Wednesday, December 29, 2010

Can We Secure Our Privacy?

Hot on the tail of this year's Facebook issues over privacy and the question of Google's Street mapping program collecting extra data on wifi security, a class action lawsuit has been taken against Apple claiming personal data is being passed around on iPad and iPhone users without owners them being notified or compensated. They are also considering a similar action against Google over personal data on Android applications.

The Wall Street Journal report that the claimant, Jonathan Lalo of LA, said Apple and a group of mobile application developers were selling personal data, including his age, gender and location to ad networks. The suit states that Lalo "did not expect, receive notice of, or consent to Defendants' tracking of his iPhone app use and did not want Defendants to engage in such activity’.

The case papers allege that many applications collect too much personal data and enable users to be individually identified. They claim that many firms and advertisers are able monitor and identify individuals via Apple’s unique device ID which they feel is not adequately restricted by Apple. This claim is supported by researchers from Bucknell University who recently proved that individuals can be identified this way. Apple’s stated policy only allows data to be shared with third parties if an app genuinely requires the information operationally.

The question remains as to how much of a privacy issue exists and the full implications of any tightening of the rules. However, it once again raises the question about privacy and protection of personal information today.

Meanwhile Mozilla ,the developers of the Firefox browser, have accidently exposed the passwords of 44,000 inactive accounts left on a Mozilla public server. Mozilla's director of infrastructure security Chris Lyon wrote in a posting on the Mozilla Security Blog late Monday night notes that all the passwords were for inactive accounts that have now been deleted and disabled. Mozilla has informed all affected users of the breach by email.

No comments: