There is no reason to require this setting for users who aren’t posting live videos.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    209
    ·
    edit-2
    3 个月前

    Hostage permissions

    This is why I really like grapheneos. They’ve created scoped permissions, so the operating system tells the application Yes you can see this thing, but it’s empty. Right now they’ve implemented scoped storage, and scoped contacts. So if it tries to extort you to see your entire contact list you can limit it to an empty list, a very limited list, or everything if you don’t care

    https://grapheneos.org/features#storage-scopes

      • cm0002@lemmy.world
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        1
        ·
        3 个月前

        Yea, but it’s a good phone to target, Pixels are one of the few remaining manufacturers that freely let you unlock the BL and probably one of the last that is carried by nearly all major US carriers. OnePlus used to be another but iirc they’ve stopped selling on all carriers stores

        Yes yes yes, you can buy any frequency-compatible phone you’d like from like Amazon, AliExpress, Best Buy, manufacturer store etc but that’s an expensive option for many as you have to front the entire purchase price with little exception.

        So if you want a BL unlockable phone, purchased through a carrier to take advantage of the reduced financial load of payments instead of all up front, in the US…it’s pretty much just Pixels

        • Cris16228@lemmy.today
          link
          fedilink
          English
          arrow-up
          7
          ·
          3 个月前

          I was interested because everyone keeps talking about it and I wanted to try it myself but it’s compatible only with pixels. I have a Samsung and I changed phone recently so I’m not going to buy it again. I don’t want to spend 600+ for a new phone + 2/300? (100?) for the buds but my next phone will be a pixel🤔

          • cm0002@lemmy.world
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            2
            ·
            3 个月前

            Oof, yea Samshits are the worst of the worst. They’re actively hostile to those who would dare want to use their phone how they see fit.

            Even if the stars align and people are able to breakthrough the BL lockdown, Samshit phones are designed to blow an efuse and permanently lock the phone to 80% battery capacity just for a big ol fuck you

            Never EVER buy Samshit phones if you can help it

            • Cris16228@lemmy.today
              link
              fedilink
              English
              arrow-up
              2
              ·
              3 个月前

              Samsung buds? I know they have 100% features with Samsung devices, I don’t know if it works with other devices

              • Mycroft@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                3 个月前

                Would be pretty shitty if they artificially didnt worked. It think it’s still an headphones that can be used even without the, I’m guessing, nice intégration with Samsung phone.

                Disclaimer: I’ve never owned Samsung buds.

                • Cris16228@lemmy.today
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 个月前

                  Honestly? I like the “switch between devices” sometimes I use the old phone then I switch to my main buuut… I hope they don’t do it

        • Refurbished Refurbisher@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 个月前

          You can’t unlock the bootloader on carrier-locked Pixel phones; they need to be SIM unlocked in order for the “OEM Unlocking” option to be available.

          • cm0002@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            3 个月前

            Yes, but it’s far easier to obtain a SIM unlock than it is to unlock a BL from a manufacturer that just says “No” instead of “As long as it gets carrier unlocked”

            I have a Pixel Fold purchased and (still) financed through T-Mobile that is BL unlocked and rooted. Most of the time they’ll override their SIM unlock requirements if you’ve had an account for awhile. Unsure about ATT, I’ve heard they’re 50/50. Verizon, ofc, are a bunch of bitches about it

        • militaryintelligence@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          3 个月前

          Even Verizon? I’ve had a few phones from Verizon that were supposedly easy to root or whatever but they have that shit locked down tight.

          • cm0002@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            3 个月前

            Verizon are a bunch of bitches about it, they’re as bad as Samshit. They’re a match made in hell tbh.

            Of the major 3 carriers, it’s always been T-Mobile that’s the “most friendly” to tinkerers. Technically, you can’t unlock the BL until it’s been carrier unlocked, which TMO is generally OK about overriding their requirements as long as you’ve had an account for awhile

          • TurtleTourParty@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 个月前

            I recently bought and then returned a used Verizon pixel 8 because I couldn’t unlock the bootloader or even add a non Verizon eSIM.

      • rockSlayer@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        3 个月前

        It’s only guaranteed to work with pixels. It still works with other phones, but with varying degrees of success and obviously no official support.

      • olof@lemmy.ml
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 个月前

        I’m using it on a Fairphone 5 since a while. Works flawless

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      3 个月前

      I heard of scoped permissions before but didn’t know it could also zero the outputs of sensors to trick intrusive apps. That’s a neat feature set.

    • PopShark@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      3 个月前

      I really hope Apple implements scoped permissions sometime soon

      Edit: lol I just realized the OP could press “Not Now” - though technically the app would then prevent posting stories still :/

  • RangerJosie@sffa.community
    link
    fedilink
    English
    arrow-up
    61
    ·
    3 个月前

    I installed it earlier this year on android. But it wouldn’t let me sign in or browse without syncing my contacts from my phone.

    So I uninstalled it.

  • Raiderkev@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    ·
    3 个月前

    I set up Amazon Echo buds recently. I have no desire to use any of the Alexa crap on them and just wanted cheap, decent noise cancelling Bluetooth earbuds on prime day. You apparently can’t set them up without the Alexa app and like all the permissions. I downloaded it on an old phone that’s practically blank, set up the buds, and deleted the app. Once it’s set up you can use like regular Bluetooth earbuds. They wanted location all the time and a few others (microphone maybe?). Selecting only allow this time wouldn’t even work. I get it Bezos, u want my data, but fuck off u aren’t getting it.

    • yamanii@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      3 个月前

      You should look if it works with gadgetbridge. Maybe you can get some functionality back that the app had?

  • occultist8128@infosec.pub
    link
    fedilink
    English
    arrow-up
    19
    ·
    3 个月前

    all meta’s apps are suck ngl. i hate the way i can’t paste image from clipboard in whatsapp chat without giving whatsapp permission to manage my storage.

      • occultist8128@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 个月前

        idk when this sh*t started but in the older versions (as far as i remember), whatsapp didn’t ask for this if the image was from my clipboard. that was one of the trick to not giving the permission to manage my files to whatsapp when sending images.

  • Chozo@fedia.io
    link
    fedilink
    arrow-up
    17
    arrow-down
    2
    ·
    3 个月前

    Gonna play Devil’s Advocate for a moment here.

    I assume that this isn’t actually for nefarious purposes, and is actually just a low-effort way of curbing spambots on their platform. It’s likely that the bots are using emulated devices to post from the official app, and this permission might lock up a lot of those bots. Obviously this wouldn’t be the best way to combat spambots, but I’m gonna go with Hanlon’s Razor on this one.

    I know the immediate first thought most people will have is that this is just so Meta can open up another avenue to spy on you. But let’s consider for a moment the logistics involved in that. Audio/video data is huge; capturing and parsing it it requires a non-insignificant amount of CPU/battery usage, and transmitting it will use a good bit of bandwidth, both of which would be noticeable by even novice users (since most modern devices these days will show an on-screen indicator whenever certain sensors are being activated, and will tell you what app is using it, so seeing Instagram trigger your mic/camera when you’re not using it would be immediately noticed by just about everybody). That would also make this one data stream exponentially more costly to gather and process for Meta than most of their other data streams combined.

    Also consider the fact that Meta already has over a million data points on just about every single person on the planet, anyway; what could they stand to gain by monitoring your IRL presence that they haven’t already inferred from the other, less-invasive data they’ve gathered on you? Half of the recordings they’d get would be farts and “oh my god, stop barking, nobody’s even at the door”, and Meta probably already knows that you have a dog and lactose intolerance.

    It’s more expensive to produce, it’s more likely to be detected, and there’s less of a guarantee that you even get any usable data from it at all since they already know just about everything about you already. I really don’t see spying as the end goal for this particular action, only because it doesn’t seem like a profitable venture.

    None of this is to suggest that Meta isn’t spying on you. They are. They 100% are spying on each and every one of you. I just don’t think the mic/camera are how they’re doing it.

    • 1rre@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      21
      ·
      3 个月前

      Not even that, it’s more than likely some PM said “we want to open the camera and be ready to record when someone goes on the story tab”, then it gets implemented as needing permissions first and not considering that some people wouldn’t want to give the permissions and only upload from camera roll

  • Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    3 个月前

    If they don’t already have rules about this, Google and Apple should update their store rules to prevent this crap.

    • Dogeek@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      3 个月前

      Playing devil’s advocate here but there could be legitimate reasons to prevent features of an app if you don’t give the permissions.

      Things like professional type apps that need geolocation to work (geofencing, photo geoloc) or because x big shot client wants to track their employees and you’re just forced to accept that unless you want to declare bankruptcy.

      Definitely is a very hostile pattern though and there’s no reason for meta to do this shit…

  • Robotunicorn@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    3 个月前

    Not surprised. It’s just Meta being Meta and garbling up all yo data so that it can make money from it. Maybe don’t use the app. Try accessing from your mobile browser.

  • aaaaace@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    3 个月前

    They keep filtering the stupid people, but there’s always more.

    I keep wondering what zuck has to do to be more obvious, but it seems like an infinite horizon to someone whe never signed up for any meta product.

    Also, soft switches don’t really turn things off. Physical covers over cameras, mics, and speakers can’t be overridden.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    3 个月前

    I believe that there’s some app out there for Android that lets one create a spoofed environment for apps that demand certain permissions to function. Returns bogus data to them. Might require a rooted device, though.

    goes looking

    Yeah.

    I think I’m thinking of XPrivacyLua, which requires Xposed, which in turn requires a rooted device.

    EDIT: all that being said, I do think that if practicable, it is kind of an argument to use something other than Instagram, and more broadly, to try to keep use on a personal computer rather than phone, where it’s easier to deal with or avoid shennanigans like this.

    • reallykindasorta@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 个月前

      This does appear to be a functional workaround atm (the mobile website via safari app allows me to post photos to stories) but the editor is severely gimped so you can’t resize images and such. Desktop version doesn’t seem to allow you to post stories at all. If I NEED to share something perhaps I’ll use this.