Facebook and Instagram Link Previews Would Break EU Privacy Law, Say Security Researchers

[mazz0]

Off the top of my head, if I sent you a link to a private page on my website and your phone automatically loaded images from it to make the preview, I could probably get your IP address and other information from my server logs without you even tapping the link.

If you’re right though and it happens on device then I don‘t like that, but it’s not as bad as when email clients do it (I’m looking at you Mail), since email can be unsolicited and doesn’t come from trusted contacts.

 

[rafark]

Oh that’s nothing compared to the invisible mods and admins who can read your DMs and private stories.

Mods, admins and engineers have access to your “private” content. That’s not necessarily a bad thing. Macrumors mods and admins also have access to every single one of your PMs. So do the staff of every single forum and website that you submit your data to. They need to have access to ALL the content if they want to enforce rules. How are you going to report a spammer, a harasser or someone doing ilegal things? Once you submit content to a website, the owners are partially responsible for it.

So the websites you visit regularly see your private content, store the content of other websites to use in link previews, etc. Why is only Facebook being accused and bashed? Because it’s the cool thing to do?

 

[zelmangina]

Hmm. It is a standard procedure for almost all websites, including macrumors, gmail, etc to sanitize links. Looking at these responses tells me that none of you worked in IT security.

There are many reasons to do this from IT security standpoint, such as malware, DDoS and others. This is actually allowed under ePrivacy rules, as long as they don't use it for ads.

Signal, WhatsApp are different because they are fully E2EE and their servers can't see the data. They may do caching on the device but that's about it. However, with E2EE you lose the safety net. It is a tradeoff between privacy vs security.

 

[Frank Philips]

What is more curious, is that day by day we have story after story of the FB group misusing data, mining data, selling personal data, building profiles of individual for nefarious means, manipulating the political sphere etc etc...

And YET people still use the services every single day.

You mean... the way MacRumors still allow to register using a Facebook account? Or own a FB page? Or offer the possibility to share content on FB?
Don't get me wrong, I agree with you. But we should also keep in mind that this very site is linked to Facebook too.
If we're all so upset with FB, shouldn't we also boycott all websites that use/link to FB?