this post was submitted on 16 Sep 2025
153 points (99.4% liked)

Privacy

2555 readers
674 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
153
Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track ever (mastodon.social)
submitted 1 week ago by Blaze@piefed.zip to c/privacy@programming.dev
24 comments fedilink hide all child comments
 

More details on the linked Mastodon post

you are viewing a single comment's thread
view the rest of the comments
[–] Suspiciousbrowsing@kbin.melroy.org 20 points 1 week ago (3 children)

What's the difference between them already knowing each push notification vs a push notification with a GET request?

[–] 6nk06@sh.itjust.works 12 points 1 week ago

Or Instagram belonging to Facebook? They already know.

[–] ReversalHatchery@beehaw.org 10 points 1 week ago (1 children)

I think the point is they get to know the exact time you first see the notification. It's a massive flaw in the OS, and I believe I have read about this years ago already, so that "privacy OS" is not intending to fix this leak

[–] scytale@piefed.zip 4 points 1 week ago

I wonder if disabling the preview in the notification will stop it.

[–] 4am@lemmy.zip 8 points 1 week ago (1 children)

Push notifications go through Apple servers.

HTTP GET request comes from the device loading the image; AFAIK though wouldn’t be a big deal if Apple’s servers loaded and cached it.

So Meta can watch for the GET requests and determine:

  • time of delivery to device
  • approximate location of the device
  • device’s IP, used to correlate other activity done on that device gathered elsewhere by the IG/FB tracking network

And derive:

  • what kind of connection you are using
  • from where
  • when
  • what time of day and location do you most often read IG
  • optimal time to try and distract you
  • who your preferred service carriers are and if/when you change them
  • how often you deviate from this pattern
  • through correlation, determine what deviation might be significant based on other data collected from your device or nearby devices at the same time
  • oh wow so and so didn’t look at IG much because they searched for baby clothes are they pregnant? Is a friend? Can we show more ads based on that angle to get sales?
  • and other, much more devious, much grosser intrusions
  • they get more sales from oblivious users
  • they grow their panopticon
[–] Suspiciousbrowsing@kbin.melroy.org 2 points 1 week ago

For your top 3 dot points, I still don't quite understand why they wouldn't already have that information if you're using the app and they're sending push notifications anyway.