Holy shit this is detailed.
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
@paco i worked at major anti-virus company. not only i can believe it, i think it’s default mode of all companies that came into contact with any sellable user data
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
Kinda makes you wonder what all the other slimy digi-corpos are doing.... this is just one that's been caught after all.
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
I'm more concerned with the fact that extensions *can* be detected this way. Web pages should not be able to detect the presence of extensions. If they can, that's a security vulnerability.
-
Kinda makes you wonder what all the other slimy digi-corpos are doing.... this is just one that's been caught after all.
@kitkat_blue Years ago I was working for a retailer in the UK who had only recently built their first mobile app on iOS. Like most apps of that era, it was little more than a webview and it didn't need much permisisons.
Like most developers, they had incorporated some analytics package that was reporting on users' interaction with the app. I'm fairly sure it was a binary library that they linked into their app. I don't think they got source code. I might be wrong.
I could see the telemetry going up in the analytics API calls. Which buttons, which pages, etc.
Then one day they launched an app feature "find a store near me." Now the app needed location permissions. If the user granted location permissions, the analytics library got access to location. Anything the app can do, the analytics library can do. And, sure enough, those analytics telemetry messages started to carry GPS coordinates from the user to this third party. My customer didn't make any change to their code. They didn't turn that on. They just asked for, and got, location permission from the end user for a legit purpose in the app.
I pointed it out, because this was a change in behavior that was not contemplated by their privacy policy. Heck, it's a change in behavior they didn't even know had happened! It wasn't in their code! So they quietly pushed out a small update to the policy that made it OK.
That was probably like 15-16 years ago.
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
for anyone who'd like a sense of their more common fingerprint, see here:
I wish this site had 4B entries and not 4M ...
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
@paco I bet they’re not the only ones that scan your extensions.
-
Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?
@paco But this cannot be legal in Europe/EU!
-
@paco But this cannot be legal in Europe/EU!
@energisch_ I’m not a lawyer or European. But that blog makes a very strong argument that you’re right: it sure seems illegal by EU law.
-
@paco I bet they’re not the only ones that scan your extensions.
@YurkshireLad no. Nearly any mobile app can do this and more.
-
G gambolputte@expressional.social shared this topic
