Preferring websites to apps when possible makes this approach more effective. If you use apps with ads in them, they will likely get sensitive information as described in the article.
System wide ad blocking helps more. Private DNS is the easiest way; Mullvad provides a free option.
I’m sad PGP didn’t become a popular way to log into websites. A challenge-response protocol could have even been built into web browsers. Big tech is reinventing that idea as Passkey, but with a very big tech flavor.
What’s really rich about Meta and Zuckerberg’s incessant complaining about being restricted by Apple’s rules for third party software on Apple’s platforms is that Meta doesn’t allow third parties any sort of access to their successful platforms.
This is a bit of a false equivalency; “Apple’s” successful platform is a general-purpose computing device owned by the user while Meta’s are hosted services.
These traditionally have different expectations, with game consoles being the exception. Occulus devices seem more like game consoles to me, while iPhones are closer to general-purpose computers with a few weird restrictions. I don’t like either, but I see game consoles as less problematic because their use case isn’t important.
The terms would make something like F-Droid impossible. The fundamental problem is that Apple believes it is owed a fee when people distribute apps for the iPhone, but no legal mechanism entitles them to such a fee; I’m fairly sure it’s possible to make an iPhone app without copying any of Apple’s copyrighted code or using any of their patents.
The only mechanism that allows them to collect one is their technical control over the platform, and that’s what the DMA was intended to remove.
There’s a small, but extremely loud segment of the Mastodon userbase that seems to view presenting public posts in any manner that’s different from how a vanilla Mastodon server does as an invasion of their privacy. There have also been a few projects that raised reasonable concerns about privacy and moderation, but this page doesn’t seem to make a distinction.
It appears to contain misinformation about FediFirehose, which ran client side and just showed the output of a public relay.