alt Hacker News"UPDATE: As of June 3rd 7:45 CEST, Meta/Facebook Pixel script is no longer sending any packets or requests to localhost. The code responsible for sending the _fbp cookie has been almost completely removed."
I'm surprised they're allowed to listen on UDP ports, IIRC this requires special permissions?
> The Meta (Facebook) Pixel JavaScript, when loaded in an Android mobile web browser, transmits the first-party _fbp cookie using WebRTC to UDP ports 12580–12585 to any app on the device that is listening on those ports.
Borders on criminal behavior.
Apparently this was a European team of researchers, which would mean that Meta very likely breached the GDPR and ePrivacy Directive. Let's hope this gets very expensive for Meta.
Replies
> The Meta (Facebook) Pixel JavaScript, when loaded in an Android mobile web browser, transmits the first-party _fbp cookie using WebRTC to UDP ports 12580–12585 to any app on the device that is listening on those ports.
And people on HN dismiss those who choose to browse with Javascript disabled.
There's a reason that the Javascript toggle is listed under the Security tab on Safari.
These companies have demonstrated repeatedly that fines are just the cost of doing business. Doesn't matter if you charge them $1 million or $1 billion. They have still made significantly more than that from the crime.
Nothing quite like an instant panicked coverup to confirm guilt and intent.
Hopefully not too late to make it into the lawsuit. Assholes.