this post was submitted on 16 Sep 2025
141 points (99.3% liked)

Privacy

2504 readers
480 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
141
Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track ever (mastodon.social)
submitted 2 days ago by Blaze@piefed.zip to c/privacy@programming.dev
22 comments fedilink hide all child comments
 

More details on the linked Mastodon post

top 22 comments
sorted by: hot top controversial new old
[–] Kissaki@programming.dev 2 points 1 day ago* (last edited 1 day ago)

Is this about/a problem with iOS or Android or both? The linked post only talks about iOS.

I'm surprised they can include remote requests [by consequence of remote URLs] in notifications.

[–] DrDystopia@lemy.lol 21 points 2 days ago (4 children)

Haha that's devilishsly clever and delightfully evil.

[–] Deceptichum@quokk.au 9 points 2 days ago (1 children)

At this time of year?

[–] chamomile@furry.engineer 5 points 2 days ago (1 children)

@DrDystopia @Blaze It's a common pattern in email. Disappointing that we still have this problem, tbh.

https://en.m.wikipedia.org/wiki/Spy/_pixel

[–] DrDystopia@lemy.lol 5 points 2 days ago

Sure, that's why reasonable email clients don't run HTML code when opening an email.

[–] FundMECFS@anarchist.nexus 1 points 1 day ago

Username checks out

[–] FizzyOrange@programming.dev 1 points 2 days ago (1 children)

I would be fairly surprised if they actually did this for tracking purposes. This sounds like nonsense to me. They already have plenty of information about you and they literally sent the notification.

[–] phoenixz@lemmy.ca 2 points 1 day ago

Eh, of course they will.

If they can track it, they will track it, that is pretty much a guarantee, as data equals money. Mo data, no money.

[–] Suspiciousbrowsing@kbin.melroy.org 17 points 2 days ago (3 children)

What's the difference between them already knowing each push notification vs a push notification with a GET request?

[–] 4am@lemmy.zip 8 points 2 days ago (1 children)

Push notifications go through Apple servers.

HTTP GET request comes from the device loading the image; AFAIK though wouldn’t be a big deal if Apple’s servers loaded and cached it.

So Meta can watch for the GET requests and determine:

  • time of delivery to device
  • approximate location of the device
  • device’s IP, used to correlate other activity done on that device gathered elsewhere by the IG/FB tracking network

And derive:

  • what kind of connection you are using
  • from where
  • when
  • what time of day and location do you most often read IG
  • optimal time to try and distract you
  • who your preferred service carriers are and if/when you change them
  • how often you deviate from this pattern
  • through correlation, determine what deviation might be significant based on other data collected from your device or nearby devices at the same time
  • oh wow so and so didn’t look at IG much because they searched for baby clothes are they pregnant? Is a friend? Can we show more ads based on that angle to get sales?
  • and other, much more devious, much grosser intrusions
  • they get more sales from oblivious users
  • they grow their panopticon
[–] Suspiciousbrowsing@kbin.melroy.org 2 points 1 day ago

For your top 3 dot points, I still don't quite understand why they wouldn't already have that information if you're using the app and they're sending push notifications anyway.

[–] 6nk06@sh.itjust.works 12 points 2 days ago

Or Instagram belonging to Facebook? They already know.

[–] ReversalHatchery@beehaw.org 9 points 2 days ago (1 children)

I think the point is they get to know the exact time you first see the notification. It's a massive flaw in the OS, and I believe I have read about this years ago already, so that "privacy OS" is not intending to fix this leak

[–] scytale@piefed.zip 4 points 2 days ago

I wonder if disabling the preview in the notification will stop it.

[–] fox2263@lemmy.world 4 points 2 days ago

I’m sure Apple will be like bugs bunny no meme

[–] DrWorm@piefed.social 7 points 2 days ago (2 children)

Stop using the native app. Use the web app.

If you want to stop being addicted to Facebook or instagram, this is an effective way to do it. The web apps suck so much, it takes away all the “fun”

[–] BurntWits@sh.itjust.works 2 points 1 day ago

I was addicted to scrolling instagram and would go for hours on end, it was pretty bad. I still wanted to have access just to keep up on a couple accounts I care about but I didn’t want to be doom scrolling, so I removed the app from my home screen and replaced it with my lemmy client so anytime I would instinctively open it without thinking I’d open lemmy instead, which I find less addicting. I still doom scroll a little but not nearly as bad.

I’ll eventually be deleting all social media but there’s a couple people I only have on instagram or facebook messenger who I don’t want to lose contact with. But for anyone struggling with just auto opening an app and doom scrolling without thinking, maybe remove the icon from your home screen and replace it with something less addicting.

[–] antlion@lemmy.dbzer0.com 2 points 2 days ago

For a while I used the web app because it was actually better - fewer ads and consistent UI. Not anymore.

[–] homesweethomeMrL@lemmy.world 5 points 2 days ago

ATN

Always Turn off Notifications

[–] Kalothar@lemmy.ca 1 points 1 day ago

Harvey Dent.

Can we trust him?

[–] KSPAtlas@sopuli.xyz 2 points 1 day ago

Wasn't there a trick to abuse discord image caching and cloudflare caching to allow finding the approximate location of a user using a notification?