Online Polls – Are You Sharing Too Much?

Sometimes, it seems, you cannot go through a day without being offered a poll to complete. Whether you are walking through town, minding your business, surfing the web or keeping up to date on Twitter, someone, somewhere, would love you to cast your vote.

The majority of these polls that you see are just for fun, voting on ridiculous things and then having a chuckle when you see how other people voted.

Others are for topics you couldn’t care less about and can safely be ignored whilst others may be a compulsory part of your working day.

Others will be offered up by friends and contacts via social networking sites and you may or may not feel compelled to take part in them.

For the most part, they ask questions ranging from the unimportant (who is your favourite movie star) through to the extremely useful (such as who should win a security bloggers award) and there is no real harm in answering them, besides the small amount of time that you have to give up.

But in a few instances the polls can pose some more serious questions.

The questions will be somewhat more probing, looking to find out something about you and why you visit a certain site or perform a certain type of action. Whoever set the poll up wants to understand who you are, where you are and how you think.

Sometimes some of the sneakier sites on the web will even make completion of the poll mandatory in order to proceed onto your ultimate aim of, say, reading a particular news story. Such polls may not demand your name and address but they do drift roughly into areas of personally identifiable information.

Other polls can be far more obtrusive though and i’m sure you’ve seen a few of them. If you, for example, use Facebook, then you may have seen polls that ask for a lot of personal information, or permission to access the same from your profile. If you are not a privacy conscious person (and I’d have to question why not in this, the surveillance age), or you have divulged too much on your profile page, then this can be a problem.

Many people share information on social sites that they really shouldn’t – its in our DNA – but they feel reasonably safe because they think only their friends can see it. That isn’t true though and there are many polls, apps and companies that may appear to be affiliated with Facebook (or whoever), even though they are most certainly not, or even trying to appear that way.

If you share information you need to be alert. Even if you are divulging personal information within an environment in which you feel safe, you need to be certain that the audience is the one you expect. I myself have a few friends who have completed polls on Facebook only to later discover that they actually handed all that info to a third party unawares.

As for what a third party may do with your personal information, I’ll leave you to think about it, but lets just say that online polls can pose both security and privacy issues.

When filling in polls make sure you know where you are, what information you are sharing, who you are sharing that data with and, most importantly, what the recipient is going to do with that information.

And if this article has left you feeling like you need to complete an online poll right now then I can tell you that you can find a legitimate one right here, though I’ll leave you to decide who to vote for ;-)

Privacy Incursions – Where Exactly Should The Lines Be Drawn?

Privacy is a big deal these days and rightly so in my opinion.

Everything we do, and everywhere we go, is seemingly being watched and there appears to be a growing resistance to it under some circumstances.

But the one thing that really stands out to my mind is how different people feel about their own personal privacy and what each of us deems to be acceptable or not.

For instance, the majority of people I know take umbrage at the fact that various governments around the world are keeping tabs on web activity, even if it does come under the umbrella of ‘keeping us safe’ from all the bad guys who want to destroy us and our way of life.

But, curiously, many of those same people think nothing of going onto their favourite social networks and sharing their entire life stories with distant relatives, friends and (potentially) millions of other people they do not know at all.

Equally, I also know a few people who constantly whine about CCTV surveillance and traffic cameras but who don’t give a second thought to having their own personal cams inside their houses so they can monitor what their kids get up to whilst they are out at work.

Mixed messages much?

So with the above in mind I give you the story of a New York restaurant that uses Google to check out its patrons before they arrive to dine.

The maitre d’ at Elvedon Madison Park restaurant starts his day by using the web to check out the eating establishment’s bookings for that evening.

Justin Roller Googles every diner in the hope of finding out as much as possible, the intention being to make their attendance an experience to remember.

Roller goes way beyond learning first names and looking at faces – he also wants to know whether a guest is a wine fanatic or a chef (I wonder if the latter would affect the level of service given?) He also wants to know where diners are from so that he can match guests with servers from the same area if possible.

He also wants to try and determine the reason for the visit – if it is a birthday or other special occasion he can then use that information as part of his greeting.

Now some of you may be thinking this is great service to the customer and of benefit to the restaurant itself and, in many ways, it is.

But one person’s delight is anothers’ cause for concern.

To my mind, being wished a happy birthday by a stranger on a night out is a little creepy – sure I’ve arranged for the same for a significant other, along with banners and a cake, etc., but that was my choice about how their birthday information was shared – I don’t want retailers and other service providers presuming that information shared on the net is business data (and the same would go for those companies that used to spam me rubbish on my birthday via snail mail years ago when I was far less savvy than I am now).

It isn’t. And thats how I want it to remain.

I’m not you though so my thoughts may be completely alien to your views.

What do you think about companies digging into your life prior to doing business with you? Are you concerned that they may dig too far? Or would you be happy to deal with a business that knows you better than they ought to?

Big Brother Goes Dutch

If you thought the proliferation of CCTV surveillance in many countries was bad then you may be shocked to hear that the Dutch parliament has overwhelmingly voted in favour of the use of drone surveillance.

The new law, proposed by Ivo Opstelten, Minister of Security and Justice, and Ronald Platerk, Minister of the Interior and Kingdom Relations, won approval from almost all of the country’s large number of political parties.

Its adoption will mean that Dutch municipalities will be allowed to monitor their citizens via mobile cameras, including those deployed on drones.

City mayors will now be able to choose which type of camera surveillance should be used in times of civil disturbances that are not confined to static areas, picking between fixed devices and ones that are either attached to vehicles or airborne.

A clarification document sings the praises of surveillance technology, extolling the virtues of crime reduction and increased public safety, whilst highlighting that the use of drones will not lead to a reduction in CCTV that is already in place.

The problem with such an approach, of course, is the impact that such a move could have on the privacy of Dutch citizens.

Whilst the drones are only authorised for use in situations where there is a threat to public safety (which is already a rather broad term don’t you think?), there is no clarification on how large a geographical area the surveillance can take place in which I think at least raises the possibility of some nefarious future official going beyond their remit in terms of ‘spying’ on the populace.

Furthermore, there are no guarantees available that Dutch lawmakers will not go further in the future and there are fears that the drones could one day be easily equipped with facial recognition technology.  Opstelten himself told the D66 party that he was unable to forsee what future uses the drones may be put to and could not rule out facial recognition in the future. Tellingly, he also said that the possibility of future privacy violations was no reason not to proceed.

Given my eternal cynicism where government surveillance is considered, in conjunction with what we now know about the NSA spying on US citizens, I wonder if the Netherlands will merely serve as a testing ground for widespread drone usage in the future?

Given the recent revelations from Edward Snowden about government spying on telephone and computer actions, do you also worry that our childrens’ world will be one in which personal privacy is considered to be an antiquated ideal?

Clinton Wants US To Keep Control Of The Internet

Former US President Bill Clinton believes that the Obama administration’s decision to relinquish control over online domain names and addresses may be a poor one.

He said that many of the governments hoping to step in just wanted to use the position in order to stifle debate and to silent dissent.

During a weekend debate sponsored by his charitable Clinton Global Initiative foundation he said:

“A lot of people who have been trying to take this authority from the U.S. for the sole purpose of cracking down on Internet freedom and limiting it and having governments protect their backsides instead of empowering their people.”

Clinton believes that the US has been a good steward of the internet, helping to keep it open and accessible by all.

He did, however, recognise how the ongoing revelations from Edward Snowden about the NSA had played their part in raising demands for the US to relinquish its role in its traditional role of looking after the net.

That said, he doesn’t believe that the solution is for control to be spread out amongst other nations, saying:

“I understand in theory why we would like to have a multi-stakeholder process. I favour that. I just know that a lot of these so-called multi-stakeholders are really governments that want to gag people and restrict access to the internet.”

The Internet Corporation for Assigned Names and Numbers (ICANN) has been tasked with managing Internet addresses since 1998, though US officials have often proposed giving up US oversight in the intermediate period.

ICANN’s favoured approach is the one put forward by the Obama administration. On 14 March the organisations President and CEO, Fadi Chehade said:

“We are inviting governments, the private sector, civil society, and other Internet organizations from the whole world to join us in developing this transition process. All stakeholders deserve a voice in the management and governance of this global resource as equal partners.”

ICANN says its role as administrator of the Internet’s unique identifier system will remain unchanged as those functions “play a critical role in maintaining a single, global, unified and interoperable internet.”

According to an opinion piece in Bloomberg last week, some critics of Obama’s plan “have claimed that this move opens the door for certain authoritarian states to somehow seize control of the Internet, blocking free speech and inhibiting a multitude of legitimate activity,” but, “Nothing could be further from the truth.”

Clinton himself said:

“I understand in theory why we would like to have a multi-stakeholder process. I favor that. I just know that a lot of these so-called multi-stakeholders are really governments that want to gag people and restrict access to the Internet.”

Whilst I can understand the apprehension behind some certain nations having “control” over the internet, I believe that it is no more right that the US should have total control either.

There has been a lot of talk lately about net neutrality and how ISPs, companies and governments should treat all internet content equally, but surely in this age of privacy invasions, we should also be looking for an internet that is ‘governed’ by more than one nation and its own thoughts on how it should work?

What do you think?

Government NHS Database Plans Suspended Following Criticism From Its Own Privacy Watchdog

Government plans to store the medical history data of every patient in England have been questioned by both its own watchdog for privacy, the Information Commissioner’s Office (ICO), and the British Medical Association (BMA). Leading doctors have also pitched in, saying that NHS patients have been “inadequately informed” about the proposed sharing of their medical data.

The comments come as surveys show that almost fourty-five percent of the public are either unaware of the scheme or do not understand it, despite the fact that the government has sent details to all 22 million households in England.

Out of interest, has anyone received one of these leaflets yet because I do not personally know a single household that has, including mine?

Its not just the public who are unsure of how the plans will unfold either – The Independent reports that 80% of GPs are unclear on how medical data will be used too.

Unsurprisingly, perhaps, the ICO has accused the NHS of failing to explain the scheme in the clear manner they promised whilst the BMA have concerns that patients have been kept in the dark over their option to opt-out of what they describe as a “Big Brother database,” calling for a halt to the scheme until such time as the public are better informed.

As I write this article I’ve just noticed that the Telegraph are reporting that the database scheme has indeed been halted for a period of six months to allow the pros and cons to be better communicated. The various concerned parties have called for national TV and radio campaigns to get the message across.

So, it seems that patients will now have until September to decide whether they want their records to be shared or not with Tim Kelsey, the national director for patients and information at NHS England saying,

“NHS England exists for patients and we are determined to listen to what they tell us. We have been told very clearly that patients need more time to learn about the benefits of sharing information and their right to object to their information being shared. That is why we are extending the public awareness campaign by an extra six months.”

Professor Nigel Mathers, Honorary Secretary of the RCGP, said:

“We would like to thank NHS England for listening to the concerns of RCGP members and for acting so quickly to announce this pause. The extra time will provide it with the chance to redouble its efforts to inform every patient of their right to opt out, every GP of how the programme will work, and the nation of what robust safeguards will be in place to protect the security of people’s data.”

Anna Bradley, Chair of Healthwatch England welcomed the move which, she said, would “ensure the public are better informed” and in a position to “make an informed decision.”

The delay in implementing the new NHS database will be seen as a huge blow by some in the health industry, coming soon after SC Magazine reported that “the NHS’ own risk analysis showed that the database will be vulnerable to hackers and the insider threat” as well as the fact that “it was also revealed that the opt-out clause could break the forthcoming new EU-wide data privacy law which may insist people must actively ‘opt-in’ before their personal data can be used.”

On Tuesday former home secretary David Davis MP described the new database as “a honeypot for hackers” though, being a cynic, I would probably be more concerned about the data ending up in the hands of medical and insurance companies.

I’m glad that the scheme has been temporarily shelved and think its good to see the ICO and others getting a good result on behalf of the public for once.

If you have your own concerns about the database then gives some advice on how you too can opt-out from what I believe is a poorly executed shambles from the NHS.

Have You Checked How Much Of Your Data Is Freely Available On The Internet?

The world wide web has changed massively since its inception and continues to grow and evolve at an amazing rate.

At its core though it is still just the way it was designed – it is, ultimately, a tool for communication and the sharing of data. That basic premise has not changed, even though the delivery methods may be unrecognisable to the early pioneers of the net.

One of the biggest plus points of the internet is the access it gives us to information we may never have otherwise had (for instance, my own obsession with ancient history has been well and truly fed by the net, as has my interest in security topics of course), or could only obtain at great cost in terms of either time and/or money.

Where, in the past, research could be a laborious task it is, nowadays, often a case of clicking a mouse a few times and double-checking sources.

But one thing you need to be mindful of is the fact that the internet doesn’t just archive and store other people’s data. It stores your’s too.

Every time you interact with the web you are sending your own information out there and there is every chance of that data being accessible to other people for all time.

Think what that means in terms of Facebook status updates, careless tweets or accidentally indexing your entire hard drive:

This is why you need to know what the internet knows about you. 

If you are careless with your personal information and don’t regularly check what the internet knows about you then any concerns you may have over the recent government surveillance revelations will be rendered rather moot by your own actions.

In fact, many people are incredibly naive when it comes to the internet and have no idea what can be found out about them with even simple research via the major search engines.

Using a simple Google search to learn what is published about you could, therefore, prove to be a real eye opener. Depending upon how lax you have been about your own privacy you may discover that real sensitive information is available, such as your home address, phone number, travel plans (yes, house thieves do use the net), family connections, work and a whole lot more besides.

For this reason it is imperative that you learn what information about you is available online.

Its not just potential burglars you have to worry about, its online thieves too. If information about online financial accounts can be discovered then a potential thief could use personal data, such as your mother’s maiden name, or the name of your favourite pet, to circumvent security controls.

But its not only the bad guys you have to worry about when it comes to leaving a trail of data on the web.

Potential new employers are increasingly using the internet to build a picture of potential new recruits. For many people this presents a golden opportunity with which they can build a personal profile that really sells them into jobs that may otherwise have been unable to obtain. For the more careless it can spell disaster as their drunken nights out come to light via social messages, ill-advised photograph sharing and boasts of nights in the cells in their youth.

A thorough search of the internet can reveal a huge amount of information about, and it may well be that some of it could come as a surprise and be the type of data you wish was not publicly available.

If so, you may have a hard time dealing with it, but knowledge of it is certainly a required first step. After that luck, investigation and some good people skills can be your allies as you contact sites that host your information and look for the means of removing your damaging data from their sites.

After that you just need to remember that there are little to no secrets on the web and everything you make public stays that way.

Be careful what you do and say online – you only get one chance to define yourself and make a lasting impression.

Do You Know Who Your Computer Is Talking To?

If you are not involved in computer security then you would probably be very surprised to learn about the behaviour of some of the software on your computer. You may think you are double clicking on a program and then using it and that is all there is to it. But that isn’t always the case.

With computing being such a technical field it means that devices have all sorts of layers. The companies that make PCs and other computing devices, as well as software engineers, try to hide that complexity away from the average user in order to improve the experience of utilising their products – most people who use computers simply do not need to get that involved in how they work and, if they did, they quite possibly wouldn’t understand anyway.

For that reason computing has evolved over the years to the point where you could say that modern devices are sugar coated and gift wrapped before delivery. In fact, that is a key reason why an operating system such as Windows has fared so well – it is not, arguably, the best operating system out there but it is relatively simple to use and understand and that is what has attracted the huge user base it now enjoys. Some of the alternative operating systems are perceived, at least, to have a much higher learning curve and that is why the man in the street avoids playing with Linux and suchlike.

There is a drawback to using a device that has been simplified in such a manner and that is the fact that the average user has never had any need to learn about the complexities and finer workings of the machine that they use. As a result, they have no idea what is going on half of the time.

If their machine or software is causing a particular outcome to occur they just have to assume that is ok, assuming they even notice in the first place.

The problem here of course is the fact that computer manufacturers, software developers and even governments can get involved which is something we have seen far too much of recently.

There have been reports of a certain operating system having a backdoor embedded within it which communicates certain information back to the security services. Web sites, pieces of software and even encryption algorithms have been hijacked for reasons that should, at the very least, concern us all.

And the worst thing is that a lot of people still don’t know this is going on or, if they do, they don’t yet realise the long-term effects that this spying and data collection could have on all our lives. But when it comes to choosing hardware or software it is not just a case of deciding which companies you can trust.

A lot of the time it comes down to the point of view of both parties – the majority of computer users probably don’t want the NSA snooping on their web activity, or hardware manufacturers putting backdoors into their machines, or software that dials home – but those on the other side of the fence may feel that they have legitimate reasons for what they are doing.

In the case of the NSA et al, the security forces believe that snooping can aid their ongoing quest to beat terrorism and avoid potential loss of life. Thats a noble cause and one that I would imagine that most people support. But what lengths should they be able to go to enforce their views on security? Should we give up privacy in order to feel safer?

And when it comes to software that dials home should we worry about that? Of course the million dollar question here is who is the software communicating with and why? A manufacturer may want the ability to collect reports on how you are using their software, as well as logs of any errors you may encounter, in order to make improvements in the future. Whether any given piece of software sticks to those stated aims can be questionable at times and there are certainly some programs out there which will collect data beyond their remit and that applies to both ‘legitimate’ programs as well as malware.

Irrespective of whether your software is sending innocuous data back home, you may not like the fact that it is doing so because of the security holes that can create. if you have software on your machine that needs to connect to a remote server then that is a potential way in for the bad guys. It may not be the biggest hole in the world but it is still worth considering.

So, you do need to be aware that some elements of your computing experience may not be what they seem. Sometimes you will know that data is leaving your system. Whether you like that or not is a matter for you to decide. Equally, certain groups and organisations will be extracting information from you without your knowledge.

Whilst you may not be able to completely insulate yourself from those who would grab your data you certainly can be careful about what you install on your system. This is especially true when it comes to software that is known to call home for whatever reason.

Hey! Teachers! Leave Them Biometrics Alone!

School. I remember it well, even if it was a long time ago. Turn up at 9 a.m. and go home at 3:15 p.m. with lots of fantastic learning in between. Of course it wasn’t like that for all my classmates. They didn’t all take pride in a 100% attendance record or academic results and their behaviour reflected that.

In fact, I can still vividly remember three boys in particular who used to turn up for morning registration and then disappear for the rest of the day. They got away with it for a considerable amount of time too. Once you’d been registered in the morning there were no further checks on attendance throughout the day and it was easy to slip away, pop back for dinner in the canteen and then disappear again.

Nowadays though playing truant, even for part of the day, is getting harder as many schools place a far greater emphasis on checking pupil’s attendance and whereabouts during the day. This isn’t a bad thing in my opinion but does it does lead onto other issues of concern, as evidenced by a new report from Big Brother Watch.

In a world where the majority of people are either having their privacy destroyed by the state, or are willfully throwing it out with social networks, it may not seem that outrageous any more to learn that schools are getting in on the act.

The civil liberties group have now discovered, through the use of Freedom of Information Requests, that around 40% of schools in England may be employing biometric technology on pupils. From 3,000 requests the group’s research shows that almost one in three schools began collecting such data without consulting parents. Fortunately, non-early adopters are now subject to the Protection of Freedoms Act 2012 which requires parental consent in respect of biometric data collection from any pupil under the age of eighteen.

Based on the set of data at its disposal, Big Brother Watch discovered that 866,000 schoolchildren in the UK had their fingerprints taken in 2012-2013 and hypothesises that the count may now be well in excess of one million pupils.

But just why are schools employing such technology in the first place?

When I was still in shorts and spending my day flicking rubbers at other kids it was perfectly normal to break my day up by visiting the library and taking a book out with just a note recorded in a book. I could also eat my dinner without any oversight whatsoever, left to enjoy my semolina pudding (yuck!) without the staff knowing whether I’d eaten it or secretly thrown it in the bin again.

Our kids, however, are being spied on, whether that is intentional or not. Lists of library books and school meals are stored on databases, some of which even the parents can access via the web. Our children are recorded in and out of school and absences and tardiness are spotted almost immediately. Whilst some of that is information that parents arguably need to know, it is still very much over the top in my opinion.

At a time when invasions of privacy are not so much creeping into society but rather steamrolling right through it, are our educational establishments trying to create a future generation that sees this as normal and acceptable behaviour?

I sincerely hope not and I am glad to hear that none of my kids have ever been subjected to any biometric technologies in their respective schools.

I’ve also reminded them that the Protection of Freedoms Act 2012 means that they can, and should, refuse to agree to such without getting consent from either myself or their mother. Furthermore, I’ve also explained how they have the right to choose themselves – the Act gives children the option of opting out of biometrics themselves, irrespective of what their parents may have chosen on their behalf.

Does the use of biometrics within the schooling system concern you too? Have your children already been fingerprinted as part of such a scheme (its not too late to write to their schools and opt out if they have)?


Nick Pickles, director of Big Brother Watch, said:

“As the new school term gets underway, now is the time for parents to check if their children are among the hundreds of thousands of pupils who are using biometric technology.

“Going to school should not mean kids are taught they have no privacy, especially at a time when we are sharing more data about ourselves than ever before. Fingerprinting them and tracking what they do might save some admin work but the risk is pupils think it is normal to be tracked like this all the time. Schools need to be transparent about what data is being collected and how it is used.

“Parents will be rightly concerned to hear so many schools did not seek their permission to fingerprint their children, while pupils may not have been made aware they now have a legal right to ask to use a system that doesn’t require a fingerprint to be taken. The Government was right to change the law but it’s up to parents to make sure the law is being followed.”

Privacy Concerns May Ground Amazon Delivery Drones Before They Ever Take-Off

On the face of it Amazon’s plan to use unmanned drones to deliver online purchases sounds like a great business proposal. After all, which impulsive shopper wouldn’t want to save money making a purchase online whilst also receiving the product they bought within the hour? If Amazon could make the service – dubbed Amazon Prime Air – work well, and they aspire to do just that by 2015, then it would set new standards in the industry which its competition would have to match just to stand still.

Of course there are hurdles to be jumped before the first drone takes off with FAA approval being required before commercial licencing is given, but that may not prove to be the only barrier for Amazon to overcome.

Not everyone is impressed with the proposed new delivery method –  US lawmakers have concerns of the privacy variety.

Democrat Senator Edward Markey, who appears to have a penchant for privacy matters, released a statement in response to Amazon’s announcement of the drone service in which he said,

“Before drones start delivering packages, we need the FAA to deliver privacy protections for the American public. Convenience should never trump constitutional protections.

Before our skies teem with commercial drones, clear rules must be set that protect the privacy and safety of the public.

My drone privacy legislation requires transparency on the domestic use of drones and adds privacy protections that ensure this technology cannot and will not be used to spy on Americans. I look forward to working with my Senate colleagues on this bipartisan issue to ensure that strong personal privacy protections and public transparency measures are put in place now.”

Across the other side of Congress, Republican Ted Poe also has similar concerns surrounding the use of drones by a large retail company. With Amazon saying that its drones could carry packages up to 5 kilos in weight, which represents around 90% of all of its deliveries, Poe wonders how full the skies may end up becoming: “Think of how many drones could soon be flying around the sky. Here a drone, there a drone, everywhere a drone in the United States.”

Poe’s concern does not lay with the number of drones taking up airspace though as he recognises that the FAA will have jurisdiction over that. He is concerned, however, with the potential for surveillance and the use of drones to seek out additional sales opportunities:

“The issue of concern, Mr. Speaker, is surveillance, not the delivery of packages. That includes surveillance of someone’s backyard, snooping around with a drone, checking out a person’s patio to see if that individual needs new patio furniture from the company.

Photographing swing sets, pool, or the people that are in the pools, or even looking into the windows, all of that could be done with the use of drones under corporate America or by individuals. This would all be possible. So Congress must ensure that the expanded use of drones in the coming years does not come at the expense of the individual rights to privacy.”

Poe concludes his letter to the Speaker by highlighting the fact that having the ability to do something with new technology doesn’t mean that it should simply be allowed.

Considering all the furore surrounding America (even though it is most definitely not alone in this) and the topic of surveillance right now it will be interesting to see whether the general populace will be happy to give up a little freedom in return for expedited deliveries. I suspect they will.

Android App Secretly Flashes User Data

An extremely popular Android app which turns users smartphones into torches “deceived” tens of millions of users by covertly sharing their device IDs and locations with advertisers.

Goldenshores Technologies LLC, the developer behind the Brightest Flashlight Free app, has agreed to settle an FTC case which alleged that the company had violated provisions of the Federal Trade Commission Act. In settling the case, the developer has agreed to give users more control over how their data is used in the future.

In its statement, the FTC said,

“The FTC’s complaint alleges that the company’s privacy policy deceptively failed to disclose that the app transmitted users’ precise location and unique device identifier to third parties, including advertising networks.”

Whilst Greenshores privacy policy had disclosed that the company could use “any” information collected via the app, it did not include provision for sharing that data with third parties.

Since being released in February 2011 the app had proven to be extremely popular with Android users. According to Google Play’s statistics it has been downloaded somewhere between 50 and 100 million times

Jessica Rich, director of the FTC’s consumer protection bureau, said:

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it. But this flashlight left them in the dark about how their information was going to be used.”

The FTC complaint also went further, noting that anyone installing the app on a device was offered a misleading choice about the data collecting capabilities of the flashlight. When they first ran the app they were presented with an End User License Agreement which provided details about the collection of information. As is normal with EULAs, consumers could then choose whether to ‘Accept’ or ‘Refuse’ the agreement.

With this app, however, the choice was totally meaningless as data was collected and then shared with third parties, irrespective of whether they agreed to the terms or not.

Under the settlement with the FTC, Greenshores will now have to tell users when, why and how their data is being collected. The app will also have to attain a positive opt in from users before collecting or sharing their data. Additionally, the company must now also delete all the data it has gathered from consumers who have already downloaded the app.

Furthermore, Erik Geidl, the managing member of Goldenshores Technologies, has been ordered to tell the FTC if he becomes employed elsewhere. The FTC did not, however, seek any form of financial restitution due, I should imagine, to the fact that the app was offered for free.

The case above will hopefully serve as a reminder to all to be careful when installing apps onto their devices. Whilst Brightest Flashlight Free was misleading when it came to declaring how data was collected, it still highlights the need to check the permissions on any apps you have installed.

Ask yourself whether your app of choice really needs to snoop around your personal information or share your geographical location. If it doesn’t, then perhaps you may want to find an alternative!