AdGuard’s digest: Automakers get the green light to harvest private texts, Apple throws in the towel, YouTube’s privacy woes mount
In this edition of AdGuard’s digest: Court rules it’s OK for automakers to read your texts, Apple resigns to opening up its ecosystem, more privacy activists challenge YouTube over its anti-adblock stance, as WhatsApp introduces a privacy-protecting feature.
Automakers have the right to collect your private texts… apparently
A judge in Seattle, Washington has ruled that automakers do not violate state privacy laws when they record and intercept car owners’ texts and call logs. The ruling came in a class-action lawsuit that accused automakers — Honda, Toyota, Volkswagen and General Motors — of collecting car owners’ private messages and logs when their phones are plugged into infotainment systems.
According to The Record, the judge said the practice did not appear to constitute an invasion of privacy serious enough to be considered illegal under the Washington Privacy Act (WPA). In the lawsuit, the plaintiffs alleged that the company whose software some car companies use to slurp up their messages made it impossible for car owners to retrieve the texts while also making the messages available to law enforcement. These considerations, dystopian as they may sound, did not sway the judge, who dismissed the case.
The ruling sets a troubling precedent, normalizing the mass collection of users’ personal information without their explicit consent — and who on earth would have consented to having their private text messages shared with a car manufacturer? It also highlights the disparity in privacy standards across the US. While California is holding automakers accountable for their privacy practices, Washington seems to be letting it slide. One can argue that if the US had a federal privacy law similar to the EU’s GDPR, things like this would have been impossible. As for what automakers can collect on car owners, there’s a long list, and there’s hardly anything you can do about it. As far as we are concerned, reining in this data mining should be high on the regulators’ radar.
Apple gives up, hints it’ll open up iPhones to third-party stores in EU
In its latest filing, Apple said it would make changes to its App Store policies to comply with the EU’s Digital Markets Act. As a “gatekeeper” under the DMA, Apple is expected to give users the option to download apps from alternative sources, such as Google Play or independent third-party stores like F-Droid. Apple said the forthcoming changes could also affect what it charges developers for access to its platform, and hinted that developers will be able to link to alternative payment methods directly from their app listing in the App Store.
Apple acknowledged that these and other changes it may have to make under pressure from EU regulators could “reduce the volume of sales” and its commission revenue. Indeed, if Apple’s walled garden is opened up to other players, some app developers are likely to choose other distribution methods that do not involve a 30% commission for high revenue apps.
High commissions are not the only problem with the two dominant app stores (Google Play and App Store), opaque review processes and arbitrary rule enforcement is the other. Ultimately, the fact that Apple is being forced to open up its closed ecosystem is a good thing, as it should encourage competition and better service (and prices) for both consumers and developers. At least we hope so. Apple has until March 2024 to comply with the law.
Privacy challenge to YouTube’s crackdown on ad blockers gains steam
In our previous digest, we mentioned a privacy challenge that YouTube is now facing due to its crusade against ad blockers:
Alexander Hanff, a privacy advocate, filed a complaint with the Irish Data Protection Commission (DPC) against YouTube’s use of JavaScript code to detect ad blockers. He told The Register that this code violates the EU privacy laws, specifically the ePrivacy Directive. This directive requires explicit consent from users for any access to or storage of information on their devices that is not strictly necessary for providing the requested service. Hanff argues that YouTube’s ad block detection script is not necessary for its service and, consequently, should not be allowed to interfere with users’ browsers without their consent.
Hanff later told The Verge that he considers anti-ad blocking scripts nothing more than “spyware.” Now, concerns about the privacy implications of YouTube’s crackdown on ad blockers have been raised by another privacy advocate, Patrick Breyer. The latter equated YouTube’s attempt to suppress ad blockers with forcing users “into surveillance advertising and tracking.”
The DPC has already accepted Hanff’s complaint, so we will have to wait and see what happens next. If the EU Commission agrees with Hanff, it could lead to a turnaround in YouTube’s treatment of ad blockers. But the EU Commission is also likely to take into account YouTube’s objections that ad blocking violates its ToS. And although we root for the activist to win in this privacy challenge, it will be a long shot.
WhatsApp lets you hide your IP address from your contacts
WhatsApp, a messaging service owned by Meta, has introduced a new feature that allows users to hide their IP address from the people they are communicating with. This way, their real location cannot be traced by their contacts. To activate this feature, you need to go to Settings → Privacy → Advanced.
Once the feature is enabled, WhatsApp will relay the calls through its own servers instead of establishing a direct peer-to-peer connection, Zdnet explains. While this feature will help to protect your identity, enabling it may come at a cost. WhatsApp notes that turning on the setting “will reduce call quality.”
WhatsApp uses end-to-end encryption, which means that it should not be able to snoop on your calls or text messages, even though it is responsible for routing the calls through its relay servers.
This feature can help users to obscure their location, which may come in handy to those who are concerned about their real whereabouts becoming public knowledge. However, overall, WhatsApp is probably not the most secure or reliable messaging service available. For one, it can share metadata, including your phone number and profile name, with its parent company, Meta. And even though the contents of your messages may remain private, WhatsApp can still share your IP address with “Meta companies.”