Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Baptiste Robert Profile picture
@fs0c131y
Jan 14 13 tweets 4 min read Read on X
Scrolly
Worried about a TikTok ban? Americans are now flocking to Xiaohongshu (REDnote), another Chinese app.

Spoiler: Yes, it tracks its users.

Time to dive in! ⬇️ Image
When creating an account, you must verify your phone number by entering a code received via SMS.

The request sent to Xiaohongshu's server includes your phone number (of course), along with your IDFA and IDFV. Image
Image
What’s an IDFA? The Identifier for Advertisers (IDFA) is a unique device ID assigned by Apple to every iOS device.

Many actors, like data brokers, use it to profile you, track your location, and more.

When the user is activated, both the IDFA and IDFV are sent again.

Because why send it once when you can send it twice, right? Image
Nearly every request sent to Xiaohongshu's servers includes the Xy-Common-Params header, which contains:
- Device ID
- Device Fingerprint
- Device Model
- Language
- Platform
- Teenager Status
- Timezone
- And more... Image
During the process, your device information is also sent to Xiaohongshu's servers, enabling them to fingerprint your device.

This request includes:
- RAM size
- Boot time
- IP
- Carrier
- Country
- OS version
- HW model
- Timezone
- Language
- IDFA (yes, again!)
- Disk size Image
Spending just 10 minutes on Xiaohongshu is enough to conclude that this app tracks user behavior and sends device information to its servers.

Where is the information sent aka where are the server located?

They use Tencent Cloud CDN, which makes sense for a Chinese app. Image
Spoiler: User tracking is widespread across apps, no matter their origin.

It threatens privacy and can pose national security risks.

The Gravy leak shows the dangers of centralizing massive amounts of data.

Why is my IDFA all zeros in the screenshots?

Because I disabled "Personalized Ads" in iOS. Image
This entire thread focuses on iOS, but it applies equally to Android. The Android equivalent of IDFA is called AAID.
Technical note: If you want to give it a look, hooking this class is a good start Image
Four years ago, I analyzed the data TikTok was transmitting, wrote a series of articles about it, and ultimately found myself testifying before a U.S. congressional committee.

baptisterobert.com/posts/tiktok-l…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Baptiste Robert

Baptiste Robert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @fs0c131y

Baptiste Robert Profile picture
Jan 10
Only one country was represented at Kim Jong Un's New Year's Eve party. Can you guess which one?

At the Rungrado Stadium, Kim hosted a grand celebration. Before the fireworks, officials enjoyed a private party near the stadium

One attendee's face stood out 🕵️‍♂️

It’s OSINT time!
South Korean media focused on a 2-second clip of Kim Yo Jong, Kim Jong Un's sister, seen publicly with what seemed to be her children for the first time.

But they missed something important 👀
I came across the official video of the private party before the celebration. It shows key figures stepping out of their cars, mingling, and chatting around tables.

Something immediately caught my eye. Do you see it too?
Read 17 tweets
Baptiste Robert Profile picture
Jan 8
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.

They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.

It's OSINT time! 👇 Image
The samples include tens of millions of location data points worldwide.

They cover sensitive locations like the White House, Kremlin, Vatican, military bases, and more.

Time to dig in! Image
Image
Image
Visualizing such a massive amount of location data is no easy task.

Google Earth Pro crashed at 500k location points, and our OSINT platform hit its limit at 1.5 million. Even if it is "just" a sample, rendering the entire dataset at once is a real challenge. Image
Read 27 tweets
Baptiste Robert Profile picture
Dec 28, 2024
5 days ago, an Instagram account shared a video from North Korea with the caption: "A brave tourist secretly captures restricted views of downtown North Korea"

Can we geolocate this footage?

It's GEOINT time!
I paused the video to screenshot this pink building. A quick Google Lens search reveals two matching photos of the location:
- alamyimages.fr/un-agent-de-po…
- flickr.com/photos/tobeyfo… Image
Image
Image
Image
The second link includes a street name and points to this location: 39.00493900995318, 125.73642620392643. Image
Image
Read 11 tweets
Baptiste Robert Profile picture
Dec 23, 2024
On Friday, December 20, 2024, the U.S. DOJ charged Rostislav Panev, a dual Russian-Israeli national, as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S.

It's OSINT time! Image
You know the drill: with predictasearch.com and predictagraph.com, I traced and mapped Rostislav Panev's complete digital footprint.

Explore the graph here: predictagraph.com/graph/snapshot… Image
First things first, here’s the official information available:
- DOJ Press Release: justice.gov/opa/pr/united-…
- Superseding Complaint: justice.gov/opa/media/1381… Image
Image
Read 14 tweets
Baptiste Robert Profile picture
Oct 31, 2024
Two days ago, @TheJusticeDept announced an international disruption effort against the current version of RedLine Infostealer.

It's #OSINT time!
In the redacted complaint, Maxim Rudometov is identified as one of the developers of RedLine: justice.gov/usao-wdtx/medi…

Using Predicta Graph and #OSINT techniques, I’ve retraced each step taken by the @FBI. For full details, check out the complete graph!

predictagraph.com/graph/snapshot… Image
On March 4, 2020, a blogger named Foxovsky published a post on RedLine and its creators .

In his post, he mentioned two usernames connected to the stealer: Dendimirror and Alinchokweb.archive.org/web/2020031104…Image
Read 21 tweets
Baptiste Robert Profile picture
Oct 16, 2024
Today, the famous hacker known as USDoD was arrested by the Brazilian police.

The FBI had a way to find his identity and home address since at least June 2022. I will show you how.

It's OSINT time! ⬇️
Let’s recap: On August 23, USDoD was doxxed by Crowdstrike.

Along with the @PredictaLabOff team and using predictagraph.com, we discovered two different OSINT methods to uncover USDoD’s real identity.

x.com/fs0c131y/statu…
@PredictaLabOff Let's go!

In his Twitter bio, the @equationcorp account had a link to a contact.txt file hosted on his website. One version of this file included his BF account. Image
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(