That is exactly the reason, and the only reason. Because Facebook let user data from potentially hundreds of millions of people get used by a third party who "said they deleted it" -- they have to take the blame.
I agree that there are larger issues here. However, as you mention, there is a disconnect between "non-savvy users" and the Android operating system. If these users also have Facebook it may be one specific example that they can directly apply to themselves.
I agree that data collection is a major issue though, and it probably extends beyond what 99% of people perceive it as.
Bezos says, “If you make customers unhappy in the physical world, they might each tell six friends. If you make customers unhappy on the Internet, they can each tell 6,000.”
When you create an Apple ID, apply for commercial credit, purchase a product, download a software update, register for a class at an Apple Retail Store, contact us or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, and credit card information.
When you share your content with family and friends using Apple products, send gift certificates and products, or invite others to participate in Apple services or forums, Apple may collect the information you provide about those people such as name, mailing address, email address, and phone number. Apple will use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes.
In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law.
It all seems perfectly reasonable. If you buy something, they need your credit card info, etc...
The problem is that most companies sell that information on to other parties. I've read on the interwebs that Apple doesn't, but I'd feel better if I could see it in a web page or something more concrete.
If you use Facebook to login to Spotify then that information is definitely available. The information doesn't even need to be sold to the record labels. If the labels then use Facebook ads, the targeting can be as specific as someone who likes a particular band or song.
The fact that people use Facebook to login to EVERYTHING, means that Facebook has access to their usage data.
No, that's not true. If Spotify sells the data without anonymizing it, then it could tracked back to Facebook, but otherwise OAuth only provides them with your email and Facebook ID: listening data doesn't flow anywhere automatically.
A different thing is Facebook gadgets on random websites while you are logged in into Facebook.
Yes i think is correct, so the data could be sold by either Facebook, spotify (or both) to 3rd parties.
(Direct quotes from their privacy policy below)
"Consistent with the permissions you give us to collect the information, we may use the information we collect, including your personal information:
1. to provide, personalise, and improve your experience with the Service and products, services, and advertising (including for third party products and services) made available on or outside the Service (including on other sites that you visit), for example by providing customised, personalised, or localised content, recommendations, features, and advertising on or outside of the Service;"
....
And here are some of the parts about data collection:
"We may also collect other information available on or through your Third Party Application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.
You may also choose to voluntarily add other information to your profile, such as your mobile phone number and mobile service provider.
...
"When you use or interact with the Service, we may use a variety of technologies that collect information about how the Service is accessed and used. This information may include:
information about your type of subscription and your interactions with the Service, such as interactions with songs, playlists, other audiovisual content, other Spotify users, Third Party Applications, and advertising, products, and services which are offered, linked to, or made available on or through the Service;
The details of the queries you make and the date and time of your request;
User Content (as defined in the Terms and Conditions of Use) you post to the Service including messages you send and/or receive via the Service;
technical data, which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Spotify Service, unique device ID, device attributes, network connection type (e.g., WiFi, 3G, LTE) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and Spotify application version.
motion-generated or orientation-generated mobile sensor data (e.g., accelerometer or gyroscope).
You may integrate your Spotify account with Third Party Applications. If you do, we may receive similar information related to your interactions with the Service on the Third Party Application, as well as information about your publicly available activity on the Third Party Application. This includes, for example, your “Like”s and posts on Facebook. We may use cookies and other technologies to collect this information; you can learn more about such use in the section Information about cookies and other technologies of this Privacy Policy."
I'm personally more concerned with the sheer volume of information that Google/Facebook/whoever collects about me. The Cambridge Analytica scandal shouldn't have surprised anyone that is remotely concerned with privacy. If the data is collected and stored, it's creates vulnerabilities to be hacked/leaked.
Your point was vpn collected all data sent and received from a device. You could have just tweeted that as that is always true.
Instead, from what it appears, you were trying to prop up views by calling out a facebook specific vpn and how it collected all data - as in you were expecting that to behave differently.
I would recommend you go and read the post, because what you are saying is simply not true.
I never claimed they are collecting all data sent and recieved from the device, nor would I have any ability to credibly make that claim without access to their servers. I only addressed what is observable in the app’s code.
It's not an issue if you care enough to read the description. This is not some underhanded sneaky thing that Facebook's trying to hide. Users can choose not to install the app.
It's news because people use VPNs to protect their privacy. If they are under the impression that Onavo will keep their data private, they are wrong. Just trying to inform...
This is not about your expectations. This is about the expectations of a user who knows that VPN stands for "Virtual Private Network", and that the feature has the word "Protect" in the title.
FB creates the expectation of privacy by using those terms, and they (or you) don't get out from under that expectation by splitting hairs.
The app places the acryonym "VPN" on the phone and instructs users to turn on the virtual private network.
I'd say users aren't totally out of line thinking that an app providing virtual private networking functionality would use a layperson's definition of private (as opposed to a techie's definition involving network protocols).
I'd argue that a VPN app that isn't private should be required to put something like the warning on cigarettes: >
> WARNING: This app monitors and records for all time your every action on your phone and only protects you from 3rd parties who haven't paid us enough money to get access to your data.
I agree that a VPN service implies it's protecting privacy, but let me nit pick a bit: the "private" in virtual private network is not about privacy, it's about a network with a private IP space, the virtual part is that it operates on top of public IP space.
With that said, anyone could make the assumption that private means privacy here, and most common use cases for consumer VPNs are for privacy, so, I guess it really matters that they are explicit what they service does, and I think the description above is pretty clear.
A VPN has nothing to do with privacy. Changing the definition doesn't do anyone any favors. It just blurs the line even further. Private!== privacy. It isn't some magical protocol that all of a sudden makes you untrackable.
That is exactly the reason, and the only reason. Because Facebook let user data from potentially hundreds of millions of people get used by a third party who "said they deleted it" -- they have to take the blame.