I can’t believe anyone would buy from Temu. I knew they were Chinese knockoff bullshit the second I saw their first obnoxious ad.
somethings people don’t care about quality. An example, the one time I checked out Temu way back when it first made its splash I bought some targets for shooting… Hard to fuck that up and got em cheap as fuck with that promo deal they do to hook you. Uninstalled it right after, probably not worth it but I feel like that is a common experience. There are items where you just simply can’t fuck up so the ultra cheapness works out.
With that said, an obligatory FUCK temu and those like it.
Aliexpress seems most straightforward, and not quite as gimmicky.
Have you seen the wheel spin and Fomo coupons?
Maybe not as much but still highly gimmicky in comparison to normal e-commerce sitesThey don’t seem to give overall preference to a given supplier beyond their obvious coupons and paid rankings. Alibaba is better, but who needs 144 of any specific widget…?
If you compare to one of the most preferred e-commerce website, which I would consider Amazon, it’s still not that bad. I have found less lies on Ali express v Amazon. If it comes to any cheaper electronics the Ali description is the real deal as far as I have seen. Amazon I have been shipped differing products, the description or features have just been a lie, or it didn’t come with the things implied. For the most part Ali descriptions are exactly what you will expect when opening the product… in fact many times I discover extra features when receiving the product that seemingly just couldn’t explain in their marketing.
Ali>Aliexpress>Amazon… just depends on needs
My only reasons to buy on Ali is when I need something simple like velcro that can be cut to length or other small scale stuff electronics (e.g. Rasperry Pi 0) and it doesnt have to be fast.
Ironically the shipping is either free or so cheap it’s better than domestic amazon.
I often suspect they sell the same item but order it with DHL shipping (our domestic shipper) with high priority shipping included in the price (2€ item + 8€ shipping = 10€ on Amazon + “free” shipping)
That’s all online shopping
Isn’t that the site that’s AliExpress but worse?
I can’t believe people pay full price on cheap stuff. The only reasonable thing to do is pay cheap on cheap stuff. And the delivery times are unbeatable .
I can’t believe people buy cheap trash that would be sold on Temu.
But here we are, people buy cheap ass trash off Temu. If China started picking through the trash we shipped them and sold it back to us on a site like Temu, something tells me people would still buy it.
People would buy an actual turd on temu if it’s cheap enough. Just read these comments here… But it’s cheap. Congrats, you bought cheap garbage and it got send around the globe by a company that sells your data
A huge amount of products are just generic Chinese products that have a brand slapped on it. If you’ve ever bought a random small USB device (i.e USB hubs, etc) from a major brand like LogiTech and others, if you crack it open it is just the same device as cheap resellers with a branded coating. It’s not worth it to many companies to bother manufacturing their own small tat so they just sub-contract out.
And sure, it likely works, but it’s the exact same hardware with the same capabilities as a product a 10th of the price.
The cheap Chinese stuff often uses knock-off ICs tho.
They can be fairly difficult to detect, and will work for a short time or under very light loads. But they will be nowhere near the spec of the data sheets.
They might massively overheat, not provide the correct currents or voltages, run at lower speeds. All sorts of corners being cut to turn a $2 IC into a 50¢ IC. Or a 50¢ ic into a 5¢ oneSo yeh, might be the same PCB layout inside, it might visually look the same (or very very close) but the parts are likely to be counterfeit.
Of course, it’s also probable that name brands might be hit with counterfeit parts inside as well. Hopefully their QA picks that up
I’ve found this when trying to get a decent USB>9-pin Serial connector.
You think it’s your software, or something weird going wrong. Then you swap over a name-brand adapter, and the thing just works.
Maybe not Logitech as a whole but small scale or low-end stuff
I hate Temu, but this (apparently contracted?) Grizzly Reports report isn’t really all that trust inspiring, tbh.
Our experts identified a stack of software functions that are completely inappropriate to and dangerous
The stack difference to the Amazon app they list:
- Package compile
- Requesting system logs
- Some code obfuscation
- Mac address collection
- Install permission
- Wake lock
Meh. That’s just a sliver worse than your regular, off the shelves proprietary corporate app. I don’t see how they can pull off the promise of being a truly dynamic Android app from that report.
I do believe they hover up data, but they aren’t otherworldly super hackers. They will probably just ask for the data and the users will hand it over in a second. For most people, it really is that simple.
since people are yelling about it.
It’s probably not blatantly bypassing security and privacy features, what it is PROBABLY doing is using the user to bypass them by simply manipulating them to do it.
Social engineering is way easier than whatever bullshit you would need to do to bypass sandboxing and dynamically recompile, or whatever people are claiming, and my guess would be that this is what they’re doing.
If the suit is claiming they are doing what i said, that’s probably legal, and not going anywhere, unless tiktok ban bill 2.0. If the suit is claiming what others are claiming, it’s still probably wrong and probably going to be tiktok ban bill 2.0.
Unfortunately these things aren’t all that exciting at the end of the day.
Anti China propaganda.
All companies spy on you.
The only thing their mad is that the spying is not being done by them. That’s it.
There wouldn’t be so much anti-china propaganda, if the popular companies didn’t do so much shit behind people’s back to drown out the good things coming out of China.
I mean China is becoming a economic powerhouse, just make your companies not be backdoors until your influence and trust increase without competition. But nooooo, they have to do every worse thing other big tech companies do, but at a script-kiddie level.
The ‘But, everyone is a bit evil’ argument is such bullshit, the concern here is obviously the extent of the surveillance, but no one can say you’re entirely wrong because the definition of that is so broad.
It’s kind of technical, but there are comparisons on the report itself, even a fancy table, to other popular shopping apps and there are some legitimately troubling items. For anyone else, I’d recommend skipping direct to the source:
I am not even remotely surprised.
Every day I hear a story about Chinese software being spyware.
I’m sure Temu collects all information you put into the app and your behaviour in it, but this guy is making some very bold claims about things that just aren’t possible unless Temu is packing some serious 0-days.
For example he says the app is collecting your fingerprint data. How would that even happen? Apps don’t have access to fingerprint data, because the operating system just reports to the app “a valid fingerprint was scanned” or “an unknown fingerprint was scanned”, and the actual fingerprint never goes anywhere. Is Temu doing an undetected root/jailbreak, then installing custom drivers for the fingerprint sensor to change how it works?
And this is just one claim. It’s just full of bullshit. To do everything listed there it would have to do multiple major exploits that are on state-actor level and wouldn’t be wasted on such trivial purpose. Because now that’s it’s “revealed”, Google and Apple would patch them immediately.
But there is nothing to patch, because most of the claims here are just bullshit, with no technical proof whatsoever.
Yeah, I don’t like Temu, and I’m sure the app is a privacy nightmare, but these claims don’t seem right. If it’s true, I’m like to see someone else verify it.
Haven’t read the article because I’m not interested in an app I don’t use, but does it mean browser fingerprint? Because that’s slang for the fonts/cookies/user-data of your browser, and lots of apps have access to that.
The article links to this as technical proof https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent-security-threat-to-u-s-national-interests/
There’s analysis of decompiled source code.
The analysis shows it’s spyware, which I don’t question. But it’s spyware in the bounds of Android security, doesn’t hack anything, doesn’t have access to anything it shouldn’t, and uses normal Android permissions that you have to grant for it to have access to the data.
For example the article mentions it’s making screenshots, but doesn’t mention that it’s only screenshots of itself. It can never see your other apps or access any of your data outside of it that you didn’t give it permission to access.
Don’t get me wrong, it’s very bad and seems to siphon off any data it can get it’s hands on. But it doesn’t bypass any security, and many claims in the article are sensational and don’t appear in the Grizzly report.
That is not entirely correct. The reported found the app using permissions that are not covered by the manifest. It also found the app being capable to execute arbitrary code send by temu. So it cannot be clearly answered if the app can utilize these permissions or not. Obviously they would not ship such an exploit with the app directly.
The reported found the app using permissions that are not covered by the manifest.
It didn’t found them using them, it’s an important distinction. It found code referring to permissions that are not covered by the Manifest file. If that code was ran, the app would crash, because Android won’t let an app request and use a permission not in the Manifest file. The Manifest file is not an informational overview, it’s the mechanism through which apps can declare permissions that they want Android to allow them to request. If it’s not in the Manifest, then it’s not possible to use. It’s not unusual to have a bunch of libraries in an app that have functionality you don’t use, and so don’t declare the required permissions in the Manifest, because you don’t use them.
It also found the app being capable to execute arbitrary code send by temu.
Yeah, which is shady, but again, there is nothing to indicate that code can go around any security and do any of the sensational things the article claims.
The Grizzly reports shows how the app tricks you into granting permissions that it shouldn’t need, very shady stuff. But it also shows they don’t have a magical way of going around the permissions. The user has to actually grant them.
I agree on the sensationalism in the article.
Still sounds like shitty company doing shitty things
The study and evidence was already provided months ago
This was also linked in the article if you read it
That… is not a study by anyone who knows what they are talking about. It also does not mention fingerprints at all.
They seem to believe that the app can use permissions undeclared in the manifest file because they obviously think it’s only for the store to show the permissions to the user. Android will not actually allow an app to use undeclared permissions. The most rational explanation is the codebase is shared with different version of the app (possibly not released) that had different manifests.
It also makes a big deal of checking if running as root. That is not evidence of having an escalation exploit. If they have an ability to get root before running the app why would they need to use the app to exploit it? They could just do whatever they wanted and avoid leaving traces in the app. Though I doubt they would root phones to just brick them. It’s the kind of mischief you would expect from a kid writing viruses, not an intelligence agency or criminal enterprise.
Users who root their own phones are very unlikely to run temu as root. In fact a lot of apps related to shopping or banking try to detect root to refuse to work as your system is unsafely. In any case it’s a very niche group to target.
To keep things short, that ‘study’ does not really look credible or written by actual experts.
Can someone explain to me how you can just simply program something to bypass privacy and security features? What is the point of having these features if you can literally just program something to ignore them? Like…??? Temu is obviously bad if this is true, but if it IS true, it shouldn’t have been possible to begin with!!
one of the most obvious ways is to simply not bypass them, and then do it from within the application itself. That way you can essentially man in the middle the rest of it, though this would require a rather specific set of events and a particularly nested design of an app.
Im not sure how they specifically bypass the features in other ways but I imagine some of it is from users accepting permissions under the guise of another use. For example, maybe you accept the microphone permission on tik tok to record video. With that permission in theory the app could now use it maliciously. Of course it should all depend on the users choice for that and im not sure beyond the scope of that.
TORfdot0 shared this comment below:
Someone else posted this report in this thread which does a good job of the deceptive practices and API calls the app uses to trick the user into giving permissions up willingly and otherwise collect data it shouldn’t.
Looking forward to someone answering this
The irony
Snap! Double irony
Lol
That’s what you get for using a proprietary Lemmy app. Switch to Thunder, it doesn’t have ads, it’s open source and in my opinion has the best UI out of all Lemmy apps. Also support the development and join their community: !thunder_app@lemmy.world
Do you think it’s better than Voyager? That’s what I’ve been using. Pretty satisfied with it.
From the screenshots alone the interface looks similar to sync
First, you use Lemmy, that’s great. But pls use a client without ads…
You can pay just a few dollars to remove the ads from Boost.
Bro why using Lemmy if it’s for using proprietary client? Voyager, Jerboa, you have others choice…
Ask the 100,000 people that downloaded Boost, not me.
Probably people who have been using Boost for Reddit before and now want the same experience but for Lemmy
Been using Boost since it was a Reddit client. By default, it is my go to.
100% this. Boost is great
Maybe but you’ve done the transition to Lemmy try to use a libre client
I’m all for Libre but in this case @rmayayo@lemmyworld is my leader.
Who is he?
He is the dev who made Boost.
Why does he done it with ads?
by “client” do you mean “just use a browser”?
Or, you know, the 98% of clients that don’t have ads. I, for one, recommend Voyager.
Maybe but not only, for phone I recommend an app that’s much more optimized for using on mobile
Lemmy website is fine on mobile imo. Not perfect but usable and optimized.
For sure! Personally I prefer using the app
Where are you viewing Lemmy posts that you have ads?
I think it’s the Boost app.
I use it too. Tried a few different ones and like boost the best. I finally just paid for the non-ad tier. One time cost of 3.99. I would have been turned off by a subscription.
Yeah boost is definitely good, it was my main app until a few months ago. Recently I have been trying Connect, which is another great app.
Connect has improved a lot since I first tried it, also doesn’t have any ads. But all things considered - Boost is bit more polished than connect.
I see; I can’t imagine willingly submitting to ads, but whatever works for them.
Yeah. Boost itself is great though. Well worth the couple of bucks to get rid of the ads forever.
Not enough just to get someone else to take your cheap plastic shit to landfill after it’s cluttered their space then I guess.
Have they ever heard of faceberg or sundar the creep?
Yesterday, I saw a Temu ad for something and I just wanted to open it to read the info and there were so many popups and “spin the wheel for a prize” and “enter your email here” and so on that I gave up and just looked for the info elsewhere. Never clicking on a Temu link again.
I get their CAPTCHA where I have to slide the puzzle piece over to look at one of their ads. More than half the time I will do this and it will fail saying I didn’t do it right. So yeah temu has become a trash site.
That CAPTCHA isn’t specific to Temu.
Same, but a year ago.
Also, Temu has tried to take all the shopping search results from Bing/DDG. So those results are trash now.
I’m shocked, I say. Shocked!
The idea of an app being used to gather additional date from a customer!“Additional date”
All I want to know is what do these Temu people think my life is like?
Clearly you use adbloker or something cause temu just got excited when you opened up the link.
Your life looks pretty sick to me!
I mean, you’re obviously a sexy military mechanic woman, who goes into battle with fantasy battle armor and goes fishing as a hobby! Duh.
Any good RPG has a solid fishing mini game tbh
I was wondering what that blue thing was. I thought it was a weird personal tool…
The bearings combined with the wrenches made me think, like, roboticist. So maybe they make fishing robots that double as sexbots?
I just thinks you’re a garden variety redneck.
Weaponized fishing for covert military operations.
Code Name: Go Fish!
Are you a busty outdoorswoman?
deleted by creator
How about pass and enforce strong digital privacy protection laws you fucking cowards. When other countries spy on us it’s scary and bad, but for US companies? Best we can do is ban porn and demand backdoors to stop E2EE messaging.
California (and a few other states) are trying. The CCPA and CPRA are a good step in the right direction. If you’re a California resident, you can request all the data a business has collected about you, tell them to stop sharing it with business partners, or tell them to completely delete it, similar to the GDPR in Europe.
Oh don’t worry, they’re going to try and kill that too before it hurts them too much, and with the audacity of calling it the “American Privacy Rights Act”. https://www.eff.org/deeplinks/2024/06/eff-opposes-american-privacy-rights-act
Ugh. I hate this so much.
Unfortunately they care more about spying on us themselves.
That would hurt the advertising, spam, blackmail, malware, and propaganda industries. We can’t rip out the economic spine of big tech since they pay the best bribes.
I’m pretty sure Temu is Chinese.
Shocked i tell you. I am shocked.
No way an app would collect data it doesnt need. Preposterous.
Next thing you’ll tell me is that tiktok is doing the same thing!
