this post was submitted on 19 Oct 2024
34 points (100.0% liked)

Privacy Guides

16826 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

First and foremost, I'll get this out of the way: I abhor all commercial social media. I don't trust them, I know users are the product, and - ultimately, I feel they're nothing but a cancer on society.

But, I also have to acknowledge that, for one or two use cases at least, they seem pretty unavoidable.

For me, that one use case is Facebook Marketplace. Here in Australia, there's simply no better alternative if you want to reach a large number of potentially interested buyers (or even buy some stuff yourself). The supermarket noticeboard is no more; the Trading Post was bought long ago and died on the vine; and Gumtree has devolved into a cesspool of nothing but scammers and fuckwits.

So, I use FB Marketplace. My FB account isn't in my name, uses a throwaway email address, and has no followers or friends. It's only a member of the local buy/sell groups that I'm interested in, and it performs no "social" activities (posts, likes, etc) at all.

Until now, I generally only use FB marketplace with a "clean", dedicated browser on my computer, running in private mode and via a VPN. But, it means I frequently miss messages from interested parties when I'm away from my computer.

I also sometimes use the mbasic.facebook.com site from a private Firefox tab on my iPhone, but FB has just started telling me I need to use Chrome (no. fucking. way.) or Safari (maaaaaybeeeee?) after October 28th.

When I was on Android, there were a few wrapper apps that I was able to use but, so far, my searches for an equivalent on iOS have turned up nothing.

So, knowing full well this may lead to nowhere, I thought I'd ask this community: does anyone have a good, privacy-friendly way to use FB on iOS?

Thanks in advance for any useful tips or suggestions.

you are viewing a single comment's thread
view the rest of the comments
[–] kyub@discuss.tchncs.de 4 points 1 month ago* (last edited 1 month ago) (1 children)

Normally, no.

You'd have to set up a completely new account which you only ever access via e.g. Tor, then use Tor Browser on iOS to log into that account and only ever use your account exactly like this or else you'll leak your current IP address as well as related data about you or your device to Meta. Also you'd have to never give any kind of personally-identifiable info to them. Then you'd have an anonymous account, but the goal of Facebook is to connect to other people you know. Once you add and talk to friends on Facebook, they might already know who's behind that account, especially if you already had a different account in the past which pretty much had the same set of friends already. Also, remember that many people use WhatsApp (also by Meta), and WhatsApp collects among other things the whole address book or contacts list from the phone of each user. And most normal users don't use contact scopes or things like that to spoof their contacts to Meta, so they'll most likely get the real contacts list. That means if let's say you have 5 friends named A, B, C, D, and E, and those 5 friends all use WhatsApp and have each other and you saved as a contact in their address book, then it's even easier for Meta to guess with high precision that you are this person that knows those 5 people and/or who is known by those 5 people. So there are even other factors to consider, some of which are outside of your own control, because all the persons you know and want to add to Facebook give a lot of data to Facebook themselves as well, and that data also might be used to identify you in various circumstances. So you'd also have to behave anonymously when using your anonymous account. Which kind of goes against the whole thing of social media like Facebook. Since they monitor every user's interaction on their website or apps, it's likely that they'll be able to eventually identify you once they've gathered enough data about your usage patterns, visited links on Facebook, contacts you added or which have added you, messages to contacts or from contacts to you, and so on. Simply using Facebook means you're actively giving tons of data based on your usage alone to Facebook. It's even theoretically possible for them to guess who you are based on your usage patterns alone, e.g. what you look at, what you type, how fast you type, and so on.

So yes it's possible to get an anonymous account on Facebook, but it's inconvenient, and probably runs contrary to your goals on that platform. Which is why I recommend to not use such platforms at all, and instead keep in touch with your friends via secure and private open source based messengers like Signal or Threema (Libre?) or any Matrix client. After all, services like Facebook are mainly for Meta to sell data about their users, that's their primary business model (they almost don't sell any products or services, they almost solely sell data about their users, that is basically the only way they make (a lot of) money. Well, and ads of course, but that's closely linked together because the ad industry wants personally targetable ads, so it needs user data to better place targeted ads). There also isn't a real need for such platforms anymore, because you can connect to friends in other ways on various other platforms, the only hard part is getting your friends to stop being lazy and switch to something more secure or private. When Facebook got big, it might have been the only social network of its kind, but these days tons of other, better options exist. So get your friends and contacts to move to something else. Or if they don't want to move with you, then maybe they aren't that important to you to keep in contact with.

Using Facebook in any other way, shape or form (e.g., using their app, or using their website with your real IP address) is very likely not going to be anonymous to Meta. They'll automatically receive your current IP address (which on its own might already be enough for them to establish a link to your person, since they also have trackers in place in lots of other apps and websites), and on top of that various information about your device or browser (which, again, can be a key factor to link your current usage data to your person), if you use their app (which you shouldn't ever do) they get even more data on you (not just you, also your contact list, nearby devices, and things like that), because those apps require so many permissions and have so much tracking integrated that it's a whole treasure trove of information that's being sent about you and your device, and they'll interconnect all that data with the other data they've gathered about you or your device(s) in the past (which, as a rule of thumb, will always be much more than you think they'd have). An app with integrated tracking is always more harmful to your privacy than using their service from within a web browser, because the app can read much more data about your device compared to the web browser. (But be mindful that some web browsers (especially the proprietary ones like Chrome, Edge and Opera) also have quite a lot of tracking capabilities inside them.) So using Facebook in a somewhat normal or convenient way and at the same time wanting to remain anonymous to them is basically impossible.

Also, you'll never be anonymous to government-based mass surveillance (who are collecting almost all network traffic, constantly) when you use your real IP address online. Anywhere. Your real IP is always connectable to your real person for them (also in retrospect). Even if they can't look into encrypted communication data, like the contents of chat messages or what you did on a specific website, they can see the metadata, among that is which hosts you contacted, and when, as well as more unencrypted details, and such metadata can already be very revealing. To quote the ex NSA chief "we kill based on metadata". Protecting yourself against commercial-based surveillance by companies like Meta is more realistic to achive (at least partially), because it's easier to avoid or evade commercial tracking (by blocking all or most of their tracking methods like app-integrated trackers, tracking Javascripts and cookies on countless of websites, and so on) than it is to evade someone who's sitting directly at all relevant network cables AND buys additional data from companies. Lots of easy-to-use tools exist to counter or limit commercial surveillance, like ad/content blockers, blocking host lists, PiHole, ad-blocking DNS servers, open source software and operating systems (because they are almost always free of trackers and surveillance tech), and things like that. It all minimizes your exposure to these data hoarding companies. And the less data you transmit overall to such companies, the better. But if you also want to protect yourself against any government-based mass surveillance, you'll have a much harder time than that. You'd need to always use different IP addresses (again, via Tor or VPN etc.) and avoid having anything leak out that can connect your other IP to your real IP. Which is hard.

[–] DeltaTangoLima@reddrefuge.com 3 points 4 weeks ago (1 children)

Mate, I appreciate the effort you took to write your response, but I get the distinct impression you didn't go past the title of my post before responding.

As I said, I'm only seeking to use FB marketplace to buy and sell - nothing more. Nothing social. No friends or followers.

I thought I'd made clear the lengths I've already gone to, to maintain my privacy when using FB on my personal computer, so I'm just looking to understand if the same is possible with iOS when on the move. That's all.

[–] kyub@discuss.tchncs.de 1 points 4 weeks ago* (last edited 4 weeks ago)

In that case, you probably have to:

  • Use Tor respectively Tor Browser (without any additional extensions, and set the default security level to "Safer" if possible with Facebook) to create a completely new, anonymous account on Facebook. Don't enter any data there that could be linked to your person, e.g. no real mail address (use an alias, ideally a completely new one), no real names, no real data, also no real billing or delivery address. Literally nothing that could be linked to your person. Only ever use Facebook's site within the Tor Browser, to ensure that your real IP address and browser data aren't leaked. Never use their apps, never use your regular browser for it, also don't use PWAs because that's similar to using a regular browser, which reveals your real current IP address to the site. Unless you use a VPN to have a different IP, but you'd have to minimize your VPN usage just for that app interaction. If you continue to use the same VPN IP for other stuff as well, you could de-anonymize yourself later on. Mullvad or Proton are commonly regarded as good choices for trustworthy VPNs which don't log or sell any user data, or at least there are no known cases for it (yet).
  • Don't add any friends on the site, try to limit your interactions with the site so that it can't create a big psychological profile from you and try to link that behavioral data to existing persons (the more you use the site the easier this method might become for them). Behave slightly differently than you would normally.
  • When you buy something, remember that you'd have to conceal your real delivery and billing data/addresses as well. Which is hard to do when you actually want to buy and receive something. Your payment data and/or address data can EASILY and instantly de-anonymize you, also in front of Facebook. So my suggestion for something still practical would be to have a relative or friend buy it after you arrange that with them, have it delivered to their address, and you pay them for it and gather it from their place. So in essence you need a proxy person to do the receiving and paying for you. If you want to sell something, that's more inconvenient of course, but you'd also have to do it similarly.

The most problematic de-anonymizing data about you is going to be your real current IP address (which is revealed when you use a regular browser, PWA or their app, all with a non-VPN or non-Tor IP address) as well as billing or address data. In case you're using their app, they'll be able to gather even more data to de-anonymize you more easily.