How does an app like Threads get access to financial, political, health, religious or browsing info through your phone's OS. What is the actual source of that data?

Wander@yiffit.net to No Stupid Questions@lemmy.world – 214 points –

I'm trying to understand how an app would even get that info in the first place, how that's classified and why a mobile operating system even has a way to provide that data.

Am I correct in assuming that if an app is used without play store / play store framework that it would not be able to get access to that data?

Thanks!

43

From what I know having worked in adtech,

  • they collect as much information as they can from the device such as location from GPS, interests from follows, likes dwell time on posts, and other information you knowingly or unknowingly provide. This includes scraping information from photos and videos you upload to the app. Eg, you upload a picture of an expensive bag with the caption "my new bag" - the bag brand can be determined and assessed algorithmically.
  • the above extends to websites you visit with in-app browsers and the actions you take while on those pages
  • deduce what they can't eg where you live & work based where you spend time during the day vs night,your real life interests based on places you visit eg gym, fast food places, church etc. Also they apply complex algorithms to relatively accurately deduce anything you don't directly provide. Eg if you disable accurate location, they can figure it out based on the ip address(es) you connect to the app from (geolocation algorithms) .
  • and what they can't deduce is bought from third parties. Those are companies normal people don't know exist whose sole purpose is scraping and categorising information - sort of similar to credit agencies but different. In this case, they take what they know about you and send it to this third party which then returns eveything they have that's related. Eg the app (threads) might send your email and username and get a response containing your previous home address (say scraped from some insecure government website)

With the above, even without knowing your name (this can easily be determined) , they are able to know enough about you to determine the kind of person you are, with whom you interact, where you go, your political affiliations, job, salary estimate etc and sell it to advertisers. This is usually sold as "audiences" but given the tools provided to advertisers, it's easy to create hyper targeted ads and recommendations (remember Cambridge Analytica).

We voluntarily give up a lot more information than we realise.

And remember, the smartest people on the planet work at these companies, so the above is nothing in comparison to what behemoths like Facebook, Google, Tencent, etc are capable of.

Second this!

Phones give out a lot of personal information on their own lol. On top of the phone, don't forget that social media apps like Threads also require you to login... with credentials stored at FB/Meta... that they can derive all the aforementioned information on, as well as other type of things (Amazon purchases? Stuff you watch on youtube.com? Google queries?...) by using some creative tracking technology. You basically gave them a dog tag to identify you whenever you sign up for services after all

For shittier apps like Thread, apparently they also do some weird stuff like forcing the app to be on once the OS boots, so... yeah.

This is a really good oversight (see: insight, overview, etc). Honestly, for anyone actually interested in this stuff and what makes the internet tracking/advertising machine tick, take some of the HubSpot Academy’s courses. There’s definitely other courses out there, but the HubSpot ones are all free, and the topics aren’t hard once you get immersed in it.

Plus afterwards you can put the faux-certs on your resume and knife fight with the 20,000,000 other adtech people that just got laid off.

Not a native speaker and kind of OT, but isn’t it supposed to be “overview” rather than “oversight” in this case? Maybe not necessarily “overview”, but I think “oversight” would only mean mistake or supervision. I was just wondering.

Probably. I write half my comments drunk, so I wouldn’t use them as a basis for ESL learning 🙃

It’s a good catch!! Apologies for any confusion.

1 more...
1 more...

Don’t forget, giving these apps access to your photos also opens up a puzzle of location data of where you spend your time and have visited

Doesn't Threads app have direct access to browsing history as well? I feel like that's another can of worm that could probably use some further explanation on.

This sort of makes it tempting to run everything in an emulated virtual machine that is streamed to your phone...

Each app in a separate instance...

1 more...

All due respect to my fellow lemmings, but the ones in these comments are vastly over complicating this. It's extremely simple - you give that info away, and you do it happily. Here's an extremely simple example of every single one of your questions:

Financial

  • you explore job postings on linked in. You upload your resume to Google drive. You say where you work/what you do on your social media. Your bank statements get emailed. You check your credit through an email reminder.

political

You subscribe to websites with particular political leanings. The content you engage with on social media falls in certain political camps. You interact primarily with people that also have those leanings. You block or avoid content that is not to your politcal liking. Every like and subscribe is your personality and political affiliation.

health

You searched "symptoms of (insert thing here)." You ordered a next brace on Amazon. Your doctor sends your invoice to your Gmail account. Cvs emails you your receipts.

religion

See politics.

browsing info

Google literally sells everything you do. It's their business model. Every time you're signed in with Google it's tracking what you do. Every email you receive. Everything you click on. Every item you purchase. Every review you fill out. Google sells it all, and you'd be amazed how fast they do it. Fun experiment, go buy something - jeans, a shirt, shoes, drums, and guitar, whatever from a new place you haven't shopped before. Go buy it and have the invoice go to your Gmail account. Then get on Instagram...time how long or far you scroll before you see an ad for a similar product. Perhaps even a brand you comparison shopped.

You tell it all these things. Whether you realize you're doing it or not, you tell it everything it wants to know just by using your phone. Google sells it, instametathreads buys it, learns more, and then sells what it learns back to Google and advertisers. Rinse, repeat.

Clarification, Google doesn't sell the info itself, it guards that jealously, they sell targeted advertising. They say "we can make sure your advert gets to the people who want your stuff" to the ad companies and sell advertising space on that premise. The ad companies don't know your political leanings, but Google does and makes its money by targeting you with ads relevant to that and other aspects they've identified about you.

Google/Meta don't sell the info specifically because that info is how they provide their "unique" service.

I think your asking the right question but it's hard to articulate because you don't understand the right question to ask.

Say you use google email and google apps to schedule appointments. The information is put into a database and all sorts of data points are collected. The information can be made into a profile and then sold.

If you use an app to record your diet. That could start to show medical information if you're able to put it with the google information and so on.

This is by no means how it's done but something to help you understand what you should be asking.

Online purchases, stuff you've shared, monitoring your IP across the internet, your ISP, your "free to exploit me" email, the tracking id you use at the grocery store for discounts, pretty much everything you do and pay for that is not cash, is farming data to stalk you. These are also the places suggesting new content and generating search results when you look for new information. The two are entirely related, and there are no limits in place to remove manipulation from this feedback loop. You have no way of knowing that places like Amazon are designed to make direct searches impossible. The category options are ambiguous and several techniques are used to obfuscate results. This makes plausible deniability for any case against them for price fixing, but you are seeing the products and prices tailored to what they believe you will pay. It hasn't been about dumb banner ads since internet 1.0. Everything you encounter is tailored to promote certain profitable or convenient behavior.

Stalking people looking for opportunities to exploit them is not only legal, it is encouraged as an industry by US political ineptitude in the most positive tint, and corruption in the most negative. It's digital imperialism where everyone is a slave with no rights of ownership of individual identity and privacy; so long as it is restricted to the person's digital identity. Proprietary hardware and software is a battle for a new age of feudalism. Neglecting ownership of one's digital identity and property is a submission to serfdom. It is like stepping back one thousand years in human progress and development.

Let say you comment somewhere that you make minimum wage, their algorithm picks up on it and now they have you as a low wage earner in their database.

This is a massive over simplification but illustrates the point.

https://infosec.pub/post/400702

Threads app itself is a privacy nigtmare

and YSK : Because of Threads app that makes Meta a threat to the privacy of fediverse users, if there are fediverse instances that remain federated with Meta.

Ross Schulman, senior fellow for decentralization at digital rights nonprofit the Electronic Frontier Foundation, notes that if Threads emerges as a massive player in the fediverse, there could be concerns about what he calls “social graph slurping." Meta will know who all of its users interact with and follow within Threads, and it will also be able to see who its users follow in the broader fediverse. And if Threads builds up anywhere near the reach of other Meta platforms, just this little slice of life would give the company a fairly expansive view of interactions beyond its borders.

https://www.wired.com/story/meta-threads-privacy-decentralization/

Scanning and evaluating context from people who don't use a given service and haven't consented should be illegal. For example, I don't use Gmail because I don't want Google scanning all of my emails. But everyone else does, so Google gets to scan all of my emails anyways when I email other people, and build a profile on me based on other people's lack of concern for their privacy. This issue should have been legislated years ago, but instead we have so called progressive politicians slurping Facebook's balls.

No one realised or really cared until the Cambridge Analytica scandal happened, what makes me furious is that this is still happening today. Millions of people joined Threads, even Rochko's statement on the mastodon blog tends to embrace Meta.

While other mastodon admins declined Meta's invitation

They infer it through your activities online. If you're constantly visiting the Mercedes Benz website they can determine that you're likely in the upper middle class. They use information like that, combined with an evaluation of your approximate education level based on the way you type, combined with what you say, to figure out your income bracket. Then they scan all of your comments, location history, pictures, contacts etc., and put together a profile on your likely interests, political affiliation, and other relevant information for advertisers. It is all very sophisticated and creepy.

I could be wrong but i believe the image that's making the rounds re what permissions the app CAN use, are just that, potential things it can do, not things it constantly does. Facebook (and so i assume Instagram and threads since its the same system) supports methods of payments like google wallet and linking a credit card. Its kinda like how when you sign up for these things you give them "permission" to use your pictures etc, because obviously they need that permission in order to actually show your images, it doesn't mean they can just do whatever they want with photos you upload, same for financial info.

People are so worried about this information and I'm over here like, yeah... if I could have something I want today, ordered for me yesterday without me having to even do it.. that'd be great.

Like, oh, I need a size 10 6.0mm tunisian crochet hook that imma use to make an afghan tomorrow for my niece. I want to have that size 10 6mm tunisian crochet hook at the ready. Ain't nobody got time to mess around. 😂

That’s the attitude that gets people hooked in the first place.

Now see if you can extend that further and see how a company having intimate knowledge of your behaviour could be a problem.

Think about manipulation. Is there a reason you want to buy that crochet hook? Does it have to do with Meta knowing you just had a niece and were browsing on Pinterest, and already have a size 8 and 12 hook but no 10, so then they stuck a child oriented project in your feed that just happens to use the hook you don’t have?

App permission, phone scraping, people just pressing "allow" and "continue".

As long as you use iOS (Apple) or Android (Google) services you will never have any kind of privacy.

First, using Gmail is not a good idea if you care about your privacy. Google is known to being reading email contents.

Second, you buy the device, not the OS. so both Apple and Google will try to profit from you using their OS.

Apple looks like is good for privacy, but I am afraid with iOS closed source there is no way to know. On iOS, app like TikTok can track the sh#t out of you even if you ask not to.

And Android is focused around Google, so using it means give up on privacy. However, you can install GrapheneOS (Android ROM), which is much more secure and privacy focused.