Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They could download the stock roms from the major manufacturers, only ship the hashes, and match up library versions that way.


I'm not making a moral judgement (FB is a big yikes), just technical. They'd have to:

- build lists of every phone, including carrier variant and internal revisions (pretty common!), to make sure they could be sure they had a complete library

- rely on the manufacturer to publicly post the ROM (cheaper mfg wont do this) (or somehow retrieve the URL from the update mechanism, said URL not easily accessible from userspace)

- handle the multiple different packaging mechanisms that android phones, especially older versions use (Google has gone a long way in remediating this but FB has to support billions of devices that don't adhere to best practices).

- For ROM packages that are encrypted, they'd need to acquire the keys from real devices.

- and they still would not have visibility into non-posted firmware, such as factory versions with day 1 upgrades (aka many many devices)

OR

- grab the files and send 'em


1. Uploading files from the user phone to their servers is straight up copyright violation in plenty of cases.

2. I have doubts that you need copies of all kinds of system libraries to debug that crash. They won't help you debug a crash dump (assuming they don't have debug symbols left in for some reason). They generally won't help you reproduce the crash unless you actually know reproduction steps - it wouldn't surprise me if they tracked every user action, but I doubt they do - so it takes many of those crashes to even start debugging. At that point you probably know precisely which library you need and can obtain it legally.

That said, I agree that uploading the files themselves is not necessary to fingerprint users (the hashes would totally suffice). Unless they do the uploading as a cover-up story, which doesn't make much sense either.


At the very least, the privacy-respecting solution would be to upload hashes and only upload libraries once some critical mass of users had reported the hash along with a bug. Even then, you would only upload the files themselves from some capped number of users.


That makes no difference from a privacy point of view but would be more respectful of people’s bandwidth limits.


Yes it does. At the very least, people running custom libraries that nobody else does would never upload data.


But...what about my pitchfork? The knee-jerk reaction to every Facebook blog spam entirely diminishes the harm they've done to nations around the world.


Yeah sorry, they could send ro.build.fingerprint instead if they really wanted to know what version of builds and devices out there are causing issues.

I can see this as an opt-in but not as a silent, default behavior.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: