A sophisticated tracking method employed by Meta (Facebook) and Yandex that potentially affected billions of Android users through covert web-to-app communications via localhost sockets.

The technique allowed native Android apps, including Facebook and Instagram, to silently receive browser metadata, cookies, and commands from Meta Pixel scripts embedded on thousands of websites, effectively linking mobile browsing sessions to user identities and bypassing standard privacy protections.

    • @vrighter@discuss.tchncs.de
      73 days ago

      localhost is “this device”.

      connecting to localhost means connecting to something running on the same machine.

      Browsers generally block connections to other domains (ex if you’re on google.com, the browser won’t simply let the site contact amazon.com willy-nilly).

      But localhost is your own machine, so it is usually “trusted”. Facebook exploited this fact to exfiltrate data from the browser to the other apps running on your own phone, which would, in turn be free to do with it as they please, because they’re not the browser

      • @andybytes@programming.devEnglish
        -32 days ago

        Well, the same individuals that are preying on the children are the same individuals that spread how to cheat in video games. Then now we are no longer allowed to own our video games and they force us to use an operating system that is basically a virus. Then on top of that they want you to install a root kit where basically the video game company can just diddle with their dick beaters through your machine. I’d rather stare at the wall then to give in to any of this. If there was like a moment where I was near the button and they were going to tell me that I had to live this way, I’d push that button. There is always an option and sometimes that option is chaos and destruction. I’m not scared of nukes and I lean into the apocalypse. like, look what you forced me to do. How could you? Smash smash smash. You want to know who has the most child corn? the intelligence agencies. Those that want to save the children are those that harm the children. It’s all about managing perception. “Oh the humanity… You gotta save the children. Oh, the children.” At this point, you should have gotten it by now considering of all the dead children that we’ve recently killed in the world. This internet security nonsense is just about corporate control and walled gardens, so they can manage perception and expand the empire further. This should be always the framework that you go by. It’s us the people against the tyrants, the capitalist class and The Tech Bros. I think it’s been at least a decade, at least, since I’ve purchased a video game. Well I did buy. “Good boy” on itch.io for my miyoo mini. Fuck steam, fuck em all…fuck social media and all those “you are perinoid” types. There are background processes that control your life and you will either acknowledge them or ignore them. But don’t cry out gawd to make your life better. It ain’t listening but the corporate gooners are.

    • @andybytes@programming.devEnglish
      -12 days ago

      Your computer can have a static IP or a dynamic IP. A static IP is an IP that doesn’t change. This could be a cash register. A dynamic IP is a device that you connect to the internet to surf the hub like a tablet. Or your Wi-Fi or any network. And these addresses are needed to direct and identify because without this nothing will work. Now, everybody’s local host is most likely, now I don’t know everything, but is the same 127.0.0.1 … So you can spin up or install a program on a server and use that server’s IP address remotely, even though it has its own local address or on your own computer and since you’re not connecting to that service remotely, you just use your local address 192.166.3.4 (ip) vs 127.0.0.1 (local host). Now your device is recognized by the router through its Mac address. It’s like the computer’s DNA. A unique identifier. Which can be spoofed. Shit on top of shit.