[saagarjha]

> I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.

I think every company that does this is negligent. Audit your dependencies, people!

[asutekku]

As nice as it would be, auditing everything you use is almost impossible, especially for smaller teams.

[saagarjha]

See, one way I often solve this is by reducing my reliance on third-party dependencies.

[Draiken]

Which is also a hard thing to do on small teams.

I think for small teams this is a near impossible task. For big corporations it should be doable and expected. They actually have some leverage to push the other big companies to track less. Something a small company simply can't do.

[nh2]

Is this really a compelling argument for the given case? A detailed audit does not seem necessary here:

This is not some surprising behaviour hidden in some random dependency.

This is the Facebook SDK, from Facebook, and everybody knows what their business is.

[type0]

> This is the Facebook SDK, from Facebook, and everybody knows what their business is.

Ignorance is a bliss. Talk to some people that still use fb after their scandal and you'll get "who cares, everyone is tracking users and selling data anyway" as an answer.

[dylan604]

Exactly. A simple online search for the phrase "Facebook SDK" will reveal plenty. It's not like you need forensic accounting level research to see that the SDK does much more than provide a simple login mechanism.

[eitally]

It really isn't. Full stop.