Pokémon Go Privacy Invasion
As you may recall from my article last Monday, I just spent a week in lovely Costa Rica. My family and I swam, sailed, snorkeled, communed with wildlife and parasailed high above the Pacific Ocean.
We didn’t see any Pokémon. That’s because, unlike much of the rest of humanity, we weren’t looking for any using the app that’s taken the world by storm: Pokémon Go.
Surprisingly, my preteen daughter didn’t object to our Pokémon-free existence. To my great satisfaction, she appears to enjoy more cerebral pursuits … mostly.
But even if she’d begged me, I’d have refused to cave in. No Pokémon Go for us. That’s because I don’t fancy turning my family into tradable data points … and neither should you.
Unfortunately, Pokémon Go is the least of our worries in this respect…
Pokémon Go: The Product Is YOU
Old-timers like me remember actually paying for software. Remember upgrading to a new version of Windows or Microsoft Office every year or so? In those days, getting complex applications for free, like those available for today’s smartphones, was unthinkable.
That’s because, up until about five years ago, the software itself was the product from which developers made their profit. It was no different from selling cars, refrigerators or any other complex manufactured product.
No more. I still pay a nominal fee every year to “subscribe” to updates of some software products, but many that I use daily come completely free.
It’s not that they’re cheap to develop — quite the opposite. Today’s software is orders of magnitude more complex and powerful than the stuff for which we used to pay hundreds of dollars.
That’s because today’s software isn’t the revenue-generating part of the business model. It’s not the main thing being sold for profit.
Beware Geeks Bearing Gifts
Over the past few years, I’ve warned repeatedly that hacking is only one part of the digital-age threat. Less obvious — and more insidious — is the process by which you are turned into a commodity to be traded for profit by the companies whose products you use.
The best-known examples are big online outfits like Google and social networks like Facebook. Both provide their user-facing services for free. Both, however, spend most of their efforts not on improving those services, but on harvesting information about you that can be sold to the highest bidder.
My favorite example is the poor fellow who searched Google for “pancreatic cancer” and started seeing online ads for funeral homes. Another is the father who received a mailer from some company with the words “DAUGHTER KILLED IN CAR ACCIDENT” printed on the envelope. Some idiot had misconfigured the marketing algorithm, and the targeting criteria were being printed on thousands of mailers.
Google and Facebook (and many others) started out making money by selling microtargeted online ads to third parties like those funeral homes. But they quickly learned that they could make even more money by selling the data that advertisers use to do that microtargeting. Precise figures are hard to find, but given that marketing companies report 200% to 300% increases in revenue using such data, it’s safe to say that the big data harvesters are coining it by selling you to them.
Pokémon Go takes this one step further. It doesn’t have any adverts at all. To the user, it appears completely ad-free. But advertisers will still be paying to get at those users … in a much more dangerous way.
Boldly Going Where No App Has Gone Before
Pokémon Go has been downloaded 20 million times in the U.S. It’s just rolled out in Asia and Europe. Nintendo’s stock price has soared by more than 50% in two weeks. Pokémon Go has already overtaken Twitter in daily active users and is even closing in on Facebook.
While the app is free, users can make in-app purchases like lures to attract Pokémon to your location or “cages” to keep them in. However, the game is about to unleash one of the most potent advertising campaigns in digital history … all by selling frighteningly detailed information about its users.
For example, the app will soon offer “sponsored locations” to paying partners. Geotargeting and geofencing technology will allow advertisers to target specific buildings and match that to signals from mobile devices. Advertisers will know exactly where you are and serve ads based on your precise location — just like that infamous shopping-mall scene from Minority Report.
By paying Pokémon Go’s developers a big fee, a brand like McDonald’s (whose logo has already been spotted in Pokémon Go’s code) will be able to turn its stores into desirable locations in the Pokémon virtual universe. That will draw players to those locations, where they will be tempted to buy stuff “IRL” — in real life. Advertisers will be charged on a “cost per visit” basis, similar to the “cost per click” Google charges advertisers.
Gotta Catch ‘Em All
Initial reports that Pokémon Go harvests detailed Google account information, like the contents of emails, seem to have been incorrect.
But the app’s owners don’t need that stuff. They’re going for something bigger. They want to know your location at all times so they can sell that information to the highest bidder.
I doubt there are many Pokémon Go players on the Sovereign Investor Daily mailing list. Considering that criminals have already used the app to mug players, that’s a good thing.
But there are dozens of smartphone apps that do the same thing. I’m so concerned about this that I’m planning to update my privacy report to include a list of the most dangerous apps, and where possible, how to avoid their hazards.
Justice Louis Brandeis once defined privacy as “the right to be let alone.” If that’s what you want, it’s up to you to ensure it happens.
Editor, The Bauman Letter