Data-harvesting code in mobile apps sends user data to “Russia’s Google”

Data from apps on Apple and Google-powered mobile devices is sent to Russian servers.

Read the whole story

 

[randomcat]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

We've been pouring heavy weapons into Ukraine since the war started. Not sure why you'd think otherwise...

I think you need to consider that while we do not have your special point of view from within Russia, you do not have our point of view from OUTSIDE of Russia. We don't see what's going on in Russia like you do, but we've got an excellent view of exactly what Russia is doing to the world right now. A much clearer picture than you, apparently. And it's incredibly ugly.

 

[orangpelupa]

... even providing beautiful UI to get all the info as soon as it's necessary to put someone in jail.

I wonder if that's one of the factor making yandex analytics have a much easier to understand dashboard out of the box, than Google analytics

 

[TheFu]

The fault is google's for not providing ways for end-users to control which data can be accessed by what apps. It isn't just yandex that we need to worry about.

When the google people decided to bundle 'location services' and bluetooth together, they forced a number of users to enable things they didn't want.

This is google's failure, at least on Android and it isn't new.

Give users to ability to drop permissions for **any** app - or system-wide.

I'd love to prevent location data from ever being seen by all applications (including google's), and only provide it to my GPS program(s) and E911 services. There just isn't any need for Contacts or any website to have access by default. Sure, if I like, I could allow those programs to work by snagging GPS data, but I wouldn't.

I'd also love to disable network access to 99% of the applications, 95% of the time. Let them get data and cache it locally for a few months. No need to be live all the time.

 

[monogon]

Keep in mind, the Russians are making activists and journalists disappear. The difference between a contact list and a target list is just context.

https://www.cnn.com/2022/03/29/europe/u ... index.html

 

[daveishereagain]

Sound like I made the correct decision to wipe Yandex translate from my devices the minute russia declared war (yes it's a war) and invaded Ukraine.

Well, the correct decision would have been to never use any Russian sofware that's connected to the Kremlin... Putin can't be trusted.

Fixed it for you. As someone who, only just yesterday, was speaking to their Russian ex about the war (and who themself has Ukranian family members that are trying to escape Ukraine), I found your generalising comments both insulting and inaccurate. There are many decent Russian people in Russia and outside it who are as against Putin and/or the war as anyone else.

Oh and by the way nationalities are usually proper nouns and thus need a capital letter at the start.

Unfortunately, while that may be true, we can't trust anything Russian for reasons that have been discussed over and over in this thread and others. Even good, decent Russians can be forced into committing nefarious acts by the thugs running Russia that they would never have contemplated on their own.
I lived through the Cold War and never once considered the Russian people my enemy. I still don't, but it's not our fault if we can't trust anything or anyone Russian. Nothing personal, it's just security.

 

[leonwid]

> Senator Wyden added: “Apple and Google maintain that their monopoly-like control over their app stores is necessary to keep consumers safe. Every day that apps built off the Russian Yandex SDK remain in those stores is further proof that the consumer safety they claim to offer is an illusion.”

I’m not quite sure what Wyden wants. As a US Senator his talk is bot cheap and abundant without much consequence. But there is a point here.

The big question is what should Apple, or Google, do? Yandex is not forbidden by the US government. Should Apple decide to block new sales of applications that contain Yandex SDKs? Maybe block Yandex URLs from within iOS? Or remove all apps that contain Yandex modules from iOS devices?

What would be an appropriate step for a company to talk here?

 

[graylshaped]

Ron Wyden, chair of the US Senate’s finance committee and one of the architects of US Internet regulation, heavily criticized Google and Apple for not doing enough to secure smartphones from the Yandex software, which has found its way onto 52,000 apps reaching hundreds of millions of consumers.

“These apps leech private, sensitive data from apps on your phone, threatening US national security and the privacy of Americans and other individuals around the world,” he said.

Yandex poses a risk due to Kremlin interference, but--at the risk of whataboutism, Senator Wyden--the solution is for the US to take EU-level steps to prevent this type of data collection and privacy violations through robust legislation against all such actors, including domestic ones.

 

[Deleted member 92645]

Sound like I made the correct decision to wipe Yandex translate from my devices the minute russia declared war (yes it's a war) and invaded Ukraine.

Well, the correct decision would have been to never use any Russian sofware that's connected to the Kremlin... Putin can't be trusted.

Fixed it for you. As someone who, only just yesterday, was speaking to their Russian ex about the war (and who themself has Ukranian family members that are trying to escape Ukraine), I found your generalising comments both insulting and inaccurate. There are many decent Russian people in Russia and outside it who are as against Putin and/or the war as anyone else.

Oh and by the way nationalities are usually proper nouns and thus need a capital letter at the start.

Unfortunately, while that may be true, we can't trust anything Russian for reasons that have been discussed over and over in this thread and others. Even good, decent Russians can be forced into committing nefarious acts by the thugs running Russia that they would never have contemplated on their own.
I lived through the Cold War and never once considered the Russian people my enemy. I still don't, but it's not our fault if we can't trust anything or anyone Russian. Nothing personal, it's just security.

Thanks you said it way better than me.

I have close friends in Ukraine and I visited this beautiful country many times, so I think it’s safe to say that I’m very emotional when it comes to the brutal and senseless russian agression on Ukraine.

I think I will just comment less on anything related to russia.

 

[Fabermetrics]

When the mass graves are revealed in Ukraine once Ukraine takes back its lost territory from the criminal state of Russia, it will be sad to watch Artem S. Tashkinov cite My Lai and Chenogne as to try and justify the atrocities rather than simply call them what they are, atrocities. Russia's whatabout epidemic is greater in scope than its AIDS epidemic.

 

[owizg]

Wait until they learn about Xiaomi phones.

 

[daveishereagain]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Bombs.

It sucks to have Google sell your kids data to corporations without your consent. But that's completely different from Russia dropping cluster bombs on your neighborhood based on data in these apps.

Is there evidence this is happening?

I know there's evidence that idiot Westerners on Reddit are getting bunkers bombed in Ukraine because they just gotta post photos online. That doesn't need Yandex's analytics involved at all though.

The time for evidence is passed. Rule #1 in Security-Trust no one. If you think the Russians aren't using using every means at their fingertips to target munitions I have a bridge to sell you. It's one thing for an advertiser to have location data, it's quite another to have the recipient of the same data wanting to use it to drop a bomb on my head.
Try and use a little critical thinking. With anything Russian, all bets are off and try to contemplate that it's not unreasonable for us to think this way. We certainly didn't want it this way, but this is the reality we face. It sucks, but, here we are.

 

[adespoton]

Yandex has acknowledged its software collects “device, network and IP address” information that is stored “both in Finland and in Russia,” but it called this data “non-personalised and very limited.” It added: “Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this.”

Assurances of what can and can't be done by Russians regarding data generated through apps used by those they consider enemies?

Yeah, nothing to worry about there... /s

I trust them on this. The weasel word in the paragraph is "solely". Yandex is the Google of Russia, with the search engine, mail platform, IM client, etc. to match. This means they aren't restricted to "solely" the information collected from the API; it's additional data to aggregate with the data rich collection they already have.

And I haven't seen them state anywhere (nor would I trust it if I did) that they don't aggregate data from multiple sources.

 

[Readercathead]

While it's all gloom and doom, let's recall some inconvenient facts about modern tech:

* Any app/application which accesses its own Internet servers [potentially] leaks your IP which for most users means your location as well
* On Android an app with zero permissions has a ton of ways to uniquely identify and follow you, check https://play.google.com/store/apps/deta ... missionapp
* In many countries of the world cellular providers regularly ping your smartphone and record your location several times a day
* This Ars Technica page contains at the very least five Internet trackers (and that is after I enabled NoScript + uBlock Origin)
* Don't get me started on pervasive CCTV and AI to identify anyone and everything

If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well. As a Russian citizen I have near zero applications made in the country because I just don't trust anything made here.

For almost a decade now Yandex has been doing everything the Kremlin asks.

Largest social networks in Russia, VK and OK have long been almost wholly controlled by the government. The police has unrestricted access to all private correspondence in these networks, that's why I stopped using them over six years ago.

As a reminder: Internet companies in Russia are not free to do any business unless they "cooperate" with the government which means collecting and sending data to the Kremlin on cue or even providing beautiful UI to get all the info as soon as it's necessary to put someone in jail.

Thank you for this heart-felt and well-researched post. Russia’s tyrannical government provides many lessons that the rest of the world needed to learn yesterday. Other governments are not currently arresting all internal critics and mass-murdering an entire separate country. It’s a moral imperative for Apple and Google to immediately warn Ukrainians and Russian dissidents these apps are putting their lives in danger.

We do have serious privacy problem in every country and only the EU is occasionally fighting it. Any government could become corrupt at any time and start abusing this massive collected data to control its citizens. There are elements like this in the US gov right now that we need to be aware of. Never forget they spied on MLK and put him in prison, they kidnapped BLM protestors off the street in the dark in Oregon and deliberately shot out protestor’s eyes with tear gas during the Trump administration. Never forget Trump literally pardoned a war criminal. We were this close to Trump and his mob actually executing our national congress and VP, and overturning the US government. They have barely been slapped on wrist so will keep trying until they succeed.

We have a brief window to put a stop to the flood of personal info — all credit card purchases, medical data directly from your doctors, automatic license plate scanners, and second-by-second location data — plus all the data being collected from our phones and home browsers.

 

[daveishereagain]

Sound like I made the correct decision to wipe Yandex translate from my devices the minute russia declared war (yes it's a war) and invaded Ukraine.

Well, the correct decision would have been to never use any Russian sofware that's connected to the Kremlin... Putin can't be trusted.

Fixed it for you. As someone who, only just yesterday, was speaking to their Russian ex about the war (and who themself has Ukranian family members that are trying to escape Ukraine), I found your generalising comments both insulting and inaccurate. There are many decent Russian people in Russia and outside it who are as against Putin and/or the war as anyone else.

Oh and by the way nationalities are usually proper nouns and thus need a capital letter at the start.

Unfortunately, while that may be true, we can't trust anything Russian for reasons that have been discussed over and over in this thread and others. Even good, decent Russians can be forced into committing nefarious acts by the thugs running Russia that they would never have contemplated on their own.
I lived through the Cold War and never once considered the Russian people my enemy. I still don't, but it's not our fault if we can't trust anything or anyone Russian. Nothing personal, it's just security.

Thanks you said it way better than me.

I have close friends in Ukraine and I visited this beautiful country many times, so I think it’s safe to say that I’m very emotional when it comes to the brutal and senseless russian agression on Ukraine.

I think I will just comment less on anything related to russia.

Completely understand. My thoughts are with you and I surely can't imagine what you are going through. My sadness continues daily at this complete tragedy.

 

[lcklspckl]

> Senator Wyden added: “Apple and Google maintain that their monopoly-like control over their app stores is necessary to keep consumers safe. Every day that apps built off the Russian Yandex SDK remain in those stores is further proof that the consumer safety they claim to offer is an illusion.”

I’m not quite sure what Wyden wants. As a US Senator his talk is bot cheap and abundant without much consequence. But there is a point here.

The big question is what should Apple, or Google, do? Yandex is not forbidden by the US government. Should Apple decide to block new sales of applications that contain Yandex SDKs? Maybe block Yandex URLs from within iOS? Or remove all apps that contain Yandex modules from iOS devices?

What would be an appropriate step for a company to talk here?

Senator Wyden is known as a privacy advocate. He has advocated for consumers on many occasions. He might be bought, and I didn't look, but if I'd have to guess the buyers it would be unions. He is one of the national Senators for Oregon and my comments do not address state level politics of Oregon.

Edit: to say that talk is indeed cheap. This one is active to the privacy cause.

 

[JFTestudo]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

You're right, the use of the information by Russia is much more evil than what's been done so far (at least as far as we know), but the point I'm trying to make is that, if you're mad at Yandex/Russia for tracking PII, but not mad at all at when various organizations within the West track PII, then, you don't really have a privacy problem, you have a nationality problem.

Which is fine -- as I said, I would prefer NATO take a much harder stance in the Ukraine then it currently has. But, let's not say we're defending privacy as a global concept when our stance is "It's okay for our governments/companies to spy on people, but it's not okay for our adversaries' governments/companies to spy on people." And let's not pretend that Western use of PII has never done harm, either. There's a big difference between "not as dirty" vs "clean."

Edited to add: As the most public Western example in recent memory, look up "National Security Letter".

 

[adespoton]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

Artem, most of us on here aren't haters, and many of us get what you're living through (thanks Trump). Probably good to step out of the discussion at this point though, as there are those who will only see what you say when it looks similar to Russian government talking points, and that's likely to make you feel even more like you've been abandoned by people in the West, even when that's not really the case.

Despite the protests that the west isn't looking for regime change, I suspect Russia will be welcomed back by the international community when that regime change happens -- especially since -- as you point out, EU hasn't ever really walked away from THIS regime.

Your point is a good one: anybody living in or around Ukraine should have removed all Russian apps from their phones as soon as the invasion began. Or at a minimum, installed a Russian blocklist via the likes of Lockdown.

Speaking of which, I don' t know why I've never bothered to do that: there is absolutely no reason why I'd want my data going to entire swathes of IP ranges around the world.

[edit] Just found out why I've never done it: it's the work of a moment to add yandex.com to Lockdown. But I don't appear to have ANY content blocker or firewall that can drop IP ranges??? And I can't find any online either. Every search just returns a bunch of dodgy VPN services -- and I don't trust any third party VPN from a privacy standpoint. I may have to set up a VPN to my own network and do the filtering at my home network gateway.

Anyone have a better solution?

 

[quietnine]

Seems like if someone is using Opera that Russian SDK's would be the least of their worries, considering the browser is now essentially under the control of the Chinese government.

Would've been nice to see at least a list of the 10-20 most popular apps using these problematic kits, though. Else this article is kind of "you might have a problem! who knows?!"

 

[viktorcoder]

> Russia’s biggest Internet company has embedded code into apps found on mobile devices

They didn't embed it. App developers did. They liked something in analytics service Yandex provides to them. Most likely, those apps have several SDKs in use at the same time

> “The AppMetrica SDK claims to provide appropriate services, all while phoning home to Moscow with deeply invasive metadata details that can be used to track people across websites and apps,” said Edwards, the researcher.

This is true for every analytics SDK out there. They all phone everything they can feasibly collect to their home offices. Yandex, being a Russian company, has server farms in Russia.

 

[beebee]

Ha! I was just talking about Yandex for work a couple of minutes ago.

Years ago, our marketing department didn't want us to block Yandex's web crawler... but we still did since they'll never know.

A yandex search url looks like an attempt at buffer overflow in a server log. Really really long. It bugged me even though not a problem as far as I could tell so I blocked them.

 

[uhuznaa]

The problem is that the user has no simple way to see which SDKs an App includes and where this sends data. So if you allow an App to access your data (like location or contacts) it's not just this App that can access it -- the SDK then also can access it and send it to wherever it wants.

I've long thought that it should work like this: Apple and Google should require every App to include an exhaustive list of hosts/ports it needs to access and then the OS should treat this list as a whitelist and block everything else. Then expose this list to the user in the settings and allow him to edit it by disabling access to addresses he doesn't want to provide his data to.

 

[quietnine]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

You're right, the use of the information by Russia is much more evil than what's been done so far (at least as far as we know), but the point I'm trying to make is that, if you're mad at Yandex/Russia for tracking PII, but not mad at all at when various organizations within the West track PII, then, you don't really have a privacy problem, you have a nationality problem.

Which is fine -- as I said, I would prefer NATO take a much harder stance in the Ukraine then it currently has. But, let's not say we're defending privacy as a global concept when our stance is "It's okay for our governments/companies to spy on people, but it's not okay for our adversaries' governments/companies to spy on people." And let's not pretend that Western use of PII has never done harm, either. There's a big difference between "not as dirty" vs "clean."

Edited to add: As the most public Western example in recent memory, look up "National Security Letter".

I think the problem some people seem to be having with your take is that you presenting western privacy and russian privacy as equivalent in some way when they are completely different things.

Privacy is often talked about as one all encompassing ethical thing we should all be entitled too but thats not how the world actually works.

Privacy should be framed as "what am I keeping from who".
[keep private what happens in my bedroom from my neighbors]
[keep private what I bought from the darkweb from the government]

Not all privacy scenarios are of equal value. Our height and weight or caloric intake or food choices that Under Armor harvests via MyFitnessPal is probably not as personal to most people as their phone number or address, which is probably less important than your location patterns throughout the day, in turn is probably less important than an SSN, which in turn is probably less important than "life secrets" whatever that may be. Under Armor's privacy violations are kind of minor in the grand scheme of things compared to ISP DNS record reselling.

In the west, the data harvesting done by Apple, Amazon, Facebook and Google makes
[keep private what I searched online from advertisers] sometimes very difficult for those that aim for it because the companies that make our phones and enable search or shopping are all making billions on ads every year (yes, Apple too).

But those companies aren't giving that data to the government for the government to crack down on gays (Russia), muslims (China), women (Saudi Arabia), or simply "truth about world events" (all of the above). And if they received such a request they fight it in court very publicly and the press report on it and are free to present the debate in an anti-government light.

If you live in China or Russia (or someplace China and Russia consider part of China or Russia), your data habits are harvested and used to target you for imprisonment or murder and no one in that country's press is allowed to talk about it. Autocratic privacy concerns are not even in the same solar system as western ones.

 

[dagar9]

Yandex has acknowledged its software collects “device, network and IP address” information that is stored “both in Finland and in Russia,” but it called this data “non-personalised and very limited.” It added: “Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this.”

Assurances of what can and can't be done by Russians regarding data generated through apps used by those they consider enemies?

Yeah, nothing to worry about there... /s

It's pretty much the industry's standard disclaimer, you just gotta read it literally, like a lawyer. Note the word "solely." Not sayin' what can be done when combined with other information.

 

[jandrese]

It's also total bullshit. De-anonymizing people based on data like this well understood today. If Yandex can't pull it off it is only because they have not really tried.

 

[Dadlyedly]

Interesting how this one war is seriously raising awareness of SDKs and libraries being used in apps and services, whether it's this use of Yandex SDKs in mobile apps, or that kid who poisoned his library to delete data on computers using his library that had Russian IPs reported last week.
How big of an effect will this have long term, I wonder? Will developers really pay attention to where they are getting their tools, or will it just end up being business as usual?
I'm guessing it will depend on how badly a company gets bitten by these events. But I hope companies and developers start to really pay attention to their tools now.

 

[OllieJones]

I wonder: will anti-tracking tech like the pi-hole DNS filter (https://pi-hole.net/) help defeat Yandex's datahoovering? Or does the app developer's server environment pass the data along?

(I know that sort of thing only works, in the west anyway, in private networks.)

 

[dagar9]

How is this in principle different from the SDKs, tracking services and data sharing obligations of Facebook, Android, Google and the Patriot Act?

It's not. It's the fact that Russia is involved, and Russia is on everybody's shitlist at this point.

 

[ardent]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

Ok, bye.

I'm going to say something controversial here: every Russian citizen is an accomplice to the crimes Putin commits. I understand the reality is most Russians are powerless and would quickly be churned by the state apparatus if they stepped out of line, but the ones who continue to pretend they have nothing to do with it and broadcast that message to the west are, at best, useful idiots.

The personal attack is cute, though. I don't need to prove myself to anyone, let alone you. I know who I am; someone who has killed other human beings in the name of his country. I get to live with that burden, and it's disappointing to see some Putinist shit try to call me out on my contributions. As far as the war in Ukraine, I've done my part and I'm comfortable with my contributions.

Could you maybe provide a list of apps that have the AppMetrica SDK? You do work for Yandex, don't you?

 

[monogon]

How is this in principle different from the SDKs, tracking services and data sharing obligations of Facebook, Android, Google and the Patriot Act?

It's not. It's the fact that Russia is involved, and Russia is on everybody's shitlist at this point.

Think of the ordinary people in Russia who might attend a peaceful march or rally, organized on a native app using Yandex services. That's not a hypothetical, it's happening. Thousands of people have been arrested. Are they putting their friends and family at risk of surveillance, just from association? They deserve and need to know. Telegram is super popular even in Ukraine right now: is Telegram among the thousands of apps affected? Do we know? False equivalents aren't going to help anybody at the moment, it's just noise.

 

[graylshaped]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

Ok, bye.

I'm going to say something controversial here: every Russian citizen is an accomplice to the crimes Putin commits. I understand the reality is most Russians are powerless and would quickly be churned by the state apparatus if they stepped out of line, but the ones who continue to pretend they have nothing to do with it and broadcast that message to the west are, at best, useful idiots.

The personal attack is cute, though. I don't need to prove myself to anyone, let alone you. I know who I am; someone who has killed other human beings in the name of his country. I get to live with that burden, and it's disappointing to see some Putinist shit try to call me out on my contributions. As far as the war in Ukraine, I've done my part and I'm comfortable with my contributions.

Could you maybe provide a list of apps that have the AppMetrica SDK? You do work for Yandex, don't you?

I've suggested previously if he doesn't like what is happening, his best course of action is to stop defending it. He has not. I now have no choice but to consider him a shill for Putin's shenanigans.

 

[PointingOutTheObvious]

Verizon was doing this back in 2012.
https://www.cnet.com/tech/tech-industry ... ng-habits/

 

[XSportSeeker]

Few things to note...

Saying Russia's Google is Yandex is a bit of an oversimplification. Yandex does have the biggest market share in Russia, but it's more or less at 60% with Google at 38% or so, with the rest getting the other 2%.
https://www.statista.com/statistics/109 ... re-russia/

So, yes, Yandex is the leading search engine in Russia, but Google is more or less trailing behind.

Worldwide and in the US, Google's share goes more towards 85% to 90%, with the rest being in single digits.
https://www.statista.com/statistics/216 ... h-engines/
https://gs.statcounter.com/search-engin ... of-america

It's more like a monopoly situation with the second being Bing at somewhere between 7 and 8%.

China's market is somewhere in between, with a relatively distant first with Baidu at 70 somethings percent, and the second Sogou hovering between 10 and 20%, multiple other Chinese and a few outsiders (including Bing and Google) with the rest - but it's mostly Chinese.

Obviously, it should be no surprise that Yandex collects that sort of data - all search engines do to a degree, Google going above and beyond that.
Still, the worry is valid in the same way worries about Chinese government interference are... and western governments interference also are. Truth of the matter is, you should worry in the same way you worry about your own government spying on it's own citizens, which is already a lot.

The thing gets overblown out of proportions due to current situation and standings, but in the end, the potential for a government forcing these companies to hand over data about people using these search engines is very real. Not only potential and laws are there for that, it has been shown again and again that even when there are laws trying to prevent stuff like that from happening, they get bent out of shape or just ignored as if they didn't exist.

I think the US government proves this more than any other government how intrusive they can be when it comes to data harvesting, including private personally identifiable data. Justification can be anywhere from protecting national security to going after terrorists and criminal organizations, spies and whatever, legitimate or not.

But there is a way to be more private even in that environment.

As it's hard to beat the algorithmic functions plus indexing capabilities, the way some search portals are doing it is by putting a obfuscation layer between you and the search engines themselves... this is what DuckDuckGo and StartPage do. DuckDuckGo uses Bing, Yahoo and also used Yandex up until recently (they either removed or are removing it), and StartPage uses Google if I'm not mistaken. They essentially work as middlemen... you submit your search keywords to them, they submit it to the search engines, so all the search engines get is the middlemen IP, data and whatnot. It's still a matter of trusting that the middlemen won't collect and leak your data though.

Brave started their own search engine, I dunno much how it's going.
There are also multiple smaller search engines with a focus on privacy, but I can't recommend any in particular as I haven't tested them much myself.

Should just be noted though that them being forced by government bodies, laws or whatever to hand over data is still not the same as the company or corporation being active spies or willingly cooperating there, a thing I see being conflated a lot since the trade war with China begun.
It's just that in effect, as observed in USs own relationship between government and tech giants, for the end consumer the result might end up being the same. Your data is collected one way or another, and can be used for targeting.

You just need to see the incredibly absurd amount of black box data requests Google, Microsoft, Facebook, Apple and others get in the US by government, police, security agencies and whatnot, plus brazen mass data collection scandals that never stopped and ended nowhere.

In the end, if you have any reason to mask search engine activities, you probably shouldn't be worrying only about Yandex, Baidu or whatever... you should be worried about all of them, because all of them collect data. It is how they make money, collect data and sell to advertisers. As long as they do that, sell, archive and have an interest on it, it'll be there to be handed over with data requests, leaks, hacks and whatnot - all things not under your control.

Another point that is always important to think about - promises of anonymized data means nothing. If you are worried about privacy at all, you should always dismiss this idea of anonymized data every time you see it thrown around by tech companies. They know it, security experts knows it, it's just some bullsh*t story to fool people who don't know about it.
It is trivial to deanonymize data with readily available public information, and all it takes is cross referencing a few different databases to get to the target. It doesn't matter how generic and how abstract data is made, it's still a point in a cloud of data that eventually sums up into very specific, very private, very sensitive information.

 

[ardent]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

Ok, bye.

I'm going to say something controversial here: every Russian citizen is an accomplice to the crimes Putin commits. I understand the reality is most Russians are powerless and would quickly be churned by the state apparatus if they stepped out of line, but the ones who continue to pretend they have nothing to do with it and broadcast that message to the west are, at best, useful idiots.

The personal attack is cute, though. I don't need to prove myself to anyone, let alone you. I know who I am; someone who has killed other human beings in the name of his country. I get to live with that burden, and it's disappointing to see some Putinist shit try to call me out on my contributions. As far as the war in Ukraine, I've done my part and I'm comfortable with my contributions.

Could you maybe provide a list of apps that have the AppMetrica SDK? You do work for Yandex, don't you?

I've suggested previously if he doesn't like what is happening, his best course of action is to stop defending it. He has not. I now have no choice but to consider him a shill for Putin's shenanigans.

I've read a bit of his posting history. I didn't call him a Putinist lightly.

 

[graylshaped]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

Ok, bye.

I'm going to say something controversial here: every Russian citizen is an accomplice to the crimes Putin commits. I understand the reality is most Russians are powerless and would quickly be churned by the state apparatus if they stepped out of line, but the ones who continue to pretend they have nothing to do with it and broadcast that message to the west are, at best, useful idiots.

The personal attack is cute, though. I don't need to prove myself to anyone, let alone you. I know who I am; someone who has killed other human beings in the name of his country. I get to live with that burden, and it's disappointing to see some Putinist shit try to call me out on my contributions. As far as the war in Ukraine, I've done my part and I'm comfortable with my contributions.

Could you maybe provide a list of apps that have the AppMetrica SDK? You do work for Yandex, don't you?

I've suggested previously if he doesn't like what is happening, his best course of action is to stop defending it. He has not. I now have no choice but to consider him a shill for Putin's shenanigans.

I've read a bit of his posting history. I didn't call him a Putinist lightly.

He vigorously insists he isn't, and I gave him the benefit of the doubt. I no longer have a doubt.

 

[0xE1]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

Is it sarcasm? Because if not, uh, I have a bad news for you, US and UK did most of that with citizens that went to MiddleEast not that long ago

 

[randomcat]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

Is it sarcasm? Because if not, uh, I have a bad news for you, US and UK did most of that with citizens that went to MiddleEast not that long ago

Jesus Christ, no they didn't. There are so many real, or at least plausible, whataboutisms to spout, you don't need to make shit up if that's your tactic.

If you are somehow conflating millions of Ukrainians defending their homeland from brutal assault with a handful of Jihadists who were monitored by the government because they were... well, terrorists... I don't know what to tell you.

 

[daveishereagain]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

Is it sarcasm? Because if not, uh, I have a bad news for you, US and UK did most of that with citizens that went to MiddleEast not that long ago

Jesus Christ, no they didn't. There are so many real, or at least plausible, whataboutisms to spout, you don't need to make shit up if that's your tactic.

If you are somehow conflating millions of Ukrainians defending their homeland from brutal assault with a handful of Jihadists who were monitored by the government because they were... well, terrorists... I don't know what to tell you.

Yeah, it was such a lame comparison I refrained from replying for fear I might have to exchange thoughts with such a chowderhead.

Edit- As it is I'm dumber just by having read it.

 

[klarg]

Avoid stepping in dogshit.

Avoid anything Russian.

 

[randomcat]

But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

Totally NOT a supporter of Russia (in fact, I think NATO should actively intervene in Ukraine) -- but, how is this different from the privacy fights that has been going on for the past 15 years?

Neither Silicon Valley nor the NSA has been actively using invasions of privacy to track down large numbers of "disloyal" civilians in an active warzone to murder them and kidnap their children.

Is it sarcasm? Because if not, uh, I have a bad news for you, US and UK did most of that with citizens that went to MiddleEast not that long ago

Jesus Christ, no they didn't. There are so many real, or at least plausible, whataboutisms to spout, you don't need to make shit up if that's your tactic.

If you are somehow conflating millions of Ukrainians defending their homeland from brutal assault with a handful of Jihadists who were monitored by the government because they were... well, terrorists... I don't know what to tell you.

Yeah, it was such a lame comparison I refrained from replying for fear I might have to exchange thoughts with such a chowderhead.

Edit- As it is I'm dumber just by having read it.

Well, it was a direct response to me so I felt somewhat obligated. Let me know if you have any of those little oyster crackers.

 

[Artem S. Tashkinov]

None of this whataboutism is relevant to the immediate problem presented by a rogue state-controlled entity being able to collect and exploit metadata related to smart phone users outside of their rogue state.

I didn't expect anything else. Thanks. Meanwhile, I did address the issue but as a western hater you turned a blind eye to it: "If you're a Ukrainian soldier or represent the government in any capacity you should probably remove all the applications with Yandex Metrica right away. And preferably all Russian apps as well."

Now, I'm fucking out of this discussion. There will be no discussion here, only a rant and indecision about evil Russia and how everything's bad there. Yeah, I know I live here for fuck's sake I know it firsthand unlike you who are only capable of theorizing and saying stuff like "whataboutism". Get yourself a cookie! It's such a decisive action on your part. Specially when using a generic nickname and not actually standing for any shit you say. All talk and no walk while Ukrainian civilians are being killed and cities are turned to ashes.

Ukraine has been asking for heavy weapons for weeks now - nothing has been provided. Spineless EU politicians are scared shitless to actually destroy the Putin's regime because "nukes". And no, there are no enough sanctions and actions to stop this shit either: last time I heard EU continues to buy $1 billion worth of natural gas daily. Nicely done!

We've been pouring heavy weapons into Ukraine since the war started. Not sure why you'd think otherwise...

I think you need to consider that while we do not have your special point of view from within Russia, you do not have our point of view from OUTSIDE of Russia. We don't see what's going on in Russia like you do, but we've got an excellent view of exactly what Russia is doing to the world right now. A much clearer picture than you, apparently. And it's incredibly ugly.

Does Oleksiy Arestovych ring a bell to you? Some funny Ukrainian presidential adviser? A person who basically overlooks all military operations?

Here, listen to what he says:

https://www.youtube.com/watch?v=fx-VTYfAl3A?t=945

Also, maybe Mr. Volodymyr Zelensky rings a bell to you?

https://www.youtube.com/watch?v=mQRTKvoLAEM&t=3778s

The two top officials of the country very much completely dismiss your "pouring heavy weapons into Ukraine since the war started".

Keep on jerking off to one another in the comments here while not really knowing what's going on inside the country.