It’s exactly why they do it.
On iPad now as well it opens the browser in a tiny window in the centre of the screen.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Analysis Suggests Instagram Tracks User Web Activity Through In-App Browser
- Thread starter MacRumors
- Start date
- Sort by reaction score
On iPad now as well it opens the browser in a tiny window in the centre of the screen.
Errr, incorrect. Apple allows many browser apps and does not restrict the user. There are in fact, thousands of browsers.
What you meant to say is, they force all browsers to use the same rendering engine, WebKit. That might seem like splitting hairs, but the difference in terminology explains exactly how this privacy exploit works - which is to say it’s NOT using the iOS browser, it is using Instagram as the web browser. Yes, the instagram browser is running the same engine underneath, but effectively they can run code on top of the engine as they please, and- as they in fact, do.
It's kinda funny that this article (like every other article on MacRumors) has a "Share on Facebook" button:
Anyone who regularly follows tech news is not surprised by this. The rest of the world probably would be, if they weren’t already driven to distraction, defeat, and complacency by the rule of corporations and plutocratic oligarchies.
They don't "sell your info". They sell aggregated user profile data ("50 year old + male Miami dolphins fan") to advertisers, same as apple.
I think people assume that Apple is doing all this stuff just like FB and Google, but doing it secretly. But that's nonsense. AAPL is a public company who discloses the source of their revenue. They can't just have a secret advertising or data brokerage business, because it would be a massive SEC violation and (as you say) would be a massive own-goal in the face of their whole privacy positioning in contrast to FB and Google.
That would be great. Almost every app wants to keep you in there app (because ‘engagement’ seems to be the only thing that matters anymore). No thanks.
Well, if you use the app to “Open in Safari/browser” guess what? They have you and you will continue to see the same ads or similar. I think they would even know if you went to Safari and manually typed in the site, because all those sites sell their data to Meta, which then cross-references when the add was delivered to your social media app and then they can tell you were interested. This is why when I go to a new site, I’m willing to spend two minutes clicking all but the necessary/required cookies off. It may not make much difference, but if I make Meta’s algorithm just 0.001% less effective, I consider it a good day.
(Sigh.)
So, this thread has a lot of people echoing this particular sentiment in one way or another. It's almost as if people are complaining that the study was conducted at all, let alone that this article was written about it. But just to offer a counter-argument on that point: Not every reader who browses articles on tech journals (like this one) is as tech savvy as us geeks who wade into the choppy waters of the comment section.
That is to say, this work wasn't really done for the benefit of the smaller percentage of us who can intuitively figure this crap out for ourselves; it was done for the larger percentage of readers who almost never comment, and who are largely coming here to increase their knowledge about a given topic. Hopefully, reading this article helps them to accomplish that goal, and causes a few more people to be just a little bit more careful when using Meta (and Google) properties.
So give Sami (and Felix) a break, guys... they're just trying to make the world a better place. M'kay?
Of course they will know whether you opened the link in a separate browser, from their app. Of course they will still follow you around the internet. That’s not the point.
The point is that if you click on a link to a shop, open and continue to browse/login/purchase in their in-app browser, the app can potentially read your password/credit card details. Screw text selections, etc - that’s weak sauce.
Of course, Facebook is not likely to actually use such information (sure, they’re definitely disreputable in how they use user data, but they’re not out and out scammers, they’re not gonna steal your account or password or money, can you imagine the criminal and civil trial if they did?), but it may well inadvertently be transferred in their telemetry or stored in some sort of insecure system, and there’s always the possibility of cross site scripting flaws that could possibly exploit Facebook’s tracking beacon and expose usernames, passwords, and credit cards. And passwords/credit card info could easily be accidentally vacuumed up depending on how this tracker works. I suppose there’s also always the possibility of an inside job, of a developer going rogue.
Yeah, but this is solid confirmation they’re doing it, as opposed to “just a very good, probably accurate, hunch”.
Apart from all the impotent consternation from it would engender from the anti-walled-garden, side-load-all-the-things crowd, why should there even be third-party in-app browsers? Why shouldn't Apple just require that any in-app web links be opened in a Safari sandbox instance within the app? Hell, why not sandbox that Safari instance from the app itself? ....allowing only approved hooks like authentication and such. What is the point of all this "Do not track" stuff if in-app browsers are wide open and the user is not giving informed consent?
For one, if you’re a different browser than Safari, you have to use the WebView view instead of the SafariWebView view, the latter uses Safari UI chrome and the former doesn’t. Even if there were alternative browsers, consider a browser like iCabMobile. iCab already uses WebKit on the desktop (and the system framework version of WebKit, not some version of WebKit included in the app bundle). Using the older WebView class is the iOS equivalent of using the system framework version of WebKit. If you’re writing an email app that displays HTML email, you’ll need the WebView class. If you’re writing a text editor with HTML preview support, you’ll need the WebView class. There are legitimate reasons to do so, it’s just that Facebook and Instagram technically have illegitimate reasons (though they’re also grandfathered in because they had in-app browsers using the WebView class before SafariWebView was introduced).
I use Lockdown Privacy (iOS) to block tracking and added connect.facebook.net to the custom block list...
The number of people that don't realize social media apps on their phones are a huge invasion of privacy truly boggles the mind. I suppose that's why their whole economic model works...
"If the service is free, you're the product."
"If the service is free, you're the product."
I’m glad I never got on the social media train… no Instagram, Twitter, TikTok, Meta, etc, etc.
As others already mentioned - then you just get tracked by all your friends who have this crap installed ... great stuff.