blabaere
Dan GoodinTracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.
vxo@dangoodin oh the Meta stuff is just bonkers. I used to have the SEO-recommended share buttons enabled on my blog until I realized that they were running tracking code from all the sites they offered to share the pages to! Meta's was one of the creepiest, it added seven seconds to page load times while it sat there and furiously fingerprinted the browser. X's did the same and set cookies. Reddit's seemed to just set a cookie.
I yeeted them ALL. Straight up vanished from Google though.
noplasticshower@dangoodin #fuckzuck and the .com he rode in on
Ian Campbell@dangoodin Thanks for reporting on this, as always, Dan.
I'm curious on @mysk 's take here, as well as @GrapheneOS
Tariq@neurovagrant @dangoodin @mysk @GrapheneOS
I'm waiting to see what grapheneOs says to
CatSalad🐈🥗 (D.Burch) 
@rzeta0 @neurovagrant @dangoodin @mysk @GrapheneOS Not having Meta apps installed thwarts this tracking, but if one is installed it looks as if these exploits they use work.
@catsalad @neurovagrant @dangoodin @mysk @GrapheneOS
Thanks
I don't have meta apps but I wonder if the browser might enabler others to take advantage via web-page embedded code that tried to do the same.
(I'm no expert)
GrapheneOS@rzeta0 @catsalad @neurovagrant @dangoodin @mysk Vanadium has peer-to-peer WebRTC disabled by default and only allows server-based WebRTC by default.
We plan to make further improvements to address these things in a more general way including making the loopback network interface per-profile by default and splitting our Network permission to have the option to toggle loopback access separately.
@neurovagrant Vanadium has peer-to-peer WebRTC disabled by default and only allows server-based WebRTC by default. This isn't the only privacy issue caused by peer-to-peer WebRTC.
We plan to make further improvements to address these things in a more general way including making the loopback network interface per-profile by default and splitting our Network permission to have the option to toggle loopback access separately.
@GrapheneOS Thank you folks!
Mysk🇨🇦🇩🇪@neurovagrant @dangoodin @GrapheneOS
Our take on this will hopefully launch next week. We're on track. ✌️
@mysk @dangoodin @GrapheneOS Heck yeah, Mysk ;)
that's what I like to hear!
@neurovagrant @dangoodin @GrapheneOS
We took wild path to eliminate tracking. Very curious how the public will receive what we are launching. The feedback of the beta testers was incredibly positive.
We took wild path to eliminate tracking. Very curious how the public will receive what we are launching. The feedback of the beta testers was incredibly positive.
@mysk @dangoodin @GrapheneOS Yep, I was one of the beta testers. (I don't think I have any other connection to Mysk than that, so I promise I'm not shilling)
;)
byte::Arc<Webmaiden> 
@dangoodin also a reminder that yandex is KGB-owned and behaves accordingly
mirabilos@dangoodin Google… investigating that… 😹
Google are most likely investigating how they can also do that without being caught.
Fringed Crow 
This right here. They all want it and will do anything to get it.
2xfo@Fringedcrow @mirabilos @dangoodin
Google isn't protecting our privacy, they're protecting their data
Google isn't protecting our privacy, they're protecting their data
Brokar@dangoodin I don't know how much more the people must get spied on and digitally violated until they realize to start avoiding services like Meta, X, Google, etc. is the only solution.
But all i can see is that they even consented to getting digitally raped by them. Over and over.
I have no sympathies for them.
And browsers like Chrome, Safari, Edge are not user friendly, they are advertiser friendly. FF is also leaning towards that direction, making questionable design decisions lately.
wb x64@Brokar @dangoodin *avoiding for-profit tech companies (the names change but the abusive profit motive remains)
@Brokar @dangoodin
A lot of people are not aware of this, at least near me, but in many countries Facebook IS the Internet because they pay for your data charges as long as they're all from Facebook. This was not a choice people made, it was the only option given to them.
A lot of people are not aware of this, at least near me, but in many countries Facebook IS the Internet because they pay for your data charges as long as they're all from Facebook. This was not a choice people made, it was the only option given to them.
Yeah, i know. But i'm talking about the western countries who know about it and people still do it. Wasn't Cambridge Analytica a hint? Or Frances Haugen? How much more do you need to come to a conclusion?
CM Thiede@dangoodin hard to shake the shadow of one's straw man.
#MuzakLessons #Ministry #ScareCrow #SurveillanceCapitalism #DigitalSovereignty #BigTech
Scare Crow
BogDrakonov@dangoodin there is a reason I block all domains and IP ranges owned by Zuckerberg’s entities. I’ll add Yandex to that list
Мяу Машина@dangoodin опять.
davecyklGoogle: “Hey, look at those bad guys with their sneaky trackers and identifiable profiling and everything! No, don’t look here at us, look over there at those other bad guys… we mean, those bad guys… Over there, yeah.” 🤔 #privacy
Toni Aittoniemi@dangoodin Russia needs this data for sabotage & hit operations…
Venc Dvorak@dangoodin It's simple. Don't use Android and other platforms. Don't browse on your phone except well know pages.
Andreas Proschofsky@dangoodin regarding the last paragraph: this is coming in Android 16, it was a pretty late change (and right now is only opt-in as it would break a bunch of legitimate apps), but seems like some steps are being taken. (And I guess the timing might be no coincidence) https://developer.android.com/privacy-and-security/local-network-permission
@FourQ ♿@dangoodin Trying to deny all legitimate interests can be a real PITA. Even after hitting Object All in legitimate interest sections the odd vendor still stays active. Deny All buttons should be made to include legitimate interests as well. Make them opt in.