Forgot your password?
typodupeerror
Privacy Cellphones Your Rights Online

Palm Pre Reports Your Location and Usage To Palm 314

Posted by Soulskill
from the caught-palm-red-handed dept.
AceJohnny writes "Joey Hess found that his Palm Pre was ratting on him. It turns out the Pre periodically uploads detailed information about the user to Palm, including the names of installed apps, application usage (and crashes), as well as GPS coordinates. This, of course, is without user consent or control. The only way he found to disable the uploads was to modify system files."
This discussion has been archived. No new comments can be posted.

Palm Pre Reports Your Location and Usage To Palm

Comments Filter:
  • by masterlogan2000 (1608973) on Wednesday August 12, 2009 @12:16PM (#29040643)
    Did Palm not think that someone would figure this out? I wonder what kind of backlash there will be about this and how much more negative impact it will have on the Palm brand.
    • by negRo_slim (636783) <mils_oRgen@hotmail.com> on Wednesday August 12, 2009 @12:19PM (#29040701)

      I wonder what kind of backlash there will be about this

      Answer: Not Enough

      • by mcgrew (92797) on Wednesday August 12, 2009 @12:34PM (#29040945) Homepage Journal

        Answer: Not Enough

        True. Likely there will be no repercussions whatever. Yet another example of an amoral corporation not giving a shit about their customers. Welcome to the 21st century.

      • Re: (Score:3, Interesting)

        by Sandbags (964742)

        Well, if my fellow coworkers who chose the Pre over the iPhone were not quite ready to return their devices for full refund and termination of any contract signed at purchase when Palm "hacked" iTunes and Apple promptly "fixed" it cutting all the users off from sync, now they REALLY have a strong case to return it.

        In fact, I just mentioned this article to a co-worker who was showing off his shiny new Pre to me late last week, which after using it for a few days and finding out contrary to what the clerk tol

        • by drunkle j (824263) on Wednesday August 12, 2009 @02:12PM (#29042427)

          In fact, I just mentioned this article to a co-worker who was showing off his shiny new Pre to me late last week, which after using it for a few days and finding out contrary to what the clerk told him that he could in fact not sync with iTunes, He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back...

          So wait.. your coworker was so mad that Palm wouldn't parry Apple's anti-competitive measures and Palm's collection of usage/GPS data, that he rushed out to sign a contract with the company at the center of the warrantless wiretapping [wikipedia.org] debacle? The same company that, in response to hoards of customer complaints, pulled strings in congress to get an unconstitutional ex-post-facto law passed to prevent them from being criminally prosecuted for turning over every bit of customer data they could get their hands on to the feds? Yea, I can see how the average American consumer would make that choice.

          • by Sandbags (964742) on Wednesday August 12, 2009 @02:22PM (#29042551) Journal

            hey, AT&T may have complied with illegal orders to provide wire taps, and even played some questionable moves to avoid prosecution, but lets place the blame where it really lies; the Bush Administration... AT&T was not the only company to comply with these orders, and was told quite explicitly, by judges, that the orders were in fact valid...

            AT&T may have broken the law, and violated the privacy of many (suspected crimainals/terorists) Americans, but they did so under a supposed legal authority and under orders to do so, and these wire taps (most of them) were actually for people accused or associated with active federal investigations. Palm is collecting personal information, it has NO association with any criminal activity and no basis in law, and they're doing it without informed concent, and without a way to disable the tracking, and wihtout support or order by the government, and I bet they're doing it without the Phone Company's knowledge too. (and if the phone company IS aware of it, they're FAR more guilty than AT&T is...

        • He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back...

          Honestly I think this would be a dumb move, being that Apple is more "evil" than Palm, and AT&T is more "evil" than Sprint.

          Consider this:

          * If Microsoft pulled even HALF the shenanigans Apple does ("fixing" iTunes when thrd parties figure out ho to sync to it, suing the competition, suing people who leak info on unreleased products, etc etc) they'd be hauled into court and sued into oblivion. But, Apple can still get away with it because they are not a monopoly and their products are hip/pretty/actually

    • I had a friend just return a Pre that died within a week, I liked the software but advised her to get something a little friendlier. After reading this article she's deciding between an iPhone and a G1. Amazing how these companies do not learn from other failures when people's privacy was invaded. Amazon, I'm lookin' at you.
    • by Jawn98685 (687784) on Wednesday August 12, 2009 @12:38PM (#29041015)
      VP of Engineering: "Dude, they're going to find out, and they'll be pissed."
      VP of Marketing: "This is going to be great. Think of all the things we could do with this information. Think of all the people we could sell that information to. The feature stays."
      • VP of Engineering: "Dude, they're going to find out, and they'll be pissed."
        VP of Marketing: "This is going to be great. Think of all the things we could do with this information. Think of all the people we could sell that information to. The feature stays."

        EVP of Marketing: "I eat boogers."
        CMO: "Excellent work, EVP of Marketing. VP of Engineering, you're too cautious. You'll never make it in today's world."
        CIO: "He's right. You're fired."
        VP of Engineering: "It's all good, I already have two other jobs lined up. Later, losers."
        EVP of Marketing: "Did I mention I eat my own boogers?"

    • by Abreu (173023)

      This just confirms to me that Palm Executives are just too dumb to live...

      Sincerely,

      A long-time Palm user (who still uses a Centro)

      • Re: (Score:3, Interesting)

        by Bigjeff5 (1143585)

        This just confirms to me that Palm Executives are just too dumb to live...

        Sincerely,

        A long-time Palm user (who still uses a Centro)

        Who's the stupid one here, the guy who runs the company that does dumb shit, or the guy who keeps using the products of the company run by the guy who does dumb shit to him?

        Think about it.

        • by Abreu (173023)

          Of course, Palm is a bad company that has been making worse and worse products each year

          However, I refuse to use a Windows Mobile product, there are no Android phones sold in my country and the Iphone is both inconvenient and expensive.

          These days, I use my Palm Centro as an Ebook Reader/Phone/Calendar device

          Palm had the pda market cornered and could have easily held on to the smartphone market if they hadn't made such braindead decisions...

    • by Frosty Piss (770223) on Wednesday August 12, 2009 @12:44PM (#29041105)
      The "story" doesn't touch on this, but I would suspect that there *was* disclosure on some click-through set-up screen, and the user wasn't paying attention.
      • Re: (Score:2, Informative)

        by justdaven (1238962)
        Maybe, but with the number of folks who tear apart those user agreements, we would have heard of it sooner
    • by rahlquist (558509) on Wednesday August 12, 2009 @01:41PM (#29041955) Homepage

      And are we sure that none of the other phones do this?

    • Re: (Score:3, Insightful)

      by sgt_doom (655561)

      "Did Palm not think that someone would figure this out?"

      Palm...Oh, that's the company that replaced all their American programmers with doods from India.

      Guess not.....

      Recommended sf reading: "Watermind" by M. M. Buckner

    • Re: (Score:3, Funny)

      by elrous0 (869638) *
      I'm just worried that that freaky Pre chick knows where I live now.
    • by element-o.p. (939033) on Wednesday August 12, 2009 @04:06PM (#29043997) Homepage

      I wonder what kind of backlash there will be about this and how much more negative impact it will have on the Palm brand.

      Why, none of course...None at all, since Palm knows exactly where you were between noon and 1:00pm today, who you called, where she met you and also knows the phone number of your wife.

  • the fine print (Score:5, Insightful)

    by alain94040 (785132) * on Wednesday August 12, 2009 @12:17PM (#29040657) Homepage

    Let's see if you can find the trick in Palm's privacy policy:

    Personal information is information directly identifiable to you, such as your name, address, email address, and phone number, as well as other non-public information associated with such information. Some examples of how we collect and use personal information include ... [ a list that sounds pretty safe and reasonable]

    The operating word is Some examples: legally, they don't say that the list is exhaustive and that they don't collect information any other way. So the long list of nice looking collection is just a decoy!

    --
    FairSoftware.net [fairsoftware.net] -- iPhone dev jobs for geeks by geeks

  • Boycott (Score:5, Funny)

    by sakdoctor (1087155) on Wednesday August 12, 2009 @12:17PM (#29040659) Homepage

    Ok, add them to the list.
    Actually it's getting hard to keep track. Should we start a wiki?

    • Re:Boycott (Score:5, Funny)

      by Ogive17 (691899) on Wednesday August 12, 2009 @12:23PM (#29040781)
      It would be easier to keep track of the companies that have NOT screwed over the customer.

      I'll get back to you if I can think of one.
    • Nah, we can just keep a list of those who don't do something to invade privacy or fuck us over on one of our other rights.
    • by DrLang21 (900992)
      This is actually an interesting idea. I would be very curious to see a wiki that comprehensively listed the ways that they have been poor corporate citizens. I don't expect many companies to be innocent, but it would be nice to know who is least guilty when I'm considering a purchase.
    • I think at this point, we should start a white list instead of a black list.

  • User Consent ... (Score:5, Informative)

    by neonprimetime (528653) on Wednesday August 12, 2009 @12:22PM (#29040753) Homepage
    Story says...

    This, of course, is without user consent or control.

    But From Palm Infocenter, they say [palminfocenter.com]

    Palm's own "Terms and Conditions" statement, along with their Privacy policy, detail that Palm basically maintains it has the right to indefinitely collect, process, store and share this information. Users must accept this multipage collection of fine-print waivers and disclaimers in full during the initial device setup process before being able to utilize the device.
    • by oodaloop (1229816)

      Users must accept this multipage collection of fine-print waivers and disclaimers in full during the initial device setup process before being able to utilize the device.

      It was in the basement!

    • Re: (Score:3, Interesting)

      by jandersen (462034)

      ... has the right to indefinitely collect, process, store and share this information

      Except that this is not legal in a number of countries; can we assume that they only collect info where it is legal to do so?

  • Uncool (Score:5, Interesting)

    by sweatyboatman (457800) <sweatyboatman AT hotmail DOT com> on Wednesday August 12, 2009 @12:22PM (#29040761) Homepage Journal

    I read the privacy policy [palm.com] and it doesn't really seem like it's built to cover this kind of snooping.

    And then there's this:

    You may choose whether or not to provide your personal information to us. If you choose not to do so, you can continue to interact with Palm, but you may not be able to take advantage of certain products, services, offers, or options that depend on personal information.

    So is there a website or a setting on the Pre to disable this thing. TFA seems to say there isn't.

    I mean, there's utility in understanding how people are using your device. But not letting your users know you're uploading daily usage stats and not giving them a way to turn it off?

    Truly Uncool.

    • by Late Adopter (1492849) on Wednesday August 12, 2009 @12:56PM (#29041293)
      The initial setup asks you how want to use your location information, and the "Location Services" app lets you change this at any time. I'm looking at the options under that app now, all of which can be switched off:
      • Auto Locate: Your location will be automatically provided to applications that request it.
      • Use GPS: Improves accuracy but can impact battery life
      • Geotag Photos: Stores the GPS coordinates of your location when you use the camera
      • Background Data Collection: Allows Google to automatically collect anonymouse location data to improve the quality of location services.
  • by wowbagger (69688) on Wednesday August 12, 2009 @12:32PM (#29040919) Homepage Journal

    OK, I can see sending what applications are installed and what crashes have occurred given the user's explicit permission - I allow my Ubuntu boxes to participate in the "popularity contest" wherein what apps I install are (anonymously) logged, and I will frequently send crash reports to help get the cause of the crash fixed.

    In both of those cases *I* decide if it happens, and I was informed of the data being uploaded.

    But automatically reporting my GPS locations - HELL NO!!!

    Yes, the Pre is a phone - as such it MUST, BY LAW be able to report its location to 911 (here in the US, natch). My phone (which is NOT a Pre) has been configured to turn GPS off for anything OTHER than E911. If I found out that it was NOT abiding by that selection - that it was sending position data to anyone other than E911 - then not only would I be terminating my cell contract, I would be filing suit against the makers of the phone AND the cell carrier.

    Again, I can see why Palm would want apps installed and crash data - but WHAT DAMN BUSINESS is it of theirs to know position?!?!

    • I am not sure I would want them knowing what apps I have installed either. Why do they need to know? If it is a 3rd party application and it crashes have a filed stored on the phone so the crash handling application knows where to send the dump file or whatever. Palm does not need to know that my google maps application crashed, google needs to know. So send the error report directly to google.
    • by Otto (17870) on Wednesday August 12, 2009 @01:18PM (#29041623) Homepage Journal

      Actually, it's the cellular companies that want that data more. By having the phones report back on position and cell tower ID strengths, they can more easily map "dead zones" in their coverage areas, telling them where to put new towers to hit the most people.

  • by Anonymous Coward

    You know, that total control of their users and the things they can and can't do. Apple should not control their users like that, it's just...

    Oh wait, you mean someone else than Apple is doing that?

    Damn you Microsoft, always controlling your users....

    Oh wait, you mean it's neither Apple or Microsoft?

    So, you zealots who always bash on Apple and Microsoft... what FUD will you say to protect your precious Palm now? And wasn't Google's Android doing something similar too?

    The solution is easy: get a cellphone th

  • by db32 (862117) on Wednesday August 12, 2009 @12:44PM (#29041103) Journal
    In the spirit of blaming Apple for Palm's misbehavior with their iTunes stunt please respond here with how this is also Apples fault.
    • by Xserv (909355) on Wednesday August 12, 2009 @12:54PM (#29041247)

      In the spirit of blaming Apple for Palm's misbehavior with their iTunes stunt please respond here with how this is also Apples fault.

      I'll give it a shot: There's an app for that!"

      I digress.

      - xserv

    • by Al Dimond (792444)

      Ah, the resident Apple fanboys. Always so defensive. Clearly this story has nothing to do with Apple, and nobody has suggested that it does.

      Now I'm pretty well distanced from the Palm-iTunes shenanigans, not owning any portable music player nor running an OS that iTunes supports. I think there's a pretty narrow range of belief systems that could lead to the conclusion that Palm's behavior is worse than Apple's in that case. First, if you believe that vertical monopolies are generally a good thing, and t

  • Although I am not your customer, were I your customer, I would gladly be a beta tester and give you all sorts of useful information (automated or otherwise) about how I used your products.

    This being said, I would hope that you would have the courtesy of asking me to opt-in, rather than assuming that you own my usage habits.
  • TFA Text (Score:5, Informative)

    by AceJohnny (253840) <.jlargentaye. .at. .gmail.com.> on Wednesday August 12, 2009 @12:59PM (#29041335) Journal

    Woops, looks like /. is hammering the server. Here's a copy of the text (as of now):

    I've been taking a closer look at the WebOS side of my Palm Pre tonight, and I noticed that it periodically uploads information to Palm, Inc.

    The first thing sent is intended to be my GPS location. It's the same location I get if I open the map app on the Pre. Not very accurate in this case, but I've seen it be accurate enough to find my house before.

    { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

    Here they can tell every WebOS app I use, and for how long.

    { "appid": "com.palm.app.phone", "event": "close", "timestamp": 1250006362 }
    { "appid": "com.palm.app.messaging", "event": "launch", "timestamp": 1250006422 }
    { "appid": "com.palm.app.messaging", "event": "close", "timestamp": 1250006446 }

    It sends the above info on a daily basis.

    2009-08-10t09:15:10z upload /var/context/pending/1249895710-contextfile.gz.contextlog ok rdx-30681971
    2009-08-11t09:15:10z upload /var/context/pending/1249982110-contextfile.gz.contextlog ok rdx-31306808

    There is also some info that is recorded when a WebOS app crashes. Now, I've seen WebOS crash hard a time or two, but it turns out apps are crashing fairly frequently behind the scenes, and each such crash is logged and a system state snapshot taken. At least some of these are uploaded, though if things are crashing a whole lot it will be throttled.

    2009-08-09T17:01:22Z upload /var/log/rdxd/pending/rdxd_log_59.tgz OK RDX-30246857
    2009-08-09T17:05:36Z upload /var/log/rdxd/pending/rdxd_log_26.tgz OK RDX-30249465
    2009-08-09T17:09:11Z upload /var/log/rdxd/pending/rdxd_log_56.tgz OK RDX-30252374
    2009-08-09T17:11:46Z upload /var/log/rdxd/pending/rdxd_log_70.tgz OK RDX-30253958
    2009-08-09T17:16:29Z upload /var/log/rdxd/pending/rdxd_log_67.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:17:28Z upload /var/log/rdxd/pending/rdxd_log_51.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:20:40Z upload /var/log/rdxd/pending/rdxd_log_21.tgz ERR_UPLOAD_THROTTLED_DAILY

    Each tarball contains a kernel dmesg, syslog, a manifest.txt listing all installed ipkg packages (including third-party apps), a backtrace of the crash, a df (from which they can tell I'm using Debian on the phone), and ps -f output listing all processes owned by root (but not by joey).

    The uploading is handled by uploadd, which reads /etc/uploadd.conf:

    [SERVER=rdx]
    RepositoryURL=https:///palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https:///palmcsext/RDFileReceiver

    [SERVER=context]
    RepositoryURL=https:///palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https:////palmcsext/RDFileReceiver

    The "HOST" this is sent to via https is ps.palmws.com.

    My approach to disable this, which may not stick across WebOS upgrades, was to comment out the 'exec' line in /etc/event.d/uploadd and reboot. However, then I noticed a contextupload process running. This is started by dbus, so the best way to disable it seems to be: rm /usr/bin/contextupload

    BTW, since Palm has lawyers, they have a privacy policy, which covers their ass fairly well regarding all this, without going into details or making clear that the above data is being uploaded.

  • What idiot thought doing this without user opt-in was a good idea?

  • by tony.damato (13665) on Wednesday August 12, 2009 @01:13PM (#29041539)

    http://www.precentral.net/fyi-pre-reports-your-location-palm [precentral.net]

    When PreCentral's people asked Palm about this, their official statement to them in part was:

            Our goal has been to follow industry best practices on data collection, use, and encryption. Like most EULAs and privacy policies, though, the terms tend to get pretty detailed about potential scenarios. And because the terms are meant to notify users about all possible variations, we wanted to err on the side of over notifying rather than under notifying users through the terms of use. So there's really nothing here "beyond the norm" for a EULA or privacy policy.

            The provision you've quoted explains why Palm might collect user information. For example, we collect and transmit users' email addresses, email content, contact lists, etc. to provide WebOS services such as back-up and restore for the purpose of backing up that data and helping users restore the data if needed (in that case, it would not be limited to just the email address collected at registration). If users someday make purchases on their device through the Apps Catalog, then we would also collect payment information to process the transaction.

            At all times, we'd be strictly bound by our privacy policy. Our privacy policy, like virtually all others in the industry, contemplate our using data to provide services users have requested, improve our products and services (hence the reference to Palm's own "sales and marketing" in the privacy policy), troubleshoot, etc. We also refer to affiliates because Palm is a global company, and we may need to transmit data from our European subsidiary to the parent company. We're obviously not a conglomerate with many different subs and affiliates, but the terms specifically mention subs and affiliates so that we can comply with European data protection laws that require us to spell out that data collected by a European sub can be transmitted to another part of the company.

  • by Mr.Fork (633378) <edward.j.reddy@ g m a i l . c om> on Wednesday August 12, 2009 @01:16PM (#29041581) Journal
    Canada's privacy laws disallows this, especially not notifying the user. As soon as it leaks out to the CRTC and the Privacy Commish, they may disallow this device for sale in Canada later this month.

    But my god, what was Palm thinking? Disappointing.
  • by Stu101 (1031686) on Wednesday August 12, 2009 @01:22PM (#29041669) Homepage

    If this is true, it strikes at the very heart of the products saleability. The pre is quite the phone in geek worlds, which unfortunatly for them, tend to be the ones that care about stuff like this!

    By doing this they have alienated a real core market that could have made the Pre a good geek phone rather than a has been phone.

  • Hack it! (Score:3, Insightful)

    by spaceyhackerlady (462530) on Wednesday August 12, 2009 @02:08PM (#29042363)

    So why not hack the thing so it sends what you want it to send? Somewhere innocuous, somewhere whimsical, or just random locations. You could have fun with this.

    "Yes, I really was at the North Pole yesterday. And in Paris the day before. Isn't air travel great!"

    ...laura

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...