linux-nerds.org

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica

Technology

58 Beiträge 39 Kommentatoren 757 Aufrufe

O This user is from outside of this forum
O This user is from outside of this forum
otter@lemmy.ca

schrieb am 3. Juni 2025, 13:06 zuletzt editiert von

#1

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
E A G L E 13 Antworten Letzte Antwort 3. Juni 2025, 13:18

377
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
E This user is from outside of this forum
E This user is from outside of this forum
einkorn@feddit.org

schrieb am 3. Juni 2025, 13:18 zuletzt editiert von

#2

Well, it's always been a cat and mouse game.

Just earlier today, I got a pop-up on YouTube about how they would block me after 3 videos because I use an ad blocker. Jump to now and everything is fine again. Thank you, uBlock Origin!
K R S 3 Antworten Letzte Antwort 3. Juni 2025, 13:46

80
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
A This user is from outside of this forum
A This user is from outside of this forum
alphane_moon@lemmy.world

schrieb am 3. Juni 2025, 13:28 zuletzt editiert von

#3

I am assuming all of this trash is blocked by uBlock Origin?
A F C 3 Antworten Letzte Antwort 3. Juni 2025, 13:57

9
E einkorn@feddit.org
3. Juni 2025, 13:18

Well, it's always been a cat and mouse game.

Just earlier today, I got a pop-up on YouTube about how they would block me after 3 videos because I use an ad blocker. Jump to now and everything is fine again. Thank you, uBlock Origin!
K This user is from outside of this forum
K This user is from outside of this forum
kerb@discuss.tchncs.de

schrieb am 3. Juni 2025, 13:46 zuletzt editiert von

#4

they still try that?

i can't remember the last time i have seen one of those warnings.
C U S 3 Antworten Letzte Antwort 3. Juni 2025, 13:52

24
K kerb@discuss.tchncs.de
3. Juni 2025, 13:46

they still try that?

i can't remember the last time i have seen one of those warnings.
C This user is from outside of this forum
C This user is from outside of this forum
cygnus@lemmy.ca

schrieb am 3. Juni 2025, 13:52 zuletzt editiert von

#5

I'm guessing you use Firefox? It's much better at evading that tracking.
C 1 Antwort Letzte Antwort 3. Juni 2025, 18:19

16
A alphane_moon@lemmy.world
3. Juni 2025, 13:28

I am assuming all of this trash is blocked by uBlock Origin?
A This user is from outside of this forum
A This user is from outside of this forum
artocode404@lemmy.dbzer0.com

schrieb am 3. Juni 2025, 13:57 zuletzt editiert von

#6

Seems like it's transferred through a cookie and javascript, so in theory you can block it with ublock or noscript and the like, but a sure way to block is to not have meta apps installed on your phone (or not signed in).
A 1 Antwort Letzte Antwort 3. Juni 2025, 14:13

13
A artocode404@lemmy.dbzer0.com
3. Juni 2025, 13:57

Seems like it's transferred through a cookie and javascript, so in theory you can block it with ublock or noscript and the like, but a sure way to block is to not have meta apps installed on your phone (or not signed in).
A This user is from outside of this forum
A This user is from outside of this forum
alphane_moon@lemmy.world

schrieb am 3. Juni 2025, 14:13 zuletzt editiert von

#7

I don't have any Meta apps installed.
P L 2 Antworten Letzte Antwort 3. Juni 2025, 14:38

6
A alphane_moon@lemmy.world
3. Juni 2025, 14:13

I don't have any Meta apps installed.
P This user is from outside of this forum
P This user is from outside of this forum
peffse@lemmy.world

schrieb am 3. Juni 2025, 14:38 zuletzt editiert von

#8

That's the fun part. They come preinstalled!
U P 2 Antworten Letzte Antwort 3. Juni 2025, 16:23

11
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
G This user is from outside of this forum
G This user is from outside of this forum
general_effort@lemmy.world

schrieb am 3. Juni 2025, 15:49 zuletzt editiert von

#9

Useless article, but at least they link the source: https://localmess.github.io/

We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

UPDATE: As of June 3rd 7:45 CEST, Meta/Facebook Pixel script is no longer sending any packets or requests to localhost. The code responsible for sending the _fbp cookie has been almost completely removed.
P 1 Antwort Letzte Antwort 4. Juni 2025, 10:28

44
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
L This user is from outside of this forum
L This user is from outside of this forum
laintrain@lemmy.dbzer0.com

schrieb am 3. Juni 2025, 15:52 zuletzt editiert von

#10

Block all tracking scripts and use Firefox Nightly with ublock when possible.
G A 2 Antworten Letzte Antwort 3. Juni 2025, 16:26

2
A alphane_moon@lemmy.world
3. Juni 2025, 14:13

I don't have any Meta apps installed.
L This user is from outside of this forum
L This user is from outside of this forum
laintrain@lemmy.dbzer0.com

schrieb am 3. Juni 2025, 15:53 zuletzt editiert von

#11

No WhatsApp?
T A 2 Antworten Letzte Antwort 3. Juni 2025, 16:51

5
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
E This user is from outside of this forum
E This user is from outside of this forum
eeyore_syndrome@sh.itjust.works

schrieb am 3. Juni 2025, 16:16 zuletzt editiert von eeyore_syndrome@sh.itjust.works 6. März 2025, 18:19

#12
Consider getting a modern Pixel w/GrapheneOS !
- Slaps his lap.
It has the Vanadium .
G 1 Antwort Letzte Antwort 3. Juni 2025, 16:28

4
P peffse@lemmy.world
3. Juni 2025, 14:38

That's the fun part. They come preinstalled!
U This user is from outside of this forum
U This user is from outside of this forum
umbrella@lemmy.ml

schrieb am 3. Juni 2025, 16:23 zuletzt editiert von umbrella@lemmy.ml

#13

.
L 1 Antwort Letzte Antwort 4. Juni 2025, 01:36

6
L laintrain@lemmy.dbzer0.com
3. Juni 2025, 15:52

Block all tracking scripts and use Firefox Nightly with ublock when possible.
G This user is from outside of this forum
G This user is from outside of this forum
grue@lemmy.world

schrieb am 3. Juni 2025, 16:26 zuletzt editiert von

#14

Not sure about the "nightly" part (as opposed to beta or stable), but yes.
L 1 Antwort Letzte Antwort 3. Juni 2025, 23:37

6
E eeyore_syndrome@sh.itjust.works
3. Juni 2025, 16:16
Consider getting a modern Pixel w/GrapheneOS!
- Slaps his lap.
It has the Vanadium.
G This user is from outside of this forum
G This user is from outside of this forum
grue@lemmy.world

schrieb am 3. Juni 2025, 16:28 zuletzt editiert von grue@lemmy.world 6. März 2025, 18:29

#15

Are you suggesting something like LineageOS is a better choice?

(Seriously asking: I've got a new-to-me Pixel that I'm looking to switch to a degoogled-ish ROM on, and Graphene and Lineage were the two front-runners.)
T P 2 Antworten Letzte Antwort 3. Juni 2025, 16:52

1
K kerb@discuss.tchncs.de
3. Juni 2025, 13:46

they still try that?

i can't remember the last time i have seen one of those warnings.
U This user is from outside of this forum
U This user is from outside of this forum
underpantsweevil@lemmy.world

schrieb am 3. Juni 2025, 16:35 zuletzt editiert von

#16

The business cycle dictates that companies try to re-implement bad ideas every six months to two years.

If the idea was good, they'd have implemented it and made their money. Only bad ideas are still ripe for exploitation and new economic growth, because you haven't had someone as smart as me to make them work right.
1 Antwort Letzte Antwort

7
O otter@lemmy.ca
3. Juni 2025, 13:06

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica (arstechnica.com)
R This user is from outside of this forum
R This user is from outside of this forum
rvtv95xbeo@sh.itjust.works

schrieb am 3. Juni 2025, 16:37 zuletzt editiert von rvtv95xbeo@sh.itjust.works 6. März 2025, 18:39

#17

We found that browsers such as Chrome, Firefox and Edge are susceptible to this form of browsing history leakage in both default and private browsing modes. Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost; and DuckDuckGo was only minimally affected due to missing domains in their blocklist.

Aside from having uBlock Origin and not having any Meta/Yandex apps installed, anyone aware of additional Firefox settings that could help shut this nonsense down?
S Q 2 Antworten Letzte Antwort 3. Juni 2025, 18:43

13
A alphane_moon@lemmy.world
3. Juni 2025, 13:28

I am assuming all of this trash is blocked by uBlock Origin?
F This user is from outside of this forum
F This user is from outside of this forum
frellwit@lemmy.world

schrieb am 3. Juni 2025, 16:39 zuletzt editiert von

#18

EasyPrivacy should block Meta and Yandex pixels by default. If you have the knowledge you can put uBO in "hard mode" which will block all 3p connections. It requires you to know which CDNs to allow or websites will be broken.
A 1 Antwort Letzte Antwort 3. Juni 2025, 17:42

1
L laintrain@lemmy.dbzer0.com
3. Juni 2025, 15:53

No WhatsApp?
T This user is from outside of this forum
T This user is from outside of this forum
theloweststone@lemmy.world

schrieb am 3. Juni 2025, 16:51 zuletzt editiert von

#19

I'd nail my foot to the floor before I installed WhatsApp.
L 1 Antwort Letzte Antwort 3. Juni 2025, 23:36

6
G grue@lemmy.world
3. Juni 2025, 16:28

Are you suggesting something like LineageOS is a better choice?

(Seriously asking: I've got a new-to-me Pixel that I'm looking to switch to a degoogled-ish ROM on, and Graphene and Lineage were the two front-runners.)
T This user is from outside of this forum
T This user is from outside of this forum
theloweststone@lemmy.world

schrieb am 3. Juni 2025, 16:52 zuletzt editiert von theloweststone@lemmy.world 6. März 2025, 18:52

#20

I'm running Graphene and I'm very happy with it.
1 Antwort Letzte Antwort

4

Anmelden zum Antworten

4/58

3. Juni 2025, 13:46

54 ungelesen

P

Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 vor 13 Tagen
vor 16 Tagen
1

133 Stimmen

11 Beiträge

64 Aufrufe

S vor 13 Tagen

Leaving in the hat is a nice touch.
J

Free online tool hub – from text utilities to SEO tools, no sign-up, no ads, works instantly ⚡
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 vor 18 Tagen
vor 18 Tagen

2 Stimmen

3 Beiträge

18 Aufrufe

N vor 18 Tagen

Why lie? There's absolutely no reason to lie here. Nevermind. Vibe coded cyberjunk.
D

BBC gains rare access to the Congolese mine powering mobile phones
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 vor 28 Tagen
vor 29 Tagen
1

128 Stimmen

8 Beiträge

97 Aufrufe

R vor 28 Tagen

In propaganda, the main thing is not to confuse militants with insurgents.
B

What is this new Bitchat scam that crypto-bros think is good?
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 9. Juli 2025, 02:14
8. Juli 2025, 21:52

7 Stimmen

6 Beiträge

70 Aufrufe

I 9. Juli 2025, 02:14

It's fully Bluetooth, so it's not exactly the same as the internet messaging apps
P

[JS Required] How Performant are LLM Agents(AI Chatbots) on Real World Work Tasks? They Fail 70% or More of The Time.
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 1. Juli 2025, 04:14
29. Juni 2025, 13:13

90 Stimmen

20 Beiträge

202 Aufrufe

W 1. Juli 2025, 04:14

At least with AI it's easy to see how shitty it gets as the codebase grows working on even a toy project over a week. Then again, if you have no frame of reference maybe that doesn't feel as awful as it should.
O

Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 26. Juni 2025, 21:50
26. Juni 2025, 00:20
1

183 Stimmen

9 Beiträge

77 Aufrufe

G 26. Juni 2025, 21:50

i used to work for secretary of state police and driver privacy was taken deathly seriously. glad to see alexi’s keeping up the good work.
P

The Current System of Online Advertising has Been Ruled Illegal by The Belgian Court of Appeal. Advertising itself is Still Allowed, but not in a Way That Secretly Tracks Everyone’s Behavior.
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 13. Juni 2025, 12:22
10. Juni 2025, 13:22
1

1k Stimmen

95 Beiträge

2k Aufrufe

G 13. Juni 2025, 12:22

Obviously the law must be simple enough to follow so that for Jim’s furniture shop is not a problem nor a too high cost to respect it, but it must be clear that if you break it you can cease to exist as company. I think this may be the root of our disagreement, I do not believe that there is any law making body today that is capable of an elegantly simple law. I could be too naive, but I think it is possible. We also definitely have a difference on opinion when it comes to the severity of the infraction, in my mind, while privacy is important, it should not have the same level of punishments associated with it when compared to something on the level of poisoning water ways; I think that a privacy law should hurt but be able to be learned from while in the poison case it should result in the bankruptcy of a company. The severity is directly proportional to the number of people affected. If you violate the privacy of 200 million people is the same that you poison the water of 10 people. And while with the poisoning scenario it could be better to jail the responsible people (for a very, very long time) and let the company survive to clean the water, once your privacy is violated there is no way back, a company could not fix it. The issue we find ourselves with today is that the aggregate of all privacy breaches makes it harmful to the people, but with a sizeable enough fine, I find it hard to believe that there would be major or lasting damage. So how much money your privacy it's worth ? 6 For this reason I don’t think it is wise to write laws that will bankrupt a company off of one infraction which was not directly or indirectly harmful to the physical well being of the people: and I am using indirectly a little bit more strict than I would like to since as I said before, the aggregate of all the information is harmful. The point is that the goal is not to bankrupt companies but to have them behave right. The penalty associated to every law IS the tool that make you respect the law. And it must be so high that you don't want to break the law. I would have to look into the laws in question, but on a surface level I think that any company should be subjected to the same baseline privacy laws, so if there isn’t anything screwy within the law that apple, Google, and Facebook are ignoring, I think it should apply to them. Trust me on this one, direct experience payment processors have a lot more rules to follow to be able to work. I do not want jail time for the CEO by default but he need to know that he will pay personally if the company break the law, it is the only way to make him run the company being sure that it follow the laws. For some reason I don’t have my usual cynicism when it comes to this issue. I think that the magnitude of loses that vested interests have in these companies would make it so that companies would police themselves for fear of losing profits. That being said I wouldn’t be opposed to some form of personal accountability on corporate leadership, but I fear that they will just end up finding a way to create a scapegoat everytime. It is not cynicism. I simply think that a huge fine to a single person (the CEO for example) is useless since it too easy to avoid and if it really huge realistically it would be never paid anyway so nothing usefull since the net worth of this kind of people is only on the paper. So if you slap a 100 billion file to Musk he will never pay because he has not the money to pay even if technically he is worth way more than that. Jail time instead is something that even Musk can experience. In general I like laws that are as objective as possible, I think that a privacy law should be written so that it is very objectively overbearing, but that has a smaller fine associated with it. This way the law is very clear on right and wrong, while also giving the businesses time and incentive to change their practices without having to sink large amount of expenses into lawyers to review every minute detail, which is the logical conclusion of the one infraction bankrupt system that you seem to be supporting. Then you write a law that explicitally state what you can do and what is not allowed is forbidden by default.
F

A Presence-sensing Drive For Securely Storing Secrets
Beobachtet Ignoriert Geplant Angeheftet Gesperrt Verschoben Technology technology
58 26. Mai 2025, 21:29
25. Mai 2025, 07:10
1

18 Stimmen

9 Beiträge

86 Aufrufe

D 26. Mai 2025, 21:29

Isn't that arguably the nature of encryption, though? If you lose the key, you're SOL by design.