My response is similar, usually the good old ‘Do you shut the door when you shit?’.

When we start getting specific, I’ll often try and frame data harvesting in a much more visceral way. If they say they don’t care that xyz keeps track of everyone they talk to, I ask them to imagine an actual person standing behind them, making notes on a clipboard about every interaction they have with someone, and how that would make them feel.

My understanding is that cookies were generally just used as a fingerprint- it’s just a unique ID that is used to tie your device to their database, which is where the information is kept.

Bunker.

Deep bunker.

Oooh, amazing! Do you use it? How mature is it?

That sounds like carrying an ID card with extra steps.

Wait until you get some Thai friends… 555555!

Ok, I’m missing something then.

What is CSS used for?

Right, that’s what I understood. So using a VPN, a CSS will be able to identify that my phone is active, but not the content I’m accessing, or who I am accessing it from, correct?

The previous comment said VPNs do nothing against this type of attack- were they just referring to identifying your device?

Forgive my ignorance, but isn’t preventing this type of man in the middle attack exactly what VPNs are for?

Head units are no longer a seperate component.