pyehouse
5Sep/110

Microsoft Is Watching You

The Guardian is reporting that a lawsuit was filed last Wednesday claiming Microsoft is tracking users of Windows Phone 7 devices even in situations when location information was purportedly disabled. In the article, and in the ensuing discussion about the case, Apple's name was inevitably dragged into the fray, focusing on the hubbub that was brought forth in April concerning the 'consolidated.db' file which stored timestamped latitude/longitude values, sometimes as far back as a year. As Josh Halliday at The Guardian puts it:

The lawsuit follows mounting concern about how technology giants, including Apple and Google, record users' private data. Microsoft, Nokia, Apple and Google were called before the US Congress in April to explain their privacy policies after security researchers uncovered hidden location-tracking software in iPhones. Google Android phones were subsequently found to gather location data, but required users' explicit permission.

There's nothing inherently flawed with the quote above. Yes, there was concern about the possibility of tracking by several large companies. Yes the aforementioned companies were called before Congress. But no further mention is made of how Apple closed things out. And I imagine things will be a bit different with Microsoft.

To begin with, Microsoft's declaration in their letter to Congress reads similarly to Apple's press release with regard to what each company states they collect. Essentially they both claim to only track approximate location in order to provide a better user experience. In both cases, a small portion of the entire database of known Wi-Fi and cell tower locations is sent to the phone in order to be prepared to quickly obtain a more precise GPS based location on demand. Both companies also state that they honor the disabling of location services by disallowing the dissemination of this information to apps on the device which make a location request.

The differences begin with how the outcry started in each case. For Apple, the existence of the database had long been known by those technically savvy enough to snoop around the iPhone's internals and figure out what they were looking at. It wasn't until Alasdair Allan and Pete Warden revealed an open source utility to fetch the database for your viewing pleasure that things were sent into damage control. Shortly thereafter, Apple issued their press release which stated, among other things:

7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?  
It shouldn’t. This is a bug, which we plan to fix shortly (see Software Update section below).

It further added:

Software Update 
Sometime in the next few weeks Apple will release a free iOS software update that:

    • reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
    • ceases backing up this cache, and
    • deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

That was it for Apple. They would issue a free update that would cease even grabbing the cached data if you disabled location tracking, reduce the amount of cached data retained, cease backing it up if you did retain it, and delete the cache entirely if you disabled location tracking. Moreover, the next major iOS release encrypted it locally when it was stored. There were never any accusations of tomfoolery on Apple's part.

In Microsoft's case, the first sounding of the gong is the result of a lawsuit filed in Microsoft's own backyard so to speak. Not simply an indication of something a techie found that was subsequently addressed but rather someone essentially throwing down with them. Of course, frivolous lawsuit are filed all the time, but I don't see any advantage to be had here unless there is some truth to it. Even so, it's an interesting distinction in terms of how the starting gun sounded.

So now we're waiting to hear from Microsoft, to get their side of the story. Apple took 7 days to complete their response, and I imagine some of that time was spent with engineering, looking for the bug they spoke of. There was, I'm sure, time spent mulling over release dates, etc. We're still within the same 7 day mark for Microsoft's response, and they have at least indicated they will be responding though I figure that was a given. I wonder if they'll admit it was a problem and indicate how they'll be fixing it, or if they'll take a more defensive posture. I'm guessing the latter. Regardless, I'll be getting the popcorn and pulling up a chair. This ought to be interesting.