Meta Quickly About Faces And The Pixel Script No Longer Abuses Privacy Via Localhost Loopback

Their ‘Misunderstanding’ Seems To Have Cleared Up Very Quickly

Yesterday we learned how Yandex and Meta abused localhost ports to violate the terms of the Google Play store and while Yandex has yet to provide a response to the discovery, Meta definitely did.  Yesterday a Meta representative stated that they had misunderstood the rules and they thought the data exfiltrated by their Pixel Script shouldn’t upset anyone.  As of today the Pixel script is no longer active.

The fact that it was done secretively via a loophole in how Android devices communicate with the web and that they definitely didn’t inform users the data was being collected suggests they completely understood what they were doing.  Their choice to immediately stop harvesting data with their Pixel script after they were caught also suggests they knew that what they were doing was in direct contravention of the Google Play data collection terms.

It is a good thing that they’ve stopped, at least for now, but many users are probably wondering how to avoid leaking data in this way going forward.  A few years back there was an initiative called Private Network Access which would enforce “local network access” permission requests but it ran into compatibility issues with many websites.  Chrome is testing something similar now, but as of yet it’s only available to a few beta testers.  Firefox is also working on something, but they didn’t provide much in the way of details to The Register.  One thing you can try is the Brave browser, which requires consent for localhost use and would make you immune to a revived Pixel script or similar tracking methods.