HackerTrans
TopNewTrendsCommentsPastAskShowJobs

simpss

no profile record

Submissions

Firefox for Android starting to share location data with third parties

42 points·by simpss·vorig jaar·9 comments

comments

simpss
·5 maanden geleden·discuss
I know for a fact at least 1 bigger US company has a bot in slack that brings up any mentions of $companyname on hackernews...
simpss
·11 maanden geleden·discuss
Most likely, it's for tracking reasons. To figure out what sections people hit more and less...

I agree with you though. It's sad that content is being reformulated for those reasons.
simpss
·12 maanden geleden·discuss
yes, that's a possibility, but we're far from server-side GA implementations and we do have an option to make a data request to figure out what companies are doing.

If they get caught lying (and that tends to happen in the end) that's another violation that is taken seriously nowadays.

For example, my e-mail server started picking up messages from [email protected]. Making it pretty clear a company did not respect my wishes to completely delete all data and user account references. They simply changed my email in the DB.
simpss
·12 maanden geleden·discuss
Sorry. They do wait and force a choice before loading the external scripts.

That's the only mechanism one can use to really be compliant as GA (and other providers) stick identifiers onto the session as soon as the script has been loaded.
simpss
·12 maanden geleden·discuss
It took a while, but is starting to work.

Many "cookie banners" have finally started to work in the EU. Once you deny PII processing many sites don't load GA etc... The time of malicious compliance is starting to pass. Some sites have figured it out and realized they really don't need personalized analytics and have replaced implementations with privacy respecting ones(ex, plausible). This lets them remove the dark-patternish banner and no additional consent is required as all data is pooled together and one persons actions truly can't be singled out.

GDPR obviously has other good effects but as PII processing through cookies is what most people know, I chose that as an example. Email tracking links & pixels are another good example.

There's also a big difference between 2018 and 2025 when discussing GDPR in work contexts and saying that implementing this or that tracking would be illegal.

It's a slow process, but it's working as intended.
simpss
·vorig jaar·discuss
As I understand, these "data safety" sections are what Google gives app owners to comply with "right to be informed". If they say "we're sharing location data with third parties for Advertising purposes" I'm believing it.

I agree that they should really be asking for consent as well, but they don't seem to be doing that. We've got no way to use legitimate location related functionality and deny advertising related usecases. Remember, consent must be specific and granular.

It'll be a while, until enforcement catches up. It's taken ~6 years for cookie banners to get a "reject" button and those are really easy to review and enforce.

It'll happen though, enforcement is just slow. GDPR is a fairly well written regulation, as far as corner cases and catching workarounds goes. So unless the laws change, enforcement will catch up eventually.
simpss
·vorig jaar·discuss
Just a few days ago, they updated their android application info and stated they're going to share location data with third parties for "Advertising or Marketing" purposes...[1]

They also removed a promise to "never sell your data" in their FAQ[2] 2 weeks ago.

[1] - https://news.ycombinator.com/item?id=43326230

[2] - https://github.com/mozilla/bedrock/commit/d459addab846d8144b...
simpss
·vorig jaar·discuss
There's a choice between first party(collected) and third party(shared). Also a list of purposes one chooses from. This could include "App functionality", "Analytics", "Account management", etc...

Two of the possible 3rd party choices are "Advertising or marketing" and "Personalization". These two have been chosen for firefox. This includes sharing data with advertising partners.

https://support.google.com/googleplay/android-developer/answ...

A change to those options is what triggered the notification. It's not a requirement for using location features.

I'd say a part of figuring out what they are doing is reading such information. Even if the code itself doesn't reflect it yet, it's usually listed in preparation.

It's also a good way to figure out the code needs to be reviewed :)
simpss
·vorig jaar·discuss
I wish that was the case.

Opening the "data safety" section another pop-up[1] comes up and the specific use-cases listed are "advertising or marketing" and "personalisation".

[1] - https://i.imgur.com/QwqiQna.jpeg
simpss
·7 jaar geleden·discuss
yes, the first example I know from the top of my head is all the sonoff stuff.

They run a popular ESP8266 chip which people reflash.

https://duckduckgo.com/?q=sonoff+reflash&t=canonical&ia=web
simpss
·7 jaar geleden·discuss
i've been following these since lenny, https://workaround.org/ispmail

pretty much a set & forget solution. He also writes a new one with all-you-need-to-know extras every time a stable release of debian comes out.