Somewhere in Menlo Park and Moscow, a couple of engineers are high-fiving over what might be the creepiest workaround in the tech world this year. Meta and Yandex, this year’s Laurel and Hardy of surveillance capitalism, have found a way to grab your web activity and tie it directly to your real-world identity, all while you’re blissfully scrolling through a cooking blog on your phone.
They pulled it off with a stunt that would make a data broker blush: hijacking a piece of browser plumbing called localhost communication, which was supposed to help apps stream media or share files. Instead, it’s been repurposed into a surveillance hose. Your Chrome or Firefox browser sends little tracking requests to a hidden corner of your phone, where apps like Facebook, Instagram, and Yandex are lurking like raccoons in a crawlspace, waiting to snatch them.
