iOS keyboards given “full access” in settings can see literally everything you type. That’s why I don’t use GBoard on my iPhone, also why I don’t enable “enhanced spellcheck” in Chrome.

Hmm, I guess I know why SwiftKey became free. Probably want to check on their privacy policy now

swiftykey (now owned by MSFT) is terrible as it is constantly trying to call back to microsoft services, even with all "personalization" disabled. I've got my phone locked down with multiple "blocks" I can see it constantly trying to phone home.

It's behavior is no different from Windows 10 telemetry. The keyboard does not even work if you disable one of the underlying telemetry services in the app (if you have a rooted device).

Google messenger (the default texting app) has a gif search that includes giphy, and Discord and slack also use giphy. What I don't see is what data FB is getting when the gif loads. OK, so they can see I am using giphy in Discord. Now what?

edit: apparently wrong/outdated information.

Hypothetically speaking, fb gets a request for an image for each person in a chat at roughly the same time. Now they know know what chat platform you're using and who is participating in the chat. I'd venture a guess those participant identities could be de-referenced with data collected from their various [other] trackers. Now they can extend their social graph to include communication patterns on 3rd party platforms.

I'm fairly sure this is False. GBoard uses Tenor (the next largest Giphy competitor), which Google also happens to have bought 2 years ago (undisclosed amount of money). I also just tested Messages and can confirm that the results look like Tenor too.

For Discord, while they initially used Giphy and has a /giphy command, it now uses Tenor too in the GIF picker.

The only difference with this acquisition and Discord is that Discord might now start proxying Giphy (they previously didn't to save bandwidth).

Again, Discord uses Tenor, not Giphy (unless you manually use /giphy instead of the GIF picker, which most people don't).

They can also see that you use Discord, as well as how often and how heavily. And potentially other facets that can be derived from whatever metadata is provided to Facebook in the course of serving that image request.

There's also all kinds of shenanigans that they can play in the process of serving that request to harvest other meta data and help fingerprint you. Which Giphy's privacy policy mentions is already done to an extent, in the form of dropping cookies while servicing your request. Cookie abuse itself is a bit of a losing battle, as browser vendors increasingly layer on limitations and restrictions for cookies. But they're far from the only method of fingerprinting possible during the servicing of a web request.

Not sure if the iOS keyboard uses Giphy. I get very different results searching for the same things in the keyboard and on the Giphy website.