Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
everdrive 2 days ago

Don't use apps. It's a simple as that. 95% of the time they are not worth the incredible privacy invasion they impose on users.

amarcheschi 2 days ago | parent | next [-]

Mozilla did a comparison between period tracking apps and there are some that should respect user's privacy

https://www.mozillafoundation.org/en/privacynotincluded/cate...

zahlman 2 days ago | parent | prev | next [-]

Even beyond that, I expect software developers to prove to me that an Internet connection is necessary for whatever it is they're trying to do.

bell-cot 2 days ago | parent | prev | next [-]

True. Unfortunately, users are all humans - with miserably predictable response patterns to "Look at this Free New Shiny Thing you could have!" pitches, and the ruthless business models behind them.

setsewerd 2 days ago | parent | prev | next [-]

Pardon my ignorance, but can't you just solve this by disabling location permissions, etc for a given app?

everdrive 2 days ago | parent | next [-]

You can -- the real problem here is that each app could violate your privacy in different ways. Unless you break TLS and inspect all the traffic coming from an app (and, do this over time since the reality of what data is sent will change over time) then you don't really know what your apps are stealing from you. For sure, many apps are quite egregious in this regard while some are legitimately benign. But, do you as a user have a real way to know this authoritatively, and to keep up with changes in the ecosystem? My argument would be that even security researchers don't have time to really do a thorough job here, and users are forced to err on the side of caution.

throwaway290 2 days ago | parent | prev [-]

What they do then is create an app where location is necessary, make that app spin up a localhost server, then add js to facebook and every site with a like button to phone that localhost and basically deanon everyone.

cnity 2 days ago | parent [-]

How could this possibly work without port forwarding?

mzajc 2 days ago | parent | next [-]

2 months ago: https://news.ycombinator.com/item?id=44169115.

Of course Facebook's JS won't add itself to websites, so half of the blame goes to webmasters willingly sending malware to browsers.

throwaway290 2 days ago | parent | prev [-]

It happens on the same device. No forwarding necessary. And it was documented to happen, the story was on HN

fHr 2 days ago | parent | prev | next [-]

The sad truth

dr-detroit 2 days ago | parent | prev [-]

[dead]