For a while, I've been using the Moves app for iOS. It's a little application that uses the accelerometer and GPS data from your phone to tell you where you've been and how many steps you've taken and so on and so forth. I've been using it in no small part because of their strong third-party privacy policy, which said:
We do not disclose an individual user’s data to third parties unless (1) you have given explicit consent to each such disclosure, (2) we are required to comply with a legal obligation or (3) if our business or assets, or parts of them, are acquired by a third party.
Unfortunately, as you may know, Moves was acquired by Facebook last month, and I'm sorry to say that their stance on user privacy has not improved. Today, Moves updated their Privacy Policy, and it's not good stuff.
For better or worse1, Moves (like many companies) does not post diffs when they change their privacy policy. So I'm doing it for you. I extracted the current privacy policy (as of 2014-05-05) and the previous one (edited 2013-09-17) from The Wayback Machine, then reformatted them as Markdown. You can view them at https://gist.github.com/Roguelazer/7e59bb615c3e5a38b036; the diff itself is at https://gist.github.com/Roguelazer/7e59bb615c3e5a38b036#file-september_versus_may-patch.
Important Disclaimer
I am not a lawyer. If you think you may be affected by the changes to this legal document, you should consult with your attorney. Please don't cite me in court or sue me over interpretation. This document does not consitute legal advice and is for entertainment and outrage purposes only.
Interpretation of Changes
The biggest change, to me, is the fact that Moves is now reserving the right to share all of your data with (roughly) anyone at any time. The relevant clause:
We may share information, including personally identifying information, with our Affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook) to help provide, understand, and improve our Services.
Also interesting to me is the following passage which was removed:2
We will not display or otherwise disclose information where individual users can be recognized. Furthermore, our developers need to occasionally review raw data and the results for recognized activities/routes/places to improve the system. They will only see the unique identifier number with the data.
As far as I can tell, Moves is being set up by Facebook to monetize, share, and potentially leak your personal movements, and to inherit up Facebook's famously-shoddy isolation of user PII.
Having read this document, I have removed the Moves application from my phone. If anyone is aware of any personal-awareness-movement-tracking apps which promise not to sell your location to the highest bidder, please let me know. And if you still have the Moves application on your phone, well, I hope you get a chance to take a look at the detailed changes to the Privacy Policy and make an informed decision.
Who am I kidding: for worse. Any company that does this is scummy and untrustworthy and, unfortunately, is also every single company I can think of (including the one I work for).
This is of particular interest to me because it was one of the best such clauses in the industry. A lot of companies (including Facebook) do not do anything to prevent developers from viewing your most personal information, and there have been some rather hushed-up scandals related to that. I would love to live in a world where developers take the time to do their jobs without looking at your personal travel logs or selfies. It's laziness and some slavish adherence to "agile" which prevents companies from embracing this philosophy, and it's definitely one of my pet peeves.
Want to comment on this? How about we talk on Mastodon instead? Share on Mastodon