Related
Originally Posted by timothyon Saturday October 20, @08:27AM
from the that's-why-they-buy-guns dept.
Trailrunner7 writes "There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations. The researchers conducted a detailed study of 13,500 of the more popular free apps on Google Play, the official Android app store, looking at the SSL/TLS implementations in them and trying to determine how complete and effective those implementations are. What they found is that more than 1,000 of the apps have serious problems with their SSL implementations that make them vulnerable to MITM attacks, a common technique used by attackers to intercept wireless data traffic. In its research, the team was able to intercept sensitive user data from these apps, including credit card numbers, bank account information, PayPal credentials and social network credentials."
Refrence http://yro.slashdot.org/story/12/10...mentations-leave-many-android-apps-vulnerable
I myself have implemented them for shopping apps (SSL for anything dealing with user details, payment, etc.). When you're communicating with an external service that requires (or where you want to use) encrypted connections and that service only offers SSL (this is probably 90% of the time) you need to use it. Now the catch here is that the standard SSL handlers available to you in Android provide an "ideal" setup, where servers and certs are exactly as they "should" be. The problem is unless you are paying rediculous amounts for dedicated SSL services and high quality certs your setup will not be the "ideal", and you'll have to make exceptions by overriding code.
As an example, in the shopping system I set up there were two sets of certs, one set was signed [payment gateway] the other wasn't [user control panel]. I had to jump through a few hoops, and the app would be open for man-in-the-middle if set up right - but luckily all they'd get would be user login details, address and phone number - billing is all external and requires a separate authorization.
As spreading news about the issue among would only be able to protect privacy and crucial information of the consumers
all discussion regarding this issue are being welcomed kindly try to focus to fix this issue
VPN and Politics - how secure is it
===================================
VPN:
The miracle solution for corporate users on-the-go.
The solution for political disdents and street movements or "freedom fighters".
The solution for watching what Holywood bosses decided you may not see in Europe or somewhere else.
The solution for downloading what you are not allowed to.
And the fancy list continues.
But have you ever thought that everything has a price, nobody gives something for free without thinking of own profit and that physically, you connection and data must pass a certain server somewhere?
But ...who has access to that server?
Which land host it and how the policy and government of that country affects you?
Well... let's take few examples:
1. Chinese disidents in Hong Kong. Well, if they use F-Secure Freedom VPN, it could be quite good.
F-Secure is locate din Finland, it's a pro NATO and USA partner.
For the chinese disident does not matter if american NSA watches them.
2. Islamists in Europe or somewhere else.
Now F-Secure Freedom VPN could be their capital mistake and last program to use before NSA reacts and ...a ticket to Guantanamo is paid by the USA tax-payers.
3. Normal Europe citizen wanting to watch Country music... well, Nashville and Holliwood bosses are quite restrictive and aware of money losses. Now a good VPN program comes handy, but beware for BSA catching you if your VPN goes via an "ally" of USA. Perhaps vpn servers ouside Europe are better...
But beware of own personal data if VPN program comes from East or Far East and your traffic goes same way...
Conclusion: based on who you are, how you are politically situated in respect to major powers of the world, what you want to do..
Then choose you VPN program and with a good firewall and sniffer watch out what the VPN program wants to access more on your device.
Never trust a VPN program, based on its adverts from producer or comments from internet.
Investigate yourself first, and never trust without deep checking.
With respect,
Zeno Sloim
http://zenosloim.blogspot.com/2014/10/vpn-and-politics-how-secure-is-it.html
How secure are in fact VPN or Red Phone
Article inspired by a PM asking about my thoughts on VPN and Red Phone.
"Hello there! Finally someone who cares about security.
Quote:
Originally Posted by iunlock
Greetings, I've been reading some of your posts and all that info is right up my alley. It's hard to find someone who actually cares about this stuff like I do. Anyhow, I have some questions that you may be able to answer for me. A lot of people I've tried to run this by doesn't have any passion for security so I've only received half "" answers, which is not what I'm seeking.
What do you think about this set up.
1. I use a VPN that claims they don't keep logs on my phone. But who knows...better than nothing? Or are these companies compromised? See if I was the big bad wolf, I'd either create VPN companies to give people options to trick them into thinking they have security with a VPN (illusions) and/or pay VPN companies a dollar amount that they can't refuse for a backdoor...ie...easy access any time to the traffic and data. So what if VPN companies lie about their claims...who's going to tell right? $win-$win situation for big bad wolf and the VPN company that couldn't refuse the $ offered. Interesting eh?
2. Tor/Orweb. Hmm....slow as a dead turtle, but does it really work like they claim? I do see some truth to this though with its concept, but going back to what I said above. $ talks?
3. Password managers like last password, 1 Password etc... again if I was the big bad wolf, would I not be able to make $ talk? Make you think.
4. Secure apps...like jitsi, xabber, encrypted stuff...etc. ..
On the flip side of the coin, there are true security nuts who hate the big bad wolf and a lot of these people are the founders of some of these VPN companies and alike. So there's some comfort in knowing that I assume....also open source stuff is good because they are transparent. No messing around there. Anything funny or fishy would be known for any vulnerability in the app etc....
With all that stuff aside, assuming you did trust the VPN, tor etc....what's the best we can do security wise for our phones?
Well I think using a VPN is a must. Next using gpg to encrypt all emails along with encrypted chat clients. Then the use of tor to proxy your connections like mail, chat, fb, twitter etc....
What are your thoughts?
BTW, I don't use Facebook (Cia / prism) buffet....
I think gpg is the only sure way of true security.
In the real world, having the convenience for non important things makes the use of Gmail and other Google apps convenient.
Never do I ever use any real info for any of these accounts lol.
So the question is....will using a VPN, encrypted email, encrypted chat client, and tor do the trick?
How about the use of redphone app with Google voice on VPN since it uses data and not voice tunnel?
A lot of cool stuff....would love to hear your thoughts.
Cheers"
Hi sorry for so late answer.
Please read my posts on my security blog.
As a guide line:
There is no secure VPN or provider, all depends on your "enemies" or whom are you afraid of. It all depends on who "don't care about you".
And what you want to do.
Everything located on US territory will report in case to US authorities. Same goes for Germany, Russia, China.
Also for smaller countries: Canada, New Zealand, Australia - all will report to UK and USA.
Same for Austria, Finland, Sweden - all will report to USA, UK, Germany.
The closed ties in SIGINT cooperation are 100% same in so-called VPN providers/software.
IMHO it's money waste to pay for VPN. If you want to do something against law.
Respect the laws and ignore VPN.
All above is for private persons.
If enterprise, own physically the VPN server and never trust any 3rd part.
With kind regards
Zeno Sloim
Part 2
Red Phone - bogus for naive people
Any product (hardware or software) produced on German territory HAVE backdoor for German state authorities and Germany SIGINT close partners: USA, UK
Any product made on USA territory has back doors for US state authorities.
The whole Apple FBI encryption scandal was bogus for big public, all Apple products have backdoor.
It's a matter of time for how quickly will authorities know and decrypt your private data "travelling on internet".
Best solution is to try to keep it LOCALLY, as much as possible, by controlling anything going out of your phone.
It's not easy for a normal user.
But use only verified by you, apps.
With regards
Zeno Sloim
This message is only for people who live or vote in India. If you are not such a person, please forward it to someone who is.
What is net neutrality?
The principle that all traffic on internet should be treated the same.
No site will be sped up.
No website will be slowed down (throttling).
----------
So what's happening now?
TRAI consultation paper (open to comments till April 24) is the first step in potentially allowing operators to discriminate internet traffic.
----------
How does this impact me?
1. Your internet bill could go up.
2. Apps you love may no longer work.
ISPs and Telcos could charge you more. When you buy a 1 Gb data pack, you can use it for anything you wish. Without neutrality, you could be forced to buy a Skype pack for Skype calls, a video pack to watch YouTube and dailymotion.
Or you could be charged a different rate for each service. 4p/10 KB if you are browsing, but 10p/10 KB for VoIP calls. That would be like your milkman telling you 30 Rs/L if you make tea, but 75 Rs/L if you make milkshake.
You could be denied service as well. Telcos could decide that WhatsApp or Viber is eating into their sms revenue and block them completely.
Or Airtel could block gaana, saavn, hungama, rdio etc and allow access only to wynk (owned by airtel)
----------
Hmm.. I want to know more.
Sure follow the links here:
Well written article: http://www.firstpost.com/politics/b...trai-trying-screw-internet-users-2193321.html
A video explanation: https://m.youtube.com/watch?v=_G-OagxdCws
Another cool video: https://m.youtube.com/watch?v=mfY1NKrzqi0
Another video: https://youtu.be/uQjkCziopLA
Take some Action: http://www.savetheinternet.in/
----------
OK. Got it. What can I do?
Let TRAI know that you hate this idea. Go to http://www.savetheinternet.in/ and follow the instructions to email TRAI letting them know of your displeasure.
----------
Anything else I can do?
Yes. Inform family and friends about net neutrality and TRAI's attempts to kill it (under pressure from telcos probably).
You can also protest on https://www.change.org/p/rsprasad-t...e-how-they-want-to-use-internet-netneutrality
Contact your mp today http://j.mp/MailMyMP if there is no net neutrality, we will have to pay to use WhatsApp, Facebook, hike, Google, YouTube, etc.
Hashtag revolution #NetNeutralityIndia , #SaveTheInternet , #wewantnetneutrality and #TRAIDontevenTry
---------
Why do we need net neutrality?
India is a developing country. If there is no net neutrality, we cant develop ourselves.
Poor people; instead of getting onto the internet would stop using it completely as they wont be able to pay
Answers to those 20 questions (thanks to savetheinternet.in)
To the Chairman, TRAIThank you for giving me this opportunity to share my views on the consultation paper published by TRAI on March 27, 2015 titled "Regulatory Framework For Over-the-Top (OTT) Services”. I am worried that this consultation paper makes sweeping assumptions about the Internet, and does not take a neutral and balanced view of the subject of Internet Licensing and Net Neutrality. Any public consultation must be approached in a neutral manner by the regulator, so that people can form an informed opinion.I strongly support an open internet, for which I believe it is critical to uphold net neutrality and reject any moves towards licensing of Internet applications and Web services. I urge TRAI to commit to outlining measures to protect and advance net neutrality for all Indians. Net neutrality requires that the Internet be maintained as an open platform, on which network providers treat all content, applications and services equally, without discrimination. The TRAI must give importance to safeguarding the interests of our country’s citizens and the national objective of Digital India and Make In India, over claims made by some corporate interests.I request that my response be published on the TRAI website alongside other comments filed, in line with past practice regarding public consultations. I urge that TRAI issue a specific response to user submissions after examining the concerns raised by them, and hold open house discussions across India, accessible to users and startups before making any recommendations.
Question 1: Is it too early to establish a regulatory framework for Internet/OTT services, since internet penetration is still evolving, access speeds are generally low and there is limited coverage of high-speed broadband in the country? Or, should some beginning be made now with a regulatory framework that could be adapted to changes in the future? Please comment with justifications.
No new regulatory framework in the telecom sector is required for Internet services and apps - and no such regulation should come into effect in future either.This question incorrectly presumes that regulation of the Internet is absent and there is a need to create it. Additionally, the technical language of “Over-the-Top” applications used in the consultation paper fails to convey that it is truly referring to the online services and applications which make today’s Internet which we all use; Facebook, Ola, Zomato, Paytm, WhatsApp, Zoho and Skype etc. The Internet is already subject to existing law in India - any extra regulatory or licensing regime will only be detrimental to the customer and to Indian firms developing online services and apps.Under the current regulatory framework, users can access the internet-based services and apps either for a low fee or for free where the application owners make money by selling advertisements based on user data. With additional regulations and licenses, it will make it expensive for these services to reach out to their customers eventually leading to higher prices and undesirable levels of advertising - which is against the public interest and counterproductive.It appears that the telecom companies are shifting goalposts. Many telecom companies have earlier argued in the consultation paper floated by TRAI on mobile value added services (MVAS) that it was not necessary to regulate these value added services. They said MVAS are already governed by general laws under the Indian legal system and comply with the security interests as they operate on the networks of legitimate telecom license holders. Internet platforms also are regulated and governed by general laws in addition to specialised laws such as the Information Technology Act, and the same treatment should be extended to them as well.As TRAI said previously in its recommendations after consulting on MVAS regulation:“The Authority preferred least intrusive and minimal regulatory framework and thus no separate category of licence for value added services is envisaged. After second round of consultations, the Authority is also not favoring registration of Value Added Service Providers (VASPs) or content aggregators under the “Other Service Provider (OSP)” category.”“Content shall be subject to relevant content regulation and compliance of prevailing copyrights including digital management rights and other laws on the subject (para 3.12.2). The content is subjected to content regulation/ guidelines of Ministry of Information and Broadcasting, Information Technology Act, 2000, Cable Television Networks (Regulation) Act, 1995, Indian Copyright Act etc., as amended from time to time. The content regulation shall be as per law in force from time to time. There should be consistency in the treatment of content across all kinds of media including print, digital/multimedia to avoid any discrimination. (para 3.13.3):”
Imposing a licensing and regulation regime carry significant risks of destroying innovation. Launching new services and features will take more time and will make it difficult for new startups with low cash reserves to enter the market. It will basically ring the death knell for the country's fast-growing digital media sector.
Question 2: Should the Internet/OTT players offering communication services (voice, messaging and video call services through applications (resident either in the country or outside) be brought under the licensing regime? Please comment with justifications.
Firstly, there is no need for licensing of internet based communication service providers. To suggest such a move further points towards the TRAI consultation being tilted in favour of telecom operators.
Secondly, fundamentally both Internet-based communication services and non-communication services are the same. They sit on top of the network provided by telecom operators. And the spectrum that telecom operators utilise to offer this network on pipe is already licensed, hence there is no need for additional licensing.
This issue also needs to be looked at from another perspective. Many non-communication services on the Internet also offer real-time chat or video interaction features for the benefit of customers, which will be affected by bringing such services under a licensing regime.
The extent of innovation we have witnessed over the years has been greatly aided by the low cost of entry. Any form of regulation or licensing will increase the entry cost, thereby hindering innovation and equal opportunity to startups to establish themselves in the market. Behind every Zoho, WhatsApp and Skype there are numerous failures. Licensing will essentially increase the cost and likelihood of failure - and greatly discourage innovation.
Question 3: Is the growth of Internet/OTT impacting the traditional revenue stream of Telecom operators/Telecom operators? If so, is the increase in data revenues of the Telecom Operators sufficient to compensate for this impact? Please comment with reasons.
There is no evidence of data revenues cannibalizing revenues from voice or SMS. In fact, data usage is soaring and it is driving the demand for telecom networks.
The question fails to acknowledge that revenue from data services also fall under the traditional revenue streams category as per the Unified Access License Agreement
[http://www.dot.gov.in/access-services/introduction-unified-access-servicescellular-mobile-services]. So, to assume that data services are impacting the growth of “traditional revenue streams” is wrong.
Services such as Skype and WhatsApp have specific use cases. They are not, and should not be, considered as substitutes to voice calling or SMS. For instance, calls made using VoIP don’t have the same clarity that we have on voice calls. Moreover, services such as WhatsApp are used for real-time chatting as opposed to SMS. Voice and SMS have their own benefits and use cases, so do VoIP and internet messaging. Customers should be free to pick and choose among these.
There is still no concrete evidence suggesting that the decline in the revenues from messaging and voice calling is due to the growth of revenues from data services, and statements from experts and industry experts appear to in fact point to there being no cannibalization of revenues.
Gopal Vittal, CEO, Airtel
“There is still no evidence that suggests that there is cannibalization,” he said when asked about whether data is cannibalizing Airtel’s voice business. On internet messaging cannibalizing SMS revenues, he said: “At this point in time is very, very tiny. And so it is not really material as we look at it.”
[http://www.medianama.com/2015/02/22...tion-of-voice-airtel-india-ceo-gopal-vittal/]
Vittorio Colao, CEO, Vodafone
“Growth in India has accelerated again (October-December), driven by data” [http://computer.financialexpress.com/columns/india-high-on-3g/9462/]
The company’s India unit grew by 15%, going past its counterparts during the quarter ending December as customers used its data services. [http://articles.economictimes.india...ervice-revenue-vittorio-colao-vodafone-india]
Question 4: Should the Internet/OTT players pay for use of the Telecom Operators network over and above data charges paid by consumers? If yes, what pricing options can be adopted? Could such options include prices based on bandwidth consumption? Can prices be used as a means of product/service differentiation? Please comment with justifications.
Internet-based services and apps don’t pay for telecom operators for using the network, and it should remain the same going forward. Forcing Internet-based services to pay extra for using a particular network negatively impact consumers and harm the Indian digital ecosystem. As mentioned in the above answer, data revenues of Indian telecom operators is already on an upswing and is slated to increase rapidly over the next few years, hence the argument for creating a new revenue source is not justified.
Charging users extra for specific apps or services will overburden them, which in turn will lead to them not using the services at all. It is also akin to breaking up the Internet into pieces, which is fundamentally against what Net Neutrality stands for. Also, the Internet depends on interconnectivity and the users being able to have seamless experience - differential pricing will destroy the very basic tenets of the Internet.
Question 5: Do you agree that imbalances exist in the regulatory environment in the operation of Internet/OTT players? If so, what should be the framework to address these issues? How can the prevailing laws and regulations be applied to Internet/OTT players (who operate in the virtual world) and compliance enforced? What could be the impact on the economy? Please comment with justifications.
There is no regulatory imbalance in the environment in which the internet services and applications operate. In fact, the word “regulatory imbalance” is incorrect here. Telecom operators holds licenses to spectrum which is a public resource. Internet services and applications don’t have to acquire licenses. Moreover, there is a clear distinction between services provided by telecom operators and internet platforms—so no additional regulation is required.
Also, internet services and applications are already well-covered under the Information Technology Act, 2000 and Indian Penal Code, 1860. More importantly, internet services are intermediaries that allow a communication system for their users—and intermediaries cannot be held responsible for the acts of their users as per Section 79 of the IT Act, 2000. Our Supreme Court has recently ruled on this area in the Shreya Singhal versus Union of India case, holding that Internet content is protected by our Constitution’s right to free expression and setting out the acceptable limits for government regulation.
Question 6: How should the security concerns be addressed with regard to OTT players providing communication services? What security conditions such as maintaining data records, logs etc. need to be mandated for such OTT players? And, how can compliance with these conditions be ensured if the applications of such OTT players reside outside the country? Please comment with justifications.
The internet services and apps are well-covered under the existing laws and regulations. These include the Code of Criminal Procedure, Indian Telegraph Act, Indian Telegraph Rules, and the Information Technology Act and its different rules pertaining to intermediaries and interception. These different regulations allow the Indian government and law enforcement agencies to access the data stored by internet platforms when deemed legally necessary. Any additional regulations carry grave risk of breaching user privacy and would also require constitutional review - especially since the Government is still working on a proposed Privacy Bill.
The government and courts also have the power to block access to websites on the grounds of national security and public order. It has taken similar steps in the past and has been widely reported by the media. The transparency reports periodically published by major internet companies suggests Indian government routinely requests for user data and blocking of user accounts. Between July 2014 and December 2014, Indian authorities had 5,473 requests for data, covering 7,281 user accounts from Facebook and the company had a compliance rate of 44.69%. Google had a compliance rate of 61% with respect to the requests made by different government agencies across India.
Question 7: How should the OTT players offering app services ensure security, safety and privacy of the consumer? How should they ensure protection of consumer interest? Please comment with justifications.
Although user privacy and security is of paramount importance, additional regulation carries the inherent risk of breaching user privacy which is not in the consumer’s interest. The Information Technology Act, 2000 already addresses the security concerns of the user. But more importantly, any criminal act committed using these platforms can be tried under the Indian Penal Code. So, there is no need to burden the internet platforms with additional regulations.
Also, it is worth noting that many telecom companies in India have not made information publicly available as to whether and how they comply with regulations that guarantee security, privacy and safety of the customer. TRAI’s current paper fails to articulate why the internet services and apps should be brought under similar regulations.
Question 8:
In what manner can the proposals for a regulatory framework for OTTs in India draw from those of ETNO, referred to in para 4.23 or the best practices summarised in para 4.29? And, what practices should be proscribed by regulatory fiat? Please comment with justifications.
ETNO is similar to India’s COAI which makes it an industry lobby group. Understandably, the suggestions made by ETNO heavily favor the telecom companies and will be detrimental to customers if India refers to their suggestions.
ETNO’s stand have been widely criticized in the past. Europe’s own group of government regulators [Body of European Regulators for Electronic Communication (BEREC)]
http://berec.europa.eu/files/document_register_store/2012/11/BoR_(12)_120_BEREC_on_ITR.pdf ETNO’s proposals could jeopardize the “continued development of the open, dynamic and global platform that the Internet provides” which will “lead to an overall loss of welfare”. Additionally, the international free expression group Article 19 says ETNO’s proposal “would seriously undermine net neutrality.
According to Access Now, ETNO’s recommendations would have meant higher data charges for customers while from an entrepreneur’s standpoint, it will limit their ability to reach out to a wider market. For a small but fast growing startup and digital media sector in India, this can potentially ring the death knell. ETNO’s suggestions on this subject so far have failed to have been accepted by any government agency - including the regulators in their own host countries. It is therefore especially troubling that TRAI is choosing to make one of their proposals a pillar of this public consultation here in India.
Question 9: What are your views on net-neutrality in the Indian context? How should the various principles discussed in para 5.47 be dealt with? Please comment with justifications.
Net Neutrality, by definition, means no discrimination of traffic flowing on the internet with respect to speed, access and price. Chile and Brazil, which are developing countries just like India, have passed laws supporting net neutrality. This is in addition to government commitments to implement net neutrality legislation in the United States and European Union.
India has 1 billion people without internet access and it is imperative for our democracy to have an open and free internet where users are free to choose the services they want to access—instead of a telecom operator deciding what information they can access.
Internet apps and services are expected to contribute 5% to India’s GDP by 2020. That will only happen of entrepreneurs, big and small, have a level playing field that encourages innovation and non-preferential treatment—something that net neutrality ensures.
Assuming there is no net neutrality, only the big players will be able to strike deals with telcos while the smaller players remain inaccessible, which will go against the principles of net neutrality as listed below:
No blocking by TSPs and ISPs on specific forms of internet traffic, services and applications.
No slowing or “throttling” internet speeds by TSPs and ISPs on specific forms of internet traffic, services and applications.
No preferential treatment of services and platforms by TSPs and ISPs.
It is also worth noting that the proposed framework will give too much power in the hands of the telecom companies, which is not healthy for the ecosystem.
Question 10: What forms of discrimination or traffic management practices are reasonable and consistent with a pragmatic approach? What should or can be permitted? Please comment with justifications.
This question assumes that traffic discrimination is necessary and is a norm. Rather, traffic discrimination should be an exception as it is against the principles of net neutrality.
In such exceptional cases, telecom companies need to have the permission of TRAI or other competent government agency through public hearing to carry out “traffic management” to ensure transparency in the entire process. Further, it should be kept in mind that such steps shouldn’t interfere with the access, affordability and quality of the services.
More importantly, https://ec.europa.eu/digital-agenda.../Traffic Management Investigation BEREC_2.pdf jointly by BEREC and the European Commission suggest that the propensity of the telecom operators to restrict access of internet services is high. The report noted that telecom operators were most inclined to block and throttle P2P services on mobile as well as fixed line networks. VoIP, on the other hand, was blocked mostly on telecom networks.
Keeping this in mind, TRAI needs to ensure that instances of discrimination of traffic should be few, far between and, above all, transparent
Continued
Question 11: Should the TSPs be mandated to publish various traffic management techniques used for different OTT applications? Is this a sufficient condition to ensure transparency and a fair regulatory regime?
The question is based on the premise that publishing various traffic management techniques for Internet services will ensure a fair regulatory regime and therefore such discrimination is permissible. As I have repeatedly said in the above answers, discrimination of services will not bring about a fair regime for users.
Further, a recent study [http://bit.ly/1D7QEp9] in the UK has pointed out that merely publishing data on traffic management will not translate into a fair regime. The study found that most consumers did not understand traffic management or use it as a basis for switching operators. Those who did do so comprised a group perceived to be small or insignificant enough that most network operators did not seek to factor them into their product decisions, despite some consumers’ complaints about traffic management. In India where awareness and activism on issues of net neutrality is considerably less, it is unlikely to play the critical role that the Consultation Paper suggests.
Question 12: How should a conducive and balanced environment be created such that TSPs are able to invest in network infrastructure and CAPs are able to innovate and grow? Who should bear the network upgradation costs? Please comment with justifications
The underlying assumption of the question suggests that currently there is an imbalance in the environment within which telecom operators and internet services operate. However, as I have pointed out it my previous answers, no such imbalance exists. Telecom firms and internet services have distinct functions. The former has to provide the infrastructure to access content and the latter has to provide the platforms for users to create content. As financial results of the telecom operators and analysis by various independent agencies have shown that revenues from data are soaring. So, it makes logical sense for the telecom operators to invest to upgrade and improve their network infrastructure.
On the contrary, I would argue that there is no incentive for the telecom firms to invest to upgrade their networks if they charge the CAP instead of charging the customer for data. They would seek to further increase its revenues coming from the CAPs, a move that will be disastrous for India's telecommunications industry.
Question 13: Should TSPs be allowed to implement non-price based discrimination of services? If so, under what circumstances are such practices acceptable? What restrictions, if any, need to be placed so that such measures are not abused? What measures should be adopted to ensure transparency to consumers? Please comment with justifications.
Discrimination of services in any form is detrimental for the growth of the telecom industry itself and there should be no circumstance for a telecom operator to do so. Given the diverse nature of the Internet, telecom operators should not be allowed to determine what type of service should get more priority. For example, a consumer in India probably relies on VoIP calls to keep in touch with people abroad and if there is throttling of these services, it infringes on the user’s fundamental right of freedom of expression. An Internet service that a telecom operator thinks which could lead to traffic congestion, might be vital to consumers. Further, a telecom operator might use throttling to further a service promoted by them and induce consumers into using them, thereby eliminating choice.
Transparency alone will not bring about a fair regime for users, and it is crucial that TSPs be prohibited from discriminating between services
Question 14: Is there a justification for allowing differential pricing for data access and OTT communication services? If so, what changes need to be brought about in the present tariff and regulatory framework for telecommunication services in the country? Please comment with justifications.
As I have argued in my previous answers, there should be no differential pricing for data access and internet services. Therefore, the need for a change in the tariff and regulatory framework is not required.
It is important to note that nearly one billion people still don't have internet access in India - which means telecom companies stand to gain substantially from their data services in the near future. Moreover, different pricing is tantamount to discrimination which goes against net neutrality.
As stated before, customers should be charged on the basis of volume of data used and not on the basis of the internet services they are accessing.
Question 15: Should OTT communication service players be treated as Bulk User of Telecom Services (BuTS)? How should the framework be structured to prevent any discrimination and protect stakeholder interest? Please comment with justification.
Treating OTT communication service players as Bulk User of Telecom Services again amounts to discrimination of data services and hence it should not be allowed. The question also further assumes that the stakeholders are only the telecom operators and not the consumers. If only the interests of the telecom operators are protected by treating services which compete with their traditional services differently rather than innovating themselves, it would lead to a situation of anti-competitiveness. Telecom companies have an interest in imposing their control over information and communication networks, but the price of that would mean stifling competition, increased barriers for innovation and business and eventually infringe on the fundamental rights of Indian citizens.
Question 16: What framework should be adopted to encourage India-specific OTT apps? Please comment with justifications.
A recent Deloitte report titled Technology, Media and Telecommunications India Predictions 2015 predicted that paid apps will generate over Rs 1500 crore revenues in 2015 (http://bit.ly/1alhH5S). Increased acceptance of paid apps can only be possible if there’s Network Neutrality. In fact, Deepinder Goyal, the founder and CEO of the highly successful app Zomato recently commented "Couldn’t have built Zomato if we had a competitor on something like Airtel Zero"
The moment an app developer/company is forced to tie-up with a telecom operator to ensure that users opt for it, an artificial prohibitive barrier will be created. All app developers and the companies behind them need to be provided an even playing field.
We also need more reports on the Indian app economy, to understand, firstly, how the adoption and usage of apps is changing and, secondly, to comprehend its impact on the Indian economy.
Question 17: If the OTT communication service players are to be licensed, should they be categorised as ASP or CSP? If so, what should be the framework? Please comment with justifications.
The question of categorising doesn’t even arise, because as mentioned earlier any extra regulations or licensing is going to be detrimental to the end user. Requiring licensing of online services and mobile apps under the current telecom framework in India will have enormous negative consequences. The impossibly onerous burdens imposed by such licensing would results in many such globally developed services and apps not being launched in India - and our own startup efforts to develop local versions of such apps being killed in their early stages. The net results would be decreased consumer benefit and a massive slowdown in innovation and reduced “Make in India” efforts due to the regulatory cost of doing business becoming very high.
Question 18: Is there a need to regulate subscription charges for OTT communication services? Please comment with justifications.
Subscription charges for such apps need to be allowed to evolve as it would in a pure market economy. The subscribers (buyers) would want to pay the lowest possible price, and the app developers/companies (sellers) would want to charge as much as possible, eventually leading to a fair price.
Subscription charges for such Internet-based services have remained, more or less, quite low in India, especially because the cost of switching from one service provider to another is also quite low: This competition will ensure that charges remain fair, without the need to regulate them, going forward as well. As noted in response to earlier questions, existing Indian law also applies to online services - which would include the Consumer Protection Act and other regulations meant to prevent cheating or other illegal pricing issues.
Question 19: What steps should be taken by the Government for regulation of non-communication OTT players? Please comment with justifications.
As mentioned earlier, irrespective of what an OTT app is used for (communication, online shopping, etc) they’re all essentially Internet-based services, and hence there is no question of creating new regulatory measures.
Question 20: Are there any other issues that have a bearing on the subject discussed?
Here are the additional steps that I urge the TRAI to undertake in the interest of the public:
- Due to the absence of any formal regulations on net neutrality, TRAI should issue an order or regulation preventing network neutrality violations by telecom service providers. Some telecom companies have shown scant respect for the issues presently under consideration and despite its questionable legality have rolled out various services which violate network neutrality. Any delay in forming regulations or preventing them in the interim till the process is complete is only likely to consolidate their status. This is not only an affront to the Internet users in India but also to the regulatory powers of the TRAI.
- TRAI is requested to publish all the responses and counter responses to the consultation, including any other additional material, on its website.
- For better public involvement and awareness, open house debates should be held in major Indian cities after the consultation process is over.
In the US, there was a time when you had to pay for tethering. Imagine if it would happen in India
Terms of User Data Policy & User Agreement
These terms and conditions (“User Terms”) apply to your visit and your use of our websites (the “Website”), the Service and the Application (as defined below), as well as to all information, recommendations and/or services provided to you on or through the Website, the Service, and the Application. By using our Services, accessing our Website or downloading the Application you hereby agree to be bound by these User Terms.
• PLEASE READ THESE USER TERMS CAREFULLY BEFORE DOWNLOADING OUR APPLICATION AND/OR ACCESSING OUR WEBSITE OR USING OUR SERVICE.
• If you reside in a jurisdiction that restricts or prohibits the use of the Service or Application, you may not use the Service or the Application.
• The Service, Application and Website are provided by Free WiFi Password (hereinafter referred to as “we” or “us”). We provide the ability to obtain Internet access services offered by third party Internet access providers, business owners or individuals (the “Access Provider”), which may be requested through the use of an application supplied by us and downloaded and installed by you on your single mobile device (smart phone) (the “Application”). All services provided by us to you through your use of the Application are hereafter referred to as the “Service”.
• By using the Application or the Service, you enter into a contract with us (the “Contract”). If you are under the age of 13 you must not use our Service or download the Application. Your legal guardian or parent must agree to these terms for themselves and on your behalf if you are between 13 and 18 years old (or the age in your jurisdiction at which you are considered to be a minor). You represent that if you are registering on behalf of a legal entity, that you are authorized by such entity to enter into, and bind the entity to, these User Terms and register for the Service and the Application.
• These User Terms are subject to amendment by us from time to time. The amended version will substitute the former one upon release without further notice to you and will be made available on the Website for your review. The version on the Website shall be the most current version of the terms and shall apply to your use of the Service, Website or Application. By continuing to use the Service, Website or Application following the new User Terms being made available, you give your consent to the amended User Terms and they shall be binding upon you. You shall immediately stop using the Service, Website and Application provided by us if you do not accept the revised User Terms.
1. Service Rules
How does the Service / Application work?
The Application allows you to send a request for Internet access service to us. The Application detects the router information and sends your access information request to our platform. The platform matches the request with the shared password data stored on our platform and provides you with encrypted information via the Application to facilitate your connection. The password data is shared by an authorized Access Provider. The Access Provider has sole and complete discretion to share, not to share, or to blacklist the sharing of the WiFi passwords.
We do not provide Internet access services, and we are not a telecommunications carrier. It is up to the Access Provider to obtain authorization to offer/share Internet access, which may be requested through the use of the Application and/or the Service. We only act as an intermediary between you and the Access Provider.
The Website, the Application and the Service may from time to time contain advertisements or links to content provided by us and any of our third party vendors and partners. You agree that you shall have no claim, whether against us or any of our affiliates, third party vendors or partners, in respect of any income, profit or any other benefit, economic or otherwise, in respect of such advertisement or links. We will not be responsible for any third party content or links to any third party sites on our Website or the Application.
You may use the Services / Application as one of the following:
(a) “User” means a person who has downloaded the Application and consented to the User Terms for the use or potential use of the Application or Service.
(b) “Registered User” means a person who has signed up, consented to the User Terms and is registered with us for the use or potential use of the Application or the Service.
Both Users and Registered Users must agree to these User Terms before using the Website, Application or Services. However, certain additional product features will be made available to Registered Users from time to time, which may not be available to non-registered Users.
Changes to the Service / Application
We reserve the right to unilaterally change, suspend, limit, terminate or cancel the Website, the Application and/or the Service, partly or wholly, at any time for any reason, including but not limited to violation or evidence of violation of the User Terms, and without any prior notice to you.
Your use of the Service / Application
The information, recommendations and/or services provided to you on or through the Website, the Service and the Application is for general information purposes only and does not constitute advice. We will attempt to keep the Website and the Application and its contents correct and up to date but we cannot guarantee and are not responsible for ensuring that the Website and/or Application are free of errors, defects, malware and viruses or that the content on the Website and/or Application are correct, up-to-date and accurate. We may from time to time, but are not obligated to, create or provide any support, corrections, updates, patches, bug fixes or enhancements to the Website, the Application and/or the Services.
Violations of these User Terms
We will have the right to investigate and prosecute violations of any of these User Terms to the fullest extent provided by law. We may involve and cooperate with law enforcement authorities in prosecuting users who violate these User Terms. You acknowledge that we have no obligation to monitor your access to or use of the Website, Service, Application or any in-app content or to review or edit any in-app content, but we have the right to do so for the purpose of operating the Website, the Application and Service, to ensure your compliance with these User Terms, or to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body. We reserve the right, at any time and without prior notice, to remove or disable access to the Website, the Service or Application for or take legal action against you, if we, in our sole discretion, consider you to have committed an illegal act, be in violation of these User Terms or be acting in any way which is otherwise harmful to the Website, the Service or Application or other Users or Registered Users. In addition, we shall assist in the investigation into your activities upon request from any regulatory authority.
Ownership of the Services / Application
We possess the ownership of and the right to operate the Service. We will provide the Service in accordance with the User Terms and the corresponding rules and regulations issued by us.
2. Your Rights and Obligations
2.1 By using the Application or the Service, you further agree that you will:
(a) only use the Service or download the Application for your sole and personal use and will not resell it to a third party;
(b) Not authorize any third party to use your account and will keep secure and confidential your account password or any identification we provide you which allows access to the Service and the Application;
(c) not assign or otherwise transfer your account to any other person or legal entity;
(d) not use an account that is subject to any rights of or belonging to a person other than you without appropriate authorization;
(e) not use the Service or Application:
(i) for unlawful purposes, including but not limited to sending or storing any unlawful material or for fraudulent purposes;
(ii) to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws;
(iii) to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or in any way which violates any third party’s privacy or other rights;
(iv) to send or store material containing software viruses, worms, Trojan horses, malware or other harmful computer code, files, scripts, agents or programs;
(v) to interfere with or disrupt the integrity or performance of the Website, the Application or Service or the data contained therein;
(vi) for any form of malicious intent;
(vii) to cause nuisance, annoyance or inconvenience;
(viii) to upload or download large files or other unfair uses that may cause impairment of the Service for other Users, Registered Users or the Access Provider;
(f) not impair the proper operation of the network;
(g) not try to harm the Service or Application in any way whatsoever;
(h) not copy or distribute the Application or other content without our prior written permission;
(i) provide us with whatever proof of identity we may reasonably request;
(j) only share an Internet access point or information relating to an Internet access point which you own or are authorized to share;
(k) be responsible for ensuring that any information provided by you in relation to any Internet access point, including access passwords, are kept updated, unless you have notified us in accordance with these User Terms of your wish to withdraw your consent to sharing information to access your Internet access point. If there is any change to such information, you shall notify us and update such information within a reasonable period of time;
(l) notify us in writing if you wish to withdraw your consent to sharing or providing information relating to an Internet access point through the Application. We will remove all information relating to the Internet access point provided by you from the Application within 60 days of receipt of such notification from you;
(m) be responsible for standard messaging charges when requesting the Service or joining any contest held by us by SMS (if available in your jurisdiction);
not use the Service or Application with an incompatible or unauthorized device; and
(o) comply with all applicable laws of your home nation, the country, state and/or city in which you are present while using the Application or Service.
2.2 You must not attempt to gain unauthorized access to the Website, the Application or Service or its related systems or networks.
2.3 We may at our sole discretion cancel or delete your registered account if it has not been active for a reasonably long time.
3. Privacy Policy
Definition of personal data
You acknowledge that personal data is defined as data from which an individual (meaning a living or deceased natural individual and not including legal individuals such as incorporated bodies) can be identified. Examples of this may include: your official name, ID number, phone number, IP address and the email account you used to log in Google Play.
For what purposes do we process your personal data?
When you visit our Website and/or use our Application, we may process technical data such as your IP-address, visited webpages, the internet browser you use, your previous/next visited websites and the duration of a visit/session to enable us to deliver the functionalities of the Website and our Application. In addition, in certain instances, the browser and/or the Application may prompt you for your geo-location to allow us to provide you with an enhanced experience. With this technical data, our administrators can manage the Website and the Application, for instance by resolving technical difficulties or improving the accessibility of certain parts of the Website and/or the Application. This way, we are better able to ensure that you can (continue to) find the information on the Website and/or the Application in a quick and simple manner.
When you visit our Website and/or use our Application, we will also collect and process your data, such as your IP-address, country, language, mobile number, IMEI, device ID, MAC-address, information about the manufacturer, model, and operating system of your mobile device, including your mobile device’s screen resolution, and access point information, including SSID and BSSID. We use this data to enable us to deliver the functionalities of the Application, resolve technical difficulties, and provide you with the correct and most up to date version of the Application and to improve the operation of the Application.
When you register as a Registered User, we will collect your country, language, password, mobile phone number, IP-address and MAC-address. We will use your contact details to send you a welcoming SMS to verify your phone number and password, to communicate with you in response to your inquiries, and to send you service-related announcements, for instance, if our Service is temporarily suspended for maintenance. We will use your registration information to create and manage your account. If you are required to SMS us to complete the registration, standard SMS charges may apply.
We may also use your contact details to send you general updates regarding our news, special offers and promotions with your prior consent. You may at all times opt-out of receiving these updates by emailing us at [email protected] or by following the steps to unsubscribe more fully described in any relevant email you receive from us.
We also use your personal data in an anonymised and aggregated form to closely monitor which features of the Service are used most, to analyze usage patterns and to determine where we should offer or focus our Service. We may share this anonymised information with third parties for industry analysis and statistics.
Referrals
If you choose to use our referral feature in the Application to tell a friend about our Service, you will be prompted to enter your friend’s email address or mobile phone number or log into your preferred social network. Please ensure that you have your friend’s express permission to disclose this personal data before providing it to us. If you elect to refer a friend, we will automatically populate a message for you to send to your friend inviting him or her to try the Service on your behalf, however the actual message will be sent via your mobile device or social network and you will be able to edit the final message before you send it. We do not store your friend’s data.
Disclosure of personal data
When you request for Internet access services via the Application, we do not provide your personal data to any Access Provider.
We may employ third party companies (including our affiliated companies) and individuals to facilitate or provide the Service on our behalf, to provide customer support, to backup, maintain and process data (including your personal data we collected), to host our job application form, to perform Website-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website or Application’s features) or to assist us in analyzing how our Service is used. These third parties have access to your personal information only to perform these tasks on our behalf, are contractually bound not to disclose or use it for any other purpose, and are bound by legally enforceable obligations to provide to your personal information a standard of protection that is comparable to that under the Personal Data Protection Act (2012) of Singapore, as amended from time to time.
We will disclose your personal data to the extent that this is legally required, necessary for the establishment, exercise or defense of legal claims and legal process, or in the event of an emergency pertaining to your health and/or safety.
Your rights regarding personal data
As a User or Registered User, you have the right to access information regarding your personal account, including information that you’ve provided to us. You may at any time request correction or erasure of your personal data, and object to any processing of your personal data by emailing us at [email protected]. We will respond to your access and/or correction request within four weeks. You may also amend your personal details and withdraw any given consent using your account.
Security of personal data
We have taken appropriate technical and organizational security measures against loss or unlawful processing of your personal data. To this purpose, your personal data is securely stored within our database, and we use standard, industry-wide, commercially reasonable security practices as well as physical safeguards of the locations where data are stored. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information by you to us or to any third party is at your own risk.
4. Software Trademark
Any IPR involved in the Application, Services and Website (including that of our Connected Partners) signs and names of products and services shall be owned by us (or our Connected Partners as applicable). You are not allowed to display, use or otherwise deal with our (or our Connected Partners’) IPR or signs by any means or represent that you have the right to display, use or otherwise deal with such IPR or signs without our prior written consent. “IPR” shall mean any copyright, design rights (whether registered or unregistered), database rights, patents, utility models, trademarks, signs, logos, trade names, domain names and topography rights and any other intellectual property having a similar nature of equivalent effect anywhere in the world and any applications for or registrations of any of these rights.
5. Liability and Disclaimers
5.1 We shall in no circumstances be liable for:
(a) information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party. Any information or content transmitted by you or other Users or Registered Users of the Application or third parties through the Application does not represent our view or policy;
(b) damages resulting from the use of (or the inability to use) electronic means of communication through the Website or the Application, including, but not limited to, damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or computer programs, and the transmission of viruses;
(c) damages resulting from the use of (or inability to use) the Website or Application, including damages caused by malware, viruses or any incorrectness or incompleteness of the information on the Website or Application;
(d) any damages, loss or third party claims resulting from your sharing of or providing access to a WiFi hotspot;
(e) the quality of the Internet access services provided by the Access Provider or any acts, actions, behaviour, conduct, and/or negligence on the part of the Access Provider. Any complaints about the Internet access services provided by the Access Provider should therefore be submitted to the Access Provider;
(f) any server crash or network interruptions caused by any event of force majeure or any other circumstance outside of our control, including any data loss or other damage suffered by you;
(g) any data loss or other damage suffered by you during or in connection with any upgrade of the Services, Website or Application; and
(h) any costs incurred by you, including any charges for data, messaging and other wireless access services, associated with your use the Application.
5.2 You hereby agree to compensate and indemnify us and any of our contracted partners and affiliates (our “Connected Partners”) for any claims, suits, requests, damages or losses, including reasonable attorney’s fees, from third-parties resulting from the your breach of this Agreement or resulting from information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party, and hold us and our Connected Partners harmless for any claims, requests and suits against us or our Connected Partners.
5.3 You hereby acknowledge and agree that to the extent permitted by applicable law, we shall not be liable to you for any direct, indirect, accidental, special or follow-up losses, damages or risks caused by your use of or failure to use the Application and/or Services.
Your warranties, representations and undertakings
5.4 You shall be responsible for obtaining appropriate authorization from the owner of a WiFi hotspot when sharing such WiFi hotspot, including but not limited to the password and location of the WiFi hotspot, and for ensuring that all the information of any and all hotspots you share are secure. You hereby:
(a) warrant and undertake that you are either the owner of the WiFi hotspot or are appropriately and validly authorized by the owner of the WiFi hotspot to do so when sharing the details of such with us; and
(b) agree to indemnify us in respect of any loss or damage suffered by us in respect of a breach of this provision.
5.5 You hereby warrant, represent and undertake that any WiFi hotspot information obtained will be used by you strictly in compliance with any applicable laws. Any illegal action or breach of relevant law or rules is forbidden. We shall be exempted from any liability for any problems caused by the breach of this provision.
Exclusion of warranties
5.6 We do not provide the WiFi network connection or internet services and therefore we do not make any warranty or guarantee regarding the timeliness, security and accuracy of the Service, and you hereby agree that we shall have no liability to you in respect of or in connection with any communication failure.
5.7 To the extent permitted by applicable law, we do not give any warranties, representations or undertakings in respect of the Application, whether express or implied, or in decrees, including but not limited to problems related to merchantability, applicability, non-virus, negligence, or technological flaw, and any warrant and conditions, express or implied, to ownership and non-infringement.
6. Miscellaneous
6.1 You should read these User Terms clearly before using the Service, Website and/or Application.
6.2 Any invalidation of any clause, partly or wholly, shall not affect the validity of other clauses herein.
6.3 These User Terms shall be governed by the laws of Singapore. Any dispute, claim or controversy arising out of or relating to these User Terms or the breach, termination, enforcement, interpretation or validity thereof or the use of the Website, the Service or the Application (collectively, “Disputes”) will be settled exclusively by the competent court in Singapore.
6.4 These User Terms, together with any of our policies notified to you from time to time, set out the entire agreement between you and us and you have not entered into these User Terms in reliance upon any promise or understanding which is not expressly set out in these User Terms.
6.5 These User Terms may be translated into non-English language versions. In the event of any inconsistency, conflict or uncertainty between this English language version and any non-English language version of these User Terms, this English language version shall prevail and apply.
6.6 Any failure or delay by either of us in exercising our rights under these User Terms shall not constitute a waiver of such right and shall not restrict the further exercise of that right or any other remedy.
6.7 These User Terms shall apply to your relationship with us and shall not confer any rights on any third party.
Free WiFi Password
Last updated, Nov 2016
Wheres app
As Louis Rossmann keeps pointing out, the devices we buy today are no longer fully owned by us. It has almost become like we only pay for purchasing the hardware, but pretty much everything after that isn't under our full control, including the decision to replace a component (if it is broken).
The software that drives the hardware requires a whole lot of permissions (many of which are unnecessary for core functions) to be granted, and the hardware would be useless if those permissions aren't granted. The user is completely unaware of this when buying the hardware. So the money he paid for the hardware would be completely useless if he doesn't agree to the things that the software forces him to agree, AFTER THE SALE/ PURCHASE!
And then on top of everything is the Privacy Policy! Alteast 50% (and I'm being extremely conservative here) of the features you would want from any app is locked behind a Privacy Policy that:
1. No one reads or understands
2. Most of these Privacy Policies are simple copy-paste from standard templates. The makers of these apps too have no idea (forget control) about them.
3. 'Data collected and shared with 3rd parties will be handled in accordance with their respective Privacy Policies' is a total rubbish statement.
Even the most basic apps such as the gallery, file manager, music player, video player, etc. are locked behind Privacy Policies, and the apps won't work if you don't agree to them. This is ridiculous. And more so because these are new 'agreements' that are presented to you 'post the purchase'.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
GDPR passed by the EU is a welcome step in protecting user privacy, but is completely ineffective. All it does is to force OEMs or app developers to show a Privacy Policy message (that no one reads or understands), and then everything is the exact same as before.
Should data collection be stopped completely? But if not, should there be very strict regulations on what data can be collected? Should stock apps and software be allowed to collect data or have any sort of privacy policies, given that the customer paid to use the hardware out of the box, without having to agree to new contracts/ agreements he is completely unaware of at the time of purchase?
One of the very 1st screens that you see when you setup a phone (such as a brand new phone or a factory reset phone) is the OEM Privacy Policy. This is an agreement you weren't aware of when you bought the new phone.
This is an agreement you MUST agree to use a product that you already paid for. There isn't a choice available here.
Agreements must be presented BEFORE a payment is required, not after!
It is only a handful of companies that are the end users of data collected, such as Google, Facebook, and the OEM themselves. All the apps that collect data are essentially just a medium for these companies to collect user data. Most app developers themselves have no use for the data collected, except for passing them on to these companies in return for some payment.
Their declaration that 'Data is collected to improve the app or service provided' is mostly a lie.
Regulating what data is actually collected, and whether services such as those offered by Meta (formerly FACEBOOK) should even be allowed is something regulators must seriously look at.
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
wenyendev said:
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
Click to expand...
Click to collapse
GDPR, from what I know, is ONLY ABOUT OBTAINING USER CONSENT for collecting data about the user. Or atleast that is how the implementation has been.
Without user consent, data cannot be collected, which essentially results in the individual not being able to use the device, as that is how companies have ensured compliance.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
This defeats the purpose of ensuring user privacy that one would expect from a regulation like the GDPR.
Has GDPR been formulated in a way that protects user privacy? It is safe to say NO! All that it has done is to present the user with a policy statement that must be accepted, and there is no choice that the user has in respect of being able to use the device without accepting those.
More importantly, as pointed out in #3, the data is being collected by hundreds and thousands of apps, which by themselves have no control or use for the same. And all data ends up with a handful of corporations who process them in ways that are not clear to the user.
For example, most smartphones now come with Meta Services pre-installed. What is this service doing? I don't see an option to opt-out of it and still be able to use the device. OEMs don't allow for such services to be uninstalled either, so user has to rely on 3rd party tools to have them removed, and the process almost always has a negative implication on warranty.
It is time regulators all over the world start working in implementing laws in genuine ways that prevent corporations from abusing user privacy.
Then, that is not a question of consent, but of bowing your head or not.
Submit to my terms, and you will get this or that. Otherwise, you cannot use my apps, services.
It's like legalizing lynching, your privacy is violated, and the third parties remain unpunished, laws like GDPR are merely cosmetic.
At philosophical level, what we have discussed above could possibly (and humbly) be summarized in one sentence "which is to be master", from Lewis Carroll's "Through the Looking-Glass".
“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean — neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master — that’s all.”
Click to expand...
Click to collapse
A relevant legal case in history was Liversidge vs Anderson during WWII.
Liversidge v Anderson - Wikipedia
en.wikipedia.org