• mctoasterson@reddthat.com
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    10 months ago

    This is especially nefarious paired with their other practices. Many phones stock ROMs also ship with preinstalled bloatware including TikTok and Facebook crap.

    I had to use Android developer tools (ADB powershell commands) to remove multiple facebook and tiktok packages from a friends new phone because they can’t be removed any other way. There was no “user visible” FB app but several packages were present and makes me think FB crap may run as “background” by default on several vendors stock ROMs. Irritating and deceiving to the consumer.

    I also blacklist all their domains using PiHole so nothing on my home network can covertly back channel any data to their mothership. (Currently using Developer Dan’s lists from GitHub - the Facebook list alone has almost 30,000 hosts on it)

    These big tech surveillance bros can get clapped.

  • ginerel@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    That’s why I set up 2FA on whatever account I can grab my hand on. It sucks that I cannot do it on every single one I have (e.g. some popular names like Spotify, last.fm, Bandcamp or Feedly do not support it, for example), but for every account that I do have, 2FA has become critical lately.

  • ᗪᗩᗰᑎ@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    Although completely believable and in-line knowing Meta/Facebook’s history, is there any evidence to support this claim? I’m sure it’s, unfortunately, just as easily deployed to specific targets so it may be hard to replicate, but this is pretty huge.

    Anyone have any links/sources?

      • Zeroc00l@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        I’m quite surprised Proton would use Gizmodo as a source. A quote from their articles first paragraph: “[as] Apple and Google beef up privacy”.

        I guess they mean all the tech companies try to block each other so that they collect all the data themselves…

        • Snot Flickerman@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          10 months ago

          I’m surprised they didn’t do more research than just a Gizmodo post that references a Gizmodo post that references original research.

          It’s like a game of telephone. One person heard something slightly different than the first person did until the message is garbled.

          The original research never said Meta applications were doing keylogging. They really should delete or amend this post before they land in legal hot water. Because that could be libelous defamation and Meta has deep pockets.

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      TL;DR: ProtonMail might want to delete this before they get sued by Meta for defamation, because the original research does not say that about Meta, it says it about TikTok.

      I found the same sources, but if you’ll notice, the article that ProtonMail linked to actually isn’t about that. It’s about a different and new Facebook thing that has iffy privacy settings as well.

      It links to another Gizmodo article about it, buried deep in ONE paragraph.

      The problem? That article is about TikTok and the things detailed about the javascript injected that’s keylogging is all related to TikTok.

      When you click on a link in the Facebook or Instagram apps, the website loads in a special browser built into the app, rather than your phone’s default browser. In 2022, privacy researcher Felix Krause found that Meta injects special “keylogging” JavaScript onto the website you’re visiting that allows the company to monitor everything you type and tap on, including passwords. Other apps including TikTok do the same thing.

      This paragraph from the article links to this article in question:

      https://gizmodo.com/tiktok-keylogging-privacy-meta-1849433690

      This article references Meta a few times but is mostly about TikTok. Then THAT article links to the original blog post:

      https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser

      He has info on TikTok and Instagram, and while Instagram is injecting javascript into an internal browser instead of the default system browser, it is not noted as capturing text including passwords.

      Capturing text and passwords is only ascribed by the security research to TikTok and TikTok alone. Meta companies are using similar Js injection tactics, but they, according to the original research, do not include keylogging.

      • RaoulDook@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        That lines up with everything I’ve read about TikTok being the worst of the spyware social media apps. Unfortunately most online discussion about that subject gets filled with “Whatabout America spying?” posts trying to normalize the acceptance of everybody doing it. The discussions should be about how TikTok is the worst AND Facebook is close on their tails for the race of spying. All of the spyware social media apps are a bad thing.

    • Shirasho@lemmings.world
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      I agree. Multiple apps bind to the keypress event to inject functionality. Binding to such event does not automatically imply nefarious intent.

    • Bizarroland@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      Not so simple solution, because other people are using meta products and using them on you without telling you about it.

      Use firefox, and install the Facebook container extension so that meta cannot read your data on the internet.

      • IdiosyncraticIdiot@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        Although i still disagree with using facebook at all, and sorta unsure what you mean by “because other people are using meta products and using them on you without telling you about it” (websites using meta based SaaS products maybe), if the facebook container extension is anything like the aws container extension, I bet it’s a pretty good recommendation. Firefox ALWAYS the best recommendation

  • Luci@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    10 months ago

    Some people in this thread are claiming the article doesn’t mention Facebook.

    I actually read the article. You’re welcome.

    When you click on a link in the Facebook or Instagram apps, the website loads in a special browser built into the app, rather than your phone’s default browser. In 2022, privacy researcher Felix Krause found that Meta injects special “keylogging” JavaScript onto the website you’re visiting that allows the company to monitor everything you type and tap on, including passwords. Other apps including TikTok do the same thing.

    Edit: The article Proton got their info from.

  • cayslaconic0j@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I use all social media in browser to give them less access to my device. I clear cache / cookies after use every time. Hopefully that gives them far less personal data.

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    Just block off *.facebook.com in uBlock Origin rules on Firefox (not possible on Chrome) or in system HOSTS ruleset. Leave out the fbcdn.net domain as it only acts as a CDN for videos and images.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        I see, they have started pulling this shit. Probably a good idea to disable third party scripts with uBlock Origin’s medium mode. Atleast that way they will not be able to run their malware JS.

        I use hard mode generally, but that sounds like a good reason for people using uBO easy mode to level up.

        • Bilb!@lem.monster
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          You know, instance admins can find out who is downvoting and upvoting by checking the database. It doesn’t have to be a mystery if you stand up your own instance. You don’t even have to use it primarily, just get it federating your comments.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            10 months ago

            Self-hosting is a pain in the ass, and I do not have the time and dedication for it, as someone who has 100 other things in life. I am no longer even a terminally online person, I just come here to check on the state of Lemmy, put on some helpful comments, moderate privacy and technology communities, and go back to real world after dedicating 15-30 minutes a day to Lemmy.

    • crab@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      This is about the web browser within Meta apps, uBlock on another browser won’t help.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        Then the HOSTS ruleset will work. You can use NetGuard or Invizible Pro with your custom HOSTS ruleset on Android, and on laptop/desktop, it is easy no matter if you use Linux, Windows, MacOS, BSD or other OSes. No option for iPhones and iPads.

  • dez@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    My main goal on year 2018 was delete facebook. Unfortunately im still using whatsapp just because everyone uses it and i have no other place to talk with my friends and family.

    • pistachio@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      I think (do correct if wrong!) the EU has approved an interoperability law for big tech companies? So it should be just a matter of time until you can switch messaging app and still be able to communicate with people on wa and big messaging apps

      Ofc if your friends all use whatsapp zuck will still be able to read all your messages and get your phone number via your contacts… so it’s only a partial solution. Still better than nothing tho.

      • e$tGyr#J2pqM8v@feddit.nl
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        That link you added is being very very negative about it and even after reading it I really don’t understand why…

      • Gabu@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        Not popular enough. With Whatsapp you get to talk to pretty much everyone, from businesses to second hand sellers to your weird aunt that lives in the middle of the woods.

        • pedroapero@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          10 months ago

          None of those app is popular enough anyway. You still need sms + Whatsapp + a couple of others. So adding another one is not so much of a burden. Besides, it works just like Whatsapp from a user standpoint, and no password required.

    • TWeaK@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      SMS is still a thing. You need to put your foot down to make it happen.

        • TWeaK@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          You say that as if WhatsApp is actually secure, as if Facebook haven’t filled it with backdoors. As if it wasn’t the vector for zero click access to Android phones in Pegasus. SMS could not do that (although iMessages did).

          • Darken@reddthat.com
            link
            fedilink
            arrow-up
            0
            ·
            10 months ago

            Not really, sms is barely noticed here, you must use WhatsApp messaging otherwise they will wait a Whatsapp call or a phone call

  • ipkpjersi@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    10 months ago

    Holy shit, that should be illegal. I say should because I know there’s no way that it currently is.

  • pedroapero@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    The Facebook mobile webapp works just fine nowadays. Pretty sure it’s even possible to enable notifications in most web browsers. I still don’t get why people are willfully installing apps instead of just pinning web browser bookmarks.