1. Home

Encrypt all the things!

You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.

  • link preview... if we chatted and I shared a link to a product in that chat, the link typically showed a summary of the web page in question... the client made a web request using the WebView component, thus placing a cookie and leaking some details. If you ever then opened Instagram and got a highly relevant advert and wondered how that could be because you'd only mentioned it once in a private chat in the "encrypted" WhatsApp... well, now you know.

    So even if I don't click on the link in a WA chat, the link preview is placing a cookie on my device? Is that correct?

  • Yes. Your client will use the web view within the app to visit the site and read the metadata to render the preview. This is super in Facebook's interest as when that happens any tracking on the remote website (and e commerce will have a lot) can now identify you. Once you open another app, i.e. Instagram, Facebook can then check in their servers to correlate the tracking identifiers and show you an advert, etc relevant to the link previews in the private conversations.

    Link previews area a bad idea.

    What I do on here for embeds is just rewrite the URL rather than visit it, and then embed only an SSL version of a remote page choosing a nocookie version if one is available (YouTube)... Precisely to prevent too much leaking of who you are. I also break some policies,i.e. eBay affiliates are supposed to have a tracking cookie set but nope... I won't do that stuff.

    I like signal for giving you a choice on link previews but defaulting to off.

About

Avatar for Velocio @Velocio started

About Terms of Use Privacy Policy Cookie Policy Report a problem