• 0 Posts
  • 24 Comments
Joined 9 months ago
cake
Cake day: January 26th, 2024

help-circle



  • Well, WhatsApp is owned by Facebook. They are a large player, so they are under a bunch of scrutiny.

    But at the end of the day, WhatsApp clearly states it takes all this information. They only claim to keep your messages end-to-end encrypted.

    I wonder if this applies to text messages only, or to things like voice memos, images/videos, gifs, etc. as well.

    WhatsApp doesn’t let you send documents if you don’t give it full access to your files. Sure, maybe they pinky-promise don’t do anything but this is Facebook we’re talking about.

    The same caveat goes for photos and videos - you can’t even send a photo if you don’t give it the camera permission and gallery access, something it clearly doesn’t need just to send a single picture.

    Additionally, WhatsApp loads previews of websites. Sure, on the privacy violations list that’s pretty low-priority but I’d still like to not have a link contacted before I can take my 3 seconds to look at it and decide wether it’s worth clicking. Especially since a lot of my contacts send obvious scams (“send this message to 10 contacts for a chance to win a free iPhone” type bullshit mostly).

    Revoking WhatsApp’s contacts permission will not show peoples’ nicknames - it will only ahow numbers. Yet you have to give yourself a nickname on WhatsApp, so they clearly have some interest in your contacts. Otherwise they wouldn’t block it outright when it’s an already implemented feature to show nicknames for numbers not in the contact list.

    All quite suspicious if you ask me. Although I don’t work in cyber security so it’s clearly just incoherent rambing from me.



  • Depends. According to the GDPR for any processing of PII you need consent from the data subject or a reasonable basis why you have to act upon the data (your servers communicating with an IP adress is neccesary for your service to function). Saving the adress isn’t, so you need consent or other legislation under which you’re required to store it that trumps the GDPR. That’s the so-called “overriding legitimate interest”. It doesn’t mean “interest = money”, “data = money” therefore “data retention = overruling legitimate interest”.

    Keeping leaked data or scraping it from public sources is still problematic since you do nees consent.

    If you’re approached as a 3rd party by someone with data who sells them to you you are obliged to make sure the data you’re given has been aquired with consent. Often times checks aren’t in place, and ultimately, if you’re given “bad data” by the intermediary you cab always claim they kenw they should’ve notified you but didn’t.

    If you’re scraping leaks, well, there’s no one between you and the data subject who can take the fall. You’ve knowingly collected “bad data” unilaterally.







  • Google has its own browser, its own search engine, and provides a somewhat easy method to access the majority of the Internet and does it well.

    The problem isn’t that it does it well, it’s that it did it well and it doesn’t anymore.

    They dominate the market and can afford to make the search AI-inflated bullshit without any revenue losses.

    Another part of the problem is the integration. Some google websites are rendered inoperable on Firefox, while others are made to have a worse experience.

    A third part is giving its services preferential treatment onstead of having thekr algorithm be unbiased towards in-house services.

    Edit:

    Once upon a time the best browser game in town was Internet explorer. Similar stuff happened (actually even less blatant then Google). Microsoft basically controlled Web standards. The biggest sin they did was bundle IE with Windows, at least according to the US suit.


  • I’d look at it in regarda whether or not Google can get your data (or more somply), do you volountarily connect to Google’s servers: if not (Piped/VPN) I’d count that as being degoogled. If yes (Invidious etc.) you’re still getting the video from Google servers (albeit without ads) but Google still gets their grubby hands on some info about you. By ‘volountary’ I mean if you block connections to Google with e.g. Noscript and keep google enabled (be it tag manager, gstatic, fonts or user-facing services like Youtube). If you have to enable gstatic or tag manager on a few sites because they’re broken, I’d say that’s involountary since it’s not your reliance on Google showing as much as it’s the developers’.

    Being 100% disconnected from Google servers is outright impossible these days.




  • Yeah. Also, it’s the difference between ads (a very obnoxious thing for 99% of users) and something potentially genuinely useful for a good portion of users like the sign in - I assume the popup isn’t there to annoy us Lemmy users, a large percentage of whom I assume use uBlock Origin and find it annoying, but rather for the ~2-5% of users who wouldn’t bother creating an account but don’t mind signing in with Google due to the convenience (and wouldn’t do so on the signin page). And eveb for us who find it annoying, it isn’t like ads where you’re not supposed to be able to get rid of the popup or the popup being a constant PITA