Hacker News new | past | comments | ask | show | jobs | submit login

So often these things happen with the best of intentions. We use OS level geofencing support in our mobile apps at work to provide some functionality to customers, and have been looking at providers of better support for that recently to try and work round some problems.

During a call someone mentioned they were looking at a provider who provides a full location history for debugging purposes, which was being looked on favourably (who doesn't want better debugging?) until I stepped in and pointed out we don't want to be anywhere near a full precise location history for our users. It provides basically no benefit to us other than debugging being a bit easier, and the massive risk that if someone's account for this service is compromised they've potentially facilitated stalking our users.




The third party doctrine in the US also means that this data is accessible without a warrant from the provider, if the provider turns it over on a request. The fact that it's your location doesn't matter, it's the provider's data to do with as they wish (including rat you out to police fishing expeditions) if they feel like it.

Then again, anyone who has location services on systemwide on an iOS or Android device is sending this log to Apple/Google anyway (because location services transmits all of the visible Wi-Fi APs to Apple/Google to improve location).

https://en.wikipedia.org/wiki/Third-party_doctrine


Also, the data can be retroactively collected with a warrant, even if it would have been illegal for the police to obtain the data themselves.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: