Palm Pre 'spying' much ado about nothing

Privacy is more or less a thing of the past...

The Palm Pre has made headlines this week after a mobile developer discovered that his Pre was gathering information and 'phoning home' to report details regarding his location, the applications he used, and more.

Any implication that privacy is being violated is virtually guaranteed to spark a passionate response from users, and this Palm Pre story is no exception. The thing is that this 'violation' of privacy is not unique to the Pre and is also more or less standard operating procedure for many technologies today.

Palm responded to the public furor by pointing out that users agreed to allow Palm collect the information in question as a function of accepting the Palm EULA (end-user license agreement) and accepting the terms of Palm's Privacy Policy. The policy clearly states:

When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience.

That is just one example. Throughout the Palm Privacy Policy there are other statements that clearly explain that Palm will collect information under certain circumstances. If you need to troubleshoot or run diagnostics that data will be transmitted to Palm for analysis. If you backup your data your contacts, calendar and other data will be transmitted to Palm.

So, the ominous discovery that Palm is 'spying' on its users is actually nothing more than one user finding out the hard way just what was in that Privacy Policy he agreed to without reading it. Nobody is holding a gun to anyone's head to force them to accept the terms of the Privacy Policy, and Palm has reiterated that it provides users the ability to disable or opt-out of these services as well.

There is a larger issue here as well though. The backlash implies that users were genuinely surprised and offended that Palm might be able to determine where they are at any given moment, or how they use their mobile device. Apparently users consider that to be a heinous violation of privacy. What these users fail to realize is that this type of data is gathered constantly in almost every interaction or transaction they are involved in.

The larger issue of privacy has been addressed in books such as Database Nation by Simson Garfinkel, or Beyond Fear by Bruce Schneier. When you fill your car up with gas and pay with your credit or debit card it provides information- someone can establish exactly where you were at that given time of day. If you purchase a bag of Doritos and a Coke, that information is also collected. When you place a call from your cell phone information is stored regarding which cell your phone is in at that time- more or less pinpointing your general location at that time.

With devices like the Palm Pre or the Apple iPhone and any number of other mobile devices the types and amount of data being collected can be much greater. Apps that help you find your car have to somehow pinpoint the location of your vehicle and your current location in order to connect the dots and return you to your vehicle. Apps that help you find the nearest ATM have to determine where you are and compare it against the database of known ATM's in order to direct you to the nearest one. It is not a 'violation of privacy', it is a tradeoff accepted by users in exchange for tools and utilities that help make their lives easier.

I am not trying to scare people or spread FUD (fear, uncertainty, and doubt) regarding the use of technology. Quite the opposite. I am pointing out- good, bad, or indifferent- that privacy is more or less a thing of the past. You should read the EULA and privacy policy before you agree to them, and you should be aware of how your data is being used and what your options are for controlling access to your data, but ultimately the only way to achieve complete privacy is to shun technology completely and live a Luddite existence in a cabin in the Rockies somewhere.

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at

Join the CSO newsletter!

Error: Please check your email address.

Tags securityPalm Preprivacy

More about ApplePalm

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place