This is not “news” to anyone with eyes and ears, but it’s always worth reminding ourselves about Facebook’s surveillance machine.
https://www.washingtonpost.com/technology/2021/08/29/facebook-privacy-monopoly/
(Thanks to @BenT for linking that article: https://social.librem.one/@ben)
I did find it interesting that you can view what facebook has on you if you have an account…
Granted as I don’t have an account it doesn’t really help. Always want to see how well my attempts at hiding are working, but not at the cost of one of those methods.
It’s infuriating to see how much Facebook gets away with. (And Google, for that matter.)
Borovicka tried to use that same California privacy law, known as CCPA, to view the data about her 11-year-old son, who has never had an account on Facebook or on Instagram.
Facebook replied it wouldn’t comply with the access request because her son doesn’t have an account it could use to verify his identity. But if he had an account, he’d be giving Facebook the right to collect his data. “It feels like you’re trapped in some kind of logic circle,” said Borovicka.
Catch 22.
It is not uncommon for pressure groups (of any type) to use the “somebody think of the children” argument. Above we can see a fundamental flaw. If a government makes it illegal to collect data on someone under the age of “consent” but the child does not have an account, it would be unimplementable for the collector to know the age of the person and hence to give effect to the law. There may be solutions to that problem but the cure then may be worse than the disease.
“Consent” is barely an answer here anyway because nobody reads 25 pages of dense Terms and Conditions, adult or child.
I disagree with the idea that this is a monopoly / competition / bigness problem. When you don’t have a Facebook account but you are surveilled nevertheless by Facebook on “every” site you visit, competition makes it worse not better - because two companies do not have to compete for your data, they can both have it.
This is probably already happening. You visit some site and both Facebook and Google get your data. Why wouldn’t the site make even more money by selling your data to all comers?
I believe that the only potentially workable remedy is a legislative one i.e. to restrain the site you visit from polluting itself with Facebook, Google or anyone else’s spyware - or alternatively to limit the site to containing such spyware only when they are certain that you have consented to such spyware (for example, that you access the site while logged in to Facebook or Google).
This has the side benefit that Facebook and Google may then also know that you are under the age of consent and hence be able to curtail their activities in such other ways that the law might require.
Inevitably though that will cause the advertising-funded model to wither - and that in turn could cause some sites to disappear. So it is thrown back at us: Would you pay actual dollars to use site X assuming that it can’t fund itself through spyware?
To answer the question though: Could Facebook be more despicable?
Yes, they could.
Well said. Catch-22 indeed. Kafkaesque, even.
Fortunately some governments are starting to apply pressure, but I doubt we’ll see any meaningful change in Facebook’s abuses.
In the meantime, I’ll continue to play whack-a-mole with trackers, cookies, and spying scripts in my browsers, use a VPN service, run Pi-Hole on my home network, and TrackerControl or Blokada on my de-googled Android. (With the realization that it’s not enough.)
Which reminds me, @Kyle_Rankin, how’s that OpenSnitch app coming along for the L5? 
This is an older piece, but a good read:
I agree. But it was a more or less rhetorical question anyway. 
I figure that after I get my Librem 5, that it will be time to start over when it comes to my identity. I already don’t do Facebook or anything like it. I’ll get a new e-mail address and use it only on my phone. My use of my desktop PC is so infrequent and focused only on a few specific things, that they’ll learn virtually nothing about me from my PC.
So with my Librem 5, they’ll have to start over trying to figure out who I am and getting any data on me. That guy they know as me from my current phone will just disappear one day. Then as they try to track and advertise to my Librem 5, they’ll get little to nothing also.
I won’t have to agree to be tracked as a condition of using apps from Purism’s app store. So anyone who tracks me will be breaking the law. If I can, I want to use my phone to collect large bounties from companies like Facebook and Google. It goes like this, you use open-source software to detect and record privacy violations that are committed against you by Facebook. When it gets to court, Facebook claims that what you claim wouldn’t be possible. To exchange that data, you would have had to agree to either Apple or Google’s terms of service. Then you show how your Librem 5 has an app that does the same thing that their eco-systems have, and explain how you’ve never agreed to be spied on or tracked. Then sue Facebook for a million dollars and make it a class action so that anyone with a Librem 5 can hold in to the suit.
You might also want to remove your personal information from people-/address-/phone/email-search sites, as I’m sure this data gets bought, sold, and shared all over the place, including to Facebook. Otherwise, they’ll just say that it’s publicly available information.
There are paid services that will do those removals for you, some of which offer a basic, free option as well.
OpenSnitch has been working great for me. It’s not yet packaged for PureOS but I’ve been downloading arm64 debs from the project’s releases area and it’s worked just fine that way.
So, basically just this?
$ sudo dpkg -i opensnitch*.deb python3-opensnitch-ui*.deb; sudo apt -f install
(After download from github, I mean.)
Exactly that. And it doesn’t use many resources either, which is nice. It does make initial startup a bit slower since it launches at startup, however the resource needs when running are relatively small. It only seems like it’s using a lot of resources if you check it remotely when the screen is off (when the RAM is clocked way down). With the RAM clocked normally it doesn’t have much impact on load.
I should note there are a few UI quirks since it’s using QT, but nothing you can’t work around by toggling the keyboard off and on to reset its window.
Also, if you use this, and have a habit like I do of working on your Librem 5 remotely over SSH, just note that OpenSnitch pop-ups appear on the screen, so if you are doing things like wget from the command line over SSH, realize that unless you add wget http/https to the allowlist (which I don’t for security reasons, I like to allow per-request), you will have a pop-up appear on the screen.
It will take a few days or a week of use before you add all the “forever” rules allowing the access your apps actually need. Personally I find that a good learning experience to see exactly what network access my applications are asking for. I also suggest digging into the settings to increase the default timeout before it denies a network request to something like 25 seconds, to give you time to interact with the interface–especially to expand it to allow you to set per-port or per-host rules.
Awesome! Thanks. I’ll give it a shot.
How about on the L14? Try it there yet?
I haven’t because I run Qubes on my Librem 14 instead, but to my understanding it works fine, you’d just use the amd64 debs instead of the arm64 ones.
OpenSnitch is great. It reminds me of ZoneAlarm on Windows back when it didn’t suck. Of course Tinywall does basically the same thing as OpenSnitch on Windows now. But I’ve had great use out OpenSnitch on my Librem 13. I’d highly recommend it as well!
OPINION:
It’s nothing new. I don’t know if anyone mentioned it (no time to read everything), but one doesn’t need a FB account to have FB stalk them. Tracking is one thing, what FB and Google do is ‘stalking’. But when we visit websites with the FB, Twit, etcetera logos (those “share” links), FB is notified that our device were there, some reporting what place we arrived from, our location, and using what devices.
Almost every new site uses Googleware now. So when we visit a site, Google fonts, tags, apps, get dloaded to our devices - every time, and this tells Google where we are, for how long, from what previous site, using what device/s and for how long.
I don’t know if this is true or not - never went so far as to research it, but it was mentioned at one time that the fonts contain pixel gifs used to stalk where we go.
As some here has seen me mention before, I call it SMIRCing Stalk, Monitor, Inject, Record, Control.
IMO. The more people that shame the advertisers that use the likes of Google, FB, Twit, etcetera, the sooner they might cause the spies to clean up their outhouse and stop pimping out our rights to privacy.
S
How ironic. An article about the evils of tracking, behind a mandatory tracking wall.
Except if you’re in the EU, and they need to comply with the GDPR, which explicitly prohibits making collection of personal data a condition for access to the content. In that case, you can just take their most expensive subscription, that’s only available to EU residents, and avoid being tracked. Even folks with the regular all-access subscription plan have to accept tracking. I thought the whole point behind tracking and advertising was so they wouldn’t have to charge for access? Yet, if you’re in the US, and you want access to more than a couple articles a month, and actually take a subscription, you’re still being tracked by third parties.
Interesting… No firewall for me, and I don’t see the “consent” screen. In any case, I just disable the trackers and ads in my browsers and on my network, so they don’t get anything from me.
Could Facebook be more despicable?
Yes:
Yes, I was aware of that development, too. I may just have to boycott Ray-Ban now. 
