"Local Mess" - How Meta and Yandex used to spy on Internet users

In case you need arguments to convince friends, family or colleagues that there is something going wrong with the IT tools many of us are used to use, I suggest to share the following article(s) with them. It shows the outrageous misbehavior of well-known multinational companies spying on their users.
Personally, I hope that - at least in European Union - this becomes a showcase applying the General Data Protection Regulation (GDPR). This legal framework allows penalties of up to 4 percent of a company’s global annual turnover.

• EN: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica
• EN: An Android loophole could have let your apps spy on your browsing - Android Authority
• FR: Désanonymisation forcée : comment Meta et Yandex ont exploité une faiblesse Android pour relier votre historique web à votre vraie identité
• DE: Fiese Schnüffelei: Meta und Yandex spionierten Nutzer ihrer Android-Apps aus | heise online

Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online services

Don’t forget the sneaky enabler!

Thanks for the suggestion but it is useless, they know and still the convinience or what ever is far better for them…

It feels like we would need to put a paywall like in a Rick and Morty episode to make them not use it

Nah… it is difficult, but not impossible. You may be sick of trying, but it is not impossible.

Careful with the naysaying in public… it can disempower the build up of momentum, which is, admittedly, painfully slow. Keep pushing or at the least, pause a while, but don’t get disparaged.

You’ve gotta play the long game. None of us were convinced to uproot our digital lives in a day. It took me years to get to a place where the most major spying things were removed from my life. Heck, there’s even a few major ones I haven’t figured out how to remove.

First, they have to realize it’s a problem.
Second, they realize how bad it is.
Third, they realize that there’s hope.
Fourth, they realize that there are some things that are actually feasible for them.
Fifth, they start gradually switching out one thing at a time.

But even still, there’s so many places where the spyware services are just accepted as normal. It’s hard to even exist socially without them. Unfortunately, I still have to use my Google and Facebook accounts semi regularly because something is only shared on a Google doc or Facebook group. It’s genuinely inconvenient to switch between those and what I normally use. It’s worth the effort for me, but I get where people are coming from, particularly those who aren’t very technical.

It’s gonna be a slow process, but that doesn’t mean we should give up. Progress is genuinely being made.

2 big milestones for me were finding out about the UK courtcase with Apple - once I started trying to make my iphone more safe and secure, I realised how much the devices and the apple infrastructure were designed to make that impossible, so I ordered the eos fairphones, and migrated fully, in about 3 weeks. Then, I read snowden’s biography recently and was truly horrified that I had not paid more serious attention to his story at the time of the revelations. I also watched The Matrix again and realised how trapped most people are in their technological prisons. Escape really isn’t an option for most - they are happy in their online existences and addicted to their apps, that spy on them constantly. But, I also realised that it wasn’t for me. Once I had my phone and was using it, I understood that there was another way, and it was going to be my way.

It is indeed necessary to inform those around us that everything we do online allows us to be identified and profiled, over the long term, if a private or government entity aims to. (In the first case, it’s a certainty, regardless of our citizenship.)

In this sense, the documentary Nothing To Hide by Marc Meillassoux and Mihaela Gladovic is rather well-made and educational, i believe.

That said, and quite frankly, i’m convinced that every IT tool, even the most privacy-oriented, cannot prevent us from leaving traces of our digital lives.

Just as i’m convinced that not having a Google or Facebook account in no way protects me from being profiled. Since, for example, I send text messages from my e/OS/ phone to iOS or Android users, via services other than Signal. Etc.

Let’s not be fooled. By adopting e/OS/ we are struggling against owning trackers on our own, but trackers are everywhere else.

We, e/OS users are just activists.

Not citizens whose digital uses preserve our freedoms.
For exemple, as an IT professional, i work every day on the Google Workspace suite imposed by my company, which injects Gemini everywhere.

All this to say that education without action leads nowhere.

Laws are most often inspired by a small number of people, whether victims or activists inspired by the victims. And rather than campaigning with our relatives or colleagues i think it’s more efficient, for example, to write to the representatives of our respective parliaments, etc?

The tracking of personal information is so pervasive now it’s almost impossible to draw the line where you feel you’ve done enough. I think I have most of the major threats eliminated, but I think it’s impossible to have any assurance of privacy without going completely off grid.

The system knows so much about me just because I file my taxes and pay my bills. Imagine a life with perfect privacy where you have no accounts of any kind. Throw accounts like water, power, sewer, insurance, banking, and phone out the window. There was a time long ago where everybody lived like that and it was rough as hell. Since the beginning of the digital age it’s always been a trade-off of convenience over privacy. And we’re not the ones deciding how far it goes.

This is true. The best that any of us can do is minimise privacy and security threats until we have a system for managing our data (on & off line), that has the smallest digital footprint we can practically achieve. It is going to be different for everyone because of differing individual requirements. I no longer keep email for example, it is dealt with on arrival and deleted. And all personal data that I can store this way, is stored offline. I have an airgapped linux laptop for home admin. All files I keep are moved to it. I know that some of this data will still be online in various systems but, that is beyond my control. And it makes me feel better to know that I am doing all I can. And the system is still quite convenient to use, after some refining. Possibly more so, than before I became concerned about these issues. Now, that I am much more selective about what I keep and where, I end up keeping only the important items, and deleting all the junk immediately.

Yes identifying the real threats is the bigger part of it. My brother in law is paranoid about these kinds of things and goes to great lengths to protect his data. However, he overlooks some things that are bigger threats for the sake of smaller ones.

For example my brother in law keeps his phone in a Faraday bag, but runs a stock Android instance. It’s like dude, you should be running an alternative Android system and forget about the bag. But I’m not going to tell him otherwise, he’s going to do what he does no matter what anyone says.

Personally I try to avoid the big threats, but the smaller ones I tend to gloss over. My time is valuable and I don’t want to spend a massive amount of effort trying to block every possible entry point. Even so it’s hard to know for sure what you do and don’t need be concerned about.

I got seek of e/OS and just turned on again my iPhone 13.

Some should ask why?

First: my brand new Murena FF5 wasn’t able to upgrade itself from e/OS 2.9 to 3.0.
I really have other things to do with my days than being the system administrator of my phone.

Sec: For the same reasons, I ultimately don’t trust Android. Even though talented people are striving to build a more virtuous alternative like e/OS.

I read every week that Google fixes CVE 7 or 8 class flaws regarding Android.
But there is no f****** update on my e/OS phone.

So who’s protected?

I give up.

And you really think you are more protected with your iPhone ??? It’s a bit hilarious ? Ton of users are affectés by lot of CVE without correction under windows …

Windows is not the subject of this topic.

But talking about MS the last “Tuesday updates” fixed CVE’s like 2025-33053.

My e/OS phone didn’t get no updates for weeks. And i don’t think it’s bullet proof.

/e/OS is never about security first, privacy is the top.

Have you ever checked out thoose holes in detail? Sometimes it is very arbitrary how someone can take advantage of.

You have to choose what ever you feel comfortable with

IPhone is neither the subject of this topic as well and there are CVE in iOS as well. CVE is sometimes not critical just read the description.

For CVE and /e/OS, I’m sorry but there are new version. Updates are common like we received 3.0.1 with updated lineageos 20. It’s mentionned in release notes that /e/os has been upgraded to last lineage os security patches … So you have to check but usually lineage os correct CVE

You don’t know what you’re talking about.

Of course it exists flaws everywhere.

Regarding e/OS NO ONE will try to hack for a bounty. Simply cuz the program doesn’t exist.

Try to hack Debian. You’ll be well receive.

And if you succeed, try harder to aim iOS.

Is CVE-2025-27363 patched by e/OS 3.0?

Was CVE-2023-40088 patched?

Yes !
https://review.lineageos.org/c/LineageOS/android_build/+/376958

No because they have included April patches but not May. Btw it will be in the next release as it was released in LineageOS 20
https://review.lineageos.org/c/LineageOS/android_build/+/432583

Security fixes are mentioned at the end of release page: