ISP Data Use Is More Worrisome Than Pokemon Tracking

ISP Data Use Is More Worrisome Than Pokemon Tracking

Since the tech world can’t get enough of the Pokemon Go phenomenon – it seems a nice distraction from a lot of the other dire news this summer – it was about time for some backlash: safety concerns (maybe catching Squirtle in the middle of the highway during rush hour isn’t a good idea), criminals targeting users and of course my old favorite: privacy implications.

My Facebook feed has been filled with paranoia about the app’s data access and collection. A bit of this was justified (though some people ratcheted up the panic) due to confusion over signing in with a Google account. On iOS, the Pokemon Go app apparently demands full Google account access when logging in through that channel. 

Niantic clarified yesterday: “Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address)”; the full account access request was an accident that they are trying to fix. Part of the problem here is that Google isn’t clear about what full account access – or even partial account access – entitles an app to. That should really make you think twice about using your Google login for any app or service.

But data tracking is high on users’ minds, as summed up by the USA Today headline: “While You Track Pokemon, Pokemon Go Tracks You.”

Well, no shit! Why wouldn’t it? The app may be free to download, but you’re actually paying for the game with a variety of data. It’s telling that most of the reactions in my Facebook feed to these hyperbolic posts tend to be “Meh” or “Still playing!” That’s a sign that many mobile users understand there’s no such thing as a free lunch; an app that wants to use your location data is going to repurpose it probably for advertising purposes.

Depending on other apps you use, you might be sharing location data constantly already. If an app-maker does keep the data forever, they can tell what’s fresh and what’s been lingering around – I highly doubt someone will care you went to a Target in New Jersey two years ago. 

Years of using desktop Internet should have relieved you of feeling under constant surveillance – the tracking is passive and the data is anonymized for privacy and security reasons. Location data on mobile devices is similar – if you’ve perhaps hit a certain retail location more than once, your identifier may tag you as a regular. With the growing prevalence of beacons and other mobile tracking tools, such data collection is becoming commonplace.

Which is why hysteria over Pokemon Go tracking is a distraction to real consumer privacy and data issues. For example, today there is a Senate hearing for the Federal Communication Commission’s proposed broadband privacy rules. You may have seen a lot of acrimony from advertising and broadband industry trade groups over this proposed regulation, but a great deal of the complaints obfuscate the intention of the rules do. 

Perhaps you noticed Verizon bought AOL last year, which in turn acquired Millennial Media a few months after that. It seems obvious that Verizon is building a massive mobile advertising tech stack. The fuel that could really power this operation would be data captured by Verizon at the carrier or broadband level, leveraged for targeting through AOL and its outlets.

The FCC is proposing that broadband and wireless providers cannot use your data for advertising purposes without explicit user consent – they have to ask you to opt in. Some are saying this will stifle innovation and give Google and Facebook more market power, but in reality it will merely put a leash on big-ass Internet service providers.

When you visit a website, you’re implicitly allowing that site to collect data (browsing, interest, etc.); more and more sites are spelling out their data-collecting policies on first contact with users. When you use a mobile app, it asks permission to use certain data. The FCC’s rules are not stopping carriers and broadband from collecting and using data, but laying out a specific way for them to ask permission. 

It’s pretty reasonable, and puts the onus on those companies to provide a good reason for consumers to share their data – that is, actual utility rather than the promise of “better advertising.” It’s good for the digital advertising sphere because it won’t give an unfair advantage to giant conglomerates buying up ad tech companies.

Besides the Google snafu – and yes, I argue it’s a snafu – Pokemon Go’s data collection is par for the course: consumer opt-in. The FCC’s broadband privacy proposal aims to make that same policy applies to ISPs as well.