fsebugoutzone.org:9999

       Post AyEgIkvAwBLxGfFcKu by mysk@mastodon.social
 (DIR) More posts by mysk@mastodon.social
 (DIR) Post #AyEgIUuwRHevdJ1Cka by mysk@mastodon.social
       2025-09-14T21:22:03Z
       
       0 likes, 1 repeats
       
       🤯 Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track every on-screen impression.The app still misuses push notifications to send detailed device analytics about the device (uptime, battery, volume, locale, timezone, memory, CPU, etc.)#privacy #infosec #privacymatters #Apple #iOS #metaMore 👇🧵
       
 (DIR) Post #AyEgIaLiFB2oTma9fk by mysk@mastodon.social
       2025-09-14T21:22:59Z
       
       0 likes, 0 repeats
       
       We detailed this last year and we checked again today. Meta collects everything it needs to track users across apps, a practice strictly prohibited by Apple.Stop using the native app. Use the web app.#privacy #fingerprinting #iOS #PWAMore 👇
       
 (DIR) Post #AyEgIfXawQWIa5BDO4 by mysk@mastodon.social
       2025-09-14T21:23:27Z
       
       0 likes, 0 repeats
       
       Link to our demo from last year. Apple&#39;s Required Reason API rules aren&#39;t being enforced - either they&#39;re ignoring it or they can&#39;t do it.https://youtu.be/4ZPTjGG9t7s?feature=shared
       
 (DIR) Post #AyEgIkvAwBLxGfFcKu by mysk@mastodon.social
       2025-09-14T21:23:56Z
       
       0 likes, 0 repeats
       
       P.S.: The data collection is massive. We can&#39;t consistently simulate accounts that aren&#39;t based in the EU. Data collection isn&#39;t as massive for EU accounts. Our entire team is currently in the EU, which makes recording a demo capturing the massive data collection difficult. Our time is limited. It would be great if researchers outside the EU investigated this. We&#39;re happy to help.
       
 (DIR) Post #AyEgIqAbQFfFXxVVZo by mysk@mastodon.social
       2025-09-14T21:39:59Z
       
       0 likes, 0 repeats
       
       This article by @9to5Mac is spot on 👌https://9to5mac.com/2025/08/21/meta-allegedly-bypassed-apple-privacy-measure-and-fired-employee-who-flagged-it/
       
 (DIR) Post #AyEgIvOG0uYdjkvz3Q by mysk@mastodon.social
       2025-09-14T21:58:33Z
       
       0 likes, 0 repeats
       
       To investigate this, You need to connect your iPhone to a network where you can capture HTTPs traffic and decrypt it.1- quit Instagram so it is not running in the background 2- Send yourself a DM or let someone comment on your posts3- You get notifications and the app should wake up in the background and send the massive data4- Capture the data, analyze it, redact it and publish itYou can do it with Proxyman.