Product Leaks And What Can Be Done

Reading time ~2 minutes

It's interesting to see Charlie Schick, one of my Nokia colleagues discuss--on the corporate blog no less--a subject that has gotten a lot of attention thanks how well the Nokia E71 was kept secret before it's launch. And like Charlie, I'm going to drag out some thoughts from Nokia's internal blogosphere--my own specifically. However, unlike Charlie, I don't work in marketing and, obviously, am not speaking for the company here.

I am not opposed to the policy of not discussing publicly announced products. I understand the reasoning. That being said, it's frustrating at times to not be able to participate in a particular conversation about something everyone knows about thanks to a product leak. I think pretending the leak didn't happen is simply silly, which is the corporate policy today.

When a product leak does occur--and let's face it, it's going to happen despite our best efforts--we need to have a communications plan in-place for dealing with it. Immediately, not when the product releases. Somewhere between the current "stonewall" policy and "spilling the beans." I'm not sure how realistic that is, but at least that way we might have some control over the messaging versus in the current regime where the blogosphere has already told all before anyone inside Nokia has had a chance to say word one.

Of course, even if every Nokia employee keeps their lips tight about upcoming products, the mobile phones themselves leak information. Whenever you visit a web site, or upload a picture to Share on Ovi or Flickr, the phone will leave bits of information indicating what kind of device it is as well as certain capabilities. For example, look at the number of photos on Ovi taken with the E71. All of the pictures here right now were taken with a pre-production E71. I can tell you from personal experience that pre-production units are somewhat different than production ones, both in terms of hardware and software. Using this sample to judge picture quality will give misleading results.

While this isn't the same as leaking a picture or sending a damned prototype to a reviewer, it's information none the less. It's the kind of information that shouldn't be out there--especially if we can't actually talk about an unreleased device. Our devices--at least in their pre-production form--should not inadvertently leak information about themselves.

I actually think there might be an interesting "security" feature here: relay as little about the end user device as possible with these service, or even provide the facility change it to something else entirely. I know this is possible to do. Why not make this a built-in feature, along with changing EXIF data and other identifying information?

I have more thoughts on this, but most of them are not well formed or not well suited for outside consumption. What do you think about product leaks and what should be done about them, if any?

An Updated Word About Competition in the Information Security Industry

A year ago, I had written a post about competition in the informationsecurity space, of which I work as a part of for a vendor that has b...… Continue reading