Is FB serious about privacy? IDK, have they stopped MITM-ing all web traffic from their Android apps, something they can do at the flick of a switch? So "no", then. Got it.
-
Show this thread
-
-
Replying to @krave
"in-app browsers" come in 2 forms: webview (bad) and "system provided" (CCT/SafariViewController, better). CCT preserves browser privacy guarantees. WebView lets host app see all traffic *as plain text*.
2 replies 6 retweets 26 likes -
Replying to @slightlylate @krave
So if you set Brave or TorBrowser or Firefox (or Chrome) as your default browser on Android, apps that use CCT use *your browser* to load that content: https://developer.chrome.com/multidevice/android/customtabs …
1 reply 1 retweet 10 likes -
Replying to @slightlylate
Yup, I love CCT and wish use was more consistent— and thar users got similar choice of what browser to plug in on iOS! But it's not that FB is known to inspect the TLS traffic so much as they have access, is that right?
1 reply 0 retweets 2 likes -
Replying to @krave @slightlylate
(Or, put another way, what's different about FB's access to its "browser" traffic and Chrome's access to its browser traffic? (actual question despite sounding troll-y :) )
1 reply 0 retweets 0 likes
One of these is a user choice: you pick a default browser (say FF or Brave or Chrome) and you put your trust in *that browser*. With FB's default in-app WebView, you send *all traffic through an FB app*. Disrespects user's choice about default browser, privacy, and trust.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.