

This Friday

I'll be lining up to get my new iPad in Montreal on Friday. Black. 64GB. LTE. (Go big or go Kindle.) If you're around, come say hi and get a free special edition iMore t-shirt.

I'm your huckleberry.

For a long time now, Apps have been able to access your Camera Roll as long as you give the app permission to access your location. The reason it needs that permission is that there may be geolocation (GPS) date included in your photos, and Apple protects that. Once you grant the location permission, however, the app has unfettered access to your photos and can do pretty much anything it wants with them, including great things like applying filters, doing edits, and sharing via social services. That's how all the popular photography apps work.

It's a non-intuitive, and frankly a little confusing way to handle Camera Roll access, but it shows Apple has thus far focused on protecting location data more than other type of data, including your photos. That means, yes, theoretically, a fake, malicious app could be created just to trick you into giving them location permission, and then they could steal your photos.

But that could happen with all sorts of content, with all sorts of malicious apps.

So is it worth pointing out? Absolutely. Is it worth sensationalizing? No, of course not.

This issue with the Camera Roll has been widely known for years. It's not new. It's just timely given the recent brouhaha over iOS apps uploading Contact information without permission. (Which was also widely known before the latest outcry.)

Apple has indicated they'll be adding Contact permission settings in a future update of iOS, perhaps even iOS 5.1 expected to be released next month alongside the iPad 3. However, there's a greater issue concerning iOS and privacy, and the manageability of privacy options that Apple still needs to address.

So, while nothing new and a tad sensational, it's good that these issues are getting attention, and that privacy is considered something platform makers like Apple need to keep in mind. Hopefully the renewed attention leads to better privacy protections for everyone.

More: 9to5Mac, New York Times

Control, privacy, platform, and competition are just some of the reasons both iOS and OS X integrate Twitter but not Facebook.

With the upcoming release of OS X Mountain Lion, Apple will be fully integrating Twitter social sharing across all of their included apps, as well as extending a developer API for 3rd party apps available through the Mac App Store. This follows similar integration in iOS 5 last year and leaves one huge, lingering question: where's the Facebook integration?

Facebook has roughly 845 million users on their platform, and Facebook for iPhone has been one of the most popular apps on the App Store since launch. Both iOS and Facebook are massive platforms and the intersection of those to platforms is enormous.

That's not taking anything away from Twitter, which is also extremely popular and also shares a huge intersection between its user base and Apple's. They're just very different social networks, with different features, and iOS currently only has one and not the other.

So why would Apple choose to leave out Facebook and rely only on the less-enormous, less feature-filled Twitter for social integration in OS X 10.8 and iOS 5?

Control

The first reason that springs to mind is control. Apple likes to have as much control over their platform as they can in order to deliver the absolute best user-experience possible. Twitter doesn't take much issue with this, but Facebook is a different story.

Apple and Facebook once tried to work together on Apple's Ping social music service. According to the late Steve Jobs, Facebook wanted "onerous" terms in order to allow integration between Ping and Facebook's platform. Apple declined. Facebook pulled support. Finger pointing and harsh words followed.

(There are also some signs that Apple and Facebook flirted with integration in iOS 4 as well, but nothing became of it.)

Privacy

Apple has had some issues with privacy, including the collection of traffic data and recently apps that uploaded Contacts info without permission. However, they've also used privacy as a way to needles Google. Apple makes most of their money selling products, not selling advertising services, so they don't want to or need to collect a lot of user data. They've also been fairly unimpeachable when it's come to insisting other companies get users to opt-into sharing information up front, rather than force them to opt-out in some convoluted manner later. (Much to the consternation of advertisers and marketers, most recently in the magazine subscription area.)

Facebook on the other hand likes to collect huge amounts of data from its users, often with a collect first, apologize later mentality. Apple might take issue with Facebook wanting to harvest iOS user data, package it up, and market against it. Especially if all they, and users get in return is integration for status, photos, and location.

Platform

Facebook views their service as a platform. Just as OS X and iOS are unique and proprietary platforms meant to help Apple sell hardware, Facebook's platform is a proprietary service meant to help them collect data and sell ads. Apple wants to prioritize their iPhone and iPad devices, Facebook their social graph.

Those different and diverging priorities can easily be at odds and lead to conflict.

Competition

Lastly, Facebook has long been rumored to be working on their own smartphone. This could present the same problem for Apple that Google did when Android was released. In fact, it could be an even bigger problem if Facebook's integration is more broad than a maps or video app, or a mail account. Facebook integration isn't a bell that can be easily un-rung.

It would make sense for Facebook to make their own smartphone, however, the same way it made sense for Google.

Steve Jobs threatened to go Nuclear on Google when Android was released, to spend Apple's last dollar suing Google over their "stolen" technology. Would Apple set themselves up for that to happen again?

Twitter

Twitter doesn't seem to want as much control as Facebook. They're so far much more upfront about user privacy. While they're also a platform, it's one that seems -- at least for now -- more compatible with Apple's needs than is Facebook's. There's also no sign of a Twitter Phone on the horizon (or rather, almost every smartphone is already a Twitter Phone these days.)

Of course, it's always possible that Apple and Facebook may come to some sort of agreement down the road, ultimately paving the way for Facebook integration in iOS 6 and future versions of OS X. During Apple's recent shareholder meeting, CEO Tim Cook was asked about their relationship with Facebook and where exactly the popular social network would eventually come into the picture.

We do a lot with them, our users use Facebook an enormous amount. [...] I've always thought that the two companies could do more together.

Apple could stay away from Facebook just as they have always done, allowing Twitter to continue on its course of massive growth and user adoption. Or Apple and Facebook could patch up their differences, work out a deal, and give users more benefit with additional social sharing options..

Regardless, it would be nice to see the two work something out given how popular Facebook is and how often most of us use the social network on our iPhones, iPod touches, and iPads.

Google can keep track of everything you've ever searched for using their Web History service, even if you've cleared the browser history on your iPhone, iPad, or PC. Now that Google is changing their privacy policy -- which some view as an excellent simplification and standardization and others see as a disturbing data grab -- it means your search results won't be kept separately but potentially shared with each and every other Google service.

The Electronic Frontier Foundation (EFF) has this to say:

Until now, your Google Web History (your Google searches and sites visited) was cordoned off from Google's other products. This protection was especially important because search data can reveal particularly sensitive information about you, including facts about your location, interests, age, sexual orientation, religion, health concerns, and more. If you want to keep Google from combining your Web History with the data they have gathered about you in their other products, such as YouTube or Google Plus, you may want to remove all items from your Web History and stop your Web History from being recorded in the future.

If you choose to disable Google Web History, here's how:

1. Log into your Google account
2. Go to http://www.google.com/history
3. Tap on Remove all Web History

Once you remove your Google Web History, Google will also stop recording it going forward (unless or until you re-enable it via the same page).

Google has been under increased scrutiny lately when it comes to online user privacy, for the heavy handed way they've used Search and Gmail to push their social networks like Google Buzz and Google+, and more recently for the discovery they've been circumventing Safari's third party cookie protection.

Via: EFF

California Attorney General Kamala D. Harris announced today that Apple has agreed to better protect iOS users' privacy by disclosing the permissions an App Store app will require before a user downloads or purchases an app.

"Your personal privacy should not be the cost of using mobile apps, but all too often it is," said Attorney General Harris. "This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps," Attorney General Harris continued. "By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used."

The way apps treat our personal, private data has been in and out of the news for years, but recently gained attention again following the discovery that some iOS apps were uploading Contacts data to their servers without explicit user consent. Though against Apple policy, the use of private data like Contacts or Calendars isn't prevented by iOS the way Twitter accounts, location, and push notifications are.

Apple may decide to take a page from Google's Android Market, and show a list of permissions an app will require in a tab on the App Store.

That's a huge win for users concerned about their privacy and wishing greater transparency from developers and platform owners both. However, it doesn't address the scalability or usability issues that remain within iOS -- longer permission lists require better interfaces or they risk users getting annoyed or bored and no paying attention to them.

Personal responsibility is an absolute must, and if we tap through or scroll through without reading, we abdicate our right to complain later, but making permissions easier to navigate and update goes a long way towards making life easier for users and mitigating the overload "too much information" sometimes causes.

We had some ideas about what we'd like to see in an iOS 6 permissions panel, but no matter what Apple implements, it's important this issue has gotten the attention it has.

Along with Apple, Amazon, Google, HP, Microsoft, and BlackBerry maker RIM have also agreed to the new privacy principles.

Source: State of California via The Next Web

Google is facing an inquest after having allegedly been caught bypassing Apple’s Safari web browser privacy settings on iPhone, iPad, and Mac. Google gets the big headline, of course, but Vibrant Media Inc., WPP PLC's Media Innovation Group LLC and Gannett Co.'s PointRoll advertising companies were all named in the report for tracking the web browsing habits of Safari and Safari Mobile users even when users have opted out of such tracking via Safari's cookie settings. According to the Wall Street Journal, Google and the other advertising companies used a special code that tricked Apple’s Safari browser into providing information even though it should have blocked it.

The Google code was spotted by Stanford researcher Jonathan Mayer and independently confirmed by a technical adviser to the Journal, Ashkan Soltani, who found that ads on 22 of the top 100 websites installed the Google tracking code on a test computer, and ads on 23 sites installed it on an iPhone browser.  The technique reaches far beyond those websites, however, because once the coding was activated, it could enable Google tracking across the vast majority of websites

Google issued a statement to the WSJ claiming that it had mischaracterized what had happened and claimed Google had used known Safari functionality to provide features that signed-in Google users had enabled.

Google has since disabled the rogue code after being contacted by The Wall Street Journal. WebKit, the open-source browser engine that powers Safari (as well as Google's Chrome browser) already has a fix in place to prevent the work around, and Apple should be rolling that out to iOS users in a future update.

An Apple official said: "We are working to put a stop" to the circumvention of Safari privacy settings.

This bypass seems specific to Safari because, according to one of the advertisers, no other major web browser blocks their tracking by default. (Which should make any Chrome, Firefox, etc. users race to their settings post haste.)

This should also serve as yet another reminder not to believe companies by the words, but by their deeds. "Don't be evil" or "we care about every customer" is easy to say, and as technology enthusiasts we're predisposed to believe and even vigorously defend the companies we love. But they're big, they're out to make money, and as advertising revenue increases, we become their products, not their customers.

Were you surprised by this news? Is Google getting more of the attention than they deserve because they have the biggest name? How do you feel about companies bypassing Apple's tracking protection?

Source: WSJ

After the whole mess with social networking app, Path, uploading Contact data from iPhone users without asking, the U.S. Congress has started to get involved. Energy and Commerce Committee member Henry Waxman and Commerce, Manufacturing, and Trade Subcommittee member G. K. Butterfield issued an open letter to Apple CEO Tim Cook asking some probing questions regarding the iOS developer agreement.  Most of them center around the agreement's reference to transmitting "data about a user". Some of the juicier questions include:

• "Do you consider the contents of the address book to be 'data about a user'?"
• "Do you consider the contents of the address book to be data of the contact?  If not, please explain why not.  Please explain how you protect the privacy and security interests of that contact in his or her information."
• "How many iOS apps in the U.S. iTunes Store transmit information from the address book?  How many of those ask for the user’s consent before transmitting their contacts’ information?"

In response, Apple's Tom Neumayr said in a statement that they intend on requiring explicit permission to access address book data in a future release, much like how location data is handled now.

"Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

There's no mention of whether or not that will be in iOS 5.1, which Apple has been testing for some time, and may release alongside the iPad 3 in March.

The letter from Congress sought a formal reply by the end of the month, though I doubt we'll get to read that response. Apple has had some hiccups with location privacy in the past, but their corporate line has consistently been to treat private data with the utmost respect. While it's tricky holding Apple accountable for the snakey stuff that developers do in the App Store, it is their job to curate and approve submissions, and if a bad app slip through the cracks and reaches the public, it's the iPhone's reputation on the line.

At first glance, Android seems to have a better privacy system in place, as it ensures that you provide explicit permission for an app to access different types of data, but I definitely worry that the folks at Google don't look as closely at submissions as Apple does.

iMore put up a concept piece on how we'd like to see contacts, and permissions in general, handled in iOS 6. Would a popup make you feel more secure about your iPhone's personal data? Will it legitimately change a user's behaviour, or will they approve it as absent-mindedly as they do location permission now?

Source: Congressional letter, via The Next Web, AllThingsD

What do some popular iOS apps to with your Contact data? Do they grab it without permission, transmit it without protection, and store it without regard to privacy? Or do they treat it right, with respect and responsibility? That's the question both Dieter Bohn of The Verge and Matthew Panzarino of The Next Web sought to answer today.

The reason for the sudden interest -- in a years old problem -- is because a popular app, Path, was discovered taking users Contact data without asking, and uploading it in an insecure way to their servers. It wasn't nefarious; as with other apps that do likewise, they were trying to provide a service -- match users with friends who are also users. They just coded first, asked questions never.

For more background, and the solution iMore would like Apple to implement, see our recent editorial: iOS 6 and privacy: How Apple should draw inspiration from Android for better app permissions

The Verge spent the day packet sniffing popular apps, basically running their own man-in-the-middle attack, to see if any Contact data was being transmitted and if so, how it was being handled. The Next Web received an assist from Tweetbot developer Paul Haddad, who ran his own, similar tests.

Of the apps found to be on the naughty list, or in the gray-zone, it sounds like the publicity will be causing swift updates.

Hit the links below to see the results.

Source: The Verge, The Next web

Like with Notification Center, Apple should look to and improve on what Google's done with Android to better keep our Contacts safe.

Earlier this week the internet got itself into a kerfuffle over Path, a small-circle social networking app for the iPhone, which took Contact information without asking and openly transmitted it to Path's servers. It's an important issue to be sure, one worth getting into a kerfuffle over, and Path eventually apologized and vowed to make changes. But Path was only one of many, many apps to act this way.

A couple of years ago there was a similar kerfuffle over Dragon Dictation when Nuance was transmitting Contact information to their servers as well. Nuance did this, it turns out, so that its server-side voice recognition services could better understand the names of your friends and family.

Path, it turns out, did this so it could notify you if your friends and family were already using, or started using, their service and offer to connect you in the app as well. (Though the "open transmission" part was concerning -- hashing or otherwise encrypting the data between iPhone and server would have been a good idea.)

It could have been any of a number of other apps in Path's place, however, if they'd been discovered first. Many of them are now updating, adding security if they weren't already, and custom-making request popups for user permission before transmitting Contact information. And that's a good thing. But it exposes a problem with the way Apple currently handles user privacy on the iPhone.

If an app, any app, even a built-in Apple app, wants to know your location, it has to ask for permission. If it wants to send you Push Notifications, it has to ask for permission. If it wants to access Twitter integration, it has to ask for permission. If it wants access to any of your personal information, however, like Contacts, it doesn't have to ask at all.

Apple should change that, of course. They should require that apps ask permission to access Contacts -- and Calendars, and any other personal data -- and insist any information be transferred in a secure manner, and never be stored permanently on a developer's servers.

Just like with Push Notifications back before iOS 5, however, their popup requester system doesn't scale. Right now, if you launch a new Twitter app for the first time and you get popup after popup, asking you to tap to approve Twitter account access, location, and Push Notification. Imagine when Contact access, Calendar access, and conceivably other information is added to the list. As the number of popups grow, the likelihood that a user will read and consider each one falls precipitously. They'll just start tapping through to get to their app.

Current iOS permission requests come via popups, which limits their scalability.

There's a school of thought that says inattentive users deserve what they get -- if they don't read, they abdicate their right to complain later. Apple doesn't usually subscribe to that school of thought, however. That's probably why they've kept permission requesters to a minimum for now.

Just like with Push Notifications, however, a better solution exists outside popups, and Android could once again be drawn upon for inspiration.

Android requires an app to list all the services it wants access to when you buy it

When you browse an app on the Android Market, whether via the web or in the Market app proper, there's a clearly defined place see what permissions that app will require. Arguably, Android presents way too many permissions and users might not bother to read them any more than they would a popup, but having them there as a permanent reference is invaluable.

Even on the web, Android Market presents you a list of permissions requested by an app

for iOS 6, Apple could do what they did with Notification Center in iOS 5, remove the cumbersome nature of popups, simplify Android's implementation, and, when an app launches, present a simple sheet of toggles allowing a user to pick and choose which ones they're willing to grant access to.

Mockup: What an iOS 6 "Permissions" sheet could look like, providing persistent access to information and toggles

Things like storage access are more noise than information, but Contacts and other areas that touch on personal information should absolutely be there.

Likewise, the permissions sheet could be kept available in the settings for the app (or in the general Settings.app), so users could easily change them at any time. Under special circumstances, if a service is absolutely required for an app to work -- for example, location is required for a photo editing app to access potentially geo-tagged photos in the Camera Roll -- then a popup could be generated explaining the situation.

For special circumstances, when an app absolutely needs a specific permission to function, a popup could then be used to inform the user.

Adding a list of permissions each app requires to the App Store, on device, in iTunes, and on the web would be a nice-to-have as well.

Path deserved the push-back they got for doing what they did with Contacts, but Apple deserves push-back for letting them do it in the first place.

Apple has shown a relentless drive to tackle the rough edges of iOS in recent releases, and as iPhones and iPads become more powerful and apps more sophisticated, privacy becomes one of the rough edges they need to get a handle on quickly.

They've used Privacy as a differentiator from the competition in the past, and Notifications and Location Services in iOS 5 are a huge leap forward when it comes to granularity and usability. Hopefully Apple brings it all together, and gathers up the loose ends like Contacts, in iOS 6.

There was a bit of noise yesterday about a popular mobile social networking app, Path, taking the address books of users wholesale, and storing them on their servers. Despite being transferred over SSL, and the data only being used to notifications when friends signed up, Path has apologized profusely and wiped any personal address book information from their servers. A patch to their iPhone app now provides a prompt if you're interested in receiving notifications when friends sign up.

It's good to see Path is being clear, prompt, proactive, and apologetic about the whole thing, but the whole situation still serves as a reminder that many of these mobile apps have access to a lot of personal information, and if you're uncomfortable with that situation, it's probably best not to go crazy signing up for every trendy new service to come along.

Personally, I've already surrendered to the fact that Google has an obscene amount of insight to my life, and if a few smaller software companies do too, fine. The worst they can do is deliver ads that are more relevant to my interests, and that doesn't sound like such a bad thing.

Source: Path

Do you love Path, the slick, simple, moment-sharing social network app for iPhone? Well, you get ready to dial it back a notch, because apparently they're storing your entire address book, e-mail addresses and all, on their servers, and in plain text. What kind of evil deeds does Path have planned for all that data? Well, the CEO, Dave Morin, said that the data is used exclusively to notify you when your friends sign up for Path. He also claimed that it's the industry standard to transfer that personal information in plain text, even though, as one commenter points out, it could be done with representative hash codes instead. Morin also said that they intend to update the iOS version with an opt-in dialog for the feature, which is a tweak they've already rolled out on Android.

If you're not cool with the data Path already has stored on their server, you can e-mail service@path.com and they'll wipe everything out for you.

The whole mess was discovered by the developer of an iPad news app called Denso. He was toying around with a new tool from mitmproxy.org that monitors the API calls made by apps by setting up a man-in-the-middle HTTP proxy.

This isn't the first time we've seen this issue on iOS. Nuance's popular Dragon Dictation faced and addressed similar concerns back in 2009. While we're prone to just hit the "allow" button on just about any app we download when prompted for access to personal data, you aren't currently getting that message when downloading Path on iOS. Even if you were, it's still pretty sketchy that this data is being transferred without being hashed, even if it's transferred over SSL. What if Path's servers got hacked? We wouldn't get much more than a "whoops" from Path. What worries me even more is that there are still a ton of other services out there just farming up personal data from not only you, but everyone you know, without your express or implicit permission.

It certainly makes me think twice when signing up for new services...

Source: Read Write Web, Denso, mitmproxy.org

Probably like many of you, I received my new Google Privacy Policy via email this week, and while couched in language about creating a more "beautiful" experience for us, the users -- read: products -- it's also clearly about Google leveraging their popular services like Search and Gmail to help their new services, like Google+, become competitive with Facebook and Twitter.

Because Facebook and Twitter scare the shit out of Google and when companies, like people, are scared they do dumb things.

Google in particular, once the brash, brazen upstart that gave the proverbial middle finger to old, portal-style search sites and promised to always deliver the best results, not just the best Google-owned results, is struggling with their inner demons now. They don't want to be replaced by social search the way their authoritative search replaced Yahoo! and Alta Vistas of old.

I've riffed before that any company sufficiently large is indistinguishable from evil. As they grow, as they face competitive pressures, the interests and agendas of their shareholders, stakeholders, and executives increasingly and more noticeably diverge from the interests of their users. From us.

They, like many of us, become the parents they used to despise.

Why does this matter to me and why am I posting it on iMore, an iPhone and iPad focused site? Because I'm a huge user of Google services and iPhone and iPad users in general are huge users of Google's services. We use Google Search, Gmail, Maps, YouTube, and other services every day. We give Google massive amounts of personal information. We give them our trust. And that absolutely means we have both the right and obligation to hold them to that trust.

According to Sarah Lacey at PandoDaily, Google's new, "don't be don't be evil" direction has become a concern even for many Googlers past and present, and the silence surrounding it is stymying even internal PR.

Good. This shouldn't be easy. It should be messy and public and painful, and if Google wants to keep getting and using our data, they should keep earning that privilege.

Hopefully the rumors of Larry Page not wanting to hear any opposition to their new Google+ strategy are false, and like Apple and Facebook have sometimes done in the past, Google's more unpopular new policies will be reversed, and soon.

Check the source link below for more on the issues surrounding Google's new, more publicly evil direction, and read on for the new privacy policy in full.

More: Page Rage Escalates As Google Cancels Twitter Android Meeting

Dear Google user,

We're getting rid of over 60 different privacy policies across Google and replacing them with one that's a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

We believe this stuff matters, so please take a few minutes to read our updated Privacy Policy and Terms of Service at http://www.google.com/policies. These changes will take effect on March 1, 2012.

One policy, one Google experience

Easy to work across Google

Our new policy reflects a single product experience that does what you need, when you want it to. Whether you're reading an email that reminds you to schedule a family get-together or finding a favorite video that you want to share, we want to ensure you can move across Gmail, Calendar, Search, YouTube, or whatever your life calls for with ease.

Tailored for you

If you're signed into Google, we can do things like suggest search queries – or tailor your search results – based on the interests you've expressed in Google+, Gmail, and YouTube. We'll better understand which version of Pink or Jaguar you're searching for and get you those results faster.

Easy to share and collaborate

When you post or create a document online, you often want others to see and contribute. By remembering the contact information of the people you want to share with, we make it easy for you to share in any Google product or service with minimal clicks and errors.

Protecting your privacy hasn't changed

Our goal is to provide you with as much transparency and choice as possible, through products like Google Dashboard and Ads Preferences Manager, alongside other tools. Our privacy principles remain unchanged. And we'll never sell your personal information or share it without your permission (other than rare circumstances like valid legal requests).

Got questions?

We've got answers.

Visit our FAQ at http://www.google.com/policies/faq to read more about the changes. (We figured our users might have a question or twenty-two.)

Notice of Change

March 1, 2012 is when the new Privacy Policy and Terms will come into effect. If you choose to keep using Google once the change occurs, you will be doing so under the new Privacy Policy and Terms of Service.

Please do not reply to this email. Mail sent to this address cannot be answered. Also, never enter your Google Account password after following a link in an email or chat to an untrusted site. Instead, go directly to the site, such as mail.google.com or www.google.com/accounts. Google will never email you to ask for your password or other sensitive information.

What better New Year's resolution to start with than to check out all your in-app privacy settings, especially where Google, Facebook, Twitter and other social networks are concerned? We know how it goes; you get a shiny new iPhone or iPad app and you just want to use it so you log in through Twitter of Facebook or Google because it's easy, quickly tap through all the set up pages, granting who knows what permissions and for how long, and then forget about it the moment the next shiny app comes along.

MyPermissions.org thinks you should take a few moments to review your settings, revoke or reduce access for those apps that no longer need full, free access to your personal, sometimes private data, and get 2012 off on a saner, more socially secure start.

(I just did mine and I was startled how many old apps still had access to my stuff.)

Source: MyPermission.org

• Subscribe via iTunes: Audio | Video
• Subscribe via RSS: Audio | Video
• Download directly: Audio | Video
• Show notes

Rene, Georgia and Michael Rose of TUAW discuss a media gone mad -- including ridiculous Siri allegations, crazy Carrier IQ coverage -- and how to protect our privacy, and the privacy of our families, in the digital age. This is Phone Live!

• Rainbow apple mod backplate courtesy of unyousual.net

Hosts

• Rene Ritchie (@reneritchie)
• Georgia (@GeorgiaTiPb)
• Seth Clifford (@sethclifford)

Special Guest

• Mike Rose of TUAW

Credits

You can reach all of us on Twitter @TiPb, or you can email us at podcast@tipb.com, or leave a comment on the website when the show goes live.

We're here every Wednesday night at 6pm Pacific, 9pm Eastern, 2am GMT, and our companion show -- iPad Live! -- is at the same time, on the same channel, on Sunday nights. www.TiPb.com/live

For all our podcasts -- audio and video -- including iPhone and iPad Live, ZENandTECH and Superfunctional, Iterate and Girls Gone Gadget and more... see MobileNations.com/shows

If you haven't already please subscribe to all our shows in iTunes and leave a rating. It helps people find the show and means a lot to us!

Thanks to the TiPb iPhone Accessory Store for sponsoring the podcast, and to everyone who showed up for the live chat!

Apple has issued an official statement regarding Carrier IQ software running on the iPhone, noting that they've stopped supporting the logging software in iOS 5 and plan to remove it completely in a future software update.

We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

The recent uproar surrounding the intrusive tracking methods used in the logging software by Carrier IQ has gained the attention of Senator Al Franken, who has in turn demanded answers from the company on exactly what information is being logged and sent back to carriers.

"Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information,” said Sen. Franken. “The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer."

So although Apple has used Carrier IQ software on iOS version prior to iOS 5, they weren't using it as extensively as other Android smartphones. Adding the fact that they plan on fully wiping Carrier IQ code from iOS 5 in a future update will probably help put your remaining worries to rest, but you can turn the service off completely in the meantime by following these simple steps.

Source: AllThingsD, Al Franken

The Wall Street Journal is reporting that Facebook might just be close to a settlement with the Federal Trade Commission (FTC) that would fundamentally change the way they treat their users, and their users' personal information.

According to people familiar with the talks, the settlement would require Facebook to obtain users' consent before making "material retroactive changes" to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used.

Facebook, which makes one of the most popular apps for iPhone and iPad, has been charged with misleading users about how private information was being handled -- making it public by default. Under this settlement, Facebook would switch from opt-out to opt-in, letting users decide what they want to share before sharing it, and be subject to audits for 20 years to ensure compliance (much as Google has recently agreed to, and Twitter to a lesser period).

Source: Wall Street Journal

Dropbox, the popular online file storage and sharing service used by many iOS apps, has updated their terms of service, ostensibly to make their policies "easier to read and understand, and better reflect product improvements". This after controversies involving how they handled encryption, who could and couldn't look at your files, and an incident when passwords were disabled for a very short period of time and anyone could, theoretically peek inside. They've put up a blog post to help explain the new ToS and the reasons behind them, and are updating it as they get users' feedback. Some key points:

You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

This is legal ass-covering. Dropbox is hugely popular among iPhone, iPod touch, and iPad users, primarily because it's easy to use and they provided really robust APIs that developers could use to get around Apple's up-until-now p!$$-pour file sharing abilities. A large amount of iOS users use Dropbox and a large amount of Dropbox users use iOS. To enable that sharing, they feel they need to "own" the files so they can avoid being sued if anything unforeseen happens (probably including legal demands.) So, if they use your files, it's not their fault. If you misuse their system, by contrast, it's all your fault. They're not taking the fall for any illegal material you choose to store there.

We wish we didn’t have to use legal terms at all, but copyright law is complicated and if we don’t get these permissions in writing, we might be putting ourselves in a tough spot down the road. Not to bore you with the details, but please take a look at the license term in the TOS. We think it’s fair and strikes the right balance: “This license is solely to enable us to technically administer, display, and operate the Services.”

The important thing to remember is this: don't consider anything you put on an internet connected device to be private. Ever. Some of it will be better protected than others. Some of it will be far less of a target than others. But anything stored can be accessed, by accident or by malicious interception. (Just ask any young star in Hollywood with a camera phone and lack of discretion, unfortunately.)

Security and convenience are always in contention and online services like DropBox fall heavily on the convenience side.

Read the whole blog post below and let Dropbox -- and us -- know what you think. Will any of this change your Dropbox usage? Will iCloud?

[Dropbox blog]

UPDATE: 1Password has a great blog post up about the Dropbox changes as well. [1Password]

Security researchers, including Pete Warden have discovered that iPhone records location data, stores it in a file, and syncs it with iTunes. That means the data -- and the record of your location over time -- persists even when you upgrade or change iPhones. There's no evidence Apple transmits or receives a copy of this data or stores or uses it in any way beyond locally on your device and PC.

That Apple is doing this without disclosure is disconcerting, and as the researchers point out, it raises some security and privacy concerns:

"Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been."

The researchers have created an FAQ and app (see the link below) that visualizes the data for those interested in seeing what is stored. The process uses cell towers to record location, so it can be fairly inaccurate. When I tried it, it had me in several places I'd never been. That a would-be-location thief needs physical access to your device also mitigates my concern slightly, because anyone with physical access can get my contacts, business emails, messages, and all sorts of data that may or may not be even more worrisome than gross location data for the city in which I live.

Anyone here spooked?

[iPhoneTracker via The Guardian]

Twitter recently suspended all Twitter clients supported by Ubermedia. Among the clients suspended are Twidroid and UberTwitter, which are both insanely popular on Android OS and Blackberry OS. They also operate and support the popular TweetDeck client which is available on iOS and several other platforms. They've also acquired Echofon, another popular Twitter client for iOS.

According to Twitter, they've been working with UberMedia since April of 2010 when they were operating under the name TweetUp, which also apparently violated some copyright issues. Currently Twitter is claiming that Ubermedia has changed the content of tweets in order to generate revenue for themselves. They've also pulled the clients due to privacy issues concerning direct messages over 140 characters.

When asked about the suspension, Twitter spokeswoman Carolyn Penner had this to say:

We ask all developers in Twitter ecosystem to abide by a simple set of rules that are in the interests of our users, as well as the health and vitality of the platform as a whole.

We often take actions to enforce these rules; in fact, on an average day we turn off more than one hundred services that violate our API rules of the road. This keeps the ecosystem fair for everyone.

Some of the allegations being held against UberMedia are pretty serious. For the full letter Ubermedia received, hit the break!

Dear xxxx,

Regardless of how you access Twitter, we are dedicated to making Twitter better, faster and more reliable for you. As part of this effort, we ask applications that work with Twitter to abide by a simple set of rules that we believe are in the interests of our users, and the health and vitality of the Twitter platform as a whole. We often take actions to enforce these rules.

We are sending this email today because we suspended twidroyd for violating our policies.

Every day, we suspend more than one hundred applications that are in violation of our policies. Generally, these apps are used by a small number of users. We are taking the unusual step of sending out this letter because today’s suspension may affect a larger number of users.

We are committed to helping you continue to use Twitter during the disruption of this application. You can download Twitter for Android and other official Twitter apps here. You can also try our mobile web site or apps from other third-party developers.

We appreciate your continued support of Twitter and regret any inconvenience to you.

Updated: Jerry over at AndroidCentral reached out to UberMedia to see if they had any response to the whole thing and this is what we received back:

STATEMENT FROM UBERMEDIA REGARDING TWITTER’S SUSPENSION OF SERVICE TO UBERTWITTER, TWIDROYD AND UBERCURRENT

PASADENA, CA – February 18, 2011 – Early Friday morning, Twitter shut off access to its service by several of our Twitter client applications: UberTwitter, Twidroyd, and UberCurrent. Twitter then notified us that they believed we were in violation of several provisions of their terms of service.

We were immediately in touch with Twitter, and the changes they asked us to make were very small. As a result, we have completed the changes, and new apps are currently being posted to their respective stores. Twitter has assured us that as soon as those changes were complete, they would reactivate our applications.

Twitter also asked us to modify the name of UberTwitter. We began a process of changing the name three weeks ago by polling our users, and we’ve decided based on their input to change the product name to UberSocial, which we completed today.

To our millions of loyal users, we appreciate your patience during this temporary period. We look forward to continuing our innovations on the Twitter platform.

Bill Gross, CEO
UberMedia, Inc.

It appears either UberMedia is playing down the issue or it really wasn't that big of a deal in the first place. What do you guys think?

TechCrunch

Worried that Apple's iAd's is getting too nosy about your personal information and wondering how to opt-out of sharing it with the advertising network? On the plus side personalized ads usually better reflect your interest and can be less annoying but if you're hyper-concerned about your privacy you may just want to cut it off. We'll show you how after the break.

[Apple knowledge base, thanks Dev!)

iAds uses aggregated, anonymized personal data to help serve ads it thinks will be more relevant to your personal interests. Google's AdMob and, frankly, every other online advertising system does the same. If that gives you the heebie-jeebies, however, Apple at least gives you a way to opt-out (advertising isn't their main business, go figure?). They'll also let you opt back in.

How to opt-out of iAds

1. On your iPhone, iPad, and/or iPod touch (yes, you have to do this individually for each and every device), go to http://oo.apple.com.
2. If/when you see the message "You have successfully opted out", you're done.
3. Repeat with any and all of your other devices.

How to opt-in to iAds

1. Once again on your iPhone, iPad, or iPod touch (and yes, once again you have to do this individually for each device), go to http://oo.apple.com
2. You'll see a message saying you've already opted out but you'll also be given a link to opt back in. Tap on the link (it's a tiny text link, not iOS optimized at all -- sigh!)
3. You should be opted back in at this point (we keep getting an error but it seems like we're opted back in.)

The fine print

It's important to remember you'll still see ads they just won't be personalized based on your device's information and your usage patterns any more. Also, you'll only be opted-out of Apple's iAd network and you'll still get Google, Microsoft, and independent ad networks tracking you unless/until they provide and you make use of their own opt-out systems. Minority Report indeed!

Tips of the day will range from beginner-level 101 to advanced-level ninjary. If you already know this tip, keep the link handy as a quick way to help a friend. If you have a tip of your own you'd like to suggest, add them to the comments or send them in to dailytips@tipb.com. (If it's especially awesome and previously unknown to us, we'll even give ya a reward...)

Some Facebook for iPhone users are experiencing two rather annoying bugs -- Facebook does not send their status updates to their friends' live feeds, and Facebook for iPhone seems to be missing from all users' privacy settings. Details after the break!

Facebook for iPhone status update bug

When a use who is experiencing this bug updates their status with the Facebook for iPhone app, the status only appears on their wall and not on their friends' live feeds. Meaning, in order for one of the user's friends to see the status, they must go directly to the user's wall - which most people don't do. An irritating bug to say the least.

Workaround

• Facebook's mobile site and touch site work just fine. So you can use them until Facebook fixes this problem.
• Use a different app to post Facebook status updates

Facebook for iPhone missing privacy settings

The other issue with the Facebook for iPhone app has to do with privacy. When you add an app to your Facebook account, it gets added to the list of apps you use in your privacy settings. It is here that you can see what information any given app has access to, as well as remove any ability that you do not approve of. The problem is that the Facebook for iPhone app is not included in the list. This means that no one knows for certain what permissions Facebook for iPhone has.

Workaround

• Stop using Facebook for iPhone (not an acceptable solution, Facebook needs to fix this!)

Are you experiencing either of these bugs? If so, have you discovered any other fixes or workarounds? Are you using the mobile or touch site, or have you installed a different app to post status updates? What are your thoughts on Facebook for iPhone being non-existent in your privacy settings? Sound off below!

[Facebook discussions, thanks Bob for sending this in!]

Does it bother you that some apps running on your iPhone (or Android phone), that know all your contact information and perhaps even your current location, could be spying on you? The Wall Street Journal says:

An examination of 101 popular smartphone "apps"—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders.

It seems like we've been talking about this since Apple added a GPS and the App Store to the iPhone 3G and iOS 3 back in 2008 and everyone from tiny, unknown developers to giants like Google began taking advantage of the features -- in both senses of the word.

Sometimes it can be beneficial -- Google's web search, Gmail, and mobile AdMob adds try to give us ads that better reflect our interests so they're less likely to annoy us and, of course, we're more likely to click on them. Apple's now in that game as well with iAds. But what about those tiny, unknown developers using their free or cheap apps to extract your information?

Apps sharing the most information included TextPlus 4, a popular iPhone app for text messaging. It sent the phone's unique ID number to eight ad companies and the phone's zip code, along with the user's age and gender, to two of them.

Pandora is also cited as an app that transmits lots of demographic information. Apple claims they police the apps and make sure they fall within proper guidelines but the WSJ believes some, like Pumpkin Carver, can skirt the rules, and many of the developers claim they anonymize data before aggregating it and transmitting it on to advertising networks.

While permission is required to share location, no permission is required to share your iPhone (or iPad or iPod touch) UDID -- the unique identifier, effectively a fingerprint or "super cookie* that can be used to correlate and track all your activities. Angry Birds, according to the WSJ, sends both UDID and location data back to its publisher (who says they don't use it to advertise and don't share it with anyone else).

The entire article is fascinating reading especially for those concerned with privacy in the mobile information age. Personally I trust Apple and Google but I'm not sure I trust every little developer who has the same access to my data or who uses Apple's and Google's networks and systems.

What about you, any alarm bells ringing?

[Wall Street Journal, thanks Dominick!]

Google Latitude just landed on iPhone and as with any location-based app, it's always good to know how to turn it off and maintain your privacy when you so choose. This one can be a little trickier than most since it looks like even quitting the app and rebooting doesn't turn off Latitude tracking.

We don't know if this is some bad coding on Google's part, whether Apple's background location API is supposed to be allowed to do this or not, or if this is just the way Latitude is designed to work (scrary if so!) but it just seems to stay on. In order to turn Latitude's tracking off this is what you need to do:

• Tap Settings
• Tap General
• Tap Location Services
• Scroll down to Latitude
• Flip the switch to off

You should see the little arrow icon in the status bar up top disappear and then you'll know Google is no longer following your every move. To turn it on again just flip the switch back.

UPDATE: Yes you can go into Latitude: Settings and turn off Background Updating. That works too. Whether you wish to turn it off in Google's app or Apple's settings is up to you. If you want to be really sure maybe do both.

Are you sensitive about your location and does Latitude raise any alarms for you if so? Let us know in the comments!

[Thanks @bengillam]

Facebook has once again updated their iPhone and iPod touch app, this time adding access to account and privacy settings and fixing a photo upload bug. The new version (3.3.2 for those keeping track at home) lets you access the settings via the Account button at the top left of the home screen, but then simply loads the Facebook.com web page. It's nowhere as good a user experience as if they added those settings to the app proper, but it does mean Facebook won't have to update the app whenever they update those pages (it also means you can use it as a way to move between the app interface and the website without having to jump to Safari).

The photo upload bug fix is nice to see. The "no iPad version" bug persists, however.

If you've tried out the settings, and if photo uploads are finally working for you the way they should, let us know!

While a lot of controversy has surrounded Facebook and privacy, Google has lately made many wonder if they could still be trusted with our private, personal info as well.

Personally, I'm all in with Google and I don't see that changing unless/until something truly cataclysmic happens. Dieter told me to sell my soul and enjoy all the free, fantastic services and sell it I did. I've significantly curtailed what I share over Facebook in light of their privacy stumbles, yet I've continued to go full steam ahead with Google.

Still it's inarguable that the young, upstart, idealistic company many of us geeks knew and loved has been changing as of late. It's almost like the hippie, carefree days of Larry and Sergei are slowly morphing into the conservative, corporate era of Schmidt right before our eyes.

Wi-Fi data retentions, DoubleClick, Verizon net-neutrality deals, Buzz's early privacy problems, the whole China fiasco, Android returning control to the carriers, and odd, almost allegorical comments from their CEO about changing names as we come of age to distance ourselves from the indiscretions of youth... they give pause.

It's also undeniable that, while Google was once an unassailable darling of the tech media, that's been slowly changing as well, especially in light of the above controversies.

iPhone and iPad owners typically use tons of Google services. Their maps and search and videos are built in. Their Gmail, Google Calendar, and Google Contacts are only getting more popular and better on iPhone and iPad. In return Google knows what web pages we go to, what we search for and click on, who our friends and associates are, where we are, and what we're doing. Every time we use the internet in almost any way, Google tracks us, anonymizes and aggregates us, and uses our data to advertise to us.

When "don't be evil" seemed a much more heartfelt motto, most of us didn't seem to care. How about now?

Facebook Places not only lets you "check in" to various locations (a la Foursquare or Gowalla) but it allows your friends to check you in as well, which could be a little creepy. Luckily for those of us who prefer to keep where we are private, our good friend Phil Nickinson from Android Central tells us how to "just. stop. it.":

You can disable that "feature" now by going into your privacy settings. Hit the "customize" link, scroll down to the "things other share" section, and disable the "Friends can check me into places" feature."

Fortunately, the first time anyone tries to check you in you'll get an email notification, but if you prefer to do your own dang checking in, thank you very much, follow Phil's advice up top.

[Facebook via Android Central]

Apple restricting third-party advertisers from collecting personal data if they are owned by another platform vendor could be a way of preventing Google's AdMob from competing directly on the iPhone with Apple's iAd, but it could also be a sign that Apple, cranky after leaked iPhone prototypes and iPad analytics, is determined to take back control of user data.

Steve Jobs was nothing if not heated at the D8 conference about the leaked iPhone prototype, and perhaps even more so about in-app analytics taking user data, including device and location, and using that to reveal details about the iPad long before it was announced. Imagining Apple's subsequent reaction to the thought of now-rival Google having early access to such detailed information not only about unreleased Apple devices, but about which devices iOS users have, at what location, and their app usage patterns probably sent a chill down their collective spines.

App Cubby's David Barnard put together an excellent post about it earlier today:

When you use Google search and other Google products, they collect a tremendous amount of information and use that information to customize and better serve the ads that are the core of their business. Many users don’t even realize this is happening, others are comfortable with it and have some level of trust for Google’s intent in using that data.

Well, Apple doesn’t trust the benevolence of Google, developers, and other third parties involved in the iOS platform. Apple wants to control the flow of user information.

Barnard also points out Apple primarily makes their money off hardware sales, not the brokering of user information the way Google or Facebook do. He also suggests part of AdMob's $700 million value to Google was exactly the type of data they could pull off iOS devices:

[David Barnard / App Cubby]

Facebook recently announced some huge changes to how, where, and perhaps even why they operate -- and it effects every Facebook users' privacy. Short version: Facebook is "building the social web" by sharing your and your friends' information with more apps, for longer, and via more places outside Facebook than ever before and they're opting you into it by default.

If you're the footloose and privacy-free sort who lives every moment online with little or no care about who knows what about you, then this likely doesn't effect you one bit.

If you're more guarded about your privacy and the privacy of your friends and families, if you're concerned about who gets your information and where, then check out this guide to protecting your information on the new Facebook from Download Squad and get to clicking off those permissions (and no doubt cursing Facebook for not defaulting them to "OFF!" to begin with).

Facebook is obviously huge on the iPhone -- one of the most popular apps of all time -- so we're curious what you think about these changes? Do you worry about your privacy online? Do these changes make you consider scaling back or removing your Facebook presence? Or do you figure the more information about more people available, the harder it will be to find anything about anyone specific?

[via @sethclifford]

NLU Products, makers of BodyGuardz, were gracious enough to take some time out at CES 2010 and show TiPb their four-way ScreenGuardz Privacy film for iPhone. Four-way means it won't just shield your iPhone from prying eyes in portrait mode, but horizontal as well. Buh-bye over-the-shoulder airplane movie snooper!

Check out the video, after the break!

Nuance's Dragon Dictation for iPhone raised some privacy concerns upon launch due to the server-side nature of its transcription and the apparent transmission of users' contact list to Nuance's servers. Addressing at least some of these concerns, Nuance has posted the following statement:

Some people have expressed concern about what the new Dragon Dictation for the iPhone application does with your contact information. As you may have experienced already, Dragon Dictation for the iPhone goes through your contact list on your iPhone and uploads the names to our server. We do this for a pretty simple reason: we found that people are often dictating names from their address book and expect the names to be recognized. We take this information and create an anonymous user profile for your device that understands what names are likely to dictate into a document. It's important to note that we only upload the names, not the e-mail addresses, phone numbers or any other personally identifying information from your contacts.

Even though there is no personally identifying information, we still treat all of this information with the highest privacy standards. All of our servers are located in the United States and meet the most stringent privacy and security standards. We conform to these high standards because we use the same data centers for other areas of our business where we are required to store personal information.

All of this is spelled out in our license agreement that comes with the Dragon Dictation for the iPhone application. Since most people only see that license agreement briefly when they are installing the software (and they usually can't wait to start using their software, so they don't spend 30 minutes reading a complex legal document...), we provided a link to that agreement here: http://www.nuance.com/company/privacy/.

So the bottom line is that nothing scary is happening with your data and we only use a little bit of information from your phone to help make the dictation accuracy as high as possible. If you have any questions, comments or concerns, feel free to post them here.

Michael Thompson, Senior Vice President & General Manager, Nuance Mobile

Of course, Nuance is storing all your transcriptions on their servers, which while not dissimilar to Google, Microsoft, Yahoo!, or Apple storing all your email, documents, location, etc. is an important factor for users to keep in mind so as to make informed decisions about services and the companies behind them.

Let us know what you think of the statement, and if it does indeed address your concerns (or not).

It looks like Apple is using its rejection power for good this time -- removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone's phone number.

Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn't taking any chances following the Storm8 lawsuit. Touch Arcade has the details:

The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, NSGetEnviron and excserver. Mantas Puida of Unity Technologies explains these two API's utilized by the Unity engine serve the following functions:

_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().

exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.

The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. Hopefully this will keep users' data safe from unscrupulous developers, while the scrupulous ones continue to turn out great games.

[Touch Arcade via TUAW]

The Register is reporting that a lawsuit has been filed against an iPhone game developer for privacy violations:

The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. [...] to access, collect, and transmit the wireless phone numbers of the iPhones on which its games are installed," states the complaint, which was filed in US District Court in Northern California. "Storm8 does so or has done so in all of its games." [...] [including] World War, iMobsters, Racing Live, Vampires Live, Kingdoms Live, Zombies Live, and Rockstars Live.

The complaint claims they're violating the Computer Fraud and Abuse Act, and is seeking Class Action status. It's not the first time we've heard about apps violating user privacy, hopefully Apple's new iPhone security manager will first and foremost focus on these types of exploits. And, yeah, let the courts smite any abusive developers in the meantime...

[via Wabbit in the TiPb forums]

The iPhone Dev-Team take a break from the Jailbreak to throw some light on the issue of 3rd party iPhone apps tracking users' location. Joey Hess and our friends over at PreCentral.net kicked up a bit of a ruckus last week detailing how the Palm Pre reports users' location data back to Palm HQ. Well, says the Dev-Team:

Although we have yet to find an application by Apple that tracks your location, there are certainly a number of “free” applications in the official AppStore that are designed to do just that. Case in point: there’s this rather cute/gimicky app that lets you determine the tip for your waiter or waitress by tilting your phone as you pass it around the restaurant table. But if you dig a little deeper (like bushing did) you’ll find it uses a library by Pinch Media that is specifically designed to track your geographical location through time, then upload that data to Pinch Media. (Oh and it also show you an ad, as an extra bonus).

They point out that the iPhone will ask before any app is allowed to use location data, but also that it will keep asking to the extent that users might just agree to prevent being constantly annoyed with popups.

The Dev-Team goes so far as to describe these types of apps using the dreaded "s" word. That's right -- SPYWARE. However, in a web increasingly dominated by companies seeking to aggregate (hopefully anonymized?!) user data as a way to monetize (providing free or cheap apps in exchange for the shared data and tolerance for advertising), how broadly can that term now be applied? Many, especially tech-savvy, users are happy to let Google's Gmail scan their email and serve ads in exchange for the service (and don't even get us started on Chrome parsing all URLs a user enters through Google, or their purchase of DoubleClick...)

Should we be concerned more about small, 3rd party companies? About Apple, Palm, and Google-type companies? Or is it just the way of the world now?

How about this -- Perhaps Apple could give us app-specific Location settings, much as we now have app-specific Notification settings? That way, there'd be a list of apps that use location, and we could individually turn off those with which we don't want to share our location. How about it, Apple?

No word yet on whether you get a pocket Hasselhoff to push it for you, but it sounds like Opera Mobile 9.7 is set to bring back the "Turbo" boost in an effort to take it to Mobile Safari (and, we presume, WebKit in general as found on the iPhone, Google Chrome lite for Android, Palm Pre, some Nokia devices, etc. etc.... etc...)

Ganging up on the "real internet" browser are our good friends Matt Miller from NokiaExperts.com and Phil Nickinson from WMExperts.com. Matt explains the concept behind Nokia's blast from the past via his ZDNet blog:

Turbo mode that supplements the native Opera Mobile browser with the proxy functionality found in Opera Mini. So, with Opera Mobile 9.7 and Turbo mode enabled you get a fully functioning web browser with proxy/server side lifting going on to provide the FASTEST browsing experience currently available on a mobile phone.

TiPb vaguely remembers proxy and cache tricks from those old spamvertisements promising to quadruple our old dial-up modem speeds. Phil tries to pip us to the proxy post, however:

OK, this isn't exactly a fair fight, but forget about that for a minute. To the average user it probably doesn't matter whether your browser is being rendered through a proxy, security and privacy implications be damned.

And he's absolutely right. When those users are stuck on the equivalent of dial-up. Once they -- like iPhone, Android, and Palm Pre users -- get with the equivalent of broadband, well... let's just say we don't get those spamvertisements anymore...

Holding the snark for a moment, it's great to see Opera providing stop gaps for users with slow connections who don't care about privacy or security. Here's hoping the gap stops being necessary to fill quickly, however, and Opera can focus on forward-looking browser technologies, since WebKit doesn't look to be slowing down any time soon.

[Tip o'the browser to Phil for the image inspiration as well!]

Apple has past mastered using animation to aid both usability and fill transitions. An example of the latter is the "shrink" effect used when you hit the home button: whatever's currently on diminishes to nothingness and the home screen icons fly back into place. To do this effect, however, the iPhone takes a quick screen shot, and then uses the built in CoreGraphics/Animation layers to rapidly scale it down.

See the problem? No? Wired does: once a screenshot is taken, even if the iPhone immediately deletes it, those bits hang around inside your device. Current recommendations to properly destroy data involve multiple, pseudo-random overwrites. Absent that, forensics experts can often retrieve so-called "deleted" files. Including the screen shots the iPhone uses for animation. Including, potentially, any confidential or classified documents you were viewing -- or embarrassing Hello Kitty sites you were browsing --when you hit the home button.

Sure, this will likely never be a problem to most users. Passwords are obscured and not many of us have docs -- or look at sites -- that would be worth the significant forensic resources it would take to recover iPhone screenshot files.

But, a security/privacy concern is a security/privacy concern, and while this one doesn't trouble me personally, not knowing about it -- and making an informed decision based on knowing about it -- would.

And hey, at least it's not as tattly as Google Chrome...

A reporter over at one of those reputable, printing companies recently received a phone call from Steve Jobs and this was his opening line:

"This is Steve Jobs,” he began. “You think I’m an arrogant [expletive] who thinks he’s above the law, and I think you’re a slime bucket who gets most of his facts wrong.”

The whole conversation with Steve Jobs was off the record so we still don't know the nitty gritty details but according to the New York Times, it's more than just a common bug but isn't life threatening and it's not cancer.

Some think his health should be a private matter, which makes sense because we should all have some level of privacy. Some think his health should be public knowledge if it is serious enough, which also makes sense because of Steve Jobs unique role in Apple and Apple being a public company.

We at TiPb just want him to get better and hopefully the rest will handle itself.

What do you think?

ReadVia

Remember when AT&T was selling refurbished iPhone 2G's at (what was then) ridiculously low prices? Remember how it turned out some of those units still contained the personal information of their previous owners? Apple seems to remember, and has reportedly taken steps to prevent it from happening again.

As with a computer, when you simply delete a file, the file typically remains but is marked as deleted by the file system and will eventually be over-written. To delete something and make sure it's deleted, you need to over-write it, and not just with a single binary bit (zero'ing out). You have to over-write it with (pseudo) random data, and over-write several times.

Apple does something like this on the desktop with "Secure Empty Trash", and now they're bringing the same concept to the iPhone. The catch? Time. The new dialog for "Erase iPhone" now warns that "This will take about an hour."

And let's face it: what's a little time if it prevents that eBay buyer from getting all your personal details, right?

Check the read link for the Settings screen shots...

Read

Ever wish you could keep prying eyes away from your iPhone? Always paranoid that strangers can read all your sensitive e-mails, bank account information, and stock portfolios? Well here’s the solution: the Case-mate Universal Privacy Screen Pro for iPhone ($19.95). It prevents those snoopy people from peering over your shoulder and keeps your information private by offering a viewing angle of 45 degrees.

Read on for the rest of the review!

What Comes In The Box & Application Process

• -2" x 3" Privacy Screen
• -Graph Sheet (for sizing)
• -Screen Cleaning Cloth
• -Applicator card

The instructions states that one must cut the privacy screen to match the size of your phone screen. Luckily, the maximum size of the screen fits perfectly around the iPhone’s screen. Manually cutting the privacy screen would have been a tediously unnecessary step for a product that should already be tailor made for your phone. (note: Another reason to buy an iPhone! Sorry Blackberry & Treo Owners, have fun cutting!)

The application process is fairly simple. Unlike many protective film covers on the market, the Privacy Screen attaches to the iPhone through static cling. Just line up the iPhone’s screen with the Privacy Screen and it just sticks. I haven’t experienced any problems with the Privacy Screen falling off, it’s as if some sort of voodoo magic binds the two together until you want to remove it. An added bonus is that the Privacy Screen works flawlessly with film protectors such as the invisibleSHIELD and BodyGuardz.

Usage

After applying the Privacy Screen, there is no discernible difference in the iPhone's screen quality. Which is quite amazing considering how dark the tint looked before putting it on the iPhone. Pitting an iPhone with the Privacy Screen on against an iPhone without, the screen quality and brightness is in essence, the same. The only difference is that the iPhone without the Privacy Screen offers minimally deeper blacks, but in all, you’d be hard pressed to notice the Privacy Screen has been applied.

In short, the Privacy Screen really works. When viewed at an angle, the iPhone’s screen is darkened and unintelligible. Even at a closer angle, the Privacy Screen will look hazy to onlookers. Only at a direct angle can you begin to determine what is on the screen. For those looking for a privacy screen, the Case-mate is extremely effective and the ideal solution.

For better or worse, the Privacy Screen attracts the same amount of fingerprints and grease as the iPhone’s glass screen. Also, unlike other non-privacy film protectors that change the iPhone’s tactile feel, the Privacy Screen feels exactly the same as the iPhone’s glass screen. The Privacy Screen is also prone to scratches, though unnoticeable when the iPhone is turned on, the scratches are a bit of an eyesore when the iPhone’s screen is off.

My biggest concern about the Privacy Screen is the dust build-up along the edges. Because the Privacy Screen covers only the actual screen of the iPhone and not the entire front face, dust will get caught along the top and bottom edges of the film. Also, probably because of the type of material used to lessen the viewing angle, the Privacy Screen is very thick.

Final Thoughts

The Privacy Screen succeeds in deterring those nosy folks who peer over your shoulder. You can safely examine any sensitive documents without fear of anyone copying down that information. As a privacy filter, the Case-Mate is the best solution on the market.

With that said, I believe that the product can be improved by offering protection to the full face of the iPhone rather than just the screen itself. Though it is understandable to not expect the same materials in products like the Invisibleshield and the Bodyguardz, covering up the entire front face would attract more potential buyers and alleviate the dust build-up problem.

However, a benefit of the screen-only protection is that the Privacy Screen can be used and re-used because of its easy application process. Thinking about going out to the local coffee shop but think too many people would peer over your shoulder? Just slap it on and have your worries be gone. It is not as permanent as other full body skin protectors.

The Privacy Screen should be considered a BUY for anyone looking to protect their iPhone from wandering eyes but those considering it for screen protection should look toward the invisibleSHIELD and BodyGuardz.

Pros

• Very Easy to Apply
• Screen Quality and Brightness is Unchanged
• Dramatically Decreases Viewing Angle
• Texture of the iPhone's Glass Screen Remains the Same
• Made of High Quality Materials

Cons

• Dust Builds Up Along the Top and Bottom Edges
• Does Not Cover the Full Face of the iPhone
• Prone to Scratches

Overall: 4/5