In other privacy news, app maker secretly sells location data of 50 million people. Almost no punishment. by @DavidOAtkins

In other privacy news, app maker secretly sells location data of 50 million people. Almost no punishment.

by David Atkins

I have this flashlight app on my phone:
Even judging by the low standards of creepy data-mining apps, “Brightest Flashlight” did something pretty egregious. The free app, which was installed by at least 50 million Android users, transmitted users’ real-time locations to ad networks and other third parties. It was, in other words, a stalking device disguised as a flashlight.

In December, the Federal Trade Commission exposed the app’s antics and also announced a proposed settlement with the app maker, GoldenShores Technologies, a one-man operation based in Idaho. In doing so, the agency explained how Brightest Flashlight used legal flim-flam in a privacy policy and user license agreement to obscure what the app was up to.

The terms are now final, and they’re underwhelming, to put it mildly.

In a Wednesday announcement, the FTC confirmed that GoldenShores and owner Erik Geidl are not to collect app users’ geolocation without clearly explaining how and why they’re doing so and, in broad terms, say who is receiving that information. The flashlight app maker will also have to keep records for the FTC to inspect, and Geidl will have to tell the agency about any new businesses he decides to start in the next 10 years. He also has 10 days as of the order to delete all the data he collected.

On paper, the order looks like stern stuff but, in practice, it’s hard to see how this amounts to real punishment. Even though Geidl did something deeply unethical, compromising the privacy of tens of millions of people, he will not pay a cent for his misdeeds.
I suppose I could uninstall the app from my phone, but what would be the point? It's not as if Google, Verizon, Microsoft, Twitter and about a dozen other companies don't also know my precise GPS location every single second of every single day. Facebook would know, too, in addition to the hundred other things it knows about me--if I bothered to put a Facebook app on my phone.

Dozens of companies know every single website I've ever visited. A dozen different financial institutions know every single purchase I've ever made that wasn't in cash. I guess a few dozen more companies knowing exactly where I am every single day won't much much of a difference. I pretty much gave up on any passive expectation of privacy long ago.

I wouldn't be surprised if Google, Verizon and AT&T couldn't essentially ID most drug dealers and their customers just by using big data to figure out who hangs out suspiciously long in places people wouldn't normally hang out, and who comes to visit them at those places. Fairly soon dozens of different companies will have the ability as well. Given what we know about the NSA at this point, I'd be surprised if the government didn't already have that data. I just think they probably don't care all that much.


.

.