undefined | Better HN

0 pointsasutekku5y ago0 comments

The pop-up is literally “allow tracking” and “disallow tracking” and disallowing does not give the advertisers any kind of information about cross-app usage. It is not something you can as a developer circumvent.

0 comments

MayeulC5y ago

There are hundreds of ways to fingerprint you and your device, without an avertising ID. You just need a few (5-7?) To uniquely identify someone.

A few examples that come to my mind: Current battery level, typing speed, phone model, OS version, battery wear (guessable from charge/discharge rate), charge rate (depends on the charger), finger width, propensy to use features differently (scrolling, zooming, selecting text), clipboard contents, RTC lag, microbenchmark performance... System preferences alone is probably enough (brightness level, airplane mode, dark mode).

If a fingerprinting library is present in more than one app, I find it unlikely that both fingerprints couldn't be linked to the same user. If one of these apps has a log-in, they can probably link that up with the rest of browsing history, on-device and cross-device.

Sounds far-fetched? I don't think so. I rather think I'm underestimating the issue.

I think one technical answer to that would be to "taint" every measurement of a potential identifier, and track its usage across the program. If the app tries to submit information that is somewhat related, block it.

Alternatively, compute a score and block it above a certain threshold (that will be gamed, but could help a transition). Or use a RR-like mechanism to change the measurement to a dummy value, and replay up to the exfiltration point.

K0nserv5y ago

What you've said is accurate, but one thing that's different in this case compared to the web is Apple's walled garden.

The walled garden certainly has problems but in this case a real benefit is that Apple forbids these kinds of technical workarounds. You can implement them, but do you want to run the risk of your app being banned from the only distribution channel on iOS because of it?

Nextgrid5y ago

That walled garden still appears to have major holes in its fences, as shown by the Facebook SDK having infected every single mainstream app for the sole purpose of stalking the user in the background (over time Facebook can correlate the traffic by date/time, IP address, device type, etc and link different instances of the SDK together).

1 more reply

j / k navigate · click thread line to collapse