Comment by vineyardmike
5 hours ago
> The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes (9.5m when in background), and loads JavaScript from some guy's GitHub Pages (“lonelycpp” is acct, loads iframe viewer page).
Doesn’t seem too crazy for a generic react native app but of course coming from the official US government, it’s pretty wide open to supply chain attacks. Oh and no one should be continually giving the government their location. Pretty crazy that the official government is injecting JavaScript into web views to override the cookie banners and consent forms - it is often part of providing legal consent to the website TOS. But legal consent is not their strong suit I guess.
Aren't the banners for EU page visitors. I don't think there is a US law about this, is there?
Some states have them. California has a similar one "Don't Sell My Personal Information."
I think the Supremacy Clause protects federal agencies but not sure. Also Privileges and Immunities, and Commerce clauses...
And when the app links off to an EU site? Nothing prevents an EU user from using this app. There are a variety of Trump enthusiasts, though I suspect less than there are here in the US.
Please don't give them ideas.
I think they just fine the entity doing business in the EU. If they don't do business there, I can't see any issues.
I'm not an attorney, but I don't find any cases that extend beyond that.
1 reply →
They conduct a pervasive, hidden, persistent user tracking not only without consent, looking at the analysis, but also stripping the user from a chance of declining tracking on other sites.
I'm quite sure that's illegal.
1 reply →