Results 1 to 9 of 9
  1. siogeek's Avatar
    Posts
    24 Posts
    Global Posts
    26 Global Posts
       #1  
    I just came across this on slashdot:

    Slashdot Your Rights Online Story | Palm Pre Reports Your Location and Usage To Palm

    It sounds like the pre is sending usage information including your GPS location back to palm without your consent. I haven't been able to read the orignial article yet, but this doesn't sound right.

    How do we get Palm to change this?
  2. #2  
    information from the actual website, since it's getting slashdotted

    I've been taking a closer look at the WebOS side of my Palm Pre tonight, and I noticed that it periodically uploads information to Palm, Inc.

    The first thing sent is intended to be my GPS location. It's the same location I get if I open the map app on the Pre. Not very accurate in this case, but I've seen it be accurate enough to find my house before.

    { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

    Here they can tell every WebOS app I use, and for how long.

    { "appid": "com.palm.app.phone", "event": "close", "timestamp": 1250006362 }
    { "appid": "com.palm.app.messaging", "event": "launch", "timestamp": 1250006422 }
    { "appid": "com.palm.app.messaging", "event": "close", "timestamp": 1250006446 }

    It sends the above info on a daily basis.

    2009-08-10t09:15:10z upload /var/context/pending/1249895710-contextfile.gz.contextlog ok rdx-30681971
    2009-08-11t09:15:10z upload /var/context/pending/1249982110-contextfile.gz.contextlog ok rdx-31306808

    There is also some info that is recorded when a WebOS app crashes. Now, I've seen WebOS crash hard a time or two, but it turns out apps are crashing fairly frequently behind the scenes, and each such crash is logged and a system state snapshot taken. At least some of these are uploaded, though if things are crashing a whole lot it will be throttled.

    2009-08-09T17:01:22Z upload /var/log/rdxd/pending/rdxd_log_59.tgz OK RDX-30246857
    2009-08-09T17:05:36Z upload /var/log/rdxd/pending/rdxd_log_26.tgz OK RDX-30249465
    2009-08-09T17:09:11Z upload /var/log/rdxd/pending/rdxd_log_56.tgz OK RDX-30252374
    2009-08-09T17:11:46Z upload /var/log/rdxd/pending/rdxd_log_70.tgz OK RDX-30253958
    2009-08-09T17:16:29Z upload /var/log/rdxd/pending/rdxd_log_67.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:17:28Z upload /var/log/rdxd/pending/rdxd_log_51.tgz ERR_UPLOAD_THROTTLED_DAILY
    2009-08-09T17:20:40Z upload /var/log/rdxd/pending/rdxd_log_21.tgz ERR_UPLOAD_THROTTLED_DAILY

    Each tarball contains a kernel dmesg, syslog, a manifest.txt listing all installed ipkg packages (including third-party apps), a backtrace of the crash, a df (from which they can tell I'm using Debian on the phone), and ps -f output listing all processes owned by root (but not by joey).

    The uploading is handled by uploadd, which reads /etc/uploadd.conf:

    [SERVER=rdx]
    RepositoryURL=https://<HOST>/palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https://<HOST>/palmcsext/RDFileReceiver

    [SERVER=context]
    RepositoryURL=https://<HOST>/palmcsext/prefRequest?prefkey=APPLICATIONS,RDX_SRV
    UploadURL=https://<HOST>//palmcsext/RDFileReceiver

    The "HOST" this is sent to via https is ps.palmws.com.

    My approach to disable this, which may not stick across WebOS upgrades, was to comment out the 'exec' line in /etc/event.d/uploadd and reboot. However, then I noticed a contextupload process running. This is started by dbus, so the best way to disable it seems to be: rm /usr/bin/contextupload

    BTW, since Palm has lawyers, they have a privacy policy, which covers their *** fairly well regarding all this, without going into details or making clear that the above data is being uploaded.
    My first impression is why not alter the conf file instead of blowing away the program itself? change <host> to 127.0.0.1 or even set up your own https server and re-route the files there?
  3. siogeek's Avatar
    Posts
    24 Posts
    Global Posts
    26 Global Posts
       #3  
    Quote Originally Posted by victorkruger View Post
    My first impression is why not alter the conf file instead of blowing away the program itself? change <host> to 127.0.0.1 or even set up your own https server and re-route the files there?
    That was my first thought as well. However, I kinda feel like Palm should know that this is not cool. Personally, I would be happy if they just had an option to disable the information dumping. To do this silently stinks.
  4. #4  
    Quote Originally Posted by siogeek View Post
    That was my first thought as well. However, I kinda feel like Palm should know that this is not cool. Personally, I would be happy if they just had an option to disable the information dumping. To do this silently stinks.
    I agree with you that an opt-out function would have been nice.

    but that horrible palm agreement statement that 99.9% of us agreed to had verbage stating that they're going to collect info about how we use the phone.

    I've just altered the conf file on mine to 127.0.0.1 and that should keep them from prying into my life from now on.

    the odd thing is that i checked the log of the last time they uploaded info from my phone and it was back in july.
  5. #5  
    Quote Originally Posted by siogeek View Post
    That was my first thought as well. However, I kinda feel like Palm should know that this is not cool. Personally, I would be happy if they just had an option to disable the information dumping. To do this silently stinks.
    Palm and other companies knows this isn't cool. They know we don't like to be tracked. That's why they have vague or one sided EULAs and such.

    The local host edit sounds like the right trick and Palm will notice they don't know where my phone is anymore UNLESS I LET THEM.

    If someone would let us know just where to place 127.0.0.1, that would be fabulous.

    Edit: Do I just place it in the "upload url" line?
    Last edited by ElPhantasmo; 08/12/2009 at 02:27 PM. Reason: question
  6. #6  
    Quote Originally Posted by ElPhantasmo View Post
    Palm and other companies knows this isn't cool. They know we don't like to be tracked. That's why they have vague or one sided EULAs and such.

    The local host edit sounds like the right trick and Palm will notice they don't know where my phone is anymore UNLESS I LET THEM.

    If someone would let us know just where to place 127.0.0.1, that would be fabulous.

    Edit: Do I just place it in the "upload url" line?
    change <host> to 127.0.0.1 should do the trick. i did it to every instance of <host> there was on the file.
  7. acydlord's Avatar
    Posts
    67 Posts
    Global Posts
    72 Global Posts
    #7  
    I wonder if they turned off the 'send usage statistics' option in location services before writing that article.
  8. #8  
    Quote Originally Posted by acydlord View Post
    I wonder if they turned off the 'send usage statistics' option in location services before writing that article.
    That's a damn good question? Can anyone verify this? Where is the log file on the Pre? I have "Background Data Collection" turned off since day one.

    Background Data Collection: "Allows Google to automatically collect anonymous location data to improve the quality of location services." Nothing about Palm.

    I'll turn it back on and check the log file, then give an update if anything changes, or any thing useful.
  9. #9  
    Can't you just turn it off on the location settings page?and yea, it seems to be Google, not Palm.

Tags for this Thread

Posting Permissions