this post was submitted on 23 Sep 2023
114 points (70.1% liked)

Privacy

31982 readers
248 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I should have known if the apps free, you're the product. Duolingo appears to harvest the most data compared to other language learning apps.

Source: Surfshark Research

all 26 comments
sorted by: hot top controversial new old
[–] [email protected] 192 points 1 year ago* (last edited 1 year ago) (3 children)

This is utter nonsense. First, let me point out that this is an ad for Surfshark, a VPN company. They're trying to sell you their service by scaring you.

Second, their methodology is absolutely useless, it's an easy and very common way to come up with a clickbait article like this. They're just looking at app store permissions, and assuming the app with the most permissions is bad and the one with the least permissions is good. Which is utter nonsense, it might be that the apps with more permissions NEED those permissions because they have more FEATURES.

I could make a "language learning" app that ONLY asks for the audio recording permission, and then sell audio recordings of my users to the highest bidder. But Surfshark would praise my literal spyware as "privacy-focused" because it only needs one privacy permission!

The way to ACTUALLY do this properly would be to fully audit each app, find out WHY it's asking for additional permissions, go over the full privacy policy, and do some packet captures to figure out when the app is phoning home to send data, and what servers it's connecting to. Contact the app owners, ask them why exactly their app needs each permission. Consult some experts.

But that's too hard for Surfshark, they just want to write a scary article so that they can sell you a VPN that doesn't really make you safer on the internet.

EDIT: You know why I dropped Surfshark? They started bundling a "virus scanner" in with their "privacy-focused" VPN client. So my "privacy" tool wanted to scan all my files all of a sudden? GTFO.

[–] [email protected] 19 points 1 year ago

A bunch of these are also utter bullshit. "Purchase history" sounds like they can go through and read your Amazon purchases or something - they can't. Diagnostic data sounds scary, but I'd rather use an app collecting diagnostic data because the alternative is a buggy mess. Them tracking what you do in their app is way more help than it is dangerous. Stuff like device ids and such are also likely only pulled for that reason or to confirm your purchases with them, etc.

[–] [email protected] 13 points 1 year ago

So on point! It's in these moments that I wish there was a pinning feature

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

I can't figure out who does more scare tactic advertising - conservative politicians or VPN companies. I swear all of them want you to believe that Russia and China are watching you personally

The visualization is also horrible. Why the hell aren't the dots aligned with the words?

[–] [email protected] 7 points 1 year ago

Why the hell aren’t the dots aligned with the words?

Queue me, sitting here looking like an idiot trying to trace the line with my finger 3 times to find out what they're even claiming.

[–] [email protected] 39 points 1 year ago (1 children)

What a terrible table lmao

[–] [email protected] 3 points 1 year ago

Bruh. I want to start punching puppies who made this

[–] [email protected] 15 points 1 year ago (2 children)

Also, like, language learning apps suffer from the same problem as dating apps: if these apps could actually teach you a language, you'd eventually get proficient enough at the language to no longer need the app — and if you no longer need the app, then it can't harvest your data or subscription money anymore, and line goes down. So the app always needs to give you the impression that you're making progress, while actually sabotaging your learning at every step.

This isn't to say that these apps don't have a place in the language learning process, but rather I'm saying that you need to be incredibly wary not just of the privacy issues, but of how to actually use these apps effectively. If you're aware of their tricks, then they become less effective.

[–] [email protected] 7 points 1 year ago (1 children)

if these apps could actually teach you a language, you'd eventually get proficient enough at the language to no longer need the app

If it worked for you word of mouth will spread and others will try it as well. I don't see why these companies shouldn't be interested in that. They might lengthen the process and not give you the most efficient solution however.

People find love through dating apps, people can learn the basics of a language through language apps. The company wins either way. Maximizing screen time is not everything.

This isn't to say that these apps don't have a place in the language learning process, but rather I'm saying that you need to be incredibly wary not just of the privacy issues, but of how to actually use these apps effectively. If you're aware of their tricks, then they become less effective.

Good point. It's hard to learn a language and if you invest the time you'll get a good grasp on it through these apps. I leant multiple languages at school and it was really similar to what Duolingo e.g. are doing.

BUT in the end you still can't master a language without speaking it with other people. That however, is not a service that these apps can provide. They should, however, make it possible for you to find a basic foundation for communication. The gamification aspect also helps.

Regarding the privacy argument I completely agree.

[–] [email protected] 3 points 1 year ago (1 children)

People find love through dating apps

That is part of the business model, actually: if these apps absolutely never work, then there will be no word of mouth, no success stories to use in promotional material, and users would pretty quickly figure out that it isn't entirely their own fault that they haven't made the progress that they're expecting.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

But this is not a big ol neocapitalistic conspiracy against someone personally. Maybe your pictures do suck, maybe your bio is perfectly written etcetc. Many reasons why it might or might not work out for you.

Those companies are not as aware of their actions as many people think. They see 'x' happens and they might find a way to let it happen more often, but they seldom know why it happens.

Especially when it's about interactions between people and not just system-user interaction.

[–] [email protected] 2 points 1 year ago (1 children)

That is how it works, yeah. Very good point. Nobody needs to be actively malicious or conspiratorial, and it's silly to imagine people being that conniving: The most profitable matching algorithm on a dating app just happens to be ineffective for most people, and whoever happens to stumble on that algorithm first ends up making the most profitable dating app -- no need to know why it works, just that it does.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago

Thank you for your contributions.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah duolingo is useless for me lol. I took spanish throughout highschool and I recently installed the app and the intro test shot me straight to the end. Just one year of a highschool class will teach more.

[–] [email protected] 2 points 1 year ago

Their “Spanish for English speakers” course goes all the way through CEFR B2 proficiency. There’s no way to attain that in a year of HS Spanish unless you were in a Spanish-speaking high school, fully immersed. Some versions of the Spanish course (for other native languages) may not go as far, that’s just the one I’m working on.

[–] [email protected] 2 points 1 year ago (1 children)

When it says purchase history, surely that’s not all your purchases?

Also, on iOS at least, many of these would ask for permission and be met with a “that’s a no from me dawg”. Things like photos, contacts, and location data for instance.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

As a professional mobile app developer most of these lines are bullshit anyways.

Purchase history? Yeah that's just if you've bought subscriptions to the service. Of course we fucking know your purchase history: if we didn't how would you get anything with a purchase?

Crash analytics? Cool we get a stack trace of what happened when it crashed. Half the time it's not even helpful because it's buried deep in some fucking Java library.

Things like coarse location are getting more specific and a few lines here can be used to deanonymize you when used together but (or an advertising I'd which can be used to track you no matter what) but the majority of data passed to phone devs is us frantically trying to figure out what combination of make & model of android device combined with android version caused your app to crash.

Anonymity is important and we should all take it seriously. Most of this has jack shit to do with being anonymous.

Besides: ewa is listed as a paragon here when they collect advertising data, the most targeted and least anonymous of all data gathering.

[–] [email protected] 1 points 1 year ago (1 children)

The fact that the lines and the labels are not aligned makes this visualization very weird.

[–] [email protected] 1 points 1 year ago

Seriously, this is data representation gore.

[–] [email protected] 0 points 1 year ago

What is "customer support data" being harvested, and how much of this is actually optional?

[–] [email protected] -2 points 1 year ago
[–] [email protected] -3 points 1 year ago* (last edited 1 year ago)

This appears to only apply to iOS, and not Android.

It makes sense now, since it's impossible to do some of this on Android, so far as I know.