I want to preface this by saying that yes, I know that Instagram is bad. I am planning to get rid of it in the future but as of now I have to keep it for communication with people who are only on that platform.
So I have grapheneOS, use protonvpn (free version), use mull as my browser, and do not have google play services enabled on my phone. I do have some apps downloaded through aurora store such as Instagram, whatsapp, mychart, and mint mobile, but the rest came from f-droid.
I have noticed multiple times that after having private conversations on matrix, I get Instagram content in my feed that is scarily accurate to the conversation I had on the other platform immediately after. I know that things discussed in Instagram direct messages and group chat will give suggested content based on those conversations, but I get stuff that that is very specific to what I have ONLY discussed on matrix and didn’t look up via my browser.
So my question is how is Instagram doing this and what can I do to mitigate the spying it’s doing on my other apps. Thanks.
Imei ISP DNS Keeb
Use it only through your web browser or bite the bullet and don’t use it at all despite those people that are currently on it. Maybe explain in a meme why you are leaving and where you can be found.
Even better: Look into self hosting a Pixelfed server. It takes some skill but will be way better.
You probably discussed it because you were aware and interested in it, and your awareness and interest showed through in your other trackable habits outside of your chatroom. You only notice when they guess your interests correctly.
this is the real answer. unless you gave the app a bunch of permissions it shouldn’t have, they cannot see what you do/say in matrix. but they don’t need to. you willingly feed them enough information through location/posts/comments/private messages/friends/contacts/+a very long list of things for them you figure out your interests and serve you tailored ads.
I’m not so sure. I’m interested in this thread because I had a recent issue like this. I barely use Instagram, hadn’t booted the app for a month or something, only have it to support my SO’s art account. Never comment/DM, just likes. Had a lengthy in person conversation about tattoos and the idea of getting them at current location. I didnt do any searches on my phone or any other device for that matter. Don’t have any tattoos, or ever look at that content on insta (only follow art and wildlife photography accounts). Booted up Instagram that day and was getting purely adverts for local tattoos studios on my feed. Checked my permissions, all disabled. The only explanation I have is that it’s somehow still listening. That can’t possibly be a coincidence.
The only explanation I have is that it’s somehow still listening.
or the other person participating in the conversation had looked them up.
I had considered that, but that would mean they are collating and amalgamating data coming from a single IP, which is almost as bad as listening to my microphone. Both are data gathering without my permission.
they are collating and amalgamating data coming from a single IP
lol no shit. of course they’re aggregating location data, this is how, among other examples, some therapists ended up having their patients recommended as Facebook friends in the past.
if they see someone being frequently in the same location you are and at the same time you are, they will leverage your relationship to serve you ads based on their (and, presumed by the algorithm, shared to some extent) interests.
Well how do you combat that if you are in a household or shared network with others who aren’t privacy conscious?
without them changing their habits? you don’t.
It’s more likely than not that, but I would like to err on the side of caution and figure out a way to fix it just in case my suspicion is true.
Keep nefarious apps in your work profile and don’t store any files in your work profile. Turn on the work profile only when you use the app, then freeze it again as soon as you’re done. Regularly clear the apps’ caches. This will limit what the spyware can spy one and how long they can spy on you.
Use a modified app of Instagram.
At that point you might as well move to something else
It would be nice to have some bots scrape some hashtags and cross post to fedi
God no
I feel a lot of these responses miss the mark. If I read it correctly, you suggest matrix is the data leak and the results of which show in Instagram.
Matrix has many clients, one of which could be leaking data, but not necessary from your end of the conversation.
There are also keyboards which analyze input, and high privileged apps that can read notifications.
From what I understand, Meta apps can scan a device for a list of apps installed (probably somesort of fingerprinting concern) but can’t actually read app interactions or content.
I’d say hi in a chat with some clear, unique keywords on a new or old/wiped device and see if the leak continues. It may not be you at all, but it would identify the problematic device
If the only thing you use it for us chat, I think you can chat with instagram users on FB messenger instead, which you can then heavily restrict in terms of the OS permissions you give to it.
Wait, really? Can I log in with my Instagram account onto it? If so that’s great news because the main reason I’m keeping it right now is the chat, but sometimes get sucked into the content vortex.
I’m not sure, I think it may use an FB account. But you could make one specifically for this one use-case and then nuke your IG account.
Use the user profiles feature of grapheneos to make a “social” profile and only use that to access Instagram / facebook.
Meta sells your convo data on WhatsApp for ads, if you use it you will get targeted ads regardless.
Other options are signal (Molly on fdroid), simplex, etc.
My car has an aux cable to connect to my phone. The cable died again so I’ve been rediscovering the radio and I’ve been been hearing commercials for whatsapp. They advertise E2EE as a feature. What you are saying is a contradiction to that. Is it possible to have E2EE AND have them sell your convo to third parties?
they encrypt the content, but not the metadata. so Meta might not know what you’re talking about, but will know who do you talk with, how often, where from, for how long, and so on. that’ll often be more valuable for advertisers than the contents of the messages themselves.
More importantly, Meta also has the encryption keys of any WhatsApp conversation.
It’s like a fucking META password manager that unlocks your vault… (…as in your WhatsApp conversations) and locks it when they are done spying, whenever they feel like. Repeatedly.
You have no control, as in a secure private conversation unless you have the keys on your device.
They advertise E2EE as a feature
They can call it E2EE as much as they want, but it’s a lie. It’s encrypted in transit and at rest, at least on the user’s device, but unlike true E2EE, they can decrypt and view any conversation they want to.
This is particularly insidious, as they claim to use the same encryption as Signal, developed by Open Whisper Systems. But Meta allows themselves access. 2 billion users. SMH.
So E2EE but they have a copy of the keys to use at their discretion. Cool, we have digital landlords now.
E2EE* plaintext with extra steps
It happens to me as well, in my instances it’s most likely the social network they tied me to. Some friends of mine are heavy Instagram users and whenever I hang out with them I get almost real time relevant ads on my isolated Instagram.
If you want to be extra safe I guess the best way would be to use the web version of Instagram with ublock origin installed. If you can find a way to use Firefox containers on Android as well it could really restrict what they can access.
Probably because your friends search about it when they are not having things separated and based on the social graph that IG thinks you’re interested in it too?
None of my matrix friends are on Instagram and vice versa
That can be your friends’ friend/family doing the search. The social graph is never being 1 degree only.
Maybe Instagram has access to your keyboard so it can monitor what you’re typing in other apps.
All I’m using is the default graphene keyboard
I’m suggesting that Instagram may have the permission enabled to monitor your keyboard presses
I see what you’re saying now. In settings it only has network and photo permissions (with photos being limited access). Is there a way it can get that permission outside of the permissions list in settings?
Use Instander.
I have heard mixed things about instander
The reality is actually far scarier…
Meta manipulated you to have those conversations.
/s to a degree.
whatsapp is owned by Meta. I did a quick DDG search to see if I was correct and got this:
“Meta owns several companies, including Facebook, Instagram, WhatsApp, Messenger, Threads, Meta Quest, Horizon Worlds, Ray-Ban Stories, Mapillary, Workplace, and Portal (discontinued).”
I’ve been working to get the people I communicate with on Signal.app, instead. Other more informed individuals may be able to make additional suggestions.
Signal.app
Just say Signal holy fuck.
I have gotten some people on signal but I will have to wait to try and get more on it. I’ve also heard that there’s privacy issues with signal but even if the allegations are true it’s a big step up from Instagram. I’m hoping to mainly use signal and my self-hosted matrix server in the future.
I suspect the main issues people ‘in the wild’ have with signal involves ineffective use of the app. Do you check the ‘safety number’ with every user? Do you use disappearing messages? Does anyone have access to your phone, or other linked device?
Here’s what the interwebs say about Signal and Security:
Signal encryption key vulnerability being fixed on Mac (and less fully on Windows), July 12 2024 https://9to5mac.com/2024/07/12/signal-encryption-key-vulnerability/
https://www.trustedreviews.com/news/is-signal-safe-4129801
https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/
