What do you mean a "big tech level of control"? You do not have to use those sign in methods. They are there for convenience for lazy users who do not care about privacy and do not want to create multiple accounts.
Do you understand what OAuth is? Putting a "sign in with x" on your site is just a simple OAuth transaction, it doesnt give big tech access to your site.
Having a sign in on facebook or google option is literally just a convenience feature for lazy users, just like he said. The only thing it gives big tech is one additional data point on people they've built up massive profiles for, i.e. oh this Steve Smith guy just logged into x.com. They don't get activity from the site, they dont get logout info, they dont have the ability to do any unwanted tracking on any user that didn't use their OAuth method of sign in, and the only option they have for users that do is to increment a login counter.
Not just by virtue of the integration, no. Theres nothing stopping the site from tracking you with their own trackers though, or placing facebook/google trackers onto the site on purpose though.
and THAT is the real issue. You need to right click the page, inspect element, and check the <head> for everything that was imported. If you see hotjar, facebook, google anything in the <head>, then that site owner put those trackers on there deliberately, and every click/redirect will be tracked and sent to google.
These things dont show up as buttons, they will just exist on the page and you have to look for them. Heres what the facebook tracker looks like - they call it 'pixel' (not the phone)
You can identify them by the weird pattern of parameters, its all oddly obfuscated and the params (all of them a single letter) is f b evnts (facebook events)
Heres facebooks description of that above snippet of javascript:
The Meta Pixel is a snippet of JavaScript code that loads a small library of functions you can use to track Facebook ad-driven visitor activity on your website. It relies on Facebook cookies, which enable us to match your website visitors to their respective Facebook User accounts. Once matched, we can tally their actions in the Facebook Ads Manager so you can use the data to analyze your website's conversion flows and optimize your ad campaigns.
By default, the Pixel will track URLs visited, domains visited, and the devices your visitors use. In addition, you can use the Pixel's library of functions to:
track conversions, so you can measure ad effectiveness
define custom audiences, so you can target visitors who are more likely to convert
set up Advantage+ catalog ads campaigns
To wrap things up: the Log in with Facebook button, is NOT a tracker. The tracker is hidden - it could even be put onto sites that choose not to include OAuth integrations.
Google tag manager doesn't inherently include Google tracking scripts but you are correct in theory they could track ip across sites. There's a legitimate use cases for GTM beyond cross site taking.
FB events on the other hand I agree, might be worth asking Rumble to turn off that script in GTM.
They have a lot of trouble competing with "default installed software" which is why MS got hit with the IE monopoly lawsuit way back when.
The app store is supposed to make that easier but they siphon a ridiculous percentage of your app's revenue. Someone should have sued Apple a long time ago over that.
Devices could come with VPN but a separate series of geographically distrubuted servers to handle internet traffic is a service offering rather than a product offering.
I agree, we already know that Android, and Apple devices are compromised at the hardware and firmware levels...and Windows at the software level.
The point of VPNs are not necessarily for full anonymity, but for obfuscation and preventing the govt from introducing evidence legally for whatever BS charge they make up.
It's a balance of security from bots and accesses for people. The more unique steps one takes the less likely they are to take them. Rumble wants more people so they make joining easy. Maybe later they can change it.
Yeah it is unfortunately a very wise business decision to make, and I say this with a hatred for google and facebook. Im currently building a site, and I am GOING to have a sign in with google button - if I dont, there are definitely some users who will turn away from the platform since they would need to go through the registration process otherwise.
Just to add additional info, OAuth works because you are using the external provider to 'verify' the email address. When a user logs into a site or registers, the site administrators want to verify an email is legitimate. OAuth is a way for any site to reach out to an external provider and say, "Hey, have you verified this email?" If the answer is yes, then my application can easily proceed without a verification step of my own, and I will automatically create an account in the background in my database using the trusted email. Its not like you are logging into the site directly with your facebook or google account.
What do you mean a "big tech level of control"? You do not have to use those sign in methods. They are there for convenience for lazy users who do not care about privacy and do not want to create multiple accounts.
Do you understand what OAuth is? Putting a "sign in with x" on your site is just a simple OAuth transaction, it doesnt give big tech access to your site.
Having a sign in on facebook or google option is literally just a convenience feature for lazy users, just like he said. The only thing it gives big tech is one additional data point on people they've built up massive profiles for, i.e. oh this Steve Smith guy just logged into x.com. They don't get activity from the site, they dont get logout info, they dont have the ability to do any unwanted tracking on any user that didn't use their OAuth method of sign in, and the only option they have for users that do is to increment a login counter.
Not just by virtue of the integration, no. Theres nothing stopping the site from tracking you with their own trackers though, or placing facebook/google trackers onto the site on purpose though.
and THAT is the real issue. You need to right click the page, inspect element, and check the <head> for everything that was imported. If you see hotjar, facebook, google anything in the <head>, then that site owner put those trackers on there deliberately, and every click/redirect will be tracked and sent to google.
These things dont show up as buttons, they will just exist on the page and you have to look for them. Heres what the facebook tracker looks like - they call it 'pixel' (not the phone)
You can identify them by the weird pattern of parameters, its all oddly obfuscated and the params (all of them a single letter) is f b evnts (facebook events)
Heres facebooks description of that above snippet of javascript:
To wrap things up: the Log in with Facebook button, is NOT a tracker. The tracker is hidden - it could even be put onto sites that choose not to include OAuth integrations.
PS: I just checked out Rumble's site and you wont be happy. They include facebook and google trackers.
<script async="" src="//connect.facebook.net/en_US/fbevents.js"></script>
<script src="//www.googletagmanager.com/gtag/js?id=UA-44331619-1&ext=.js" async=""></script>
Are both found in rumble.com's <head></head> section
Google tag manager doesn't inherently include Google tracking scripts but you are correct in theory they could track ip across sites. There's a legitimate use cases for GTM beyond cross site taking.
FB events on the other hand I agree, might be worth asking Rumble to turn off that script in GTM.
Still have to reach the normies... Never retreat from the digital battlefield
Moving forward does not necessarily mean moving on. Use their own tools against them.
Memetic warfare
I have often wondered how alternative platforms (particularly browsers) get over the "default installed software on devices" problem.
Most users are not techies and do not wish to configure alternate software on their devices.
And why don't devices come with VPN already?
Imho.
They have a lot of trouble competing with "default installed software" which is why MS got hit with the IE monopoly lawsuit way back when.
The app store is supposed to make that easier but they siphon a ridiculous percentage of your app's revenue. Someone should have sued Apple a long time ago over that.
Devices could come with VPN but a separate series of geographically distrubuted servers to handle internet traffic is a service offering rather than a product offering.
I agree, we already know that Android, and Apple devices are compromised at the hardware and firmware levels...and Windows at the software level.
The point of VPNs are not necessarily for full anonymity, but for obfuscation and preventing the govt from introducing evidence legally for whatever BS charge they make up.
It's a balance of security from bots and accesses for people. The more unique steps one takes the less likely they are to take them. Rumble wants more people so they make joining easy. Maybe later they can change it.
Yeah it is unfortunately a very wise business decision to make, and I say this with a hatred for google and facebook. Im currently building a site, and I am GOING to have a sign in with google button - if I dont, there are definitely some users who will turn away from the platform since they would need to go through the registration process otherwise.
Just to add additional info, OAuth works because you are using the external provider to 'verify' the email address. When a user logs into a site or registers, the site administrators want to verify an email is legitimate. OAuth is a way for any site to reach out to an external provider and say, "Hey, have you verified this email?" If the answer is yes, then my application can easily proceed without a verification step of my own, and I will automatically create an account in the background in my database using the trusted email. Its not like you are logging into the site directly with your facebook or google account.