An amazing bit of digital detective work here. Send like Linux mobile is your only off ramp from being exhaustively tracked
Surprising that this data never heard gets leaked. It’s always my social security number
Give permission. Don't give permission. They know where you are anyway
Submitted 1 year ago by Morys@lemmy.ml to technology@lemmy.world
https://timsh.org/tracking-myself-down-through-in-app-ads/
Comments
Melvin_Ferd@lemmy.world 1 year ago
Nalivai@lemmy.world 1 year ago
It’s in a perpetual state of leakage in a sence that it’s a trade item that gets sold between different companies. You can’t leak that, really.
Melvin_Ferd@lemmy.world 1 year ago
No hacker group ever got their hands on this data?
1Fuji2Taka3Nasubi@lemmy.zip 1 year ago
Wonder how the app sent geolocation with Location Services disabled.
mrvictory1@lemmy.world 1 year ago
It may have estimated location data with IP from Wi-Fi. Location Services turns on GPS but that is not the only way of getting location.
misk@sopuli.xyz 1 year ago
Does this happen to user in the EU? It’s highly illegal to gather data without consent here obviously. Even processing other data to derive location means processing data for purpose that’s different from one that was consented to (if at all). There are big companies implicated here so it’d be easy to fine them into submission in jurisdictions that allow it.
plenipotentprotogod@lemmy.world 1 year ago
The sample data shared in the article includes
“c”: “ES”, // Country code,ES is usually used for Spain, so it looks like these tests were run from within the EU.
misk@sopuli.xyz 1 year ago
Ah, there’s also this in json:
"uc": "1", // User consent for tracking = True; OK what ?!My guess is that developers are pretending to got user consent to get more money from the ads.
jimmy90@lemmy.world 1 year ago
it’s been known for a long time that there is enough identifiable information in a “normal” person’s internet usage to identify exactly who and where you are and what you are likely doing just from metadata analysis and public domain information
question is, how is this being abused
Mrkawfee@lemmy.world 1 year ago
Is there any straightforward way of stopping this besides dropping off the grid?
mrvictory1@lemmy.world 1 year ago
Use a custom DNS and/or hosts file. You can cut them off the grid by blocking data upload to SSP. Don’t install many apps, for games that can be played offline, play them offline.
bilb@lem.monster 1 year ago
None worth pursuing
MangoPenguin@lemmy.blahaj.zone 1 year ago
Using firefox in strict mode with ublock origin, cookie auto-delete, and a VPN to change your IP should stop location tracking and cross-site tracking. Sites will still know you’ve visited them and what pages you’ve been to for that session but that is impossible to stop.
BrianTheeBiscuiteer@lemmy.world 1 year ago
I imagine an ad blocker could prevent this data going out, unless the hosts were generic and the game/app simply won’t work without allowing those connections. I’ve never seen an app be [obviously] broken from my ad blocker but I am interested in running a similar experiment to see just how much data is going out.
muntedcrocodile@lemm.ee 1 year ago
Route all or traffic through tor. Never log into anything. Never use the same identity twice. Ahh and live in a hut in the woods never going to shops or cities that have security cameras.
hendrik@palaver.p3x.de 1 year ago
I think it's more: "Don't use a smartphone". It'll send those requests through any internet connection. No matter if it's a VPN.
MonkderVierte@lemmy.ml 1 year ago
…where are chains allowed to abuse security camera footage for ad tracking?
Mihies@programming.dev 1 year ago
Even with Linux it wouldn’t be that safe, if apps were doing this crap.
Morys@lemmy.ml 1 year ago
You’d want to be using only Linux apps that weren’t recording and reporting everything. Much easier to get in Linux than Apple/android
fishos@lemmy.world 1 year ago
You know the towers log data too, right? And that websites themselves can track you regardless of what OS you use, right?
Privacy is good, but stop with this “Linux is a magic weapon” BS.
sharkfucker420@lemmy.ml 1 year ago
We just have to stop using the internet at this point
hera@feddit.uk 1 year ago
All HTTP requests include your ip address, you don’t “consent” to giving it to anybody. You can geolocate somebody based on ip address but it won’t be very accurate
MangoPenguin@lemmy.blahaj.zone 1 year ago
True, it’s storing the IP address that is the issue.
BreadstickNinja@lemmy.world 1 year ago
Storing it and associating it with all the other identifying information collected.
Ulrich@feddit.org 1 year ago
but it won’t be very accurate
Which they actually acknowledge in the blog post.
Kind of interesting that they’re smart enough to understand how to sniff packets but not enough to understand that IP address = location.
ramjambamalam@lemmy.ca 1 year ago
Author noted:
As a quick note - location shared was not very precise (but still in the same postal index), I guess due to the fact that iPhone was connected to WiFi and had no SIM installed. If it was LTE, I bet the lat/lon would be much more precise.
cyborganism@lemmy.ca 1 year ago
Use a VPN. Problem solved.
Mbourgon@lemmy.world 1 year ago
Latitude and Longitude are in there. As is screen brightness. He does acknowledge that he is on Wi-Fi, but that’s still super suspicious
forrgott@lemm.ee 1 year ago
Not the magic bullet people think they are. Oh, and you can’t turn it off, so you’ll have to take the loss in network speed on absolutely everything. And better know how to configure each device so it doesn’t go ahead and check leak your IP anyways, which also restricts choice of devices you use. Cause remember, if any device on your network ever connects to the net without the VPN, then your anonymity just went out the window.
ricdeh@lemmy.world 1 year ago
That VPN provider will then know ALL the connections you make. Almost worse than just using the Internet normally.
Scrollone@feddit.it 1 year ago
Using a VPN just moves the trust to another middleman.
lurch@sh.itjust.works 1 year ago
This problem solved, but whenever you change your network or IP and then periodically, your phone will report to Firebase, so you can receive push notifications.
You can block those with software that simulates a local VPN with a filter, but you won’t get any more push notifications. Now push notifications are not just the ones you see. Some apps use invisible ones to get infos they need to work.
masterofn001@lemmy.ca 1 year ago
Make sure you disable or properly configure webrtc. Even with a VPN it will leak your true IP address.
Check here.
Brumefey@sh.itjust.works 1 year ago
That’s crazy. As it’s (almost) impossible to prevent those data to be sent from the phone, would it be possible to make the data useless ? For instance by sending loads of fake json payloads for some ids ? Then enjoy my data which says at the same time that I’m in Vancouver, Lisbon, Paris, on my low cost and super expensive phone, with volume at max and zero,… Not possible I guess ?