Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
See full article...
See full article...
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
- Thread starter JournalBot
- Start date
It's not really possible to write anything about Meta without including the outrage.
Upvote
281
(282
/
-1)
Meta: If there's a way to be a scumbag, we will find it! And Yandex it's Russian right? Nothing more needs to be said.
Upvote
229
(240
/
-11)
Well under the new Tech Broligarchy led Trump administration and the indifference by the average American to where our country is headed I expect much more of the same.
Upvote
86
(94
/
-8)
Artem S. Tashkinov
Ars Scholae Palatinae
A more pernicious, semi-legalized form of tracking and spying has been going on in Russia for years. I've notified Google about it a couple of times, but they don't seem to care.
Android has a permission called "Read Google Service Configuration" (com.google.android.providers.gsf.permission.READ_GSERVICES) that allows apps to read a unique device ID. This ID persists across app reinstalls and can only be changed by factory resetting the device, which most people rarely if ever do. Around 2022-2023, pretty much all major Russian Android apps started using this permission.
Those familiar with the Runet (the Russian segment of the Internet) know of a professional website for discussing such matters called Habr.com. I tried to post an article about this issue there, but it was rejected for vague reasons.
I published it on VC.ru, a website dedicated to doing business in Russia, but sadly, it received zero attention.
Android has a permission called "Read Google Service Configuration" (com.google.android.providers.gsf.permission.READ_GSERVICES) that allows apps to read a unique device ID. This ID persists across app reinstalls and can only be changed by factory resetting the device, which most people rarely if ever do. Around 2022-2023, pretty much all major Russian Android apps started using this permission.
Those familiar with the Runet (the Russian segment of the Internet) know of a professional website for discussing such matters called Habr.com. I tried to post an article about this issue there, but it was rejected for vague reasons.
I published it on VC.ru, a website dedicated to doing business in Russia, but sadly, it received zero attention.
Upvote
215
(216
/
-1)
Scipio Africanus
Ars Centurion
Issues like this make it important to not use the built in Chrome browser in android. It's linked too closely to the OS and therefore your identity. The list of various 3rd party browsers are a very good place to start. For my own generic browsing, I use Puffin which does much of the rendering and processing on remote servers and Im not logged into Google on it.
Upvote
40
(57
/
-17)
Absolutely, if there's one thing I'm nostalgic for, it's ye old Internet of Olde. Nowadays I don't go out of my way to spend much time online, I suppose that's for the better.
Upvote
54
(54
/
0)
Immediately removed Yandex from my Firefox search shortcuts.
I will never use any Meta product.
I will never use any Meta product.
Upvote
80
(80
/
0)
Last time I did an intentional "weird protocol misuse" it was labeled malware. I guess it's different when you identify as a multibillion dollar company.
Upvote
297
(298
/
-1)
are we believing this was actually "anonymized" in the first place?
that's not how targeted ads work.
that's not how targeted ads work.
Upvote
36
(42
/
-6)
ubercurmudgeon
Ars Tribunus Militum
Yet another business model that depends on illegal activity (or it would be if it were an individual bypassing core security on their servers instead of them doing so on our browsers) and, at most, will lead to fines in the order of millions, years after the corporations doing it have made billions from the activity.
Upvote
148
(148
/
0)
Artem S. Tashkinov
Ars Scholae Palatinae
Better remove all apps "made in Russia with love".
Check the Yandex weather app ("not" affiliated with Yandex in any way, except that it's completely Yandex): Meteum (BTW in terms of accuracy one of the best, if not the best). It contains an insane amount of trackers.
Upvote
75
(75
/
0)
I wish I had REAL freedom not to use WhatsApp, but the latter is by far more popular by Matrix and XMPP.
For browser, I like using Monocles, but you better tinker with the settings if you want Javascript or screenshots enabled by default. You may also need to allow some tracking if you want some sites to function.
For browser, I like using Monocles, but you better tinker with the settings if you want Javascript or screenshots enabled by default. You may also need to allow some tracking if you want some sites to function.
Upvote
-9
(9
/
-18)
Fucking Meta - scummiest company on earth; their entire business model depends on surveilling everyone, spreading and amplifying misinformation, stoking polarization, and generally making the world a much worse place, all in the interest of selling more highly-priced ads. This kind of malware-adjacent behavior is not even remotely shocking in the context of their raison d'être. Zero redeeming features as an enterprise. Fuck Zuck and his MAGAt company forever.
Upvote
225
(228
/
-3)
Upvote
92
(92
/
0)
Artem S. Tashkinov
Ars Scholae Palatinae
The Internet of the '90s was mostly about communication and education. First, FIDO, Usenet, IRC, then forums. The Internet of the past two decades has primarily existed to sell stuff to you and sell you to advertisers.
Sometimes, though, we should take off our rose-colored glasses and remember that in the late '90s banners already became intolerable, and almost everyone hated Adobe Flash.
Upvote
165
(166
/
-1)
Wouldn't it be great if Google removed Meta products from the App store (even just temporarily), and placed a huge warning to users that they were removed because Meta is spying on you without consent.
Upvote
160
(160
/
0)
So the fact that I have no Facebook based or Yandex apps installed means I'm safe from this unwanted intrusion?
Upvote
53
(53
/
0)
Facebook and its associated apps are day-1 uninstalls for me... but that's the bad thing. They're UN-installs. I sure as fuck don't go out looking for phones that have them pre-installed, but I get them anyway.
Disappointed Firefox hasn't blocked this by default yet, but what about the defaults in the uBlock Origin extension for Firefox Mobile?
Upvote
84
(86
/
-2)
I finally permanently deleted Facebook from all my devices a couple of days ago, like lots of other Ars readers have. I have never used any of the other popular social media apps. I know Meta can embed their pixel trackers elsewhere, but they can't bombard me with ads on Facebook anymore, which is what the feed has mostly evolved to be. I will miss a few interesting groups I was a member of, but the cost / benefit ratio is now too skewed in the cost direction.
Upvote
42
(42
/
0)
Don't use Meta products nor Yandex products, and yay for Brave Browser! Strange that Mozilla did not respond. Perhaps it's more difficult to block in Firefox?
Upvote
4
(16
/
-12)
As European iPhone user, I wouldn't approach Yandex products anyway, and deleted Meta trash a few months back for the betterment of my life. Now if the EU could sue them to the ground they would be forced our of the continent, maybe the far-right/left clowns polluting our elections would go away with them, since they are inextricably linked.
Upvote
46
(49
/
-3)
Thank you for the well written article.
Considering far smaller apps have been banned for far less egregious acts, it doesn't surprise me that Google won't force Meta to actually acknowledge the issue by banning IG and FB from the Play Store. Meta said it's a misunderstanding of Google's policies, yet it's pretty clear to me that violating the browser sandbox seems like a targeted attack on my phone. That's called an exploit, and that's against Google's rules.
Considering far smaller apps have been banned for far less egregious acts, it doesn't surprise me that Google won't force Meta to actually acknowledge the issue by banning IG and FB from the Play Store. Meta said it's a misunderstanding of Google's policies, yet it's pretty clear to me that violating the browser sandbox seems like a targeted attack on my phone. That's called an exploit, and that's against Google's rules.
Upvote
120
(120
/
0)
That was my thought initially, but in the longer run you just realise you don't miss anything you couldn't find elsewhere. The dopamine rush and FOMO are gone, which is a great improvement totally worth the effort.
Upvote
49
(49
/
0)
Whenever I read something like this, it becomes real obvious the companies that do these things are operating under a "I don't care. It's not like I force anyone to use my product. And if I didn't do it, someone else surely would" philosophy/justification that is precisely the same philosophy/justification used by 99% of drug dealers.
The thing is, drug dealers are operating outside of the law, so there isn't a whole lot anyone could do (except not use their product). However, these companies are working within the law, so there's absolutely things that could be done about it, just that nobody seems all that interested (other than slapping them with a few million dollar fine, after they've made a few billion pursuing whatever shady practice)
The thing is, drug dealers are operating outside of the law, so there isn't a whole lot anyone could do (except not use their product). However, these companies are working within the law, so there's absolutely things that could be done about it, just that nobody seems all that interested (other than slapping them with a few million dollar fine, after they've made a few billion pursuing whatever shady practice)
Upvote
17
(20
/
-3)
Since brave was the only one listed as blocking local port sharing, I think I'll be switching to that. No guarantee, but seems better than Firefox at the moment. I've been thinking about installing Lineage graphene OS, but I'm guessing this would still affect that?
Eta: was thinking the wrong rom
Eta: was thinking the wrong rom
Last edited:
Upvote
-7
(4
/
-11)
Upvote
64
(64
/
0)
That's sorta how I saw it. Disabled my account back in 2017 (in case I ever really needed it, but so far I haven't).
It's like the nightclub everyone kinda hates because the bouncers feel you up on the way in, the staff go through your pockets in the coat room, the drinks are watered down or not what you ordered, and the owner is a prick...
...but people still go because they know it's where everyone else goes. Some people only ever hang out there.
Still, there's a point where it's easier to just go to a local joint or stay home.
Upvote
47
(47
/
0)
Dumb question - do I need the native apps specifically for this to be a problem on my phone?
I don't have the Facebook app, but I do have Instagram
I don't have the Facebook app, but I do have Instagram
Upvote
24
(24
/
0)
Rather than playing whack-a-mole with blocklists, couldn't the browser block ALL traffic to localhost? What legitimate reason could a web site possibly have to connect to localhost on a phone?
Upvote
51
(55
/
-4)
Mungus the Unhyphenated
Ars Tribunus Militum
Eeeeww... That's the best description of Facebook/Meta I've ever seen. Now I need brain bleach to get it out of my head. But it's 100% accurate.
Upvote
40
(41
/
-1)
Whats wrong with the headline of this article? Might be difficult to share this article when it's "headline-to-come"
Upvote
6
(6
/
0)
The EU data protection commissioner or whoever has that role in the Union should do a Doctor Evil-style exclamation of "One billion dollars!"
Only this time, up the fine to something that would kick Zuckerberg in the balls. Say, twenty billion dollars per year of all this illegal wiretapping going on.
Upvote
30
(30
/
0)
Why THE FUCK has Google left these apps up on their servers?
This should result in the immediate pulling of all Facebook owned apps from the Play Store and at least a temporary ban.
This should result in the immediate pulling of all Facebook owned apps from the Play Store and at least a temporary ban.
Upvote
98
(98
/
0)