We're spoiled in the desktop browser by being able to clear history, cookies, local storage etc, or use a private browser session. There's also the importance of the "same origin policy".
The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Mobile apps, despite platform API permission, and having some ability to protect their own data, are a lot closer to desktop programs than web apps in many regards.
> The Android platform API should simply never allow apps to obtain global system identifiers
When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen. They can't also keep it only for themselves and block for others or they'll get unfair trade practices action on their backs.
Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to do so suggests they want to keep the possibility of re-entering the advertising business (or at least portray so to their shareholders)
> Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to
They restrict access to most of the things listed above, giving randomised fakes where necessary. The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…). They improve things every year, e.g. Safari's intelligent tracking prevention.
I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
>When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen.
Well put. I’ve tried to explain to people that I prefer Apple’s upfrontness that they are there to sell me a device and it’s software for money. Unlike Android systems where I feel the lead is intentionally buried by telling me how “free” the software is.
Not true at all..this would have significant monetary impact. If advertisers lose to ability to monitor purchases at a granular level attributed to advertiser specific initiatives they will not spend and that has a chain effect that trickles to apple since they take 30% cuts of all in app revenue. If advertisers pull the plug on in app purchases and go around...they may go the route of removing IDFA to screw over advertisers for trying to go around their App store.
While you make good points about mobile apps, don't be too spoiled by the privacy offered by destop browsers. Because of their configuration and various APIs, they're almost as easy to fingerprint as mobile devices with advertising IDs.
I know you're not disagreeing with me, but the issue you raise only distracts and lends ammo to the defenders of these prolific tracking mechanisms. It's the Nirvana fallacy.
I'm sure there's a Google rep somewhere that will tell you that their "advertising ID" is better than the status quo on the web because the user can rotate it and, because it's reliable and easy for app devs to use, they are discouraged from being more nefarious and sneaky in tracking users.
This is all a bloody distraction from the point: it should not be an acceptable norm for this tracking to happen and it should be as hard as possible to pull off without informed user consent.
The degree to which platforms are defensive against it is a different issue to whether or not they actively encourage it by design... which shouldn't even be open to debate.
> And HN users are probably even more vulnerable since we will have customized our software making it stand out.
On the other hand, among HN users you'll probably find a higher percentage of those who block JS by default and allow it only on selected websites. Most of these fingerprinting methods (and most web abuse in general) depends on JS being turned on.
I'm not totally convinced panopticlick is as real as they claim. Try you're on the west or east coast of the USA and own an 1 or 2 year old iphone try visiting. It will likely tell you you're identifible 1 out of 500k or so. But except for time zone all iPhones of the same model should have the same fingerprint. Pretty much any calcluation on how many iphones 1 or 2 years old in the same time zone will make it clear that 500k is several orders of magnitude off.
I'm not saying you can't finger print, and like you pointed out it's easier on desktop. I'm only pointing out that panopticlick needs some work to be more accurate.
They are removing the ability to get any device identifiers in newer Android versions - unless you ask the user for a permission. https://developer.android.com/training/articles/user-data-id...
There are advertising IDs and these can be reset.
But I am not saying it's ideal in Android - up until recently you could easily fingerprint a device and you can do it today if you ask the users for permission (which the average user doesn't read or you can trick him into accepting the permission request).
“asking users for permission” never works. You end up with Vista style UAC. What about not allowing it all? Even before iOS and Android were a thing, Windows Mobile had a way for apps to uniquely identify a device but that unique identifier was per app/per user.
For the power-users out there there is a solution, install Xposed[0] on your device (root and custom recovery required of course) and then XPrivacyLua[1] which provides fine controls allowing you to hide identifiers (ad IDs etc), tracking, activity, applications installed, network info, analytics and much more for each app. Best part is it sends fake data to make sure apps don't crash or complain.
You can run the Facebook mobile site inside Firefox browser and do all those things. Or use an open source wrapper app like FaceSlim so that the mobile site can feel like an app.
> The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Well, that's a nice wish for Santa, but does anyone really expect such a policy from an advertising company like Google?
Not without public pressure. Commenting on it, reminding everyone that this is actually Google's fault in the first place, etc, is a good way to apply that pressure. Otherwise it's just on Facebook, and they do not give a fuck what people think of them.
I've used user-agent's from the facebook app against a user for example(legit work :) ). It contains the phone version,app version and so much other detail that's a unique identifier.
Using local storage/hardware to track devices is easy mode, but removing those options won't come even close to limiting per-device tracking. You can track clients using entirely serverside techniques. You can also leverage legitimate security features (like HSTS headers) to track clients.
I would say educated, not spoiled. if you so choose to not install apps (which are the same of, in the 90s, going to twocows or download.com, searching for idiot applications like "blockbuster" and installing them in your computer with full access to memory and disk) then you can buy an android phone, install firefox, install uBlock Origin, and only use those companies offerings via the browser.
granted, you will have to give up on netflix unless you want to install their DRM client, just like in the desktop.
> The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place.
Of course. On the other hand, Google's global attitude is that user tracking is fine, their core business is based on that. So it would be hypocritical on their part if they decided to block user tracking on their devices.
They have increasingly revised or clamped down on the various unique IDs and are pushing everyone to the (user-resetable) advertising ID. Things like the MAC have already been hardcoded to a single fixed value for a couple of years now.
You're just spreading unsupported fud. Actions speak louder than words and Google's actions for Android apps and APIs do not agree with your comments.
I seriously loathe the people hating on the web. On the web one can preview, debug, and block stuff at each application and network layer. Use Lynx, disable JS, install ad and tracking blockers, edit hosts file - you are the king. Want to see the true evil? Native Android and iOS applications, there doesn’t exist an alternative platform anymore. You think that app is free? Not even web-style in-app advertisements give you a second thought?
It's pretty frustrating. The web is infinitely better than the app-based nonsense we have. Desktops are better than mobile devices by orders of magnitude when it comes to productive tasks.
It'll shift back over time. Mobile is not going away but there will be a resurgence of desktop usage in the form of the mobile devices being hooked up to dumb terminals or something of the sort, and privacy/usability initiatives will slowly trudge on.
The web platform is complete garbage. It's extremely restrictive, outdated, and slow.
It has fantastic benefits, particularly in the brief usage long tail category, but it's not an app platform. Stop trying to use it as something it just isn't. There's plenty of room here for both native and web.
I agree completely. It's a particularly common problem on this forum.
The web is the most open and accessible platform we have. There's a powerful and fast layout engine. Scripting is open by default, and the client can at any time inspect, block, or modify those scripts to suit their needs.
Yes, it's been happening for a while. Google and Mozilla have been pushing (sometimes rushing) for more capable web browsers while Apple actively protects the exclusivity of some functionalities of it's app store, to the detriment of Safari users, making them feel an even greater gap between websites and native apps.
Originally, smartphones were to be the new way of browsing the web but it turned out to be a new way for OS manufacturers to profit over third-party software because developers had to handcraft a way of accessing their data over the internet from the device given that web browsers were not up to the task of delivering fast, snappy experiences. Developers had to create native apps for the simplest services even if they didn't need the extra functionality and APIs like notifications, background updates or movement sensors.
Today, mostly because of the increase in mobile processing power, the difference between a website and an app for trivial tasks (notekeeping, calendar, ordering a product, whatevs) is innofensive and overall imperceptible, making websites a reliable way of providing functionality once again.
Browser updates and new APIs will increase the amount of possible trivial services you will be able to access from anything with a browser and up-to-date processing power.
This is not unique to Facebook and is true for almost all SDKs, which can track the same events (which this talks mentions), that the app has. Google tracks exactly the same events which FB does as well.
Also, the same thing happens on iOS too - not sure why the talk avoided it. Once the app has the SDK for a third party (regardless of OS), tracking all events within the app is fair game.
What is your motivation posting this? Because it sounds like a great example of "whataboutism". Just because an evil is done a lot, and in different contexts doesn't make it not evil.
Every other comment here boils down to "get an iPhone". If the claim that this is also happening on iOS is true then it's highly relevant to the discussion.
My reading of it was that product50 was providing additional relevant information and context, which I personally found interesting and useful. I didn't at all get the impression that product50 was trying to make an argument like "since everyone's doing it, that makes it ok" (or any argument at all, for that matter).
I don't have a FB app on my phone, I have a FB account that has no posts. I look at it occasionally to track my "likes". Last week I was a conference in downtown Boston. I have no connection to the conference, I was there to meet my friend's daughter who lives oversees. While standing in line, people watching, I couldn't help but notice an extravagant fellow, I later discovered he was a an out of town PHD student there for the conference. Imagine my shock when my next web login to FB offered me this very man as a suggested friend!
You probably were in proximity long enough to have triggered something. You never know — your friends daughter may have been in the same line somewhere at the airport or a lounge as well.
I used to get this a lot as I’m 1-2 degrees of separation from some highish profile people. FB seems to adapt and move on to a different strategy over time.
Is there a definitive answer on how these suggestions happen? (Other example: talk about X with someone; start seeing internet ads for X afterwards). Is it coincidence?
For every ad or suggestion that elicits that kind of response, how many are completely unremarkable and immediately forgotten? It’s largely explained by the survivorship bias.
Anyway, There are more paid tracking SDKs in the wild and probably more invasive than Facebook's.
For example, in Poland there is a service called Cluify which supposedly tracks millions of phones to then target ads at them. Although they're Google ads. In fact, they're a "proud partner of Google."
On the website https://cluify.com/ they mention using wifi but in sales pitches they boast inclusion in many popular apps. As their client you can geofence an area and buy ads directed at devices which frequent them.
I purged and fumigated most of these parasites from my phone. Going even as far as replacing the OS because LG thought the Facebook app should be an integral part of their distribution and not removable. Hopefully they at least charged Facebook dearly for it.
You can use adb commands to "disable" system apps FWIW, all you need is the "developer options" menu, to temporarily enable adb access from USB. This lets you use all the features of a "locked", stock "ROM" (payment services, DRM apps, better camera), and also works on "locked down" devices where you can't unlock the bootloader and install a different OS. Of course, it's only worthwhile if you trust the "ROM" vendor (LG in your case) and can isolate the problem to some specific app(s).
This type of control is still possible on android devices?!
I had given up on buying new devices because of how restrictive and abusive phone manufacturers have become towards their customers. If adb can really do what you say it can, maybe I can finally upgrade my phone after all these years. Can you recommend an online article that goes over using `adb` like this? (especially for disabling locked apps)
I found NoRoot Firewall to be a much more powerful app. It allows you to add global domain filters too. And for some reason the logging of apps which request internet access appears to be much more detailed.
Android also had an issue where an app could deceive a user by requesting the permission to manage WiFi (CHANGE_WIFI_STATE) which is considered non-dangerous ("normal") [1] and is granted automatically without any prompts [2]:
> If your app lists normal permissions in its manifest (that is, permissions that don't pose much risk to the user's privacy or the device's operation), the system automatically grants those permissions to your app.
But the app could use it to determine user's location (by scanning for WiFI access points identifiers) without any notification. So the user wouldn't realise that the app now knows their location.
You can see it in the docs [3]:
> Android 8.0 and Android 8.1:
> A successful call to WifiManager.getScanResults() requires any one of the following permissions:
> CHANGE_WIFI_STATE
So this issue was fixed only on Android 9, and had been working for years. Any application could secretly determine your location. That's the state of privacy protection on Android. It is difficult to believe that Google developers who are very smart people couldn't foresee it for years.
I googled a little and found a confirmation that this method was working: [4]
That's the state of privacy protection on Android. It is difficult to believe that Google developers who are very smart people couldn't foresee it for years.
“It’s difficult to get a man to understand something when his salary depends on him not understanding it”.
Readit News
The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Mobile apps, despite platform API permission, and having some ability to protect their own data, are a lot closer to desktop programs than web apps in many regards.
When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen. They can't also keep it only for themselves and block for others or they'll get unfair trade practices action on their backs.
Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to do so suggests they want to keep the possibility of re-entering the advertising business (or at least portray so to their shareholders)
They restrict access to most of the things listed above, giving randomised fakes where necessary. The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…). They improve things every year, e.g. Safari's intelligent tracking prevention.
I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
Well put. I’ve tried to explain to people that I prefer Apple’s upfrontness that they are there to sell me a device and it’s software for money. Unlike Android systems where I feel the lead is intentionally buried by telling me how “free” the software is.
EFF has had a proof of concept online for quite a while https://panopticlick.eff.org/
And HN users are probably even more vulnerable since we will have customized our software making it stand out.
I'm sure there's a Google rep somewhere that will tell you that their "advertising ID" is better than the status quo on the web because the user can rotate it and, because it's reliable and easy for app devs to use, they are discouraged from being more nefarious and sneaky in tracking users.
This is all a bloody distraction from the point: it should not be an acceptable norm for this tracking to happen and it should be as hard as possible to pull off without informed user consent.
The degree to which platforms are defensive against it is a different issue to whether or not they actively encourage it by design... which shouldn't even be open to debate.
I'm using a VPN + ublock origin + https everywhere + temporary containers + don't track me google + chameleon + canvas blocker + custom user.js (that disables e.g. webgl).
It's pretty good to address many tracking methods (e.g. cookies, IP) but fingerprinting is remarkably hard to prevent.
On the other hand, among HN users you'll probably find a higher percentage of those who block JS by default and allow it only on selected websites. Most of these fingerprinting methods (and most web abuse in general) depends on JS being turned on.
I'm not saying you can't finger print, and like you pointed out it's easier on desktop. I'm only pointing out that panopticlick needs some work to be more accurate.
[0]: https://forum.xda-developers.com/showthread.php?t=3034811
[1]: https://github.com/M66B/XPrivacyLua
Well, that's a nice wish for Santa, but does anyone really expect such a policy from an advertising company like Google?
I'm just an ISV and have no evil intentions but I"m constantly having to defend myself against people saying I'm trying to track them too much.
I'm trying to track app version numbers, how often features are used, etc.
I've used user-agent's from the facebook app against a user for example(legit work :) ). It contains the phone version,app version and so much other detail that's a unique identifier.
granted, you will have to give up on netflix unless you want to install their DRM client, just like in the desktop.
Of course. On the other hand, Google's global attitude is that user tracking is fine, their core business is based on that. So it would be hypocritical on their part if they decided to block user tracking on their devices.
You're just spreading unsupported fud. Actions speak louder than words and Google's actions for Android apps and APIs do not agree with your comments.
It'll shift back over time. Mobile is not going away but there will be a resurgence of desktop usage in the form of the mobile devices being hooked up to dumb terminals or something of the sort, and privacy/usability initiatives will slowly trudge on.
It has fantastic benefits, particularly in the brief usage long tail category, but it's not an app platform. Stop trying to use it as something it just isn't. There's plenty of room here for both native and web.
The web is the most open and accessible platform we have. There's a powerful and fast layout engine. Scripting is open by default, and the client can at any time inspect, block, or modify those scripts to suit their needs.
The web is awesome for hackers.
Apps were the hot thing for a while, but now that major players have an app, they have figured out it matters little.
I dont do my shopping on the Target App. I'm sure they are getting economic indicators that web on mobile is just as effective.
Originally, smartphones were to be the new way of browsing the web but it turned out to be a new way for OS manufacturers to profit over third-party software because developers had to handcraft a way of accessing their data over the internet from the device given that web browsers were not up to the task of delivering fast, snappy experiences. Developers had to create native apps for the simplest services even if they didn't need the extra functionality and APIs like notifications, background updates or movement sensors.
Today, mostly because of the increase in mobile processing power, the difference between a website and an app for trivial tasks (notekeeping, calendar, ordering a product, whatevs) is innofensive and overall imperceptible, making websites a reliable way of providing functionality once again.
Browser updates and new APIs will increase the amount of possible trivial services you will be able to access from anything with a browser and up-to-date processing power.
The conference does provide a useful link to a privacy-centric page which catalogs some known facebook abuses:
https://privacyinternational.org/types-abuse/facebook
but there is no outline of this talk which summarizes the methods that facebook uses to spy on their users and the public.
https://privacyinternational.org/campaigns/investigating-app...
https://privacyinternational.org/report/2647/how-apps-androi...
a pdf you can go through: http://privacyinternational.org/sites/default/files/2018-12/...
Most negative news about Facebook is nonsense but this does seem to be pretty shady on Facebook's part.
Think about it, they already know who you are because you are logged in with your account.
They don’t need more info than that to run targeted ads.
You probably were in proximity long enough to have triggered something. You never know — your friends daughter may have been in the same line somewhere at the airport or a lounge as well.
I used to get this a lot as I’m 1-2 degrees of separation from some highish profile people. FB seems to adapt and move on to a different strategy over time.
https://newsroom.fb.com/news/h/facebook-does-not-use-your-ph...
Anyway, There are more paid tracking SDKs in the wild and probably more invasive than Facebook's.
For example, in Poland there is a service called Cluify which supposedly tracks millions of phones to then target ads at them. Although they're Google ads. In fact, they're a "proud partner of Google."
On the website https://cluify.com/ they mention using wifi but in sales pitches they boast inclusion in many popular apps. As their client you can geofence an area and buy ads directed at devices which frequent them.
I purged and fumigated most of these parasites from my phone. Going even as far as replacing the OS because LG thought the Facebook app should be an integral part of their distribution and not removable. Hopefully they at least charged Facebook dearly for it.
I had given up on buying new devices because of how restrictive and abusive phone manufacturers have become towards their customers. If adb can really do what you say it can, maybe I can finally upgrade my phone after all these years. Can you recommend an online article that goes over using `adb` like this? (especially for disabling locked apps)
I also block Wi-Fi and mobile data access wholesale for apps like virtual keyboards and most pre-loaded crapware that can't be uninstalled.
> If your app lists normal permissions in its manifest (that is, permissions that don't pose much risk to the user's privacy or the device's operation), the system automatically grants those permissions to your app.
But the app could use it to determine user's location (by scanning for WiFI access points identifiers) without any notification. So the user wouldn't realise that the app now knows their location.
You can see it in the docs [3]:
> Android 8.0 and Android 8.1:
> A successful call to WifiManager.getScanResults() requires any one of the following permissions:
> CHANGE_WIFI_STATE
So this issue was fixed only on Android 9, and had been working for years. Any application could secretly determine your location. That's the state of privacy protection on Android. It is difficult to believe that Google developers who are very smart people couldn't foresee it for years.
I googled a little and found a confirmation that this method was working: [4]
[1] https://developer.android.com/reference/android/Manifest.per...
[2] https://developer.android.com/guide/topics/permissions/overv...
[3] https://developer.android.com/guide/topics/connectivity/wifi...
[4] https://blog.trustlook.com/2015/06/02/how-apps-tracking-your...
“It’s difficult to get a man to understand something when his salary depends on him not understanding it”.