from the free-coffee-and-donut-should-do-it dept.
A while back, we read about how Tim Hortons' app tracked users' movements throughout the day, whether the app was open or not. The tracker noted locations visited, including homes, workplaces, and competing coffee chains.
Now, after an investigation by Canada's privacy commissioner, to resolve a class action lawsuit, Tim Hortons have suggested a settlement:
Tim Hortons says it has reached a proposed settlement in multiple class-action lawsuits alleging the restaurant's mobile app violated customer privacy which would see the restaurant offer a free coffee and doughnut to affected users.
The company says the settlement, negotiated with the legal teams involved in the lawsuits, still requires court approval.
The coffee and doughnut chain says the deal would see eligible app users receive a free hot beverage and baked good.
Tim Hortons says in court documents it would also permanently delete any geolocation information it may have collected between April 1, 2019 and Sept. 30, 2020, and direct third-party service providers to do the same.
One free drink and a donut: We value your privacy (at a couple of bucks)?
Previous story: Tim Hortons Coffee App Broke Law by Constantly Recording Users' Movements
Related Stories
Tim Hortons coffee app broke law by constantly recording users' movements:
Canadian investigators determined that users of the Tim Hortons coffee chain's mobile app "had their movements tracked and recorded every few minutes of every day," even when the app wasn't open, in violation of the country's privacy laws.
"The Tim Hortons app asked for permission to access the mobile device's geolocation functions but misled many users to believe information would only be accessed when the app was in use. In reality, the app tracked users as long as the device was on, continually collecting their location data," according to an announcement Wednesday by Canada's Office of the Privacy Commissioner. The federal office collaborated with provincial authorities in Quebec, British Columbia, and Alberta in the investigation of Tim Hortons.
"The app also used location data to infer where users lived, where they worked, and whether they were traveling," the Office of the Privacy Commissioner said. "It generated an 'event' every time users entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace."
Tim Hortons scrapped plans to use the app for targeted advertising but "continued to collect vast amounts of location data" for another year "even though it had no legitimate need to do so," the Office of the Privacy Commissioner said. Tim Hortons said it used aggregated location data "to analyze user trends—for example, whether users switched to other coffee chains, and how users' movements changed as the pandemic took hold," the federal office said.
Meta settles Cambridge Analytica scandal case for $725m:
Facebook owner Meta has agreed to pay $725m (£600m) to settle legal action over a data breach linked to political consultancy Cambridge Analytica.
The long-running dispute accused the social media giant of allowing third parties, including the British firm, to access Facebook users' personal data.
The proposed sum is the largest in a US data privacy class action, lawyers say.
[...] Tech author James Ball told the BBC it was "not a surprise" that Meta has had to agree to a serious pay-out but that it was "not that much" money to the tech giant.
"It's less than a tenth of what it spent on its efforts to create 'the metaverse' last year alone," he said.
"So Meta probably won't be too unhappy with this deal, but it does stand as a warning to social media companies that mistakes can prove very costly indeed."
[...] "This historic settlement will provide meaningful relief to the class in this complex and novel privacy case," lead lawyers for the plaintiffs, Derek Loeser and Lesley Weaver, said in a statement.
[...] The class size is "in the range of 250-280 million" people, according to the ruling document, representing all Facebook users in the US during the "class period" which runs from 24 May, 2007 to 22 December, 2022.
It is not clear how the plaintiffs would claim their share of the settlement.
Janis Wong, a privacy and ethics researcher at The Alan Turing Institute, said it would only amount to two or three dollars per person if each individual decided to make a claim.
This doesn't even look like it would cover both a coffee and donut at Tim Hortons.
(Score: 3, Informative) by looorg on Tuesday August 02 2022, @11:41AM (12 children)
I do not find any mention of how many "affected users" there are in this case. How many "free" doughnuts and cups of coffee will be served? After all not everyone that frequents TM will have the app and so fort so it's not every customer. Also some users might have only been affected a few times but others have been constantly violated for over a year. So the value of the compensation per user might differ greatly.
That they are deleting all the geolocation information collected etc means nothing. The project is already completed, the data has been collected, it has been analyzed and the reports have been written and the knowledge gained utilized.
There is no undelete on the damage to privacy. If they only value it at one hot beverage and one baked good per affected user one wonders what the actual value of it was. How much did Tim Horton gain from it if they can give away free stuff. After all this little endeavor was not made at a loss.
(Score: 5, Interesting) by RS3 on Tuesday August 02 2022, @12:01PM (11 children)
Being a pretty strong privacy advocate, if it was up to me I would demand full investigation. I'm not as worried about Tim Hortons as I am who else conspired in this, and what data they have.
To each person who was spied on, I would compel Tim Hortons to show them what was recorded, when, etc. Then, who this data was shared with / sold to when and why.
(Score: 5, Insightful) by kazzie on Tuesday August 02 2022, @12:09PM (6 children)
I'm minded to cite this case the next time someone asks me "why not just install this app on your phone? It's perfectly secure..."
(Score: 5, Interesting) by RS3 on Tuesday August 02 2022, @01:01PM (5 children)
Absolutely. I have very few apps on my phones. When I first started using a "smartphone" about 5 years ago I found apkpure.com. Not that it's so trustable, but I did not have nor want a Google account.
Anyway, I had downloaded and installed a little WiFi signal monitor / graphing app. It was great. Suddenly one day it disappeared! Including the .apk file that was in the phone's "downloads" directory! That experience creeped me out and made me 100% leery of trusting smartphones, at all.
I've uninstalled and/or disabled all unnecessary apps. I don't do anything financial / business on the phones, and I've almost never even looked at email on the phones- except the gmail my company foisted on me, and the google gmail and chat apps we use (grumble). In other words, nothing important or personal to me is in any phone. Okay, maybe contacts list, but few lastnames are in that.
In another discussion user RamiK mentioned [soylentnews.org] using pcapdroid to track and block IP traffic. I've downloaded it and am anxious to try it.
(Score: 3, Informative) by NotSanguine on Tuesday August 02 2022, @02:31PM (4 children)
I suggest trying out LineageOS [lineageos.org] and MicroG [microg.org].
Not only does LineageOS have decent privacy features, but also MicroG doesn't phone home to Google.
And of course, there's the venerable (and relatively trustworthy) F-Droid [f-droid.org] app repository. Although minimizing the apps you install is always a good thing!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by RS3 on Tuesday August 02 2022, @04:04PM (3 children)
Wow, thank you so much. I had heard of LineageOS ( CyanogenMod) and had downloaded it for an older phone, but just haven't gotten around to trying it. Didn't want to mess up the phones I need. I had _not_ heard of MicroG, and I don't think I looked into F-Droid.
I'm having a much bigger issue with my 3-rd party phone provider. I've been on AT&T network, and last Feb. they dropped 3G. No problem, my 3 main phones are all 4G LTE.
Oops, AT&T completely disabled my LG phone that was working very well on VoLTE for about 2 weeks, and had been on their approved phone list, that they suddenly decided to drop from the list.
Samsung phone does voice and data, but no hotspot, which I need because I have no land-based Internet at home - don't want to deal with the big jerk companies and why spend $ if I already have enough phone data.
ASUS phone does data and hotspot very efficiently, but does not have VoLTE.
So I'm moving SIM card back and forth if I need to make a call, going to wear it out. Not been fun. Provider keeps saying they're fixing it, escalating it, resetting it, etc., but nothing has changed. I'm afraid to lose what little functionality I have.
I have _no_ T-Mobile RF where I live. Online coverage map says I should have good coverage.
AT&T coverage map says I should have no coverage. It's weak but works.
Verizon is the option but I get 1/2 the data allotment and it might cost more $ (for less data...)
5G might be the answer. I need to look into 5G coverage maps, etc. I don't want to spend more $.
All this and my life is beyond full up and I just don't have time to mess with yet another phone (hours and weeks of setting it up...).
One big unknown- in light of the above issues, will LineageOS or MicroG be better at AT&T connectivity, or will the aholes block me completely if they don't like the phone OS they see? And can I spoof the phone OS to make them happy?
(Score: 2) by NotSanguine on Tuesday August 02 2022, @04:21PM (2 children)
Not sure where you are, but my Verizon plan has unlimited talk, text and data for ~$90/month.
Can't get much more data than unlimited, eh?
Then again, that plan may not be offered where you are. If so, more's the pity.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Interesting) by RS3 on Tuesday August 02 2022, @07:51PM
I'm sure that Verizon plan is available, but, I bought a nationwide (USA) prepaid plan through a 3rd-party provider. It's really good price- I pay $30 / month for unlimited talk and text, 20 GB / month data cap, on AT&T or T-Mobile.
Better yet- I paid $360 for the whole year. No monthly anything- no charges, no fees, nothing other than data cap. And I have never run out. They do not carry unused bytes over, unfortunately. I have enough various work places, library, etc., with full out WiFi that I don't worry about my data- I do big downloads at work (4 places).
I have a T-Mobile SIM card in one phone. I get great reception a few hundred feet from my house, and anywhere I go, but literally zero at home. Phone just says: "searching..." I've tried holding it outside a 2nd floor window, in the direction of the 1 cell tower near me. No joy.
Verizon plan for the same $ is 8 GB / month (iirc).
I was looking into 5G coverage maps, but I do not trust them. T-Mobile shows great map resolution, and that I should get full 4G and most 5G coverage. Sigh.
(Score: 2) by RS3 on Tuesday August 02 2022, @11:22PM
I just talked to T-Mobile and they claim they put in a work order to look into antenna / RF pattern problems. Not holding my breath, but I'll be quite amazed if they fix it.
BTW, everyone was super nice and helpful. English somewhat weak, but such nice helpful people makes up for it.
(Score: 4, Interesting) by Phoenix666 on Tuesday August 02 2022, @12:45PM (3 children)
If the Canadian government wanted to spy on its citizens, then running it through Tim Hortons would be a great way to do it. They're everywhere, everyone goes to them, and the government would have plausible deniability if it ever got out.
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Tuesday August 02 2022, @07:57PM (2 children)
I don't understand why someone modded this "troll". Totally misusing moderation. Person should lose mod points for at least 1 month, 2 would be better. No, I'm not new here, just sick of the jerks.
(Score: 3, Insightful) by Phoenix666 on Tuesday August 02 2022, @09:28PM (1 child)
It's personal animosity from whomever modded it that way. I could say, "The sky is blue" or "water is wet," and they'd still mod me troll.
It's sad, but there are some in the world who think everyone else is a pack of hobgoblins. The only thing we can do is carry on.
Thanks for speaking up.
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Tuesday August 02 2022, @11:27PM
You don't deserve that crap. You have a nice view of it though, thanks.
I'm not so optimistic- I'm concerned about people who have an "ax to grind", are "triggered", carry grudges, anger, etc. We've had too many of them doing very bad things in society.
I don't (yet?) know the guts of the rehash code, but it'd be nice if the system would identify such idiots to the admins, and mod-ban them.
Thanks for all your great contributions here. :)
(Score: 3, Funny) by gnuman on Tuesday August 02 2022, @11:52AM
Obligatory,
https://youtu.be/THzXyk9Jh-s?t=225 [youtu.be]
(Score: 3, Insightful) by Immerman on Tuesday August 02 2022, @12:50PM (8 children)
More like, we hope *you* value your privacy at a couple of bucks, because we were caught red handed and now have to come up with a settlement you'll accept.
We're hoping you'll all accept a couple bucks worth of goods (that only costs us $0.25 worth of ingredients)
(Score: 4, Informative) by FatPhil on Tuesday August 02 2022, @12:54PM (5 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Immerman on Tuesday August 02 2022, @01:00PM (2 children)
I remember. Hopefully people have gotten a little more sick of being spied on since then. That should be worth at least *two* chocolate bars. :-(
(Score: 0) by Anonymous Coward on Tuesday August 02 2022, @01:50PM (1 child)
What would you do for a Klondike bar?
(Score: 3, Funny) by Freeman on Tuesday August 02 2022, @03:06PM
https://www.urbandictionary.com/define.php?term=klondike%20bars [urbandictionary.com]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Wednesday August 03 2022, @03:12AM (1 child)
I would have happily given out passwords for chocolate bars. They wouldn't be real passwords, but I like chocolate.
(Score: 2) by kazzie on Thursday August 04 2022, @09:08AM
Don't you dare give out the password to my luggage!
(Score: 1, Troll) by looorg on Tuesday August 02 2022, @02:04PM (1 child)
That is one of the things I'm wondering about. If you accept the free cup of coffee and doughnut then have you not sort of been paid for your service and can no longer complain about it? The coffee and doughnut is your settlement for the violation.
If they wanted to spy on their own citizens they'll just ask friendly Uncle Sam to the south to do it for them. That is what all the cool countries do when they want to spy on them selves. Ask a friend to do it so they can later fake outrage if it gets discovered.
(Score: 2) by Immerman on Thursday August 04 2022, @01:31PM
Don't know why you're modded troll. Off topic maybe, since we're talking about corporate spying, and government's aren't usually in the business of selling intelligence to corporations. Buying? Definitely, but not selling.
Other than that though you're absolutely right. Most of the West's major intelligence agencies are banned from spying on their own citizens - and they pretty much all (very much including the US) completely ignore the spirit of the law by spying on each other's citizens and sharing that intelligence with each other.
And yes - accepting the settlement means you have accepted the matter as legally settled, and thus surrendered your right to further *legal* complaints.
Public complaints though are still totally free game, unless the settlement specifically says otherwise.
(Score: 2) by FatPhil on Tuesday August 02 2022, @08:36PM
... make sure you occasionally punish one of the people who did the bad thing.
That will permanently stop businesses whose entire business model is the delivery of bad-things existing.
OK it didn't work last time, and probably not this time, but it will work eventually, right?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Phoenix666 on Tuesday August 02 2022, @09:34PM (5 children)
I know this story is about the Tim Hortons app and its privacy concerns, but as it's a donut chain I wanted to chime in on its business: it is a convenient place to get donuts and coffee because it is ubiquitous, just like Dunkin' Donuts is, but it and Dunkin' don't have the best donuts. The Donut Plant [doughnutplant.com] is the best place I've been to in recent memory.
Do other Soylentils have good donut shop recommendations?
Washington DC delenda est.
(Score: 2) by RS3 on Tuesday August 02 2022, @11:31PM (1 child)
Some people like Krispy Kreme [wikipedia.org].
Also Entenmann's [wikipedia.org].
Now I'm hungry for junk food...
(Score: 3, Interesting) by Freeman on Wednesday August 03 2022, @02:01PM
Krispy Kreme is pretty tasty, but there's just about nothing like a freshly made mom'n'pop Apple Fritter. One of the big Apple Fritters, not some H-E-B/Walmart "donut sized" Apple Fritter with barely any apple to it.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Wednesday August 03 2022, @01:30AM
There's a number of similar shops operating in at least the US mid-Atlantic that work on the principle of made-to-order donuts. You mark your requirements for glazes, coatings, and toppings, and they make the donut on the spot. They use an automatic machine that puts out a cake donut and moves it along a hot oil chute, flips it at one point, then comes out the other end where someone takes it while it is still hot and dips and/or dregs it through the requested toppings. You get them still pretty warm and they are pretty tasty. Two chains that I can think of off the top of my head are Duck Donuts [duckdonuts.com] (I believe they first started in Duck, NC) and The Fractured Prune [fracturedprune.com]. I know I've seen at least one other, whose name escapes me. I bet they all use the same donut machine.
As for big chains, I used to prefer Mr. Donut [mister-donut.com] to Dunkin Donuts, but they essentially were bought out and replaced by Dunkins in the early 90s. Back in the day my friends and I did a road trip up I-81 through PA and north of Montreal, hitting Mr. Donuts all the way up for coffee and donuts to keep us driving.
Nowadays, I don't care for big chain donuts. Dunkins are meh and Krispy Kremes are just sugar bombs that I find too cloying by the time I finish one. So I seek out small or local bakeries for donuts with hit-or-miss results.
(Score: 2) by Immerman on Thursday August 04 2022, @01:45PM (1 child)
You know what else is ubiquitous? Independent, non-franchised coffee shops where you can buy coffee, pastries, etc. just as conveniently without most of the profit going to a huge amoral corporation with lots of economic power to abuse, and whose only loyalty is to their own profit margins.
You're not buying convenience or quality by going to Tim Hortons, Dunkin Donuts, Starbucks, etc., you're buying predictability. A completely predictable experience of ordering from a predictable menu and getting predictably mediocre items that some idiot off the street can be quickly trained to prepare for near-minimum wage.
(Score: 2) by Phoenix666 on Friday August 05 2022, @03:02AM
Those are the sorts of places I was after. When I was a kid there were lots of independent donut shops that made their own donuts, really good donuts, but the Donut Plant in Brooklyn I mentioned before is the only one I know of now.
We're about to start our family road trip tomorrow and I was hoping somebody might mention places between New York and the Rocky Mountains.
Washington DC delenda est.