this post was submitted on 03 Jun 2025
365 points (100.0% liked)

Technology

70997 readers
3393 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
365
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica (arstechnica.com)
submitted 4 days ago by otter@lemmy.ca to c/technology@lemmy.world
56 comments fedilink hide all child comments
 

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

you are viewing a single comment's thread
view the rest of the comments
[–] RvTV95XBeo@sh.itjust.works 20 points 4 days ago* (last edited 4 days ago) (2 children)

We found that browsers such as Chrome, Firefox and Edge are susceptible to this form of browsing history leakage in both default and private browsing modes. Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost; and DuckDuckGo was only minimally affected due to missing domains in their blocklist.

Aside from having uBlock Origin and not having any Meta/Yandex apps installed, anyone aware of additional Firefox settings that could help shut this nonsense down?

[–] Saleh@feddit.org 8 points 4 days ago (1 children)

I know that people here generally like to shit on Brave, but it seems that the claim "Privacy by default" has held up in this context.

[–] Manalith@midwest.social 1 points 3 days ago

Isn't that Proton's tagline?

[–] Quibblekrust@thelemmy.club 5 points 3 days ago* (last edited 3 days ago) (1 children)

I feel like that's all you need. You don't have their apps installed, so the problem is already solved. If you use uBlock Origin to block their trackers, the problem is solved. So you've solved it twice.

[–] RvTV95XBeo@sh.itjust.works 2 points 3 days ago

Yes and no, I've treated the symptoms, but not the problem. All it takes is a trillion dollar company buying a new domain every once in a while to foil uBlock, and now that it's more known, anyone can create an an app that opens ports and listens for trackers.

Would love it if Firefox would let me block all requests to localhost.