Exposed: Facebook's Corrupt Spyware is Tracking you OFF the platform

ShadowRebel@monero.townbanned from community to Technology@beehaw.org – 295 points –

From internal leaks within the company as well as external analysis, the tip of the iceberg behind Facebook's spyware empire is exposed. Take a look to better protect yourself when you're not even on the platform: https://simplifiedprivacy.com/facebooks-corrupt-off-platform-surveillance/

71

You are viewing a single comment

Duh. Like this isn't news. In fact, their tips for avoiding Facebook tracking you are terrible. VPN + VM? Still going to track your data habits through finger printing which is not specific to hardware or browsers but browsing habits. Of course, as well, you can't control your friends or family's habits which are going to upload pictures and other data about you. Facial recognition is going to tie your data to anything you put your picture on. None of these things actually help. They just take the algorithm an extra millisecond to compute the data.

Even if you and your family got off of Facebook right now, Facebook would still understand your browsing habits and realistically they don't even need to be accurate, just enough data to massively sell that data to the NSA or advertising agencies or whoever else. So, I'm not saying get a Facebook account but I will say, don't make your life harder for little to no gain.

Leaving Facebook has likely never made anyone’s life harder.

It can and has. There's no way I could keep in touch with old army mates. They won't all move to other platforms. I don't even know of an alternative for group chats and finding people.

Unfortunately I have to go along with it. I keep it locked down as much as possible, use it only on Linux desktop etc. But there you go.

My brother, you all have email, phone, txt...

I know these are there - I said so in my post. It does not work when others are on FB and will/can not leave for another platform. None of that is comparable to to FB for group chat, looking for people, swapping pics etc. People may not want their phone number given out (a bit ironic when FB has everything else I know).

It's so easy (and dare I say lazy?) to just say 'FB bad, use phone/Signal/email etc.' but not offer any real alternatives. Let's face it, FB has this covered. It's so simple to get your nan, mate to join because all their friends/relatives/workmates are on it. There's no shame in admitting that it provides a valuable service for some people.

I think it did in the past when FB would show you exclusively posts and pictures from your friends. This is no longer the case, its an advertisement and fake news platform that has long alienated all sane people to the point where they no longer log in or post anything.

All I see now when I open fb is "shares" from obviously bogus or right wing sources that my not so bright ex classmates or boomer relatives post, or ads.

None of which are the same or similar interaction process if they were it never would have taken off

Discord is my solution. I made a server, invited my friends in EU and we blab away for hours whenever we want, including video calls. We are happy with it 🙂

That works for you and friends - fine. It does not work when others are on FB and will/can not leave for another platform.

Telegram, discord, mastadon, signal, session, etc there are too many to list

Which are all useless if nobody you want to talk to is there.

Oh, that's why it was so easy for me. There's nobody I want to talk to.

Then simple text or oldschool phonecalls work

Facebook is a passive form of information feed on your family and friends. Phone calls are not a direct analog to them.

Some would say that is better

I can't switch away from messenger until everyone else does, because a chat app that doesn't actually connect me to the people I want to talk to is worthless to me

---Everyone

Text

Lacks a publicly accessible user database. I can't get your info unless we have a mutual.

Which I like, semi aquaintance relationships are just fodder

Discord is a giant data hog. It's not a good argument.

The thing that Facebook has is momentum and a passive feed.

I know these are there - I said so in my post. It does not work when others are on FB and will/can not leave for another platform.

2 more...

Communication with loved ones can be harder without Facebook.

Not in my experience. Anyone I need to talk to has a phone. Everyone else has email or snail mail. Simple.

But YMMV.

But your experience is not all experiences

True. But I would be shocked — shocked, I say! — at a person who has FB but not a phone, email, nor postal address.

Yeah, a lot of people want to video call across phone oses. Like FaceTime works for iphone but not Android.

How about texting? Does texting work?

n...no? It's like saying to a person who wants to watch a movie, what about a book? Does reading work? Like no, not really. Not even close.

My mom lives in a different country, is retired and can very easily use Signal to msg me and do video calls. She has no technical education, and is not very good with the devices. But... she could install Signal and use it every day.

Congrats, one data point doesn't define a statistic. Equally, I have family who only use Messenger and can barely work with that. So from my statement, these people exist, even if it's just my family. I know I've seen a lot of similar experiences but even just my direct family is enough to justify me stating that just not using facebook doesn't work for everyone.

Facebook has cross platform video calls?

Yeah, with messager.

TIL. I haven’t been on Facebook in so many years that I didn’t know this. Still, given how many good alternatives are out there, it doesn’t seem like a good reason to keep using Facebook.

It's a way to connect with people who only have Facebook accounts and don't want to deal with moving or figuring out another account. Someone will pipe up and say "yeah well my 102 year old grandma figured out signal!" yeah, well good for her, she's largely the exception. People want something simple, that works, that will be around in 10 years.

2 more...

Using weird anonymization techniques will also make you more unique. Disabling JS, running in a VM and having uncommon settings in general will make you very easy to follow around.

I guess I'll just wait for the Carrington Event.

You can not use Facebook with JS disabled. uBlock Origin is an option to reduce facebook off the platform. Running a VM is an effective strategy for isolation of certain sites. No solution is perfect, nor is it for everyone.

You cannot do a whole lot without JS to be honest. My comment was not about Facebook but fingerprinting in general, though I kinda forgot to mention. I suspect finger-tracking strategies are kinda trade secrets so it probably varies. Running a VM still expose your VM settings, which basically let them track your VM around. This is the insidious thing about fingertracking, you can be followed around with spoofed data just as well. The very first time you will login anywhere, whether you use a VM or a VPM everything you touched with those settings will now track back to you.

You cannot do a whole lot without JS to be honest

Every time I see people talking about privacy solutions and suggesting to disable and block JS, I'm just completely dumbfounded. It's not 2005 anymore. Most of the web these days is driven by JS. Nearly every web app you interact with, every site that has dynamic content, etc. all use JS. Disabling it entirely simply is not an option. You can find ways to selectively block certain origins, but that's it. And trying to run noscript and just whitelisting only the things you absolutely need is a phenomenal amount of work. I know. I used to do it. It got really tiresome. Every single site is broken by default, and then you have to spend 20 minutes trying to find which scripts you have to whitelist to make a site functional.

I'm not saying this to be defeatist, but to be honest about the kind of work it takes and why we need to find seamless and user-friendly ways to block the kinds of things FB does.

Of course, as well, you can't control your friends or family's habits which are going to upload pictures and other data about you

At least, it's illegal in Europe. People have a right on their image.

You are correct that facial recognition and any data put into facebook would still be tracked regardless of the steps you took. You're also correct that your friends and still leak info about you. However, I strongly disagree with your criticism regarding VPNs and VMs. A VPN is something you should be doing anyway, this is not really news to anyone here. And regarding VMs, the article does not say it's for everyone, only those with a high threat model that want to use facebook anyway. It is not true that if you browse in a KVM machine with a given fingerprint, that it would lead back to browsing outside it. You are correct that a VM is a lot of effort for most people, and in fact, the majority will not choose this route. But this is educational material for those who ARE interested, this is what some choices are.

How can Facebook track your browsing habits if they can't access third party cookies?

You know how most websites have a Facebook like button?

Ok, so if I visit a travel site with a Like button, then Facebook knows someone visited that site.

Later if I visit a sports site with a Like button, then Facebook knows someone visited that site too.

But since I don't let Facebook store cookies on my browser, Facebook still can't link the first visit to the second one. Or link those visits to any future sites I visit. So how it can serve personalized ads on them?

It can link first by IP address, and then by fingerprinting.

Best to use unlock origin etc. to block all those little buttons. Don't even connect to their server

If third parties agree they can send Facebook plenty of information when you visit to figure out who you are.

Even sharing information, how do they build a profile without third party cookies?

For instance, suppose I visit a travel website on Thursday and a sports website on Friday. Even if they work together, how do they figure that the person who visited on Thursday is the same as the person who visited on Friday? And how would Facebook match that when I visit them in order to serve a travel or sports ad?

If I ban third party cookies, use a VPN, and obfuscate my browser/hardware, then I don't see how they could build a profile that follows me around the web.

Because things like even the window size connects that data together. Window size, features of the browser http://www.supportdetails.net/ is a non malicious version of it that only shows very basic support details. This is a more detailed version https://browserleaks.com/ even when your browser doesn't leak data though, that in itself is unique. Specially since Facebook buys ISP data and can connect that x IP made a connect to x VPN.

So that ties all the visits together. From there you then can say well we know from past days that Todd visited this website and that website typically back to back. So this anonymous user data is likely Todd because of the browsing habits Todd has is supported by this data.

Additionally they get third party datas to confirm and tie it together. So they'll eventually see you login to a website and get those account details like email address. From there they've built a full profile on you. Even if some websites are wrong, most of them are correct and that's all that matters.

9 more...