Standard-issue red flag, or extra-red red flag?
April 22, 2019 7:14 PM Subscribe
OvuView, the fertility tracking app I've used (and recommended on here!) for years, just merged with TempDrop. Neat, I thought, since I'd been idly thinking of getting a TempDrop wearable thermometer anyway. Then I read their privacy policy, and I can't quite tell if it's as icky and insufficiently private as it sounds. AskMe, I need a second opinion. Relevant links below the fold.
The TempDrop privacy policy is here, and here's the broader Terms of Service. I suppose the only truly iffy bit is "We may use the information we collect from you to create de-identified (anonymous), statistical or aggregated information, and make it available to others for any purpose;" which probably every app I've ever downloaded is doing. Still, as someone who doesn't already use a fitness tracker, I'm somewhat wary of putting even more personal information in the hands of a big company. How anxious should I be about this?
Bonus question: can I use Blockada to limit the data TempDrop has on me? Is there a way to figure out what to block granularly?
The TempDrop privacy policy is here, and here's the broader Terms of Service. I suppose the only truly iffy bit is "We may use the information we collect from you to create de-identified (anonymous), statistical or aggregated information, and make it available to others for any purpose;" which probably every app I've ever downloaded is doing. Still, as someone who doesn't already use a fitness tracker, I'm somewhat wary of putting even more personal information in the hands of a big company. How anxious should I be about this?
Bonus question: can I use Blockada to limit the data TempDrop has on me? Is there a way to figure out what to block granularly?
Best answer: From their T&Cs they collect:
- measurements of your body temperature and motion
- IP (Internet Protocol) address, IMEI number, location, usage analytics, type of browser and version, language, cookies, session records and the time and date you accessed the Tempdrop System.
So this actually seems like similar or even more data than a fitness tracker collects. For me personally, I'd be okay with it as the benefits outweigh the risks but this is definitely a lot of personal info. And even if they strip your name, then location + time is still fairly identifying (I think a strict reading of their docs means they can share anonymised but not necessarily aggregated, for any purpose!).
posted by JonB at 8:52 PM on April 22, 2019
- measurements of your body temperature and motion
- IP (Internet Protocol) address, IMEI number, location, usage analytics, type of browser and version, language, cookies, session records and the time and date you accessed the Tempdrop System.
So this actually seems like similar or even more data than a fitness tracker collects. For me personally, I'd be okay with it as the benefits outweigh the risks but this is definitely a lot of personal info. And even if they strip your name, then location + time is still fairly identifying (I think a strict reading of their docs means they can share anonymised but not necessarily aggregated, for any purpose!).
posted by JonB at 8:52 PM on April 22, 2019
Best answer: One thing to keep in mind is that, generally, anyone they share your data with will NOT be bound by terms and conditions.
posted by mikek at 10:45 PM on April 22, 2019 [2 favorites]
posted by mikek at 10:45 PM on April 22, 2019 [2 favorites]
I keep my ovuview data local and don't back it up to their cloud. The app doesn't even have an internet access permission on my device. If you switch phones a lot this could be annoying, but I just didn't feel like that was data I needed to leave my possession.
posted by potrzebie at 10:49 PM on April 22, 2019
posted by potrzebie at 10:49 PM on April 22, 2019
Even "anonymized" location data is pretty revealing - the data might not say that it's from "tapir-worf" but it may still show a person who spends the night at tapir-worf's home and the day at tapir-worf's workplace.
You could download it and try excluding it from location access, if you're like me and that would be your biggest concern. Then see if it really cares/complains. (Lots of apps don't.)
posted by Lady Li at 8:26 AM on April 23, 2019
You could download it and try excluding it from location access, if you're like me and that would be your biggest concern. Then see if it really cares/complains. (Lots of apps don't.)
posted by Lady Li at 8:26 AM on April 23, 2019
If you believe them that it’s de-identified, then it’s no longer personal information, imo, and you don’t really have any risk of exposure of personal data that nefarious actors could use against you.
Doing this safely is a hard problem. De-identified data can be re-identified, and it's not that hard if you're a data broker and are able to buy lots of datasets and combine them.
posted by BungaDunga at 8:44 AM on April 23, 2019 [1 favorite]
Doing this safely is a hard problem. De-identified data can be re-identified, and it's not that hard if you're a data broker and are able to buy lots of datasets and combine them.
posted by BungaDunga at 8:44 AM on April 23, 2019 [1 favorite]
Response by poster: @potrzebie, can you still do this with the new update, which got pushed to my phone in the last week or so? I think not really.
posted by tapir-whorf at 9:17 AM on April 23, 2019
posted by tapir-whorf at 9:17 AM on April 23, 2019
Best answer: De-identifying data is hard, and researchers in academia are subject to tremendous oversight and scrutiny to manage human subject privacy correctly. The same regulations simply don't apply to research undertaken for "business practices" in industry. If a company provides an actual detailed data management and privacy plan, that might mean something. But a flat statement that your data will be anonymized, without an explanation of exactly what that means, probably isn't worth the paper it's printed on. Most of us end up sharing our data and hoping the company will do due diligence to avoid bad PR, but I don't think this TOS protects you meaningfully.
posted by biogeo at 10:15 AM on April 23, 2019 [2 favorites]
posted by biogeo at 10:15 AM on April 23, 2019 [2 favorites]
Best answer: Yeah, I think there is probably a broad gulf between what you and I would think is "de-identified" and what the vendor would argue it is. My guess (and it is only that) is that they remove your name, address, and email, but still include location. That means if someone cares and they know the block where you live and the block(s) where you work or go to school or church or some other regular event, they can probably pull your records out easily.
This kind of thing is kind of what the era of corporate surveillance is all about. What we really need are laws to control it, but I am not going to wait underwater breathing through a garden hose for them to get passed (side note: you cannot actually breathe through a garden hose--its volume exceeds the size of your lungs).
posted by Gilgamesh's Chauffeur at 12:15 PM on April 23, 2019 [1 favorite]
This kind of thing is kind of what the era of corporate surveillance is all about. What we really need are laws to control it, but I am not going to wait underwater breathing through a garden hose for them to get passed (side note: you cannot actually breathe through a garden hose--its volume exceeds the size of your lungs).
posted by Gilgamesh's Chauffeur at 12:15 PM on April 23, 2019 [1 favorite]
Mine still says "Local account, not synced" when I open the hamburger menu. I guess they could be lying?
posted by potrzebie at 8:00 PM on April 23, 2019
posted by potrzebie at 8:00 PM on April 23, 2019
This doesn't directly address your question, but is certainly a timely Washington Post article.
posted by eglenner at 5:18 PM on April 24, 2019
posted by eglenner at 5:18 PM on April 24, 2019
This thread is closed to new comments.
Example: this recent research reported on in WaPo uses anonymized and aggregated data from a defunct sleep tracker widget. If everyone is above board* then nobody can tell when you, tapir-worf, went to bed on December 13th, 2012. But, the data on when you went to bed that day aided in research on sleep and time zones. So not a big deal, and perhaps helpful to society.
*They might not be. But then it’s not a question about eula/TOS etc, it’s a question about false advertising, abuse, fraud etc. If you don’t believe what they say, you shouldn’t do business with them. But if you do believe them, this is fine in my book.
posted by SaltySalticid at 7:34 PM on April 22, 2019 [1 favorite]