16 comments

[ 5.0 ms ] story [ 35.5 ms ] thread
(2020)
I’m sure Meta no longer wishes to suck down data they shouldn’t and has stopped doing so in all of their products. /s
I took the time to read the EULA for the "Intel Driver and Support Assistent" on Windows and they monitor which websites you visit! In fact, if I'm reading their privacy notice, they obtain data from any software you run on their CPU at any time.

https://www.intel.com/content/www/us/en/support/articles/000...

https://www.intel.com/content/www/us/en/privacy/intel-privac...

Can you provide a more specific link or quote ? I’ve read through both of these, and it seems to be things like IP address locales and other things about your browser environment rather than the history of every website you visit.
I should have added this link:

https://www.intel.com/content/www/us/en/support/topics/idsa-...

It sounds like they are going out of their way to say they don't collect website information here. Perhaps my recollection is wrong.

It's still shady as hell.

It's the "Intel® Computing Improvement Program" which is enabled by default and collects the following info (remainder is quoted from their site):

Intel wants to provide the best computing experiences. To accomplish this, we would like your permission to collect, use, and combine information to understand:

    The categories of websites you visit, but not the URL itself
    How you use your computer
    System information from your computer
    Other devices in your computing environment
Usage information contains:

    Software usage: for example, frequency and duration of application usage such as Intel® Driver & Support Assistant, but not the application content itself such as specific actions or keyboard input.
    Feature usage: for example, how much RAM you usually use or your laptop’s average battery life.
    Other devices in your computing environment
    The categories of websites you visit, but not the URL itself, Includes universal plug and play devices and devices that broadcast information to your computer on a local area network: for example, smart TV model and vendor information, and video streaming devices.
    The categories of websites you visit, but not the URL itself,
    The information collected includes categorized web browsing history that shows how long and how often you visited specific categories of sites (i.e. social media, personal finance, or news). All site visits are classified into one of 30 categories. We do not collect URLs, web pages titles, or user-specific content without explicit permission from you.
Collected system information contains, but is not limited to:

    Your device manufacturer
    CPU model
    Memory and display configuration
    OS version
    Software versions
    Region and language settings
    Regional location and time zone
they have been emboldened by the whole-cloth acceptance of the smart-phone, with the obvious implications
Well, I assume now that the EU DMA is a thing, Facebook would reconsider distributing their actually malware laden binaries (instead of simple ads/analytics) through their own app store.

There was a similar incident[1] (for which I can't unfortunately locate the original source) where Uber tried embedding an exploit to retrieve IMEI numbers without consent, which was caught by Apple's review process. So while there may be some legitimate complaints, the review process does keep the worst behavior out of their curated app store.

[1] https://youtu.be/KAsKPwfkiDw?t=433

Just because Facebook may potentially create their own app store doesn't mean others are going to use it. Even on Android, sideloading is fraught with warnings that the average older Facebook user might not figure it out.

Personally I'm looking forward to easier iOS sideloading, even if regulation was required to achieve it. Devices should be secure by design against malware, not by curation.

> Even on Android, sideloading is fraught with warnings that the average older Facebook user might not figure it out.

This is now also forbidden by the DMA.

> 3. The gatekeeper shall ensure that the obligations of Articles 5, 6 and 7 are fully and effectively complied with.

> 4. The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.

> 6. The gatekeeper shall not degrade the conditions or quality of any of the core platform services provided to business users or end users who avail themselves of the rights or choices laid down in Articles 5, 6 and 7, or make the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner, or by subverting end users’ or business users' autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof.

> 7. Where the gatekeeper circumvents or attempts to circumvent any of the obligations in Article 5, 6, or 7 in a manner described in paragraphs 4, 5 and 6 of this Article, the Commission may open proceedings pursuant to Article 20 and adopt an implementing act referred to in Article 8(2) in order to specify the measures that the gatekeeper is to implement.

Can you ship apps by region and have an EU-specific app once you paid enough fines?
Isn’t this happening more or less at the same time Jobs was calling it the feecesbook and yanked its integration from iOS???
I'm skeptical. Doing this would be illegal, and wouldn't comply with FB's own privacy policy. Unless the usage of Pegasus were limited strictly to the network requests made while Onavo was enabled.
Yeah, companies would never do something illegal, or go against their own TOS; especially social media platforms! (/s)
Companies can break the law. Sometimes they DO break the law. But I'm still skeptical. If this is true, it would be a flagrant violation.
Am I reading it correctly that Facebook was selling an end user VPN?
"In August 2018, Facebook pulled Onavo Protect from the iOS App Store due to violations of Apple's policy forbidding apps from collecting data on the usage of other apps. In February 2019, in response to criticism over a Facebook market research program employing similar techniques (including, in particular, being targeted towards teens), Onavo announced that it would close the Android version of Protect as well."

https://en.wikipedia.org/wiki/Onavo