Do you find the iOS Facebook app and Instagram app slow? Yes, it is because it does much more than what they display. Felix Krause, a former Google engineer who studies privacy, said in a on the 10th that Facebook and Instagram apps . blog post track users' browsing behavior on third-party websites without consent Background Apple actively countering : cross-host tracking Starting with iOS 14.5, Apple introduced App Tracking Transparency to give users control. Apps need permission from users before their data can be tracked across apps owned by other companies. Also, Safari already t. blocks third-party cookies by defaul After the App Tracking Transparency was introduced, announced: Meta Apple’s simple iPhone alert is costing Facebook $10 billion a year Facebook complained that Apple’s App Tracking Transparency favors companies like Google because App Tracking Transparency “carves out browsers from the tracking prompts Apple requires for apps.” Websites you visit on iOS don’t trigger tracking prompts because the anti-tracking features are built in. – & Daring Fireball MacWorld As web browsers and iOS provide users with more privacy controls, it's clear why Instagram is interested in monitoring all web traffic from external sites. The Findings (Thanks, Krause!) Krause wrote that the iOS versions of the Facebook and Instagram apps inject code on every website they open and use a instead of Apple's built-in Safari Browser, monitoring user behavior. As a result, the two apps track user privacy "without the consent of the user and the site provider," Krause said. "custom-built in-app browser" Krause said he couldn't be sure what data Instagram was tracking but stressed that the built-in browser follows everything a user does on the site, including , a browser that can be used to steal sensitive information, such as home addresses. "Tracking codes allow us to collect user data for targeted advertising or evaluation," Meta, the parent company of Instagram, said in a statement to on Tuesday. "every screen click" and "browsing behavior." The Guardian "When shopping through the in-app browser, we seek consent to store payment data. So that the next purchase can be automatically filled in.” Krause responded that the practice still “exposed users a lot of risks” and “there is no option not to open a custom built-in browser.” What If I Stop Using the App? The Tracking Beyond Facebook Facebook also reaches outside Facebook itself. So what it means by “targeted advertising or evaluation“mean? Meta has partnerships with marketing firms and ad networks so that activities on other sites, including: Logging into Public WiFi that requires Facebook Check-in; Logging into a third-party service with your Facebook account; Browsing website that contains “Facebook Pixel”; and more; can be combined with your Facebook profile. The  tracker is not new for Facebook but new to us. It at least gives us a way to glimpse how much it knows about us. It shows to feed you specific ads and posts. Facebook and sister apps Instagram and WhatsApp don’t need the microphone open What Is the off-Facebook Activity? Off-Facebook Activity breaks the association between what you do on Facebook and off it. So, for example, if you’re shopping for shoes on a third-party retail site, you won’t suddenly see shoe ads all over your Facebook News Feed. Here is a direct link to the . complete activity list This off-Facebook Activity is also monitored In addition, tracking tools like help websites and online retailers collect information about their visitors, including whether they return. whether or not you have a Facebook account. the Facebook Pixel Third parties are broadly using Facebook’s advertising and tracking technologies, which means you are now just hiding from Facebook but its “friends,” too. This new tool will not allow you to reset your relationship with Facebook; Rather, it gives you a new way to disconnect some surveillance from your Facebook account with third parties. Bonus: “People You May Know,” How Does It Work In real life, it is easy to come up with a person you may know in the natural course of conversation. For example, when you say where you are, it is not uncommon for someone to say things like, “Oh, my roommate is also from there!”. And they would tell you more details like where they live and their full name, and you may or may not recognize them, depending on how small the town is. Similarly, you may assume the friend recommendations on Facebook would work in the same way: You fill in your personal information Facebook finds out who you may know online However, Facebook does not work like that, as the dataset from their side is far beyond the scale of everyday human interactions. Often people see a familiar face pop up in the suggestions, but you have no mutual Facebook friends with that person. https://twitter.com/WillOremus/status/984109389823930368?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E984109389823930368%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=file%3A%2F%2F%2FUsers%2Fzchan%2FGoogle20Drive%2Fmedium-export%2Fposts%2F2021-04-08_Facebook-Is-Stalking-You-Even-You-re-Offline---And-How-to-Limit-It-e271456cbe23.html How did Facebook figure out this kind of information? Why do they know who your high school teacher is and who your family doctor is? What is Shadow Profile? Providing your address books is one of the first steps Facebook asks people to follow when they originally sign-up so that they can continue with “Find Friends.” (You can choose the second option, “Sign up without uploading my contacts. “) Down in the little font, below the “Get Started” button, the page states that: “Info about your contacts in your address book, including names, phone numbers, and nicknames, will be so we can suggest friends and provide and improve ads for you continuously uploaded to Facebook and others,” Behind the Facebook profile you built for yourself, a shadow profile is . The contact information you’ve never given Facebook is linked with your account, helping Facebook completely map your social connections on a massive scale. made from the contents of other Facebook users' inboxes and smartphones But most users are unaware of its extent and power. Since Shadow Profile happens inside Facebook’s algorithms, people can’t see how deep the data-mining of their lives is until a mysterious recommendation pops up. Shadow contact information has been a known feature of Facebook ! since 2013 How To Protect Yourself From Zuckerberg? 1# Web Browsers Go to the web version of IG and FB: https://www.facebook.com https://instagram.com Whenever you open FB or IG posts, use a web browser that stops trackers, like Mozilla’s and . Also, as mentioned, Safari is already blocking third-party cookies since iOS 14.5. Therefore, the next time someone sends you a link to FB or IG, open them using “Open in Browser“mode. Firefox Brave If you want to open FB and IG like an app, you can do that by using a web clip in Safari. If you prefer Brave, you can also do that by web app shortcut. 2# Ad-Blocker and DNS I would suggest going the extra mile in the browser area. One addition is the An addon called “ ” is available on Firefox and Chrome. uBlock Origin may require some initial configuration. ad-blocking extension. , uBlock Origin Some other good and easy-to-use ad or tracking-blocking extension choices for your browsers would be or . Brave has its built-in ad-blocking features called “ .” Firefox and Mozilla’s Facebook Containeaddonon prevent Facebook’s software from connecting with other sites. Ghostery EFF’s, Privacy Badger Shield In mobile apps, where tracking is common and unavoidable, the quest is harder to stop as mobile web browsers are less functional and users cannot add extensions. However, a few services, such as , and , scan app activity, and block tracker traffics, may also reduce bandwidth usage. 1.1.1.1 Disconnect’s Privacy Pro Next DNS 3# Ultimate Fix — Farewell I am and . But, of course, you can stop Facebook from stalking you from now on. So far, though, that’s not a choice most people have been willing to make. And it is doubtful but un-verifiable that your data is still sitting inside its data center, like what Pierre disclosed. saying Goodbye to Facebook and Instagram forever closing your accounts Final Words — Nothing is Free, Especially When It Comes to Meta Even though you know that the free is not accessible on Facebook, you might not realize the extent and the depth of Facebook tracking all over the internet. So anyone worried about the power of Facebook to manipulate people and shape elections should consider how it tracks us. Facebook knows full well that users are upset about its data collection policies and is trying to push out means that grant more control. Sadly, but are more about how data is used for ad personalization. Still, until recently, they just for the Messenger app and WhatsApp, with an estimated 2023 launch globally. these don’t do much about data collection started to test E2E encrypted chats The tracking stretches , into various apps you’re playing on your phone, and to the locations where you physically visit in the real world — particularly if you decide to or the WiFi requires you to check in on Facebook while you’re there. across other websites and services If you want to take advantage of its features, you must give up some of your personal information. But Facebook has ways of keeping tabs on people who aren’t even signed up for the service. In comparison, Facebook is striving to downplay the leak's gravity, judging how serious this does not lie with the company alone. Thank you for reading. May InfoSec be with you🖖. Reference: https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser#how-to-protect-yourself-as-a-user https://www.holovaty.com/writing/framebust-native-apps/

Apple

Facebook

Google

Instagram

Mashable

Mozilla

Twitter

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running.

Expert: Facebook, IG App Can Steal Secrets, and Users Can't Turn It Off!

Too Long; Didn't Read

Companies Mentioned

Zen Chan

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...