Meta & Yandex use Localhost to bypass tracking blockers

wright_is
Jun 12, 2025
0

I heard this one on Security Now this morning on the way to work…

https://localmess.github.io/

Page 3 of the show notes for Steve’s take.

https://www.grc.com/sn/SN-1029-Notes.pdf

Meta and Yandex apps on Android are opening a port on localhost (locally installed webservice within the Meta or Yandex apps installed on the user’s Android device). When the user opens the webbrowser and goes to a page that uses Meta or Yandex tracking, the page opens a connection to the Meta or Yandex app running on the device, which in turn then enabling tracking back to Meta/Yandex, bypassing any web/tracking blocking tools.

Only Brave blocked them by default, all other Chromium based browsers and Firefox did not block them. Mozilla, DuckDuckGo and a few others have made updates to their browsers, this should filter back to Chromium and then flow into the other browsers going forward.

Meta & Yandex use Localhost to bypass tracking blockers

Paul’s Markdown Editor

‘Movies Anywhere News

[CLOSED] Ask Paul for this Friday, May 29

Discord releases Native client for Windows On Arm.