
Lie down with dogs
Get up with fleas
Meta was sued on Wednesday for alleged undisclosed tracking and data collection in its Facebook and Instagram apps on Apple iPhones. The lawsuit [PDF], filed in a US federal district court in San Francisco, claims that the two applications incorporate use their own browser known as a WKWebView that injects JavaScript code to …
Facebook's in-app browser does not use the ad blocker you have installed, so not only can they track you get overloaded by ads. If I load a link I always use the "open in Safari" option but that's only available after the internal web browser has already started loading so they probably have enough time to track me.
If regulators eventually make Apple permit true browser competition (i.e. instead of having them use WebKit internally as they do now) with a default browser configuration setting, I hope Apple requires apps to obey that default browser choice so users can avoid the built in browsers. That seems like a fair trade.
>> The company, of course, as no persons would never ever be found responsible...
Yeah, that's how corporations work. The company *is* a person, in the eyes of the law, and so the company can be "responsible" for "its actions". This gives unscrupulous people an invincible shield - you can't put a company in prison so it can basically do what it wants.
This depends on circumstances. Legislation (e.g.GDPR) can make provision for personal responsibility to fall on the relevant officials of the company. And ultimately the relevant company law may make management and/or directors personally responsible causing the company to breach that law. There is, of course, good reason to think that these sanctions are not applied often enough or that they result in scapegoating when they are.
too much trouble: simply shut them down. Or, if too troublesome, split them up: FaceBook, Instagram, WhatsApp.
Same for Google with search and Android also. And same for Microsoft with Windows and Office. Same for Apple and the only browser. There are anti-monopoly and anti-bundle laws FFS, use them ! What does Humanity, or even the users, gain with such behemoths ? We would be much better of if we had 20 smaller companies rather than 5 US monopolies.
Hmm ... look at what what happened after the breakup of AT&T: the Regional Bell Operating Companies, after a few years of buyouts, takeovers, and name changes, coalesced, like the liquid metal of the Terminators, into a smaller number of much-larger companies.
I'll predict that if Meta was broken up, the smaller companies would simply form (legal) "cooperative agreements" with each other, and that their data-raiding/reselling activities would continue pretty-much unchecked.
Or, better yet, make the CEO and others responsible for the decision to pay a fine equal to several months of their own pay. If they repeat, double the months of salary they have to forfeit. When a corporation pays a fine, they just right it off on their taxes. The people who are responsible for the decision are unaffected. But you start threatening the pay of the people who are crooked and corrupt ... then you will see things change.
Until they feel real pain, nothing will happen.
No need for pain, however tempting that might be.
A simple link under exec's bios to more detailed personal information would suffice. So basically everything the data rapists collect from their 'customers' is public. Browsing, email, phone activity, search queries, medical records, realtime location data etc.
Simple really. If they don't want that data public, don't collect it.
And they're not the only ones with this shady type of behaviour. Every link I open from Gmail in iOS opens a prompt to select a browser: Google, Chrome or Safari. I don't have Google or Chrome installed, Safari is the only browser in use, and furthermore, the option to 'ask every time' is set to off but gets ignored.
That's not quite as bad as directly opening an IAB, however every attachment from within Gmail opens firstly in a Google equivalent software (in app), completely ignoring system app defaults.
That's not to say they're doing the same injection/data skimming activities, but why would they need this functionality otherwise?
That sounds like the option in Facebook which offers not only "Open in Safari" but "Open in Chrome" even though I don't have Chrome installed.
Its easy to figure out why the Gmail app would offer Chrome as an option despite you not having it installed, but why is Facebook offering that? Maybe they have some deal with Google, from one privacy rapist to another?
"That's not to say they're doing the same injection/data skimming activities"
They're GRUgle, of course that's exactly what they're doing. That's pretty much how Google Analprobe, Tag Mangler, etc, etc, and all sorts of murkiness in Android itself (for those who have the misfortune [1]), work.
[1] Third-party Android distros have to do an awful lot of work to try to remove the facehugger's limbs from around your neck…
I decided against facebook and their stable-mates many years ago. Never joined nor installed any of their software. Tried never to visit any page in their empire. Block traffic.
Despite all that, I suspect they know too much about me. And are far too dominant. Quite how they have been able to make the acquisitions they have without triggering antitrust / monopoly concerns is astonishing.
They do. They have shadow profiles on you and me with all the information they have gleaned from our stupid family, friends and colleagues who use Facebook and any like buttons or pixels on websites we use (unless blocked).
I know for a fact Facebook has my mobile phone number because my stupid family use Whatsapp and the first thing it does is upload their contacts to the Borg mothership. They have been told to avoid such sites and apps but they pay no attention to the guy who actually knows how this stuff works.
Just don't open links in in app browsers on any app, loads of them do it, if it doesn't let you open links in external browsers, or copy/paste the link, don't use it. We use them only to open links to specific docs on our pages, and you can't navigate away from them. Things like your privacy settings across our services.
Apple also have a dedicated view for authentication flows that should be used instead of WKWebView to log into services.
Any type of code injection into web traffic should be illegal full stop. Code injection for the purposes of data slurping should be a criminal offence with jail time for executives. This whole in-app browser thing needs looking at as well - it potentially enables massive amounts of abuse, and offers users no control whatsoever over how they use the web.
"We intentionally developed this code to honor people's App Tracking Transparency (ATT) choices on our platforms," a Meta spokesperson told The Register last month. "The code allows us to aggregate data before it is used for targeted advertising or measurement purposes."
A Meta spokesperson talking bollocks. The first comment states the code was developed honor people's ATT choices. The second comment does not expand on this or explain how it honors ATT. It states the code allows them to do something else, aggregate* data, nothing to do with honoring ATT.
The Meta spokesperson might just have well said, 'to respect people's privacy we have to invade people's privacy'.
*VERB: form or group into a class or cluster.
I might be missing something, since I don't use Farcebok or any of its spawn, neither in a web browser nor a mobile app. But I do know this: your use of their web site or mobile app is predicated on your acceptance that they will mine your personal data to the greatest extent possible so as to make their injected advertising as valuable as possible. I know it. You know it. I guess that not everyone knows it, but a significant portion of the userbase does without seeing any problem there.
If the mobile app embeds some kind of web browser then I would expect it to do the same. If not, then what would be the point?
Some posters here imply that they make it look like web pages are being opened in the user's choice of browser while in fact being entirely in-app. If so, that's fraud. Seems unlikely, frankly. The necessity (or lack thereof) to switch to another app would seem a dead giveaway.
If you don't want Meta collecting your data then don't use its crap. I don't. In my view you shouldn't either. "Like" icons and "pixels" on third party sites? Not a problem, since I'm never logged in. Your stupid relative and/or acquaintances volunteering or inadvertently submitting your personal data? That's illegal. This is what we should be concentrating on.
Whenever I suspect that someone is about to upload, say, a photo with me in it, to social media I insist that they don't. I'm afraid that by and large I'm regarded as some kind of paranoid nutter. This needs to change.
-A.
"If you don't want Meta collecting your data then don't use its crap."
I'm afraid you can't 'opt out' because their services are tracking you just about everywhere, so they will eventually figure you are Captain Veg and all this data we collected about 'anonymous user 913415689045643J' is yours.
You can always sign up with them to opt out and/or use their 'don't track me' add-on, but then they can still figure out what you are doing by tracking your 'opt out', so you are back to square one
> their services are tracking you just about everywhere
Can you explain how?
I already explained that I'm never logged in, so they can't identify me through pixels, "like" buttons or other embeds. I reject third party cookies and throw the rest away on session close, so they're going to have to try really quite hard to track me that way.
-A.