Facebook today launched the "Off-Facebook-Activity"-Tab for everyone. Now you can see which companies forwarded data about your external activities to FB:
It seems to be a first step to stop GDPR fines on companies using the business tools.
But as announced it's only the summary of the data collected. If you didn't give consent on it (especially while visiting websites/apps without login), you can file a GDPR complaint against those companies. Useful nonetheless! (1/2)
Axel Voss denkt sicher auch, wenn er nur ein Auge zumacht ist er unsichtbar, aber sieht trotzdem noch alles.
(Aus dem neuen "Manifest" von Axel Voss für Europas digitale Souveräntität https://www.axel-voss-europa.de/wp-content/uploads/2020/01/AVoss-Digital-Manifesto-2020-english-1.pdf).
Twitter beendet zum 30. Januar 2020 die Funktion "Audience Insights". Vermutlich eine Reaktion auf das Urteil zu Facebook-Fanpages: Der eingebaute Analysedienst war Haupargument für den EuGH, dass eine Beteiligung des Seitenbetreibers an FBs illegalem Tracking vorliegt. #DSGVO
So testet man in Chrome/Firefox:
1. Neues Fenster, Shift-Strg-I
2. URL eingeben bzw. neu laden
3. Netzwerk-Requests durchsuchen nach "google-analytics"
4. Jeder Fund ein Treffer.
Beyond evil: This month Facebook started to scrape sites that use 'pixel' for all kinds of information. Including personal information about the visitors. People could be identified even without cookies by name or email. This affects also non FB Users. https://developers.facebook.com/docs/facebook-pixel/advanced/advanced-matching/
Seems to be currently live on booking.com and airbnb.com. Here personal information like name, email and phone number is sent to facebook during registration at airbnb.
After beeing viewed more than 100k times on twitter and mastodon, I "archieved" the tiktok story to my blog. This night it got rolled over by 30k visitors because it got #1 on hacker news. No problem for the Uberspace server. Thanks for the interest!
Bytedance told me that they use this fingerprinting to identify malicous browser behaviour. I don't believe, because the website still works if the script is blocked. Also they use Akamai's fingerprinting technology already on the server (which is another story to investigate).
They also use audio fingerprinting to identify visitors. This doesn't mean they actually use your microphone or speaker. Instead they generate a sound internally and record the bitstream, which also differs from device to device. This is what it sounds like.
One of them: Canvas Fingerprinting. They draw an image in the background using vector graphic commands. Afterwards they save the image to a rasterized PNG. This data is quite unique among different devices depending on settings and hardware.
But they also track who is watching the video. Among common trackers (Google Analytics) they use the highly controversial method of device fingerprinting to set a mostly unique hash to the cookie s_v_webid. This is done by combining typical hardware and browser characteristics.
I also checked the website which is important as all shared videos (via messenger or social media) are viewed there. The short URL e.g. vm[dot]tiktok[dot]com/9uTpDV will be resolved to a URL which contains the installation ID. Tiktok will be able to check who shared which video.
Hard to believe that this is covered by "legitimate interest" and transparency: Entered search terms are sent to Facebook.
This is my setup: I used mitmproxy to route all app traffic for analysis. See in this video how device information, usage time and watched videos are sent to Appsflyer and Facebook.
Good news for the #fediverse: The mobile API from @pixelfed (the Instagram replacement) is finally live on flagship site pixelfed.social. Apps like @Tusky or @fedilab can post fotos to your pixelfed account. A native pixelfed app will follow.
Clickbait in Print 😉
Der "Erweiterte Datenschutzmodus" ist auch so eine Trollnummer von Google:
"Privacy Enhanced Mode allows you to embed YouTube videos without using cookies that track viewing behavior."
Ok - keine Cookies. Aber dafür eine eindeutige ID im Local Storage 🙄
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!