Amount of trackers in the app - are you serious?

As someone who worked as a software engineer in the analytics space for over 7 years, in some big tech companies, I think you’re all blowing this out of proportion. Yes, we collected a lot of information, but nobody cared about personally identifiable information, it does not provide any value in most cases. What we collected were things like: latency information (to make the app faster), errors and crushes + contextual information (to make the app more stable and reproduce bugs under lab conditions), behavior data (to improve the workflow and user experience).

Companies need to measure these things in order to offer a stable and performant application. Let’s say there’s a bug and the app crushes on some old Android version, in a certain country, and only when using some crappy internet provider. The devs can’t test that specific scenario, so they’re not aware of it. On the other hand users are not taking the time to report it, but instead just uninstalling de app completely because it’s “full of bugs”. So the only viable way for such a bug to ever get fixed is if they capture information automatically. How is that bad for you exactly?

Seriously, devs don’t care about your pr0n preferences, the dick pics you send to your EX and the other cringe stuff you do on your devices, I can assure you that.

With respect, who gets to see your dick pics and whether they’re interesting to devs or not is not yours to discern - it’s private.

And, it’s already been acknowledged that some stuff is nice-to-have, for the reasons you outlined.

I haven’t researched where all the calls are going but there’s at least one I question: Trustpilot? And I’d throw in Facebook, too (unless it’s being used as authentication, I don’t know). And there’s a bunch of IP addresses.

And then there’s the impediment to speed.

I mean, there’s stuff that’s nice-to-have, and there’s stuff that’s nice for users to know, and stuff that’s nice to cut out if they’re unnecessary.

With respect, who gets to see your dick pics and whether they’re interesting to devs or not is not yours to discern - it’s private.

I’m just highlighting that a company does not have any financial incentive to look at your private live. So if anyone is concerned about that, I think they’re just paranoid. No company would risk their reputation to collect such useless information. They’re only interested in aggregated data, to understand major trends.

Facebook may be used for the most unexpected reasons: for login, for the like button, for their analytics platform, as image storage or just to ping them as a check that the phone is connected to the internet. Just seeing that the app requests facebook.com tells absolutely nothing.

Regarding trust pilot, it could just be a simple things such as a “review” button…Again, just seeing a bunch of domains tells absolutely nothing about what’s collected.

Unless someone shows a sniffer capture with sensitive data being sent to a 3rd party, I’ll consider Trading212 innocent until proven guilty. I don’t see anything suspicious, it’s what every other major app does.

One man’s trash is another man’s treasure. Again, with respect, it’s not for you to discern. I’m sure you’ve heard, or are aware, of huge data leaks occurring; including FB.

This app contains highly privileged data.

Isn’t that (one of) the concern(s) being made?

As for the rest of your post, again, with respect, your answer contains ‘mays’ and ‘coulds’ and conjecture.

Cruft can be left lying around by devs for a multitude of reasons - pressure, time constraints, forgetfulness etc. - and can go unnoticed for several years later and be really troublesome.

This can be a deep rabbit-hole to dive down so I give you the last word. The concerns have been raised, it’s for T212 to address (hopefully not in vanilla fashion).

I feel like you’re not following at all what I’m saying. There’s no way for a company to profit from your “little dirty secrets” in any (legal) way. So no, your trash is nobody’s treasure, I can guarantee that, unless someone is trying to blackmail you or something. So it means that they won’t even try to collect it, because for them it’s a liability and a stupid risk to do so.

Isn’t that (one of) the concern(s) being made?

If you don’t know what those requests are used for, how exactly is that concerning? On the same line of thinking, a hammer can be used to break skulls. So should I be concerned when my grandpa buys a hammer? It’s absurd and it just shows a complete lack of understanding of how tech works.

Unless you look at what’s sent over the line and the data transmitted is suspicious, I don’t see any concerns at all. Maybe they just load the Facebook logo from their website or something. If you’re that concerned, I have bad news for you, 99% of the apps are doing the same things, so you might as well disconnect from the internet to stay “safe”.

A broker can of course extract profit from your data from things like pay for order flow, arbitrage, taking the opposite side of your trades etc, but it has nothing to do with this thread.

This can be a deep rabbit-hole to dive down so I give you the last word

That’s the idea, it’s not. You just make it look like a conspiracy theory for no good reason at all.

I personally own a financial startup. Our app connects to Facebook because we use some of their APIs (e.g chat-head), it connects to google because we use their recaptcha and sign-in with google, it connects to cloudflare because we use their reverse proxy, it connects to amazon for their cloud services and a bunch of other providers. The internet is supposed to be decentralized, that’s the main idea. You build on top of what others are providing.

• Do we spy on our users? not at all.
• Do these 3rd party services get any (useful) information about our users? other than the IPs (only in some cases) and the fact that they are our customers, not at all.
• Would we gain any advantage by selling our customers’ data (name, email, dong pictures)? that would be the stupidest thing to do, because we would likely get peanuts (nothing), but risk losing our customers’ trust (everything).

Sure, but in my opinion that analogy doesn’t apply here. Noone here is against technology or the internet as a whole, but the way data is handled.
An app that’s supposed to handle financial data has no legitimate purpose of connecting to a company that’s known to rape privacy. Facebook is supplying those libraries for free to developers because it also helps FB to gather data. Even if T212 had no evil motives here, Facebook does.
That would be like involving the Mafia and say they are only doing good in this particular case. Noone would believe that either.

Yes, and that’s the problem I was mentioning in the beginning. It has become common to not ask or to put you in a position where you have no alternatives, but to swallow the poison.

I am developing open source apps myself. I never had real problems with getting the required data to fix bugs - with the permission of the user and without sending the data to a 3rd party. That’s easily possible, but many don’t bother nowadays.

Totally agree. And now that many devs are including the services of only a handful of companies that idea of decentralization has been totally broken.

Why not? A hammer is the same as a HTTP request, a hammer from well known producer is like a HTTP request to a well known site like Facebook. The content of the request (how you use the hammer) is what matters in the end. The initial picture just shows some requests, for all I know, they may only load an icon or a font.

You do realize that Facebook is way more than a social network, right? They offer website analytics, open authentication, they even had some cloud computing services (parse server), software libraries, Facebook workplace for businesses etc. It’s also one of the best available marketing channel for a lot of businesses, including financial ones. So I see more than a dozen valid reasons why they would connect to Facebook. I actually gave a legitimate example in the case of my startup (also a financial company) in the comment you replied to. I’m using their chat-head on my /contact page.

As I previously said, these are conspiracy level theories. What are the “evil motives” of Facebook? Do they want to implant chips in all of us and to enslave half of Earth’s population? What if my IP address “leaks” to Facebook? It’s already public anyway, not much they can do with it.

I assume you have a custom API to collect the data. Now try scaling that API to million of users and sooner or later you realize that the required effort is comparable to creating a separate product/company altogether. And that’s when you decide that it’s not economically feasible and you use an existing analytics product. The same logic applies to cloud infrastructure vs owning servers and everything else mentioned above. It’s just cheaper to focus on your main product and delegate other aspects to 3rd parties.

Sadly true, but it is what it is.

You know you are agreeing to terms and conditions when you sign up to apps? If you want your private info private, read the T&Cs. If you don’t agree with them, don’t download the app.

What, you extracted two words from a sentence about d##k pics to make that point? That’s very specific quoting.

Sure I do. And all that involves collecting data for themselves. I mean they are not offering an authentication service for welfare reasons, but to not which external services a FB user is using.

Why are those conspiracy theories? You just have to watch the news. Like many other big companies they don’t care about laws, they just do things until someone goes through the trouble of dragging them to court.
In the beginning users uploaded their entire address books. In the majority people didn’t know that let alone people in their address books who were not on FB. I received those stupid invitations, too.
When they bought Whatsapp they needed the EU’s approval. It was given under the condition that no user data would be shared between FB and WA. They didn’t care and did it anyway.

Regular users don’t know any of this. Many may not care, but most probably just have no idea of the extent of what is being done. Most people think their voice recognition (phone, alexa, you name it) is happening on their devices. When I explain to them that the device is basically a remote mic and speaker and the recognition of words is happening in a cloud, let alone getting results to a question or a command, they are usually shocked.
If you would regularly go shopping to a certain store and one of their employees would then follow you to wherever you go, taking notes of what you buy elsewhere, you certainly wouldn’t accept that either, but confront him eventually or even call the police. But it’s just an analog equivalent of what is happening digitally.

Linux itself and the entire software ecosystem around it has been build without sending data around. Sure parts of it have been created in people’s freetime. But other big parts have directly or indirectly been paid for by companies trying to make a profit. Profit and privacy don’t exclude each other out - unless violating the privacy is your business model.
One may argue that the majority of FOSS software is rather tech-savy. But that has shifted a lot in my opinion. More of more normal users are using FOSS software. And the bug fixing process hasn’t really changed (away from privacy-friendly).
That alone is proof enough that it’s possible. As I said, many dev’s just don’t bother trying anymore.

You may argue that a contract is a contract. In my opinion governments in general would need to make laws that regulate T&C in general. In practice noone reads those. And let’s be honest - it’s not possible anymore. I mean try to read every T&C of all the services you’re using - I estimate that would consume 1-2hours average per day. Even if you don’t sign up to new stuff on a daily basis, every now and then T&C get updated.
But legally something doesn’t become legal just because the vendor put’s something in their T&C. At least were I am from their are laws saying that you can’t put (simply put) “surprising stuff” in there.
I may reference the Southpark episode “The human centipad” here for the interested ones.

I don’t think we’ll be able to come to agreement here. But I have to commend that it’s at least a peaceful exchange of opinions. I’ve seen things go very differently elsewhere.

Yes, I can add in additional information if you want, but it adds no value. The fact is you are are agreeing to terms and conditions which may not meet your definition of ‘it’s private’, hence my quote…

Sure. Nor does it have to be. @MikeC’s opinion on what is morally correct or not with regards privacy does not necessarily need to be a legal matter.

I wasn’t disagreeing with you to begin with; nor am I arguing!

(Still resisting going down a fruitless, time-sucking rabbit-hole).

Are you aware of the GDPR? I mean, have you been up-close to it, read it, implemented it across a company? I hate “pulling rank”, I have. It was painful, and I’m still, hand-on-heart, not 100% certain I got it right (I’m no longer there).

I can tell you it’s a minefield, with multiple layers of requirements on the whole chain of services a company contracts with. Processors and controllers, required opt-ins, legitimate interest (<- a contentious loophole). Try reading Google Workspace’s various agreements, just as a start… just one of many entities companies find themselves contracting with, before we even begin with FB’s and the myriad of other lesser-known entities out there grabbing our data.

And after understanding all that (good luck), keep tabs on it - amendments and a fluid internet makes that difficult to do properly.

• Individuals can bring claims for compensation and damages against both controllers and processors.

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/controllers-and-processors/

T&Cs of any nature do not supercede law. It is not about my opinion on morality; it is the law’s.

There’s been a fair amount of gaslighting in this thread, which is the norm it seems from a few tribal members. Others should know better.

The OP raised legitimate concerns. It is encumbent on T212 to protect our data, to be aware of why, where and who it’s going to and how much; and to give only enough for the service it provides. There are questionable reasons why Trustpilot, for one, should be tracking you/me (the OP’s assertion), for one, let alone a bunch of un-named IP addresses.

The internet is fluid, taxing to keep up with, cruft can be left quite innocently behind by devs, and IP addresses can change without knowledge, the OP might actually have performed a service to T212, and by extension, us.

Enough. You may have the last word.

(Thank you for approving, mod)

Surely we are still just ‘guessing’ that all the trackers are related to the app, and not anonymised?

There’s a previous thread that went into some really good detail, and a lot of it was tracking simply how people used the app on different devices, and for debuggering. There were claims some of the trackers were dodgy, but actually turned out to be very legit reasons. Sadly I still cant find the thread as cant remember the key words that are unique enough to locate it, but it would have been last year if that helps someone else.

At the end of the day, it all comes down to trust. What would also make a good comparison, is if we compared the ‘amount of trackers’ similar apps used.

Yes. I work as a data scientist. For a large tech company. You’re preaching to the converted!

Correct. But they do not need to be law.