from the absolutely-zero-ethical-standards dept
Ah, the daily joys of living in a country that’s literally too corrupt to pass even a baseline privacy law for the internet-era.
Meta has once again been busted playing fast and loose with consumer privacy. Security researchers last week discovered that Meta and Russia’s Yandex have been embedding tracking code into millions of websites in a way that de-anonymizes visitors and abuses internet protocols, allowing them to spy on the internet behavior and browsing habits of any Android device with Meta and Yandex apps installed.
The changes have allowed both companies to link mobile browsing sessions and web cookies to user identities, de-anonymizing users’ who visit sites embedding their scripts. The sneaky modifications bypass anything vaguely resembling consumer consent, as well as standard privacy protections such as the clearing cookies, Incognito Mode or Android’s permission controls.
This is, the researchers were quick to note, a profound attack on consumer trust:
“One of the fundamental security principles that exists in the web, as well as the mobile system, is called sandboxing,” Narseo Vallina-Rodriguez, one of the researchers behind the discovery, said in an interview. “You run everything in a sandbox, and there is no interaction within different elements running on it. What this attack vector allows is to break the sandbox that exists between the mobile context and the web context. The channel that exists allowed the Android system to communicate what happens in the browser with the identity running in the mobile app.”
In a statement tries to bullshit its way around the obvious privacy abuses, pretending this was all some sort of “miscommunication” between itself and Google:
“We are in discussions with Google to address a potential miscommunication regarding the application of their policies. Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue.”
Google, for its part, was very clear in statements that Meta and Yandex were “blatantly violating our security and privacy principles,” as well the terms of service for its Play marketplace. U.S. user privacy abuses on mobile devices are rampant in the data broker era, but this takes things even further.
Meta appears to have recognized the severity of the accusations and stopped doing it, for now.
This is, again, the kind of reckless hubris you get in a country that has very clearly decided to place making money over any sort of basic consumer privacy standards. Since there’s really zero corporate or executive accountability for these kinds of behaviors (worse now that Trump-stocked courts are mindlessly defanging consumer protection and regulatory independence), this sort of thing is only going to get worse, culminating in new, even worse privacy scandals that make past concerns seem quaint.
Filed Under: android, browsing data, consumers, mark zuckerberg, privacy, security
Companies: google, meta, yandex
