• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle

  • What bug? It’s super easy to do this in an app that already has access to your microphone, like Whatsapp, then extract only keywords from conversations and send them to Meta packed as innocuous numeric codes piggybacking on the overhead of encrypted connections.

    A single byte here and there is all you need to know people were talking about cats, or perfume, or shoes etc.

    Whatsapp protocol, app and servers are closed source, and Meta apps will download and compile native code upon installation, which escapes normal JVM restrictions and does God knows what.

    On certain brands of phones (like Samsung) Meta apps come with a manufacturer-preinstalled system stub that can do pretty much whatever it wants, but is typically used to elevate the rights of Meta apps that were installed via normal means and to collect information from them as well as any app that’s running ads from Meta.

    And this is a company that’s a third party to the Android ecosystem — it’s a lot easier for Google themselves, who are datamining the shit out of everything you do on a phone, from second-by-second location to email. And Meta is datamining the shit out of absolutely everything you put on Facebook and Instagram, in spite of any fines and sanctions. And Microsoft are datamining the shit out of everything you do on your PC and they’re openly pushing Recall and Copilot and have been pushing Cortana for so long.

    What do you think Cortana and OK Google were listening for?.Hell, Amazon and Google were both caught storing recordings of people’s conversations in the beginning, before they started hiding it better.

    So you’re being watched in every way possible in every single thing you do that touches any technology from these companies, we have countless documented instances of them breaking privacy in heinous ways like giving up people to authoritarian governments and to anti-abortion governments in the US and so on…

    …and you’re seriously wondering if they’re snooping on your conversations? They have every means at their disposal, they’re using it every second, and you’re wondering if they’re doing that too?

    Why wouldn’t they? It’s obvious that we live in a world where it’s ok to ask forgiveness (and you’ll get a slap on the wrist, if that) rather than permission. What would possibly compel them to not do it?

    Consequences? What consequences? We already know for a fact they spy on so much stuff and we keep using their tech. There are no consequences.


  • You should consider if you really want to integrate your application super tightly with the HTTP protocol.

    Will it always be used exclusively over a REST-ful HTTP API that you control, and it has exactly one hop to the client, or passes through hops that can be trusted to never alter the HTTP metadata significantly? In that case you can afford to make HTTP codes semantically relevant for your app.

    But maybe you need to pass data through multiple different types of layers and different mechanisms (socket protocols, pub-sub, file storage etc.) In that case you want all your semantics to be independent from any form of transport.