Best practices for using Meta products on iOS/Mac

TL;DR for United States Users: If you don’t want Meta to use your text and images to train its Meta’s large language model (LLM)/AI then you need to make your Facebook and Instagram accounts “private.”

Wall Street Journal Gift Link

UPDATE: June 30, 2024 12:17 PM

For some reason the above link is no longer working … here’s a new Gift Link:

1 Like

Thanks for this; unfortunately, for me, the article remains paywalled even though a “Gift Link”.

Maybe a “Gift” must be recipient specific…?

I stopped using WhatsApp years ago when it became part of Facebook. Over the years I have sometimes found out, that I am being kind of locked out of communications with others, be it individuals or groups, missing information, which was important for me. So far I have accepted that there are some disadvantages with valuing my privacy a lot.
I recently had a school reunion and found out that a dedicated WhatsApp group for my class members exists, and they passed around the information, that one of our teachers had passed away recently. It was kind of sad for me that I did learn about this only when meeting my classmates in person. Talking to some of them about the privacy issues I have, they don’t really seem to care about their privacy and what META is doing with it.
I am using Threema for years now with family members and a few friends and have excepted until now that some information will not reach me, and that this is the price I have to pay.
If I reinstalled WhatsApp, is there a way to avoid that all my contact information will be grabbed by META? Would using an alias email address help? Are there any good strategies on using WhatsApp and giving away only a minimum of information?

If I’m not mistaken, there is a setting where any app requesting contact info can be denied, including WhatsApp. It does make the app a little clunkier to use, but as far as I know, Meta doesn’t have access to my contact info.

Even post the 6/30 update, the article is still paywalled; can’t read. WSJ. What did I expect?..;-)

Here’s a Consumer Reports article on WhatsApp privacy settings. I’m not sure how up-to-date it is, and whether making all the recommended settings closes all the Meta privacy loopholes: I prefer to use Signal, but only a few of my contacts use it.


My guess is that there is a limit to the number of times a particular link can be used, or perhaps there is a limited number of devices that can use it. Maybe it is a location issue. Are you in the USA?

I have a paid WSJ account, so I will create a sharing link from my account and send it to you via TidBITS messaging. It will be interesting to see if the issue persists for you.

I joined Facebook all the way back in 2007, and I have found it useful for keeping in touch with family and friends around the world. Over the years, it has added true value to my life by reopening connections that I had assumed were lost, some of which were much deeper and more profound than I had realized until they were rekindled through FB. I acknowledge that may make me an outlier.

At the same time, I do not trust Meta to be a responsible steward of my data, so I carefully limit what I share on Meta platforms and how I access them.

Some years ago, I deleted Facebook and Facebook Messenger from my iPhone. I’ve been much happier ever since. I now access Facebook (and FB Messages) solely through a single web browser.

I refuse to set up a personal Instagram account, since it requires an iPhone. Nonetheless, I help with a small charity’s social media presence, so I installed Instagram on an old iPhone that I set up using an Apple ID that is only used on that phone and is not connected in any way to other personal information. That iPhone is not actually used as a cell phone (SIM removed). Since Instagram requires a phone number, I used a Google Voice number. This isn’t an option for everyone, but it may be a good fit for some who have a spare iPhone kicking around or may be willing to buy a used phone at a discount.

Facebook can be very useful in finding people of a certain age. I’ve used it extensively to find high school and college classmates. Once you find one classmate, you can often find others among their Facebook Friends. This chaining is particularly helpful for common names.

I’m surprised that a Google Voice number was accepted. As I understand, under the covers, Google Voice numbers are actually considered landlines. In any case, in my experience, they not accepted for many applications/services, particularly those for payment processing.

1 Like

that’s a lot of helpful details - :+1:

What exactly do you mean with “through a single web browser”?

I meant that I now access Facebook only through one web browser on my Mac. I have several browsers installed on my Mac, but I am careful to use only one of them for Facebook. It is the browser that I use the least. Basically, I only use that particular browser for visiting Facebook, Instagram, TikTok, and a couple of other sites.

The theory behind it is that it limits the amount of browsing information that these sites collect and aggregate about me, though I realize that is more theoretical than actual. For example, I have no doubt that Facebook is able to use various tracking methods to figure out that the same computer is being used to visit third party sites that use Facebook widgets across multiple browsers, but maybe I can make it slightly harder for them to associate all the activity with a single user account that is only logged into one of them. Yes, that’s a losing battle, for certain. Still, I find it worthwhile to segregate different types of browsing activity to particular browsers, e.g., work, family, volunteerism, Facebook, etc.

Apologies for the lack of clarity.

1 Like

Yes, I’ve run into this too. I’ve long used a Google Voice number for “sketchy” websites like Meta related ones (WhatsApp, Instagram), but was recently surprised when I tried to sign up with Chat GPT that the Google number was rejected.

TL/DR: It may help, but not completely and there may be better ways to solve the same problem.

Long answer:

The main thing it will do is prevent them from accessing cookies and site data placed in your browser by other services. These are the so-called “tracking cookies”, where an ad network (including those run by Google and Facebook) may place a cookie while you view one site and read it back while visiting another site.

The nature of cookies is such that they can only be read by the server(s) that created them, but these ad networks have a loophole - their content all comes from the same server pool (the ad network), even though the associated content is embedded in pages from thousands of other sites. So they can use a random-ID cookie to associate your visits to all these different sites with a single browser.

But that having been said, all modern web browsers have privacy features to block or otherwise restrict these third-party tracking cookies. Most ad blocking software can also do this, by blocking the ad networks trying to place/read those cookies. With the cookies blocked, that mechanism for cross-site tracking won’t work.

But that’s not the only mechanism. Since many of the biggest ad networks are also run by popular services (like Google and Facebook), to which most people log in and stay logged in at all times, it means that you have first-party cookies (the login credentials) for these services, which ad networks run by those services can track. These won’t just associate all the different sites with a single computer but with they account you’re logged in to - which usually has various amounts of personal identity information.

It might also be possible to track you via your IP address, but this is far less reliable, and they know it. If you don’t pay for a static IP address, your address may change from time to time. IPv4 addresses generally aren’t changed very often, but IPv6 addresses may change every few hours. And you’ll have new/different addresses when traveling. And many service providers will aggregate many customers behind a single address or pool of addresses.

In short, using existing privacy controls and ad blockers can prevent the use of third-party cookies for tracking, but it won’t do anything to prevent tracking via first-party cookies.

You could prevent first-party tracking by always logging out of services (especially social media, but also search engines, shopping sites and most others) when you’re done with them (assuming that logging out actually removes your ID cookies - some may not). But this makes your web browsing less convenient, because you’ll find yourself re-logging-in to services all the time. And some services (like how some sites use Facebook as their comments section) won’t work if you’re not logged in at the time.

Using a separate browser for untrusted sites like Facebook and others will help to isolate their first-party-cookie tracking to that browser, but since you really don’t know how many sites may partner with each other for this kind of tracking, it’s unclear how much it will practically change.

I also know that some people try to protect against this by periodically deleting all cookies and site data from their web browsers (maybe daily or weekly). This can contain the tracking (especially via third-party cookies) a bit, but it can be really inconvenient, since you’ll always be re-logging-in to the sites you frequently use.


100% agreed. Your “long answer” is the comment I wanted to write. Thanks. :+1: