Airbnb wants to GPS track you also when not using the app
And that pretty much means "always"
Here is the offending paragraph:
"Geo-location Information. Such as precise or approximate location determined from your IP address or mobile device’s GPS depending on your device settings. We may also collect this information when you’re not using the app if you enable this through your settings or device permissions."
source: https://www.airbnb.com/help/article/3175/privacy-policy
172 comments
[ 4.7 ms ] story [ 246 ms ] threadFrom the findlaw article: "This means that the disclosure or discovery of a private matter must have happened when the plaintiff was in a place or situation in which the average person would be offended at being intruded upon."
So now we shouldn't be offended if apps use our location data even when we're not using those apps.
[0] https://www.findlaw.com/injury/torts-and-personal-injuries/w...
> Will be used to orient the park map to your location, enable in-park features during your visit, and tailor informational, marketing, and promotional messages in or out of the park.
The Disney World app has
> 'While Using' means we may use your location when the app is open to... provide you with valuable updates and offers... 'Always Allow' will allow your location to be used for some of the above purposes even when you do not have the app open
So if these big players must precisely say "offers" or "promotional messages", I don't see why airbnb wouldn't have to.
I just want to thank Apple for pushing this agenda forward, introducing things I believe Google would never do themselves first unless pressured.
I still remember Apple introducing “track me while using the app only” in a new iOS years ago that stopped companies hoarding live geolocation of every app user.
And we still get new bits and bobs every major iOS release.
In just last few years we found out apps that unnecessarily scanned for our network devices or used clipboards for no apparent reason.
Keep them coming.
However, pretty much every useful app you're using is calling home for some moderately legitimate reason - so I don't think it's helpful to differentiate the two classes of executables based on remote asset usage.
Honestly, if I can’t block network access I don’t see the value in downloading a AirBnB app or just about any other app companies want me to install.
A few years ago when phones were slower the difference was much more stark. It's straight amazing what can be done in a webview now.
Also every crappy website will think it’s okay to force download a huge PWA payload and fill the phone up with notification spam. No thanks.
Surely the answer is "so Safari shouldn't implement those APIs"? It's app makers who think we need constant push notifications from everyone; by and large they're subtractions rather than additions.
Native apps have more freedom to do whatever they want, and they do it more opaquely. I guess the only thing that comes close to a web browser content blocker for iOS native apps is piping your traffic through one of those ad-blocker VPN apps like Lockdown, which sucks.
Of course, nothing compares to the amount of insight you have into websites on a desktop web browser where you can open a networking tab in the dev tools.
Web VR is being routinely used to add fingerprinting and tracking. Direct access to USB devices adds so many vectors for abuse I can't even imagine how it will end up being mis-used.
Apps shouldnt be able to fully trust the data they get unless the user wants them to trust it.
I haven't tried calling it programmatically, but it has a module system.
And location of course (never, ask next time, when using and always) with a toggle to set it to "approximated position"
Android permission model changed greatly around Android 6:
https://source.android.com/devices/tech/config/runtime_perms
I was answering parent's concerns in their context.
Are they blind to the harm they're causing, or do they believe that only their own customers deserve to have privacy?
The wonders of humanity is that humans are creative and imaginative (not me, the examples I thought of are stupid and silly), so if they have a certain task in mind they can solve it through whatever technologies available, even if those technologies weren't designed for it...
Wait, what?
Airpods are pretty small, must be much easier to sneak them in compared to a phone. And unlike a phone, they're not providing any means to figure out who is the owner.
They also can't get your IP address when you are not using the site, so it is the same thing.
But you can turn it off:
https://www.asurion.com/connect/tech-tips/conserve-phone-dat...
See under the apps battery options
Thats about 99% of the reason my phone is always using a VPN.
Sure, geolocate my IP. I'm in Melbourne. Accurate to an almost 1000km CEP...
By using countermeasures, you're demonstrating that you are more privacy-conscious and/or more tech-savvy than the average. This means you are more likely to be a problem when they try to swindle you in one way or another down the line, whether it's the next dark pattern that they want you to fall for or try to scam you and hope you just accept your fate instead of raising a chargeback, etc.
There's no reason for them to accept even a sliver of risk as long as there's an endless supply of people who don't carry said risk, therefore any indicator that you deviate from the average could lead to a ban, especially if the margins are super-thin or non-existent (when the objective is "engagement" rather than profit).
Now I doubt any of this has been started intentionally - most likely the anti-abuse mechanisms learned over time the correlation between different signals such as usage of a VPN, etc, but because of the above there's also no pressure to "fix" this problem for legitimate users of VPNs.
It is difficult to discern "paranoid" from "evil" when reading legal documents. Unfortunately being paranoid makes them look evil. Maybe they are, maybe they aren't, but there is more than one way of looking at this.
Well by that reasoning, all legal agreements should just say, "we are not responsible for anything, we take what we want don't, you can't sue us".
https://www.theverge.com/2016/1/6/10726004/uber-god-mode-set...
https://www.google.com/search?q=before%3A2020-10-31+%22Geo-l...
Soon you can't have a normal life without installing at least a dozen of apps.
To whom it may concern,
Please unsubscribe me from your dystopian hellscape.
Very truly yours,
GonnaThrowAwayMySmartPhoneAndLiveOffGrid
Each month I tell them what I think of that idea by sending them another check.
im not living on the grid, yet i havnt installed a single covid app yet. I do live like i am off the grid, while on it. Have my cake, and eat it to.
Ahh the churn of Investor money. HN likes to have go's at crypto about "Adding value" but im yet to see a long term sustainable unicorn that comes out of its bloodthirsty VC flush stage to long term sustainable numbers, and product...
HINT: Users will GET RID of YOUR PLATFORM as soon as humanly possible the moment you flick the switch and try and make a profit. ATTENTION is CHEAP! there are a thousand other unicorns and VCs looking for pie. You will go out of fashion, you will be replaced.
And why do we still believe that paper docs are secure? Someone needs to look at them and can just as easily "lose" them, too.
The bigger problem is that this issue is almost entirely artificial. Most apps are merely glorified web pages. Functionally, they could (in most cases) just be websites and function exactly as well.
These incremental weaning steps taught me you can live in the modern world comfortably without subscribing to app culture.
Restaurants dig out paper menus for me, banks find alternative ways to verify me, etc. There always exists a sometimes undocumented path to engage with most entities with a webapp and without a cell phone carrier, though I do have a VoIP number which I can use from a laptop or DECT phones.
Life without a smartphone and apps works pretty much just like it did in the 90s . The privacy and mental health wins are huge. My mind feels like mine again.
As for experimenting, it depends on where you're travelling. I wouldn't want to experiment in a third world country without reading online comments and reviews.
I’m sure you’ll post a reply that explains some outlier reason for a smartphone: what if I’m in rural Bangladesh and there’s no central square? What if….
But think how people got through these difficulties before smartphones. A lot more experimentation and reaching out to locals. This is why portable language phrase books used to be so popular when traveling.
Not every city has a central square, not everything you want to see might be within reach of one, not all restaurants are there, and of course all restaurants there can be tourist traps.
I don't need to think about how people struggled with things that are easy to today besides for the fun/novelty of it. While we're at it, exchanging money, carrying around and paying in cash suck. It was slightly less bad because i could look up the locations of ATMs of banks that don't charge you an extra fee for being a tourist on the spot.
> If the food turns out to be bad because you did not read online reviews, so what? Is your trip spoiled or did you just make a memory about shitty food in a Sri Lankan square
Considering how bad "bad" can get, that memory can involve a trip to the hospital ( food poisoning, parasites, etc.).
Thieves target people who are distracted so they can run by and grab a wallet before you see them coming. Scammers and sales people target people who look lost.
When you take the time to learn the things you want to do in advance and where they are you can walk alert, tall, and confident without your head buried in a phone during precious vacation time. This body language wards off many predators be they human or animal.
First of all, I'm not saying a smartphone isn't useful, but I'm saying it's not that hard to get by without one if you want to "take back control" of your brain. To your examples, you could simply plan ahead, or (shocking I know) ask people in the street.
Again, the while world got by without a smartphone just a short while ago, it's not that hard.
> or (shocking I know) ask people in the street.
Try that in a country like Sri Lanka and at best you'll get scammed by paying a commission for the reference.
Planning only gets you so far. You can't predict everything ( for instance I've had a museum that turned out to be closed, and another one that turned out to be in a really dodgy part of town recently).
As for my age, I'm what Americans who believe in that crap call a millennial, but I'm from Eastern Europe, didn't get my first phone until well into highschool, and my first smartphone slightly less than 10 years ago ( so I've spent more than half my life without a smartphone).
You do want be wary of anyone who starts a conversation with you (as opposed to your starting the conversation with them). And yes, if you're in a "touristy" area, you do have a significantly higher chance of meeting someone aiming to rip you off. But these are true of essentially every country in the world—not just Sri Lanka.
Most people are happy to help point someone in the right direction and maybe offer a tip or two. Tips from locals often reveal great chill spots to explore in a city that the tourist sites have not directed the masses at yet.
Putting ethical and moral values aside, your average person on the street (in say, Colombo, or any other "normal" area) has no interest in (or potential gain from) directing anyone towards a scam.
As for finding Wifi, it is incredibly rare I go to any restaurant or coffee shop I randomly see who does not have wifi.
As for checking pricing... If I think something is over priced I take a note to look it up online later. No need to be in a rush to spend money.
I used to make the same excuses but I encourage you to leave your phone at home long enough for the withdrawl symptoms to wear off and enjoy the self confidence to know you can navigate the modern world with your own brain even if you choose to go back to a phone. Consider it wilderness survival training.
- you're touching on underlying cultural expectations: fluidity of people's schedules and movements, which in turn is governed by work-life fluidity, unpredictable work, stuff coming up etc.
- I never said I can't navigate without a smartphone or GPS, or offline map. (I actually navigate very well without GPS and I do that most of the time).
- rideshare companies have made it near-impossible to use them without a smartphone (yes I'm aware there are very heavily restricted ways to use them without).
- 2021 was particularly bad for unpredictability; many businesses temporarily closed, almost all had changed their opening hours and days or indoor/outdoor seating hours/arrangements, some refuse to take reservations esp. for outdoor seating, almost all of them changed their menus and many jacked up the prices invalidating existing reviews, etc. etc. Most of my friends are temporarily/permanently WFH, which means they don't know these local changes, esp. the ones with kids hardly ever emerge from their house. For example, evening maintenance and service changes on the NYC MTA meant it became seriously non-deterministic starting 7pm and worse after 9pm. Also, it became seriously dangerous after 11pm, esp. in unmonitored stations. (Carrying around a laptop in this situation would be risky.) Rideshare prices surged even in low volume hours due to driver shortages.
- as you know during Covid there was an accelerated push towards e-ticketing, boarding passes etc. Covid certs on phone, too. Yes you can partially opt out of that and carry paper versions. But when you need to have a 3-day recent Covid test for airplane, it can be helpful.
Yes, "those actions are usually much more intentional when done on a computer"*, but in order to make this modus operandi work, I'd need to change the habits of the people I meet. The middle-ground is if I'm dealing with a particularly flaky friend I'll say "I'll be at [place] at [time], I have to leave by [time], if you can't make it let me know in advance". If people flake out several times, I communicate my displeasure.
These specifically I will go out of my way to not do on my phone. It feels claustrophobic not having a full-size screen and multiple windows open to compare.
It would actually never even occur to me to do any of those things on a phone! On a tiny inconvenient screen? Why?
Besides GPS units literally atrophy cognitive functions which is probably not healthy...
https://www.theguardian.com/science/2017/mar/21/all-mapped-o...
Even so, you can also carry a dedicated GPS device or a map without a smartphone.
Actually I prefer paper maps, they have better usability for many use cases.
vs: large screen (so you can see more info, have more windows open to compare) keyboard/mouse interface instead of tapping (faster, doesn't take screen space) easy to save documents in a common folder which super-convenient tools for creating my own consistent file-names and directory structure auto-back-ups for compliance/filing.
The phone has only one advantage-- you usually have it with you.
Not any more ... I've been to restaurants with no paper menu and no way to pay except online. I was not willing to do it but my friend was so rather than forcing him to leave I let him order and pay and then vowed to never go there again
Same here. I'm a "high functioning" :) tech person who ditched my smartphone years ago now. I get more done. More focus. Vastly better relationships with business partners, family and kids. I learn more, retain more, think about things more clearly.
It was my involvement directly in smartphone tech around 2012-16 (during which Snowden happened) that flipped my switch.
Recently I've been looking at the psychological evidence around what these systems of smartphones, "always-on living" and social networks do to our brains and, as a fairly conservative scientist, I find it terrifying.
I really think you'd have to be mad to carry a smartphone at present.
On the threads kicked off by someone whining about Apple protecting customer privacy from app authors, people rage that Apple should have no power to stop people loading terrible applications just like this.
It is better all software be democratized or decentralized which makes the responsibility to filter and ignore bad content fall on the individual or community who can maintain block lists all can override or can opt in or out of.
In a dictatorship or centralized technology however the responsibility falls to a central entity that removes all choice from you and even removes the ability to review the code they expect you to agree to run. Almost like making people sign legal agreements without reading them. By design a dictator implies they can and will always make better choices than anyone else. Dictators by design must be -perfect- to evade the due criticism for taking away free choice.
In a world run by software the method of governance for that software is of a similar level of importance as the governance of our countries.
Apple protects customer privacy from app authors through strong access controls and permissions model.
Side-loaded apps would benefit from all of these protections just the same as apps from the app store.
Your comment implies the only thing Apple has done to improve privacy and security is curation of the app store.
The examples I can think of are:
- Covid apps, which makes sense because you can't quite do contact tracing using a website and people would trust some corporation less than a government. They're completely optional and it's temporary. The download count is less than a third of the population where I live (and I got it on both of my mobile devices so... extrapolate from there).
- Germany uses a proprietary app that requires Google/Apple services as replacement for emergency broadcasts. (In NL this is also being moved to mobile, but using broadcast SMS so not a special app.) Not sure if there are any official goals in terms of install rate, but nobody expects near 100% and it's not compulsory in any way. I'm honestly not quite sure what their goal is because I'd guess the install rate so far is a few percent and it's not being promoted at all.
A lot has to be done digitally, ask any grandma in the Netherlands what hoops she jumps through or has her kids do for her, but every time something new comes up, there is a lot of talk about keeping things accessible. Very few things are mobile-only (these "requires time-sensitive notifications" type apps mentioned above are the only ones I can think of), and only slightly more things don't have an offline fallback. So far, of course. I expect that we'll move more towards digital with (by 2050) a few help stations for the people stuck in the 2010s, but (de facto) compulsory closed source software that needs to be running on a body-worn device? Given the amount of discussion already surrounding the optional open source covid apps... I don't see that happening too soon in democratic countries.
If wanting to enter a local business is "optional" and as the saying goes nothing is quite so permanent as a temporary government program.
By the way were I live almost everybody has a smartphone but a lot of people just don't even knew where to find the correct app or how to get access to the covid euro passport from the app as a lot of people have been waiting for hours in front of the medical center to get their cert in paper. Many took a picture of it to present it from their smartphone later.
That’s pretty far from universally true. There is a fair number of companies that I trust more than the US government.
Assuming a US jurisdiction and companies with US presence, the trust you can place in a company is a strict subset of the trust you can place in the government.
Remember companies only exist as enabled by various laws and the government can and will use court orders or even NSLs to extract whatever information it wants from the companies.
For that data, you're not trusting the company with it either since they don't have it.
The warning app had been dreamed up because it didn't require going to cellular network providers and demanding a way to trigger cell broadcasts. At worst, it's software-license-gated on the currently-deployed base stations.
/S
Google implements privacy protecting measures as a fast follower to iOS.
AirBNB currently doesn't even have this option. Maybe they're planning on adding it.
When an app asks for your location - it has to give you all options - usually only 2: "only in app" and "never".
There is a third: "always". It won't default to "always". So the user has to pick it.
Zillow has this as an option - so I imagine the Play Store would let AirBNB add this option.
Android has every feature you mentioned too - https://proandroiddev.com/android-12-privacy-changes-for-loc...
Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?
It’s their default mode of operation and I’ve been a hardcore android user since I laid my hands on an android G1, through G2 and then onto the Nexus and Pixel “vanilla” android lines.
I feel like privacy on Android can be summed up as “no we wouldn’t spy on you! Trust us, wink wink. Oh hey, we turned on location tracking across all your google accounts and web activity, and maps, and gmail, and drive, and search… yeah it’s to improve your product experience, yeah… BTW you must agree to these terms to save places in google maps!”
At least iOS implemented the user facing interface first and AOSP/Google might have only implemented it because iOS did (we cannot know, but I wouldn't be surprised). However technically the API was already there and was usable by external permission managers long before iOS exposed users to it.
> Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?
NOBUS. It also applies here, since Google's Services are installed in /system it has access to everything and other apps have to go through the hoops that Google can avoid.
> I feel like privacy on Android can be summed up as “no we wouldn’t spy on you! Trust us, wink wink. Oh hey, we turned on location tracking across all your google accounts and web activity, and maps, and gmail, and drive, and search… yeah it’s to improve your product experience, yeah… BTW you must agree to these terms to save places in google maps!”
It's not a big secret that Google is collecting data. Don't use Google products if you can help it. However what happens on Android with Google Apps preinstalled (basically every Stock experience) while using other apps/sites is more of a problem in my opinion.
By rooting your phone you could setup combinations of special firewall, and GPS spoofing rules. Which is more privacy preserving then forbidding GPS in some situations.
All with Apps setting things up for you with reasonable UX.
This is a good example why closed eco systems (Apple) or semi-closed eco systems (Google,1) are a problem.
(1): Many essential Apps stop working on de-googled or even "just" rooted Android phones, so it's still semi-closed wrt. this aspects.
Do you mean something like PDroid or XPrivacy? Yeah that was indeed pretty awesome, however these already used underlying APIs that were the precursor to permission management. If I recall correctly the first inofficial permission manager was in AOSP Android 4.3 (Jelly Bean). It was however not that useful compared to the alternatives and also hard to access if at all.
As a sidenote: PDroid is still my gold standard. It was annoying to install, but it worked really well.
> Why would google be incentivized to collect less data of their users that can be monetized and profile them if no laws compelled them?
Doesn't your first paragraph answer your second?
Btw, I found it much easier to install an ad-blocker for web browsing on Android (in Firefox) than in iOS. Since browser extensions are a big no-no in iOS, I think?
I just wanted uBlock Origin that I already know and like.
It's a shame Google doesn't do extensions for Chrome on Android.
Google has a natural incentive to do the same thing even if Apple never existed. This is about third parties being able to collect your location data, which diminishes the value of that data to Google.
The websites though, they work perfectly. What tracking is on them is implemented in a non-blocking way.
I've ditched most apps for shortcuts to Firefox which also has no script installed
No, this is a reminder to not use proprietary software, which doesn't respect users' freedom.
This was prior to the series of scandals which included tracking journalists and public officials came to light.
Problem solved.
It's odd that a paid app still wants to stalk you - apparently they think that their people movement data is more valuable than their fitness business. The fitness part is apparently just an elaborate ruse to get you to install their app...
(The fact that Apple lets this fly shows yet again that their App store policies are not for protecting the user, they are just for protecting Apple's revenue stream)
I stopped using Strava at that point, so I can't say what it's like now.
I never opt in to always sharing my location with apps that I’m not actively using and iOS makes that easy for me.
When will these idiots learn that you simply cannot go gathering personal data on the off chance you might find it useful or sell it. Gathering unnecessary personal data isn't an asset, it is a liability. And so it should be.
https://ico.org.uk/for-organisations/guide-to-data-protectio...