Is Facebook Spying on you? yes, just not how you might Think.

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
Hi all,

I read this recent article, and decided to check my settings, and ad settings in particular. What I found was shocking! Even though I use a wrapper app (Tinfoilhat for facebook )
Facebook still had a boatload of access to my device, which I never granted, they just took the liberty of turning on all this access by default.
Facebook might not be using your microphone to spy, but they certainly are in multitudes of other ways. I suggest you do a thorough review of ALL your settings ASAP!

Here are some suggestions from the article:
How to Limit Facebook’s Access

Reply All compiled some steps Facebook’s users can take to minimize its access. Here are the best, and easiest:

Go to your Facebook ad preferences page. Toggle everything to “off” or “no” to limit how Facebook customizes ads. (If you go through the entire “Your interests” section, this might take several minutes.)
Install an ad blocker. On your computer, try Adblock Plus or uBlock. On your phone, try 1Blocker or Purify on iOS and Adblock Browser on Android. These can’t block content on the Facebook app, but they can block Facebook’s trackers on your usual mobile browser.
Install Facebook Disconnect (for Chrome or for Firefox), which stops Facebook from watching what you do on other websites.
If you’re paranoid about Facebook’s app hijacking your microphone and camera in iOS or Android, revoke access.
 
D

Deleted member 65228

It isn't unknown, and nothing is there to prevent someone from finding this is the case. When you install applications on Android at least, you get a list of permissions it will require and by continuing to install the application, you grant consent for these permissions. Based on the permissions the application will be able to perform more operations on the device. I am not sure about how it works for iOS.

All major companies such as Facebook, Twitter, Google, Yahoo, Microsoft... Spy on you. Look into their privacy policies for services.

This is why a lot of people here tend not to use services like Facebook and even search with DuckDuckGo maybe as opposed to Google.
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
It isn't unknown, and nothing is there to prevent someone from finding this is the case. When you install applications on Android at least, you get a list of permissions it will require and by continuing to install the application, you grant consent for these permissions. Based on the permissions the application will be able to perform more operations on the device. I am not sure about how it works for iOS.

All major companies such as Facebook, Twitter, Google, Yahoo, Microsoft... Spy on you. Look into their privacy policies for services.

This is why a lot of people here tend not to use services like Facebook and even search with DuckDuckGo maybe as opposed to Google.

No, no, no! I'm not talking about device settings per app. I'm talking about Account Settings, that you access from facebook menu either on mobile or desktop. The multitude of settings inside your account settings is what most people forget to review, let alone adjust. There are multiple layers to these settings. These are the ones facebook grants themselves by default, to monitor your activities across the board.
 

Attachments

  • Screenshot_20171111-150706.png
    Screenshot_20171111-150706.png
    224.5 KB · Views: 335
  • Screenshot_20171111-150645.png
    Screenshot_20171111-150645.png
    199.9 KB · Views: 377

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
It isn't unknown, and nothing is there to prevent someone from finding this is the case. When you install applications on Android at least, you get a list of permissions it will require and by continuing to install the application, you grant consent for these permissions. Based on the permissions the application will be able to perform more operations on the device. I am not sure about how it works for iOS.

All major companies such as Facebook, Twitter, Google, Yahoo, Microsoft... Spy on you. Look into their privacy policies for services.

This is why a lot of people here tend not to use services like Facebook and even search with DuckDuckGo maybe as opposed to Google.
It's better not to use DDG if you value your privacy

DuckDuckGo: Illusion of Privacy • r/privacy
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
A valid alternative is SearX,

GitHub - asciimoo/searx: Privacy-respecting metasearch engine

I use one of their instances, as default homepage, with this browser:

Privacy Browser – Stoutner

On Android.

I use also DuckDuckGo on Firefox Nightly on Android.

I too use Searx on Firefox browsers. And a few others, like DDG at times. Thanks for the infographic above. I use Blokada on Android. Development has really improved it over the last year, and that catches everything globally on my device. Obviously I use several other privacy tools in and outside my browsers. But, it was in the facebook account settings, especially the ads settings, that I realized I'd been lax in my privacy on an account I only use sparingly, for a couple groups, and the occasional comments on some websites that use Facebook system instead of Disqus say, or WordPress.
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
Considers deleting his facebook account

Well, that's one way if thwarting them! But, unfortunately, facebook is ubiquitous, meaning, occasionally, I have need to use some of their services. Like I recommend, explore every setting in your account, and delete, remove, turn off everything that personally bothers you.

These tech giants are forever trying to complicate, obscure, or trick users, and unless you stay vigilant, they can, and do get over on us. With every update, there is always the chance they will change things like settings. For instance, I know I had Google turned off for relevant ads, but when I looked recently, Lowe and behold, it was turned back on! And worse, I don't know when or how that occurred, but I suspect, when I was updated to Nougat 7.0, that's what changed it. Or, more likely, I had reset all app preferences/permissions just after updating, which means, Google default is relevant ads.

I do sympathize, as I've considered doing similarly with all the tech giants, more than once I can tell you.
 

Danielx64

Level 10
Verified
Well-known
Mar 24, 2017
481
Im more worried about the vpns companies, they can take our sessions logins (user&passwords), our emails and networks conversations, all of this while we've in use their ip's tunnel sometime, the first time that you doing a logged with those IP'S in facebook always asks if you're really you who is in that country when you have a new unknown ip, then you confirm that !yes! you are that person in the section: security questions, then facebook saves the ip of the vpn in white list, so as not to ask you next time when you connect, another person working on the vpn company, agent, robot, can use the same ip and take your identity having your credentials losing any hope until our start a study to recover and improve connectivity security..
although now, there is anti-theft methods using face recognition, voice and fingerprint to prevent fraud. but for me that would be worse, is giving away what little humanity we have left as people, to that social network.
Well if I ever need to use a VPN I would create my own and be done with it.
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
It's better not to use DDG if you value your privacy

DuckDuckGo: Illusion of Privacy • r/privacy

Hi,

I read the article, which BTW, is from 2013, and the comments, which stressed that DDG is better than most search engines for privacy, but, Like all Others, can not explicitly state they are invulnerable to NSA spying, or ant other government snoops. That was the author's main gripe. So, Start Page, Searx, and more, are just as beholden to government orders, secret or otherwise, and can't categorically state that they are. You should read through comments, as the CEO responded, and the author too, responded to him.
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
Im more worried about the vpns companies, they can take our sessions logins (user&passwords), our emails and networks conversations, all of this while we've in use their ip's tunnel sometime, the first time that you doing a logged with those IP'S in facebook always asks if you're really you who is in that country when you have a new unknown ip, then you confirm that !yes! you are that person in the section: security questions, then facebook saves the ip of the vpn in white list, so as not to ask you next time when you connect, another person working on the vpn company, agent, robot, can use the same ip and take your identity having your credentials losing any hope until our start a study to recover and improve connectivity security..
although now, there is anti-theft methods using face recognition, voice and fingerprint to prevent fraud. but for me that would be worse, is giving away what little humanity we have left as people, to that social network.

Hi there,

You make some valid points, and if you are concerned enough, then use Tor, and on Android there is , Orbot & Orfox browser. Facebook is set up to allows Tor users to connect, and your exit node, will be different each time you do connect. You should read up on these options, because, not every social media allows people on Tor.

Here are a couple links to get you started.
Facebook users get support for safe browsing with Tor on Androids

One Million Access Facebook Over Tor
 
Last edited:
  • Like
Reactions: Prorootect
F

ForgottenSeer 58943

A valid alternative is SearX,

GitHub - asciimoo/searx: Privacy-respecting metasearch engine

I use one of their instances, as default homepage, with this browser:

Privacy Browser – Stoutner

On Android.

I use also DuckDuckGo on Firefox Nightly on Android.

This man knows his biz. Firefox Focus is nice as well.

Go to the SEARX list, ping all of the entries and find the one with a lowest ping to you and switch your search to that. I really miss Scroogle by now, but SearX is the closest thing to Scroogle. I've been meaning to have my own local SearX setup at the COLO here, but I need to hire someone to do it for me as I am not into the whole Apache thing.
 

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
Well if I ever need to use a VPN I would create my own and be done with it.

Hi,

You might check out ProtonVPN: Secure and Free VPN service for protecting your privacy as they have a free basic account which is perfect for using any public Wi-Fi. They also have an email Service with free basic account. At https://Protomail.com which was first developed a few years ago. They are located in Switzerland, with some of the best protections for privacy and security.
 
  • Like
Reactions: Prorootect
F

ForgottenSeer 58943

Hi,

You might check out ProtonVPN: Secure and Free VPN service for protecting your privacy as they have a free basic account which is perfect for using any public Wi-Fi. They also have an email Service with free basic account. At https://Protomail.com which was first developed a few years ago. They are located in Switzerland, with some of the best protections for privacy and security.

Here's my problem with Proton.. A couple years ago they were possibly a victim of a large scale intelligence honeypot. They came under sustained DDOS attack and an Israeli Intelligence(Unit8200) stacked firm stepped up to offer free/low cost DDOS protection for all of their services. (Radware) The problem is, Radware can't be trusted IMO and has been been implicated in spying, riskware propogation and intelligence assistance. Radware -> Radyoos -> behind the Jolly Wallet. Radware CEO = Unit8200 Agent, also behind state sponsored spying and offensive cyberwarfare, including against civilians.

These Ex-Israeli Surveillance Agents Hijack Your Browser To Profit From Ads

Sorry. No way in hell I am using ANYTHING associated with Radware at any level. That includes Proton's entire suite of products/services/apps. Yes yes.. I know Proton guys blog about this connection, it still doesn't matter - their traffic DDOS protection is Unit8200.. End of story.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
A valid alternative is SearX,

GitHub - asciimoo/searx: Privacy-respecting metasearch engine

I use one of their instances, as default homepage, with this browser:

Privacy Browser – Stoutner

On Android.

I use also DuckDuckGo on Firefox Nightly on Android.

Thanks lowdetection!

I don't have facebook account or twitter account ... never. Read mode here!

I use searx.me: searx.me - and Qwant Web - The search engine that respects your privacy: Qwant

'Qwant ensures that your privacy is protected, and this is the cornerstone of our philosophy. We don’t use any cookie nor any tracking device that may allow us to track your browsing habits or to establish your profile. You are of course entitled to the rights provided by law (in particular the European legal framework and the French law...)
... but we also forbid ourselves from collecting an important amount of data that others collect, which are useless to provide you with the services you need. We never try to find out who you are or what you are personally doing when you use our search engine. When we do need to collect data, we do not disclose nor sell it for commercial or other uses. We use it exclusively to provide you with the services offered by Qwant.
This Privacy Policy is aimed at explaining in further details our ethical approach towards personal data...'
- read more about the Qwant Privacy policy: Data Privacy Policy - About Qwant

I use more search engines... eg Google anonymoused: Google [Anonymoused]
- you're able to change this address at the end of this anonymoused link to google.com or another search engine, if you wish...
 
Last edited:
  • Like
Reactions: frogboy and oneeye

oneeye

Level 4
Thread author
Verified
Jul 14, 2014
174
Here's my problem with Proton.. A couple years ago they were possibly a victim of a large scale intelligence honeypot. They came under sustained DDOS attack and an Israeli Intelligence(Unit8200) stacked firm stepped up to offer free/low cost DDOS protection for all of their services. (Radware) The problem is, Radware can't be trusted IMO and has been been implicated in spying, riskware propogation and intelligence assistance. Radware -> Radyoos -> behind the Jolly Wallet. Radware CEO = Unit8200 Agent, also behind state sponsored spying and offensive cyberwarfare, including against civilians.

These Ex-Israeli Surveillance Agents Hijack Your Browser To Profit From Ads

Sorry. No way in hell I am using ANYTHING associated with Radware at any level. That includes Proton's entire suite of products/services/apps. Yes yes.. I know Proton guys blog about this connection, it still doesn't matter - their traffic DDOS protection is Unit8200.. End of story.

Hi, and thanks for the information. But to be fair, here is that Protonmail/vpn blog you mentioned.
ProtonMail, Israel, and Radware relationship - ProtonMail Support
As you should know, having read it I assume, Protons DDoS provider only operates when Proton is under attack. Secondly, Radware can only see encrypted packets as they fly by. And those servers are in Germany, with Protons in Switzerland.

Because Proton worked to ensure that users information was secure from ANY eavesdropping by Radware, or anyone else. So, after having read many articles, both pro & con, I'm inclined to believe Protons version, instead of conspiracy "Theory" and that's what it is. Which of course, was spread by others, copy & pasting their way through the internet. At least they don't use Cloudflare.

So, with that said, there are many options to choose from these days, and as with all software/hardware, it boils down to who do you trust. And lastly, Proton is now completely open source, which in my opinion, gives even more weight to their explanation on their blog.
 
  • Like
Reactions: Prorootect

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Hi,

I read the article, which BTW, is from 2013, and the comments, which stressed that DDG is better than most search engines for privacy, but, Like all Others, can not explicitly state they are invulnerable to NSA spying, or ant other government snoops. That was the author's main gripe. So, Start Page, Searx, and more, are just as beholden to government orders, secret or otherwise, and can't categorically state that they are. You should read through comments, as the CEO responded, and the author too, responded to him.
Yes, I have read through many posts at reddit regarding DDG and Startpage. Both are not privacy-focused search engines despite what their CEOs said.

It's as good as saying Apple, MS, FB, Google etc are not part of the PRISM program like what their CEOs said. You believe?

Using FOSS search engines is better

:)
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Thanks lowdetection!

I don't have facebook account or twitter account ... never. Read mode here!

I use searx.me: searx.me - and Qwant Web - The search engine that respects your privacy: Qwant

'Qwant ensures that your privacy is protected, and this is the cornerstone of our philosophy. We don’t use any cookie nor any tracking device that may allow us to track your browsing habits or to establish your profile. You are of course entitled to the rights provided by law (in particular the European legal framework and the French law...)
... but we also forbid ourselves from collecting an important amount of data that others collect, which are useless to provide you with the services you need. We never try to find out who you are or what you are personally doing when you use our search engine. When we do need to collect data, we do not disclose nor sell it for commercial or other uses. We use it exclusively to provide you with the services offered by Qwant.
This Privacy Policy is aimed at explaining in further details our ethical approach towards personal data...'
- read more about the Qwant Privacy policy: Data Privacy Policy - About Qwant

I use more search engines... eg Google anonymoused: Google [Anonymoused]
- you're able to change this address at the end of this anonymoused link to google.com or another search engine, if you wish...
Have you read these and more at reddit on Qwant?

Qwant Trustworthiness? • r/privacy

Delete Qwant. • r/privacytoolsIO

Qwant the privacy friendly search engine is gaining users • r/privacy

:rolleyes:
 
  • Like
Reactions: Prorootect

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top