Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
vineyardmike 6 hours ago

> The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes (9.5m when in background), and loads JavaScript from some guy's GitHub Pages (“lonelycpp” is acct, loads iframe viewer page).

Doesn’t seem too crazy for a generic react native app but of course coming from the official US government, it’s pretty wide open to supply chain attacks. Oh and no one should be continually giving the government their location. Pretty crazy that the official government is injecting JavaScript into web views to override the cookie banners and consent forms - it is often part of providing legal consent to the website TOS. But legal consent is not their strong suit I guess.

trimethylpurine 5 hours ago | parent [-]

Aren't the banners for EU page visitors. I don't think there is a US law about this, is there?

bsimpson 3 hours ago | parent | next [-]

Some states have them. California has a similar one "Don't Sell My Personal Information."

trimethylpurine 3 hours ago | parent [-]

I think the Supremacy Clause protects federal agencies but not sure. Also Privileges and Immunities, and Commerce clauses...

xocnad 4 hours ago | parent | prev [-]

And when the app links off to an EU site? Nothing prevents an EU user from using this app. There are a variety of Trump enthusiasts, though I suspect less than there are here in the US.

az09mugen 4 hours ago | parent | next [-]

Please don't give them ideas.

trimethylpurine 3 hours ago | parent | prev | next [-]

I think they just fine the entity doing business in the EU. If they don't do business there, I can't see any issues.

I'm not an attorney, but I don't find any cases that extend beyond that.

wincy 2 hours ago | parent [-]

Quite honestly, it’d be hilarious to see the clown car response from the White House if some EU bureaucrats tried to enforce their GDPR rules on the White House though. “Lol Make us” is the nicest response I can guess at.

subscribed 3 hours ago | parent | prev [-]

They conduct a pervasive, hidden, persistent user tracking not only without consent, looking at the analysis, but also stripping the user from a chance of declining tracking on other sites.

I'm quite sure that's illegal.

trimethylpurine 2 hours ago | parent [-]

Which federal law would be relevant here? I'm only aware of California and EU laws that might be. But, I'm fairly certain they don't apply to the US government because of several Constitutional and international laws superseding.

I'm not sure. If there is an attorney to answer that would be interesting.