@briankrebs This is exactly what turned my stomach immediately, and then strengthened my resolve. I’ve also made myself impopular by raising an eyebrow here and there when actual friends just started giving away my personal info without even as much as a single thought.

@briankrebs

There was a brief time that printed White Pages went digital and even national. That was mind blowing. I could see contact information for everyone in the US.

It only lasted a few months I think. Then gradually all White Pages went away.

So the process can reverse.

@briankrebs Wait, they ask?

@briankrebs and how many people say “yes” to sharing that information without a thought.

@briankrebs One thing about this ever persistent social graph building... I'm just more (or less) shocked by the number of long-ago exes who apparently still have my number in their contact lists.

@briankrebs and that’s something I’ve not given any app the rights to.

@briankrebs

I generally avoid apps unless they provide me a utility that isn’t available through a browser. And then the utility needs to be significant. Social media data mining of devices is a big driver of that.

@briankrebs As Mikko said it two years ago:

@briankrebs And that's the reason I don't use Signal. Doesn't matter how great the crypto is. The app part of it is shit.
(Not to mention relying on phone numbers for identifiers...)

@briankrebs @viss Cool, since we're all the last bastion of good examples, none of us use that tech at all, amirite?

@briankrebs I shared my contact details with LinkedIn once because I didn't realize they had scrapped that from me somehow and those people weren't already on the service. I felt pretty used when I realized it sent them invites on my behalf.

I never allowed a service to do that again. I care about the privacy of my contacts as much as my own. (I mean, I guess it's still my privacy too.)

@briankrebs You mean like Zoominfo (which at one point had billboards in California airports) building it's business model on people sharing their outlook contact forever via a plugin for access to searching everyone else's aggregated outlook contact info?

@briankrebs it's also the feature that I believe was responsible for Facebook's ability to take the lead from MySpace in late 2009.

@briankrebs You can add Viber to that list! I blocked it from accessing my Android contacts, and yet within seconds of providing my number (and no other details yet, not even name or photo, hadn't finished signup), I started getting Viber messages from old friends who have my number.

Viber insists they don't upload numbers and that what I describe couldn't have happened. Never figured who to report that privacy breach to... but it wouldn't get anywhere anyway, right?

@briankrebs Remember MCI's Friends and Family campaign and how many hated the spam? Tobe social media was taking notes to improve on MCI's mistakes.

@briankrebs Indeed. I'd never want to do that without explicit permission from every single person and I'm not likely to ever want to ask that. Feels like some apps are not helpful but tripwires to do something bad by accident. They shouldn't be and my operating system should help protect from such leaks by disabling the capability. I do want my contacts manager to let me try to contact someone via a service.

@briankrebs I don’t think I’ve ever shared my contacts with any platform. It’s one thing for me to consent to give some of my personal information to these patrons, but completely another if I sell out family and friends without router consent. 🤷🏻‍♂️

@briankrebs the big weird is that everyone acts like it’s *their* data to share when it really is *mine*

@briankrebs in the middle ages the inquisition used to have to torture people for their contact list... Torquemada wishes he had been alive in these times!

@briankrebs Your post prompted me to delete my Instagram account, which I haven't used in several months. Then I was reminded Facebook makes it almost impossible to delete accounts.

I deleted my LinkedIn a couple years ago.

@briankrebs Smells like a story that media outlets should be digging into. Society needs to understand the depravity.

@briankrebs

Ya, they are terrible for that. Its one reason I don't have a lot of apps on my phone. Why does a weather app need my contact info ?
🤔

@briankrebs You have identified the reasons that I do not interact with any of those entities.

@briankrebs
This was the point where I stopped using Facebook.
When their mobile app made it mandatory to connect with my contact list and messages, I deleted it.
Nobody gets my address book. I wish others were as careful.

@briankrebs Back when Facebook was starting to get big, I got an e-mail trying to get me to sign up, and giving me a list of people who I might know.

One of them was the father of the girl I'd dated in high school.

I get how that happened -- people shared their address books, and several people I knew would have had the two of us in common -- but it creeped me the hell out. Felt invasive. A sign of things to come.

I never did sign up for Facebook.

@briankrebs

if the service is free,
the user is the product

@briankrebs and when I refuse to share contacts WhatsApp only shows my messages by their photo and phone number as a punishment. Fine!

@briankrebs This is a great tactic too.
https://infosec.exchange/@secminded/109717564632731144

@briankrebs Back in 2015, I registered a throwaway Facebook account, and did my best to isolate it from everything else about me: single-purpose email address, only connected over Tor from a browser in a dedicated virtual machine. I guess I succeeded, because Facebook spent the next year and a half harassing that account for a copy of my address book or any other sort of connection to other people.

@briankrebs and the Chinese owned WeChat takes the cake: it won't start unless you grant it permission. If you run it in a sandboxed work profile? Your account gets terminated

https://michel-slm.name/posts/2020-12-26-wechat-surveillance-creep/

@briankrebs For sadly large values of "everyone" but fortunately not actually "everyone". I bet the various platforms have metrics on how many people agree to it. I wonder whether it is a majority or not; even with a minority doing such sharing, they still suck in a LOT of people's information.

@briankrebs that’s why I stored my contacts for a long time in KeePass on my devices, amidst not using any of the services.
But I am known to them, maybe as honey, or best friend or whatever nick my friends gave me.
Remember: In the first years, facebook loaded the address book without needing permissions. Too late for long term friends.

@briankrebs told them no every damn time.

The only one that didn’t ask…Signal.

@briankrebs Everyone always asks for all the information in your address book and asks to track you (at least now they have to ask, before they just did it, permission or not). It’s time to pass some laws about that.

@briankrebs
I refer to it as "snitching out all your contacts to surveillance capitalists." Same with installing spyware like Google Analytics on your site. It's snitching and should be thought of and treated as such. And, fuck, you don't even get a lighter sentence for it!

@briankrebs That explains why I was confused by the toot that started the thread. I never bother with the official app for any website, and typically don't bother with an app at all.

@briankrebs For me it speaks volumes that device manufacturers have to place a share contacts permission prompt in the first place. People don’t typically show up at the town center and start handing out full address books but Tech CEOs sure do. WTH happened to humanity? 😢

@briankrebs It is the reason I currently don't share phone number with most people. I know it would be send to crappy apps most phones have. LinkedIn, only corporate service I use, tries to get my number. Every time I log in (I don't often do it anyway) I see these annoying popup windows. They have also something to "import contacts" from e-mail address, luckily it couldn't scrap anything from Protonmail, even if I accidentally click this or if they would decide to do it automatic way.

@briankrebs I've been saying the same thing. It's crazy. Surely there's a case for a privacy law to ban it.

@briankrebs I still remember those Friendster emails...

@briankrebs yeah, and I don't do that. Never have, never will. I also do not use and Google products.

@briankrebs I didn't and I don't. There's a reason, why I don't confirm YouTube. Don't use a smartie (this horrible phone where everyone can "see" and hear you). And so on. It's enough, that banks sell customers data. Or insurence companies.

@briankrebs wild that there hasn’t been a notable lawsuit on this

@briankrebs it's shocking how they get to do that, when I download those apps I don't let them get access to my contacts but cause I said no I'm not sure if those apps can still get access to my contacts though

@briankrebs What I absolutely hate is how I can't even install some applications with consenting to give up all information I have ever know, know, I will know, to allow all accesses and give up your left kidney.

@briankrebs 🤬🤬🤬

@briankrebs @Infrapink
Pretty sure some of those used to download, then ask... So-and-so is also on FB/Snapchat/etc, send and invite?

@briankrebs
I was about to write that LinkedIn never asked me that, but it's because I've never installed any smartphone app for those services.
And regarding Mastodon, what you notice is that Mastodon is not run by a company, so it does not has incentives to monetize everything it can.

@briankrebs I think because Mastodon is built for you to use as you please. The other examples are built for someone else to use you.

I’m surprised we’re not collectively a bit more tired of being the product. 🤷‍♂️

@briankrebs Most interesting thing: with gdpr you have to get permission from everyone in your adressbook to share that information..
But .. well.. you can drag your friends to court over it 🤷‍♀️
Because usually there is a note or checkbox that you confirm you are allowed to share 😅