yeah.
I'm spending the entire day today finding every single issue ever reported with fb messenger and how its not private.
because you are the straw that broke the camels back on this particular logical fallacy train.
medium.com/@matthewkeys/a…
I remember having to go manually update them often
and others made by infosec folks on twitter would happen once every several months, telling people "fb did it again, we gotta go back and change shit back".
saying "users had to opt in" is bullshit. history says so clearly.
private chats are "scanned".
say what you will about the intention here, but every single SRE in the back there (yes I see you too) is going BUT LOGS! ALL THOSE LOGS GO TO A HADOOP CLUSTER.
why yes. yes they do. and theyre usually plaintext.
yeah thats not better.
ask me about the redis research I was doing back in 2012 when I found THOUSANDS of open redis nodes on the internet, several with fb auth cookies.
techcrunch.com/2018/09/27/yes…
then there was this. There's literally no way to paint this in a good light.
facebook asks you for your phone number, pressuring you into using 2fa "for security", then sells your phone number to advertisers.
so at some point, fb starts pushing their messaging app. hard. like very hard. like you cant use messages in fb anymore, it forces you to install the app..
and this is why.
having a separate app allows them a FUCKTON more attack surface on both platforms for straight up collection. forcing calls and texts to go through THEM so that they can read/scrape/analyze THOSE for more advertisers.
except to pull keywords out to sell to advertisers.
(honestly this is what people should have expected for not reading the EULA and just blindly agreeing to everything for the sake of convenience)
so they sued: engadget.com/2018/03/28/fac…
bgr.com/2016/06/30/fac…
"security researcher was able to fetch links out of private chats"
WELP.
RYAN.
YOU TELL ME, RYAN.
qz.com/697923/heres-h…
settings, that again, facebook has a history of "auto opting you in for", this time involving just straight up turning on your mic. and listening to you.
Please. Explain it to me slowly. I want you to extract as much joy as you can by being condescending to me.
Tell me how turning on the mic is ok
Those people. They're ostensibly "the problem".
it is possible to condemn some people in an org and not others who had no say.
That being the case, from a security and privacy standpoint, the safest, easiest thing to do is "just uninstall the apps from your phone".
but i mean, we could continue to argue about it, right Ryan?
I'll put this on pause for now, and come back later. I'd like to spend some time scouting for some very choice findings, since the ones I've presented thus far you have dismissed as bogus.