Mobile apps and kids
The cover of the FTC's report warning of the lack of privacy disclosures on mobile apps for kids. It found that mobile apps aimed at kids often don't spell out data collection and sharing practices.
Path triggered a controversy when it was caught uploading and storing user address book data onto its servers without permission. But while the app maker caught the most flak, the practice was found to be more widespread than thought. The ensuing uproar forced Apple to finally do what it should have done years ago: enforce its address-book protection policy. Apple said that apps collecting user contact lists without permission are in violation of its app guidelines, and that a software fix is on the way to keep that from happening.
The European Union is not happy that Google intends to share user information across all of its services. It wants Google to hold off until the privacy implications can be analyzed, but Google is standing its ground.
Carrier IQ came under fire in 2011 for making software that some carriers--including AT&T, Sprint, and T-Mobile--use to gather data from phones that can be used to diagnose problems with the network.
Facebook news feed
In 2006, still relatively unknown Facebook rolled out a news feed without privacy options. Still learning the ropes, CEO Mark Zuckerberg announced new privacy options that let users click a few buttons to control which updates to their profiles, friends lists and photo galleries would henceforward appear. "We really messed this one up," Zuckerberg wrote in an open letter to Facebook users. It wouldn't be the last time.
They thought it was a good idea at the time. Really. But Beacon was be an ill-fated advertising program that shared information about users' information on third-party partner sites in Facebook news feeds. At first it hoped that modifying Beacon would appease privacy advocates. The criticism only grew more intense. Eventually, Facebook killed off the program.
School spies on its own student
A school district in Pennsylvania was found to have secretly capture screenshots and webcom shots taken of students in their homes in what became known as "webcam-gate." Attorneys for 15-year-old Blake Robbins and his family claimed that thousands of images were taken by the laptop webcams. Included in these were, according to the motion, "pictures of Blake partially undressed and of Blake sleeping." Also, images of Web sites visited and snapshots of their instant messages were also allegedly captured.
The Lower Merion School District's board of directors said in a statement today that it will pay $175,000 to plaintiff Blake Robbins and $10,000 to plaintiff Jalil Hassan. An additional $425,000 will be paid out to cover the plaintiffs' legal fees.
TSA body scans leak
In late 2010, Gizmodo gained access to full body scans taken at a courthouse in Orlando, FL, with a machine widely used by the TSA at airports nationwide. As our sister site SmartPlanet observed at the time, the episode spotlighted "the barrier between the internet and potentially revealing photos of you--or your family--is as thin as a single employee in an agency of tens of thousands is deeply worrying even if, on their own, today's images aren't."
In May 2010 Google admitted that its Street View cars had collected unencrypted browser info from users. Google said it was a mistake and apologized. "In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data," Google said, "A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software -- although the project leaders did not want, and had no intention of using, payload data." Google's then CEO put it bluntly: The company had screwed up.
In April 2011, the Wall Street Journal reported that iPhones and Android smartphones were transmitting locations to Apple and Google as part of projects to build out databases for location-based services. The companies downplayed the potential for misuse, but privacy advocates argued that if you can link a person's address with their activity, it's personal data.
Sony PlayStation Network
Sony PlayStation Network suffered a security breach in April 2011 that led to the theft of personal information belonging to as many as 100 million user accounts.
Safari privacy settings get picked by Google
Google and other ad companies have been using special code to sidestep privacy settings in Apple's Safari browser and track Web users on desktop computers and the iPhone, according to the Wall Street Journal. Google took issue with the WSJ's characterization, stressing "that these advertising cookies do not collect personal information." Either way, it reignited the always simmering chatter in the blogosphere about user privacy.