There is no reason to require this setting for users who aren’t posting live videos.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    161
    ·
    edit-2
    4 months ago

    Hostage permissions

    This is why I really like grapheneos. They’ve created scoped permissions, so the operating system tells the application Yes you can see this thing, but it’s empty. Right now they’ve implemented scoped storage, and scoped contacts. So if it tries to extort you to see your entire contact list you can limit it to an empty list, a very limited list, or everything if you don’t care

    https://grapheneos.org/features#storage-scopes

      • olof@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        ·
        4 months ago

        I’m using it on a Fairphone 5 since a while. Works flawless

      • cm0002@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Yea, but it’s a good phone to target, Pixels are one of the few remaining manufacturers that freely let you unlock the BL and probably one of the last that is carried by nearly all major US carriers. OnePlus used to be another but iirc they’ve stopped selling on all carriers stores

        Yes yes yes, you can buy any frequency-compatible phone you’d like from like Amazon, AliExpress, Best Buy, manufacturer store etc but that’s an expensive option for many as you have to front the entire purchase price with little exception.

        So if you want a BL unlockable phone, purchased through a carrier to take advantage of the reduced financial load of payments instead of all up front, in the US…it’s pretty much just Pixels

        • Cris16228@lemmy.today
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I was interested because everyone keeps talking about it and I wanted to try it myself but it’s compatible only with pixels. I have a Samsung and I changed phone recently so I’m not going to buy it again. I don’t want to spend 600+ for a new phone + 2/300? (100?) for the buds but my next phone will be a pixel🤔

          • cm0002@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Oof, yea Samshits are the worst of the worst. They’re actively hostile to those who would dare want to use their phone how they see fit.

            Even if the stars align and people are able to breakthrough the BL lockdown, Samshit phones are designed to blow an efuse and permanently lock the phone to 80% battery capacity just for a big ol fuck you

            Never EVER buy Samshit phones if you can help it

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      4 months ago

      I heard of scoped permissions before but didn’t know it could also zero the outputs of sensors to trick intrusive apps. That’s a neat feature set.

  • RangerJosie@sffa.community
    link
    fedilink
    English
    arrow-up
    48
    ·
    4 months ago

    I installed it earlier this year on android. But it wouldn’t let me sign in or browse without syncing my contacts from my phone.

    So I uninstalled it.

  • occultist8128@infosec.pub
    link
    fedilink
    English
    arrow-up
    16
    ·
    4 months ago

    all meta’s apps are suck ngl. i hate the way i can’t paste image from clipboard in whatsapp chat without giving whatsapp permission to manage my storage.

      • occultist8128@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        idk when this sh*t started but in the older versions (as far as i remember), whatsapp didn’t ask for this if the image was from my clipboard. that was one of the trick to not giving the permission to manage my files to whatsapp when sending images.

  • Chozo@fedia.io
    link
    fedilink
    arrow-up
    16
    arrow-down
    1
    ·
    4 months ago

    Gonna play Devil’s Advocate for a moment here.

    I assume that this isn’t actually for nefarious purposes, and is actually just a low-effort way of curbing spambots on their platform. It’s likely that the bots are using emulated devices to post from the official app, and this permission might lock up a lot of those bots. Obviously this wouldn’t be the best way to combat spambots, but I’m gonna go with Hanlon’s Razor on this one.

    I know the immediate first thought most people will have is that this is just so Meta can open up another avenue to spy on you. But let’s consider for a moment the logistics involved in that. Audio/video data is huge; capturing and parsing it it requires a non-insignificant amount of CPU/battery usage, and transmitting it will use a good bit of bandwidth, both of which would be noticeable by even novice users (since most modern devices these days will show an on-screen indicator whenever certain sensors are being activated, and will tell you what app is using it, so seeing Instagram trigger your mic/camera when you’re not using it would be immediately noticed by just about everybody). That would also make this one data stream exponentially more costly to gather and process for Meta than most of their other data streams combined.

    Also consider the fact that Meta already has over a million data points on just about every single person on the planet, anyway; what could they stand to gain by monitoring your IRL presence that they haven’t already inferred from the other, less-invasive data they’ve gathered on you? Half of the recordings they’d get would be farts and “oh my god, stop barking, nobody’s even at the door”, and Meta probably already knows that you have a dog and lactose intolerance.

    It’s more expensive to produce, it’s more likely to be detected, and there’s less of a guarantee that you even get any usable data from it at all since they already know just about everything about you already. I really don’t see spying as the end goal for this particular action, only because it doesn’t seem like a profitable venture.

    None of this is to suggest that Meta isn’t spying on you. They are. They 100% are spying on each and every one of you. I just don’t think the mic/camera are how they’re doing it.

    • 1rre@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      16
      ·
      4 months ago

      Not even that, it’s more than likely some PM said “we want to open the camera and be ready to record when someone goes on the story tab”, then it gets implemented as needing permissions first and not considering that some people wouldn’t want to give the permissions and only upload from camera roll

  • aaaaace@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    4 months ago

    They keep filtering the stupid people, but there’s always more.

    I keep wondering what zuck has to do to be more obvious, but it seems like an infinite horizon to someone whe never signed up for any meta product.

    Also, soft switches don’t really turn things off. Physical covers over cameras, mics, and speakers can’t be overridden.

  • Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    4 months ago

    If they don’t already have rules about this, Google and Apple should update their store rules to prevent this crap.

    • Dogeek@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      4 months ago

      Playing devil’s advocate here but there could be legitimate reasons to prevent features of an app if you don’t give the permissions.

      Things like professional type apps that need geolocation to work (geofencing, photo geoloc) or because x big shot client wants to track their employees and you’re just forced to accept that unless you want to declare bankruptcy.

      Definitely is a very hostile pattern though and there’s no reason for meta to do this shit…

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    4 months ago

    I believe that there’s some app out there for Android that lets one create a spoofed environment for apps that demand certain permissions to function. Returns bogus data to them. Might require a rooted device, though.

    goes looking

    Yeah.

    I think I’m thinking of XPrivacyLua, which requires Xposed, which in turn requires a rooted device.

    EDIT: all that being said, I do think that if practicable, it is kind of an argument to use something other than Instagram, and more broadly, to try to keep use on a personal computer rather than phone, where it’s easier to deal with or avoid shennanigans like this.

  • Shady_Shiroe@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    4 months ago

    I only use Instagram to look at the reels my family sends me, I don’t allow myself to use it for anything else because you can easily waste 2 hours and feel miserable afterwards. What I like about Lemmy is I can get through all new posts for the day in at most 20 mins and maybe learn about some interesting while I’m at it.

    • reallykindasorta@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Yeah I use it to keep up with friends/family and have a private account— most people I know don’t post regular posts, only stories, so it’s actually quite easy for me to exhaust all the content I care about and then leave. The post feed is mostly ads for me since my friends don’t post. The ‘explore’ feed for me is mostly indian weddings and flood content for some unfathomable reason.

  • skuzz@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    4 months ago

    I’ve wondered for quite a while if there was ever any truth to the rumors that Meta apps “listen” to people. It doesn’t make logical sense, as the OS should expose they are doing it. Unless they had API access to allow microphone access without triggering the microphone icon. These companies have had API access in the past, like when Uber had full screen display capture access, and Meta definitely has some agreements with the fruit company to access some kinds of data. Or, when iOS first introduced the location tracking symbol in the status bar, I was able to write a program that allowed gathering of location access without actually triggering the icon.

    Most of the time, the events can be explained away by knowing how adtech works, like, I was drinking a beverage, a friend asked what it was, the next day I started getting ads for it.

    In that case:

    • They were on my wifi network
    • They picked up their phone when they were asking about it and did an Internet search
    • So once the GeoIP was cross-referenced across ad providers, the IP started being targeted for those ads, makes sense

    Some stories I’ve heard are more strange.

    It does make me wonder if it was true the whole time, but they now have to ask for permission.

    Don’t use the platforms myself or I’d try and set up a test experiment.

    • Donut@leminal.space
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      4 months ago

      In this case by hitting create post, it triggers the permissions for mic/camera because it tries to activate them.

      As to why, it’s probably because they want you to create videos, so it defaults to that when trying to create a post. And then in there, you can go for a text post instead. But I don’t use Instagram so I don’t know if anyone who does can confirm that.