[baybal2]

Will google dare to ban alibaba?

Alibaba does no effort to conceal that they target ads by IMEI.

Browse Alibaba app*, search something. Do factory reset, make new account, and the first thing you will see after logging in with new acc will be your products from your last search.

Moreover, Alibaba's app will refuse to work if you block IMEI retrieval, or if they detect some kind of spoofing

edit, made it clear that it is the app, not website that links you by imei to your previous accs and history

[tracker1]

You know, maybe they should. Same for LinkedIn (assuming they're still doing dirty tricks). Maybe it's time for major app devs that exploit security holes in released applications to get the ban hammer, and show smaller devs it won't be acceptable and have less excuse if/when it happens to them.

[kevin_thibedeau]

Shadowban them with bogus data to pollute their database.

[Xelbair]

I am a fan of GDPR to be honest.

Banning will hinder them, but it is just case by case band-aid solution.

Risk of huge fine that can put you out of business seems more logical.

[Ajedi32]

How does that work? None of the methods described in this paper seem like they'd work with _websites_. They all seem to rely on permissions only available to native apps.

[baybal2]

My mistake, I meant Alibaba's apps

[srcmap]

Maybe someone in EU can file a class action lawsuit base on GDPR?

Per description here, it seems have enough legal, $, evident here to make a few lawyers excited?

[StreamBright]

Not really unless they are stealing PII.

[JoshTriplett]

IP addresses are considered PII, and IMEIs are in every way worse than IP addresses.

[StreamBright]

The router’s MAC is not PII for example. This is why I write that GDPR only applies in case they collect actual PII.

[JoshTriplett]

Several jurisdictions consider MAC addresses to be personal information as well.