Popular Spanish Soccer Mobile App Has Been Turning Users Into Piracy-Spotters Via Mobile Devices
from the unwitting-spy-network dept
As readers here will already know, the GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It’s a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data. This effect has caused some to embrace the GDPR as wholly good, which is exactly the wrong conclusion to draw. Instead, the GDPR swings way too far in the direction of users controlling their personal data mostly by reaching way too far and keeping its language as vague and broad as possible, something that is already causing chaos in the digital marketplace.
And, yet, it cannot be ignored that the revelations of just how users’ data are being abused by some bad actors keep coming. The latest of these concerns the mobile app for La Liga, Spain’s most popular soccer league. La Liga recently revealed, having its hand forced by the GDPR, that users of its mobile app were unwittingly part of La Liga’s spy network for uncovering unauthorized broadcasts of soccer matches at public venues.
The La Liga app, which is the official streaming app for Spain’s most popular football league, has reportedly been using the microphones on fans’ phones to root out unauthorized broadcasts of matches in public venues like bars and restaurants.
It sounds exactly like the kind of surveillance people are afraid of when it comes to modern technology, but as is often the case, the La Liga app technically asks users in Spain for permission to access their mics, according to Spanish Website El Diario.
Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads. One need only review the horror of many users of the app at this news to understand that many (most? all?) of the app’s users had absolutely no idea that they were serving a soccer league’s attempt at ratting out their favorite watering holes and restaurants. It also appears that this technique has been in place for years, and La Liga only drew recent attention to it due to the GDPR being enacted.
La Liga has pushed back on the concerns of its users and the press coverage, stating that it doesn’t retain any of this data locally and that it converts the recordings into pure code, which is something of a non-sequitor. Either the data gathered is useful because it combines GPS data and audio recordings in a way that can pinpoint where a user is and what is on the television screens there… or it isn’t. Whatever the technical specifics, the end result is a soccer league peeking in on soccer fans as they watch matches, with most of those fans having no idea that this was occurring at all.
Again, the GDPR is not a solution to this problem. For proof of that, you can note that La Liga says in its statements that everything here is above board. This has far more to do with just how much important privacy-implicating notifications are buried in fine print that goes unread by the masses.
Why anyone would download the La Liga app in the future would be a mystery to me.
Filed Under: copyright, fotball, gdpr, la liga, privacy, spain, spying
Companies: la liga
Comments on “Popular Spanish Soccer Mobile App Has Been Turning Users Into Piracy-Spotters Via Mobile Devices”
I think you mean Formerly Popular Spanish Soccer Mobile App.
So, a company has been spying on customers for who knows how long, and the GDPR forced them to admit it? I don’t see how that’s a bad thing.
Really, except for that one point, this story doesn’t really seem to have much of anything to do with the GDPR. The law has its issues, but in this case I think you might be trying too hard to push a “GDPR bad” narrative.
That’s a lot of whining about GDPR without substance. What, exactly, is your problem with GDPR? Do its cons outweigh its pros? Why or why not?
Or maybe keep the hyperbole out of future articles that have nothing to do with target of your complaint.
Re: Re:
https://www.techdirt.com/search-g.php?q=gdpr
Re: Re: Re:
I shouldn’t have to do a search in the hopes of finding the reasons for this author’s angst. An article should stand on its own merits. This one fails.
Re: Re: Re: Re:
Whaaaaaa
Re: Re: Re: Re:
“I shouldn’t have to do research” is another way to say “I shouldn’t have to think or backup my position.”
You are right! You should NOT have to do research. Also you should not have to REPLY on a forum, impugn the article, or in any way kvetch about it.
Go bitch somewhere where it’s acceptable to say “Couldn’t be bothered to read it or to read about it or read anyone else’s comments but here are my opinions.”
E
Nobody ever reads
You don’t have to "read" the request to simply hit the "don’t allow" button. The picture in the article (though of an unrelated "Honey Quest" game) is straightforward, not "fine print". "Would Like to Access the Microphone"—why would anyone ever click OK to that if they’re just trying to stream a game?
Of course, a good phone UI would show an indicator whenever the microphone is on, and allow you to tap it to revoke any permissions.
Re: Nobody ever reads
“”Would Like to Access the Microphone”—why would anyone ever click OK to that if they’re just trying to stream a game?”
I dunno, maybe it supports voice commands. Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.
Now if the app said explicitly we want to use your microphone at any time for our own purposes to find illegal activity. I doubt anyone would agree.
Re: Re: Nobody ever reads
Maybe. Unless they’ve given a reasonable explanation like this ahead of time, people should say no.
It’s still the wrong model to be using. Any app that wants to do this should have to register some "wake word" with a system framework, and only get access for a short time after it’s heard—and users should be well aware when the app is receiving audio. If an audio-recording icon was visible the whole time, people would have noticed this.
They shouldn’t need to be able to "access" photos to save them. As for viewing them, the powerbox design pattern is well established in capability-system literature.
> stating that it doesn’t retain any of this data locally and that it converts the recordings into pure code
Probably, they’re trying to dodge allegations that this is recording and retaining human conversations. If they immediately convert it to just a note that the game’s audio was detected, and store that + GPS, they have what they need for their claimed purpose of hunting down unauthorized rebroadcasts. It’s still an abuse of trust, and depending on local wiretapping law might still be illegal for all the human conversations it captures while hunting for game audio, even if those conversations are not retained or used in any way. Wiretapping laws are not known for their reasonableness.
I think I’ll download the La Liga app and let it listen to me humming the bass line to ’70s music and yell at the computer while developing firmware. Then I’ll give them a 5-star review that accuses them of spying and links back to this article.
Used to be when I got an unsolicited robo-call I’d stick the phone in front of the speaker to keep it online as long as possible, in hopes of driving up their costs, while costing me zero effort. Unfortunately their software is too clever to fall for that any more.
Oh. And where are the fines? I want to see the Euros flying!
Ahem.
I do recognize the GDPR has many flaws but it’s good that at the very least it is unearthing the widespread bad practices going on. I hope they revisit the law to make it more sensible but it’s hard to disagree that a more hard line approach wasn’t needed.
And they say companies can police themselves and behave without govt regulations. Right.
Re: Re:
For what? They kept it secret while allowed to, and disclosed it when legally required to.
So in an effort to combat piracy, the app probably violated wiretap and privacy laws by recording people without their permission?
Remember when average_joe insisted that Sony’s rootkit was an anomaly and we shouldn’t be allowed to accuse copyright enforcers of installing malware on consumer devices?
Re: Re:
“Remember when average_joe insisted that Sony’s rootkit was an anomaly and we shouldn’t be allowed to accuse copyright enforcers of installing malware on consumer devices?”
He was kinda right, but the anomaly was that they got caught doing it.
DOUBLEPLUS GOOD!
“But we were just trying to stop illegal activities”
So? You can’t prevent “bad” stuff from happening by removing people’s right to privacy.
Fuck you, Big Brother, I know you’re watching.