Tootfinder

Researchers found that both #Meta snd #Yandex link(ed) IDs between browsers and their native apps by local communication on #Android devices.
E.g. the

"Localhost tracking" explicado https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

"Localhost tracking" explained. It could cost Meta 32 billion. (Jorge García Herrero/Zero Party Data)
https://www.zeropartydata.es/p/localhost-tracking-explained-it-could
http://www.memeorandum.com/250611/p10#a250611p10

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

“Localhost tracking” explained. It could cost Meta 32 billion.
You just can't finish off Zuckerberg.

Such a wild technical achievement in privacy invasion: Facebook app runs a localhost server so their tracker on web pages can ping it with session id and identify you -- even in Incognito or on VPN.
Don't trust apps with excessive permissions!
https://www.zeropartydata.es/p/localh…

Well that was interesting.
Ubuntu 24.04.2 LTS localhost ttyS0

Facebook got caught exploiting Android again to track you:
https://localmess.github.io

#Meta hat mit „localhost tracking“ ein technisches #Schlupfloch genutzt, das selbst im Inkognito-Modus, mit #VPN und gelöschten

“Localhost tracking” explained. It could cost Meta 32 billion.
You just can't finish off Zuckerberg.

Finished writing big ansible script, Yeah! Runs! Yeah! Actually creates the DNS in infoblox, Yeah! Makes the instance in VMware, Yeah! Promptly does all other customization.... on localhost? Face palm.

Thanks to @… for showing me how it's possible to add CA certs to tvOS which got the Infuse client working with custom certs. Everything looks great, put Jellyfin's `8096` port on localhost, and `nginx` is doing what it's supposed to: service secure content. Both Apple TVs have the certs installed and both are able to pull content from Jellyfin …

Wenn ein CFO Bilanzen fälscht, landet er im Gefängnis. Wenn ein CTO massenhafte Überwachung organisiert, wird er befördert.
Metas Localhost Tracking-Programm ist ein Paradebeispiel für den moralischen Verfall in der Tech-Branche. https://www.mrak.at/2025/06/15/ueberwacht-

Mainstream social media apps spy on you. This isn't even the first such revelation. All social nedia works just fine in your web browser, which defeats a lot of those shenanigans.
If you really want a separate app, consider a second web browser. Also, Mastodon apps should be fine (but be careful with the less popular ones).

Meta pauses mobile port tracking tech on Android after researchers cry foul
: Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins

#mastoadmin #mastodonadmin note on v4.4.1
mastodon@localhost:~/live$ grep LIBVIPS .env.production
MASTODON_USE_LIBVIPS=false
"Mastodon support for ImageMagick is deprecated and will be removed in future versions. Please consider using libvips instead."
(The time h…

@… @…
Not to mention the surprising ways that apps open you up to tracking *outside the app* even in Incognito:

Got banned from write.as for triggering an anti-SEO alert — apparently too many links to http://localhost (yes, really). I emailed support right away, assuming it would be resolved quickly. Two weeks later: still banned.
So I took it personally.
According to their rules, I need to delete all posts before I can delete the account… but I can’t do that because, well, I’m banned. 😅
Thanks to full approval from the CEO of TYOLabs.com (me) and the swift action of their lead sysad…

#mastoadmin #mastodonadmin note on v4.4.0
mastodon@localhost:~/live$ grep LIBVIPS .env.production
MASTODON_USE_LIBVIPS=false
"Mastodon support for ImageMagick is deprecated and will be removed in future versions. Please consider using libvips instead."
(The time h…