Many new Nokia S60 terminals seem to have an "email wizard" that helps the user to configure an email account to the terminal. Wizard prompts the user to give some basic information and then in most cases wizard is able to create account with all the correct settings.
Lets use Nokia 5800, an iconic device that has sold over 1.000.000 units. When you start the email wizard, you will see a screen like this
If I click "Back", wizard closes and email account is not created. Clicking "Start" will continue the wizard, but was that answer also consent to store the personal information? Anyway, there doesn't seem to be a way to create an account without this wizard.
Let's create an account for user firstname.lastname@example.org (his password is "topsecret" but I will not tell it to anybody). After you have entered this information, the wizard will open a network connection and make an HTTP request to URL
Nice! I just sent to Nokia my email address, password, operator information and terminal type (in HTTP headers, not visible here). All you Nokia 5800 users around the world: did you know that? I didn't know that, nor did I like it.
Today I had an opportunity to play with a new Nokia E75, phone that's supposed to be THE email device of all business users. First impression with the device is very good, it's solid and snappy. When I checked the email client, it was behaving just as in 5800. When you create an account, wizard will send your sensitive data over the internet to Nokia's server.
When I create an email account that has absolutely nothing to do with Nokia's email services, my user credentials are sent to Nokia's server. I guess that this feature can be a show-stopper in some business environments - "hey, let's create email accounts and send our usernames and passwords to Nokia" doesn't sound that good.
According to my tests it seems that if you want to create an email account without giving your credentials to Nokia, you have two options:
- you should give a dummy information to the wizard when it is asking for email address and password. Wizard will try to fetch settings from the internet but finally gives up and you can input the data safely.
- put phone to offline mode when creating the account. That way phone cannot connect to any servers and when wizard notices it, you will be able to enter the email account data without sending it to the Nokia servers.
So finally, here are my questions to Nokia:
- Why you have created an email wizard that by default sends user's email login information to your server without making that very clear and asking explicit permission to do so?
- Why there is no option available to create an email account manually, without any wizards?
- When user starts the wizard and continues from the first screen, does that give permission to Nokia to store my personal information?
- If my personal information was stored to Nokia's servers because I've used email wizard to create an email account, how can I get my data removed from the server?
- How do you use my personal data, collected from email wizard?
Update: Read also my follow up post.
Update 2: I'm trying to give answers to readers' questions here.
Update 3: Nokia's official statement is here.