#Facebook is always hungry for all of your data.
The ecosystem maintained by #Meta will always try to scoop as much data as possible about you.
And they also love to spy on you while you’re not even using their services.
The “Meta pixel” has so far been adopted by ~20% of most visited websites.
It’s an invisible element rendered on all those webpages whose purpose is to spy on you. It’s thanks to these pixels that Meta probably has details about your tax returns and medical records.
But that isn’t enough for the espionage company better known as Meta.
After rolling out the tracking pixels about 10 years ago, many browsers and extensions have learned how to block them.
If you use Firefox in Strict mode, and/or the Facebook Container extension, and/or Privacy Badger or uBlock Origin, then chances are that your browser is blocking Meta’s creepy eyes.
Probably there aren’t a lot of people out there who take these measures, as they usually involve some degree of tech-savvyness. But the fact that there are still some people on planet earth that are trying to block their creepy eyes, some people whose tax returns, health records or sexual habits aren’t known to them, makes Meta uneasy. After all, it’s a company explicitly designed to know EVERYTHING about EVERYONE!
So what have they done?
Well, they basically opened a local backdoor on all Android phones that have some of their apps installed.
Usually a mobile app with INTERNET permissions can bind to any non-privileged TCP port on the local interface.
And that’s exactly what their mobile apps are doing.
They open a localhost socket, and then whenever you open your mobile browser on a website that has one of their trackers the JavaScript code tries to connect to that port to push scraped data from your browsing history to their apps.
They basically abuse the localhost sandbox, usually used by developers and less subject to the scrutiny of tracker-blocking software, to funnel private data scooped up from your usage of other websites, unencrypted, to their own apps, which in turn pushes it to their servers.
To be clear, this isn’t something new. Yandex has been doing it since 2017. And by now you probably shouldn’t trust any large-scale apps that come out of the US, Russia or China because they are all funded by State-sponsored programs whose aim is collective espionage and data collection.
If you want to protect yourself:
- Never use Chrome for browsing. Only use Firefox or one of its forks. And, since Firefox is the only mobile browser that supports extensions, don’t forget to install Facebook Container (which limits all activities related to known Meta domains in their own sandbox), Privacy Badger and uBlock Origin on it. And I would also recommend NoScript - better to explicitly whitelist all JavaScript content that you want to run on your devices than risking your data leaking to unintended actors. The way Meta exploits these loopholes in the browser to violate people’s privacy shows that it’s no longer tolerable to have browsers that don’t actively provide users ways to block trackers. Google acknowledged Meta’s abuse, allegedly provided a patch to close the localhost loophole, but still doesn’t provide privacy-focused features in their browser because they have a strong conflict of interests - because they also profit from violating people’s privacy. Ditching their products has now become a civic duty.
- Uninstall the Facebook and Instagram apps. Use the website instead. Webpages run in the browser’s sandbox and can’t just arbitrarily access the storage or start TCP services. I know that Facebook and Instagram in a browser suck, and that’s deliberate - it’s all part of Meta’s plan to force people to use their apps instead. But maybe it’s a good way to limit your usage of this crap.
- Avoid using WhatsApp through their app directly too if you can (sure, individual messages are E2E encrypted, but there’s plenty of juicy metadata that they can still scoop up from your app usage). I personally use Matrix with a WhatsApp bridge, so I can interact with my conversations directly from my Element app instead of using WhatsApp directly on the phone.
- Use Meta’s services as little as possible. If there’s some data point that they can harvest and sell about you, then rest assure that they will do. Moving to privacy-aware decentralized solutions like the Fediverse is now a civic duty. The more people move over their content, the more Meta’s services lose their value, the less people will be inclined to use them even if they hate them just because “everyone else is there”.
Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup
Experts say some hospitals’ use of an ad tracking tool may violate a federal law protecting health informationthemarkup.org
Kruku
in reply to Michael • • •