I really enjoyed @gabestein's blog post on the latest #meta security scandal: #localmess

https://buttondown.com/gabestein/archive/you-simply-cannot-trust-these-people/

#meta #facebook #instagram #android

Wenn ihr so etwas wie Instagram oder Facebook auf dem Handy nutzt, dann verwendet bitte _niemals_ die Apps. Installiert euch Fennec mit uBlock Origin. Wie das geht habe ich hier erklärt:

https://www.youtube.com/watch?v=a5-qV6OUV_o
https://www.spacefun.ch/linux-videos#android1

#localmess #tracking #surveillance #blackhatcapitalism

#Passwort - der Podcast von #heise #security: Lokale Sauereien von #Meta und #Yandex
#Browser #Facebook
#WhatsApp #DSGVO

Meta und Yandex sind bei #Trackingmethoden erwischt worden, die weit über das Übliche hinausgehen. Christopher und Sylvester sehen sich die Publikation "
#LocalMess" an. Darin dokumentieren Forscher #Tracking-Tricks dieser Firmen, die den Nutzerwünschen explizit zuwiderlaufen, Securitymaßnahmen untergraben und #Kommunikation verschleiern.

Die Hosts haben Mühe, noch einen Unterschied zum Vorgehen typischer #Malware zu sehen.

Webseite der Episode:
https://passwort.podigee.io/34-lokale-sauereien-von-meta-und-yandex

Mediendatei:
https://audio.podigee-cdn.net/1973369-m-54944d53cac54770deb6feecac8ac80e.mp3?source=feed

@ulrichkelber

echt guter Podcast zum Thema #LocalMess von @heisec , wie #Meta und Yandex mit ihren Apps als Schadsoftware agiert haben.

Die Apps #Facebook & #Instagram & #Yandex haben Schutzmaßnahmen des Betriebssystems umgangen, also von #Android. So konnten alle Aktivitäten im Browser getrackt werden, solange das passende Trackingscript auf der Website ausgespielt wird.

Apps deaktivieren / Werbeblocker installieren.

https://passwort.podigee.io/34-lokale-sauereien-von-meta-und-yandex

#datensicherheit #tracking #adblock #adblocker #podcast

#localmess
Im Transcript des Podcasts „Security Now“ kann man Details als Zusammenfassung nachlesen

https://www.grc.com/sn/sn-1029-notes.pdf

Und auch hier

https://schleuss.online/@itnewsbot/114676551224936477

wer noch einen Anstoß braucht Meta endgültig zu verlassen:

🔐 Security News: „Local Mess“ – Neue Tracking-Methode entdeckt!

Wer glaubt, dass Meta & Co. es beim Online-Tracking nicht übertreiben – der sollte jetzt genauer hinsehen. Ein aktueller Bericht zeigt, wie Webseiten teils heimlich das lokale Dateisystem von Nutzern auslesen, um deren Surfverhalten zu verfolgen und Profile zu erstellen. 😳

Diese Methode wurde unter dem Namen „Local Mess“ bekannt : https://localmess.github.io/
#localmess

Companies are pushing non-stop for users to move from web apps to phone apps. They justify the push saying phone apps are more secure. But that's a blatant lie. They want you to move to phone apps so they have a lot more control over you, and can drain a lot more information about you. The recent #LocalMess misbehavior from #Meta is just one more example showing this: if you install their app, the OS will allow them doing many things the web browser won't. https://localmess.github.io/

Meta (Facebook) deserves a 32 B$ fine: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could #localmess #meta #facebook #instagram #gdpr #privacy

#Meta #Facebook and #Yandex are always looking for new ways to spy on you and track you. #LocalMess is the latest in a long line of abusive methods to gather your private data. Having their mobile app installed gives them super powers. Uninstall it. If you must use these services, do not use their app, keep it in the browser, or even better, use a wrapper app, like

* https://f-droid.org/packages/it.rignanese.leo.slimfacebook/
* https://f-droid.org/packages/us.spotco.maps/

Here is a nice technical write up:
https://localmess.github.io/

#tracking #privacy

“‘Localhost Tracking’ Explained. It Could Cost Meta 32 Billion.”, Zero Party Data (https://www.zeropartydata.es/p/localhost-tracking-explained-it-could).

Via HN: https://news.ycombinator.com/item?id=44235467

#Privacy #Security #EU #GDPR #DSA #DMA #Facebook #Meta #LocalMess #Android #Chrome #Tracking

"Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts."

https://localmess.github.io/

#LocalMess #Meta #Yandex #Android

#Meta caught breaking #Android's #sandbox by monitoring #webbrowsing through its #apps

"A Google representative told Ars Technica that 'the behavior violates the terms of service" for the #GooglePlay marketplace'".

OK, delete them right now from the #PlayStore then! :gmail17angry:

https://www.ghacks.net/2025/06/05/meta-caught-breaking-androids-sandbox-by-monitoring-web-browsing-through-its-apps/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

#Browsing #Facebook #Instagram #WhatsApp #Yandex #LocalMess

Block #localhost access from the #web by default for better #security 👍🏽:

“Explainer For Local Network Access”, Chrome, Google (https://github.com/explainers-by-googlers/local-network-access).

Via HN: https://news.ycombinator.com/item?id=44183799

#Chrome #Google #Privacy #Internet #Browser #LocalMess #Android #Facebook

In which #Facebook / #Meta does more evil things 😠:

“Disclosure: Covert Web-To-App Tracking Via Localhost On Android”, Local Mess (https://localmess.github.io/).

Via HN: https://news.ycombinator.com/item?id=44169115

#Privacy #Security #LocalMess #Localhost #Android #Internet #Tracking #Web

#Zuckerberg’s privacy pledge revealed as ineffectual

Millions of websites are leaking your private information to #Meta, the parent company of #Facebook, #Instagram, etc. By hacking #Android browser features in ways that were never intended, Meta is tracking you all the way around the web—with no disclosure nor oversight.

Incognito mode doesn’t stop it; neither does blocking 3rd-party cookies. Russian social giant #Yandex is doing it too.

As soon as researchers disclosed the #LocalMess problem, Meta stopped it—for now. In #SBBlogwatch, we go live in a cave.

https://securityboulevard.com/2025/06/meta-local-mess-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Casi nada el ataque a la privacidad de usuarios android y seguramente otras plataformas por parte de las grandes empresas como meta, yandex y como se empeñan en sacar datos de nuestras vidas.

https://localmess.github.io/

#localmess #privacidad

Year after year. This company is bad to the bone, ethically bankrupt and eaten by greed.
This is evil by design: https://localmess.github.io/ #meta #localmess
From: @cduvenhorst
https://mastodon.social/@cduvenhorst/111475752144823608

#Meta is seriously concerning 👿

Their apps open local ports on #Android, while their #tracking pixels, embedded in thousands of websites, connect to these ports and gather information about users. This effectively bypasses #privacy measures such as private browsing or clearing cookies, making users personally identifiable on websites that use those pixels.

Although it appears they have stopped this technique after it was uncovered, it still reveals Meta's true intentions, imho.

#localmess

#localmess
Meta/Facebook Pixel sharing from web to Meta Android apps

> Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

> The Meta (Facebook) Pixel JavaScript, when loaded in an Android mobile web browser, transmits the first-party _fbp cookie using WebRTC to UDP ports 12580–12585 to any app on the device that is listening on those ports.