Apptimate | Privacy
archive,category,category-integrity-privacy,category-52,dwpb-push-page,dwpb-allow-close,ajax_fade,page_not_loaded,,select-child-theme-ver-1.0.0,select-theme-ver-4.1,wpb-js-composer js-comp-ver-5.1.1,vc_responsive


EU GDPR: General Data Protection Regulation

The upcoming EU privacy regulation is relevant not only for European organizations but any business looking at Europe because of its extended scope of applicability.

The new European General Data Protection Regulation (GDPR) is expected to lead to a revolution in the privacy world.  It will come into force by mid-2018, but time is short and there’s a lot of changes that must be implemented.

What it is

GDPR entered into force on the 5th of May 2016, and European Union member states must transpose it into their national law by 6th of May 2018.

The Regulation updates and modernizes the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights.

It focuses on:

  • reinforcing individuals’ rights
  • strengthening the EU internal market
  • ensuring stronger enforcement of the rules
  • streamlining international transfers of personal data
  • setting global data protection standards

The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.

Most importantly, it aims at changing the way organizations that operate in the EU or that collect personal data from the Union’s citizens, approach data privacy.

The people, business, organization or other bodies that collect and manage personal data are collectively called “data controllers“. They must all respect EU law when handling the data entrusted to them.

What it means for individuals

Mandatory consent

  • People will have to receive the consent form in an easily accessible and intelligible form, containing the purpose of data processing.
  • They will have the right to withdraw their consent as easily as they gave it, this being particularly relevant for subjects who have given their consent as a child, or were not fully aware of the risks involved by processing.

The right to be forgotten

  • People will also have “The right to be forgotten”, or data erasure, which means that the company processing and holding his data will be obliged to delete it all, including copies.
  • This obligation is extended to third parties that have access to that data.
  • To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that a controller who has made the personal data public should be obliged to inform the controllers which are processing such personal data to erase any links to, or copies or replications of those personal data. In doing so, that controller should take reasonable steps.

Protect private data

  • Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules.
  • Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.
  • Citizens will have the right to be informed about a data breach that affected their personal data in maximum 72 hours from the data holder becoming aware of the breach.


  • Individuals will have the right to access information that contains a list specifying which data is being processed and the purpose of the data collection and management.
  • People will have the right to data portability, which means transmitting their personal data to another data controller.

What it means for companies

Harmonized rules

  • There will be a single set of rules throughout the European Union, which will cut costs of doing business in the EU. They will only have to report to one supervisory body.
  • Companies whose main activity consist of processing data systematically obtained by monitoring data subjects at a large scale or special types of data or data related to criminal activity, will need to have in place a Data Protection Officer (DPO). The DPO will have to respect the internal record keeping requirements.
  • GDPR will have to be respected by both companies that originate from Europe, but, also those offering services to EU citizens.

User data

  • Online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
  • There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
  • Companies will have the legal obligation to inform users in the event of a data breach in maximum 72 hours from the moment they found out.
  • Data controllers will have to provide an electronic copy of all personal data free of charge, at request.
  • At the request of the users, companies must erase all their personal data, stop collecting it and have third parties delete it as well.
  • Also at citizens’ request, data must be transmitted to another entity, at users’ choice.

Security and privacy by design

  • Companies will have to design their systems with privacy in mind, rather than adding them. This mean that they must do all efforts to protect the privacy of their users.
  • Data controllers will hold and process data only if it is absolutely necessary for the completion of their duties.
  • Companies should implement techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymization (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorized can read it) to protect personal data.
  • “Big data” analytics requires anonymised or pseudonymised data.

Substantial fines

  • The maximum fines can go up to 4% of the company’s annual global turnover, or €20 Million, whichever is higher. These are applied in the cases when the data subjects’ rights have been infringed, such as the cases when data has been processed without a legal basis, or cross-border transfers have been performed.

  • Other infringement could attract fines of up to 2% of the annual worldwide turnover or €10 Million, whichever is greater. This is applied for example when companies cannot prove they have adequate security, haven’t appointed a DPO, or haven’t established a data processor agreement.

How to prepare

  1. Put in place an accountability framework that will prove you meet the required standards.
  2. Design your product with security and privacy in mind, not add it later.
  3. Establish clear policies and procedures in the event of a data breach, so you can notify people in time.
  4. Verify your privacy policies and notices, so that it is easy to understand and accessible.
  5. Be prepared for citizens to exercise their newly gained rights, often with unrealistic expectations.
  6. If you are carrying out cross-border data transfers, including intra-group one, make sure you have a legitimate reason for transferring personal data to jurisdictions that don’t have adequate data protection regulations.

Security recommendations for IoT by BITAG

This is an extract of the excellent BITAG report “Internet of Things (IoT) Security and Privacy Recommendations”, published courtesy of BITAG, Broadband Internet Technical Advisory Group.


We highly recommend downloading and reading this report. And, even more importantly, to implement these recommendations, where the Apptimate platform can be a valuable part of your developer toolkit.


The full report can be found here.

BITAG believes the recommendations outlined in this report may help to dramatically improve the security and privacy of IoT devices and minimize the costs associated with collateral damage. In addition, unless the IoT device sector—the sector of the industry that manufactures and distributes these devices—improves device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise that IoT holds.

BITAG recommended several security standards for IoT devices, including timely, automated software updates and password protection. The organization also said there should be more testing of customization options and an implementation of encryption best practices. BITAG also highly recommended allowing IoT devices to function if internet connectivity or the cloud fails, especially in the case of home alarm systems.

In the past few years, many devices now being connected to the Internet are not only personal computers but also a variety of devices embedded with Internet connectivity and functions. This class of devices has generally been described as the Internet of Things (IoT) and has brought with it new security and privacy risks.

Although consumers face general security and privacy threats as a result of any Internet-connected device, the nature of consumer IoT is unique because it can involve non-technical or uninterested consumers; challenging device discovery and inventory on consumer home networks as the number and variety of devices proliferate; negative effects on the Internet access service of both the consumer and others that run on shared network links; and effects on other Internet services when these devices are compromised by malware and become a platform for unwanted data traffic—such as spam and denial of service attacks—which can interfere with the provision of these other services. Importantly, the number and diversity of consumer IoT devices is growing rapidly, and these devices often function autonomously, without human intervention.

Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices. In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.

Potential issues contributing to the lack of privacy and security best practices include: lack of IoT supply chain experience with security and privacy, lack of incentives to develop and deploy updates after the initial sale, lack of secure overthe-network software updates, devices with malware inserted during the manufacturing process, and more.


IoT Devices Should Use Best Current Software Practices

IoT Devices Should Ship with Reasonably Current Software

BITAG recommends that IoT devices should ship to customers or retail outlets with reasonably current software that does not contain severe, known vulnerabilities.


IoT Devices Should Have a Mechanism for Automated, Secure Software Updates

Software bugs should be minimized, but they are inevitable. Thus, it is critical for an IoT device to have a mechanism for automatic, secure software updates.  BITAG recommends that manufacturers of IoT devices or IoT service providers should therefore design their devices and systems based on the assumption that new bugs and vulnerabilities will be discovered over time. They should design systems and processes to ensure the automatic update of IoT device software, without requiring or expecting any type of user action or even user opt-in.


IoT Devices Should Use Strong Authentication by Default

BITAG recommends that IoT devices be secured by default (e.g. password protected) and not use common or easily guessable user names and passwords (e.g., “admin”, “password”).


IoT Device Configurations Should Be Tested and Hardened

Some IoT devices allow a user to customize the behavior of the device. BITAG recommends that manufacturers test the security of each device with a range of possible configurations, as opposed to simply the default configuration.

IoT Devices Should Follow Security & Cryptography Best Practices

Manufacturers should take care to avoid encryption methods, protocols, and key sizes with known weaknesses. Additional encryption best practices include:

  • Encrypt Configuration (Command & Control) Communications By Default
  • Secure Communications To and From IoT Controllers
  • Encrypt Local Storage of Sensitive Data
  • Authenticate Communications, Software Changes, and Requests for Data
  • Use Unique Credentials for Each Device
  • Use Credentials That Can Be Updated
  • Close Unnecessary Ports and Disable Unnecessary Services
  • Use Libraries That Are Actively Maintained and Supported

IoT Devices Should Communicate Securely

IoT Devices Should Be Restrictive Rather Than Permissive in Communicating

When possible, devices should not be reachable via inbound connections by default. IoT devices should not rely on the network firewall alone to restrict communication, as some communication between devices within the home may not traverse the firewall.


IoT Devices Should Continue to Function if Internet Connectivity is Disrupted

BITAG recommends that an IoT device should be able to perform its primary function or functions (e.g., a light switch or a thermostat should continue to function with manual controls), even if it is not connected to the Internet because Internet connectivity may be disrupted due to causes ranging from accidental misconfiguration to intentional attack. IoT devices that have implications for user safety should continue to function under disconnected operation to protect the safety of consumers.


IoT Devices Should Continue to Function If the Cloud Back-End Fails

Many services that depend on or use a cloud back-end can continue to function, even if in a degraded or partially functional state, when connectivity to the cloud back-end is interrupted or the service itself fails.

IoT Devices Should Be Maintained Securely

Manufacturers should support an IoT device throughout the course of its lifespan, from design to the time when a device is retired, including transparency about the timespan over which they plan to provide continued support for a device, and what the consumer should expect from the device’s function at the end of the device’s lifespan.

More detailed recommendations can be found in the report here.

The value of Smart Home data

What’s the value of the data generated in a Smart Home?
And, more importantly, who owns it?

In the same way that a smartphone is not about having smarter phone calls, the Smart Home is not about the connected things. It’s all about the applications that will be derived upon all devices, data, businesses, people, etc.

To answer the question: If you own your house and turn it into a Smart Home then it is quite simple; You own your data. And it will be valuable.

You have all the rights to sell it or trade it to different service providers, like the power, cable or home security company. Maybe you don’t think about that every time you sign a contract for a service, but you should read the small print and see that you get value for your data. Or the service provider might try to generate value from your data without giving anything back to you.

But if you rent your place then things get more complicated.

Now the building itself becomes a hub, connecting the tech of the house with external and internal users, like the power company on the outside and the tenants on the inside.

These connected buildings have some new characteristics:

  • Buildings become self-aware and continuously anticipate and adapt to changes in weather, time of day, occupant needs, and socioeconomics.
  • Buildings will transact with utilities (including electricity, gas, and water), local power sources, and other buildings to provide services that will benefit building owners, utility operators, and the entire community.
  • Buildings will minimize their life-cycle cost while meeting their objective functions through optimizing energy and water use, enhancing health and the productivity of occupants, contributing to a cleaner environment, and actively supporting better living.

The important, but complicating, thing is that this is not a Big Data solution by default, as many early initiatives assume. Not one big central IoT platform that controls everything. This is because of many different data owners. The tenants own their data about their family and usage of their apartment and it’s connected appliances, home networks, TVs, etc., and this has data must be managed in a secure and privacy-protected way, or it will be impossible to lease those flats. Think of the landlord installing cameras in the shower… Privacy and security issues here is literally very close to home.

Next is the owner of the building. They have two assets generating valuable data, the sensors and tech of the building and the data about their tenants, probably anonymized and processed for statistics. This value will not be given away. It will be sold. These buildings will all be players in a new assets trading market for realtime data. Even if it is just to have a reduction on the power bill, it will be an asset that can be traded.

And so on…

All the participants in the Internet of Buildings, as a subset of smart city, smart home, smart predictive maintenance, smart grid, etc will be smart enough to realize the value in owning, controlling and capitalize upon their data.

Or some smart IoT entrepreneurs will take that position in the market like an AirBnB or Uber service for data.

An Internet of Things Guide to Smart Home Technology

This is a guest post from Alyson Gines of the Application Developers Alliance.


In the words of co-founder Fredrik Beckman, the Internet of Things (IoT) is an evolution, not a revolution. As cars, homes, and streets become more connected, it is vital for important issues—like privacy and security—to be considered at every step of development.

Developers need to understand the importance of data: how to use it, as well as how to protect it. In a survey conducted amongst 1,000 consumers in the United States, more than half believe home automation will be commonplace in less than 10 years from now. Nearly one-fourth is optimistic that technology will be an everyday feature in less than five years. Additionally, safety and security was voted in the survey as one of the top two necessary considerations for the adoption of smart home automation systems.

What does this mean for developers? Customers not only intend to have connected homes in the near future, but they also expect developers to design apps and systems that protect the user’s data. Privacy and security will be the deciding factor in which system, app, or device a consumer purchases, ultimately determining the success (or lack thereof) of a business or developer.

As an experienced leader in data privacy, Beckman commented, “Developers should be selective in what data and what control is provided to different users. Consider making data as anonymous as possible to protect customer privacy.” Even governments are insisting developers make the rules for security in IoT. A report from the Federal Trade Commission in the U.S. declared the industry itself should implement strong privacy and security practices from the outset, rather than being regulated down the line.

As global awareness of IoT grows, it is important for developers to understand how to best assist and protect the consumer. Security and privacy should be at the forefront of decision making while building a more connected future. For further insights into the issues and incredible potential of IoT, download Home Automation: An Internet of Things Guide to Smart Home Technology.

IoT and the exploding need for security

Source: IDC Government Insights.2013

We are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device – cloud – app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But this openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take a recent hack like the Sony Entertainment hack; it was, of course, devastating for the company, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.

PingPal Crypto released!

PingPal is designed from bottom up for secure messaging. Everything we create is there to ensure security, privacy and effectiveness in mobile user communication.

The founding elements are anonymization of users (we don’t know who they are, but the app owner might very well know) and no storing of data on our servers. No data stored means less risk of anyone accessing that data.

However, we have queuing mechanisms to ensure persistent connections. In theory that data could be “sniffed” through a security breach or code injection. To prevent that we now offer an extra security layer on top of the communication, RSA 2048-bit keys, military grade, encryption. Unique crypto keys are stored in the user devices without access by anyone but the app user, meaning that not even we at PingPal can decrypt and read the data.


SDK for iOS available now. Android is due in a few days.

So, now it’s time to start developing those secure apps!

IT security company Norse maps the global cyberwar in real-time

You’ve probably heard that the next generation of war will be played out on the digital battlefield, and how China and the U.S. are already fighting with more or less discreet cyber weapons. But it can be hard to see how it really looks like if you are not an expert.

Now, the Norwegian security company Norse has launched a map that shows cyber-attacks in real time, who is attacking whom, and the methods used. The data is retrieved from Norses own servers and is not based on any “real” data from the Pentagon or Google. Their website has information about how they collect the data, but the technical details are pretty sparse.

Sometimes you can see a large explosion of coordinated attacks from China against the United States. Many hacks have also originated from the United States, but their goals are much more varied, and are not coordinated on a single target that attacks from China.

N.B. The information from the map should be taken with a grain of salt, but may be interesting for those who want to gain a greater understanding about the invisible cyber war around us.

And most of all, it’s really cool: Take a Look!

iOS vs Android: Which is more of a security threat for the enterprise?

An interesting report from Marble Research has created a bit of debate on the internet. See for instance this article at ZdNet:

This report has looked at various risks that the users of the two platforms may face. “Neither iOS or Android is more secure or less secure than the other. The risk among companies who allow their employees to use their own devices (BYOD) run the same risks, whether they are running iOS or Android”, writes Marble Security in its report.

iOS users with non jailbreaked devices can only download apps from the Apple App store, where Apple rigorously reviews all apps before they are approved.

Android users, on the other hand, have the ability to download apps from a variety of sources outside of Google Play, making it harder to control security.

Apple’s strict rules for the apps that get published on the App store, gives iOS an upper hand as compared to Android. But there are still ways for an attacker to steal information from iOS devices. One such risk is the possibility to send a configuration file to a iOS device via a malicious web page. The user can be tricked into installing the configuration file, which enables further attacks. This is something we have taken into account and prevented in the PingPal service by the Encryption Manager release coming soon.

The entire report can be downloaded at Marble Security website (pdf).

The Era of Facebook is an Anomaly

An interesting quote by Sarah Boyd, keynote speaker at SXSW. She continues:

sarah.boyd.sxsw.thevergeThe era of Facebook is an anomaly. The idea of everybody going to one site is just weird. Give me one other part of history where everybody shows up to the same social space. Fragmentation is a more natural state of being. Is your social dynamic interest-driven or is it friendship-driven? Are you going there because there’s this place where other folks are really into anime, or is this the place you’re going because it’s where your pals from school are hanging out? That first [question] is a driving function.

There was this one teen girl I talked to, a total One Direction fan. Twitter was her One Direction space. What that meant was that her friends all knew about her Twitter account, but they weren’t into One Direction, so they weren’t on Twitter with her. But they all were on Instagram together because that was a fun place where they were sharing photos. And what she was sharing on Instagram was not about One Direction because that just wasn’t the place for it. Meanwhile, they were also doing crazy things on Tumblr, where they were part of a little maker community.

Whereas in the Facebook era, you have to balance all these audiences simultaneously. You’re saying, “Are you going to get angry with me because I posted about One Direction? Are you going to think I’m lame because I’m posting this maker stuff?” Where does this fit? And I think that’s a lot of the reason why when you start to fragment your audience, you start to think about what you’re looking for, you’ll go to different spaces, and it parallels what we do as adults. You go to different bars when you’re in the mood for different things. You see different people when you want to go listen to music or when you just want to have a quiet drink with a couple of friends.

Read the full interview on The Verge.

But the implications of what she states are quite interesting for the mobile apps of today. Facebook bought WhatsApp for a silly amount of money. Why? For the users? If Sarah Boyd is right users come and go depending on where friends and interest groups are. There will be no single platform or messaging app, or any other community for that matter. Social media fragmentation is the natural state of things. Kids want to hang where their parents can’t hear them and so on.

So if you are a business it will be difficult (or impossible) to cover all the channels that your customers and market uses. Both when it comes to marketing and to customer interaction, sales and support. The important step to take to adapt to this real world should be to refocus on your own attractiveness in your messages and customer relation not on the different platforms. If you can get a long term relationship on your own terms and build a specific community around your brand you will have a healthy business.

I believe that the possibilities of integrated web and mobile apps are a big piece of the puzzle. Offer practical value to attract customers and add stickiness to your offer. The Starbucks app in development is a great example of that extra convenience that makes people loyal.

It get really interesting when you actually start communicating with the users of your app or web service, when they feel the presence of your service and when they start developing trust using your service. They must feel that you do not misuse their conversation by slamming ads in their face. Be very, very careful in protecting their privacy. And it’s here that the ephemeral communication mechanisms become so important.

Take for instance the case of delivering something to you, and not your home address. The user must trust that the position sharing needed for this to happen must be anonymized and temporary to trust your service. Be very clear in describing how everything evaporates after the delivery.

I believe selling on Facebook is taking the popular but wrong path. Do marketing there, of course, but try to keep the selling to your web site. Don’t fall for the latest craze or service. Users will come and go and they will probably already have left before you have finalized your tactics and set up all the technology. Focus instead on a long term strategy on your own home place, your web site, shop and mobile apps as extensions, to build your attractiveness. But of course use the popular services for marketing.

No rocket science, the word of today is “content marketing” and what can be more “content” actually providing a premium experience for you customers and leads?

Cross-device tracking for targeted ads reaches new heights – or lows?

Facebook: The privacy saga continuesWe are all aware that Facebook and others track your behavior and displays targeted ads. This also happens disregarding the device, for instance if you like a brand you will receive targeted ads with related products on your web browser or your Facebook app in your phone. This is really nothing strange since you use the same Facebook account on any device.

Now things are becoming even more creepy and intrusive.

Targeted ads specialists Drawbridge has released a new advertising platform that sends cookies to various devices in the same area. By using complicated mathematical analysis of patterns of behavior through those cookies on multiple devices, it matches a user of a particular device to a user of a particular computer. The system doesn’t need any personal data or log-ins; it develops its assumptions based on anonymized data such as IP addresses and geolocation and using machine learning. So, it can predict with a high-degree of confidence that the girl playing Angry Birds on her iPad in that café down the road is the same girl who bought a pair of shoes using her laptop earlier in the day and begins a targeted ads campaign.

Drawbridge says that it has now matched over 450 million devices.

The company claims that it is not invading privacy since they “do not access personally identifiable data, like accounts, messages, address, etc.” They have also partnered with TRUSTe and ” offers the ad choices preference manager (an industry first) on all in-application banner inventory. The user can therefore not only opt out on their desktop or laptop device, but also can do the same on their mobile devices”.
But, where will this targeted advertising end? When Pandora’s box has been opened who knows how it might be misused. I, for one, is not interested in being bombarded with ads and messages disregarding how “relevant” or not they might be. I pay for the data traffic to my cell phone and I am not interested in paying to receive ads. Period. And my personal data is not for anyone to use however they like. I might be willing to trade some of it for something in return, but that something is not ads wherever I go.

GDIF 2011 - 08

We at PingPal believe that the end-user will get fed up with ads. Especially ads bombarding them in their most personal device, their phone. If we are right, this path of mobile marketing is more than a dead end. The advertisers brand will actually be more damaged than strengthen by mobile advertising. So what to do to build your brand and sell your products? Use apps to build a positive relationship and long-term dialog with customers and prospects, not choking them with one-way megaphone marketing of the old days!

Facebook wants to track you even when you are not logged on

See where your friends are and which of your contacts are nearby. This is the excuse to get Facebook users to use the new app, scheduled to be released in mid-March, writes The difference to the existing functions – where you can check in at various locations and show where you are when you send a message or update your status – is to that now you will be tracked even when you are not logged on.

The new Facebook will track you. Use a PingPal app for privacy protected positioning.But the new app is not only for members to keep track of their friends. For Facebook, the new service will be a real gold mine where they can sell more precise information to different advertisers about user movements and how their daily routines looks like.

Because of Facebook’s current user policy for mobile data, the new service is launched and put into use without the need for direct permission from the user. The User Agreement already states that the company collects information about members using among other things a GPS to tell you and your friends about people and events in the neighborhood, or to tell you about deals you might be interested in. Facebook may also collect information about users in order to offer ads that are more relevant.

Regulatory authorities in U.S. and Europe have already criticized Facebook for not keeping users personal information private enough, but so far, the company’s spokesman Derick Mains declined to give a comment.

Worth mentioning though is that Apple and Google already have similar tools for continuously keeping tabs on user whereabouts, so they are not any better.

So an obvious solution is just denying these kind of apps or turning off the GPS all together. But there are situations when you really want to keep track of someone, like parents with wild kids or elderly senile people with worried family members. Or even outdoor geeks pushing the limits…

In those cases I suggest (surprise!) you use a PingPal based app.


Drones for good and for bad

When I read “drone” I automatically associate with silent flying unmanned airplanes with missiles killing people.

Bad association! Now we can start making good associations instead! A Danish start-up company has developed the LifeDrone.

LifeDroneThe drone is primarily intended to save people from drowning. When you see the person in need you pick up the LifeDrone and throw it into air.It will automatically start its engines and start flying. You will then point on the person with a laser beam using a Wii-remoteish control and the drone will follow the beam. Attached to the belly of the drone is one or two life vests which will be dropped and inflate when hitting the water. Neat!

The inventor, Carsten Elkjær, has more ideas (as all inventors). Apparently he is into video games, because in the next version he will use Kintect-technology so the LifeDrone can locate a person by itself. Cool. And the life vests under the belly can be swapped for IR-cameras to for instance find missing persons.

I will buy one to follow me in the slope and get some really good clips from the air. Just kidding.

Read more:


—Cheers, Andy

‘Stalking apps’ could be banned in US

We at PingPal strongly believe that your position is your business. No one else’s.  That is why we have developed our cloud based positioning service that handles positioning as a dialog between two people and their smartphones; “Where are you?” – “Here I am!”. The person asked should always be in control of who could ask and when it is appropriate to ask. 

Sometimes it is a good thing that the phone gives its position automatically, for instance when you are doing something fun like downhill skiing, where there’s a risk that you might crash and get injured. PingPal then let you set the phone into automatic answering those that you allow to ping you.

But most other positioning services don’t share our concern for your privacy. They track you constantly and that could be misused to stalk you or your kids, or used for unwanted marketing purposes. This has been identified by a US politician campaigning for tighter restrictions on location tracking via mobile devices, and this bill has been approved by a Senate committee. Yay!

The Location Privacy Protection Act would require apps to get customers’ permission before collecting location data or sharing it with third-parties. It would also outlaw apps from collecting or sharing location data without the consent of the owner. They would have to start working like all PingPal-based apps already do.

“I believe that Americans have the fundamental right to control who can track their location, and whether or not that information can be given to third parties,” Senator Franken told The Hill’s technology blog.

“But right now, companies – some legitimate, some sleazy – are collecting your or your child’s location and selling it to ad companies or who knows who else.”

We salute you and hope that the United States Congress passes this new legislation.

Apple’s iOS 6 is tracking iPhone users again

Apple recently released the latest version of their mobile OS, iOS 6, with some of it features coming under criticism like Apple Maps, it would appear that there is another feature in iOS 6 that some people are not to happy about. According to a recent report by Business Insider, Apple’s iOS 6 has started tracking iPhone users again, this is something that happened in the past, but apple stopped developers tracking users via the UDID.

iOS 6 is apparently using something called IFA or ‘Identifier For Advertisers’, to track iPhone users.  The number is created randomly and then anonymously assigned to your phone or tablet which is a quite good mechanism to protect your privacy while still allowing for targeted ads. Your surfing is tracked and used for displaying appropriate advertisements to you based on your surfing history. For example if you have visited a lot of sport sites you will be served with ads for sporting goods,  but the system never knows who YOU are. 

Targeted ads are important to app developers in general, even if we at PingPal doesn’t use it. There is no such thing as a free lunch, or app, and the market price of close to zero on apps is largely financed by ads.

However, what has been upsetting privacy advocates is that the tracking feature is turned ON by default.

Stop iOS6 IFA trackingIFA can be switched off, but the setting  isn’t where you’d perhaps first expect. Rather than being part of the Privacy options, it’s under General > About > Advertising, and labeled “Limit Ad Tracking”; for IFA to be deactivated, the switch must – arguably counter-intuitively – be set to “on” rather than “off.”

The terms and conditions specify that even when IFA tracking is OFF, app developers still get access to the ID, but we are only allowed to use it for some specific purposes like conversion tracking to manage marketing campaigns, and fraud detection for preventing fake clicks. We are not allowed to use it to create profiles and we are absolutely not allowed to divulge the information to third parties.

To opt out of advertisements from Apple’s network (but not other ad networks), access this link from your iOS device while logged into your iTunes account. This will not stop the flow of ads, only that these ads will not be specifically targeted, and Apple will not use or sell data harvested by the software.

Why privacy in positioning services is so important

Cult of Mac published an article for an app for iOS called Girls Around Me, which essentially displays the public check-ins and profiles of girls around you. It could easily be confused for a new dating service but no, it really is just a way for guys to creep on nearby girls who have failed to lock down their info.

This is just one in line of apps and services that can be misused for stalking and other shady business, and it is important that media highlights this kind of problems. People just seems too lazy to update their (ever changing) privacy settings.

Since Cult of Mac published it’s article Foursquare has killed Girls Around Me’s API access to their data, effectively knocking the app out of commission. Also Girls Around Me has been thrown out of the iOS App Store.

So there is still hope, but “never share your position with anyone except the ones you agree with” is still one of PingPal’s mantras.

US Supreme Court: GPS Tracking Is Illegal Without Warrant

Not only we at PingPal takes personal integrity seriously. So does the US Supreme Court.

In the decision, the court found that GPS tracking qualifies as “search” under the 4th Amendment, and therefore it requires a warrant for the police to use.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

This is a first step to protect people from being tracked with GPS. Wonder how this will implicate other tracking services like FourSquare? Yes you do consent to share your whereabouts publicly but what happens when this is being used by others than your friends for other purposes than FourSquare services?

No one can track anyone with PingPal besides the pals you have in your list. No history is stored anywhere besides in your own handset. [intlink id=”114″ type=”page”]Your location is your business.[/intlink]