Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.
This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.
Meta accomplishes this through two invisible channels that exchange information:
(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.
(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.
Meta is cancer for any platform.
I feel my mobile becomes dirty once I download any of that shit.
Same Unfortunately, I use Marketplace for some things and Meta made it damn near impossible to use a browser for posting marketplace listings and responding to DM’s
I live in a slightly less developed country where as far as 90% of the population are concerned, Facebook is the internet.
I hate it with a passion, but if I don’t have a login then there’s no way for me to find details of pretty much any business or event in the city.
Craiglist and eBay still exists
Yes, but Facebook has more people so the items I’m selling typically get picked up pretty fast.
This is the problem with the network effect, everybody using marketplace is saying the same thing. I’m not trying to shame you in particular for this or anything but I think it’s important to consider that at some point if we don’t just make the move off anyway, nobody ever will
That’s a ridiculous assertion. More items that EBay? Where’d you get that idea?
People are generally closer physically in Facebook marketplace compared to the global eBay market.
This is a big factor for me. Attracting local people means that I can meet up in person and not have to spend additional money for shipping ,or worry that the item arrived damaged or is lost during transit.
I can’t remember which one of my phones, probably a Samsung that had Facebook installed and couldn’t get rid of it. People were like, you can just not open it or something. There’s a good reason I don’t want it on my device.
I had one of theirs like that. You could disable it instead of uninstall, and this wouldn’t happen, but you couldn’t uninstall it.
The real fun started with Android 12. Google introduced the ability for some preloaded apps to avoid being disabled and prevent ADB shell disable.
deleted by creator
I block Meta via NextDNS, living that Zuck free life is good.
Since January Google has been using browser fingerprinting and IP triangulation to track across incognito windows.
Meta wants in the game as well. Nothing done on a phone with Meta apps is done in isolation.
Edit: seems like only vanilla mobile browsers affected. Brave was not vulnerable, DDG minimally so, and I expect Iron/Waterfox with uBlock would also not have allowed tracking.
https://securityonline.info/androids-secret-tracking-meta-yandex-abused-localhost-for-user-data/
What is IP triangulation?
Let’s say you use a VPN, and all your internet traffic comes from an IP in London. 178.238.10.1.
It doesn’t matter if you have a VPN, if you log in to anything with any account tied to your real name ([email protected]), your email and anything done on that London IP are all linked. Google builds a profile on you based on the activity on that IP. AND your browser profile. Private/incognito window or not, if there’s a Google tracker on the site, they connect it all. Google doesn’t care about private windows. If you go to reddit in a private window on the same IP as your gmail, Google sees that and tracks every page you look at.
So let’s say that you log into your email from work. Google now has a treasure trove of new info about you and people you know. Same for FB, who uses the fact that you and someone else were logged on from the same IP range to suggest new friends.
Let’s pretend that you live in China and still have access to a VPN and want to learn about the Tienanmen Square Massacre. But the government can ask Google about you. What do you need?
- an IP never ever used with an account associated with an account with your real name.
- a no-log VPN that won’t tattle on you if asked what sites did you access on a specific date.
- a browser fingerprint never ever associated with an account tied to your real name.
Or you could just not use their toxic bullshit. I haven’t logged into Facebook in like 6 years.
Yeah, but they’ll still create a shadow profile on you and track your data anyway. Have a friend with an account? Your name and phone number is known to them. Even without a true identity attached, they will track you from your own devices, and then correlate that with everything else they can at every opportunity.
Also, Facebook is preinstalled as a system app (cannot be uninstalled without adb) on various manufacturer’s and carrier’s android builds.
I have my own company that helps companies websites. There is a company called 6sense that scares the crap out of me. They are able to use Facebook, insta, and reddit. They are able to assign an id to you, even in incog.
They have some crazy algorithm that can eventually match you to the real you. Then stick you in a cohort to sell to you.
Even if you use brave or Firefox. Doesn’t matter.
It’s actually kind of amusing and pathetic to me that they’re doing all this malignant privacy breaching, and putting such massive effort into it, but then only using it to serve you advertising, which I largely ignore anyway.
Some people still think it’s only advertising and that the advertisements don’t work. That’s even scarier.
Can they do this on iPhone
Also they can only do this if you got fb installed right? Cause I uninstalled insta a while ago
Any meta service no just FB
I’m asking if they can still do this if u uninstalled the app on iPhone, the post talks abt android
I am so happy that I deleted my account on Fecesbook back in 2019. Plus, I am blocking Meta through RethinkDNS. Can’t be more happy!
These were all cross posts. Use a different client.
Yes, by different users at different times, thats my point.
But the conversation is unique in each community. And each community may not have federated to every instance. This is the Fediverse, not a single site with sub communities.
I do think it would be nice if a client/backend could:
- Take any cross-post link from the main post
- Query any description/comments for cross posts
- Add to the currently displayed comments
- Tack on descriptions as comment blocks with an @ to the cross posting OP to the displayed description
- Mark cross-posts as read when main is read
This would be easier in Lemmy, but could be done with a client, Thunder might be interested.
