Avatar
Vitor Pamplona 6mo ago 💬 52

How do Facebook and Instagram apps track what you do in the browser, even in incognito mode?

Meta apps start a local server on the phone and keep it running in the background. The Meta analytics script, running on most websites, pings any "localhost" server with the anonymized tracker ID for that session. The app then associates the browser ID with your Meta account, and voilà, all your browsing history is now linked to your Facebook account.

Android is designed to block such things, but Meta found a workaround using basic Sockets and transmitting the tracker ID in the initial handshake of a WebRTC (voice call) request. It's genius and evil as fuck.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

Reply to this note

Please Login to reply.

Discussion

Avatar
YODL 6mo ago

It'd be cool if they respected privacy a little ffs

Avatar
Vitor Pamplona 6mo ago

If you have ever met a Facebook employee, you would know that they don't even respect each other's privacy internally. Much less other people's.

Avatar
YODL 6mo ago

I can't imagine the level of psychosis

Avatar
阿甘 6mo ago

as evil as Chinese apps

Avatar
namosca 6mo ago

A real patriot uses only local spyware!

Avatar
Jon 6mo ago

Does instagram / whatsapp do the same?

Avatar
Vitor Pamplona 6mo ago

Probably

Avatar
Jon 6mo ago

Shit

Avatar
Vitor Pamplona 6mo ago

For the technical folks: https://localmess.github.io/

Avatar
frphank 6mo ago

Why is there a "meta analytics" script on most web sites.

Avatar
Vitor Pamplona 6mo ago

If you are selling ads or buying ads, you have to add to increase their effectiveness. It also gives you a complete report of what type of people visit your website. Everybody loves it.

Avatar
Empka 6mo ago

So they can track and analyse the users who visit the site, what content they consume and what products they buy.

This information is sold both to the website owner (when they buy ads on meta's platforms) but also packaged up and sold on to companies that make a living from interpretating that data and selling it (down to the detail level of households and/or individuals).

Use Firefox+ublock origin, install a DNS adblocker like pi-hole on your network and last but not least: if you have to use their crap, do it in an isolated environment (virtual machine for example).

Avatar
frphank 6mo ago

Interesting. This works also if you don't have a Facebook account and/or their mobile app?

nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgswaehxw309ahx7um5wghx6mmd9u2mk7fe 's report said something about the mobile app installing a local server.

I use Brave everywhere sort of hoping it does something there but haven't really looked into what that is that is does I admit.

Avatar
Vitor Pamplona 6mo ago

Yep. You don't need a Facebook account to be tracked. They just correlate everything you click on and report it back.

Brave blocks meta scripts by default and replace it with their own ad tracking stuff.

Avatar
Vitor Pamplona 6mo ago

Similar to how Apple also blocks and forces Meta to use Apple Ad identifiers instead. Which in the end can be correlated together.

Avatar
frphank 6mo ago

Ok but that's just like any other tracking cookie.

Not that they're good but it's not the next level what with the local server

Avatar
namosca 6mo ago

Do you know if livre wolf/iron fox offers any protection?

Ps: I use noscript, which blocks all Javascript except what I approve

Would help If the JS name of this was disclosed

Avatar
Diff-thong 6mo ago

Niiiiice

Avatar
PK ⚡️ 6mo ago

Ingenious

Avatar
Skipper 6mo ago

nostr:nprofile1qqs9g69ua6m5ec6ukstnmnyewj7a4j0gjjn5hu75f7w23d64gczunmgpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43q4gnztg does this work on GrapheneOS?

Avatar
AADHIL 6mo ago 💬 1

That also a os which supports (same local server)

Avatar
Satosha 6mo ago

No wonder #Meta wont do their own phone ! .. and #Apple did what they did to double check user consent ! Not saying fruit company is all good !

nostr:nevent1qqsfwhwfu60nz85m2qknnmhlu7jgkveeda8ueh9gnf20k27hx39qkpgpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqqqqsst9j8g

Avatar
Ghost365 6mo ago

Great Article!

Avatar
Xtr3m3hodl 6mo ago

This requires having the Facebook mobile app installed though which is responsible for running the background service. If one doesn't have the Facebook mobile app installed, this doesn't work the way it is described?

Avatar
Vitor Pamplona 6mo ago

Facebook (confirmed), Instagram (confirmed), WhatsApp (unconfirmed), Messenger (unconfirmed), Threads (unconfirmed), etc...

Avatar
Xtr3m3hodl 6mo ago

I guess I'm not too shocked by this. Any company in the ads business is probably doing something similar. It's a good thing I don't have Instagram or Facebook installed on my device and haven't visited the site since 2017.

The native app is basically running a background service that the web pixel connects to. So it isn't really a problem with web browsers.

Avatar
Adam Back 6mo ago

i disagree

Avatar
Empka 6mo ago

It will work just as well with meta's other apps like WhatsApp, Instagram, etc

But yeah, it requires the company who wants to track you to have an app installed and running on your phone.

Avatar
Jose Sammut 6mo ago

I only have Facebook Messenger on my phone. Wonder if they're still spying. But I don't use their social medias so they ain't making any money out of it..

Avatar
Vitor Pamplona 6mo ago

You still show up in the analytics of all the websites you visited. They don't care if you don't use their apps. They can track that you saw their ad and you bought something without having to use their app. Facebook gets paid when that conversion happens.

Avatar
Jose Sammut 6mo ago

But I'm not seeing any ads by meta??

Avatar
Stoa Otter 6mo ago

[Privacidad]

Mi compañero de trinchera Jorge García Herrero haciendo fácil lo difícil en Zero Party Data. La newsletter que no te puedes perder.

Y encima se lo marca en inglés y en español.

Un artista como un campano.

Bravo, privacy warriors.

#hola #HispaNostrs #hispano #español

nostr:nevent1qqsfwhwfu60nz85m2qknnmhlu7jgkveeda8ueh9gnf20k27hx39qkpgpzpmhxue69uhkummnw3ezumt0d5hsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqqqqsydqfge

Avatar
Michael Friedl 6mo ago

Good article.

Avatar
OneBigLife 6mo ago

Make it your goal to NEVER run any Meta apps on your phone.

I have had this rule for several years now.

It's sometimes a pain being unable to be in (e.g. sports/social) groups run by WhatsApp normies, but the advantages easily outweigh the disadvantages. It's such a joy not seeing the relentless virtue signalling and group replies.

Another huge silver lining: by refusing to use WA, you can bring many more family and friends to Signal.

nostr:nevent1qvzqqqqqqypzq3svyhng9ld8sv44950j957j9vchdktj7cxumsep9mvvjthc2pjuqqsfwhwfu60nz85m2qknnmhlu7jgkveeda8ueh9gnf20k27hx39qkpgaqa4c8

Avatar
Sondre | satoshiconsult.com 6mo ago

Thanks for sharing, Vitor!

I deleted my last Zuckerborg account and all data in 2022.

My gut feeling always told me to opt out of Zuckerborg.

Avatar
Den Yellek 6mo ago

Oh I hate these apps so much. And they increasingly make the mobile website version unusable. Evil companies.

Avatar
Bitcoin ETF 6mo ago

If I need to Instagram or Facebook something I open it with Brave with automatic cash/history deletion every time I close the tab. No fucking meta apps (and no WhatsApp at all). But what an evil bitches they are!

Avatar
Myriel ✨ 6mo ago

🤯😱

Avatar
jsr 6mo ago

Truly clever stuff.

dd
linux dude 6mo ago

Brave blocks local host