Privacy

38823 readers

913 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

268

Meta could track your browser sessions even in incognito and link them with your real identity (www.zeropartydata.es)

submitted 15 hours ago by george@feddit.org to c/privacy@lemmy.ml

42 comments fedilink hide all child comments

Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.

This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.

Meta accomplishes this through two invisible channels that exchange information:

(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.

(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.

you are viewing a single comment's thread
view the rest of the comments

[–] mintiefresh@piefed.ca 3 points 13 hours ago (2 children)

So would using Firefox and group containers protect against this?

[–] george@feddit.org 5 points 11 hours ago

It says Firefox was also affected. They just mention Brave as not being affected

[–] loutr@sh.itjust.works 10 points 13 hours ago* (last edited 13 hours ago) (1 children)

Nah, the script connects to a server run by the Instagram or Facebook app and feeds it info, bypassing isolation mechanisms entirely. I think ublock or other script-blocking add-ons might work though.

[–] sunzu2@thebrainbin.org 2 points 12 hours ago (1 children)

I think ublock or other script-blocking add-ons might work though.

presumably it would block entire thing at the loading of the pixel script. talking out of my ass

[–] blargh513@sh.itjust.works 2 points 11 hours ago (1 children)

A robot told me: The Meta/Yandex exploit worked by having JavaScript running on a website (such as Meta Pixel) connect from the browser to a native app on the same device via the localhost (127.0.0.1) interface, using HTTP, WebSocket, or WebRTC. This communication occurs entirely within the device and does not traverse the network in a way that browser extensions like uBlock Origin can intercept or block. Browser extensions generally cannot block or even see requests made to localhost sockets, especially when those requests are initiated by scripts running in the browser and targeting native apps on the same device

[–] loutr@sh.itjust.works 1 points 5 hours ago

Yeah but if the script which initiates the connection to the local server is blocked there's no connection to intercept in the first place.