Meta: Difference between revisions - Consumer Rights Wiki

(2 intermediate revisions by 2 users not shown)

Line 14:

===Facebook===

==== Local Mess (June 2025) ====

A study by Dutch researchers revealed that Meta used a local connection from the user's browser to their apps using WebRTC to communicate from the Facebook tracking pixel (a script website providers integrate into their websites) with Meta apps installed on the device to track the user and circumvent measures to prevent the user's data from leaking. This even works when the user is using the browser's incognito mode. Meta used this technique since at least 2024, Yandex used it as far back as 2017. The day the study was published, the corresponding code disappeared from the Facebook tracking pixel.<ref>{{Cite web |last=Girish |first=Aniketh |date=2025-06-03 |title=Disclosure: Covert Web-to-App Tracking via Localhost on Android |url=https://localmess.github.io/ |access-date=2025-06-04 |website=Local Mess (Github)}}</ref>

====The Linux Ban====

Line 26:

Line 29:

As a crude workaround, one can take screenshots of images in the app instead of using its sharing functionality. Since that yields images in screen resolution, this workaround may not be suitable in all cases.

''[Anecdote follows, is there a better place for information like this?]'' This seems especially concerning since the app recently suggested that I post a "story", by putting together its suggestion of one. In that story suggestion, it used a picture I have in my camera roll - interestingly, a picture that is years old, that actually shows me, and I'm only partially dressed - it's a picture I took in a fitting booth that did not have good mirrors available. Possibly complete coincidence, but since only a very small percentage of pictures in my camera roll actually show me, it strongly suggests some algorithmic stuff going on. Which leaves the question, does that algorithm really run completely locally on the phone, or are images uploaded to Meta that the user never OK'd for this?

In my opinion, Android [or an Open Source fork of it] could strongly use a sandbox model that would allow me to "grant" that permission to the app, without actually allowing it to access anything outside of a dedicated container that the user has complete control over.

'''Useless notifications to boost engagement and facilitate tracking'''

Line 79:

Line 78:

Game developers are advised to avoid the OVRPlugin where possible and rely on generic OpenXR implementations that support the standard correctly. Affected users can try the Meta Plugin Compatibility option in their SteamVR settings. The latest version of Virtual Desktop should also have the workarounds implemented. Players of Unreal Engine games report that launching the game with -hmd=openxr can bypass the plugin.

'''Update on the Occulus Quest 2 /Pro removed a key feature on keyboard tracking[https://communityforums.atmeta.com/t5/Talk-VR/Removing-Keyboard-Tracking-on-Quest-2-Pro-What-s-next-on-the/td-p/1284678]'''

Meta’s recent decision to discontinue support for physical keyboard tracking on the Quest 2 and Pro, as stated in the V72 release notes, in just two years of lifecycle this showcase an enshittification on their products. Early adopters beware.

==Lawsuits==

@@ Line 14: / Line 14: @@
 ===Facebook<!-- Wow, we got a lot to list here... https://en.wikipedia.org/wiki/Facebook#Criticisms_and_controversies -->===
+==== Local Mess (June 2025) ====
+A study by Dutch researchers revealed that Meta used a local connection from the user's browser to their apps using WebRTC to communicate from the Facebook tracking pixel (a script website providers integrate into their websites) with Meta apps installed on the device to track the user and circumvent measures to prevent the user's data from leaking. This even works when the user is using the browser's incognito mode. Meta used this technique since at least 2024, Yandex used it as far back as 2017. The day the study was published, the corresponding code disappeared from the Facebook tracking pixel.<ref>{{Cite web |last=Girish |first=Aniketh |date=2025-06-03 |title=Disclosure: Covert Web-to-App Tracking via Localhost on Android |url=https://localmess.github.io/ |access-date=2025-06-04 |website=Local Mess (Github)}}</ref><!-- FIXME: The study has more than one author, not sure how to add more than one using the form provided by the Wiki -->
 ====The Linux Ban====
@@ Line 26: / Line 29: @@
 As a crude workaround, one can take screenshots of images in the app instead of using its sharing functionality. Since that yields images in screen resolution, this workaround may not be suitable in all cases.
-''[Anecdote follows, is there a better place for information like this?]'' This seems especially concerning since the app recently suggested that I post a "story", by putting together its suggestion of one. In that story suggestion, it used a picture I have in my camera roll - interestingly, a picture that is years old, that actually shows me, and I'm only partially dressed - it's a picture I took in a fitting booth that did not have good mirrors available. Possibly complete coincidence, but since only a very small percentage of pictures in my camera roll actually show me, it strongly suggests some algorithmic stuff going on. Which leaves the question, does that algorithm really run completely locally on the phone, or are images uploaded to Meta that the user never OK'd for this?
-In my opinion, Android [or an Open Source fork of it] could strongly use a sandbox model that would allow me to "grant" that permission to the app, without actually allowing it to access anything outside of a dedicated container that the user has complete control over.
 '''Useless notifications to boost engagement and facilitate tracking'''<!-- Maybe this warrants its own explanation, seeing that it has since become a commonly used dark pattern -->
@@ Line 79: / Line 78: @@
 Game developers are advised to avoid the OVRPlugin where possible and rely on generic OpenXR implementations that support the standard correctly. Affected users can try the Meta Plugin Compatibility option in their SteamVR settings. The latest version of Virtual Desktop should also have the workarounds implemented. Players of Unreal Engine games report that launching the game with -hmd=openxr can bypass the plugin.
+'''Update on the Occulus Quest 2 /Pro removed a key feature on keyboard tracking[https://communityforums.atmeta.com/t5/Talk-VR/Removing-Keyboard-Tracking-on-Quest-2-Pro-What-s-next-on-the/td-p/1284678]'''
+Meta’s recent decision to discontinue support for physical keyboard tracking on the Quest 2 and Pro, as stated in the V72 release notes, in just two years of lifecycle this showcase an enshittification on their products. Early adopters beware.
 ==Lawsuits<!-- I feel like this should follow the table format that I established with the Valve page -->==