Categories
Posts

Kudos to Apple for privacy-focussed features

I have been using ProtonMail, Signal, DuckDuckGo and SimpleLogin for a fairly long time. These make up an integral part of my online presence, and I cannot go back to a time where these didn’t exist.

Without doubt, I truly enjoy and recommend using privacy-respecting products.

In a recent conference, Tim Cook committed to advancing user privacy by giving them tools to control where their data is shared. Especially in today’s world, it’s important to understand the implications of online data tracking, and it’s necessary to be informed about ways to prevent that. Apple’s recent release of an illustration explaining implications of data tracking will be a great read. While the conclusion of that report focusses on Apple-centric tools to prevent data tracking, the content of the report holds true, that companies profit by monitoring users.

At Apple, we made our choice a long time ago. We believe that ethical technology is technology that works for you. It’s technology that helps you sleep, not keeps you up. It tells you when you’ve had enough, it gives you space to create, or draw, or write or learn, not refresh just one more time. It’s technology that can fade into the background when you’re on a hike or going for a swim but is there to warn you when your heart rate spikes or help you when you’ve had a nasty fall. And with all of this, always, it’s privacy and security first, because no-one needs to trade away the rights of their users to deliver a great product.

Tim Cook at the Computers, Privacy and Data Protection conference, MacRumors

Starting with the next beta release of iOS 14, Apple will be launching a new tool called App Tracking Transparency that will enable users of apps to control sharing of data with app makers. By taking away data tracking functionality within the iOS ecosystem, Apple is definitely making a sizeable dent in businesses that primarily focus on monetizing user data, read Facebook.

An image showing Apple's new App Tracking Transparency feature
Apple’s new App Tracking Transparency feature that will be available in the next beta release of iOS 14

Open-source software like Pi-hole has existed for a while, and recently, online services like NextDNS and AdGuard have emerged that offer similar controls. I am a happy user of these products and services, but I particularly like how Apple is championing this effort.

iOS takes up 50% of the market share in the US, which is Facebook’s largest market. If Facebook is feeling threatened by Apple iOS 14’s new privacy features, we are moving in the right direction.

It’s also worth noting that WhatsApp will be sharing user data with Facebook group of companies. It’s particularly worse for those WhatsApp Business API users as their messages wouldn’t be end-to-end encrypted. Differently put, they will be visible to third-party Business Solutions Providers, including cloud-based version of the API hosted by Facebook:

Some organizations may choose to delegate management of their WhatsApp Business API endpoint to a third-party Business Solution Provider. In these instances, communication still uses the same Signal protocol encryption. However, because the WhatsApp Business API user has chosen a third party to manage their endpoint, WhatsApp does not consider these messages end-to-end encrypted. In the future, in 2021, this will also apply to businesses that choose to leverage the cloud-based version of the API hosted by Facebook.

Gizmodo – This Was WhatsApp’s Plan All Along

On the flip side, Apple is fighting back, highlighting that this will impact small businesses that depend on personalized ads for sales. Facebook also highlights that Apple’s own apps will be exempted from App Tracking Transparency, but it’s not clear if that’s true, based on Apple’s press release.

Other privacy efforts by Apple that I appreciate

In June of 2020, Apple announced support for native encrypted DNS throughout the device. This is a big deal for users like me that have a NextDNS subscription.

In iOS 14 and iPad OS 14, Apple also launched a new App Store functionality, called the privacy nutrition labels. It gives users a quick overview of the apps’ privacy practices — as in, what level of data is obtained by the app, what these details are used for, and also outlines how they may be linked to an individual. Apple’s own apps, like Apple Music, are required to show these labels; they are not exempted.

An image showing the new privacy nutrition labels feature on the Apple App Store
An image showing the new privacy nutrition labels feature on the Apple App Store

If you are not aware, the messaging app Signal collects only your mobile number. It doesn’t link that mobile number to your identity either! If you are a WhatsApp or Telegram user, it’s time to consider switching to Signal.

An image highlighting the data that the messaging app Signal may collect and link to your identity
Signal’s privacy nutrition labels on the App Store

I am keen on seeing where things head from here!

Categories
More links

NextDNS blocks Facebook and WhatsApp requests

I love it when NextDNS actively blocks these Facebook requests. ๐Ÿ‘Š๐Ÿฝ

Categories
More links

Brian Acton’s history with Facebook and Signal

Great thread on how Brian Acton, co-founder of WhatsApp, left Facebook post acquisition. He gave up 850 million dollars along the way, and invested 50 million in Signal, a non-profit.

Signal is a no-brainer. ๐Ÿ™‚

Categories
Posts

Signal

I don’t have a WhatsApp (and Facebook) account, but I did hear about their terms change — users are required to accept to the new policies wherein WhatsApp data can now be shared with Facebook. As I understand, this does not impact the e2e (end-to-end encrypted) messages aspect of WhatsApp. It’s based on the Signal protocol and messages will continue to remain as private as possible.

Related Hacker News thread: WhatsApp gives users an ultimatum: Share data with Facebook or stop using app.

What’s changing this time though, or better said, what’s made more explicit is that, other aspects of WhatsApp usage may now be shared with Facebook. Paul’s article here particular covers what’s changing in detail, and also backs up with relevant sources:

In practice, this means that WhatsApp shares a lot of intel with Facebook, including account information like your phone number, logs of how long and how often you use WhatsApp, information about how you interact with other users, device identifiers, and other device details like IP address, operating system, browser details, battery health information, app version, mobile network, language and time zone. Transaction and payment data, cookies, and location information are also all fair game to share with Facebook depending on the permissions you grant WhatsApp in the first place.

As I understood from a few other Hacker News and media articles, WhatsApp made another drive-by change: Removed text about not having access to private keys. This comment in particular highlights that an user’s opt-in for WhatsApp business account delegates access to Facebook, which as a vendor of WhatsApp Business API.

To most, this sharing of access may not matter, but I feel differently. Especially in a world where better, privacy-focussed options, like Signal and Telegram (only via secret chats) are available, it’s a no-brainer to consider these options. Mohan has covered some privacy-respective messenger app alternatives that you may like to read.

I have been a Signal user for many years, but have truly stood by it in the last year or so.

I am very pleased with their growth, especially in India, and I am pleased that most of my friends and family are moving over as well. If you haven’t moved yet, you may consider doing so today. We may as well read Brian Acton, Elon Musk and Edward Snowden’s work/tweets as an endorsement. It’s particularly interesting to know that WhatsApp co-founder (Brian Acton) left Facebook post acquisition, to infuse 50 million dollars in Signal.

Signal is a non-profit company, free, publishes their client-side and server-side code in the open, and promises unexpected focus on privacy. It’s among the very few apps (the only other platform that I know of is Matrix, but it’s riddled with bugs) in the market that offer synchronized, end-to-end encrypted messaging.

With their focus being on privacy, it’s natural that they are not able to offer advanced features like Telegram bots, and that’s okay.

I see that as a decent tradeoff.

Categories
More posts

Limiting Facebook and Google activities to specific Firefox containers

Mozilla Firefox’s one of the best features is the ability to use multiple logins on a specific website at the time, using the Multi-account containers feature. This feature is available as an extension for Firefox on the desktop, since Firefox 57.0, Firefox Quantum.
Cookies are contained with the color-coded tabs on the same browser session, allowing one to use multiple logins of a particular website at the same time. You can learn more on how this feature works here.

I recently came across two plugins that takes this feature even further, making it very useful. Meet Facebook container and Google container.
The Facebook container is made by Mozilla, while the Google container is a fork by another developer.
When you activate these extensions on your Firefox browser, your Facebook and Google cookies are deleted. The next time you visit Google or Facebook, the respective content will open on a tab that is contained within this container.

A Facebook link contained within the Facebook container on Firefox Quantum

This means, Facebook and Google will no longer will able to read your activities on other websites. You can safely contain to browser other websites that you need, as usual, and these tabs will open on your regular container.

Only Facebook and Google sites will load on their specific containers.
Something even better is that, these extensions do not necessarily apply only to facebook.com and google.com domains.

I read the code a bit, and it looks like most Facebook-owned domains are listed which includes WhatsApp and Instagram.

Likewise blogspot domains are contained within the Google container.
It should be possible that you can extend this code to other domains that Facebook and Google own as well, or fork the original Mozilla code for Facebook container and write your extension.

Categories
More posts

Facebook is limiting link customization ability, Here's what you should know

Facebook is reportedly dropping support for customizing link previews you don’t own. Going forward, you will have to verify your domains on Facebook Business Manager to be able to customize a link’s title, meta description or image when you sharing the link to Facebook.
Facebook is doing this to prevent misuse of link customization for domains you don’t own. This effect goes live from Dec 18, and this blog post has detailed description on what you should do to verify your domain.
If you are a website owner, publisher or a webmaster in general, you should read that post and act on it as soon as possible.