Skip to content

Facebook fined for forcing users to agree to personalised ads

Privacy
  • @phenomlab said in Facebook fined for forcing users to agree to personalised ads:

    Love this analogy - sounds very much like the manifesto of Ted Kaczynski

    Thanks, that is always what I think when someone goes off on someone else online trying to force everyone to think the same as them.

    @phenomlab said in Facebook fined for forcing users to agree to personalised ads:

    Yes, and as I often say to people - “you can think what you like, but knowing when NOT to say it is a skill in itself”. Essentially, keep your views and opinions to yourself, and don’t force your diatribe on others who likely won’t appreciate it anyway.

    Yes, 100%

  • So kind of along the lines of not allowing big tech to steal your private data, I realized that I was using gboard on my phone. A light bulb flashed in my head, what a better way to get every keystroke that you use when type, searching, putting in passwords and all of that. So realizing that, I did some searching and reading some reddits and found HeliBoard, which does not do those things. I have F-Droid installed on my phone and installed it from there. So far I like it and it also has some of the features that gboard has.

    I also decided to go with signal. And to get family to change to it isn’t so easy. My mom did, but my brother is taking his sweet ole time. He said he installed it but he hasn’t signed up for it yet. So we will see.

  • @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    I realized that I was using gboard on my phone. A light bulb flashed in my head, what a better way to get every keystroke that you use when type, searching, putting in passwords and all of that.

    Yes, that’s something I too realised a while back. The the same reason, if you use a custom keyboard with an iPhone, it always forces reversion to the stock keyboard as soon as you enter anything sensitive, such as passwords or payment details

    @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    And to get family to change to it isn’t so easy

    That’s never easy. Good luck!

  • @phenomlab Sneaky iphone. One of the many reasons why i don’t like iphone. To proprietery and they only want you to use their stuff.

    Thanks, we will see if they do. They don’t seem to care about that stuff and are like whatever, so we will see.

  • @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    Sneaky iphone. One of the many reasons why i don’t like iphone. To proprietery and they only want you to use their stuff.

    Whilst I do see the benefit from the security angle, I think the choice of keyboard should be a user based one. Yes, of course, display a warning - an icon that shows more detail when tapped, and offers you a choice, but forcing the change with zero choice is a bridge too far in my view.

  • @phenomlab What keyboard do you use on your current phone right now?

  • @Madchatthew I’m using the stock Samsung keyboard from OneUI

  • @phenomlab Right on! I think I am liking the keyboard I mentioned above. Don’t like the look of it when you turn the phone sideways thought, but I have to look and see if there is a way to change that when you turn the phone sideways.

  • @Madchatthew I honestly don’t use the phone sideways so no issue as such for me 😀

  • @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    I also decided to go with signal. And to get family to change to it isn’t so easy. My mom did, but my brother is taking his sweet ole time. He said he installed it but he hasn’t signed up for it yet. So we will see.

    I recently made the switch to signal like yourself.

    Thought this may be of interest to you especially getting the family to move over.

    https://www.makeuseof.com/signal-rolls-out-video-call-links/

  • @JAC @Madchatthew this is probably also useful - essentially, my views on usage

    1. Privacy Concerns
      Data Sharing with Meta (Facebook): WhatsApp shares some user data with its parent company, Meta, which uses this information for targeted advertising across its platform. Although the messages are end-to-end encrypted, metadata like who you talk to, how often, and for how long can still be used to build a profile.
      Policy Changes: WhatsApp’s privacy policy has been updated multiple times, sparking concerns that future changes might further encroach on user privacy.
    2. End-to-End Encryption Limitations
      Metadata Collection: While messages are encrypted, WhatsApp still collects metadata on user activity. This can potentially allow for profiling and activity tracking, albeit in a non-content-specific way.
      Backups: Messages backed up to cloud services (like Google Drive or iCloud) aren’t end-to-end encrypted by WhatsApp, meaning they are vulnerable to third-party access or hacking.
    3. Lack of Customization and Features
      Feature Limitations: Competing apps such as Telegram and Signal offer more customization, like unique themes, larger group capacities, and more advanced media sharing.
      Restrictions on Group Size: WhatsApp group limits are smaller compared to alternatives like Telegram, which can host much larger communities.
    4. Platform Monopolization and Dependency
      Heavy Market Influence: WhatsApp’s widespread usage can create a dependency on Meta’s ecosystem, reducing users’ exposure to more privacy-oriented platforms.
      Reduced Competition: This dominance limits market space for alternative messaging services, leading to fewer options and less innovation outside the Meta ecosystem.
    5. Security Concerns
      Potential Vulnerabilities: Despite robust security measures, WhatsApp has experienced vulnerabilities and hacking incidents, which can be unsettling for security-focused users.
      Third-Party Integration Risks: WhatsApp’s growing integration with other Meta services raises concerns that security vulnerabilities from one platform could impact another.
    6. Data Sovereignty
      Control Over Data: WhatsApp users don’t have full control over their data and cannot self-host as they could with other messaging solutions like Matrix or XMPP-based services.
    7. Lack of Cross-Platform Support
      Device Limitations: WhatsApp has been slower to roll out multi-device support compared to competitors, limiting access across devices. Although it has now been expanded, it’s still limited compared to other apps like Telegram.
      Alternative Messaging Apps
      Signal: Highly regarded for its focus on privacy and transparency; it’s open-source and designed with minimal metadata collection.
      Telegram: Known for its features, such as large groups and extensive media options, although it’s not as privacy-focused as Signal.
      Matrix/Element: Decentralized, self-hostable, and offers excellent data control.

    Ultimately, whether to keep using WhatsApp depends on your priorities for security, privacy, and functionality.

  • @JAC Nice, that would be nice to have video calls encrypted.

    @phenomlab nice thanks for that post.

    Update - so far my wife is basically no i don’t want to install that and change apps if everyone else has to change to that app too. So it seems she pretty much doesn’t care about privacy.

    My mom is the only one that has installed it and used it LOL - But her and my dad are all about privacy and such. It doesn’t do much good though if others don’t join it.

    I do wish that signal would add sms and if someone switches to signal then it would use the secure feature. But that would probably go against what they are all about.

  • @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    But her and my dad are all about privacy and such. It doesn’t do much good though if others don’t join it.

    But even that statement itself is like a breath of fresh air. Typically the generation before are the most difficult to educate but it seems your parents are a step ahead of everyone else.

  • @Madchatthew said in Facebook fined for forcing users to agree to personalised ads:

    I do wish that signal would add sms and if someone switches to signal then it would use the secure feature. But that would probably go against what they are all about.

    Yes, same here. Perhaps one day…


Related Topics
  • Why Forums Are Still Relevant in 2024

    Blog
    3
    2 Votes
    3 Posts
    108 Views

    @JAC wow. Thanks for the great comments. They are truly appreciated.

    I tend to agree with the social media comments you’ve made. This is made all the more prominent in relation to recent events in Southport for example, and toxicity is a huge issue. Just look at some of the comments from trolls - they are truly disgusting, and the perpetrators seem to take great delight in the anonymity the Internet affords them.

    forums in general are much more subject focused, easier to moderate and users are less likely to be banned because they are there for a specific interest or reason, not to cause trouble.

    Agreed, although discussions can still get out of hand and quite often, these are left to run riot and quickly spiral out of control. A great example of that is here

    https://sudonix.org/topic/141/how-to-destroy-a-community-before-it-s-even-built

    there’s something much more calming about coming to a specific page at your fancy, posting and taking part in healthy debates over the real mishmash of social media.

    Yes, I personally prefer the atmosphere of a forum against the backdrop of unwanted noise via social media.

  • 2 Votes
    4 Posts
    226 Views

    @DownPW This won’t be the first time that Amazon and others like them are being bought to account. I recall seeing a documentary on the TV recently where they sent in a reporter with secret cameras to film the strict regimen and constant threat of being fired for not meeting targets that workers are placed under.

    The surveillance just takes this to a whole new level in my view and it’s like being placed under a microscope for constant scrutiny. This goes well beyond the surveillance placed on prisoners!

  • 3 Votes
    4 Posts
    602 Views

    I’ve been using this service for a couple of days now, and it’s made my internet access so much faster. That alone is a plus, and I never thought there would be a contender for Cloudflare in this area.

  • 12 Votes
    8 Posts
    450 Views

    @crazycells good question. Gmail being provided by Google is going to be one of the more secure by default out of the box, although you have to bear in mind that you can have the best security in the world, but that is easily diluted by user decision.

    Obviously, it makes sense to secure all cloud based services with at least 2fa protection, or better still, biometric if available, but email still remains vastly unprotected (unless enforced in the sense of 2fa, which I know Sendgrid do) because of user choice (in the sense that users will always go for the path of least resistance when it comes to security to make their lives easier). The ultimate side effect of taking this route is being vulnerable to credentials theft via phishing attacks and social engineering.

    The same principle would easily apply to Proton Mail, who also (from memory) do not enforce 2fa. Based on this fact, neither product is more secure than the other without one form of additional authentication at least being imposed.

    In terms of direct attack on the servers holding mail accounts themselves, this is a far less common type of attack these days as tricking the user is so much simpler than brute forcing a server where you are very likely to be detected by perimeter security (IDS / IPS etc).

  • Securing javascript -> PHP mysql calls on Website

    Solved Security
    2
    1 Votes
    2 Posts
    370 Views

    @mike-jones Hi Mike,

    There are multiple answers to this, so I’m going to provide some of the most important ones here

    JS is a client side library, so you shouldn’t rely on it solely for validation. Any values collected by JS will need to be passed back to the PHP backend for processing, and will need to be fully sanitised first to ensure that your database is not exposed to SQL injection. In order to pass back those values into PHP, you’ll need to use something like

    <script> var myvalue = $('#id').val(); $(document).ready(function() { $.ajax({ type: "POST", url: "https://myserver/myfile.php?id=" + myvalue, success: function() { $("#targetdiv").load('myfile.php?id=myvalue #targetdiv', function() {}); }, //error: ajaxError }); return false; }); </script>

    Then collect that with PHP via a POST / GET request such as

    <?php $myvalue= $_GET['id']; echo "The value is " . $myvalue; ?>

    Of course, the above is a basic example, but is fully functional. Here, the risk level is low in the sense that you are not attempting to manipulate data, but simply request it. However, this in itself would still be vulnerable to SQL injection attack if the request is not sent as OOP (Object Orientated Programming). Here’s an example of how to get the data safely

    <?php function getid($theid) { global $db; $stmt = $db->prepare("SELECT *FROM data where id = ?"); $stmt->execute([$theid]); while ($result= $stmt->fetch(PDO::FETCH_ASSOC)){ $name = $result['name']; $address = $result['address']; $zip = $result['zip']; } return array( 'name' => $name, 'address' => $address, 'zip' => $zip ); } ?>

    Essentially, using the OOP method, we send placeholders rather than actual values. The job of the function is to check the request and automatically sanitise it to ensure we only return what is being asked for, and nothing else. This prevents typical injections such as “AND 1=1” which of course would land up returning everything which isn’t what you want at all for security reasons.

    When calling the function, you’d simply use

    <?php echo getid($myvalue); ?>

    @mike-jones said in Securing javascript -> PHP mysql calls on Website:

    i am pretty sure the user could just use the path to the php file and just type a web address into the search bar

    This is correct, although with no parameters, no data would be returned. You can actually prevent the PHP script from being called directly using something like

    <?php if(!defined('MyConst')) { die('Direct access not permitted'); } ?>

    then on the pages that you need to include it

    <?php define('MyConst', TRUE); ?>

    Obviously, access requests coming directly are not going via your chosen route, therefore, the connection will die because MyConst does not equal TRUE

    @mike-jones said in Securing javascript -> PHP mysql calls on Website:

    Would it be enough to just check if the number are a number 1-100 and if the drop down is one of the 5 specific words and then just not run the rest of the code if it doesn’t fit one of those perameters?

    In my view, no, as this will expose the PHP file to SQL injection attack without any server side checking.

    Hope this is of some use to start with. Happy to elaborate if you’d like.

  • Hacked because you didn't listen ?

    Blog
    1
    0 Votes
    1 Posts
    242 Views
    No one has replied
  • 0 Votes
    1 Posts
    321 Views
    No one has replied
  • Security, Or Just Obscurity?

    Blog
    1
    +0
    0 Votes
    1 Posts
    327 Views
    No one has replied