- cross-posted to:
- privacy@lemmy.ml
- privacy@lemmy.ca
- cross-posted to:
- privacy@lemmy.ml
- privacy@lemmy.ca
“Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.”
I found that odd, but reading the more technical write up (linked in the article) it seems Brave blocks localhost communication.
The Chrome proposal references a single use case. I’ve never seen a website that sets up my local devices, but is this a new thing?
Why did localhost not get blocked earlier? This seems like a huge hole browsers have ignored for years.
Also the DuckDuckGo exception doesn’t make sense to me. Does DuckDuckGo have Facebook trackers on it to begin with? Whatever site DuckDuckGo sends you to, if they have the trackers, you’ll get tracked.
Also if you don’t have the Facebook or instagram apps on your phone.
This is the way… even better, have no Meta accounts of any kind
On pc jetbrains toolbox uses localhost to login via browser for some reason, which was blocked by one of my extensions
Because if they were to block it, it would break lots of things, like when they broke file:// and users have no way to turn it back on except enable dev mode or debug mode, let alone having some easy way to toggle it on a per domain or per container basis…
I suspect they might mean duckduckgo browser and not search engine?
I completely forgot that existed! Double checking the technical article they do correctly label it as a browser in their testing matrix/grid.
I just got confused by the clear “Brave browser” call out. When I hear DuckDuckGo I definitely don’t think browser.
Good catch!