Threads collects so much sensitive information it’s a ‘hacker’s dream,’ experts say

Mereo@lemmy.ca to Technology@lemmy.world – 496 points –
archive.today

The specificity and quantity of information the text and multimedia platform can access poses a risk to most users, if it falls into the wrong hands or is used to target them, tech experts agree.

“This is a hacker’s dream,” said Claudette McGowan, a longtime banking executive who founded Protexxa, a Toronto-based platform that uses artificial intelligence to rapidly identify and resolve cyber issues for employees.

58

And yet some want to hear meta out before deciding whether to federate or defederate from them.

All of the data Meta could gather by federating is available to anyone who sets up their own server. The hacker would just need to know how to use docker. What's scary is the extra information Threads users give away by being on threads.

and that alone is worth not supporting such a gross company via never federating with them

It's not lurking I care about. I don't want to be interacting with them at all or providing any sort of comments for them to respond to. You know... Same reason people deleted their content from reddit so it doesn't provide future engagement to the platform through comment responses, upvotes/downvotes, and search engine results.

And I have way less issue with Reddit and chose to delete stuff to remove interactable content on their platform. And I actually do like reddit compared to Facebook, and still chose to burn bridges that way. So I think it's no surprise why I don't want federation with them. If they want to lurk and scrape public data that's fine. I don't want to be a contributor to Meta though more directly than I have to.

Yeah, that's fair enough. I just wanted to point out it's not our data that will be in jeopardy any more than it is right.

I never have an expectation of privacy when it comes to content posted on any public platform.

It's being part of the audience that engages and provides content that leads to feedback loop to stay in the Meta platform I'm so completely against. If people want to do a direct link to unfederated instances on Meta I'm fully for that to encourage people to make a non Meta account and maybe move towards joining those instances.

But, being actually part of the same interacting group that is choosing to feed into the value of Meta. No thanks.

that extra information is among other things:

The privacy policy Threads has embedded in Apple’s app store shows it may collect, and link to your identity, data including your health and fitness, financial, browsing history, location and contact information, along with the broad category of “sensitive information.”

I'm not sure what defederating from them solves in regards to this topic. If they wanted Lemmy, Kbin, & Mastodon's data, they could always just set up another instance with a different domain name and not publicly announce what that domain name is, and we would have no idea who to defederate from. Or they could just scrape the data from the web page, no federation needed.

I don't want to see their content, which is a valid reason to defederate (or block, if that were possible at the user level) imo. But defederating because we want to stop them from getting our data is not even slightly effective, so I think it makes an unconvincing argument.

It’s not lurking I care about. I don’t want to be interacting with them at all or providing any sort of comments for them to respond to. You know… Same reason people deleted their content from reddit so it doesn’t provide future engagement to the platform through comment responses, upvotes/downvotes, and search engine results.

And I have way less issue with Reddit and chose to delete stuff to remove interactable content on their platform. And I actually do like reddit compared to Facebook, and still chose to burn bridges that way. So I think it’s no surprise why I don’t want federation with them. If they want to lurk and scrape public data that’s fine. I don’t want to be a contributor to Meta though more directly than I have to.

Serious question:

How much data does the ActivityPub protocol give out if it was to be federated and I was to, for example, reply to somebody on a Threads post using this account?

Or is the objection more that we don't want 99% of the Fediverse to be hosted on Threads?

I never have an expectation of privacy when it comes to content posted on any public platform.

It’s being part of the audience that engages and provides content that leads to the feedback loop to stay in the Meta platform I’m so completely against. Same reason people deleted their content from reddit so it doesn’t provide future direct engagement to the platform through comment responses, upvotes/downvotes, and search engine results. If people want to post a link or copy paste comments to Meta I’m fine with that. Meta users are welcomed to lurk or create separate accounts here to use non meta federate instances. Go scrape or set up an instance and get all the content for all I care.

But, being actually part of the same interacting group that is choosing to feed into the value of Meta is not what I want. I didn't come here to be a meta user and whether it's through their instance or indirectly through federation that people can reply to your comments like you did mine is enough to be part of the Meta user base at that point. No thanks. At least back on reddit you know you aren't directly contributing to the Meta platform and only interacting with the reddit user base.

Those are shills and likely getting paid by Meta to come in here and shill. You all really ought to go complain to the admins of the instances allowing it, and move to instances that don't.

I wish I had the money to set up one. I'd do it and ban those scumbags on sight, and defederate with any instance that refused to regulate them.

3 more...

I'm sure the 2 billion+ instagram, facebook and whatsapp users will be absolutely shocked by this and stop using it /s

Oh no who could have predicted it?

*man gets bitten by snake*

Hmm, I got bitten. That hurt

*man gets bitten by snake again*

Ow, that hurt

repeat

And not some random snakes around there, it's the exact same snake.

Blocked Facebook, instagram, WhatsApp and Meta on DNS. One day I checked the logs and saw Facebook so I started investigating and turns out many apps have trackers in it like Spotify host Facebook trackers. Blocked Spotify now.

Sort of tangentially related to this... Today I was telling my mom about something I bought and I mentioned the brand + a general description of the item. About an hour later, she showed me a screenshot of her Facebook feed with an ad for the exact brand and item even though she didn't google it, etc. Makes me so uncomfortable. I'd feel a lot better if I knew specifically how they were getting the data so I could try to block it.

Atleast she noticed so it's good. Most people dont even notice stuff like this. The only way to stop this is to stop using Facebook but boomers are the only one stuck on Facebook now because of some BS neighborhood watch community or something similar.

How do you replace Spotify

I downloaded musify from Fdroid. Its not the greatest app out there but gets the job done and I am happy with it.

Ah yeah, I’m on iOS so I think I’m screwed

Lol thats okay. We all getting screwed one way or another and Yea I dont even trust iOS. Theres a huge divide among regulars between iOS and Android. I dont understand why they start a whole debate on how one OS is better than another 🤦‍♂️ Regulars need to understand they will always be on the losing end especially 9-5s.

Absolutely. What’s keeping you from using both? I use everyone of them and I don’t get this whole fan base divide.

Outside of it being a Meta creation, the fact that it is inextricably tied to an Instagram account is enough to keep me away. Even if the app itself isn't collecting your data (it is, though), all of your information is bundled together in a neat little package, stretching across platforms.

Genuinely curious, and this really isn't meant as a gotcha or anything, do you also avoid all Google products then?

I really don't understand anyone who would choose to leave Twitter (an appropriate choice) to then join Threads. You've not upgraded or changed anything about being on a shitty service.

The vast majority of the people online don't give a shit about technology, they just care about what technology can do for them. So, if we are talking about a platform like Twitter/Threads, people want a platform that allows to them follow/interact with the people they want to follow or interact with. They don't care if it's open/closed-source, if it's harvest your data, etc. They just want to use it the platform, that's it.

Twitter has rapidly been getting overrun by alt-right edgelords and crypto bros and is inextricably tied to Musk and his culture war of the day. Threads feels much more normal in comparison, and Zuck is smart enough to mostly be quiet.

Wait Hol'Up...."Keystroke Patterns"...??? Does that mean it is harvesting my password manager master password???

Everyone freaking out every time they realize every fucking 'type ahead' or "predictive text" system is essentially a Keylogger. Android and Iphone keyboards, the chrome browser, etc are keylogging all your shit already, and any javascript typeahead predictive engine that has to ask a service "what comes next" has to by it's nature have the things that you're typing to predict the next thing.

Predictive text isn't something I normally see in password fields.

you'd think it'd get disabled for all the things, but yeah....

If you had one or two of their plugins/options enabled in chrome it was smart enough to detect when you typed your google password outside of google and send you to change it.

Password manager feature maybe?

So threads is basically Instagrams version of Twitter? I see no difference and it offers the exact same experience and features?

I still can figure out how the app would have any access to my photos, finance or health information if I don’t give access

https://www.xda-developers.com/android-permissions-bypass-play-store-apps/

This was back in 2019. Wonder how much permissions have improved to fully deny apps from attempting to collect data if permissions are denied.

Yeah I am sure Meta collect it anyway. I heard they even have shawdow accounts for people who don't even use Facebook or ever would.

Yeah, shadow accounts seem easy since meta collects contact lists from people who use it, so they at least have names and phone numbers and possibly emails of people who haven't made a Facebook account.

Yeah, shadow profiles are a major issue, both on a privacy and online safety level.

https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy

Ugh, reading Suck's (keeping that error) bullshit responses enrages me; he never answers the question. I deleted FB c.2014 but have friends that still use it, so I'm fucked regardless of my ad/tracker blocker.

Also, that threads homepage image looks like someone took pictures of all the massive shites they took over a week, composited them, and then adjusted the sliders to black-- adding a prism gradient for the text area. They aren't spending their money on graphic designers..

Why would anyone use Threads/Facebook/Meta, is beyond me. Big Social and especially Zuckland collects so much sensitive data, and it freaked me out when I first learned about it. After that, I moved to Fediverse and have been there since. And became a much more privacy-conscious user. Of course in our day and age, escaping from surveillance is difficult but at least avoiding the Big Social is an important step, in my opinion.

I've never given ANY platform accurate or correct information about me, and the information I DO give is salted to make it easy for me to trace where the leak/hack/whatever came from.

Why this is not taught in grade school is beyond me.

There's a lot of things not taught in public schools that ought to be. Also a lot of things that are taught that shouldn't be.