Twinkle remembers me even after a device restore?

I experienced the same "surprise". So is true tapulous collects all iPhone serial numbers? This would be really a privacy issue to me...

Thanks for the reply, dmetzcher.

Yes, this is a privacy issue on two fronts. One, Tapulous has a database linking device IDs and Twitter/Tapulous accounts. Two, if you eventually sell your iPhone to Joe User, they're going to get a pleasant surprise when they see your Twitter/Tapulous account names the first time they install Twinkle. Oh, and your e-mail address, too.

To the Tapulous devs, if you're reading this and it is indeed true that you're collecting device IDs and linking them to our accounts, I strongly urge you to reconsider this practice.

So it was not explicitly known that Tapulous is collecting iPhone serial numbers or device ids. I disagree with DMetzcher, cause this is a privacy issue.

So to recap with Twinkle installed:
- Tapulous knowns all the serials of iphones with Twinkle
- They can link the iPhone to a certain twitter account
- They can link the iPhone w/ geographical information
- They have ur email and can cross link that back to your location

So this aint a privacy issue?

seau, I believe you've misread dmetzcher's post. He's not disagreeing that it is a privacy issue.

Moving forward, I just noticed a link to Tapulous' privacy statement at the bottom of their website. In it, the following is stated:

"When you launch or interact with a Tapulous application, we collect your device type and IP address. This information is gathered for all users. In addition, we use the unique Device ID (“UUID”) that Apple makes available for each iPhone/iPod touch device in order to authenticate the user session. This UUID functions similarly to a persistent cookie to make it possible to authenticate the user without the need for a password. You can disassociate a UUID from a user account at any time by emailing us at privacy@tapulous.com. You can also do so through a form accessible through the Help button on the login/settings screen in each application."

Fair enough. At least they're being upfront about it, but I think a few improvements are in order.

To the folks at Tapulous:
(a) Include a link to this privacy statement in all of your apps, and most importantly, make it visible. Users need to know that the UUID is the only method of authentication and that it's being collected and used every time a Tapulous app is in use.
(b) That said, is it really so hard to use passwords instead of UUIDs for authentication? I don't believe so.
(c) However, if you really insist on using UUIDs, don't make an e-mail to privacy@tapulous.com the user's only 'get-out-of-jail' card. It's unreliable and subject to delays.

I'm sorry, Tapulous. You make some great apps and I have total respect for the work you put into improving your apps and creating a great environment for your users, but something needs to be done about the practices described in your privacy policy, either by amending them or increasing awareness amongst your users. There are many users out there who take their privacy seriously and would refuse to use your apps unless some or all of the aforementioned changes are made. Considering your apps are free, I'm sure losing users is no real loss to you from a business standpoint, although it's certainly not a nice feeling either way.

Food for thought.

Can someone from Tapulous please respond to our concerns?

Still no reply? wow - so this seems not to be so important to tapulous?

My apologies for neglecting this thread. I used to be Tapulous' main support guy and spend hours a day in here, but have been spending more time in product design lately and have let our man Ed take the reigns of GetSatisfaction.

To get straight to the point: device IDs don't pose a privacy threat. If we used something else to identify you (like passwords, or facial recognition, or your phone's M.A.C. address) we'd *still* have a complete database of everything mentioned above: email address, geographical location, twinkle messages and photos. So whatever privacy concerns you might have about our databases being full of *that* information are unrelated to device IDs.

The ID itself is literally only useful as confirmation that the phone in your hand today is the same phone that was in your hand yesterday. It's your phone's fingerprint.

We can't use your phone's ID to impersonate you and we can't use it to find out any additional information about you. If anyone has a legitimate argument as to *how* we might use device IDs to invade privacy, I'd really love to engage in a discussion.

On the other topic, there are two reasons (reasons we believe are very good) for using Device IDs instead of passwords. One is security, and the other is convenience.

Normally, security and convenience are at opposing ends of a spectrum. Things that are very secure are generally inconvenient and vice versa. Having five deadbolts on your door is pretty secure, but it sucks to have to lock and unlock them every day.

In this case, security and convenience are on the same side for once. As I said in my earlier post, it's like your phone's fingerprint. So, while the phone belongs to you, it's a proxy for *your* fingerprint. On Twinkle, your phone = you.

The device ID is also more secure than the average password (40 characters of utterly random hex) and it's very convenient. You never have to type it or even remember it -- it's part of the phone.

Where this *does* pose a problem is the situation that has been described where you sell your phone on eBay and now your phone doesn't = you. In this case you can follow the instructions in the Help screen to log out of your phone before you sell it, and it's done. We're working on ways to make the logout easier than it is already, but right now it's not hard. And if you forget to do it, you can always email us.

We're also working on ways to ensure that if you wipe your phone before selling it (but forget to log out) the buyer can't impersonate you.

Passwords are a very old security technology that (for the vast majority) are insecure. Ten years ago the most common password on the web was 'password' and today it's 'password1'. Good banks are starting to use multi-factor authentication because passwords just aren't good enough to protect your money. iPhone is a new platform with new ways of doing things, and we're trying to do authentication in a way that's new, inventive, secure, and convenient. So please, give it a chance :)