A few counterarguments on #LocalMess (#Facebook #Instagram #Yandex #LocalhostTracking), why this would make #Android worse than #iOS:

This vuln seems to only have existed on Android, but not everyone would need to be affected by it.

I see #GrapheneOS as a perfected form of the Android idea (stripping the #Advertizing and Tracking from it, and adding needed permissions).

1/8

This Week in Security: The Localhost Bypass, Reflections, and X - Facebook and Yandex have been caught performing user-hostile tracking. This sort o... - https://hackaday.com/2025/06/13/this-week-in-security-the-localhost-bypass-reflections-and-x/ #thisweekinsecurity #hackadaycolumns #securityhacks #localmess #lunchbox #news #x

Companies are pushing non-stop for users to move from web apps to phone apps. They justify the push saying phone apps are more secure. But that's a blatant lie. They want you to move to phone apps so they have a lot more control over you, and can drain a lot more information about you. The recent #LocalMess misbehavior from #Meta is just one more example showing this: if you install their app, the OS will allow them doing many things the web browser won't. https://localmess.github.io/

Meta (Facebook) deserves a 32 B$ fine: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could #localmess #meta #facebook #instagram #gdpr #privacy

#Meta #Facebook and #Yandex are always looking for new ways to spy on you and track you. #LocalMess is the latest in a long line of abusive methods to gather your private data. Having their mobile app installed gives them super powers. Uninstall it. If you must use these services, do not use their app, keep it in the browser, or even better, use a wrapper app, like

* https://f-droid.org/packages/it.rignanese.leo.slimfacebook/
* https://f-droid.org/packages/us.spotco.maps/

Here is a nice technical write up:
https://localmess.github.io/

#Zuckerberg’s privacy pledge revealed as ineffectual

Millions of websites are leaking your private information to #Meta, the parent company of #Facebook, #Instagram, etc. By hacking #Android browser features in ways that were never intended, Meta is tracking you all the way around the web—with no disclosure nor oversight.

Incognito mode doesn’t stop it; neither does blocking 3rd-party cookies. Russian social giant #Yandex is doing it too.

As soon as researchers disclosed the #LocalMess problem, Meta stopped it—for now. In #SBBlogwatch, we go live in a cave.

https://securityboulevard.com/2025/06/meta-local-mess-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#Meta is seriously concerning

Their apps open local ports on #Android, while their #tracking pixels, embedded in thousands of websites, connect to these ports and gather information about users. This effectively bypasses #privacy measures such as private browsing or clearing cookies, making users personally identifiable on websites that use those pixels.

Although it appears they have stopped this technique after it was uncovered, it still reveals Meta's true intentions, imho.

La pillada que le acaban de hacer a Meta espiando y desanonimizando a usuarios de Android es tremenda. Ojalá se lleven una multa descomunal, pero dudo que eso pase o si pasa dudo que valga para cambiar nada. Poca opción nos queda como usuarios más allá de dejar de usar aplicaciones de este tipo de empresas y bloquear todos los trackers que podamos en las webs que visitemos.

https://localmess.github.io/