Privacy

38823 readers

938 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

434

“Localhost tracking” explained. It could cost Meta 32 billion. (www.zeropartydata.es)

submitted 4 days ago by the_abecedarian@piefed.social to c/privacy@lemmy.ml

53 comments fedilink hide all child comments

"Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session."

you are viewing a single comment's thread
view the rest of the comments

[–] MimicJar@lemmy.world 10 points 3 days ago (4 children)

You’re not affected if (and only if)

You always used the Brave browser or the DuckDuckGo search engine on mobile

I found that odd, but reading the more technical write up (linked in the article) it seems Brave blocks localhost communication.

The Chrome proposal references a single use case. I've never seen a website that sets up my local devices, but is this a new thing?

Why did localhost not get blocked earlier? This seems like a huge hole browsers have ignored for years.

Also the DuckDuckGo exception doesn't make sense to me. Does DuckDuckGo have Facebook trackers on it to begin with? Whatever site DuckDuckGo sends you to, if they have the trackers, you'll get tracked.

[–] AnUnusualRelic@lemmy.world 3 points 2 days ago (1 children)

Also if you don't have the Facebook or instagram apps on your phone.

[–] Jhex@lemmy.world 2 points 2 days ago

This is the way... even better, have no Meta accounts of any kind

[–] Euphoma@lemmy.ml 3 points 3 days ago

On pc jetbrains toolbox uses localhost to login via browser for some reason, which was blocked by one of my extensions

[–] delusion@lemmy.myserv.one 4 points 3 days ago (1 children)

I suspect they might mean duckduckgo browser and not search engine?

[–] MimicJar@lemmy.world 5 points 3 days ago

I completely forgot that existed! Double checking the technical article they do correctly label it as a browser in their testing matrix/grid.

I just got confused by the clear "Brave browser" call out. When I hear DuckDuckGo I definitely don't think browser.

Good catch!

[–] interdimensionalmeme@lemmy.ml 2 points 2 days ago

Because if they were to block it, it would break lots of things, like when they broke file:// and users have no way to turn it back on except enable dev mode or debug mode, let alone having some easy way to toggle it on a per domain or per container basis..