Apple has added a new paragraph to its privacy policy which, depending on your viewpoint, may usher in a new era of amazing convenience and relevance to the mobile experience, or bring society one step closer to an Orwellian future where governments and corporations can track your every move. And users are, for all practical purposes, being forced to accept it.
The paragraph in questions states that, “Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you, and is used… to provide and improve location-based products and services.”
De-Anonymizing Data
The anonymity disclaimer, and the iPhone’s built-in option that allows consumers to prevent applications from using location data (Settings → General → Location Services), might seem to combine in a way that protects individual privacy. But this isn’t quite the case, for a couple of reasons.
The first is that anonymity strategies can be relatively easily compromised. Arvind Narayanan and Vitaly Shmatikov, two mathematicians from the University of Texas at Austin, have demonstrated that de-anonymization of large data sets is possible. They were not only able to determine the favorite movies of Netflix subscribers from supposedly sanitized data, but their political preferences as well. While the process is quite complex, it essentially involves cross-referencing data from various lists, some of which are public.
The Inconvenience Factor
The second problem with Apple’s privacy protestations is that users are virtually forced to accept the terms of the new policy. If they don’t, they can’t download anything from the iTunes Store, the key source of iPhone/iPad content and apps. At this point in time, there is no option to decline the policy but still buy content and apps.
In all fairness, the use of real-time location data surely enables services that most consumers will welcome, like helping them find an open gas station in a strange city. But to assert that such data cannot be compromised – and relatively easily compromised at that – is simple misdirection.
