15 Ways Tech Companies Actually Violate Your Privacy

Image via Complex Original

Company: Yahoo 

Before email scanning was the hot privacy violation among tech behemoths, companies were selling information from message boards to the highest bidder. As far back as 1999, the ACLU was bringing civil suits against Yahoo for privacy violations on their message boards. One of the earliest suits was filed in the US District Court of Los Angeles on behalf of financial message board user "Aquacool_2000." Nothing says 1999 quite like that username.

Company: Google, Yahoo

The Grey Lady reports that Gmail stands accused of "improperly scann[ing] contents of Gmail messages in order to serve ads to its customers." What Google is accused of (and kind of has admitted to doing) is a trick that spammers and virus scans have been using for years. In fact, Google calls it part of their "ordinary course of business." What are they up to exactly? They are scanning your messages for key words that result in ads tailored to you. So, if you've been wondering why so many porno and male enhancement ads have been popping up in your sidebar, it turns out you have no one to blame but yourself.

Company: Twitter

You know that "Find Friends" feature? Twitter has admitted that using the feature means uploading a user's entire address book to their servers. Of course, this information was left out of the description of "Find Friends" at launch. "Find Friends" uploads the email addresses and phone numbers of all of your contacts to Twitter's servers and stores them for up to a year and a half. How did Twitter address this breach of privacy? They updated their description, adding the phrase "upload your contacts," so now you are kind of informed that they are storing every number in your phone for an indefinite amount of time.

Company: Apple

iPhones and iPads come equipped with a UDID (Unique Device Identifier), a forty digit string of letters and numbers used to distinguish one device from another. The ID is permanent; it cannot be blocked or removed. In 2010, it was alleged that UDIDs were being leaked to app developers so that they could see what apps users were downloading. Though there have been several attempts at class-action lawsuits against Apple as a result, Apple has escaped any repercussions for leaking UDIDs, as plaintiffs have been unable to prove that the release of the ID numbers has caused any harm to consumers.

Company: Apple

In 2006, Apple released iTunes 6.02, an update that quickly earned the dubious moniker "Spytunes" among tech writers. With this update, Apple introduced a feature called the "Ministore." The Ministore was controversial because the service took information that was locally store in your music library and broadcasted that information over the Internet. Though this may seem like a mundane feature, industry watchdogs were up in arms because nowhere in the terms and conditions was the user notified nor were they asked for consent. Worse still, the Ministore ran through a third party site called 2o7.net, owned by marketing firm Omniture. Omniture's name appeared nowhere in the terms and conditions for iTunes at the time.

Company: Facebook

A 2011 settlement between Facebook and the FTC found that Facebook had led users to believe that they could keep certain information private, and then shared the information publicly anyway. The terms of the settlement asked that Facebook stop doing that. The terms also required that Facebook notify users of any changes in their privacy policy and get "affirmative express consent." In September, the FTC announced that they are investigating Facebook for possibly breaking the terms of the settlement. The FTC's newest investigation came on the heels of Facebook's announcement that it has the right to use images and information about its users in ads on the site.

Company: Google

Last year, the FTC fined Google over $20 million for bypassing privacy settings built into Apple's Safari browser. This allowed them to better target ads for Safari users by accessing personal data. The FTC took the violation quite seriously, as it resulted in the largest civil penalty the commission has ever levied. Since Google pulls in over $30 million on a daily basis, many commentators wonder if a fine like this is any more than a slap on the wrist. Wired ran a piece courtesy of Propublica in the summer of 2012 that concluded that FTC doesn't really have any meaningful way to deter tech giants from similar violations in the future.

Company: Twitter

It turns out that Twitter is selling your old tweets. Granted, unlike email and locally stored data, tweets were generated to be viewed in a public forum. Nonetheless, the intended audience likely included your followers and not large data firms. In 2012, Twitter sold two years of archived tweets to UK firm Datasift. Hmm, Datasif; wonder what they do. Yep, Datasift analyzes tweets, then turns around and sells their findings to other firms. By Datastift's own estimation, they have roughly 1,000 clients willing to pay in the neighborhood of $20,000 each for their Twitter analytics ... or rather, your Twitter analytics.

Company: Google

Last spring, Google was fined $7 million when it came to light that they were doing more than mere mapping with their Google Street View Vehicles. It turns out that some of these vehicles were collecting personal data, emails, and even unencrypted Wi-Fi passwords while mapping the known world. The good news is that this wasn't a company policy, but the result of some employees going rogue. During a 17-month inquiry, the FCC discovered that eight engineers and one manager had knowledge of this excess information gathering. In addition to the settlement, Google set up something called "Privacy Week" to provide annual training on consumer rights and protections. We can only speculate on what exciting team building exercises occur during Privacy Week.

Company: Apple

We are all familiar with the "Location Services" option on our smart phones. There was a time that Apple devices were tracking user location whether they consented or not. In earlier versions of iOS 4, iPhones and iPads automatically created a log file with location information with time stamps. The information was transferred to any computer that the device was synced to via iTunes. Apple dismissed the tracking as part of bugs in the software and fixed the problem with the release of iOS 4.3.3.

Company: Facebook

Since its introduction, Graph Search's privacy settings have been tightened. If you haven't taken steps to limit your Graph Search-ability, you may be surprised at what people can discover about you. Blogger Tom Scott found that Facebook's simple "search for x and y" formula can have disastrous results. Some of his Graph Searches included "Family members of people who live in China and like Falun Gong," "Islamic men interested in men who live in Tehran, Iran," and "Married people who like prostitutes."

Company: Skype

In 2008, TOM-Skype, the the Chinese iteration of Skype's service, admitted to monitoring users' text messages. Skype chats in China were regularly scanned, and not just to increase ad revenue. A report written by Nart Villeneuve found that keywords involving Falun Gong, Taiwanese independence, and anti-Communist rhetoric were not only screened, but if found, uploaded to Chinese servers for "safe keeping." The investigation also concluded that the servers used were not secure and that some specific user names were monitored, regardless of keywords.

Company: Facebook

While most tech companies have been using your personal information to target ads, Facebook went a step further and used personal information in their ads. Names and pictures of Facebook users were utilized to created "Sponsored Stories." Information about and likenesses of Facebookers were used in these "Sponsored Stories" without payment, consent, or the choice to opt out. Furthermore, by placing statements like "[person] likes this" below the ads, Facebook created an implied endorsement out of a one-time click of the mouse or tap of a phone. You may have gotten the chance to be a spokesmodel and never even known about it.

Company: Skype

In 2012, Skype doled out information on a sixteen year-old Dutch boy with alleged ties to Wikileaks to an investigative firm without a warrant. This would be unsettling under any circumstances, but it is particularly problematic in this case, as Skype's terms and conditions explicitly state that personal information will not be divulged without a warrant. The teen was allegedly part of a group of hackers that launched cyberattacks against PayPal, Visa and Mastercard after they opted to block donations to WikiLeaks. Dutch authorities openly admitted that they received the boy's name, email, and home address from Skype via iSight Partners, a third-party investigative firm they contracted to assist with the case.

Company: Google, Apple, Yahoo, Facebook, Microsoft, etc.

The country's largest tech companies release personal data to the NSA. The PRISM program gives government officials access to vast stores of personal data including emails, video chats, photos, and search history. The Guardian obtained and released a 41-slide PowerPoint presentation that was used to train NSA agents in data "collection directly from the servers" of large tech companies. Allegedly, Microsoft was the first to join the program in 2007 and the last major tech giant to fall in line was Apple in 2012. The key difference between PRISM and prior intelligence gathering efforts is that while companies are obliged to comply with requests from the NSA, under PRISM, as outlined in the document, the government has unmitigated access to company servers, meaning they can bypass requests an obtain data at will.