Oh, malware I think it's called
this post was submitted on 10 Jun 2025
433 points (100.0% liked)
Privacy
38823 readers
762 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
This feels like people should go to prison over it
32 billion still is nothing for these scumbags
JAIL MARC ZUCKERBERG ALREADY. That is still what we do with criminals, is it not?
Not the rich ones. See Trump and all his cronies.
That is still what we do with working class criminals
FTFY
No, we elect them as president
That is still what we do with criminals
Haha
I think this would warrant to get all websites using the facebook pixel on safe browsing lists and AV databases as infected with malware.
Maybe then the pressure on meta would be big enough to stop this shit, if all websites stopped to not use that anymore.
Btw, does anyone know if the localhost tracking is implemented in Whatsapp as well, or just FB and Instagram?
antiviruses are a scam. they were never flagging actual spyware as such
WhatsApp is owned by Meta, so you should expect that they will do this soon enough if they aren't doing it already.
I would bet a ton of money on WhatsApp being a spy machine in a way people don’t know yet. Their bullshit of end to end encryption and privacy while being a free app is undoubtedly some ruse to squeeze data out of people. There isn’t a fucking doubt in my mind.
Facebook is owning and operating a free and private messaging service? To what end? Yeah, nah. Not fuckin buying it.
My guess is that in some form they track contacts and link clicks. I genuinely don't think they're reading messages, but I think they do know eg that Bob is someone that likes to send people links and that there are 5 people that always open those links. So they may have directed model of linked topics between people.
Even if this isn't true though, owning WhatsApp probably gives Meta a lot of culture impact in a similar way to Google and Gmail. The fact that they could create their Meta AI model and put it in front of like a billion people overnight won't be lost on shareholders.
But google and Gmail are massive spying machines. They’re not just cultural impact loss leaders.
Oh sorry, I'm not denying that at all. I was only drawing on the comparison of Gmail being pretty ubiquitous like WhatsApp is.
Yeah, I mean outside the US WhatsApp is basically texting for everyone I’ve met. It’s definitely accomplished that. I just can’t imagine something that massive not being used to spy. Especially given that it’s free. I don’t imagine they’re above reading messages. Because all of that server power and access worldwide, they’re definitely prying somehow. Like we are just now finding out they’ve been circumventing VPNs and all methods to block their cookies? It’s literally impossible they’re not prying data out of WhatsApp users.
I can't see from this article whether "could cost" means there are lawsuits ongoing/pending, or just the author has speculated what the fine could be if there were a lawsuit?
Its reliant on running a normie phone and OS, and running the native FB, instagram, or other apps in the Meta constellation. These apps create persistent services that internally backchannel sensitive browser data back to them via internal ports. All browser traffic on devices running these apps should be considered compromised.
The solution is to run Graphene or other de-googled OS and avoid Meta apps like the plague.
The solution is to have stronger privacy laws.
If everyone followed your solution then Graphene will become the normie os and Facebook will start targeting it. Choosing an esoteric system for yourself is a good way for a free people to protect their privacy, but it won't scale.
When we write our new constitution we need to include privacy as a right.
grapheneOS isn't security through obscurity, they make efforts to harden the phone's privacy. You're right that, if it was mainstream, Meta would target it directly though.
The solution is to remove the profit motive from acquiring, selling, and monetizing our data. Laws alone don't stop big corps from doing things.
load more comments
(5 replies)
The solution is public execution of at least a few tech CEOs. Then you'll see how quick the invisible hand of the market seems to stop demanding profit maximization via spyware.
We need many more Luigis (allegedly)
Don't forget to also select a few shareholders for the sacrifice, those are what CEOs try to please.
Yeah, start from the biggest shareholder that ain't the CEO
LMAO. You're not wrong...
Almost sounds like you're blaming the user while also not understanding that a de-google phone isn't the solution because it's not part of the tracking.
While this is true, it's worth clarifying that GrapheneOS in particular is able to run apps sandboxed, so they can't communicate with eachother as they can on a stock OS.
Having said that, no one should expect that their right to privacy is given (or fought for), unless they take it first. Yes, laws and all, but user education is the bigger issue.
Users were onboarded onto the Internet before they had an understanding of the differences between cyberspace and meatspace, and how that could affect them. Placing the blame (and solutions) solely on third-parties is a dangerous mistake.
load more comments
(1 replies)
The solution is to ~~run Graphene or other de-googled OS and~~ avoid Meta ~~apps~~ like the plague.
FTFY
Doesn't matter what OS you use.
load more comments
(1 replies)
im wondering, does using uBlock help in any way? can they block metas pixel and thereby protect you?
You can Block WebRTC via uBlock.
From my understanding, this, along with setting Meta on fire, may mitigate the issue.
Let the Zucc feel the heat
Is that going to make video conference harder to use?
there is a blocklist with a name like block outsider intrusion to lan, but it's off by default
Yes. Because it blocks the meta pixel script from loading to begin with.
I would say it prevents the downloading and execution of such a script. DNS adblock would probably help too.
You’re not affected if (and only if)
You always used the Brave browser or the DuckDuckGo search engine on mobile
I found that odd, but reading the more technical write up (linked in the article) it seems Brave blocks localhost communication.
The Chrome proposal references a single use case. I've never seen a website that sets up my local devices, but is this a new thing?
Why did localhost not get blocked earlier? This seems like a huge hole browsers have ignored for years.
Also the DuckDuckGo exception doesn't make sense to me. Does DuckDuckGo have Facebook trackers on it to begin with? Whatever site DuckDuckGo sends you to, if they have the trackers, you'll get tracked.
Also if you don't have the Facebook or instagram apps on your phone.
This is the way... even better, have no Meta accounts of any kind
On pc jetbrains toolbox uses localhost to login via browser for some reason, which was blocked by one of my extensions
I suspect they might mean duckduckgo browser and not search engine?
I completely forgot that existed! Double checking the technical article they do correctly label it as a browser in their testing matrix/grid.
I just got confused by the clear "Brave browser" call out. When I hear DuckDuckGo I definitely don't think browser.
Good catch!
Because if they were to block it, it would break lots of things, like when they broke file:// and users have no way to turn it back on except enable dev mode or debug mode, let alone having some easy way to toggle it on a per domain or per container basis..
Despite the fact that this article explains the same thing like 5 times in a row as if I'm an idiot ... uh, damn, Meta. Let me make sure I don't have your apps on my phone.
Google tracks you based on the pixel size your chrome browser is amongst other things. They all have ways to know exactly who you are. You are not safe. Run!!
Hmmm. That reminds me that I need to check to make sure the router is blocking all Facebook traffic.
The more it costs them the better
"Could" lol
view more: next ›