"Localhost tracking" explained. It could cost Meta 32B
a year ago
- #Meta
- #GDPR
- #Privacy
- Meta developed 'localhost tracking' to bypass Android's sandbox protections, tracking users even with VPN, incognito mode, and deleted cookies.
- Meta faces potential fines under GDPR, DSA, and DMA, with a combined theoretical maximum risk of €32 billion.
- The tracking links browser activity to real identities via Facebook/Instagram apps and Meta Pixel scripts, even without user consent.
- 22% of the world's most visited websites are affected, tracking billions of users over years without their knowledge.
- Meta violated GDPR (consent, data minimization), DSA (prohibited personalized ads), and DMA (combining data without consent).
- The technique works by using WebRTC and hidden app services to transmit data between browsers and Meta's servers.
- Users are only unaffected if they use iOS, desktop browsers, or privacy-focused tools like Brave or DuckDuckGo.