deleted by creator
I generally think arstechnica.com does a decent job of being a non-garbage news site. I pay a couple bucks a month for the ad-free RSS feed. This story feels terrible to me. I don’t doubt a law suit has been filed, but I would expect some investigation by the reporter of the extra-ordinary claims of privilege escape the application is claimed to be capable of.
Given that the headline says that it is a claim in a lawsuit, and the lawsuit is by a state attorney general and not some random nobody, I feel like they are being fairly reasonable.
Yes because AG’s from repub states never ever file frivolous lawsuits that suit their own agenda.
I would feel that it would be a reasonable if it was my local paper running the story. Arstechnica IS a primarily technical news site—I believe they should have a higher bar—otherwise they are just parroting a report and not providing useful (to me) news.
Same like wish
Temu is absolute cancer in terms of business practices so no surprise here at all.
But it’s cheap.
Cheap cancer
If I wanted garbage I could get it for free from the roadside
Why is Temu so popular then?
Because people get dopamine from shopping, even if it’s garbage. It causes enormous amounts of waste, because most of the crap isn’t used much if at all. They just make it look good on the product page.
…and it’s cheap.
Cancer in terms of, well, everything.
“Temu is designed to make this expansive access undetected, even by sophisticated users,” Griffin’s complaint said. “Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.”
That’s just nuts
Yeah, it is. It’s such an extraordinary claim.
One requiring extraordinary evidence that wasn’t provided.
“It’s doing amazing hacks to access everything and it’s so good at it it’s undetectable!” Right, how convenient.
You’re bang on the money.
If even half of what this article is suggesting were true, why wouldn’t Temu use their 1337 hacker skills to steal money outright rather than disguising it as a shopping app?
I don’t believe his claims without evidence, but having a legit cover for nefarious acts is pretty standard, no?
Why steal their money when they can both get them to give their money as well data to also sell?
Libmanwe-lib.so is a library file in machine language (compiled). A Google search reveals that it is exclusively mentioned in the context of PDD software—all five search results refer to PDD’s apps. According to this discussion on GitHub, “the malicious code of PDD is protected by two sets of VMPs (manwe, nvwa)”. Libmanwe is the library to use manwe.
An anonymous user uploaded a decompiled version of libmanwe-lib to GitHub. It reads like it is a list of methods to encrypt, decrypt or shift integer signals, which fits the above description as a VMP for the sake of hiding a program’s purpose.
In plain words, TEMU’s app employed a PDD proprietary measure to hide malicious code in an opaque bubble within the application’s executables
So wait, bit-shifting some integers is now considered being malicious? Is that really the defense here? Using that definition just about all software in existence is malicious.
Bit shifting is not malicious on its own. Bit shifting to specifically conceal the purpose of your policy violating code from the auditors who audit the apps submitted to the App Store is malicious.
It’s about why you are doing it and what you are doing with it and not that it’s bit shifting on it’s own.
Temu can recompile itself
I don’t think the author knows what “compile” means when it comes to software.
- Dynamic compilation using runtime.exec(). A cryptically named function in the source code calls for “package compile”, using runtime.exec(). This means a new program is created by the app itself.—Compiling is the process of creating a computer executable from a human-readable code. The executable created by this function is not visible to security scans before or during installation of the app, or even with elaborate penetration testing. Therefore, TEMU’s app could have passed all the tests for approval into Google’s Play Store, despite having an open door built in for an unbounded use of exploitative methods. The local compilation even allows the software to make use of other data on the device that itself could have been created dynamically and with information from TEMU’s servers.
Ah yes, delete your original incorrect comment instead of continuing the discussion about how wrong and lazy it was to make, nice.
Shits getting scarier by the day.
This is why companies like Apple are at least a tiny bit correct when they go on about app security and limiting code execution. The fact it aligns with their creed of controlling all of the technology they sell makes the whole debate a mess, though. And it does not excuse shitty behavior on their part.
But damn
The article linked to the analysis and on a quick glance, it seems to be done entirely against the Android variant of the app. This makes sense because if the alleged actions are true, they’d never have gotten on to the App Store for iOS Apple users… or at least as of a couple months ago. Who knows what kind of vulnerability is exposed by Apple only doing limited cursory checks for 3rd party App Stores.
But if you install the app you get a free Bluetooth speaker!!
/Joking. Am I the only one who gets that ad constantly whenever I’m using a device that isn’t running ad blocks?
How about pass and enforce strong digital privacy protection laws you fucking cowards. When other countries spy on us it’s scary and bad, but for US companies? Best we can do is ban porn and demand backdoors to stop E2EE messaging.
That would hurt the advertising, spam, blackmail, malware, and propaganda industries. We can’t rip out the economic spine of big tech since they pay the best bribes.
Unfortunately they care more about spying on us themselves.
I’m pretty sure Temu is Chinese.
California (and a few other states) are trying. The CCPA and CPRA are a good step in the right direction. If you’re a California resident, you can request all the data a business has collected about you, tell them to stop sharing it with business partners, or tell them to completely delete it, similar to the GDPR in Europe.
Oh don’t worry, they’re going to try and kill that too before it hurts them too much, and with the audacity of calling it the “American Privacy Rights Act”. https://www.eff.org/deeplinks/2024/06/eff-opposes-american-privacy-rights-act
Ugh. I hate this so much.
All I want to know is what do these Temu people think my life is like?
deleted by creator
Are you a busty outdoorswoman?
Weaponized fishing for covert military operations.
Code Name: Go Fish!
On a skateboard… with tits!
Clearly you use adbloker or something cause temu just got excited when you opened up the link.
Your life looks pretty sick to me!
he’s batman
Batwoman
Batmare
No, you don’t get it.
These massive Batman pecs need support.
I mean, you’re obviously a sexy military mechanic woman, who goes into battle with fantasy battle armor and goes fishing as a hobby! Duh.
The bearings combined with the wrenches made me think, like, roboticist. So maybe they make fishing robots that double as sexbots?
Any good RPG has a solid fishing mini game tbh
I was wondering what that blue thing was. I thought it was a weird personal tool…
It looks like an archery release, used by compound bow shooters to pull the bow string back and release with a trigger or button
I just thinks you’re a garden variety redneck.
Yesterday, I saw a Temu ad for something and I just wanted to open it to read the info and there were so many popups and “spin the wheel for a prize” and “enter your email here” and so on that I gave up and just looked for the info elsewhere. Never clicking on a Temu link again.
one of the best decisions you’ll ever make, next to dns level blocking it on your network.
Same, but a year ago.
Also, Temu has tried to take all the shopping search results from Bing/DDG. So those results are trash now.
I get their CAPTCHA where I have to slide the puzzle piece over to look at one of their ads. More than half the time I will do this and it will fail saying I didn’t do it right. So yeah temu has become a trash site.
"So yeah temu has become a trash site. "
That CAPTCHA isn’t specific to Temu.
Have they ever heard of faceberg or sundar the creep?
Like a worse AliExpress
Have any of you actually ever stopped to process what the tagline, “I’m shopping like a billionaire” means?
I’ve always interpreted it as,
I’m needlessly buying things that don’t make me happy, but making the purchase without any hesitation, knowing that the purchase price could never financially impact me in any real way. When I purchase the thing, I’ll probably never use it or actually take it out of the box even. It is just empty, hollow. And somewhere inside, I always know that it’s all only possible, because I’m actively exploiting the cheap labor of scores of other people that are made to perpetually suffer in generations of abject poverty to allow for my relative comfort…
🎶*“I’m shopping like a billionaire!”*🎶
I think you cracked the case on that one, that’s gotta be what it means.
I am disabled and have limited income I don’t have control over increasing or decreasing. I use temu to save a lot of money on essential things that should be cheap but are still overpriced in America. Sponges. Rags. Soaps. Pens. Tools. Home improvement hardware. Plant grow supplies. Gifts for me nieces. The tagline, is just a tagline. Billionaires are not like me and scouring for cheap magic sponges.
Good to know people that are disabled don’t mind using shitty maleware apps, I guess?
Well this disabled person thinks you’re a dumb asshole.
For what reason exactly?
Other commenters have already corrected your thinking, don’t pretend like you didn’t read them.
I completely forgot about this post. I’m not going to read any more comments than I did however long ago the conversation originally was. Oh shit it’s almost 2 weeks old lmao I don’t give a fuck
That’s… not what they were saying? They were responding to a comment saying it encourages consumerism by saying that they use it for better prices on things they need regardless
What does being disabled have to do it?
That’s why they’re broke
My interpretation of that tagline is that since the prices on Temu are cheap, it means you can shop as if you had a lot of money, without actually spending that much.
The only thing annoying to me about temu is the cheesy popups for “free” gifts and percent-off wheel spinners.
And the product thumbnails that all look like sex toys.
I am not even remotely surprised.
Every day I hear a story about Chinese software being spyware.
The irony
First, you use Lemmy, that’s great. But pls use a client without ads…
Been using Boost since it was a Reddit client. By default, it is my go to.
Maybe but you’ve done the transition to Lemmy try to use a libre client
I’m all for Libre but in this case @rmayayo@lemmyworld is my leader.
Who is he?
He is the dev who made Boost.
Why does he done it with ads?
100% this. Boost is great
by “client” do you mean “just use a browser”?
Maybe but not only, for phone I recommend an app that’s much more optimized for using on mobile
Lemmy website is fine on mobile imo. Not perfect but usable and optimized.
For sure! Personally I prefer using the app
Or, you know, the 98% of clients that don’t have ads. I, for one, recommend Voyager.
You can pay just a few dollars to remove the ads from Boost.
Bro why using Lemmy if it’s for using proprietary client? Voyager, Jerboa, you have others choice…
Ask the 100,000 people that downloaded Boost, not me.
Probably people who have been using Boost for Reddit before and now want the same experience but for Lemmy
Where are you viewing Lemmy posts that you have ads?
I’m using Voyager and it’s great. I don’t even use the app, I prefer the PWA.
I also use Voyager and agree, plus it’s actually open source.
I think it’s the Boost app.
I see; I can’t imagine willingly submitting to ads, but whatever works for them.
Yeah. Boost itself is great though. Well worth the couple of bucks to get rid of the ads forever.
What does Boost have over clients like Voyager?
Ads
I use it too. Tried a few different ones and like boost the best. I finally just paid for the non-ad tier. One time cost of 3.99. I would have been turned off by a subscription.
Yeah boost is definitely good, it was my main app until a few months ago. Recently I have been trying Connect, which is another great app.
Connect has improved a lot since I first tried it, also doesn’t have any ads. But all things considered - Boost is bit more polished than connect.
What’s wrong with voyager? Its already ad-free.
Seems so strange to choose to inject adds over top of lemmy by choice.
Snap! Double irony
Lol
That’s what you get for using a proprietary Lemmy app. Switch to Thunder, it doesn’t have ads, it’s open source and in my opinion has the best UI out of all Lemmy apps. Also support the development and join their community: !thunder_app@lemmy.world
Jerboa here but same
I tried using Jerboa and found it to be incredibly buggy and poorly designed. Not sure what’s going on there, considering that it’s the official mobile app made by the Lemmy devs
Has worked mostly fine for me, YMMV
Do you think it’s better than Voyager? That’s what I’ve been using. Pretty satisfied with it.
From the screenshots alone the interface looks similar to sync
