Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.
The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they’re off-limits for every other site.
I am assuming all of this trash is blocked by uBlock Origin?
Seems like it’s transferred through a cookie and javascript, so in theory you can block it with ublock or noscript and the like, but a sure way to block is to not have meta apps installed on your phone (or not signed in).
I don’t have any Meta apps installed. :)
That’s the fun part. They come preinstalled!
some android phones go as far as come with an ununinstallable system app called “meta services” beyond the regular zucc apps.
For those use Universal Android Debloater Or Canta with shizuku from android to install for the current user.
I’m so quick to install a custom ROM, I forgot the Meta spyware comes pre-installed on many phones. Ugh.
No WhatsApp?
I’d nail my foot to the floor before I installed WhatsApp.
So you got all your friends, family and coworkers and acquaintances using Signal?
Only the ones I like.
Joking aside, yes. I’ve found that just letting a friend or relative ask exploratory “how bad can WhatsApp be?” questions for about five minutes gets them to start the switch to Signal.
I can’t take any credit, Meta decided to lean in hard on spying on people.
Most of the people I talk to regularly, yes. I also use Discord for less private stuff, less personal contacts, and for video chat when I play D&D. I text with my wife and one friend who I mostly discuss D&D with. Both of them have Signal if I needed to reach out to them privately or while abroad. For the record, I would like to get off Discord but audio and video quality are really important to me and I haven’t found a good replacement yet.
I also have a seperate (company paid) phone for all work communications. There’s ups and downs to that but it definitely contributes to my ability to be restrictive in what apps I put on my phone.
Got me on that one! I forgot about WhatsApp.
For what it’s worth I didn’t have it logged in until last week when I needed to get in touch with someone.
I will need to log out.
Check that “Filter lists > Privacy > Block outsider intrusion into LAN” is enabled and you should be fine
EasyPrivacy should block Meta and Yandex pixels by default. If you have the knowledge you can put uBO in “hard mode” which will block all 3p connections. It requires you to know which CDNs to allow or websites will be broken.
I am aware of hardmode, I used to use NoScript.
It’s a bit too much work these days.