←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 3 comments | 02 Feb 25 17:07 UTC | HN request time: 0.001s | source
Show context
qingcharles ◴[02 Feb 25 20:40 UTC] No.42911578[source]
One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
gruez ◴[02 Feb 25 20:59 UTC] No.42911768[source]
>One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

>As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

Fortunately this is changing with iOS 18 with "limited contacts" sharing.

https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...

The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".

The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.

replies(8): >>42911926 #>>42912101 #>>42912892 #>>42913397 #>>42915871 #>>42915947 #>>42916008 #>>42916767 #
sneak ◴[02 Feb 25 23:15 UTC] No.42912892[source]
How about a no/limited internet setting? So many apps spy on you and they don’t need network at all to function.
replies(6): >>42913719 #>>42914019 #>>42914515 #>>42914675 #>>42915425 #>>42915448 #
hellojesus ◴[03 Feb 25 03:38 UTC] No.42914675[source]
Grapheneos lets you pick this for apps before they even launch. You can revoke their network access, as well as define storage scopes for apps at a folder level, so if an app needs access to photos, you can define a folder, and that is the only folder it can scan for photos.

I used that when submitting parental leave at work. I didn't want to provide full access to all my photos and files for work, so all they got was a folder with a pic of a birth certificate.

replies(2): >>42914829 #>>42919028 #
1. miki123211 ◴[03 Feb 25 04:03 UTC] No.42914829[source]
iOS and Mac also let you do this, for photos, contacts and files.

Apple is also pushing developers toward using native picker components. That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

replies(1): >>42916204 #
2. thaumasiotes ◴[03 Feb 25 08:43 UTC] No.42916204[source]
> That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

This is an interesting contrast with the earlier philosophy of phone OSes that the file system is confusing to users and they should never be allowed to see it.

replies(1): >>42916604 #
3. miki123211 ◴[03 Feb 25 09:49 UTC] No.42916604[source]
They still (mostly) aren't.

From an user perspective, photos aren't files. Music isn't files. Contacts aren't files. Apps aren't files. App data isn't files.

The only things that "walk like a file and quack like a file" are documents, downloads, contents of external storage, network drives and cloud drives, and some Airdrop transfers.

Yes, it's technically possible to use the files app to store photos, music etc, but if you do that, "you're holding it wrong."