Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track ever
More details on the linked Mastodon post
https://mastodon.social/@mysk/115204746326765802Open linkView original on piefed.zip150
Comments23
So it's another way of using a "tracking pixel" like has been done before?
Yeah, just that now it's a tracking photo
Haha that's devilishsly clever and delightfully evil.
Yes.
@DrDystopia @Blaze It's a common pattern in email. Disappointing that we still have this problem, tbh.
https://en.m.wikipedia.org/wiki/Spy/_pixel
Sure, that's why reasonable email clients don't run HTML code when opening an email.
I would be fairly surprised if they actually did this for tracking purposes. This sounds like nonsense to me. They already have plenty of information about you and they literally sent the notification.
Eh, of course they will.
If they can track it, they will track it, that is pretty much a guarantee, as data equals money. Mo data, no money.
Username checks out
What's the difference between them already knowing each push notification vs a push notification with a GET request?
Or Instagram belonging to Facebook? They already know.
Push notifications go through Apple servers.
HTTP GET request comes from the device loading the image; AFAIK though wouldn’t be a big deal if Apple’s servers loaded and cached it.
So Meta can watch for the GET requests and determine:
And derive:
For your top 3 dot points, I still don't quite understand why they wouldn't already have that information if you're using the app and they're sending push notifications anyway.
I think the point is they get to know the exact time you first see the notification. It's a massive flaw in the OS, and I believe I have read about this years ago already, so that "privacy OS" is not intending to fix this leak
I wonder if disabling the preview in the notification will stop it.
If you want to stop being addicted to Facebook or instagram, this is an effective way to do it. The web apps suck so much, it takes away all the “fun”
I was addicted to scrolling instagram and would go for hours on end, it was pretty bad. I still wanted to have access just to keep up on a couple accounts I care about but I didn’t want to be doom scrolling, so I removed the app from my home screen and replaced it with my lemmy client so anytime I would instinctively open it without thinking I’d open lemmy instead, which I find less addicting. I still doom scroll a little but not nearly as bad.
I’ll eventually be deleting all social media but there’s a couple people I only have on instagram or facebook messenger who I don’t want to lose contact with. But for anyone struggling with just auto opening an app and doom scrolling without thinking, maybe remove the icon from your home screen and replace it with something less addicting.
For a while I used the web app because it was actually better - fewer ads and consistent UI. Not anymore.
ATN
Always Turn off Notifications
I’m sure Apple will be like bugs bunny no meme
Wasn't there a trick to abuse discord image caching and cloudflare caching to allow finding the approximate location of a user using a notification?
Is this about/a problem with iOS or Android or both? The linked post only talks about iOS.
I'm surprised they can include remote requests [by consequence of remote URLs] in notifications.
Harvey Dent.
Can we trust him?