diff options
| -rw-r--r-- | content/posts/2025-06-07-uninstall-facebook.md | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/content/posts/2025-06-07-uninstall-facebook.md b/content/posts/2025-06-07-uninstall-facebook.md new file mode 100644 index 0000000..e8a8701 --- /dev/null +++ b/content/posts/2025-06-07-uninstall-facebook.md @@ -0,0 +1,126 @@ +--- +slug: uninstall-facebook +title: "Uninstall Facebook" +date: "2025-06-07T18:08:27-04:00" +--- +You should immediately remove the Facebook and Instagram apps from your +Android devices: + +> We disclose a novel tracking method by Meta and Yandex potentially +> affecting billions of Android users. We found that native Android +> apps—including Facebook, Instagram, and several Yandex apps including +> Maps and Browser—silently listen on fixed local ports for tracking +> purposes. +> +> ... +> +> This web-to-app ID sharing method **bypasses typical privacy protections +> such as clearing cookies, Incognito Mode and Android's permission +> controls. Worse, it opens the door for potentially malicious apps +> eavesdropping on users’ web activity.** (emphasis mine) + +[Source][local mess] + +[Ars Technica][] also has [an excellent summary][]. + +In English: If you have the Facebook app or Instagram app installed on +your Android device, then Meta may have collected your identity and your +browsing history. + +This is true even if you don't have a Facebook account. It's true even +if you don't use the Facebook app. It's true even if you took steps to +hide your browsing history like clearing cookies or using a private +browser window. + +On June 3rd, Meta claimed that the code responsible had "been almost +complete removed"; this is [weasel wording][] which actually means "the +code has not been removed". + +Even if Meta actually did remove the code from their apps, there are +still several problems: + +1. Meta has an [atrocious privacy record][]. It would be foolish to + take Meta at their word and they have a strong incentive to try + this again or something similar in the future. +2. Removing code does not address the information Meta has already + collected. This information could be leaked in a data breach or + subpoenaed by law enforcement. +3. Malicious or [trojaned][] apps could listen on the same local ports + and collect the same information. The [Local Mess][] researchers + demonstrated this with a proof-of-concept app. + +Additional privacy recommendations: + +1. [Stop using Google Chrome][ditch-chrome]. I recommend [Firefox][] + with [uBlock Origin][] and some [configuration + changes][firefox-privacy]. Other folks swear by [DuckDuckGo Browser][], + but I haven't used it personally. See also: [The case for ditching + Chrome][vox-chrome]. If you really do need Chrome or Edge, then at + least install [uBlock Origin Lite][]. +2. Stop using Google Search. I recommend [DuckDuckGo][]. +3. Switch from MacOS or Windows to [Linux][]. I recommend [Ubuntu][] + for new users. I use [Debian][] personally. If you really do need + Windows, at least [disable Windows telemetry][]. +4. Switch from text messaging and WhatsApp (owned by Meta) to [Signal][]. +5. Set up [Pi-hole][] on your home network. It has an easy-to-use web + interface and can help block ads and tracking on mobile devices and + "smart" TVs. +6. Consider [Tor Browser][] or [Tails][] if the you need more protection + and are willing to accept some tradeoffs. + +Further reading: [Surveilance Self Defense][ssd] + +[local mess]: https://localmess.github.io/ + "Local Mess: Tracking method used by Facebook, Instagram, and Yandex Android apps which bypasses privacy protection." +[atrocious privacy record]: https://en.wikipedia.org/wiki/Privacy_concerns_with_Facebook + "Privacy concerns with Facebook (Wikipedia)" +[ars technica]: https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ + "Ars Technica" +[an excellent summary]: https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ + "Ars Technica: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers" +[weasel wording]: https://en.wikipedia.org/wiki/Weasel_word + "Weasel word: Word or phrase aimed at creating an impression that something specific and meaningful has been said, when in fact only a vague, ambiguous, or irrelevant claim has been communicated (Wikipedia)" +[fingerprint]: https://www.amiunique.org/fingerprint + "fingerprint" +[trojaned]: https://en.wikipedia.org/wiki/Trojan_horse_(computing) + "Trojan horse (Wikipedia)" +[firefox]: https://www.mozilla.org/en-US/firefox/new/ + "Mozilla Firefox web browser" +[ublock origin]: https://en.wikipedia.org/wiki/UBlock_Origin + "uBlock Origin ad-blocker" +[ditch-chrome]: {{< relref "posts/2023-12-02-firefox-redux.md" >}}#why-ditch-chrome + "Why Ditch Chrome?" +[brave]: https://en.wikipedia.org/wiki/Brave_(web_browser) + "Brave web browser" +[duckduckgo browser]: https://duckduckgo.com/app/ + "DuckDuckGo web browser" +[firefox-privacy]: https://cyberinsider.com/firefox-privacy/ + "Firefox Privacy Checklist" +[duckduckgo]: https://duckduckgo.com/ + "DuckDuckGo search engine" +[tor browser]: https://www.torproject.org/download/ + "Tor Browser" +[tor network]: https://www.torproject.org/ + "Tor network" +[linux]: https://en.wikipedia.org/wiki/Linux + "Linux operating system" +[debian]: https://debian.org/ + "Debian Linux" +[ubuntu]: https://ubuntu.com/ + "Ubuntu Linux" +[disable windows telemetry]: https://windowsreport.com/disable-windows-11-telemetry/ + "Disable Windows 11 telemetry" +[pi-hole]: https://en.wikipedia.org/wiki/Pi-hole + "Pi-hole" +[raspberry pi]: https://en.wikipedia.org/wiki/Raspberry_Pi + "Small single-board computer." +[signal]: https://signal.org/ + "Signal secure messenger" +[ssd]: https://ssd.eff.org/ + "Surveilance Self Defense" +[tails]: https://tails.net/ + "Tails: portable operating system that protects against surveillance and censorship" +[vox-chrome]: https://www.vox.com/technology/387375/google-chrome-antitrust-privacy-android + "The case for ditching Chrome (vox.com)" +[ublock origin lite]: https://en.wikipedia.org/wiki/UBlock_Origin#uBlock_Origin_Lite + "Manifest V3 version of uBlock Origin for Google Chrome, Microsoft Edge, and other Chromium-based browsers." |