1. Home
  2. Embedded Programming
  3. Privacy policy

Privacy policy

Hi,

I've been stewing over this for a while (and obviously have not come to a satisfactory solution) and the recent bad press about pseudo-privacy issues in various consumer devices ("D'uh... didn't you *think* this was happening??") just makes it more pressing.

I have a "well connected" device that supports third party applications. As such, iPhones, etc. are good parallels to consider.

I have *mechanisms* to protect damn near everything imaginable on the device (in terms of data). I.e., an application doesn't even *know* that "invisible (to it) data even exists -- let alone its actual content!

Unless, of course, that is "well known" data (e.g., something that an application can pretty much *expect* to exist on the device... like your PHONE NUMBER on an iPhone, etc.).

With mechanisms in place, I figured I could defer thinking about how to actually *use* them! :-(

Previously, I had assumed the user could just deliberately "publish" those items that he/she wanted to share (by setting appropriate ACL's for specific *applications* -- each app runs as its own UID).

But, it seems like people aren't very vigilant about what they "allow" access to. I.e., "Frajistat9000 wants to examine your contact list. Press YES to add Frajistat9000 to the list of applications allowed access to this list." would tend to be regarded (by many) as a nuisance prompt -- "YES, just give it the damn contact list and let me get on with my work!"

In keeping with the philosophy of providing mechanism, not policy, I'm looking for ideas as to how I can adjust the bias on this sort of "access granting".

E.g., I can be hard-nosed and just *block* access to protected resources and *crash* the offending application (so the application can't easily *test* to see if it has access and prompt the user

*for* that access if it doesn't have it already). This would require the user to explicitly and deliberately set up these ACLs when installing the application (which could be seen as an even *bigger* nuisance than the above).

Or, I can take the "nuisance" approach above.

Or... ?

[Note my goal here is to err on the side of discouraging sharing while not being too much of a nuisance in the process]

Thx,

--don

Reply to
D Yuniskis
Loading thread data ...

Then you'll need to be a nuisance. If sharing is simple, applications will just insist upon it.

One option is to allow the user to control exactly what they share, rather than all or nothing. E.g. if the application wants a contact list, the user can provide the whole thing, a subset, an empty list, or just refuse. Of course, this is more work than just yes/no.

Reply to
Nobody

I suspect that will ultimately prove to be the case. :< There isn't even a "realistic" policy by which you could limit the duration of the sharing (e.g., revoke privilege in time T). I suspect this eventually leads to folks granting

*lots* of access -- and then forgetting about it (especially if the access *seems* transitory).

I have fine-grained enough mechanisms, currently, for this. But, it forces people to think even *more* about their choices. And, I think most people are lazy -- they just want to "get on with" whatever they were planning on doing... any sort of "popup" requiring them to divert their attention from their original goal will probably not be addressed seriously.

Consider things like Vista (?) constantly asking you if you want to allow FOOBAR to do "whatever". Or, XP constantly asking you if you want to allow TWEEDLEDEE to access the internet, etc. Do you *remember* how you answered each of these questions? Do you even remember that those applications are present and/or

*active* and still operating with those permissions??

:<

Reply to
D Yuniskis

ill

her

se.

Reply to
rickman

Amazing just what folks will agree to, eh? Especially when you look at what they are *receiving* in return! (i.e., little, if anything)

I am particularly amused by stores with "discount cards": "We'll give you 3 cents off your purchase if you tell us all this information about yourself -- which we will, of course, use to figure out how to extract *more* money from you in the future by exploiting your buying patterns to trick you into purchasing other items at *increased* prices. Oh, and, by the way, once enough of our customers are using these cards, we'll be forced to raise our *discount* prices back to their non-discount levels before we instituted these cards -- since we still need to make that amount of money to be profitable. Shirley we can't survive if EVERYONE is getting that 3 cent discount!"

Consider the disclaimer on the IRS's "help line": "Hopefully, the information that you receive from our employees -- acting on behalf of the federal government -- is correct. If it *isn't*, tough. You still owe us whatever *we* decide you owe us. Plus interest, penalties, etc. Be thankful we don't *charge* you for this information! So, there!"

*Count* on it!

It's unfortunate that people (firms) feel they have to act this way instead of "in good faith". I suspect they've been burned enough to have *learned* this behavior. However, there is then an undercurrent that leads them to behave only as they are *required* (legally) to behave ("You signed the Agreement holding us harmless!") instead of how they should *morally*.

Do business with companies who behave the way you would like them to behave IN SPITE OF how they *could* behave.

E.g., we buy a lot at Costco that we can often find elsewhere (perhaps cheaper or more convenient) simply because the experience is "minimal hassle". None of this: "It's been 30.000256 days since you purchased the item so we won't issue a refund." "Yes, but you were *closed* yesterday!"

Reply to
D Yuniskis

In message , rickman writes

Yes we do.

Then you don't understand. What they are saying is that the information is provided as seen with out any warranty and you can't sue them if you use it and it goes wrong. Ie you use it at your own risk... I don't know

*ANY* software or for that matter any product that doesn't say that.

No.... But you seem to.

--
Support Sarah Palin for the next US President
Go Palin! Go Palin! Go Palin!
In God We Trust! Rapture Ready!!!
http://www.sarahpac.com/
Reply to
Chris H

In message , D Yuniskis writes

I had EXACTLY that with an Electrical fault on a Nissan On a Saturday afternoon on the last day of the warranty. On Monday the local Nissan Dealer said "you pay". A quick call to Nissan UK and the local Nissan Dealer was suddenly only too happy to help Free of Charge :-) I suppose it depends who is paying.

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply to
Chris H

So, the local dealer shot himself in the foot. Chances are, his "labor" costs are fixed. If a technician isn't working on *your* car, he's sitting around STILL getting paid. (i.e., it only "costs" the dealer if he has to turn away a "paying client").

No doubt the DEALER cost of any replacement parts is negligible.

*Or*, he could argue your case directly with the "main office" ("Nissan UK" in your case). I.e., he could ADD VALUE to your "Nissan Experience" -- value that is tied to *his* dealership.

Instead, your gratitude -- and any associated "loyalty" -- is transferred *around* the dealer and directly to the manufacturer. So, your next car may, in fact, be another Nissan... but, not necessarily from *that* dealership!

People remember -- and recount -- "bad" experiences more often than "good". In this case, dealer gets a "-0.5" and manufacturer gets a "+1". But, at some *cost* to *you* (that "-0.5").

Unfortunately, since "positive reinforcement" is so rare, vendors only respond to *negative* feedback.

I'm not fond of bananas. But, have tried to discipline myself to eat them, regardless.

The main banana producers, here, seem to be Dole & Chiquita. A local market started carrying "Coliman" (sp?) brand. They were amazing! Actually tasted like *bananas* (instead of some banana-shaped pasty concoction).

I made a point to have the store manager fetch the produce manager so that I could tell him how pleased I was with this "producer". In the months since then, I've not seen Dole or Chiquita sold there!

(No, I don't attribute it to my comments. Perhaps these are "less expensive" or more readily available via his disti, etc. The point being, I suspect my comment enabled the market to more readily embrace their decision to go with this vendor instead of one of The Big Names)

Reply to
D Yuniskis

I would suggest that you don't know the difference between warranty and indemnification. You are talking about warranty where they have liability for your losses. Indemnification is you promising to pay for their losses. Sometimes you are asked to indemnify them for losses caused by you violating the web site "rules". Most of the time they ask you to indemnify them for *any* losses "arising from your use" of whatever. That is so vague that it could include almost anything if my name is mentioned in relation to the issue.

My concern is that they are asking me to sign up to unlimited liability just to use their stinkin' web site. In the case of National Semi, the web site is the only way you can reach support. That's pretty extreme. I prefer vendors who do provide some more immediate means of support in addition to email. But if they can't provide either email or phone support, I'm done with them. I sent an email to Avnet about a National part two days ago and still have not received a technical response. I'll be durned if I will agree to indemnification to get someone to answer an email.

I'm not sure what that is supposed to mean. I guess you are implying that I am being too much the lawyer. I would suggest that you need to learn a little law before judging the actions of others in regard to the law.

Yeah, there's indication of some clear headed thinking!

Rick

Reply to
rickman

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.