We have moved to a new Sailfish OS Forum. Please start new discussions there.
25

Interesting privacy news regarding the big ones

asked 2015-09-28 23:36:09 +0300

simo gravatar image

Not a question, but worth sharing here:

There's a serious privacy issue, many big companies supporting it: https://www.youbetrayedus.org/

The actual law they are supporting: https://www.congress.gov/bill/114th-congress/senate-bill/512

Really, how can they do this to their customers? Jolla wouldn't so I guess spreading the news might be good for (1) warn your friends about this (2) make everybody look for other options (3) boost Jolla's goal for open source Sailfish OS to show to the world what's privacy made of (4) common knowledge on where the privacy is heading in the world

This non-question will be closed as outdated, when the law is either rejected or accepted. Rejected I hope, but really worried on that while so many big ones are backing it up...

edit retag flag offensive close delete

Comments

6

Jolla wouldn't

Can we have that officially confirmed?

pichlo ( 2015-09-28 23:44:39 +0300 )edit
4

Sure, here's the official letter signed by 13 companies and their software alliance. No "Jolla" there :D http://www.bsa.org/~/media/Files/Policy/data/09142015CongLeadershipDataAgendaLetter.pdf Open sourcing Sailfish OS will give the final punch, of course

simo ( 2015-09-28 23:48:15 +0300 )edit
4

THIS, my friends is indeed a huge argument for buying and supporting Jolla.

If they only could get a grip on old bugs and the 2.0 wierd UX design choices.

Larswad ( 2015-09-29 00:03:49 +0300 )edit
4

@simo, "Jolla wouldn't" suggests more than just "Jolla is not on the list". It suggests an active refusal. It suggests that, when approached by CIA, FBI, NSA or a similar big US shot with a request, they would show them a finger and tell them where to go.

So I am asking again. Can we have that officially confirmed?

pichlo ( 2015-09-29 00:03:52 +0300 )edit
2

ok that would be a question to Jolla PR/head I guess. I've understood that Sailors here on TJC comment as individuals, hence unofficially - but the best proof would be an open code, showing that privacy in use. To compare: Apple has promised earlier they take care of their user privacy, but now backing up bills like that. Internet is a powerful tool. Policies change even on those parties people have used to trust.

simo ( 2015-09-29 00:22:33 +0300 )edit

5 Answers

Sort by » oldest newest most voted
33

answered 2015-09-29 09:57:47 +0300

Philippe De Swert gravatar image

Personal sailor note so not an official statement.

Well as people point out we are not a US based company so it does not immediately apply to us. I can't tell how much of the data sharing legislation would apply to Jolla if we would ship there, but I guess we would be in a position to refuse. Also I personally and I am sure many other sailors would refuse to implement anything that would collect private data.

So do not forget that at the moment regardless of legislation, we at Jolla have no data to share of our users. (Well apart from the Jolla account stuff we use to allow access to the store and updates). So even if Jolla would be forced to give information there is not really anything we can give, as there isn't any. Which is imho even better ;)

edit flag offensive delete publish link more

Comments

Thanks, Philippe. That makes me feel better. I guess there is also the store accounts data, but there is little there that the authorities cannot get from a phone book and/or my credit-card statements.

pichlo ( 2015-09-29 13:16:09 +0300 )edit

@picholo: Well your Jolla account == the store account ;)

Philippe De Swert ( 2015-09-29 13:20:11 +0300 )edit

Well, there are two "stores" we could be talking about: the app store and the Jolla shop ;)

pichlo ( 2015-09-29 13:30:10 +0300 )edit
1

Thanks for the reply Philippe, things are as they should at Jolla, and in the best case this news from US might have only a positive effect all over EU to Jolla. @pichlo There are actually three now: Jolla pre-order shop is located in HK, Jolla Mobile there getting the needed information for their deliveries from Jolla. And yes, to your comment under the question - the bill possibly affecting here is the one you mentioned, the same linked in the question, "Law Enforcement Access to Data Stored Abroad Act". Other 4 bills mentioned in the official letter has less/none impact to companies abroad

simo ( 2015-09-29 15:33:55 +0300 )edit
1

There is a real need for open source software and true end to end encryption to offer a measure of protection for the users.

richardski ( 2015-09-29 23:34:52 +0300 )edit
6

answered 2015-09-29 16:43:21 +0300

simo gravatar image

Just to clear out the case, a practical example if the bill (linked in the question) gets applied as a law:

  1. You visit Jolla Shop, using for example Apple's Safari browser / Internet explorer / Microsoft Edge
  2. data collected by your browser is saved to a server in your own country
  3. Using the same browser, you make a purchase
  4. Browser collects your payment method via saving the links you use
  5. Any US governmental office can access that data by simply asking it from Apple / MS, mentioning "cyber threat" in their data request. No need for any court decisions, not in US, not in your own country, even that the information is stored in your own country

They get to know your IP, the shop you visited, the products you looked, the payment method you used, added by all the times you spent on each page. Depending on the cookies / web bots / 3rd party services on the pages, there might be even more data saved by others.

So yeah, there's no direct effect for companies abroad US, but already looking at the list of companies backing up this bill, it's easy to notice how difficult it'll be to avoid using services of companies who have a branch in US. In practice, what your browser knows, US would know (if they want).

Do you happen to know any browser provider who's not delivering their browser in US, or a browser not collecting any user data? I guess the native Sailfish browser is one of the few. Let's have it that way always!

edit flag offensive delete publish link more

Comments

1

So what? Do you want to use TJC as blog now? They already have it from the US company branch of that payment provider you use, and not your browser tracks you, it is the 500 plugins on the websites you pass by that collect your data. There is much more value behind patterns and metadata than there is behind personal userdata (letters emails etc), I do not need to scan your phone to know or predict where you will be 15 Dec 2015. I don't need your phone to know who your peers are, as your phone's are in the same spot for an hour now and then. I give up to explain it further this is no topic for TJC but conspiracy blogs/forums or maybe even just facebook comment chatter...

chemist ( 2015-09-29 17:41:18 +0300 )edit
6

"So what?": I posted this question to gain focus to an issue which possibly has a positive effect to Jolla

"Do you want to use TJC as blog now?": What??

To the "middle part": those 3rd parties can, at this point, do whatever they want with their collected data (following their privacy policy and US laws), but this bill is about to expand that data to any US officials, companies having no options but to give it when requested. There's the difference.

"no topic for TJC": Why wouldn't a possibly positive privacy matter not be worth sharing at TJC? This might actually help a bit in reaching the main goal: 3rd global OS !

One question to you too: What's you're motive pushing this down like that?

simo ( 2015-09-29 18:32:25 +0300 )edit
3

@chemist: I give up to explain it further this is no topic for TJC but conspiracy blogs/forums or maybe even just facebook comment chatter... What is your motive indeed? Thank you for giving up.

"There is much more value behind patterns and metadata than there is behind personal userdata"

But it is also easier to hide from leaving patters and metadata than to protect your personal user data.

Jolla listened and changed the standard google DNS (feeding every Dalvik resolved IP to Google) to the ISP one, spreading the risk.

Web site plug ins you can block globally for 85% and still make payments.

Like simo I find that matters like listed this "blog" can affect the long term future success of Jolla if addressed early enough and from the core.

Jolla staff is already reading - we got an updated confirmation that they don't wich to sell and are not preparing for such a move, and by this blog they know that their supports expect then to hold steady if ever pressured by prospect overseas success.

vandersmash ( 2015-09-29 21:20:40 +0300 )edit

@simo a possible privacy matter? Jolla is not in the USA, does not collect any data and is not bound by US law. And as said before, clean labelling is considered to be a bad thing and always raises suspicion in those circles actually interested in. Those said circles already know about Jolla and stay away for other reasons, the mainstream majority Jolla is aiming at does not care at all, they use stock android and stock iOS, how do you think you will get them on board with a fact they couldn't care less about? Motive, I do not see the point in discussing it further and therefore it is noise to me. Jolla is not involved in any way. Lets say Jolla is a car brand, I would not start to question their Diesel engines just because VAG did betray customers and countries with damages in the 10B range... would you? On the other side I would not start marketing that they do not belong to those evil manufacturers and for sure not label anything as "clean" just for the sake of saying clean...

@vandersmash they repeatedly responded to questions like this the same way "No, we don't and we are not going to!" For your other notes, how the hell are you using a payment processor website to pay stuff without giving that site a request to process your payment with your credentials attached to your account? I am not talking about browser tracking cookies or stuff like that! I collect logs of every php session on my server, including but not limited to what is accessing my site.

After all, I am more against the request to use it as marketing hype than the topic itself, I am highly interested in such topics myself.

chemist ( 2015-09-29 23:51:06 +0300 )edit

@chemist Thanks for clearing out your POV, it makes sense now. I still see this news would give a perfect timing for example on publishing the open sourcing roadmap, promised on May, and pushing for example those news out would not be seen as "Clean labelling". In general, this news might have positive effect to Jolla depending on how it's addressed and what/when done afterwards. Clean labelling is really not the only way, and not a nice way either. My POV is that this was worth sharing here, but if not, feel free to close as unrelevant (no bad feelings if you do)

simo ( 2015-09-30 15:46:58 +0300 )edit
4

answered 2015-09-29 18:30:20 +0300

Nieldk gravatar image

Oh, but definately you want to look at the coming EU directive on data protection.

http://ec.europa.eu/justice/data-protection/

edit flag offensive delete publish link more

Comments

The first link I noticed on that page... ;)

http://ec.europa.eu/justice/newsroom/data-protection/news/150908_en.htm

pichlo ( 2015-09-29 18:53:46 +0300 )edit
2

This directive seems to carry a similar problem. It doesn't apply at all when "...processing of personal data that is necessary to safeguard the economic well-being of the State does not fall within the scope of this Directive where such processing relates to State security matters" (article 13)

And from the related Umbrella Agreement: "The data transferred between EU and US law enforcement authorities can only be shared for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters"

so it seems tht EU has not much to say on this... ... damn, what a bill! I guess a cooperation is established as soon as two police officers, one in EU, one in US, change information with each other

simo ( 2015-09-29 18:59:30 +0300 )edit
1

Oh yes, they do. This matter is way more comprehensive than this thread allows for. But, short, let me asure that EU is far beyond US in this matter. Fyi, I have been working with the EU directive directly for the past ~1,5 yrs.

Nieldk ( 2015-09-29 19:05:01 +0300 )edit
1

good to know there's still some privacy left then :) Thanks @Nieldk. If you know that this directive actually prevents the privacy issue in the question (for EU citizens data), please do share!

simo ( 2015-09-29 19:09:39 +0300 )edit
1

The EU directive will protect citizen data across EU, there will be a one-stop authorative in each member state, this suthorative body is (will BR) responsible for the directive, no matter where data resides in EU. So, data in US might fall under this directive, depending on where the company holding the data is registered. US used to be a "ssfe harbour", meaning EU considered the data protected in similat way. This is no longer the case, so a company registered within EU cant just share data across. If they violate the directive, for one there will be a financial and legal consequence.

Nieldk ( 2015-09-29 19:18:49 +0300 )edit
3

answered 2015-10-06 19:56:51 +0300

Nieldk gravatar image

An update, regarding transferring EU person data across the big Lake.

https://nakedsecurity.sophos.com/2015/10/06/safe-harbor-agreement-ruled-invalid-by-top-eu-court/

edit flag offensive delete publish link more

Comments

One man step, big global impact.. Great! After this, the bill mentioned in the question is also totally out of focus for EU citizens, and leaves the news solely as news, hopefully having some positive effect. I guess this can be closed already after this. Thanks for sharing!

simo ( 2015-10-06 20:40:13 +0300 )edit
1

It can have consequences in a magnitude unimaginable. The invalidation was basically due to what we are many concerned about. The NSA, and hos they collect seemingly all data.

A very good write-up here.

https://www.linkedin.com/pulse/sunken-safe-harbor-5-implications-schrems-us-eu-data-transfer-solove

Nieldk ( 2015-10-06 23:11:22 +0300 )edit

Just lovely! Thanks for the link, @Nieldk !

juiceme ( 2015-10-07 15:56:06 +0300 )edit
1

answered 2015-09-29 17:43:48 +0300

chemist gravatar image

Apart from "Clean Labelling" there is nothing Jolla could do with that, and "Clean Labelling" is in those circles interested a very bad thing to do... as it is usually used to mislead you into buying something without reading its back-label.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
7 followers

subscribe to rss feed

Stats

Asked: 2015-09-28 23:36:09 +0300

Seen: 1,538 times

Last updated: Oct 06 '15

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49