• kyub@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    Technically, everyone has a Facebook account, or at least a shadow account at Meta. Since they are one of the biggest data gatherers in the world, they gather data from all sorts of sources about people, not just from your active usage of their apps, sites and services. It’s extremely likely that they have quite a bit of data on everyone. Many proprietary mobile apps, for example, initiate connections and transfer some data to Meta or Google. Even apps that have nothing at all to do with them otherwise. Many websites do. Many applications and games do. Integrated proprietary software in various devices, e.g. smart TVs, does. Also, WhatsApp is used by I think ~30% of the world’s population now(?) and they started syncing/sharing all that data (mostly metadata but metadata is also very revealing) with Meta several years ago. Since WhatsApp also shares your whole contact / address book with Meta, they also effectively have a (mostly) full social connections graph on about a third of the world’s population, based on WhatsApp usage data alone… so overall they’ll have even more.

    Unless you’re efficiently blocking or otherwise interrupting all of those connections, on every device, or are able to really effectively use different IPs and never reveal all of the IP addresses associated with yourself, it’s likely they still have quite a bit about you. If you’re logged into a personally identifiable Google or Meta account on your phone, for example, and your phone is in your WiFi, then it’ll have the same public-facing IP address as your computers, meaning they’ll be able to enumerate all of your devices based on what they gathered on that IP address alone. It means that IP address can now always be linked to your person for Google/Meta/and so on.

    And then there’s always the possibility of the apps or websites not making your device directly connect to Meta/Google/… so it looks like only the 1st party gets your data (which always seems OK), but afterwards or in the backend it can still transmit or share the gathered data without your knowledge to those companies. This can also happen without the 1st party noticing it, because Meta and Google are often integrated in a lot of things, for example in SDKs or popular libraries. For example if you develop a mobile app using Meta’s SDK, then by default (opt-out) the resulting app will transmit various kinds of telemetry data to Meta. Unless the developer disables this consciously, which many do not know or care about, it will simply be on and active. Sometimes they also have special data sharing deals with certain companies. Google has even more ways of being included in all sorts of things, they are almost omnipresent. For example Google is doing checks whether your Android-based mobile phone is carrier-locked or not, on behalf of your carrier, not your carrier. Google also receives your (personally-identifiable) IMEI and telephone number alongside every single location request your phone is doing, even from an app that’s completely unrelated to Google. [unless your Android has configured a non-standard SUPL server, which isn’t even an option in most Androids, or you use GrapheneOS which uses a proxy SUPL server to strip that bit of personally identifiable data before redirecting it to the real SUPL server (which most likely is your provider’s, which in turn is most likely just a redirect to Google’s SUPL server in the end)]. These are just examples off the top of my head, there’s even more weird stuff happening of course.

    So it doesn’t really matter if you have active accounts at those companies, or not. They still know a lot about you and your devices, and sell that data to governments and whoever else bids the most for it. And even if they don’t know you yet (if no link to your person is currently possible for a particular data set), which is highly unlikely but may be a possibility if you’re truly careful and use different IPs all the time, they still gather all these records, and it only takes one single mistake on your end and they’ll be able to link all records they gathered from that particular IP address to your person as well. Not only that, but they could even statistically calculate that based on what you visited or what you wrote somewhere online, or even how your typing style is, that you’re likely this particular person, even if the data is still “anonymous”.

    It’s really hard and really inconvenient to escape all the data gathering, in practice the only thing you can do is minimize it. Most users don’t care at all or don’t want to deal with the extra effort and simply let everything flow out. It’s a much easier online life, but it’s also an almost fully surveilled online life.

    • OpenStars@discuss.online
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      img

      Every breath you take, every move you make, every bond you break, every step you take, I’ll be watching you…

      Can’t you see, you belong to me? My poor heart aches with every step you take!

      - The Police

      So it’s not even “our” data at all, see…? (/s, or rather in the Machiavellian sense, that so long as people with power are willing to eat “own” us, then they have that right - same as Russia owns Ukraine and Israel owns Gaza, etc.)