Pontellino ha scritto:Tremo a pensare quello che potranno fare app di assicurazioni conniventi con le varie case farmaceutiche...
http://thewire.in/59411/john-hanke-pokemon-go/ Privacy Scandal Haunts Pokemon Go’s CEO
By Sam Biddle (Intercept) on 16/08/2016
Pokemon Go collects a lot of sensitive data. And its CEO John Hanke was embroiled in the so-called Wi-Spy scandal, a global snooping incident at Google.
The suddenly vast scale of Pokemon Go adoption is matched by the game’s aggressive use of personal information. Unlike, say, Twitter, Facebook or Netflix, the app requires uninterrupted use of your location and camera — a “trove of sensitive user data,” as one privacy watchdog put it in a concerned letter to federal regulators.
All the more alarming, then, that Pokemon Go is run by a man whose team literally drove one of the greatest privacy debacles of the internet era, in which Google vehicles, in the course of photographing neighborhoods for the ‘street view’ feature of the company’s online maps, secretly copied digital traffic from home networks, scooping up passwords, email messages, medical records, financial information and audio and video files.
In April 2010, Germany’s data protection commissioner announced that Google vehicles had been illegally collecting Wi-Fi data. Further regulatory scrutiny and corroborating news reports eked out the truth: As they drove, Street View Cars were swallowing up traffic from unencrypted wireless networks. Germany’s federal privacy czar, Peter Schaar, said he was “horrified” and “appalled.”
It eventually emerged that, in the US alone, this collection went on for more than two years. The scandal, referred to as the “Wi-Spy” case as it was unfolding, resulted in:
- ► Findings that Wi-Fi traffic collection was illegal by authorities in the UK, France, Canada, South Korea and New Zealand.
► A bruising Federal Communications Commission investigation, which followed a director’s comment that Google’s activity “clearly infringes on consumer privacy” and which resulted in a $25,000 fine.
► A department of justice wiretapping investigation.
► A federal class-action case against Google, ongoing to this day, in which a district and appeals court have both ruled, against the company’s arguments, that the sort of data Google accessed is protected from interception under the US Wiretap Act. (The Supreme Court has declined to hear Google’s appeal.)
► Lawsuits brought by authorities in Spain.
► Regulator intervention in Italy and Hungary.
► A government investigation in Germany.
Hanke, through a spokesperson, denied any knowledge of the Wi-Fi collection at the time it was happening, pinning blame on Google’s mobile division. But a unit within his division, not mobile, was the focus of the largest investigation into the matter by US regulators and it was his division whose vehicles did the actual collection. The way Wi-Fi traffic was intercepted under Hanke’s nose should alarm people who use, or whose children use, Pokemon Go.
Google itself tried to escape responsibility as the scandal unfolded, dismissing concerns, rebuffing investigators and evincing the sort of hubris and arrogance for which the engineer-dominated company has been repeatedly criticised.
In a blog post published at the very beginning of the scandal, Google denied any wrongdoing, saying it had copied no traffic from inside Wi-Fi networks, but rather gleaned “information that identifies the network and how that network operates,” like the name of your router, which you assume to be public anyway.
This narrative was short lived: two weeks later, as international scrutiny increased, Google shifted from outright denial to scapegoat tactics, admitting it had copied traffic, but only “mistakenly” and mostly in “fragments.” Google attempted, amazingly, to divert blame from the cars operating on behalf of Hanke’s operation onto one single unnamed rogue “engineer working on an experimental WiFi project.”
A vice president from Hanke’s Geo division two months later acknowledged in a blog post that “serious mistakes were made in the collection of WiFi payload data, and we have worked to quickly rectify them … the WiFi data collection equipment has been removed from our cars.” But Google continued to call the traffic collection a mistake.
Then, three months after that, yet another official post repeated that the collection was “mistaken” but only specifically acknowledged collecting emails, URLs and passwords.
Only after repeated and increasingly vociferous inquiries from the FCC, which was frustrated that Google had “deliberately impeded and delayed” its investigation, did the company reveal the truth, which was summarised in blunt 2012 commission report. Far from acting on his own, the supposedly rogue “Engineer Doe” (as the report referred to him) had collaborated on and discussed openly his “piece of code” with several other Google engineers, including superiors.
In fact, he’d tried to warn his colleagues, sending his software code and a design document to the leaders of the street Vvew project, who in turn forwarded it to the entire street view team. “The design document,” the FCC wrote, “identified ‘Privacy Considerations’ and recommended review by counsel, but that never occurred.”
This design overview stated quite plainly that “a typical concern [with the project] might be that we are logging user traffic with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.”
Warnings don’t come clearer than that.
...
Niantic reserves the right to share some of the information it collects, in what it claims is a “non-identifying” form, with third parties “for research and analysis, demographic profiling, and other similar purposes.” This would be a lot of sensitive information to entrust even to a CEO with a good record of respecting the privacy of strangers. And in fact, in the very first week of Pokemon Go’s release, Niantic caused a brief privacy scare when it was discovered that the app asked for far broader access to users’ Google accounts than was necessary. The company responded almost immediately:
“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. … Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”
