We have moved to a new Sailfish OS Forum. Please start new discussions there.
56

Privacy: what information gets sent to Jolla?

asked 2014-01-28 00:29:34 +0300

gcobb gravatar image

I have every confidence in Jolla Ltd, but this article in The Register points out that NSA/GCHQ/etc find it very useful that smartphones send a lot of information back to their manufacturers.

The documents don't suggest that the intelligence agencies are directly hacking mobile applications, but are skimming and decoding the data they collect and transmit back to their developers. One report noted that anyone updating Android would send in 500 slurpable lines of data about the owner's user data use and network access records.

So, can Jolla please tell us exactly what information is sent back to them from the OS and under what circumstances? For example, does the Store app report anything about us? Or the upgrade process? What about location history or current location? Or WiFi information?

This is similar to but different from the existing questions about getting information on what apps are reporting back (e.g. https://together.jolla.com/question/19863/make-it-mandatory-for-app-store-description-to-tell-about-the-app-privacy-policy-in-simple-terms/). This is about the core phone/OS functions, not the apps.

edit retag flag offensive close delete

Comments

3

The real issue with mobile phones is the Home Location Register data that uniquely identifies which antenna on which mast you use and is stored by the Mobile Network Operators and can be obtained by governments. Good thing about Jolla is that you can remove the battery and they cannot track you.

richardski ( 2014-01-28 02:54:30 +0300 )edit
13

I think the problem is not so much about a very difficult avoidance of Big Brother getting your data, but about our consumer rights. We want to know what happens to our data and an open statement from Jolla about their data policy and transparency would be greatly appreciated. I expect Jolla to (a) collect only as little data as absolutely necessary, (b) not to use personalized data, (c) explain how long this data is kept and who has access to it or is given to, (d) implement some kind of simple opt-in/opt-out mechanism, and (e) implement a privacy control for Sailfish OS as well as for the Apps (native and Android).

melg01 ( 2014-01-28 09:48:00 +0300 )edit
1

@richardski That is, indeed, an issue but a different one and not under Jolla's control. I am here interested in what information from the phone is being sent. For example, some phones may send the list of WiFi access points that are known to the phone back to the manufacturer -- does Jolla?

gcobb ( 2014-01-28 11:31:58 +0300 )edit

@melg01 Good questions but I would not like Jolla to delay answering this question until they have all the information you are asking for. let's ask for the basic information first, and then ask for more information based on that, later.

gcobb ( 2014-01-28 11:33:12 +0300 )edit
2

If you don't want to be tracked, sew yourself a mobile pouch from e.g. HF shielding fabric. However I share the above posters opinion, that this is mainly about transparency and dedication to user privacy on Jolla's side.

marsch ( 2014-01-28 11:39:43 +0300 )edit

1 Answer

Sort by » oldest newest most voted
9

answered 2014-04-04 12:23:38 +0300

gcobb gravatar image

See https://together.jolla.com/question/37139/why-is-ipv4statusurlipv6statusurl-needed-in-etcconnmanmainconf/ for one data point. Whenever you connect to a network (not sure the exact trigger -- when connman feels like it), connman connects to a jolla system to check if it can get to the outside world.

I have not yet done a test to see exactly what information is sent -- but the server obviously receives your current IP address (or, at least, the address exposed to the Internet, which may be some NAT gateway).

As it says in the post, this particular contact is not a very big issue. But that does not mean it shouldn't be documented!! We really must insist that Jolla (and other device manufacturers) document ALL behind the scenes system communications (whether they think they are important or not) so we can each understand the privacy impacts. The issue isn't just what Jolla does with the data -- that is important but is not the only concern: even if it is nothing, the communications can be intercepted or Jolla can be instructed to hand over logs.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
10 followers

Stats

Asked: 2014-01-28 00:29:34 +0300

Seen: 600 times

Last updated: Apr 04 '14