Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica
Technology
58
Beiträge
39
Kommentatoren
756
Aufrufe
-
Are you suggesting something like LineageOS is a better choice?
(Seriously asking: I've got a new-to-me Pixel that I'm looking to switch to a degoogled-ish ROM on, and Graphene and Lineage were the two front-runners.)
schrieb am 3. Juni 2025, 21:35 zuletzt editiert vonIf it's a Pixel anyway, GrapheneOS has a few nice security and privacy features that LineageOS doesn't have (yet?).
I think both are pretty great and much better than most alternates.
-
That's the fun part. They come preinstalled!
schrieb am 3. Juni 2025, 21:36 zuletzt editiert von pinball_wizard@lemmy.zip 6. März 2025, 23:37I'm so quick to install a custom ROM, I forgot the Meta spyware comes pre-installed on many phones. Ugh.
-
I am assuming all of this trash is blocked by uBlock Origin?
schrieb am 3. Juni 2025, 21:53 zuletzt editiert vonCheck that "Filter lists > Privacy > Block outsider intrusion into LAN" is enabled and you should be fine
-
Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.
The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.
schrieb am 3. Juni 2025, 22:01 zuletzt editiert vonMeta should be broken up and its leadership barred from working in tech (or politics)
-
Even then, most tracking is done through fingerprinting.
schrieb am 3. Juni 2025, 22:26 zuletzt editiert von lv_insane_vl@lemmy.world 6. Apr. 2025, 00:26Yeah it makes me laugh when people talk about "don't use cookies" or "block ads" like companies didn't switch to more advanced techniques (like hell, I saw a paper where they could fingerprint you just simply by how you interact with the webpage) 15 years ago.
There is no way to use the modern web without getting fingerprinted.
-
Meta should be broken up and its leadership barred from working in tech (or politics)
schrieb am 3. Juni 2025, 23:16 zuletzt editiert von mimicjar@lemmy.world 6. Apr. 2025, 01:17and its leadership barred
from working in tech (or politics) -
Yeah it makes me laugh when people talk about "don't use cookies" or "block ads" like companies didn't switch to more advanced techniques (like hell, I saw a paper where they could fingerprint you just simply by how you interact with the webpage) 15 years ago.
There is no way to use the modern web without getting fingerprinted.
schrieb am 3. Juni 2025, 23:29 zuletzt editiert vonWell “block ads” is also shorthand for “block as many 3rd-party requests as possible while maintaining the desired content” which absolutely improves your privacy and prevents a lot of fingerprinting scripts from ever loading.
-
Well “block ads” is also shorthand for “block as many 3rd-party requests as possible while maintaining the desired content” which absolutely improves your privacy and prevents a lot of fingerprinting scripts from ever loading.
schrieb am 3. Juni 2025, 23:32 zuletzt editiert vonThat's the thing though, websites have gone away from "fingerprinting scripts" and have started finger printing you by what you serve, how and when you access it, and other things that they can all collect purely on the server side. The rest is just for advertising and data collection for improvements.
-
I'd nail my foot to the floor before I installed WhatsApp.
schrieb am 3. Juni 2025, 23:36 zuletzt editiert vonSo you got all your friends, family and coworkers and acquaintances using Signal?
-
Not sure about the "nightly" part (as opposed to beta or stable), but yes.
schrieb am 3. Juni 2025, 23:37 zuletzt editiert vonI prefer nightly because about:config is accessible unlike on the mainline version. Does Beta also allow that?
-
That's the thing though, websites have gone away from "fingerprinting scripts" and have started finger printing you by what you serve, how and when you access it, and other things that they can all collect purely on the server side. The rest is just for advertising and data collection for improvements.
schrieb am 3. Juni 2025, 23:40 zuletzt editiert vonAll of this is far easier to subvert than tracking scripts (and cookies and port scans) which literally as evidenced by the article in the OP are not techniques that companies have "gone away" from at all, at least not by entirely replacing them.
-
So you got all your friends, family and coworkers and acquaintances using Signal?
schrieb am 4. Juni 2025, 00:03 zuletzt editiert vonMost of the people I talk to regularly, yes. I also use Discord for less private stuff, less personal contacts, and for video chat when I play D&D. I text with my wife and one friend who I mostly discuss D&D with. Both of them have Signal if I needed to reach out to them privately or while abroad. For the record, I would like to get off Discord but audio and video quality are really important to me and I haven't found a good replacement yet.
I also have a seperate (company paid) phone for all work communications. There's ups and downs to that but it definitely contributes to my ability to be restrictive in what apps I put on my phone.
-
We found that browsers such as Chrome, Firefox and Edge are susceptible to this form of browsing history leakage in both default and private browsing modes. Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost; and DuckDuckGo was only minimally affected due to missing domains in their blocklist.
Aside from having uBlock Origin and not having any Meta/Yandex apps installed, anyone aware of additional Firefox settings that could help shut this nonsense down?
schrieb am 4. Juni 2025, 00:49 zuletzt editiert von quibblekrust@thelemmy.club 6. Apr. 2025, 02:50I feel like that's all you need. You don't have their apps installed, so the problem is already solved. If you use uBlock Origin to block their trackers, the problem is solved. So you've solved it twice.
-
they still try that?
i can't remember the last time i have seen one of those warnings.
schrieb am 4. Juni 2025, 00:50 zuletzt editiert vonGoogle doesn't do global roll outs with their updates. The anti adblock stuff especially. They target only some % of randomly selected users to spread confusion online, and I would guess their hope is to frustrate people into disabling ad blockers on Youtube after reading a bunch of misinformation and placebo bad advice when looking for tech support.
-
So you got all your friends, family and coworkers and acquaintances using Signal?
schrieb am 4. Juni 2025, 01:10 zuletzt editiert von pinball_wizard@lemmy.zip 6. Apr. 2025, 17:34So you got all your friends, family and coworkers and acquaintances using Signal?
Only the ones I like.
Joking aside, yes. I've found that just letting a friend or relative ask exploratory "how bad can WhatsApp be?" questions for about five minutes gets them to start the switch to Signal.
I can't take any credit, Meta decided to lean in hard on spying on people.
-
Fair warning: Last week one of my accounts was seemingly shadowbanned, and now gets "This content isn't available" on every video.
Logging out plays videos, making a new brand account worked, etc. and no notification from youtube.
schrieb am 4. Juni 2025, 01:31 zuletzt editiert vonYou were shadowbanned for watching youtube in a web browser with adblock? Sounds excessive.
-
schrieb am 4. Juni 2025, 01:36 zuletzt editiert von
For those use Universal Android Debloater Or Canta with shizuku from android to install for the current user.
-
I prefer nightly because about:config is accessible unlike on the mainline version. Does Beta also allow that?
schrieb am 4. Juni 2025, 01:37 zuletzt editiert vonBeta does and unlike nightly doesn't update every night.
There's also Fennec on fdroid if you need something stable with about:config support.
-
I feel like that's all you need. You don't have their apps installed, so the problem is already solved. If you use uBlock Origin to block their trackers, the problem is solved. So you've solved it twice.
schrieb am 4. Juni 2025, 02:17 zuletzt editiert vonYes and no, I've treated the symptoms, but not the problem. All it takes is a trillion dollar company buying a new domain every once in a while to foil uBlock, and now that it's more known, anyone can create an an app that opens ports and listens for trackers.
Would love it if Firefox would let me block all requests to localhost.
-
I know that people here generally like to shit on Brave, but it seems that the claim "Privacy by default" has held up in this context.
schrieb am 4. Juni 2025, 09:40 zuletzt editiert vonIsn't that Proton's tagline?
-
-
-
People Are Being Involuntarily Committed, Jailed After Spiraling Into "ChatGPT Psychosis"
Technology58 vor 11 Tagenvor 13 Tagen
1
-
-
-
-
Trump extends the TikTok ban deadline for a third time; there is no legal basis for the extensions and it is unclear how many times the deadline can be extended
Technology 19. Juni 2025, 18:35
1
-
