[bb10adopter111]

The second part is irrelevant.

As far as the amount collected, you are making an arbitrary line in the sand.

It's not irrelevant at all, from a privacy standpoint. There is a huge difference between collecting user telemetry for the purposes of product development and internal resource allocation and collecting data to be aggregated and sold as payment for providing free services.

This is true for Google and BlackBerry, so long as the user has the CHOICE of whether or not to provide the telemetry data. From a security and privacy standpoint the sending of telemetry must be voluntary.

I believe that it is voluntary for BlackBerry Hub and for G-suite, as it is for Microsoft Windows. I may be wrong, but I think I had the option of opting out of sending telemetry data to BlackBerry when I set up my phone. Certainly, that is the industry standard.

Google (and other "personal data for services" businesses) don't offer an opt out for the collection and resale of other user data because that is their business model. So, in that case the user has the option to not use those free services.

If it's impossible to opt out of telemetry on BlackBerry's Hub then I agree that it's problematic, in terms of privacy and security.

But in terms of personal choice, I believe there is a profound difference between choosing to send telemetry data to be used only by the product team and allowing a company to monetize my information. It the first case, I benefit directly if the service is improved as a result of the data collected. In the second, the company is "hiding the ball" from.most consumers about the price they pay in terms of personal data for their "free" services.

This isn't about BlackBerry or Google being "evil." It's about consumer choice and transparency.

Posted with my trusty Z10

[conite]

It's not irrelevant at all, from a privacy standpoint. There is a huge difference between collecting user telemetry for the purposes of product development and internal resource allocation and collecting data to be aggregated and sold as payment for providing free services.

This is true for Google and BlackBerry, so long as the user has the CHOICE of whether or not to provide the telemetry data. From a security and privacy standpoint the sending of telemetry must be voluntary.

I believe that it is voluntary for BlackBerry Hub and for G-suite, as it is for Microsoft Windows. I may be wrong, but I think I had the option of opting out of sending telemetry data to BlackBerry when I set up my phone. Certainly, that is the industry standard.

Google (and other "personal data for services" businesses) don't offer an opt out for the collection and resale of other user data because that is their business model. So, in that case the user has the option to not use those free services.

If it's impossible to opt out of telemetry on BlackBerry's Hub then I agree that it's problematic, in terms of privacy and security.

But in terms of personal choice, I believe there is a profound difference between choosing to send telemetry data to be used only by the product team and allowing a company to monetize my information. It the first case, I benefit directly if the service is improved as a result of the data collected. In the second, the company is "hiding the ball" from.most consumers about the price they pay in terms of personal data for their "free" services.

This isn't about BlackBerry or Google being "evil." It's about consumer choice and transparency.

Posted with my trusty Z10

You can't opt out of the Blackberry data collection.

The concern is the very existence of a repository of personal information that could theoretically be hacked. I don't believe that the further step of aggregating and selling some of that information materially adds to that risk, as that data is already being heavily manipulated for the purposes of improving quality of services.

[bb10adopter111]

You can't opt out of the Blackberry data collection.

The concern is the very existence of a repository of personal information that could theoretically be hacked. I don't believe that the further step of aggregating and selling some of that information materially adds another layer of risk.

I agree with you, 100%, from a security standpoint. If there is a repository, no matter how well secured, it materially increases risk.

I confirmed that there IS a setting to disallow the collection of telemetry data FROM THE WORK PROFILE in BlackBerry UEM. So, this may be another case where enterprises can secure themselves in a way that consumers cannot.

http://support.blackberry.com/kb/art...language=en_US

From a privacy standpoint, it still matters A LOT to me how the data I provide is used.

Posted with my trusty Z10

[conite]

From a privacy standpoint, it still matters A LOT to me how the data I provide is used.

Posted with my trusty Z10

I don't see why it would. The personal information never leaves Google's Black Box.

Third parties only get non identifiable aggregate information.

[bb10adopter111]

I don't see why it would. The personal information never leaves Google's Black Box.

Privacy means that users choose who can use their data and for what purposes. Just like a nude selfie, there's a difference between me allowing friends to see it and for it to be shared across the Internet, even if my face is blurred out. If I'm allowed to select which marketers can use my aggregated data, then my privacy concerns would end.

Of course, if I actually took and posted a nude selfie, it would break the Internet, in that no one would use it for fear of seeing the photo!

Posted with my trusty Z10

[conite]

Privacy means that users choose who can use their data and for what purposes. Just like a nude selfie, there's a difference between me allowing friends to see it and for it to be shared across the Internet, even if my face is blurred out. If I'm allowed to select which marketers can use my aggregated data, then my privacy concerns would end.

Of course, if I actually took and posted a nude selfie, it would break the Internet, in that no one would use it for fear of seeing the photo!

Posted with my trusty Z10

But you are only allowing Google to collect private information. No one else gets it.

What I'm saying is that providing aggregate information to third parties adds no more risk than the processing of your information to improve your services.

This brings us back to my original post.

[bb10adopter111]

But you are only allowing Google to collect private information. No one else gets it.

What I'm saying is that providing aggregate information to third parties adds no more risk than the processing of your information to improve your services.

This brings us back to my original post.

I think we're talking about two different things now: risk vs. privacy. They are often closely related, but there is still a difference. One of the key principles of Privacy is that individuals choose who has permission to use their data and for what purpose, whether or not it's aggregated and anonymized.

I choose not to use Google's free services because by doing so, I give up too much privacy for too little benefit. But, from a privacy standpoint, I am comfortable providing telemetry data to GSuite, BlackBerry Hub, Microsoft Windows, and even Android, so long as it's used only by the agreed upon users and for the agreed upon purpose.

From a security standpoint, such data repositories increase risk, just as you've explained. From a privacy standpoint the repository is not the issue. The USE of the information, whether it includes PID or not, is the issue. Privacy is entirely about choice and control.

Of course, if the repository is hacked (a security risk), then my privacy may also be compromised, so.i have to decide if I trust the organization to secure my data, even if I'm willing to share it with them.

Posted with my trusty Z10

[conite]

I think we're talking about two different things now: risk vs. privacy. They are often closely related, but there is still a difference. One of the key principles of Privacy is that individuals choose who has permission to use their data and for what purpose, whether or not it's aggregated and anonymized.

I choose not to use Google's free services because by doing so, I give up too much privacy for too little benefit. But, from a privacy standpoint, I am comfortable providing telemetry data to GSuite, BlackBerry Hub, Microsoft Windows, and even Android, so long as it's used only by the agreed upon users and for the agreed upon purpose.

From a security standpoint, such data repositories increase risk, just as you've explained. From a privacy standpoint the repository is not the issue. The USE of the information, whether it includes PID or not, is the issue. Privacy is entirely about choice and control.

Of course, if the repository is hacked (a security risk), then my privacy may also be compromised, so.i have to decide if I trust the organization to secure my data, even if I'm willing to share it with them.

Posted with my trusty Z10

I think we're discussing different things.

Google and BlackBerry are collecting private information. We can't stop that.

Google and BlackBerry are using the information to improve their services. We can't stop that.

Google uses the information to provide aggregate non-personal info to third parties. I'm saying this single additional step does not materially add to either privacy or security risk.

[bb10adopter111]

I think we're discussing different things.

Google and BlackBerry are collecting private information. We can't stop that.

Google and BlackBerry are using the information to improve their services. We can't stop that.

Google uses the information to provide aggregate non-personal info to third parties. I'm saying this single additional step does not materially add to either privacy or security risk.

And I'm arguing, with considerable support from privacy experts and organizations that you're correct about everything EXCEPT privacy. That's because the very definition of privacy is that users should know and choose with whom their data is shared, EVEN IF it's been aggregated. The lack of transparency about how aggregate data is used by Google and other software companies is the issue.

https://www.gartner.com/doc/323523/a...y-battleground

Posted with my trusty Z10

[conite]

EVEN IF it's been aggregated.

Ok. Here's our sticky point. We are in agreement about everything else.

[bb10adopter111]

Ok. Here's our sticky point. We are in agreement about everything else.

Glad that's settled! :-)

That item is worthy of a separate discussion.

Posted with my trusty Z10

[Chuck Finley69]

Glad that's settled! :-)

That item is worthy of a separate discussion.

Posted with my trusty Z10

I'd like to see that. I'm the non-techie guy that barely understands 3/4 of what you two exchanged back there.

However, since I respect you two (amongst others) pretty well, consider starting up that discussion at some point. It's how us non-techies learn....

Really, thanks guys.....

[Invictus0]

You can't opt out of the Blackberry data collection.

I don't think we have enough data to say that yet. BB Android has an option to disable telemetry and diagnostics info but we don't if basic info is still being sent. Similarly, it's possible that Hub+ services on regular Android isn't sending telemetry data for subscribers. I think we need more users to perform some of the tests that have been mentioned (or ideally, someone at BlackBerry to chime in).

As a general point, there's a difference between telemetry data (both what it's for and how it can actually be used) and data collection for the purposes of selling ads. Telemetry data isn't very useful for ad buyers and it tells you almost nothing about the user for targeting purposes (at best, a developer might be able to look at it and say "hey, lets put an ad here in our next update").

[conite]

Telemetry data isn't very useful for ad buyers and it tells you almost nothing about the user for targeting purposes (at best, a developer might be able to look at it and say "hey, lets put an ad here in our next update").

But aggregate data tells a third party absolutely nothing about you either. You are just an anonymous data point. The targeting of the ads happen within Google's servers.

[bb10adopter111]

But aggregate data tells a third party absolutely nothing about you either. You are just an anonymous data point. The targeting of the ads happen within Google's servers.

Actually, depending on how much information is sent, it's relatively easy to resolve the data points back to an individual or at least a computer using a combination of browser and hardware settings. But, even if the data does not include PID, unless the owner of the information truly understands how it's being used (the transparency issue) It's not clear that he or she has actually given consent, from an ethical (and potentially a legal) standpoint.


Posted with my trusty Z10

[bb10adopter111]

I just want to add that there have been many incidents of researchers demonstrating the ability to identify an individual from PROPERLY aggregated data sets in which the 18 prescribed HIPPAA identifiers that comprise the legal "Safe Harbor" standard for de-identification have been removed.

All that is required is to aggregate multiple data sets that include enough information to identify a particular user. Although this might not produce a name and address, it will allow marketers (and criminals) to target them very specifically with their own information, such as hobbies, interests, etc.

Moreover, by using aggregated data from social media, it is often a simple task, using simple machine learning algorithms, to identify the individual.

Posted with my trusty Z10

[scubafan]

I think we're talking about two different things now: risk vs. privacy. They are often closely related, but there is still a difference. One of the key principles of Privacy is that individuals choose who has permission to use their data and for what purpose, whether or not it's aggregated and anonymized.

I choose not to use Google's free services because by doing so, I give up too much privacy for too little benefit. But, from a privacy standpoint, I am comfortable providing telemetry data to GSuite, BlackBerry Hub, Microsoft Windows, and even Android, so long as it's used only by the agreed upon users and for the agreed upon purpose.

From a security standpoint, such data repositories increase risk, just as you've explained. From a privacy standpoint the repository is not the issue. The USE of the information, whether it includes PID or not, is the issue. Privacy is entirely about choice and control.

Of course, if the repository is hacked (a security risk), then my privacy may also be compromised, so.i have to decide if I trust the organization to secure my data, even if I'm willing to share it with them.

Posted with my trusty Z10

I also deliberately avoid using any services from google, bing, and several others because I prefer to keep what privacy I possibly can. The only "free" products I use are the ones that get their profits by being ad based. I really don't care how many people don't mind an action taken by either BlackBerry, google or any others. Either I own the device or I don't. If BlackBerry is turning on diagnostics on phones where the user made certain to opt out of them, then AFAIK they are stooping to being the same as any thief or con artists!

I really get sick & tired of the way that SO many businesses have been allowed to develop the attitude of "if we want it & it'll make us money then we'll take it anyway". The apathy or ignorance of the bulk of people who blindly check "yes" to every TOS without spending a millisecond wondering what the choice meant are the main reason why this has become the dominant business model. Maybe it just me being a rebel but unless they give me a cut, I'm not making any easier for companies to make money off of my privacy.

To those who say that the deal is fair because of the app, program or software is "free" I say that the only good business model is one where both parties get something of value to them. As I don't use any of their products, and I don't get any cash, then I chose to avoid it. If others feel differently than I do that's up to them. As long as I'm not forced to conform the rest can do as they will.

Just my $.02, YMMV ! ;-) sent via my Q10

[bb10adopter111]

I also deliberately avoid using any services from google, bing, and several others because I prefer to keep what privacy I possibly can. The only "free" products I use are the ones that get their profits by being ad based. I really don't care how many people don't mind an action taken by either BlackBerry, google or any others. Either I own the device or I don't. If BlackBerry is turning on diagnostics on phones where the user made certain to opt out of them, then AFAIK they are stooping to being the same as any thief or con artists!

I really get sick & tired of the way that SO many businesses have been allowed to develop the attitude of "if we want it & it'll make us money then we'll take it anyway". The apathy or ignorance of the bulk of people who blindly check "yes" to every TOS without spending a millisecond wondering what the choice meant are the main reason why this has become the dominant business model. Maybe it just me being a rebel but unless they give me a cut, I'm not making any easier for companies to make money off of my privacy.

To those who say that the deal is fair because of the app, program or software is "free" I say that the only good business model is one where both parties get something of value to them. As I don't use any of their products, and I don't get any cash, then I chose to avoid it. If others feel differently than I do that's up to them. As long as I'm not forced to conform the rest can do as they will.

Just my $.02, YMMV ! ;-) sent via my Q10

The question to me is always one of transparency. So long as the owner of the information is given clear information about what information is collected and how it will be used, he or she can make an informed decision about whether or not to use the service.

Unfortunately, very few companies do this. They include brief, all-inclusive descriptions about the data to be collected ("telemetry" or "information about your preferences" without specifying the data elements.). Unless the user understands what he or she is permitting, it's questionable whether a contract actually exists.

For example, I might be fine with the Hub developers seeing the sequence of tasks I take in the application, because that will help them design a better user experience, but I don't expect them to collect the names, addresses and phone numbers of my meeting contacts! I would never knowingly grant that permission.

Posted with my trusty Z10

[Invictus0]

But aggregate data tells a third party absolutely nothing about you either. You are just an anonymous data point. The targeting of the ads happen within Google's servers.

This is a big topic but given recent events I think third parties know more than we previously thought,

https://www.theguardian.com/commenti...alth-democracy

[scubafan]

You are accurately stating the case. The other "nice" thing about the concept is the language where the user is told that the data can be combined with other sources to add even more detail. Funny you mentioned HIPAA, I personally know more than a few physicians, nurses and other people who work with HIPAA protected data. If any of them put patient info in their calendar, or especially saved in contacts then every time they turn on their cell, google is given access to all of it. Then of course about 98% of the android apps I've seen want contacts, calendar, texts or usually all three. Each of these IS another violation.

I can cite specifics. The allergy clinic I used to try shots for allergies has a nurse who gives all of the shots, does all of the testing and she has the name, phone & appointments for every patient on her android phone (pre-6.1 too, so she can't deny any access an app wants).

The clinic has her send medication & appointment reminders to everyone. She's also the one who is called if someone wants to come in early because of new or worse symptoms. Same thing with the dentist I went to for routine cleanings. Yes, the privacy violations aren't likely to cause physical harm to the people affected but what about people who work in a cancer clinic, or a fertility clinic? Or some poor guy seeing the Dr because he needs those blue pills advertised on TV? I highly doubt any of these people want marketing databases to include information so personal! As for the analytics the same thing goes. About two years ago there was a man who was very angry that the Target store was sending coupons for diapers, baby clothes etc to his underage daughter. He demanded to know why they were sending them. He was told that they apologized, because no person decided to send them. They used algorithms that compared browsing & purchase habits of pregnant women. The poor guy had to call them back several days later when the girl admitted that she was indeed pregnant. So the software "knew" it before her parents did.

I won't waste everyone's time with more examples since those who wish will look things up, while most of the general public ignores it all.

Just my $.02, YMMV ! ;-) sent via my Q10

[bb10adopter111]

You are accurately stating the case. The other "nice" thing about the concept is the language where the user is told that the data can be combined with other sources to add even more detail. Funny you mentioned HIPAA, I personally know more than a few physicians, nurses and other people who work with HIPAA protected data. If any of them put patient info in their calendar, or especially saved in contacts then every time they turn on their cell, google is given access to all of it. Then of course about 98% of the android apps I've seen want contacts, calendar, texts or usually all three. Each of these IS another violation.

I can cite specifics. The allergy clinic I used to try shots for allergies has a nurse who gives all of the shots, does all of the testing and she has the name, phone & appointments for every patient on her android phone (pre-6.1 too, so she can't deny any access an app wants).

The clinic has her send medication & appointment reminders to everyone. She's also the one who is called if someone wants to come in early because of new or worse symptoms. Same thing with the dentist I went to for routine cleanings. Yes, the privacy violations aren't likely to cause physical harm to the people affected but what about people who work in a cancer clinic, or a fertility clinic? Or some poor guy seeing the Dr because he needs those blue pills advertised on TV? I highly doubt any of these people want marketing databases to include information so personal! As for the analytics the same thing goes. About two years ago there was a man who was very angry that the Target store was sending coupons for diapers, baby clothes etc to his underage daughter. He demanded to know why they were sending them. He was told that they apologized, because no person decided to send them. They used algorithms that compared browsing & purchase habits of pregnant women. The poor guy had to call them back several days later when the girl admitted that she was indeed pregnant. So the software "knew" it before her parents did.

I won't waste everyone's time with more examples since those who wish will look things up, while most of the general public ignores it all.

Just my $.02, YMMV ! ;-) sent via my Q10

Those HIPPAA violations can cost a medical practice $1000-$50,000 PER RECORD!

But, frankly, if the practice is using Mobile Phones, they should be using an EMM solution like Blackberry's that can turn off the sending of telemetry data from the work profile, which would address the issue completely. But whether they KNOW to do that is the problem, due to the lack of transparency.

If they are knowingly allowing that data to be transmitted to BlackBerry without having signed a Business Associates Agreement with them, then the violation would likely be considered negligent, resulting in a minimum fine of $5,000 - $10,000 per record!

Posted with my trusty Z10

[gizmo21]

For me it is an easy decision in times where every day a database is leaked unintentionally: I rather have less then more data about me in other places, be it personal info or so called "anonymized" data which is mostly only pseudonymized data and can be personalised again in the age of big data warehouses.

[scubafan]

Bb10, you're exactly right! The whole thing became a topic of several threads here when it came out that even though users THOUGHT that since they had turned off diagnostics, BlackBerry would respect their wishes.

At least google is honest with you, since anyone who bothered to read the TOS will see that they want every scrap of data on your device. It goes on to point out that they can read, modify or delete anything without asking & send things by text or call even if it costs you money. They put that in all caps yet I haven't ever met anyone who was aware of it. They at least warn those who bother to find out. But if the threads are correct, BlackBerry is being deceptive twice. 1st by collecting ANYTHING when users don't check the box to allow it. 2nd by collecting so many kinds of data that appear to go far beyond anything they could justify as keeping the network running or looking for faults in their software. If that's all they were doing then most of the data they take isn't related to anything but data mining without any clue what else they take or how it is used. They need to fess up ASAP before the few of us who have any positive opinion about them get fed up.

Just my $.02, YMMV ! ;-) sent via my Q10

[bb10adopter111]

Where are the BB10 defenders?? This can't be .... I'm no IT person but doesn't this shoot down the whole Android/IOS=Evil : BB=Good thinking?

I have already posted quite a bit on this topic, but, having now reviewed all of the information available, I can't find any inappropriate information that BlackBerry is collecting. This isn't about defending BlackBerry. I have no problem with Google collecting information about which features are used in their product and in what sequence and with what timing.

So long as ONLY the actual user BEHAVIOR data is collected, I see that as legitimate information useful to the product team.

However, as soon as information such as GPS location or actual data read or input by the user is collected, a bright line has been crossed. I don't see BB doing that here.

[anon(10321802)]

But aggregate data tells a third party absolutely nothing about you either. You are just an anonymous data point. The targeting of the ads happen within Google's servers.

Research has shown that individuals can be reidentified using anonymized data.

https://bits.blogs.nytimes.com/2015/...nymous-people/