'Moves' fitness app races to change privacy policy after Facebook acquisition

Filed Under: Facebook, Featured, Privacy

Shoes. Image courtesy of Shutterstock.Remember how Bill Clinton told a grand jury he wasn't lying about his relations with Monica Lewinsky because it all boils down to what the meaning of "is" is?

Facebook's pulling the same semantics shtick with the meaning of the term "share" vs. "commingle", and it's looking like the personal data of 'Moves' app users will get squished somewhere in between the two.

Moves is a fitness and activity tracking app that Facebook snapped up on 24 April. It does things like count how many steps you take every day, then presents it in a slick interface on your mobile phone.

You'll recall, of course, that Facebook and WhatsApp have been swearing up, down and sideways that WhatsApp's data sharing policies won't change after Facebook acquires the app.

Similarly, following the Moves acquisition announcement, a Facebook spokeswoman said that the two companies wouldn't "commingle" data.

According to the Wall Street Journal, the spokeswoman reiterated that no-commingling position on Monday.

Nope, no canoodling, no commingling.

But, well, the companies do plan to share data, she said.

Imagine journalists across the land scampering to their online dictionaries. What in the world is the difference between "commingle" and "share?"

What it boils down to, a Facebook spokesperson told me, is that Facebook is going to get all the data that Moves has on its users, but that it would refrain from cross-referencing that with its own data to see what users the two companies have in common:

Commingling, or merging, data would allow us to identify Moves users who are also Facebook users – we have no plans to do that. In other words, Facebook is not adding Moves user data to a Facebook user’s Facebook account. But, Facebook will be providing support and services to the Moves app and to be able to do this, we have to have access to the data that Moves already collects from its users – which is ‘sharing’ data.

Accordingly, Moves's put up a new privacy policy that says it can "share information, including personally identifying information, with our affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook)".

It's not hard to see that Moves data would be very valuable to Facebook.

When you're talking about personal data, this app is about as personal as the sweat dripping off your forehead.

Moves screenshotMoves employs motion sensors inside Apple and Android phones and mixes it with GPS information to track a user's location and activity throughout the day.

That means the app knows not only a user's location, as in, pinpointed down to an exact building, but also whether he or she got there on foot, bike or bus.

That's a lot to know about somebody.

In fact, it's that type of personally identifiable information (PII) that researchers recently found leaking out of WhatsApp, which was calling out to Google Maps without using Secure HTTP (HTTPS) when users shared their location.

That's scary, given that such a lack of security would allow attackers to sniff network traffic between phones and Google's servers and to then pinpoint you as soon as you share your location with other WhatsApp users.

Now, with the Moves acquisition, Facebook will have that same kind of precise, location-based user PII.

Plus, Facebook will be kind of like a stalker who doesn't have to leave his house to figure out whether you're pedaling, on foot or riding the bus.

Should we get ready for new mobile phone ads that target our bicycle-related purchases?

At the very least, we should bear in mind that privacy policies are, shall we say, a tad ephemeral.

Image of shoes courtesy of Shutterstock.

, , , ,

You might like

2 Responses to 'Moves' fitness app races to change privacy policy after Facebook acquisition

  1. Stace · 135 days ago

    I like my handy dandy pedometer which doesn't connect to anything :). It's small and slim, fits in my pocket and I don't have to worry about it sending out PII

  2. It doesn't surprise me, especially when something like a flashlight app requires access to everything? Go figure...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.