Most active commenters

    ←back to thread

    Everyone knows your location: tracking myself down through in-app ads

    (timsh.org)
    1957 points apokryptein | 14 comments | 02 Feb 25 17:07 UTC | HN request time: 0.621s | source | bottom
    Show context
    qingcharles ◴[02 Feb 25 20:40 UTC] No.42911578[source]
    One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

    As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

    And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

    replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
    gruez ◴[02 Feb 25 20:59 UTC] No.42911768[source]
    >One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

    >As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

    Fortunately this is changing with iOS 18 with "limited contacts" sharing.

    https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...

    The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".

    The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.

    replies(8): >>42911926 #>>42912101 #>>42912892 #>>42913397 #>>42915871 #>>42915947 #>>42916008 #>>42916767 #
    1. create-username ◴[02 Feb 25 21:17 UTC] No.42911926[source]
    People will share their whole list because it’s simpler
    replies(2): >>42912018 #>>42912704 #
    2. ◴[02 Feb 25 21:28 UTC] No.42912018[source]
    3. taneq ◴[02 Feb 25 22:51 UTC] No.42912704[source]
    Or because they were tricked. eg. LinkedIn’s “Connect with your contacts” onboarding step which sounds like it’ll check your contacts against existing LinkedIn users but actually spam invites anyone on your contact list that doesn’t have an account.
    replies(3): >>42914036 #>>42916894 #>>42919089 #
    4. wkat4242 ◴[03 Feb 25 01:49 UTC] No.42914036[source]
    Linkedin is so terribly evil these days.

    I also see the shenanigans of adding new 'privacy' settings and setting them open by default. Another typical Microsoft ploy by the way.

    replies(1): >>42915764 #
    5. noja ◴[03 Feb 25 07:15 UTC] No.42915764{3}[source]
    They were evil before.

    Previously they’d take your LinkedIn password and try using that to log in to your email account to grab your contacts.

    replies(5): >>42915966 #>>42915990 #>>42916905 #>>42919227 #>>42931714 #
    6. 55555 ◴[03 Feb 25 07:58 UTC] No.42915966{4}[source]
    This sounds absolutely insane.
    7. dkga ◴[03 Feb 25 08:03 UTC] No.42915990{4}[source]
    This is a big thing, is there any evidence? Not implausible unfortunately…
    replies(1): >>42916169 #
    8. saagarjha ◴[03 Feb 25 08:37 UTC] No.42916169{5}[source]
    https://en.wikipedia.org/wiki/LinkedIn#Use_of_e-mail_account...
    9. Cthulhu_ ◴[03 Feb 25 10:39 UTC] No.42916894[source]
    This is how a load of emails were sent out from my Hotmail account to anyone I had ever contacted (including random websites) asking if I want to connect with them to Facebook. The onboarding seemed to imply it would just check to see if any of my contacts were already using facebook.
    10. Cthulhu_ ◴[03 Feb 25 10:41 UTC] No.42916905{4}[source]
    Wasn't this also how some services would connect e.g. your bank accounts? They'd ask for your credentials and log into your bank to scrape its contents.

    And I kinda get it, some services external to your bank can help you manage your finances etc. But it's why banks should offer APIs where the user can set limited and timed access to these services. In Europe this is PSD2 (Revised Payment Services Directive).

    replies(1): >>42918553 #
    11. amanda99 ◴[03 Feb 25 14:34 UTC] No.42918553{5}[source]
    I think the key point is that they would take your Linkedin password and try to use that on your email without asking you, in case you reused passwords.
    12. jorts ◴[03 Feb 25 15:24 UTC] No.42919089[source]
    God damn this feature. About ten years ago I inadvertently did something in LinkedIn and ended up spamming everyone I knew with LinkedIn invites. It annoyed a lot of people.
    13. wkat4242 ◴[03 Feb 25 15:37 UTC] No.42919227{4}[source]
    Ok I didn't know that. Very good point. Wow.
    14. slickytail ◴[04 Feb 25 12:54 UTC] No.42931714{4}[source]
    The linked wikipedia article below says that they asked you for your email password specifically -- is there any evidence that they would try to use your linkedin password itself?