Mastodawn

wfleming Jun 20, 2025

Apparently, if you have facebook or Instagram installed on your phone, #Meta was able to track your browsing habits and link them to your real identity even if you never logged in on the web, used incognito mode or a VPN. I hope Meta gets hit with every fine in the book.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

“Localhost tracking” explained. It could cost Meta 32 billion.

You just can't finish off Zuckerberg.

Zero Party Data

inamruzui Jun 11, 2025

@Gargron @Linux

MOVED to: @[email protected]Jun 11, 2025

@Kuniti_shino @Gargron

Yep - I talked about this in my posting. I kept telling people to uninstall their apps for over a year.

inamruzui Jun 11, 2025

@Linux @Gargron yea and would get rid of my highly modded oculus quest 2 if i could afford to replace it and get a deckard (if it came out) since facebook integrated so much telemetry in it (saw from blokada)
(oculess which can disable things completely breaks it)

MOVED to: @[email protected]Jun 11, 2025

@Kuniti_shino @Gargron

Let me share something creepy about oculus? We use it to map people's homes. As you walk around with that thing, we use it to identify products you have, and provide ads based on what is found in your house. We also use (sell) this information for companies looking to design homes, and how people use them. I also know that the layout of people's homes is being used to train AI, plus improve facial recognition of anyone in your home.

inamruzui Jun 11, 2025

@Linux @Gargron aware

The mic is also disabled (damaged ribbon cable) on the headset and i notice even with the mic disabled it tries to activate the "ai" voice thing

�Jun 11, 2025

@Linux @Gargron @Kuniti_shino i wonder if this also works in this setup: all obscure shit apps are running in the work profile of android. managed via shelter, when finished usingz shelter can freeze the apps.

Emanuel Pina Jun 11, 2025

@Gargron As usual, the fine, if happening, will be a small fraction of their annual revenue. So, it'll be more a tax for doing business than exactly a fine.

Piranhallama Jun 16, 2025

@emanuel @Gargron when the fines are smaller than the profit they become the cost of doing business.

Looking at when meta seemingly introduced this and profits they got some benefit, but with growth it's not huge. Assuming max fine which I doubt will happen.

As horrible as censorship or refusing a company doing business feels, sometimes it's the only answer if you can profit your way out of fines.

Dark Phoenix 🇺🇦🇨🇦🇬🇱🇵🇦🇵🇸🏳️‍🌈Jun 11, 2025

@Gargron if this goes to a class action, I want in.

@Gargron Mark Suckerberg's #meta is as #evil as #bigtech goes - one needs look no further than at what IG does to kids - so this is no surprise. On hindsight, good decision not to use neither f*book nor IG.
#breakupBigtech

Aulia Masna Jun 11, 2025

“You’re not affected if (and only if)

• You access Facebook and Instagram via the web, without having the apps installed on your phone
• You browse on desktop computers or use iOS (iPhones)
• You always used the Brave browser or the DuckDuckGo search engine on mobile”

Michiel Jun 11, 2025

@aulia @Gargron does brave protect against tracking pixels?

Pianosaurus 🕴Jun 11, 2025

@aulia @Gargron "or the DuckDuckGo search engine". I wonder if this part is a misunderstanding. The tracking works by using webrtc to localhost (locally installed app) from JS on a page. How you got to that page seems irrellevant to me.

RejZoR Jun 11, 2025

@pianosaurus @aulia @Gargron WebRTC is the biggest fucking cancer. Why is this shit on by default everywhere? This feature literally exposes your actual IP and thus location to anyone accessing it because it thinks you want to do P2P video chat. ?!

Pianosaurus 🕴Jun 11, 2025

@rejzor @aulia @Gargron On a phone with locally installed apps, I just assume my IP is public knowledge anyway. Seems like a safer assumption. I agree though that WebRTC should not work everywhere by default. Why not ask the user, like browsers would for microphone and camera access?

RejZoR Jun 11, 2025

@pianosaurus @aulia @Gargron Not only that, some browsers allow easy disabling of WebRTC in settings, Firefox for example requires you to use about:config "secret" settings page. On Android, you can't even do it in Firefox because there is no access to these settings like it is on desktop.

Marcos Dione Jun 11, 2025

@pianosaurus @aulia @Gargron I just noticed that uBlockOrigin (which on desktop I use in firewall mode, all 3rd parties disabled) has complained about 127.0.0.1. Maybe its this. I think I set it to allow; time to change that.

Arjen Haayman Jun 11, 2025

@aulia @Gargron That 3rd bullet point is a mystery. This thing is not browser or search-engine dependent

Aulia Masna Jun 11, 2025

@haayman @Gargron perhaps but that’s what they said on the post

Arjen Haayman Jun 11, 2025

@aulia @Gargron I know. Raised eyebrows there

Eugen Rochko Jun 11, 2025

@haayman @aulia There is a DuckDuckGo browser. Maybe that’s what they meant.

Szymon Nowicki Jun 11, 2025

@Gargron @haayman @aulia still not relevant, even MS Edge has nowadays tracking blockers built-in. All browsers except Chrome.

William B Peckham Jun 11, 2025

@hey @Gargron @haayman @aulia I love your faith in chrome being without trackers. It just has different ones. Excellent reason for using a FOSS browser. I'm looking forward to Ladybird getting finished up and released.

guust Jun 12, 2025

@Gargron @haayman @aulia maybe they mean the app tracking protection feature from DuckDuckGo, which doesn't have to do anything with browsing. It sounds like that would protect against this.

sandywb14 Jun 11, 2025

@Gargron This is huge.

Lazarou Monkey Terror 🚀💙🌈Jun 11, 2025

@Gargron Meta have plundered from the Commons. It's time to make them pay it back.
#Meta

ProgGrrl ❌👑Jun 11, 2025

📌

Rich 🌈 🟥 🍁 🟥Jun 11, 2025

@Gargron I wish. But rules are for other people than tech bros.

Violet Madder Jun 11, 2025

I thought everyone already knew this was happening.

Honestly, everyone who understands this shit has been outraged the entire time. Are courts or antitrust things or privacy laws even relevant anymore? Is everybody really waiting around for cops to fix it?

Mx Verda Jun 11, 2025

@violetmadder @rich @Gargron If Mark Zuckerberg wouldn't let his kids use Facebook, then he needs to stop pushing anyone's kids to use it, whether they survived past 18 years old yet or not.

Michkov Jun 22, 2025

@violetmadder @rich @Gargron and the rest comes up with the infuriating "I got nothing to hide anyway" excuse

Violet Madder Jun 22, 2025

@Michkov @rich @Gargron

They still got nothing to hide when the guys at the helm of the racist apparatus happen to be wearing red ties? All of a sudden it all starts to feel a lot less benign when we see folks getting black-bagged to torture camps for shit like social media posts yeah?

Michkov Jun 22, 2025

@violetmadder @rich @Gargron

My point exactly. It is not up to us to decide what is relevant information that gets you in "trouble". And what gets you in "trouble" may change from one day to the next. Alas, the it can't happen here is strong

Roman Jun 11, 2025

@Gargron unfortunately, no surprise here 😭😭😭

Dave Carlson Jun 11, 2025

@Gargron this is so creepy!

it's like those "i know what you did" crypto scan emails but for real

Darwin Woodka Jun 11, 2025

@Gargron haven't allowed it on my phone in years and it is fully banished to Duckduckgo on the computer

Theresacityinmymind Jun 11, 2025

...says the guy who invited Meta to interact with Mastodon.

mcSlibinas Jun 11, 2025

@Theresacityinmymind @Gargron and what? Even your instance allowing to reach threads you can block meta for yourself.
What's the point of your comment? 👀

DJ Sexy Fresh Jun 11, 2025

@Gargron lately id noticed that ive been getting ads for shit on Instagram for stuff ive been internet searching on my tablet. been wondering why this is, since i use cookie blocking browser extensions.

now i know why — my tablet is the only place i have the Instagram app.

not making that mistake again

DJ Sexy Fresh Jun 11, 2025

@Gargron and you just know they were telling their investors “oh yeah youre getting good results from it our ads because our AI is SOOO GOOOOD”

nope. just literal wiretapping

Von Javi Jun 11, 2025

@Gargron We noticed something very odd a couple of years ago with WhatsApp web and triggered us to switch away from the app. In case others notice or can replicate it, the WhatsApp session had expired in a tab. If you were browsing in other tabs, you started seeing WhatsApp console errors as if they had taken over the whole browser and continue to try to connect.

kurtsh Jun 11, 2025

@Gargron And they consumed your phone's text messages... until Facebook was caught red-handed when doing a profile dump from Facebook revealed people's personal text messages mixed into the archive.

LAUREN Jun 11, 2025

Mark paid the fine at the Inauguration

iveyline Jun 11, 2025

@Gargron Glad I always use DuckDuckGo!!!

ElectroFetish Jun 11, 2025

@Gargron in this case, the fine is selling your data for money.
In my opinion, we need to fight against such spies, not fines

Ally Jun 11, 2025

@Gargron @ai6yr I figured they were doing something like this, since so many phones come with Facebook permanantly installed

Be_Outside Jun 11, 2025

@Gargron yeah... meta is a piece of shit surveillance network like all of the billionaires so-called "social networks". If this is surprising, maybe don't use the internet. ;)
I'd be shocked if meta doesn't have far far more deeply troubling data on... everything.
I doubt they'll ever get in trouble.

Thanks. Both Meta apps now unistalled.

victor tsaran Jun 11, 2025

@Gargron @BorrisInABox Is that technically possible? If yes, how?

Open Risk Jun 11, 2025

@Gargron the moment Facebook begun raking in billions from advertisers for targeted surveillance of their idiot, consumerist "product", we entered the Twilight Zone.

Or maybe that happened when corrupt politicians the world over saw what happened and said: "hey there, Zuck, nice biznis you came up with, too bad if we were to regulate it".

Whatever the precise moment we got trapped, we will not exit the Twilight Zone unless Meta goes bankrupt. It is so simple and stark.

#surveillancecapitalism

meronz Jun 11, 2025

> Android has many flaws, but in the relevant part here, it’s specifically designed to prevent apps from doing this — from listening to local ports like localhost.

So how did they do this?

s427 Jun 11, 2025

@Gargron I would assume that using a privacy-oriented extension such as uBlock Origin or noScript would also prevent this breach, but the article doesn't mention it. Isn't that the case?

stefan (stefbun)Jun 11, 2025

@Gargron I am not even surprised...

Nicolas Évrard Jun 11, 2025

@Gargron a more technical explanation is available there: https://localmess.github.io/

With more Facebook shenanigans when the researchers disclosed the information.

Yandex applications are also using the same trick.

Covert Web-to-App Tracking via Localhost on Android

John Harris Jun 11, 2025

Agreed. They went to quite incredible lengths to keep tracking people, they deserve substantial penalties.

Mac Jun 11, 2025

@Gargron Thank God I decided to delete the apps months ago.

pcbeard Jun 11, 2025

@Gargron I remember when they used to play silent audio in their native app to receive more background processing time. Since then, I refuse to run any of their native apps. Phone apps should not be able to open localhost ports without user consent. This is outrageous.

pcbeard Jun 11, 2025

@Gargron frankly nor should arbitrary web pages be able to open local ports to exfiltrate data through covert channels. This reminds me of the cross-site scripting hacks of yore.

Matúš 🇸🇰🇪🇺

@Gargron What about using Meta's services as a PWA?