Study Shows Which Messengers Leak Your Data, Drain Your Battery, And More

from ars technica

Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

More here.

Posted in Privacy, Technology and tagged , , , , .

11 Comments

  1. I find it appalling that apps we put our trust in have the capability to download files we send to one another. (And by “trust,” I mean by making our profiles public or private.) Before reading this article, I was unaware of the purposeful breaches in consumer privacy, and I thought the only security features in place were the privacy status of our accounts and being able to block other users. I did not know that the companies would be downloading our files and see no problem with it, as mentioned in the video. However, it makes me pose the question, what is this all for? The links I send back and forth with my friends are solely for our enjoyment, not legal purposes. Why do these sites feel the need to download this data? The article mentions that sites like Instagram and Facebook Messenger are among the list of companies that have the worst reputation regarding this issue. It mentions that if documents like tax returns were to be shared, it would be dangerous in the hands of big companies who could then download and share the data. However, this confuses me because why would anyone send a document as important as tax returns as a private message on a social media app? In my opinion, this should be done over a system that is known to be secure and has a reputation in the financial field – not social media.

    It also does not sit well with me that the creators of these sites have different answers as to the capacity that our privacy is being violated. It eliminates the trust between the consumer and the owner, and I am surprised that this news is not on the headline because of how many people it affects. If more people were informed of this issue I think there would be an incentive for these companies to stop the practice of downloading private files for their own use.

  2. After reading an article like this, my eyes have opened up to a lot more possibilities of my data being taken, leaked, or even sold. Many of us are oblivious to the fact that the very social media platforms we all enjoy have a lot of access to the data on our phones and computers. In the article posted in the blog, it discusses the messengers from certain apps that are able to leak your data. The most interesting part about this is how this data has been leaked, and which apps are doing it. One of the biggest reasons data is being leaked is because of the link previews that these apps enforce. When someone sends a link to another person, the app “has to visit the link, open the file there, and survey what’s in it. This can open users to attacks. The most severe are those that can download malware. Other forms of malice might be forcing an app to download files so big they cause the app to crash, drain batteries, or consume limited amounts of bandwidth.” What this means is that the app has to make sure the link is safe, but by doing that, that means it can go through your data, and the websites data. Now this is just wrong and should not be allowed, and it is very fascinating that something such as a preview link would allow access to so much personal data from the consumer. I honestly think that these preview links were placed there purposefully, for an excuse for these social media platforms to have access to data that could end up being beneficial to them. Luckily, many apps like “Signal, Threema, TikTok, and WeChat all give the users the option of receiving no link preview. For truly sensitive messages and users who want as much privacy as possible, this is the best setting. Even when previews are provided, these apps are using relatively safe means to render them.” These companies are examples of companies that allow you to have the option to let these link previews have access to your data, and even have a setting for it in the settings. Unfortunately, more apps are not like this, and they will continue to take your data if you use their messengers.

  3. After reading Ars Techina’s article, I am frightened at the thought of sharing things on social media. People who use social media are starting to realize that our phones and applications take our information. For example, if I talk about an item or store with someone around me, when I go on Instagram or Facebook, a sponsored post comes up from that store I was talking about. It is truly a scary thought, your phone listens to everything you say, and applications store this data. In Ars Techina’s article, they tell us how when you send a link through messenger on Facebook or Instagram, the application stores your data and the link you sent. Even if the link is private, they save the full image and save it indefinitely. In the chart that was given in the article it shows us what applications are end-to-end encrypted, and unfortunately not many are. Although we are focusing on Facebook and Instagram, applications such as Twitter, Zoom, Tik Tok, and Google Hangouts all store your data. Unfortunately, when people communicate through any of these applications, they think they are doing so privately. Many users have no idea that your phone listens to everything you say or the links you send are stored in an applications database. I did not know my links or messages were stored until after reading this article. IMessage, the text message application on iPhones, is in fact private. It is important to send links or private messages through safe applications instead of risking your data through application messengers. As time goes on people are catching on to the things that applications are doing. Taking information, using what you say to advertise companies, and store private messages. Unfortunately, all these things we are okay with because we agreed to the Terms of Use of the application. While this all seems ridiculous, we signed up for it. But did we sign up for them to keep our messages indefinitely? To find this out we must go through the terms of use agreement in depth to see if this is truly what we agreed to. Sadly, applications such as Twitter, Facebook, and Instagram are able to be accessed by people around the world, and by sending a direct message they are able to connect with people in other parts of the world with no cost. By taking links out of messages and storing them, their messages are not private, and it makes users hesitant to use their services. Not many people have read this article and know what is going on through using applications. Many people who read this article are not going to think it is a big deal, but it is. When will users obtain privacy? Will we ever? Will we ever have a private message? Only time will tell, but at these rate, in a few years no information of ours will be private.

  4. The findings that Facebook was the most egregious offenders to our privacy and security do not surprise me. They continue to be the privacy bad guys, and one day, it will catch up to them through legislation or consumer confidence. One thing that surprised me was WhatsApp doing well on privacy when Facebook recently acquired them. It would be interesting to run this same test in a few months or a year from now when software engineers have had the time to switch over WhatsApp’s infrastructures if they plan to do so. LinkedIn was disappointing. As a Microsoft owned company, I would have expected better as Microsoft tends to be pretty good with privacy. Google vastly overperformed their reputation that is akin to Facebook’s, and Apple continues to be a privacy king. Tik Tok, who had a privacy scare this year, did great as well, so that is a pleasant surprise, but it doesn’t mean they are not harvesting Data elsewhere.
    Privacy is a topic I struggle with. Part of me wants to join my tech geek peers in a fight for privacy, but I don’t think it is that one-sided. Sacrificing privacy has its benefits, free services, better services that can utilize more data, and convenience, but is it really worth the sacrifice? I think a good place to start would be transparency and options. If privacy is going to defeat big data, let it but give consumers a choice. There should be and are pushes to educate consumers on privacy. I think giving users an option of say $5 a month to not have your data harvested and giving them an option to feed their data to the tech overlords for free. Edward Snowden said, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different from saying you don’t care about free speech because you have nothing to say.” When I read that, it struck me and put the issue into perspective. I think we have a right to privacy, and some challenging constitutional issues will need to balance the human-tech relationship.
    To call out Apple for a moment, I do not think they are a paragon of virtue with privacy. It is certainly admirable, but it should be remembered that every privacy feature they develop that does not work with android phones builds the fence around their walled garden higher and higher. Privacy is their excuse to behave like a monopoly in the app store, causing recent lawsuits. I would hate for Apple to do too much of a good thing and damage privacy integrity.

  5. One thing that I have learned a lot more about over the course of this class is online safety and protecting your identity when using the internet. We have discussed how people have very little privacy while on the web, with many websites tracking your information and storing it or selling it doing so without the user often even being aware that it is happening. In relation to this article I was unaware that so many apps had the access to private information that they have. Applications like twitter, Zoom, and Discord can copy form 15- 30 MB of a user’s private information. Even worse than that, Facebook messenger and Instagram can copy unlimited amounts of personal information. I did not know that they were able to do this before and this has made me pretty skeptical about the applications now. This is an invasion of privacy being able to store as much information as they do like this from within something that people think is a private message. Along with avoiding these messages I will try to avoid getting click baited into random links. The article states how these are prone to data leakage and potential bandwidth and battery drainage problems that I would like to stray away from moving forward. This article was pretty interesting and made me aware of things that I had not known before.

  6. Social media websites have become extremely intertwined with everyday life. It is more uncommon to not have any social media than to have them. With this it has become commonplace to share intimate details online. For example, Facebook allows users to put where they work, live, and went to school all on their profile. LinkedIn profiles go depth of the user’s education and employment history. These are details that one would want to remain private to anyone outside its intended audience, in this case being friends on the app. However, these apps use link previews to display information, which leak private information.

    When an app provides a link preview, it has to visit the link and scan the information. It can also download the malware from these links. Once the app has the document it is no longer private, even if you are unaware of it. It is commonly known that once something is on the internet it is there forever, and that is because these apps are allowed to download and keep people’s private documents, links, and messages. Large companies, like Facebook and LinkedIn, should not be allowed to manipulate privacy in this way. Facebook stated that when an image is downloaded it is a downscaled version rather than the original size. However, it has been proven that the company does download content in its entirety. This is not fair to consumers, who assume they enough privacy to share personal information.

    Message previews can also drain your phone’s battery. This happens because some apps download large files. This should not be the consumer’s main concern. While this is an inconvenience, the route of the issue stems from these apps collecting private information. This can go as far as downloading a tax return. Anything on a private OneDrive may be downloaded. Documents kept here may keep sensitive information, like a social security number, which is detrimental to share. Apps like Tiktok and WeChat have options to remove link previews. This is the safest option to consumers and should be the more widespread practice. Change must be made to keep people’s private information private.

  7. In the majority of the articles posted to the SW Blog, the themes of website platform holders either abusing their power or neglecting to use their power in a helpful way appears more often then not. Continuing the trend is this article from ars technica, in which they list some of the worst offending platforms that make brazen anti consumer moves in order to improve their own selves, either by making it easier to earn money off of its users or by saving costs by withholding features that would benefit the consumer. The article in question is mostly referring to the concept of link previews and what security flaws they expose in our systems that the holders just did not cover for their customers and users. What I wish to solve is the logic behind these sort of decisions, as I find it baffling why anyone who runs a company would purposely make their product work poorly, though I should mention that this does not include those who unintentionally leave bugs or glitches in products, as that would be an honest mistake. However, there have been reported cases of a company or platform claiming that they were not aware of any problems but then admitting later that they always knew. But for me, the reason why I cannot comprehend making intentionally defective products is then it pollutes the image of those who make it. As an early example, the original Xbox 360 was infamous for suffering the dreaded “red ring of death.” This was an issue that caused the power button to remain the color red and make it impossible to turn on again. Public perception became so bad because of this that many swore off Microsoft products again. To combat the heavy negative stereotypes associated with their brand, Microsoft took excessive steps to fight the image they unintentionally gave themselves by offering free repairs to all existing units with the defect. In this way, the Xbox brand was saved from becoming a total write off. So when I question why any company would willingly give themselves bad press, it is because of the extensive moves they must make in order to repair it again in the first place. A good reputation is hard to maintain, a broken one is even harder to repair. So my advice to these platforms suffering from these issues with link previews is to fix it for the consumers before their names are mud.

  8. Before our unit on contract law, I was completely unaware of the power that different apps and online services had over us, but now after doing research not just on these platforms, but also doing research on the class TID it all makes more and more sense to me now. When it comes to online laws and the regulation of these services, there are not many out there that truly help the consumer and I feel as though this has a a lot to do with the fact that all of the power that a website has over us is completely visible and accessible to the consumer from the moment we open up their software. Many people believe that these online services and platforms have too much power over the people who access their equipment, but after doing the TID I feel more towards the side of the producers. When you really look at it from a bigger picture, the same way these sites and platforms have power over us is the same scheme that is used when it comes to the constitution of a country. You don’t get to decide what it is that you want to abide by when you enter a country and the constitution they took time to build so why should you have that privilege when it comes to a website when it was built in similar fashion. Big companies have a lot of power, and a possible reason for the for lack of regulation is that these big tech companies are able to fund politicians. This allows bigger companies to operate with such a freedom we haven’ seen since monopolies were ruled illegal. Most recently Facebook faced a huge backlash over the controversy of the way in which they used the data of their consumers. Currently Facebook is home to 2.6 billion monthly users and 1.73 billion of these users use the app daily. This is at least 2.6 billion people that Facebook can update the information they have stored on them monthly. Companies like Facebook, use the implied in-fact contract to gain most of their rights while some may feel is a moral offense, I feel as though it is the consumer’s job to read the Terms of Use and find out what exactly it is that they are giving these companies control over as they browse their sites. Where this becomes controversial is that not many people feel as though they should have to read the Terms of Use due the fact that social media has become an almost necessary part of society. Although social media is a lot of people’s way to stay within the news it is not the only way to learn and keep up with the world.

  9. As someone who works closely with Instagram, you’d be amazed how easily links and other materials can be exploited. For instance, some users make false links that lead to ip grabbing sites. These sites acquire your ip address, dox, and more; and usually they’re masked as a normal average site. There is little to no security when it comes to link sites, and thus leads to many issues arising. Security on most sites is poor, many methods exist to acquire accounts, private messages, and more. The site itself already has access to plenty of your personal information and it only expands once other users learn to breach their rather weak protection methods. Security is also at risk when some links cause spam popups to occur, popups that force you to access sites that can be harmful to your device. They can forcefully take you to virus sites and more.

  10. What some people don’t realize when they open a link they don’t know what’s running in the background. Is the link one that could potentially lead a bad actor to hack your phone, is it draining your battery, or could it be opening something in the background that could be spying on what you’re doing on your phone. Some people are too trusting when they go to open a link on their phone. Sometimes these bad actors can disguise themselves as an app or payment system that you use on a daily basis, to try and trick you into clicking on the link to get into your phone. In some instances certain links will require the user to download something that is way too big for the phone to handle and the app will crash.
    Alot of times Facebook and Instagram will have system issues because it’ll crash. This is because people are trying to use links that aren’t strong enough to open on their device, so it causes the system to go down. This is why you should always be careful of what kind of link you’re clicking on. It could potentially mess up the app or even your phone. It’s always a smart idea to check your privacy settings. Always make sure the settings are at the highest option to keep your information intact. Allowing certain information to be public depending on the app or the website makes it very easy for anyone to steal your personal information. Certain websites such as messaging apps it’s definitely smart to make your information secure as well as the messenger because anyone could hack into the system and your information. Some bad actors are messing folks on messaging apps pretending to be someone that you think you may know, so that you answer and they can hack your phone.

  11. The amount of social media apps that we have downloaded within our phones can range from zero to around five. Out of those five social media apps three of them can potentially hack your phone and download all of ones data. The personal information that can be leaked can be ones credit card information, their social security, photos, etc. Which I am 100% certain no one would want to be leaked, especially by someone they have never meet or seen before. In addition, at times it may not even be a social media app and instead will be a link sent to ones text messages. Once the person clicks on the link it will allow the hacker to have complete control over his/her phone. Is social media really worth having if it means having all your personal information taken by a random hacker? The answer is no and there are some ways to prevent such a major incident from occurring. One of them being is not keeping credit card information, social security, drivers license, passport images from being stored on your phone. Lastly, the major one would be is to not have social media and if you do limit what you are posting to prevent as much personal information from being posted for the world to see.

Leave a Reply

Your email address will not be published.