this post was submitted on 27 Mar 2024
619 points (100.0% liked)

Privacy Guides

16796 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] phoneymouse@lemmy.world 114 points 7 months ago* (last edited 7 months ago) (4 children)

“It’s okay when a major company does it. For everyone else that’s a violation of the computer fraud and abuse act..” - FBI/DOJ

[–] Drusenija@lemmy.world 87 points 7 months ago (1 children)

"It's okay when a major American company does it." - FBI/DOJ

Fixed it for you. Guarantee if they found TikTok doing this that ban would be going through today.

[–] chiliedogg@lemmy.world 11 points 7 months ago* (last edited 7 months ago) (2 children)

The TikTok ban isn't about Privacy - it's about selling it to Trump's billionaire backers for cheap. That's why Truth Social is going public now and "mysteriously" doing so well. It's leading to a TikTok takeover.

They took Twitter, already have Facebook, and now are targeting TikTok and Reddit.

The political right's biggest enemy over the past 30 years has been the democratization of information. But with the centralization on online activity that's occurred over the last 15 years, they have a chance to undo all progress we've made.

load more comments (2 replies)
[–] filister@lemmy.world 11 points 7 months ago

Let me correct you: "It's okay when a major AMERICAN company does it."

load more comments (1 replies)
[–] haui_lemmy@lemmy.giftedmc.com 84 points 7 months ago (12 children)

On that note, lets federate with threads! (I‘m gonna rub this in for the rest of eternity)

I mean, how braindead does someone have to be to not see that meta is the devil.

Fedipact for the win! :)

[–] Maalus@lemmy.world 16 points 7 months ago (1 children)

They could be "snooping" on the fediverse anyway by starting an instance and federating.

[–] haui_lemmy@lemmy.giftedmc.com 38 points 7 months ago (1 children)

They could and anyone things that they’re not already doing that is high. But thats not the concern of the fedipact. We just dont want them here as in their posts, their culture and their behavior.

[–] Maalus@lemmy.world 12 points 7 months ago (3 children)

Which is batty. I want lemmy to grow, to have niche communities open up etc. Gatekeeping people because "we don't take kindly to your type" is plain stupid.

[–] haui_lemmy@lemmy.giftedmc.com 22 points 7 months ago (15 children)

Whatever „batty“ means.

Your argument is falsely equating our „we dont accept authoritarian systems here“ to „we dont accept people“ which is thinly veiled gaslighting.

load more comments (15 replies)
[–] aniki@lemm.ee 16 points 7 months ago* (last edited 7 months ago) (6 children)

We've already had this debate and we don't care that you don't like it. If you want to be on Threads, go be on fucking Threads. Not all of us want Lemmy to grow at all.

load more comments (6 replies)
[–] ExtremeDullard@lemmy.sdf.org 13 points 7 months ago (7 children)

Which is batty. I want lemmy to grow

That's like saying you want your country club to grow by letting crackheads, ex-convicts and hooligans have a membership card.

I want Lemmy to grow too but not at any cost. I'd rather have quality than quantity quite frankly.

[–] haui_lemmy@lemmy.giftedmc.com 8 points 7 months ago (1 children)

I agree and disagree. Crackheads and ex convicts are humans, meta is not human.

Its like letting the invading army of nazi germany in because „they’re human“. Meta is by definition a psychopathic authoritarian with an enormous force of „somewhat harmless“ people who will flood the servers and by their sheer number have the power to change anything they want.

[–] jack@monero.town 6 points 7 months ago* (last edited 7 months ago) (1 children)

Eternal September is inevitable. It's not like the good communities will stop existing.

[–] awwwyissss@lemm.ee 6 points 7 months ago

It's not like the good communities will stop existing.

I saw many good Reddit subs then into garbage as the site grew.

At least the Fediverse should be resistant to enshittification because greed isn't the driving force behind it.

load more comments (6 replies)
load more comments (11 replies)
[–] AlternatePersonMan@lemmy.world 79 points 7 months ago (1 children)

Feels like that blatant violation should be prison time for anyone involved.

load more comments (1 replies)
[–] ExtremeDullard@lemmy.sdf.org 59 points 7 months ago (3 children)

Yeah but...

Facebook achieved their MITM attack by selling a VPN with spyware in it.

And so you have to wonder: who in his right mind would buy a VPN service from effing Facebook of all companies? It's like asking the KKK to do the catering at your bar mitzvah: if you have a problem with the service, you kind of asked for it.

[–] somas@kbin.social 28 points 7 months ago

@ExtremeDullard

@throws_lemy

Facebook paid kids $20 a month to run this app: https://www.vox.com/the-goods/2019/1/30/18203803/facebook-research-vpn-minors-data-access-apple

These kids most likely didn’t see it as a VPN at all

[–] noodlejetski@lemm.ee 22 points 7 months ago (1 children)

it was a free app, wasn't owned by Facebook from the beginning (they've acquired it in 2013), and it offered data saving, so it was a tempting install for people with small data plans.

[–] ExtremeDullard@lemmy.sdf.org 16 points 7 months ago* (last edited 7 months ago) (1 children)

When I was a kid, my parents taught me not to accept free candy from creepy old men.

Kids should be taught not to install VPNs from Big Data for the same reason - and a whole host of other common sense internet hygiene rules.

load more comments (1 replies)
load more comments (1 replies)
[–] mrbn@lemmy.ca 49 points 7 months ago
[–] tourist@lemmy.world 37 points 7 months ago (2 children)

"Project Ghostbusters"

whatever criminal charges meta faces, the person who came up with that name should get the death penalty

[–] exanime@lemmy.world 7 points 7 months ago

The penalty, if any, would be the equivalent of you promising, someday, to pay half a penny... If you can find one, but don't rush... You know what, just forget about the whole thing and apologies for your troubles

load more comments (1 replies)
[–] danc4498@lemmy.world 33 points 7 months ago (4 children)

The lesson to be learned here is to be careful with which VPN you trust on your phone.

Google offers a VPN as part of their Google subscription. Makes me wonder if they’re going the same thing.

[–] WhatAmLemmy@lemmy.world 12 points 7 months ago

There is zero doubt in my mind that Google VPN is a honey pot for ad mining.

You'd have to be a complete fucking moron to get your VPN from any surveillance capitalism corporation.

[–] anon987@lemmy.world 10 points 7 months ago (16 children)

Hahaha, why would Google need a VPN to spy on you? Google keyboard tracks everything you do.

load more comments (16 replies)
[–] FriendBesto@lemmy.ml 8 points 7 months ago* (last edited 7 months ago)

You think? How many times does Google getting sued for questionable or anti-Trust behaviour do you need?

By now, no one should be using them if they can do so. Or at least in an extremely limitedl fashion. For their and our sake. Since Google's harm can reach societal levels.

Remember, they themselves are the ones who stopped using their own mantra of Don't be Evil.

[–] Anticorp@lemmy.world 7 points 7 months ago (1 children)

Of course they're doing the same thing! How much of a patsy do you need to be to think otherwise?

load more comments (1 replies)
[–] MacStache@sopuli.xyz 24 points 7 months ago (2 children)

Why the hell do they even let them operate anymore? Spying on people. That's one of the most illegal things you can fucking do to a person, save bodily harm. Even law enforcement needs a damn permit for it.

[–] JimSamtanko@lemm.ee 10 points 7 months ago

They have money. Period. End of discussion. Money equals do what you want. Having “fuck you” money equals do what you want to whoever you want without consequence.

This is the world we live in and it’s not going to change while half of an entire country’s voting body is willing to elect an insurrectionist that’s guilty of rape among ninety some-odd other things.

Best to just accept this and look inward to you and your own and do your best to keep those things happy and healthy.

[–] ozoned@lemmy.world 7 points 7 months ago

It's not spying when you directly give them access to monitor your communications. Says section 632 subsection VIIXVVIIX Subsubsection D in the 69 fine print 42. Isn't everyone a lawyer with hundreds of hours to spend reading Eula's?

Also fuck this noise. It's made legal because people click agree to 10000000 pages of contract.

[–] minnix@lemux.minnix.dev 23 points 7 months ago (1 children)

The project was part of the company’s In-App Action Panel (IAPP) program, which used a technique for “intercepting and decrypting” encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon, the consumers’ lawyers wrote in the document.

Looks like they didn't decrypt anything, just used MitM spyware.

[–] AnEilifintChorcra@sopuli.xyz 6 points 7 months ago

https://www.businessinsider.com/mark-zuckerberg-facebook-execs-decrypt-rival-apps-usage-snap-youtube-2024-3

This is a 'man-in-the-middle approach,'" the email said.

Yep, this article has more details about it

[–] autotldr@lemmings.world 15 points 7 months ago

This is the best summary I could come up with:


In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.

On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.

When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.

“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.


The original article contains 671 words, the summary contains 175 words. Saved 74%. I'm a bot and I'm open source!

[–] ininewcrow@lemmy.ca 12 points 7 months ago (5 children)

It's a proprietary platform .... what do people expect?

It's visiting someone's business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.

You have no rights to do anything on their property .... other than the rights they give you, which they can also take away, or just kick you out.

[–] natecox@programming.dev 50 points 7 months ago (1 children)

…what?

This was one company spying on the users of its competitor via unofficial means. Even in the furthest stretch of the corporate boot licking bullshit that “you signed up for the app so you deserve to be spied on” exists in, I don’t see how this scenario is covered.

[–] ZeroCool@slrpnk.net 18 points 7 months ago* (last edited 7 months ago)

This is just typical Lemmy. User doesn’t read the article but has very strong opinions based on what they imagine it to be about. Comment gets upvoted by a bunch of other users who also didn’t read the article but imagine they know what happened too. Rinse and repeat.

[–] ZeroCool@slrpnk.net 22 points 7 months ago* (last edited 7 months ago) (1 children)

It's a proprietary platform .... what do people expect?

It's visiting someone's business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.

You have no rights to do anything on their property .... other than the rights they give you, which they can also take away, or just kick you out.

Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.

You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.

[–] solrize@lemmy.world 5 points 7 months ago* (last edited 7 months ago)

Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.

You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.

The spying was done by a proprietary service (Facebook's VPN). Blaming the users for anything on that scale is dumb and futile, but it still reinforces the idea of avoiding proprietary services as much as possible, especially anything on the client side.

The article didn't explain how the attack worked though. Did the Snapchat client not use anything like TLS to connect to the Snapchat server? Did the Facebook VPN somehow still intercept it, e.g. with a certificate that Snapchat trusted but that Facebook used for spying? Die that cert also work in browsers and did it somehow pass a third party audit, that at least Mozilla requires? I do know Mozilla looks very askance at such things, and they booted out at least one cert vendor over something like that a few years ago.

If Snapchat used some kind of device-wide TLS stack that Facebook managed to subvert, that should be treated as an OS vulnerability (assuming we're talking about mobile devices). There's a bunch of stuff that apps simply cannot do unless the user first goes through some complex procedure to root the phone. Messing with the TLS stack should be one of them.

[–] filister@lemmy.world 11 points 7 months ago (2 children)

What I really dislike in this way of thinking is that when Facebook is doing it, the reaction is what do you expect and when TikTok are doing it, people are outraged and call for banning the whole platform.

So why the double standards?

load more comments (2 replies)
[–] 4am@lemm.ee 7 points 7 months ago* (last edited 7 months ago)

~~I think you are thinking of Instagram. Facebook doesn’t own Snapchat.~~

Oh it’s Onavo. Onavo was the “Facebook VPN” software they shuttered in 2019. So it had access to network traffic on-device before it was sent out.

Seems like it was more than a VPN, and put its claws deep into the network stack if it was reading packet buffers before they were encrypted. Not good; I’m sure that users were not made aware of this but in light of this possibility, your point stands.

load more comments (1 replies)
load more comments
view more: next ›