Marco.org

I’m : a programmer, writer, podcaster, geek, and coffee enthusiast.

Privacy and incentives

The reason everyone’s up in arms about the iPhone’s location database, I think, isn’t that the data is particularly incriminating or embarrassing for most people. Rather, we’ve simply been reminded quite how much of our lives these convenient pocket computers are privy to.

People would be similarly freaked out, if not more so, if they saw how much Facebook and Google know about them. But there are two major differences.

Most of what your iPhone knows about you is stored on your iPhone — a device in your physical possession that you can quickly wipe locally or remotely at any time — and, as far as we know, is not transmitted to Apple or anyone else. To access your private data, a snoop or government would need physical access to your phone.

Web services store the data themselves, outside of your control, and can keep it forever. They can access your “private” data whenever they want, and they can aggregate everyone else’s data to deduce even more about you (and everyone else) than what you thought they knew. A security breach — or a lucrative business deal — can expose the private data of thousands or millions of people at once, and law enforcement agencies can usually get whatever information they want extremely easily because it’s not worth most services’ time or money to argue with them.

The other major difference is incentive. Apple makes money selling people devices. With the exception of iAd, which seems like a very minor part of their business (that isn’t doing very well), they can’t gain much by collecting, storing, or selling your data.

Google, Facebook, and most other web services make money overwhelmingly from advertising. Advertising can be far more lucrative when it’s targeted well, so there’s a huge incentive for these services to collect as much data about you as possible, store it forever, and indirectly sell it to advertisers by selling targeted services and “eyeballs” to them.

Apple needs to keep making devices that people want to buy, and they have historically shown great respect for their customers’ privacy.

Advertising-backed web services must get large numbers of users and collect as much data about them as possible to add value for their customers, the advertisers.

So it’s easy for me to believe the likely explanation that this location database is simply a cache that’s never culled due to an oversight or bug, and it’s frustrating that so few people put nearly this much scrutiny on the web services that they’re using every day.