this post was submitted on 15 Jul 2023
186 points (97.4% liked)

Technology

59217 readers
2512 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

After multiple EU-based users complained about not being able to access Threads app through VPN, Meta confirmed it is blocking such efforts.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 39 points 1 year ago (12 children)

It would be interesting to see exactly how Meta is managing to block VPN users. Is it simply a matter of looking up instagram or facebook account related to email addresses used to sign up? Is it evaluating some sort of browser fingerprint? That's assuming VPN users are doing so via desktop, if it's an Android device for example is the OS itself providing information that's not getting obfuscated by the VPN?

[–] [email protected] 22 points 1 year ago* (last edited 1 year ago) (9 children)

I think Meta has very complex fingerprint service in their backend after all these years. They know what you are doing even when you are not using their service. Their tracking in bundled up in long chains of tracking services over many websites. As long as you use a non vanilla browser to access their service, they might have you in their database from a previous tracker that trapped you on one of the many websites that are selling/trading tracking fingerprints. Since a decade it is not about the IP anymore. You can data-triangulate personas and pinpoint them to an existing user-profile with a very high accuracy. It should be possible to visit the threads service with a VPN and a heavy neutered browser. But then again, if your request is to suspicious in its request (thinking tor-browser, command-line browser, etc.) they might put you as well on a detour for a captcha/recognizer that will look harmless in the fronted ("click all the cars!") but its actual task is processing/scraping a fingerprint from your display-device (browser) that then again can be connected with this suspicious request for the future. I am sure that their VPN block is not 100% blocking Europeans, but will block most of the unsophisticated request from normal users that will just give up after some tries.

Here are some vectors for identifying users (via browserleaks): IP, JavaScript, WebRTC, Canvas, WebGL, Installed Fonts, Geolocation, Feature Detection, SSL certs, content filter.

Edit: I might get some downvotes for this, but iOS has some good protections build into their OS layer (so they say) to make it harder for advertisers to track you. See also this very well done 1 Minute ad showcasing how the modern internet ad industry works.

[–] wanderingmagus 4 points 1 year ago (3 children)

Not that I'd ever want to touch Threads with a ten-foot pole, but what options would there be to circumvent that sort of intrusion?

[–] chippy 10 points 1 year ago

Browser containers. Not sure if chrome does it, but Firefox has separate containers that are sandboxed from one another. Make a "Meta" container and only access it from there.

load more comments (2 replies)
load more comments (7 replies)
load more comments (9 replies)