To be clear I am a huge fan of refactoring and breaking down systems. I obviously a proponent because it is what I do for a living. Dismantling systems of bias or ineffective control is desirable not least of all because justice.
When looking into Airbnb I would love to find that thread of social justice. Instead I find a troubling lack of transparency coupled with an ostentatious, even oligarchical, attitude. Airbnb has been grabbing headlines as venture vultures circle and smell profit. On the ground I hear and read about an unapologetic startup, blithely rejecting social protections to foment revolution.
Straight to the point, progress is what we all are after. Progress should not have to be with the wrong partner, where values fall out of line with our own. Reform runs the risk of being get-rich quick scheme, built by and for the reformers, because that alone motivates some for reform. For others we have to ask why aspire only for self-enrichment, especially where clearly there is harm to others?
It is a complicated topic of ethics, for sure, which needs investigation. That is why I say Airbnb begs the question of whether we can celebrate a software company in the hospitality industry for having a clue about the value of security and privacy.
Sometimes people tell me Airbnb has no property or rooms that they “own” in the same way that Uber has no drivers and no cars. However Uber fires drivers and takes back cars on lease. Take a moment to think about this dissonance.
Uber can fire drivers it doesn’t hire and take back cars it doesn’t own; so with all the power and none of the risk how exactly does Uber get hailed (no pun intended) as driverless and carless?
Can Airbnb achieve the same dissonance? This is where we must seek answers to ownership carefully; do security and privacy of owning a property have to be lost to achieve the progress that benefits the funders of Airbnb?
Perhaps it helps to look at the example of radio, a decades old sharing economy of music. Record companies through radio built a platform for sharing that kept musicians at arms length. Early on there are abundant sad examples of those musicians being abused by platform managers. Perhaps historic lessons here are to be minded?
For Airbnb let us say you believe you have protection against unlawful searches of “your” property. You then allow Airbnb monitoring of “your” property and allow your private information to be stored and shared at their sole discretion. Is it still your property when you grant anonymous others control over its fate?
I am working through these sorts of Airbnb risk scenarios from three levels of analysis.
First, I used Airbnb twice (or more) and had totally surprisingly horrible experiences (e.g. six people head-to-feet crammed onto cots in a small low-income room, with apparently no money going to the organizations subsidizing the room); versus being a non-Airbnb guest around the world for decades.
Second I have talked with neighbors about their hosting habits and problems they have faced; versus my non-Airbnb hosting for decades.
Third and finally I started to hear from tech industry peers about serious risks in Airbnb information security; whether it is wise to allow data into an environment that is anti-consumer protection, let alone one designed to be mined for the benefit of ad agencies:
Some Australian customers using Airbnb are worried about their privacy being breached, with the company confirming it shares people’s personal information for “marketing purposes”.
In order to test whether fears are well founded, and to challenge my conclusions, I have taken a deeper dive. I searched for evidence of things going right at Airbnb, signs of customer security and privacy.
Airbnb recently released two sections of policy, one after the other, to notify customers of major changes.
Although having both is great to compare, the format they chose does not instill any confidence that they want you to see what exactly changed. It is not what I would consider reasonable disclosure, although it is better than no comparison at all. A software company claiming to be a leader easily could offer a markup option/view.
I have created below the diff that I would like to have seen Airbnb publish, hopefully making it clear how much has changed.
Hint: section 12 gives “sole discretion” to Airbnb to decide whether your property data can be considered exclusively theirs to disclose to law enforcement.
We will use commercially reasonable efforts to notify users about law enforcement requests for their data unless we, in our sole discretion, believe harm or fraud could be directed to Airbnb, its Members, the Platform, or Services.
And what methods are used to prevent abuse of sole discretion over your property data? How should a property data ownership model work with a company seen as having no ownership while retaining sole discretion over your property?
Going back to my earlier radio example, for reference, here are the latest privacy terms provided by Pandora:
…we may share your information, including personally identifiable information, in order to (i) protect or defend the legal rights or property of Pandora, or the legal rights of our business partners, employees, agents, and contractors (including enforcement of our agreements); (ii) protect the safety and security of Pandora users or members of the public including acting in urgent circumstances; (iii) protect against fraud or to conduct risk management; or (iv) comply with the law, legal process, or legal requests. Additionally, we may share your data, including any personally identifiable information, with our successor in interest in the event of a corporate reorganization, merger, or sale of all or substantially all of our assets.
Have a look yourself at the Airbnb privacy terms update, as here are the old and new policies merged into a clear diff:
Additions are in bold
Deletions are in
April 7, 2014July 6, 2015
Airbnb (hereinafter referred to as “Airbnb”, “we”, “us” or “our”) operates a platform and community marketplace that helps people form
lasting offline experiences and relationships directly with one another, where they can create, list, discover and book unique accommodations around the world, whether through our website or our mobile applications (“Platform”). Airbnb refers to Airbnb Inc. if you reside in the USA, and to Airbnb Ireland if you reside outside of the USA.
informationInformation” means information about all of our users or specific groups or categories of users that we combine together and which does not include the users’ Personal Informationso that it no longer identifies or references an individual user.
“Data Controller” means Airbnb, the company responsible for the use
of and processing of Personal Information.
“Personal Information” means information relating to a living individual who is or can be identified either from that information or from that information in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller.
WHAT TYPES OF INFORMATION DOES AIRBNB GATHER ABOUT ITS USERS?
1. Information that you give us
We receive, store and process information that you make available to us when accessing or using our Platform
. and Services. Examples include when you:
- fill in any form on the Platform, such as when you register or update the details of your user account
;, or when you supply ID verification information;
- access or use the Platform, such as to search for or post Accommodations, make or accept bookings, pay for Accommodations, book or pay for any associated services that may be available (such as but not limited to cleaning), post comments or reviews, or communicate with other users;
- link your account on a third party site (e.g. Facebook) to your Airbnb account, in which case we will obtain the Personal Information that you have provided to the third party site, to the extent allowed by your settings with the third party site and authorized by you; and
- communicate with Airbnb.
2. Mobile Data
When you use certain features of the Platform, in particular our mobile applications we may receive, store and process different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Platform or specific features of the platform). If you access the Platform through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.
3. Log Data
We may also receive, store and process Log Data, which is information that is automatically recorded by our servers whenever you access or use the Platform, regardless of whether you are registered with Airbnb or logged in to your Airbnb account, such as your IP Address, the date and time you access or use the Platform, the hardware and software you are using, referring and exit pages and URLs, the number of clicks, pages viewed and the order of those pages, and the amount of time spent on particular pages.
4. Cookies, and other Tracking Technologies
While you may disable the usage of cookies through your browser settings, we do not change our practices in response to a “Do Not Track” signal in the HTTP header from your browser or mobile application. We track your activities if you click on advertisements for Airbnb services on third party platforms such as search engines and social networks, and may use analytics to track what you do in response to those advertisements.
5. Third-party social plugins
Our Platform may use social plugins which are provided and operated by third-party companies, such as Facebook’s Like Button.
As a result of this, you may send to the third-party company the information that you are viewing on a certain part of our Platform. If you are not logged into your account with the third-party company, then the third party may not know your identity. If you are logged into your account with the third-party company, then the third party may be able to link information about your visit to our Platform to your account with them. Similarly, your interactions with the social plugin may be recorded by the third party.
HOW AIRBNB USES AND PROCESSES THE INFORMATION THAT YOU PROVIDE OR MAKE AVAILABLE
We use, store and process Information about you for the following general purposes:
1. to enable you to access and use the Platform;
2. to operate, protect, improve and optimize the Platform, Airbnb’s business, and our users’ experience, such as to perform analytics, conduct research, personalize or otherwise customize your experience, and for advertising and marketing;
3. to help create and maintain a trusted and safer environment on the Platform and Services, such as fraud detection and prevention, conducting investigations and risk assessments, verifying the address of your listings, verifying any identifications provided by you, and conducting checks against databases such as public government databases;
4. to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
5. where we have your consent, to send you marketing and promotional messages and other information that may be of interest to you, including information
sent on behalf of our business partners that we think you may find interesting. You will be able toabout Airbnb or general promotions for partner campaigns and services. You can unsubscribe or opt-out from receiving these communications in your settings (in the “Account” section) when you login to your Airbnb account;
6. to administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Airbnb or our business partners; and
7. to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
HOW AIRBNB USES AND PROCESSES USER COMMUNICATIONS
We may, either directly or through third party companies and individuals we engage to provide services to us, review, scan, or analyze your communications with other users exchanged via the Platform for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research and customer support purposes. For example, as part of our fraud prevention efforts, the Platform may scan and analyze messages to mask contact information and references to other websites. This helps to prevent fraudulent actors from asking Guests to send them money outside of the Platform, such as by bank transfer or other money transfer methods. We may also scan, review or analyze messages for research and product development purposes to help make search, booking and user communications more efficient and effective, as well as to debug, improve and expand product offerings.
We will not review, scan, or analyze your communications for sending third party marketing messages to you. We will also not sell these reviews or analyses of communications to third parties. We will also use automated methods to carry out these reviews or analyses where reasonably possible. However, from time to time we may have to manually review some communications. By using the Platform, you consent that Airbnb, in its sole discretion, may, either directly or through third party companies and individuals we engage to provide services to us, review, scan, analyze, and store your communications, whether done manually or through automated means.
WHEN AIRBNB DISCLOSES OR SHARES PERSONAL INFORMATION, AND TO WHOM
IMPORTANT: When you use the Platform, your data may be sent to the United States and possibly other countries
We may transfer, store, use and process your information, including any Personal Information, to countries outside of the European Economic Area (“EEA”) including the United States. Please note that laws vary from jurisdiction to jurisdiction, and so the privacy laws applicable to the places where your information is transferred to or stored, used or processed in, may be different from the privacy laws applicable to the place where you are resident.
If you are located in the EEA or in Switzerland, please also see our Safe Harbor Notice (http://www.airbnb.com/terms/safe_harbor_notice).
Your Personal Information may be disclosed as follows:
1. Parts of your public profile page that contain some Personal Information may be displayed in other parts of the Platform to other users for marketing purposes
. or to the extent necessary to operate and manage referral and rewards programs.
2. Your public Listing page will always include some minimum information such as the city and neighborhood where the Accommodation is located, your listing description, your calendar availability, your public profile photo and your responsiveness in replying to Guests’ queries. Your public Listing page may also include aggregated demand information (such as number of page views over a period of time). Parts of your public Listing page may be displayed in other parts of the Platform to other users for marketing purposes. The Platform may also display the Accommodation’s approximate geographic location on a map, such that a user can see the general area of the Accommodation.
3. The Platform allows your public profile and public Listing pages to be included in search engines, in which case your public profile and public Listing pages will be indexed by search engines and may be published as search results. This option is enabled by default, and you may opt out of this feature by changing your settings on the Platform. If you change your settings or the information on your public profile or public Listing pages, third-party search engines may not update their databases quickly or at all. We do not control the practices of third-party search engines, and they may use caches containing outdated information, including any information indexed by the search engine before you change your settings or the information on your public profile or public Listing pages.
4. When you submit a request to book an Accommodation, your full name will become visible to the Host. In addition, if you agree to be contacted by the Host by phone when submitting your request and the Host decides to do so, Airbnb will call your phone number first, before connecting you with the Host. We will not share your phone number unless there is a confirmed booking
.; if there is a confirmed booking, your phone number will become visible to the Host/Guest, who may call you directly.
5. When your request to book an Accommodation is accepted by the Host or when you accept a Guest’s request to book your Accommodation, we will disclose some of your Personal Information to the Host or Guest. However, your billing
and payout information will never be shared with another user.
6. When a Guest stays at your Accommodation or when you stay at a Host’s Accommodation, we will ask you to review the Guest or the Accommodation. If you choose to provide a review, your review may be public on the Platform.
7. You may link your account on a third party social networking site to your Airbnb account. We refer to a person’s contacts on these third party sites as “Friends”. When you create this linkage:
- some of the information you provide to us from the linking of your accounts may be published on your Airbnb account profile;
- your activities on the Platform may be displayed to your Friends on the Platform and/or that third party site;
- other Airbnb users may be able to see any common Friends that you may have with them, or that you are a Friend of their Friend if applicable;
- other Airbnb users may be able to see any schools, hometowns or other groups you have in common with them as listed on your linked social networking site(s); and
- the information you provide to us from the linking of your accounts may be stored, processed and transmitted for fraud prevention and risk assessment purposes.
The publication and display of information that you provide to Airbnb through this linkage is subject to your settings and authorizations on the Platform and the third party site.
8. We may distribute parts of the Platform (including your Listing) for display on sites operated by Airbnb’s business partners and affiliates, using technologies such as HTML widgets. If and when your Listings are displayed on a partner’s site, information from your public profile page may also be displayed.
10. We may also engage third party companies and individuals, who may be located outside of the EEA, to provide services to us, including but not limited to technology services and services to help verify your identification
or, to conduct checks against databases such as public government databases (where legally allowed), to otherwise assist us with fraud prevention and risk assessment, to assist us with customer service, and to facilitate the payments or reimbursements you request (such as Concur and American Express). We may provide Personal Information about you to these third parties, or give them access to this Personal Information, for the limited purpose of allowing them to provide these services. We will ensure that such third parties have contractual obligations to protect this Personal Information and to not use it for unrelated purposes.
11. For any jurisdiction in which we facilitate the Collection and Remittance of Taxes or Opt-in for Host Remittance of Taxes as described in the “Taxes” section of the Terms of Service, Hosts and Guests expressly grant us permission, without further notice, to store, transfer and disclose data and other information relating to them or to their Transactions, Bookings, Accommodations and Occupancy Taxes, including, but not limited to, personally identifiable information such as Host or Guest’s name, listing addresses, transaction dates and amounts, tax identification number(s), the amount of taxes received by Hosts from Guests, or allegedly due, contact information and similar information, to the relevant Tax Authority.
- providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law; or
- based on information supplied by law enforcement, we, in our sole discretion, believe: (a) that providing notice could create a risk of injury or death to an individual or group of individuals, (b) that the case involves potential harm to minors, or (c) that harm or fraud could be directed to Airbnb, its Members, the Platform, or Services.
We may also publish, disclose and use Aggregated Information and non-personal information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
BUSINESS TRANSFERS BY AIRBNB
HOW TO CHANGE OR DELETE YOUR INFORMATION, OR CANCEL YOUR AIRBNB ACCOUNT
You may review, update, correct or delete the Personal Information in your Airbnb account
by logging in to your account.. If you would like to correct your information or cancel your Airbnb account entirely, you can do so by logging in to your account. Please also note that any reviews, forum postings and similar materials posted by you may continue to be publicly available on the Platform in association with your first name, even after your Airbnb account is cancelled.
KEEPINGSECURING YOUR PERSONAL INFORMATION SECURE
have implemented reasonableare continuously implementing and updating administrative, technical, and physical security measures to help protect your Personal Information against the unauthorized access, destruction or alteration of your information. However, no method of transmission over the Internet, and no method of storing electronic information, can be 100% secure. So, we cannot guarantee the absolute security of your transmissions to us and of your Personal Information that we store.
YOUR PRIVACY WHEN YOU ACCESS THIRD-PARTY WEBSITES AND RESOURCES
SPECIAL FEATURES AND PROGRAMS
Referral service and requesting
The Platform provides a referral service that allows you to invite your friends and contacts to use the Platform. The Platform also allows you to ask your friends and contacts to write a reference for you, to be published on your Airbnb profile.
We may integrate the Platform with third party sites such as Facebook, so that you can send invitation messages or requests for references via the third party site itself. These messages will be sent by the third party site, and Airbnb does not collect or retain the contact information that is used to send them.
You may also send invitation/request emails via the Platform itself, in which case we will ask you for the
email addressescontact information to which to send these emails to.your invitation/request. You can type in the email addresses or other contact information manually, or you can request Airbnbchoose to import the contacts in your email account address book(s). In both cases, we willmay use theand store this information sent to us for the sole purposepurposes of sendingallowing you to send your friends and contacts a one-time email, inviting him or her to visit the Platforman invitation or to writerequest for a reference for you, and for fraud detection and prevention. With respect to referrals, we will also store the email addresses of your invitees to track if your friend joins Airbnb in response to your referral.
If you request us to import your contacts, we will collect, but not store, the username and password for the email account you wish to import your contacts from. We will use this information only for the purpose of importing your contacts.
If you are allowed to join Airbnb’s Affiliate Program (see
http://www.airbnb.com/affiliates) and you sign up for it, you will have to provide us with certain Personal Information to enable us to provide the Affiliate Program to you.
The Platform may allow registered account holders to organize, search for or participate in offline events (“Meetups”) in selected cities.
If you organize a Meetup or indicate that you will attend one, this information, together with some of your public information (such as your profile picture and public profile page) and any messages that you post about that Meetup, will be visible to users who browse the event. However, Airbnb will never disclose where you are staying to another meetup user.
The Platform may allow registered account holders to participate in online discussion forums (“Group(s)”) in selected cities.
If you join a Group, then your membership in the Group as well as some of your public information (such as your profile picture and public profile page) will be visible to users who browse the Group. If you publish postings in a Group, then your postings will be visible to such users as well. The ability to browse the Group will depend on the Group settings, and it may or may not be limited to members of that Group.
We may change how we collect and then use Personal Information at any time and without prior notice, at our sole discretion.
FOR USERS RESIDING IN THE EU AND JAPAN ONLY: YOUR RIGHTS TO REVIEW AND UPDATE INFORMATION
If you reside in the EU or Japan, you may request in writing copies of your Personal Information held by us. We will provide you with a copy of the Personal Information held by us as soon as practicable and in any event not more than 40 days after
thereceiving a valid request in writing. There may be a charge to access your personal data (which will not exceed €6.35 in Ireland and £10 in the United Kingdom). We may also request proof of identification to verify your access request. All requests should be addressed to our Data Protection Compliance Officer, Airbnb Ireland, Watermarque Building, South Lotts Road, Ringsend, Dublin 4, Ireland.
We endeavor to keep your information accurate, complete and up to date. If your Personal Information that we hold is inaccurate, please let us know and we will make the necessary amendments, erase or block the relevant information and notify you within 40 days of your valid request that the relevant action has been taken.
You may also request the erasure of your personal data if you believe we are otherwise in breach of relevant data protection legislation. All requests should be addressed to our Data Protection Compliance Officer, Airbnb Ireland, Watermarque Building, South Lotts Road, Ringsend, Dublin 4, Ireland. There is no charge for making such a request.
Airbnb uses “cookies” in conjunction with the Platform to obtain information. A cookie is a small data file that is transferred to your device (e.g., your phone or your computer) for record-keeping purposes. For example, a cookie could allow the Platform to recognize your browser, while another could store your preferences and other information.
Your browser may allow you to set how it handles cookies, such as declining all cookies or prompting you to decide whether to accept each cookie. But please note that some parts of the Platform may not work as intended or may not work at all without cookies.
Airbnb cookies and third party cookies
We may also allow our business partners to place cookies on your device. For example, we use Google Analytics for web analytics, and so Google may also set cookies on your device. As further explained below, third parties may also place cookies on your device for advertising purposes.
There are two types of cookies used on the Platform, namely “persistent cookies” and “session cookies”.
Session cookies will normally expire when you close your browser, while persistent cookies will remain on your device after you close your browser, and can be used again the next time you access the Platform.
The Platform may also use other technologies with similar functionality to cookies, such as web beacons and tracking URLs to obtain Log Data about users. We may also use web beacons and tracking URLs in our messages to you to determine whether you have opened a certain message or accessed a certain link.
Uses for Airbnb cookies
1. to enable, facilitate and streamline the functioning of the Platform across different webpages and browser sessions.
2. to simplify your access to and use of the Platform and make it more seamless.
3. to monitor and analyze the performance, operation and effectiveness of the Platform, so that we can improve and optimize it.
4. to show you content (which may include advertisements) that is more relevant to you.
Uses for third party cookies
In addition, Facebook places a cookie via the Platform that allows Facebook to obtain aggregated, non-Personal Information to optimize their services. For example, if a user clicks on an advertisement for the Airbnb mobile app on Facebook and subsequently installs the app, this cookie will inform Facebook that a user (who is not personally identified) has installed the app after clicking on the advertisement. This cookie may also inform Facebook that a user is using the app, without identifying the specific actions taken by the user in the app.
Most browsers automatically accept cookies, but you can modify your browser setting to decline cookies by visiting the Help portion of your browser’s toolbar. If you choose to decline cookies, please note that you may not be able to sign in, customize, or use some of the interactive features of the Platform. Flash cookies operate differently than browser cookies, and cookie management tools available in a web browser will not remove flash cookies. To learn more about how to manage flash cookies, you can visit the Adobe website (http://www.adobe.com/) and make changes at the Global Privacy Settings Panel (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html).