- cross-posted to:
- privacy@lemmy.world
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.world
- privacy@lemmy.ml
“Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.”
You must log in or register to comment.
Its reliant on running a normie phone and OS, and running the native FB, instagram, or other apps in the Meta constellation. These apps create persistent services that internally backchannel sensitive browser data back to them via internal ports. All browser traffic on devices running these apps should be considered compromised.
The solution is to run Graphene or other de-googled OS and avoid Meta apps like the plague.
The solution is to have stronger privacy laws.
If everyone followed your solution then Graphene will become the normie os and Facebook will start targeting it. Choosing an esoteric system for yourself is a good way for a free people to protect their privacy, but it won’t scale.
When we write our new constitution we need to include privacy as a right.
grapheneOS isn’t security through obscurity, they make efforts to harden the phone’s privacy. You’re right that, if it was mainstream, Meta would target it directly though.
The solution is to remove the profit motive from acquiring, selling, and monetizing our data. Laws alone don’t stop big corps from doing things.
The solution is to have stronger privacy laws.
Many people have the power to make certain privacy attacks impossible right now. I consider making that change better for those people than adding a law which can’t stop the behavior, but just adds a negative incentive.
I wouldn’t wait around for the law to prosecute MITM attacks, I would use end to end encryption.
Choosing an esoteric system for yourself is a good way for a free people to protect their privacy, but it won’t scale.
If this is referencing using a barely-used system as a privacy or security protection, then I would regard that as bad protection.
Everyone using GrapheneOS would be a net security upgrade. All the protections in place wouldn’t just fade away now that Facebook wants to spy on that OS. They’re still in place; Facebook’s job is still harder than it otherwise would be.
The problem is that GrapheneOS is only available for Pixel devices.
I really wish they would support other manufacturers, because I don’t really trust Google to make decent hardware (and to be frank, I don’t trust them with anything at all).
I use e/os which is at least de-googled & based on Lineage
Its not exactly Graphene but it works on 8+ old devices of various manifacturersI am very keen to get a Fairphone with e/os next time I switch devices.
Does it work well with Android Auto? I can’t drive much without a map and my music playlist.
did not test that but here is a page how to “google” the “de-googled” os for supporting that
https://doc.e.foundation/support-topics/android-autobecause of that lineage could be a better option
About Fairphone: there is an alternative (Shiftphone) that is more expensive but with the main plus points of having a higher storage option and the mainboard is replaceable, they also have somewhere a cheap (~200€) phone that should work if you really just need a phone
(i mention that as an option, because having choice is always better even if it ends up being the first thing that gets choosen)
The solution is public execution of at least a few tech CEOs. Then you’ll see how quick the invisible hand of the market seems to stop demanding profit maximization via spyware.
Don’t forget to also select a few shareholders for the sacrifice, those are what CEOs try to please.
Yeah, start from the biggest shareholder that ain’t the CEO
LMAO. You’re not wrong…
We need many more Luigis (allegedly)
I used Facebook on my GOS phone. I thank Meta for refreshing my weariness of big corp.
The solution is to
run Graphene or other de-googled OS andavoid Metaappslike the plague.FTFY
Doesn’t matter what OS you use.
im wondering, does using uBlock help in any way? can they block metas pixel and thereby protect you?
Yes. Because it blocks the meta pixel script from loading to begin with.
I would say it prevents the downloading and execution of such a script. DNS adblock would probably help too.
there is a blocklist with a name like block outsider intrusion to lan, but it’s off by default
You’re not affected if (and only if)
You always used the Brave browser or the DuckDuckGo search engine on mobile
I found that odd, but reading the more technical write up (linked in the article) it seems Brave blocks localhost communication.
The Chrome proposal references a single use case. I’ve never seen a website that sets up my local devices, but is this a new thing?
Why did localhost not get blocked earlier? This seems like a huge hole browsers have ignored for years.
Also the DuckDuckGo exception doesn’t make sense to me. Does DuckDuckGo have Facebook trackers on it to begin with? Whatever site DuckDuckGo sends you to, if they have the trackers, you’ll get tracked.
I suspect they might mean duckduckgo browser and not search engine?
I completely forgot that existed! Double checking the technical article they do correctly label it as a browser in their testing matrix/grid.
I just got confused by the clear “Brave browser” call out. When I hear DuckDuckGo I definitely don’t think browser.
Good catch!
Also if you don’t have the Facebook or instagram apps on your phone.
This is the way… even better, have no Meta accounts of any kind
On pc jetbrains toolbox uses localhost to login via browser for some reason, which was blocked by one of my extensions
Because if they were to block it, it would break lots of things, like when they broke file:// and users have no way to turn it back on except enable dev mode or debug mode, let alone having some easy way to toggle it on a per domain or per container basis…
Hmmm. That reminds me that I need to check to make sure the router is blocking all Facebook traffic.
Oh, malware I think it’s called
I can’t see from this article whether “could cost” means there are lawsuits ongoing/pending, or just the author has speculated what the fine could be if there were a lawsuit?
“Could” lol
The more it costs them the better
Despite the fact that this article explains the same thing like 5 times in a row as if I’m an idiot … uh, damn, Meta. Let me make sure I don’t have your apps on my phone.
Google tracks you based on the pixel size your chrome browser is amongst other things. They all have ways to know exactly who you are. You are not safe. Run!!
