In this edition of AdGuard digest: report reveals why Facebook knows every little detail about your life, OpenAI raises concerns by opening itself up to military use, researcher exposes new WhatsApp vulnerability, and Apple is accused of being too greedy.

2,230 companies, on average, send information about you to Facebook

The study by Consumer Reports has revealed that an average of 2,230 companies send data about each user to Facebook. The Consumer Reports conducted the study together with The Markup, which sourced the data from 709 volunteers who downloaded and sent their Facebook archives covering three years of their online activity.

The findings were nothing short of astonishing. The researchers found that the number of companies that funnel data about what you do outside of Meta platforms can reach up to 96,000 (!!), as was the case with one of the volunteers. Is it fair to say that even if a user requests archived data from Meta, it would be borderline impossible for them to review it all by themselves. What makes it even more challenging, is that about 7,000 companies in the research had “incomprehensible names” in the data set, which made them extremely difficult to identify.

The data Facebook receives from the advertisers include users’ email addresses, postal addresses, phone numbers, and mobile ad IDs. These are then used to target users with ads. Those who are targeted might be either the people whose data had been siphoned off to Facebook or their “lookalikes,” who share similar characteristics.

Either way, this practice is intrusive and harmful. While it was a well-known fact that Facebook has been collecting a lot of information on the users through advertisers, the scale of this collection laid bare in the report is staggering.

OpenAI is open to work with military, but not on weapons’ development

OpenAI, the company behind ChatGPT, has removed a ban on military use of its technologies from its policy. The change in the wording of OpenAI’s usage policy was first noticed by the Intercept and was quietly implemented in early January.

The previous version of the policy listed “weapons development” and “military and warfare” as prohibited uses. Both could be found under the category of “activity that has high risk of physical harm.” The new version, while still prohibiting the use of OpenAI technologies for the use and development of weapons, does not specifically mention “military and warfare.” After the change in wording was picked up by the media, OpenAI issued a statement pretty much confirming that it was modifying policy to allow for military customers.

Thus, OpenAI pointed out that it had already been working with DARPA, a research and development agency of the US Department of Defense. OpenAI said that they have been collaborating on the “creation of new cybersecurity tools to secure open source software that critical infrastructure and industry depend on.” There may be nothing sinister about this application per se, however, by openly allowing its products to be used for military purposes, OpenAI may be opening a Pandora’s box. We only hope that OpenAI means what it says and that any future military applications do not involve potential human harm.

Researcher exposes potential WhatsApp’s privacy issue, Meta shrugs it off

A security researcher has claimed to have uncovered a new WhatsApp vulnerability that could give potential attackers clues about your app usage habits and even about your whereabouts. Security researcher and co-founder of crypto wallet maker ZenGo, Tal Be’ery, found that if someone knows your WhatsApp number, they can infer whether you’re using the Meta-owned service’s desktop or web app in addition to the mobile app.

The revelation may not seem that groundbreaking, and some may even wonder: what is the use of this information? But Harlo Holmes, an expert at the Freedom of the Press Foundation, told TechCrunch that this is a legitimate privacy issue. She went on to argue that it could help a potential stalker find out if the victim is home or not, and that WhatsApp should make sharing such data an opt-in process. However, Meta, which owns the service, brushed off these concerns, claiming that this is what users signed up for.

This privacy issue may pale in comparison to some of Big Tech’s other questionable practices. But Meta’s nonchalant approach to this matter raises questions about its overall commitment to privacy.

Apple slammed for demanding 27% of non-App Store purchases

Apple’s legal battle with EPIC Games (read more on the backstory here) drew to a close with the US court rejecting both EPIC’s and Apple’s appeals on the judgment. Under the latter, Apple was forced to allow developers in the US to direct customers to payment options outside of the Apple’s App Store. So, without wasting much time, Apple announced that it would allow apps in the US to “include a link to the developer’s website that informs users of other ways to purchase digital goods or services.”

The catch is, however, that the developers would still have to pay Apple a 27% commission on proceeds they earn from sales. That is 3% less than Apple’s standard 30% fee for apps and in-app purchases.

Naturally, developers were less than thrilled with such an outcome of the protracted battle. Spotify, for example, came out swinging, accusing Apple of making an “outrageous” move that “flies in the face of the court’s efforts to enable greater competition and user choice.” It’s not the first time Apple has tried, and apparently, succeeded, in finding a way to minimize the impact of the court’s decision on its business. The similar story played out in South Korea, where Apple was forced to allow third-party app payments, but would still take a hefty 26% cut. Spotify says it hopes the EU’s upcoming Digital Markets Act (DMA) would put a full stop to what it called “essentially a recreation of Apple’s fees.”

We also hope that once the DMA is fully in effect, which should be by March this year, this kind of trickery won’t be allowed. However, the EU laws do not extend to the US and other regions, which means the fight is still very much on.