In June 2025, researchers revealed that Meta and Yandex employed innovative techniques resembling malware to track users outside their applications. This involved exploiting protocols to violate the isolation of apps and browsers, linking browsing histories with user accounts. Such behavior demonstrates a blatant disregard for user privacy and regulatory risks, emphasizing that the current surveillance advertising model is fundamentally at odds with privacy interests. The so-called 'localhost' attack allowed these companies to share data collected from users' browsing activities with their apps, a clear violation of expected security measures.
The technique used to achieve this was truly innovative, and akin to malware behaviour. It exploited protocols to break the isolation between apps and browsers, a fundamental security concept meant to protect users.
Major tech companies are so unconcerned about users' privacy, and the risk of regulation, that they dare to implement malicious techniques to further extend their collection of users' personal data.
The surveillance advertising paradigm is inherently incompatible with privacy and incentivises abusive practices.
The so-called ' localhost' attack relied on a chain of techniques that eventually enabled both companies to do something that they were not supposed to be able to do: share data collected by their tracking pixel on websites.
Collection
[
|
...
]