frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Meta pauses mobile port tracking tech on Android after researchers cry foul

https://www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/
131•coloneltcb•1d ago

Comments

gnabgib•1d ago
Discussion (251 points, 11 hours ago, 198 comments) https://news.ycombinator.com/item?id=44169115
JadeNB•1d ago
> "We are in discussions with Google to address a potential miscommunication regarding the application of their policies," a Meta spokesperson told The Register. "Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue."

Ah, good, so it was all an innocent miscommunication, certainly not Meta hoovering up whatever they thought they could get away with.

ryandrake•1d ago
Not just a miscommunication... a potential miscommunication!
djhn•1d ago
A potential miscommunication about a feature that may have had unintended consequences.

No, wait, claims of intent are falsifiable in discovery.

9283409232•1d ago
This is a PR statement because they got caught with their hand in the cookie jar. Same company that makes shadow profiles for people who have never used their services.
thayne•1d ago
It seems to me like a non-localhost site making requests to localhost, or a link-local address should require a permission granted by the user.
SchemaLoad•1d ago
On MacOS and probably iOS it does. You get a popup that the application wants to access other devices on the network. Unfortunately it's not really clear to the user what this means and if the app is asking it for legitimate reasons or for spyware.
ycombinatrix•1d ago
I have seen this pop-up many times, and not once has it been for a legitimate reason. Every site worked just fine without the permission.
morkalork•1d ago
Seriously, what's even the point of having firewalls or NAT if you're going to let any external website just start opening up arbitrary connections to localhost? Is something embedded on the page for foobar.com any more trust worthy than a random IP trying to open a connection?
skybrian•1d ago
It’s not a meaningful permission. Even if they know what “localhost” means, most users have no idea which servers are running on localhost on each of their devices, so they don’t know the risks.

This needs to be higher level: “can website A connect to app B?”

thayne•22h ago
> Even if they know what “localhost” means, most users have no idea which servers are running on localhost on each of their devices, so they don’t know the risks.

It could be worded as something like "connect to applications running on your device". And yeah, users probably don't know what things that might be, but that is why it is a scary permission, and almost all websites don't need it, and if you really do need it, you should be able to explain to the user why you need to talk to a local process, and you probably also need the user to install specific software.

> This needs to be higher level: “can website A connect to app B?”

Unfortunately, on at least some OSes, this isn't really possible. You don't connect to an app, you connect to a port, and there isn't always a way to know what is on the other side. Especially if this is something on your local network, not localhost. You could ask about a specific host/port combination, but most users won't have any idea what that means.

mmastrac•1d ago
I haven't had Facebook or Instagram apps installed on anything but a burner phone for half a decade and I'm happy about that decision.

Unfortunately I can't get rid of WhatsApp, but I hope it was immune to this.

93po•1d ago
if you use a burner phone i would imagine three letter agencies can still figure out it's you really easily through metadata alone. if they can see all the numbers you call and text over years then they can probably piece together who you are pretty easily
ycombinatrix•1d ago
They are hiding from Facebook surveillance, they are not evading the NSA
IAmGraydon•1d ago
Being surprised about this is like hanging out with Jeffrey Dahmer and being surprised when he kills you and turns you into a lamp for his living room table. Privacy violation is not just something that happens at Meta. It is literally their business model. It's what they do. It therefore follows that they will do it in every possible way that they can get away with under the law, and possibly in some ways that they can't. If this is something that you dislike, the only sensible move is to close your account and delete the app.
philistine•1d ago
You’re mixing your serial killers. Dahmer didn’t make furniture, he intended to make a shrine he never quite finished.
udev4096•1d ago
It's also surprising how most of the new cs grads have little to no ethics for working at such dishonest corp
xk_id•1d ago
Exactly, and there’s no wording I can imagine coming from the manager who requested this, which wouldn’t make it sound like the plain abuse that it is. But the guys who obeyed the manager and implemented it didn’t care. The mentality of parasites.
sdk16420•1d ago
High 5 figure salaries can bribe ethics, especially if the engineers are on a Green card
ycombinatrix•1d ago
>Being surprised about this is like hanging out with Jeffrey Dahmer and being surprised when he kills

I have a choice between Google brand Dahmer & Apple brand Dahmer, what do I do?

chmod775•1d ago
Still the same Facebook from 2004, despite the name change.

It's nice they're giving us annual reminders they're still scumbags.

xk_id•1d ago
They literally pay engineers to come up with crazy grey hat techniques to monitor people’s online activity. And those scumbags are probably HN users. It’s sinister. I wonder about the wording used by the manager behind it. It probably sounded plain evil and nobody who worked on it cared. It makes you wonder what else those parasites do that we haven’t discovered yet.
dvfjsdhgfv•1d ago
I heard many excuses from some of them.

* If I don't do it, someone else will.

* Don't be naive, everybody is doing it.

* Well, one has to support one's family.

* C'mon, we're not actually hurting anyone. Did opening this port actually hurt you?

And so on.

leoh•1d ago
Concerning that Android allows this — there are worse folks than meta that would exploit this
isodev•1d ago
It seems a happy coincidence the exploit wasn’t that effective on iOS. There are legitimate reasons for all the technologies involved to exist, but thanks to Meta we can’t have nice things.
ycombinatrix•1d ago
This is by design. Why do you think we still don't have a per-app network toggle? Android is built & released by a surveillance company.
93po•1d ago
lmao at "a potential miscommunication regarding the application of their policies"

"Essentially, by opening localhost ports that allow their Android apps to receive tracking data, such as cookies and browser metadata, from scripts running in mobile browsers, Meta and Yandex are able to bypass common privacy safeguards like cookie clearing, Incognito Mode, and Android's app permission system."

completely bypassing all permission systems and using what is literally just a security vulnerability is definitely not a miscommunication of policies

Refreeze5224•23h ago
If I found an application by some random developer, whose purpose was completely unrelated, doing this, I would categorize it as malware, or spyware at the very least.

By Facebook does it, and it's a "miscommunication." I have personally considered them a surveillance, and therefore spyware company, for years. I hope more people will realize it. Especially all people right here on HN who work for Facebook, and Google as well. Please realize what you're doing is wrong, and damaging, and that you should work somewhere else doing something less objectively harmful.

The impossible predicament of the death newts

https://crookedtimber.org/2025/06/05/occasional-paper-the-impossible-predicament-of-the-death-newts/
335•bdr•7h ago•110 comments

Google restricts Android sideloading

https://puri.sm/posts/google-restricts-android-sideloading-what-it-means-for-user-autonomy-and-the-future-of-mobile-freedom/
383•fsflover•5h ago•251 comments

APL Interpreter – An implementation of APL, written in Haskell (2024)

https://scharenbroch.dev/projects/apl-interpreter/
4•ofalkaed•9m ago•0 comments

Seven Days at the Bin Store

https://defector.com/seven-days-at-the-bin-store
92•zdw•5h ago•36 comments

Show HN: iOS Screen Time from a REST API

https://www.thescreentimenetwork.com/api/
55•anteloper•3h ago•32 comments

Show HN: ClickStack – Open-source Datadog alternative by ClickHouse and HyperDX

https://github.com/hyperdxio/hyperdx
99•mikeshi42•3h ago•19 comments

Converge (YC S23) Well-capitalized New York startup seeks product developers

https://www.runconverge.com/careers
1•thomashlvt•32m ago

Programming language Dino and its implementation

https://github.com/dino-lang/dino
16•90s_dev•3h ago•3 comments

Aurora, a foundation model for the Earth system

https://www.nytimes.com/2025/05/21/climate/ai-weather-models-aurora-microsoft.html
47•rmason•2h ago•9 comments

The Universal Tech Tree

https://asteriskmag.com/issues/10/the-universal-tech-tree
24•mitchbob•3d ago•8 comments

A proposal to restrict sites from accessing a users’ local network

https://github.com/explainers-by-googlers/local-network-access
571•doener•1d ago•329 comments

Phptop: Simple PHP ressource profiler, safe and useful for production sites

https://github.com/bearstech/phptop
89•kadrek•12h ago•13 comments

Rare black iceberg spotted off Labrador coast could be 100k years old

https://www.cbc.ca/news/canada/newfoundland-labrador/black-iceberg-labrador-coast-1.7551078
82•pseudolus•5h ago•36 comments

Air Lab – A portable and open air quality measuring device

https://networkedartifacts.com/airlab/simulator
298•256dpi•13h ago•138 comments

SkyRoof: New Ham Satellite Tracking and SDR Receiver Software

https://www.rtl-sdr.com/skyroof-new-ham-satellite-tracking-and-sdr-receiver-software/
4•rmason•2h ago•0 comments

Gemini-2.5-pro-preview-06-05

https://deepmind.google/models/gemini/pro/
260•jcuenod•4h ago•152 comments

Cysteine depletion triggers adipose tissue thermogenesis and weight loss

https://www.nature.com/articles/s42255-025-01297-8
76•bookofjoe•4h ago•52 comments

Autonomous drone defeats human champions in racing first

https://www.tudelft.nl/en/2025/lr/autonomous-drone-from-tu-delft-defeats-human-champions-in-historic-racing-first
290•picture•1d ago•232 comments

OpenAI slams court order to save all ChatGPT logs, including deleted chats

https://arstechnica.com/tech-policy/2025/06/openai-says-court-forcing-it-to-save-all-chatgpt-logs-is-a-privacy-nightmare/
1042•ColinWright•23h ago•851 comments

From tokens to thoughts: How LLMs and humans trade compression for meaning

https://arxiv.org/abs/2505.17117
94•ggirelli•13h ago•20 comments

LLMs and Elixir: Windfall or Deathblow?

https://www.zachdaniel.dev/p/llms-and-elixir-windfall-or-deathblow
214•uxcolumbo•22h ago•106 comments

parrot.live

https://github.com/hugomd/parrot.live
202•jasonthorsness•22h ago•46 comments

End of an Era: Landsat 7 Decommissioned After 25 Years of Earth Observation

https://www.usgs.gov/news/national-news-release/end-era-landsat-7-decommissioned-after-25-years-earth-observation
95•keepamovin•17h ago•39 comments

Neuromorphic computing

https://www.lanl.gov/media/publications/1663/1269-neuromorphic-computing
43•LAsteNERD•2h ago•32 comments

Eleven v3

https://elevenlabs.io/v3
84•robertvc•2h ago•65 comments

Show HN: I made a 3D SVG Renderer that projects textures without rasterization

https://seve.blog/p/i-made-a-3d-svg-renderer-that-projects
191•seveibar•19h ago•66 comments

Apple Notes Will Gain Markdown Export at WWDC, and, I Have Thoughts

https://daringfireball.net/linked/2025/06/04/apple-notes-markdown
218•robenkleene•7h ago•126 comments

A Spiral Structure in the Inner Oort Cloud

https://iopscience.iop.org/article/10.3847/1538-4357/adbf9b
128•gnabgib•22h ago•33 comments

Prompt engineering playbook for programmers

https://addyo.substack.com/p/the-prompt-engineering-playbook-for
395•vinhnx•1d ago•153 comments

Cursor 1.0

https://www.cursor.com/en/changelog/1-0
575•ecz•1d ago•432 comments