Threads collects so much sensitive information it’s a ’hacker’s dream,’ experts say
Threads collects so much sensitive information it’s a ’hacker’s dream,’ experts say
Meta captures everything from the information you give it when you sign up for accounts, to what you click on or like, who you befriend online and what kind of phone, computer or tablet you use to access its products
Meta captures everything from the information you give it when you sign up for accounts, to what you click on or like, who you befriend online and what kind of phone, computer or tablet you use to access its products
Not that I'm ever going to use the app, but I'd like to point out as to why the collection of this specific dataset is particularly dangerous.
Threads scrapes Health and Fitness information. Why is this a problem? Because Meta is already illegally scraping hospital websites for your records. Speaking as a data analyst, it doesn't take much (like one line of code in some cases) to match your Threads account to your hospital records in a database. To assume Meta isn't attempting to do so as we speak is naive - there's simply too much money to be made.
In an age where we've had to start underground railroads to help women across state lines to keep the right to choose, combined with the push from the far right to criminalize helping them, this sets up a frightening scenario:
Meta finds that you've scheduled an abortion through the hospital across state lines. With Threads on your phone, they can now track you as you travel to that appointment. It only takes one more step, or a law like this one tailored towards abortion, to notify law enforcement to pick you up enroute.
Combined with Meta's overall right-leaning politics, it just doesn't make sense to make yourself vulnerable to them, especially if you're a member of a minority population or have any sort of health condition. There's simply too much potential for abuse, and Meta has shown itself more than willing to abuse its users.
Shit fuck shit fuck
IKR? It's like 1984 and the Handsmaid's Tale got together and are talking about having kids....
Because Meta is already illegally scraping hospital websites for your records.
Sorry, but this is just bad web design from the hospitals. This pixel tool doesn't magically appear on websites without being put there deliberately. Literally any tracking tool can capture this stuff on any page that a developer puts it on. This is 100% the fault of the programmer at the hospital (or the admin that made them do it) that decided to put tracking cookies on sensitive pages.
The hospital administrators decided it was more important to get their precious reports on usage from Meta's portal than protecting their patients.
I'm pissed that I've had to defend Meta here, but this one isn't on them.
If I leave my door unlocked while I'm gone, and you come in and steal my laptop, it's still theft. Yes, I'm an idiot, but you're still a criminal.
That being said, I fully agree with you that the hospitals should bear equal fault - the lack of protections around patient records is criminal, and I'd really like to see those whose records were exposed sue both the hospitals at fault and Meta, or better yet, a criminal case from the FTC and the Department of Health.
Not likely, I know, but I'm a dreamer.
Someone on my Mastodon feed put this best: People who aren't tech saavy STILL deserve privacy, security and safety.
Hospitals are full of people who understand medicine, not tech. Because that's what they are. Administrators don't even know what to ask to hire a good tech person, and when a tech person gets in there any change they make has a danger of disrupting livesaving systems so they can't do anything anyway. It sucks, but HIPAA still says those records are private and you're not supposed to be looking at them without having a good reason to. The hospitals are liable for not protecting them properly, but Meta is still in the wrong and still breaking the law by scarping for them.
Ultimately, this is everyone's fault but the patients and the patients are the people who are wronged by it.
Meta captures everything from the information you give it when you sign up for accounts, to what you click on or like, who you befriend online and what kind of phone, computer or tablet you use to access its products
I mean, yeah? None of that is unique to threads nor meta and half of that is information required to run the service
Threads Data linked to you
Third-party advertising:- Purchases (Purchase History)
- Financial Info (Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content (Photos or Videos, Gameplay Content, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
Developer's advertising or marketing:
- Purchases (Purchase History)
- Financial Info (Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content ( Photos or Videos, Gameplay Content, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
Analytics:
- Health & Fitness (Health, Fitness)
- Purchases (Purchase History, Financial Info, Payment Info, Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content (Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Sensitive Info
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
Product Personalization:
- Purchases (Purchase History)
- Financial Info (Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content (Photos or Videos, Gameplay Content, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Sensitive Info
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
App functionality:
- Health & Fitness (Health, Fitness)
- Purchases (Purchase History)
- Financial Info (Payment Info, Credit Info, Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content (Emails or Text Messages, Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Sensitive Info
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
Other purposes:
- Purchases (Purchase History)
- Financial Info (Other Financial Info)
- Location (Precise Location, Coarse Location)
- Contact Info (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
- Contacts
- User Content (Photos or Videos, Gameplay Content, Customer Support, Other User Content)
- Search History
- Browsing History
- Identifiers (User ID, Device ID)
- Usage Data (Product Interaction, Advertising Data, Other Usage Data)
- Diagnostics (Crash Data, Performance Data, Other Diagnostic Data)
- Other Data
As compared to Mastadon:
[Blank Space]
I mean, yeah, but this is also true compared to writing your thoughts down in a paper journal or a self-hosted WordPress blog. Comparing it to Mastodon is only meaningful if you're specifically evangelizing for Mastodon. You're preaching to the choir here.
Your source touches on this, but a more meaningful comparison would be the social networks that are already being used by the same demographic. Is Threads use of data excessive or unusual compared the existing apps from Meta or its direct peers? How does it compare to Facebook, Instagram, Twitter, Tiktok, Snapchat, etc.? How does it compare to ubiquitous Google apps like YouTube, Gmail, Chrome, etc?
Yeah, excessive tracking is Not Good, but it's nowhere near unique to Threads.
The cybersecurity startup the parent article is built around, Protexxa, have their own Twitter, Instagram, LinkedIn, etc. as does its founder and CEO.
So what's the point of the article? Why Threads? Why now?
This was all I had to read to decide the entire article is junk.
You should have read on that it also captures Health and Fitness information. The only reason it would get that is to sell it to insurance companies, or worse, law enforcement if you're in a region that outlaws certain medical procedures.
Anyone who thinks that any meta subsidiary is not trying to gain every piece of information on you and everyone around you is delusional. They want every detail. Do you masterbate? How often? To what? Partners? Cis/trans/nb, het/gay/bi/poly? Where do you do it? How often? Then meta asks, how can we make money off this knowledge and extract every penny. But one of their board members gets outed and it’s all out war, metaphorically speaking.
But, it's free!!!