Station Privacy and PII Concerns

Please post questions and concerns here.

1 Like

Eric,

Disabling the public toggle in the smart application will remove and hide the stations. Doing so also removes the ability to send to WU though. The WF team should consider making the two independent of one another so WU data can still be present and usable.

1 Like

If you don’t share the data with WeatherFlow then WeatherFlow can’t share the data with Wunderground.

1 Like

[open off topic]

There is another option if you really want to without passing via WF, have a local system capturing UDP and then use like Weather Display, Weewx and I guess a few others, to share to WU and other services …

[close off topic]

2 Likes

The quesiton of privacy is an excellent one and probably worth splitting this off into it’s own topic. Allowing users the option to provide third-party access to their data in an open & useful way is core to our approach. It’s what makes all of the integrations (like IFTTT, Weather Underground, Alexa, etc.) possible. But we also recognize that there are privacy concerns. We are committed to the seemingly conflicting goals of (1) allowing you to share your data and (2) allowing you to maintain your privacy.

The location delivered by our API for stations set to “share publicly” is the location you set in the app when you configured your station. This location is part of your station’s metadata (name, elevation, indoor/outdoor, height above ground are others), which you have complete control over. With your permission, we use your phone’s location to center the map, making it easier to set your station’s location (typing in latitude/longitude coordinates is a pain!), but can set the location where ever you like. @GaryFunk’s map uses our API and therfore only shows stations where the “share publicly” setting is toggled “on”. If that setting is toggled “off” then your data requires authentication to view and is therefore invisible to anyone who does not have your username and password.

If you want to hide or obscure your location, there are currently two ways to do that:

  1. To completely hide your station, its data and metadata, you can open the app, go to Settings->Stations->[your station] and toggle the “share publicly” setting to “off”. If you do that, the only way to see your data will be to sign in to one of the Smart Weather apps with your username and password. To everyone else, you’ll be invisible. As @Phoenix points out, this will disable Weather Underground and any other integrations that don’t provide an authentication feature.
  2. To continue sharing your data but obscure or hide your actual location, simply change your station’s location by a small amount: Open the app, go to Settings->Stations->[your station]->location and move the marker. You can set it as close or as far to the actual location as you like. But be aware that moving it too far may have unintended consequences. For example, your forecast and some of your derived parameters rely on your location to be the most accurate.

But what if you want to share your data publicly but you don’t want to disclose your station’s location accurately? We’re in the process (thanks in part to earlier field tester feedback regarding location sensitivity) of adding a feature to address this case. After much discussion, we’ve decided the most flexible solution is to add a “public location” (along with a “public name”) field to each station’s meta-data. This public location would be pre-filled with a “fuzzified” version of your station’s actual location (as Blitzortung and others do). The public location would be delivered transparently and instead of the regular location to any unauthenticated requests over our API and any applications or integrations that use it. Your actual location would be used internally for forecasts and derived parameters, but only authenticated users (yourself or others you give permission to) would be able to see your actual location. Finally, those users who are not sensitive to sharing their accurate location would have the option of overrided the fuzzified location and setting the “public location” to the same value as the actual location.

6 Likes

David,

All I can say is your team has addressed every privacy and security concern that was on my list. Please extend my thanks and gratitude to all those who chimed in on this serious issue.

2 Likes

I don’t have any privacy concerns. Everything that WeatherFlow knows about me is already public information.

2 Likes

Hello all!

I read carefully the explanations done by @dsj regarding the “fuzzification” of the location and I can’t agree more. It is extremely important to offer to user the ability to do that and I understand - and appreciate - that WF has decided not to leave this topic aside.

Nevertheless, I wanted to add two more points about this.

First point is “usability”.
And by that, I do not want to talk about the ease of activating or not an option. I want to talk about how the user has “modeled” the operation of his station and sharing options and how can she/he be helped to anticipate the outcome of her/his actions…
To take a parallel, it’s a bit like the GDPR which enforces the “Informed Consent” of the user. The keyword, here, is not “Consent” - well, yes it is too :wink: - but how this consent is “Informed”… It’s a real challenge to be sure the user (with its knowledge, its background, etc.) is really aware of what he is consenting to. It’s more a UX & semantics than a UI question.

Second point is “data-classification”.
Beyond the exact location, an important element is what kind of data I share and what “sensitivity” I give to these data. For example, it does not bother me at all to make my outdoor data fully public. It is even an important criterion when I choose a weather station - and, in fact, a reason to blame a lot of brands and products which are “locked” :roll_eyes: … But it’s not at all the same thing for indoor data. With access to indoor data you can get an idea of the pace of life, the number of people, the activity, etc.
The challenge here, in my opinion, is to be able (according to the indoor / outdoor selection for AIR unit and in general for the future BREATHE unit) to help the user to understand what sort of data are shared.

These are my two points, I hope I did not stun you with my relatively low level of English … If so, I apologize.

2 Likes

I agree with you without exception. I see no reason to share Breathe data. I do not have an objection to sharing that I have devices (Sky, Air and Breathe) installed but I definitely don’t want to share any indoor data to the “outside world” ever.

While I don’t mind sharing the GeoLocation of my station, I do prefer that is be a General location only and when located on a map the center should not be on top of anyone residence.

Fortunately WeatherFlow is still in development and address all privacy concerns. I will continue to supply data and information to help WeatherFlow make the data supplied secure.

Gary

2 Likes

Indoor data can give insight to not to nice people when you are home or not. Ex follow the temp in house and you can predict when you are not there …

1 Like

Indoor data can also tell you when someone is in a shower.

1 Like

Thanks, this is great feedback and will go into our architecture and UI design.

2 Likes

[hello Pierre no problem with your English, that I can understand, I join you on the stations that decided to “” close “” the data without any posibilities to be able to export elsewhere or even on his own server or site web, I get annoyed with these manufacturers that closes their concept as much as it is almost impossible to have these data weather it is enough that their server is down and nothing more data, my Davis stations are convenient for that and i hope that wetherflow can work as well on the weatherflow proprietary servers and that i can directly use my weather data

hello pierre pas de problème avec ton anglais ,que j’arrive a comprendre ,je te rejoint sur les stations qui ont décider de “” fermer"" les données sans avoir aucune possibilités de pouvoir les exporter ailleurs ou même sur son propre serveur ou site web , je m’agace auprès de ces fabricants qui ferme autant leur concepts qu’il est pratiquement impossible d’avoir ces données meteo il suffit que leur serveur soit en panne et plus rien plus de données ,mes stations Davis sont pratique pour cela et j’espère que wetherflow puisse fonctionner aussi sans les serveurs propriétaire weatherflow et que je puisse directement utiliser mes données meteo

I’m bringing up this topic again, specially for @GaryFunk and @WeatherFlowStaff

In a little less then 2 months, a European rule is coming into effect that is going to push many script writers out of the borders allowed by it. The GDPR (General Data Protection Regulation) law will come into effect on 25 th may coming

Here is the full text

I urge all developers to read it VERY carefully as it is NOT limited to Europe only, it concerns all persons/organisations collecting data from European citizens, within and OUTSIDE the EU.
A summary of it : https://www.eugdpr.org/key-changes.html

Beware that there are fines and they can be HEAVY :

Penalties
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ will not be exempt from GDPR enforcement.

Don’t wait to read and implement it …

It will be interesting to see how they intend to enforce it outside of their jurisdiction.

I’m not worried or concerned.

1 Like

you’d better be as they will challenge you in court and you will be presented a nice bill … remember the US is trying to push for open market … it works both ways …

Already all the big companies have been warned … and they are rapidly complying … all the GAFA have already done so and I’m getting more and more mails to ask confirmation for mailing, databases etc …

Here it is.

it will apply to the processing of personal data by controllers and processors in the EU

It only applies to companies that do business in EU.

your map collects data from European citizens …

The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU.

It doesn’t matter. I don’t operate in the EU

And I don’t collect data from EU citizens.

yes you do :slight_smile: your map login I just tested is definitively data collection. And I’m a European citizen remember :wink: