Ask HN: So what happened to Facebook "localhost" tracking?
37 points
2 hours ago
| 5 comments
| HN
It was discussed a year ago. https://news.ycombinator.com/item?id=44235467
applfanboysbgon
2 hours ago
[-]
> Meta must face a lawsuit alleging that it secretly tracked Android users' browsing activity on mobile websites that embedded Meta's analytics pixel, and linked that activity to users' identities, a federal judge ruled Monday.

> The decision, issued by U.S. District Court Judge Rita Lin in San Francisco, grew out of a class-action complaint initially brought last June by California resident Devin Rose (and later joined by other Android users).

> Rose alleged that between September 2024 and June 2025, Meta exploited Android's localhost -- a feature that allows software developers to test applications -- to connect users’ mobile web browsing to their Facebook and Instagram profiles.

May 12, 2026

reply
Retr0id
11 minutes ago
[-]
Not at all to defend Meta but "a feature that allows software developers to test applications" is a dubious definition of localhost. I also can't come up with a better one.
reply
gruez
1 hour ago
[-]
docket: https://www.courtlistener.com/docket/70448987/in-re-meta-and...
reply
woodrowbarlow
1 hour ago
[-]
i would love to have a software engineer's union, not so much to get better working conditions but to be able to say stuff like "i can't implement that unethical feature, it's against union rules and i'd lose my membership".
reply
grayhatter
40 minutes ago
[-]
To be fair; you don't need a union... you can just say no. Context; I told them they couldn't ship this exact feature as designed. (It worked until I left.)
reply
woodrowbarlow
8 minutes ago
[-]
yes, true sometimes (not always). but if more people have access to a way to confidently say "no" (with protection behind them), then i think saying "no" would happen more often, by people who might've otherwise complied.
reply
Trasmatta
29 minutes ago
[-]
Without the protection of a union, "just saying no" is a good way to get fired
reply
kube-system
14 minutes ago
[-]
I'd wonder how you'd get into that arrangement to begin with when the entire job is based on unethical tracking
reply
volkercraig
1 hour ago
[-]
Start one. Unions are worker owned. You could also join the IWW.
reply
woodrowbarlow
30 minutes ago
[-]
are there examples of unions that have started around a focus on the ethics of the services they provide? unions traditionally start locally, around issues for which the locality is a hotspot, which is why they usually focus on pay and working conditions. it's also easier to get a large group to agree on a set of improvements to working conditions vs a set of ethical boundaries.
reply
actionfromafar
1 hour ago
[-]
Unions in the US are nerfed, by law.
reply
greyface-
45 minutes ago
[-]
Collective bargaining is nerfed. Other structures remain viable and legal.
reply
askl
39 minutes ago
[-]
Are you not allowed to leave the US?
reply
absqueued
1 hour ago
[-]
Take a lead, let me sign up :)
reply
SoftTalker
1 hour ago
[-]
And this is why we don't have one. Someone else is expected to do the hard part.
reply
hasahmed
1 hour ago
[-]
same
reply
LadyCailin
27 minutes ago
[-]
That’s what licensing is for, not unions.
reply
woodrowbarlow
15 minutes ago
[-]
i don't believe that software development should require a license. imagine having to get board-licensed to download gcc; therein lies the death of free software and owning your devices.
reply
hluska
21 minutes ago
[-]
A union could absolutely get involved in something like this.
reply
theodorejb
1 hour ago
[-]
You don't need to join a union to push back against unethical feature requests.
reply
jakubadamw
1 hour ago
[-]
The collective leverage of a union gives you significantly more power to do something like this.
reply
theodorejb
57 minutes ago
[-]
Only if the union is against the unethical request. In some cases the union may be for it, which makes it even harder to push back.
reply
chrncirurp
1 hour ago
[-]
> You don't need to join a union to push back against unethical feature requests.

If you push back against unethical feature requests:

No union: you get fired

Union: you still get fired

reply
jeffgreco
53 minutes ago
[-]
Still a better outcome than tossing your ethics overboard.
reply
garciasn
37 minutes ago
[-]
Why bother to join a union, pay dues, potentially have your career limited, and have another layer to deal with?

Just leave or be fired without the song and dance.

reply
Henchman21
21 minutes ago
[-]
Because you’re a person who cares about your fellow citizens and realize that collectively bargaining helps to lift all boats, not just yours
reply
josefritzishere
12 minutes ago
[-]
union strong, bro.
reply
woodrowbarlow
52 minutes ago
[-]
maybe, but the union could provide a lot of services to someone who loses their job this way (like income insurance and legal services) and could leverage collective power over companies that demonstrate a pattern of behavior.
reply
dylan604
45 minutes ago
[-]
This is something that has just never sat well with me. How exactly will the union provide this insurance? That insurance isn't free, so paid for by member dues? How many members are required to be able to afford the payout for just one member? How about the other services unions are touted as being able to provide? They all come from the same dues? I know that unions will put money into investment funds to attempt to grow the coffers, but that just means the money isn't liquid.

Unions are always touted as a panacea, but logically, it doesn't compute for me. They feel more like ponzi schemes than anything else.

reply
woodrowbarlow
36 minutes ago
[-]
that's definitely a big question and i don't pretend to have enough expertise to answer fully; however, i will point to the Ontario Teacher's Pension Plan which is (per Wikipedia[1]) "one of the world's largest institutional investors [...] over $266 billion in net assets, with a one-year total-fund net return of 9.4%, and a 7.4% 10-year total-fund net return". the union runs their own investment fund; it's an extension of collective power into the financial realm.

https://en.wikipedia.org/wiki/Ontario_Teachers%27_Pension_Pl...

reply
hluska
17 minutes ago
[-]
That is only a pension plan. It provides no insurance to teachers who are still employed.
reply
askl
36 minutes ago
[-]
> That insurance isn't free, so paid for by member dues?

Yes, obviously. That's how every insurance works.

reply
soco
24 minutes ago
[-]
Simple idea: look how other unions work, and in other countries as well. The wheel has already been invented.
reply
grayhatter
39 minutes ago
[-]
I didn't get fired.
reply
ethagnawl
28 minutes ago
[-]
> not so much to get better working conditions but

... why not both?

reply
mozvalentin
2 hours ago
[-]
Chrome and Firefox have deployed / are deploying local-network-access which prompts the user when apps try this.
reply
crtasm
21 minutes ago
[-]
I just discovered that MacOS was blocking Firefox from connecting to devices on my LAN - there's per-app toggle in system settings.

Access to my router's web interface was not blocked (understandably) but this left me rather confused for a while.

reply
pezgrande
1 hour ago
[-]
I guess that's why I am getting so many "Allow to find devices on your network" alerts. Good feature overall.
reply
SoftTalker
1 hour ago
[-]
Only a good feature if users have a clue what that question means. Most will click "Yes" because they want to get on with whatever they want to do.

Change it to something like "This website is trying to spy on your local devices, do you want to allow this?"

reply
dpoloncsak
27 minutes ago
[-]
I honestly don't think the average Google Chrome user knows what a 'local' device is, and we should go something more ELI5 "This website wants to spy on every other device connected to your network" or something
reply
shit_game
1 hour ago
[-]
I was just about to say that my question in regards to this was "what are web browsers doing about it?"
reply
Tade0
1 hour ago
[-]
I've seen it and at least in Chrome it seems to be treating all URLs which are based on an IP address as "local", regardless of the class of the address.
reply
kibwen
1 hour ago
[-]
I'd be inherently suspicious of any website in the wild attempting to contact a bare IP address. Aside from localhost, my default assumption would be that such a website is either trying to circumvent my hosts file (or circumvent my other DNS configuration, e.g. pi-hole or DNS-over-HTTPS), malware trying to reach a command-and-control server, or malware trying to circumvent my adblocker.
reply
KomoD
2 hours ago
[-]
Looks like they stopped doing it

https://localmess.github.io

> UPDATE: As of June 3rd 7:45 CEST, Meta/Facebook Pixel script is no longer sending any packets or requests to localhost. The code responsible for sending the _fbp cookie has been almost completely removed. Yandex has also stopped the practice we describe below.

reply
throwa356262
1 hour ago
[-]
Off topic: I wonder how hard it is to poison this type of data gathering?
reply