Unless you’ve been living under a Snorlax, you’ve probably heard about the wildly popular new augmented reality game, Pokémon Go.
The game uses your smartphone’s camera, GPS, and position sensors to tell the game what to display and where, creating the illusion that cute little cartoon “pocket monsters” are standing in your living room, on the sidewalk outside, or in the park nearby. You grab free Pokéballs (to catch the critters, naturally) at local sites of historical interest. And businesses can purchase Pokémon “lures” as advertising to draw imaginary monsters and real fans to their physical location.
It’s a digital world overlayed over the real world, and it’s insanely popular. As of the writing of this article, reports said it had already been downloaded 7.5 million times.
But the way the phone works requires data — and lots of it — and problems have arisen with what the app collects, and what the company is doing with it.
News began to percolate that the game required full access to your Google account when you sign in. Full access allows the app — and the company — to “see and modify nearly all information in your Google Account,” according to Google’s My Account privacy controls. It doesn’t have access to passwords or payment information, but it can read your emails, see what you’ve been searching, and more.
The company, Niantic, said the request was a mistake and has reportedly changed the access requirement in updates to the game. But the question remains: Why did so many users give a game designed for 10-year-olds full access to everything Google knows about them?
It’s just one example of a systemic problem: We give away our data far too easily.
Especially with apps, where we download something for free and want to start using it quickly, people never read the lengthy terms of service agreements they’re happily agreeing to, and don’t understand the full extent of the information they’re voluntarily giving away.
It uses a Google map and your real-world GPS location to direct you to Pokémon you can catch. But that information can be misused. Already, stories are circulating of criminals targeting Pokémon players for robberies, and a man who claims he was dumped after his girlfriend discovered he was cheating by looking at his game history — and these are just people exploiting the nature of the game, not hacking anyone’s data.
Last year, music service Spotify got into trouble with an overreaching data policy that wanted to access users’ photos, contact lists, and media files. The company clarified soon after that users would have to opt-in to these features, but the damage was done.
By default, Windows 10 also came with a Big Brother-esque so-called “privacy” policy that granted Microsoft the right to read your emails, “other private communications or files in private folders,” use your bandwidth for their own purposes, and profile your computer usage. Users can opt-out of many of these Orwellian surveillance schemes, but the question is how many people will go to the trouble of doing so?
The problems I see exemplified by this most recent outrage over the Pokémon Go app — and others like it — are twofold:
First, companies are in a land-grab to collect as much data as possible about their customers against current and potential future use scenarios when it will become valuable. Most are taking the road of forcing savvy users to opt-out of this data collection, rather than allowing them to opt-in as program features require the information.
Second, and perhaps more importantly, users are blissfully ignorant about the privacy they’re giving up every time they click the “accept” button on a new app or program. As a whole, we do not educate ourselves, nor even concern ourselves with the information we’re giving away. Not until some interested computer scientist, journalist, or hacker discovers the distasteful truth is there any kind of outcry.
We need to be more educated and more cautious with our privacy unless and until companies come around to more common-sense policies and best practices when it comes to what they collect of our data and how they use it.
Know who has access to your data !!