511
submitted 1 week ago by [email protected] to c/[email protected]

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

(page 2) 8 comments
sorted by: hot top new old
[-] [email protected] 135 points 1 week ago

Well, it's always been a cat and mouse game.

Just earlier today, I got a pop-up on YouTube about how they would block me after 3 videos because I use an ad blocker. Jump to now and everything is fine again. Thank you, uBlock Origin!

[-] [email protected] 47 points 1 week ago

they still try that?

i can't remember the last time i have seen one of those warnings.

[-] [email protected] 35 points 1 week ago

I'm guessing you use Firefox? It's much better at evading that tracking.

load more comments (1 replies)
load more comments (2 replies)
load more comments (4 replies)
[-] [email protected] 31 points 1 week ago

I am assuming all of this trash is blocked by uBlock Origin?

[-] [email protected] 30 points 1 week ago

Seems like it's transferred through a cookie and javascript, so in theory you can block it with ublock or noscript and the like, but a sure way to block is to not have meta apps installed on your phone (or not signed in).

[-] [email protected] 11 points 1 week ago

I don't have any Meta apps installed. :)

[-] [email protected] 26 points 1 week ago

That's the fun part. They come preinstalled!

load more comments (3 replies)
load more comments (6 replies)
load more comments (3 replies)
load more comments
view more: ‹ prev next ›
this post was submitted on 03 Jun 2025
511 points (100.0% liked)

Technology

71143 readers
3263 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS