Having actually worked for Meta in both security and privacy capacities, I guarantee you that it's really not that conspiratorial.
No one wrote this article with the intention of "trapping privacy-minded tech enthusiasts."
I mean no offense, but this sort of thinking (that an engineering blog is attempting to attack you) is unhinged. There is not some grand conspiracy. Companies like this are not the shadowy, highly-competent and absolutely evil entities you think they are. They are barely functional to begin with.
One really just has to think through the situation rationally, even assuming the most greediest of intentions:
> Clickbait to get every privacy-minded tech enthusiast on their site
Turns out the market of privacy-minded tech enthusiast is tiny and they hate clicking on ads. Trying to cajole this group into giving you money is pulling teeth.
Understood.
Let's deploy the same set of company resources and effort on the 99.99% other people in the market place, increase some efficiency by like 0.1% and make waaaayyyy more money.
The ratio of "people who have opinions about what google/meta/etc might be doing" vs "people who have actually worked privacy/security in google/meta/etc" is abysmally low.
Most of what's said by people who actually known what they're talking about is drowned out by low-effort, conspiratorial, semi-intellectual laziness.
Yeah, this is the main reason I stopped using Reddit when I entered the industry.
Taking it a step further - I frankly don't think normal people are positioned to make any decisions or hold any opinions strongly about tech. They are so mislead by journalism it's not even funny.
My doctor friends feel similarly about medicine and how it's reported on (and the populace's common opinions on medicine.) The average person/voter is immensely mislead in basically every field they themselves are not an expert in.
A tech company using a blog to get whatever imaginary consent from random anonymous privacy-aware individuals is so many levels of unhinged that it makes absolutely no sense whatsoever.
The company wouldn't. Someone retroactively realizes they have the data, and then it does.
I'm certainly not saying it happened, or will happen, here. I'm saying it definitely happens.
This is why in regulated industries, there's an emphasis on "data minimization". Much like the principle of least privilege, but applied to whether you're letting your people or systems be exposed to it in the first place.
It's easy to follow a least privilege policy if there's an actual technical control not just agreement, and even easier if the control is "I never had it, didn't derive it, and made sure I couldn't if I wanted to".
If you aren't collecting it for any use, even inadvertently, you can't retcon it into availability for alternative uses.
> Someone retroactively realizes they have the data, and then it does.
This simply isn't within the realm of reason.
Engineers at Meta have far more impactful problems to solve than attempting to reverse engineer the browsing habits of the 12 privacy-sensitive tech enthusiasts reading their engineering blog.
From a ROI/time perspective, it is far in the negative for a single junior Meta engineer to spend even 10-20 minutes investigating this. It literally is not worth anyone's time.
No one wrote this article with the intention of "trapping privacy-minded tech enthusiasts."
I mean no offense, but this sort of thinking (that an engineering blog is attempting to attack you) is unhinged. There is not some grand conspiracy. Companies like this are not the shadowy, highly-competent and absolutely evil entities you think they are. They are barely functional to begin with.