Technology

71666 readers

3317 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

Google’s Advanced Protection Arrives on Android: Should You Use It? (www.eff.org)

submitted 3 days ago by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 13 points 3 days ago (1 children)

I’ve been checking out the localhost tracking vulnerability and there’s something I can’t work out: it’s not even a terribly obscure or convoluted exploit, especially Yandex’s implementation that’s been chugging for more than 8 years over basic HTTP. It’s just a glaring sandboxing workaround that’s been exclusive to this OS for more than a decade.

No matter how many ways I look at it, I haven’t come up with a reasonable explanation for how it was ignored, by demonstrably capable engineers, unless Google itself had use for it in the first place. And that fits a pattern of selective competence in information security that they just can’t seem to quit.

In short it’s the data collection backdoors they leave themselves that defeat the otherwise top-tier security of their consumer offerings, and it’s why I’ll probably never trust anything they’ve touched until I’ve taken it apart and put it back together again.

So no, you probably shouldn’t use it. Trusting the privacy or security claims of any adtech company will always be a mistake.

[–] [email protected] 1 points 7 hours ago

I’ll probably never trust anything they’ve touched until I’ve taken it apart and put it back together again.

Me too. But the vast majority of users need guardrails, and have a different threat model. Even those that also care about privacy, if they just want a solution that comes by default, this adtech 'fake' or 'superficial' solution does provide something. And anything is more than nothing.