Every Streaming Company Not Named Apple Receives A Lousy Grade On Privacy
from the unimportant-afterthoughts dept
While streaming providers and hardware companies see significantly higher consumer satisfaction rates that traditional cable TV, their privacy practices still leave something to be desired. That's according to a new breakdown of streaming service privacy policies by Common Sense Media, which doled out terrible grades to pretty much everybody not named Apple:
"Our privacy evaluations of the top 10 streaming apps indicate that all streaming apps (except Apple TV+) have privacy practices that put consumers' privacy at considerable risk including selling data, sending third‐party marketing communications, displaying targeted advertisements, tracking users across other sites and services, and creating advertising profiles for data brokers."
Of course their privacy practices suck because being terrible on privacy is perfectly legal in a country that can't manage to pass even a basic privacy law for the internet era. Not a law cracking down on the dodgy behavior by third party data brokers. Not a law that implements some basic transparency requirements so consumers know what's being collected and who it's being sold to. And not a basic law that implements something vaguely resembling real accountability for companies that can't be bothered, time and time again, to properly secure their networks, devices, and servers from intrusion.
The firm took a deep dive into the data collection and sharing practices of 10 different streaming services and hardware vendors, from Netflix and Disney+ to Roku. They closely examined what data was being collected, how much of that collection was transparent to the end user, and where that data was sent. They also took a close look at device security using the Consumer Reports' Digital Standard, a promising new metric that attempts to standardize security practices so they can be included in product reviews.
Some of the failures were downright ugly, like making no real exceptions for the data collection of children. Many of the issues revealed weren't the end of the world, but they make it repeatedly clear that companies aren't being transparent about what is collected, and often enjoy making opting out of data collection and monetization as cumbersome and annoying as possible:
"The Roku Streaming Stick+ set‐up process did not display notice of privacy settings or choices a user can make about sharing data. Only after the Roku device has completed setup can users navigate to the "Settings" menu, and choose to opt in to the single privacy setting "Limit Ad Tracking" which is not enabled by default. This setting is worded in such a way that it may be misleading that opting in to limiting a worse practice is actually opting out of use of your data for that worse practice, which is not a principle of privacy by design."
There's a consistent drumbeat of arguments that tend to focus on how it's simply impossible for our Luddite Congress to pass a useful privacy law. But again, it wouldn't be at that difficult to write a clear law, with input from major stakeholders, that simply mandates clear communication on what's being collected and how to opt out of it. But we can't even do that. Instead we've got complete apathy toward the privacy and security internet shit show on the federal level, which created a discordant wave of less than impressive and often convoluted state-level laws.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data collection, privacy, streaming
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
When I first read the title of this article in my feed, I assumed it's going to be about how Apple "misled" the authors of that review into giving their system a better rating.
[ link to this | view in chronology ]
Re:
Apple is like the cops or... well, lots of things. It's easy to imagine they did something stupid from a small bit of info because of precedent.
[ link to this | view in chronology ]
Re:
Honestly, yeah. I trust Apple about as far as I can throw Steve Jobs' coffin one-handed.
[ link to this | view in chronology ]
The Haystack Principle
Of course, there's also the takeaway that the more advertisers/big data think they know you, the more they don't. Take the example of someone buying toilet paper on Amazon, and then they flood that person with ads of toilet paper not taking one-time purchasers into account. The advertisers think that they know people's behavior that way, but actually don't.
This is sometimes called The Haystack Principle: The larger the haystack, the harder it is to find a needle.
[ link to this | view in chronology ]
Re: The Haystack Principle
Nope. A larger haystack does not make it more difficult to find the needle, it only means that finding it will require more time. A fair bit of difference there.
[ link to this | view in chronology ]
Re: Re: The Haystack Principle
"A larger haystack does not make it more difficult to find the needle, it only means that finding it will require more time"
This is where the analogy falls apart. If you have a physical haystack, you know all the properties of the hay and the needle, and you have a definitive target. More hay doesn't make a difference to the target, and in fact might not make any difference at all to the timing if you're using a metal detector or some other device instead of searching by hand.
With data it's different, especially if you're trying to find the definition of the target while you're searching. Bad data can lead to bad conclusions, increasing the amount of bad or irrelevant data might mean that you'll never find the target at all, because it leads you to define the wrong thing. If I'm looking for a new home cinema system, but most of the data you're basing your ad targeting on is from when I was looking after my nephew for a week watching Minecraft and Fortnite videos, you're probably not going to target me with the right ads. "Needle in a haystack" doesn't work when you suddenly decide that what you're looking for is a LEGO brick instead.
[ link to this | view in chronology ]
Re: The Haystack Principle
"Take the example of someone buying toilet paper on Amazon, and then they flood that person with ads of toilet paper not taking one-time purchasers into account."
Yeah, I've suffered through a lot of irrelevant "targeted" data over the years, whether it's ads trying to push flights or accommodation for the trip I've already booked or being bombarded by ads for a company where I already looked at their product and decided to buy from a competitor.
Having data doesn't mean that you're going to be able to pull accurate conclusions from that data, and in fact it can make it less likely over a particular issue.
[ link to this | view in chronology ]
When in doubt, don't give the company that information.
Or just don't give them that information, full stop.
Just because it is in the privacy policy does not mean that the company implements the policy in practice. Or that the company's data security practices will keep out the first person to (checks notes) add 1 to the id. Or sets a password on their cloud storage server.
There's so much awful available to companies these days that the practices on paper are almost the least of what you need worry about.
[ link to this | view in chronology ]
is this the same group?
"There's a consistent drumbeat of arguments that tend to focus on how it's simply impossible for our Luddite Congress to pass a useful privacy law. "
That can hide data under the securities act? That cant get Many of its own agencies to give Freedom of info, Information to the People asking for it?
[ link to this | view in chronology ]
Never minding the television itself.
[ link to this | view in chronology ]
2 questions
Isn’t common sense a far right think tank group about purity in kids shows?
And second, am I the only one here who likes targeted advertising?
I mean, seriously, if you’re gonna get adverts they may as well be relevant, no?
[ link to this | view in chronology ]
Re: 2 questions
That would be great if they actually worked. I looked for flowers for Mother's Day last year and I'm still getting ads for one of the sites I rejected now. I regularly get ads for cities I've already booked travel to, hotels I've already booked a room in, services I've been a member of for years.
That's actually more annoying than having to sit through ads for tampons, dog food and other things I'd never need to buy during a TV show, IMHO.
[ link to this | view in chronology ]
Re: Re: 2 questions
Well, I can understand that.
Actually I tend to get ebay and other sales sites selling things I already bought.
But it’s better than fake casinos and buy wives from Nepal.
But I have all tracking on, and cross tracking. So it’s probably a larger platform.
I also use a targeted item blocker. If a specific ad bugs me I “zap” it and never see it again.
Also Works great for never loading pointless bling like “recommendations” and “top picks” at sites like IMDB and Amazon.
Click the icon, line up the field, and click.
Gone. Forever.
I’ve actually managed to turn IMDB back into something close to the old design from the early 2000s by blocking all the fancy crap.
Most ad hosts will load a new ad if one doesn’t display correctly. So I can knock out crap of zero interest to use and not see them again.
Every few days something somewhere peaks my interest and the site gets a bit of extra cash for my looking.
Doing my part to keep the web free, I think.
Take a look at UBO and 1blocker. They are both extremely open to customisation for the more experienced users.
In both cases I have all the basic blockers
And filters off, but set the manual blocking to return a 500 error on denial so I get a new advert.
[ link to this | view in chronology ]