Key Takeaways Meta and Yandex have been found guilty of secretly listening to localhost ports and using them to transfer sensitive data from Android devices. The corporations use Meta Pixel and Yandex Metrica scripts to transfer cookies from browsers to local apps. Using incognito mode or a VPN can’t fully protect users against it. A Meta spokesperson has called this a ‘miscommunication,’ which seems to be an attempt to underplay the situation. Denmark’s Ministry of Digitalization has recently announced that it will leave the Microsoft ecosystem in favor of Linux and other open-source software. Minister Caroline Stage Olsen revealed this in an interview with Politiken, the country’s leading newspaper. According to Olsen, the Ministry plans to switch half of its employees to Linux and LibreOffice by summer, and the rest by fall. The announcement comes after Denmark’s largest cities – Copenhagen and Aarhus – made similar moves earlier this month. Why the Danish Ministry of Digitalization Switched to Open-Source Software The three main reasons Denmark is moving away from Microsoft are costs, politics, and security. In the case of Aarhus, the city was able to slash its annual costs from 800K kroner to just 225K by replacing Microsoft with a German service provider.  The same is a pain point for Copenhagen, which saw its costs on Microsoft balloon from 313M kroner in 2018 to 538M kroner in 2023. It’s also part of a broader move to increase its digital sovereignty. In her LinkedIn post, Olsen further explained that the strategy is not about isolation or digital nationalism, adding that they should not turn their backs completely on global tech companies like Microsoft.  Instead, it’s about avoiding being too dependent on these companies, which could prevent them from acting freely. Then there’s politics. Since his reelection earlier this year, US President Donald Trump has repeatedly threatened to take over Greenland, an autonomous territory of Denmark.  In May, the Danish Foreign Minister Lars Løkke Rasmussen summoned the US ambassador regarding news that US spy agencies have been told to focus on the territory. If the relationship between the two countries continues to erode, Trump can order Microsoft and other US tech companies to cut off Denmark from their services. After all, Microsoft and Facebook’s parent company Meta, have close ties to the US president after contributing $1M each for his inauguration in January. Denmark Isn’t Alone: Other EU Countries Are Making Similar Moves Denmark is only one of the growing number of European Union (EU) countries taking measures to become more digitally independent. Germany’s Federal Digital Minister Karsten Wildberger emphasized the need to be more independent of global tech companies during the re:publica internet conference in May. He added that IT companies in the EU have the opportunity to create tech that is based on the region’s values. Meanwhile, Bert Hubert, a technical advisor to the Dutch Electoral Council, wrote in February that ‘it is no longer safe to move our governments and societies to US clouds.’ He said that America is no longer a ‘reliable partner,’ making it risky to have the data of European governments and businesses at the mercy of US-based cloud providers. Earlier this month, the chief prosecutor of the International Criminal Court (ICC), Karim Khan, experienced a disconnection from his Microsoft-based email account, sparking uproar across the region.  Speculation quickly arose that the incident was linked to sanctions previously imposed on the ICC by the Trump administration, an assertion Microsoft has denied. Earlier this month, the chief prosecutor of the International Criminal Court (ICC), Karim Khan, disconnection from his Microsoft-based email account caused an uproar in the region. Some speculated that this was connected to sanctions imposed by Trump against the ICC, which Microsoft denied. Weaning the EU Away from US Tech is Possible, But Challenges Lie Ahead Change like this doesn’t happen overnight. Just finding, let alone developing, reliable alternatives to tools that have been part of daily workflows for decades, is a massive undertaking. It will also take time for users to adapt to these new tools, especially when transitioning to an entirely new ecosystem. In Aarhus, for example, municipal staff initially viewed the shift to open source as a step down from the familiarity and functionality of Microsoft products. Overall, these are only temporary hurdles. Momentum is building, with growing calls for digital independence from leaders like Ministers Olsen and Wildberger.  Initiatives such as the Digital Europe Programme, which seeks to reduce reliance on foreign systems and solutions, further accelerate this push. As a result, the EU’s transition could arrive sooner rather than later As technology continues to evolve—from the return of 'dumbphones' to faster and sleeker computers—seasoned tech journalist, Cedric Solidon, continues to dedicate himself to writing stories that inform, empower, and connect with readers across all levels of digital literacy. With 20 years of professional writing experience, this University of the Philippines Journalism graduate has carved out a niche as a trusted voice in tech media. Whether he's breaking down the latest advancements in cybersecurity or explaining how silicon-carbon batteries can extend your phone’s battery life, his writing remains rooted in clarity, curiosity, and utility. Long before he was writing for Techreport, HP, Citrix, SAP, Globe Telecom, CyberGhost VPN, and ExpressVPN, Cedric's love for technology began at home courtesy of a Nintendo Family Computer and a stack of tech magazines. Growing up, his days were often filled with sessions of Contra, Bomberman, Red Alert 2, and the criminally underrated Crusader: No Regret. But gaming wasn't his only gateway to tech.  He devoured every T3, PCMag, and PC Gamer issue he could get his hands on, often reading them cover to cover. It wasn’t long before he explored the early web in IRC chatrooms, online forums, and fledgling tech blogs, soaking in every byte of knowledge from the late '90s and early 2000s internet boom. That fascination with tech didn’t just stick. It evolved into a full-blown calling. After graduating with a degree in Journalism, he began his writing career at the dawn of Web 2.0. What started with small editorial roles and freelance gigs soon grew into a full-fledged career. He has since collaborated with global tech leaders, lending his voice to content that bridges technical expertise with everyday usability. He’s also written annual reports for Globe Telecom and consumer-friendly guides for VPN companies like CyberGhost and ExpressVPN, empowering readers to understand the importance of digital privacy. His versatility spans not just tech journalism but also technical writing. He once worked with a local tech company developing web and mobile apps for logistics firms, crafting documentation and communication materials that brought together user-friendliness with deep technical understanding. That experience sharpened his ability to break down dense, often jargon-heavy material into content that speaks clearly to both developers and decision-makers. At the heart of his work lies a simple belief: technology should feel empowering, not intimidating. Even if the likes of smartphones and AI are now commonplace, he understands that there's still a knowledge gap, especially when it comes to hardware or the real-world benefits of new tools. His writing hopes to help close that gap. Cedric’s writing style reflects that mission. It’s friendly without being fluffy and informative without being overwhelming. Whether writing for seasoned IT professionals or casual readers curious about the latest gadgets, he focuses on how a piece of technology can improve our lives, boost our productivity, or make our work more efficient. That human-first approach makes his content feel more like a conversation than a technical manual. As his writing career progresses, his passion for tech journalism remains as strong as ever. With the growing need for accessible, responsible tech communication, he sees his role not just as a journalist but as a guide who helps readers navigate a digital world that’s often as confusing as it is exciting. From reviewing the latest devices to unpacking global tech trends, Cedric isn’t just reporting on the future; he’s helping to write it. View all articles by Cedric Solidon Our editorial process The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

It’s fairly easy to block the constant, incessant advertising that appears on YouTube. Google would prefer that you don’t, or pay up (quite a lot) to make them go away. Last weekend, the company started its latest campaign to try and badger ad-block users into disabling their extensions. Since then, it looks like YouTube has escalated things and is now intentionally slowing down videos. Posters on Reddit and the Brave browser forum have observed videos being blacked out on first load, approximately for the length of pre-roll ads, with a pop-up link that directs users to the ad-blocking section of this technical support page. “Check whether your browser extensions that block ads are affecting video playback,” suggests Google. “As another option, try opening YouTube in an incognito window with all extensions disabled and check if the issue continues.” PCWorld staff has seen this in action, using uBlock Origin Lite. Google Ad-block extension developers quickly got around the pop-up issue earlier this week, with one AdGuard representative calling the process “a classic cat-and-mouse game.” But if Google wanted to instigate a more serious crackdown on users blocking ads without paying up, it could do so easily—and we’ve seen it pull this same move before. Posters on the latest issue speculate that the slowdowns might be tagged to specific Google or YouTube user accounts that were detected blocking ads previously, which would bypass any kind of interaction with a specific browser or extension. I can’t independently confirm that’s happening, but it wouldn’t surprise me. It also wouldn’t shock me if Google is seeing a larger percentage of YouTube users blocking advertising, as is the case all across the web, as the quantity of advertising rises while quality takes a nosedive. YouTube video creators are having to get, well, creative to seek alternate revenue beyond basic AdSense accounts, as sponsored videos are now constant across the platform and more channels put new videos behind paywalls on YouTube itself or via other platforms like Patreon. YouTube is attacking the issue from other angles as well. Tech-focused creators that show how to use third-party tools to block ads or download videos from the site (again, without paying the steep fees for YouTube Premium) are getting their videos taken down and their accounts flagged, for violation of the extremely vague policy around “harmful and dangerous content.” If I may editorialize a bit: Google, if you want more people to subscribe to YouTube Premium and remove advertising, you need to make it cheaper. Charging $14 per month just to get rid of ads is the same cost of a premium subscription from other sources where users can watch full movies and series. YouTube as a platform is a much lower bar and just doesn’t compete at that level. I’m not going to pay that much to get rid of ads, not when it doesn’t actually get rid of all the ads—those sponsored and subscriber-only videos are still all over the place—and the site is filling up with AI slop. “Premium Lite,” which neuters the offerings for mobile and music-focused users, doesn’t make the cut either. And to be clear, I have no problem paying for the stuff I watch. I already pay more than $15 a month to support the individual YouTube channels I enjoy, like Second Wind, Drawfee, and several tech podcasts. But I do it via Patreon because sending that money through YouTube feels gross. If Google wants people to pay up, it needs to lower the price enough so that it’s no longer worth the hassle of blocking them. It’s a lesson that the music, movie, and game industries learned a long time ago as they fought the initial wave of internet piracy… and now seem to be forgetting again.

Scammers are using AI tools to create increasingly convincing ways to trick victims into sending money, and to access the personal information needed to commit identity theft. Deepfakes mean they can impersonate the voice of a friend or family member, and even fake a video call with them! The result can be criminals taking out thousands of dollars worth of loans or credit card debt in your name. Fortunately there are steps you can take to protect yourself against even the most sophisticated scams. Here are the security and privacy checks to run to ensure you are safe … 9to5Mac is brought to by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee. Use a password manager At one time, the advice might have read “use strong, unique passwords for each website and app you use” – but these days we all use so many that this is only possible if we use a password manager. This is a super-easy step to take, thanks to the Passwords app on Apple devices. Each time you register for a new service, use the Passwords app (or your own preferred password manager) to set and store the password. Replace older passwords You probably created some accounts back in the days when password rules were much less strict, meaning you now have some weak passwords that are vulnerable to attack. If you’ve been online since before the days of password managers, you probably even some passwords you’ve used on more than one website. This is a huge risk, as it means your security is only as good as the least-secure website you use. What happens is attackers break into a poorly-secured website, grab all the logins, then they use automated software to try those same logins on hundreds of different websites. If you’ve re-used a password, they now have access to your accounts on all the sites where you used it. Use the password change feature to update your older passwords, starting with the most important ones – the ones that would put you most at risk if your account where compromised. As an absolute minimum, ensure you have strong, unique passwords for all financial services, as well as other critical ones like Apple, Google, and Amazon accounts. Make sure you include any accounts which have already been compromised! You can identify these by putting your email address into Have I Been Pwned. Use passkeys where possible Passwords are gradually being replaced by passkeys. While the difference might seem small in terms of how you login, there’s a huge difference in the security they provide. With a passkey, a website or app doesn’t ask for a password, it instead asks your device to verify your identity. Your device uses Face ID or Touch ID to do so, then confirms that you are who you claim to be. Crucially, it doesn’t send a password back to the service, so there’s no way for this to be hacked – all the service sees is confirmation that you successfully passed biometric authentication on your device. Use two-factor authentication A growing number of accounts allow you to use two-factor authentication (2FA). This means that even if an attacker got your login details, they still wouldn’t be able to access your account. 2FA works by demanding a rolling code whenever you login. These can be sent by text message, but we strongly advise against this, as it leaves you vulnerable to SIM-swap attacks, which are becoming increasingly common. In particular, never use text-based 2FA for financial services accounts. Instead, select the option to use an authenticator app. A QR code will be displayed which you scan in the app, adding that service to your device. Next time you login, you just open the app to see a 6-digit rolling code which you’ll need to enter to login. This feature is built into the Passwords app, or you can use a separate one like Google Authenticator. Check last-login details Some services, like banking apps, will display the date and time of your last successful login. Get into the habit of checking this each time you login, as it can provide a warning that your account has been compromised. Use a VPN service for public Wi-Fi hotspots Anytime you use a public Wi-Fi hotspot, you are at risk from what’s known as a Man-in-the-Middle (MitM) attack. This is where someone uses a small device which uses the same name as a public Wi-Fi hotspot so that people connect to it. Once you do, they can monitor your internet traffic. Almost all modern websites use HTTPS, which provides an encrypted connection that makes MitM attacks less dangerous than they used to be. All the same, the exploit can expose you to a number of security and privacy risks, so using a VPN is still highly advisable. Always choose a respected VPN company, ideally one which keeps no logs and subjects itself to independent audits. I use NordVPN for this reason. Don’t disclose personal info to AI chatbots AI chatbots typically use their conversations with users as training material, meaning anything you say or type could end up in their database, and could potentially be regurgitated when answering another user’s question. Never reveal any personal information you wouldn’t want on the internet. Consider data removal It’s likely that much of your personal information has already been collected by data brokers. Your email address and phone number can be used for spam, which is annoying enough, but they can also be used by scammers. For this reason, you might want to scrub your data from as many broker services as possible. You can do this yourself, or use a service like Incogni to do it for you. Triple-check requests for money Finally, if anyone asks you to send them money, be immediately on the alert. Even if seems to be a friend, family member, or your boss, never take it on trust. Always contact them via a different, known communication channel. If they emailed you, phone them. If they phoned you, message or email them. Some people go as far as agreeing codewords with family members to use if they ever really do need emergency help. If anyone asks you to buy gift cards and send the numbers to them, it’s a scam 100% of the time. Requests to use money transfer services are also generally scams unless it’s something you arranged in advance. Even if you are expecting to send someone money, be alert for claims that they have changed their bank account. This is almost always a scam. Again, contact them via a different, known comms channel. Photo by Christina @ wocintechchat.com on Unsplash Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Published June 5, 2025 10:00am EDT close Don’t be so quick to click that Google calendar invite. It could be a hacker’s trap Cybercriminals are sending fake meeting invitations that seem legitimate. NEWYou can now listen to Fox News articles! Americans’ personal data is now spread across more digital platforms than ever. From online shopping habits to fitness tracking logs, personal information ends up in hundreds of company databases. While most people worry about social media leaks or email hacks, a far less visible threat comes from data brokers.I still find it hard to believe that companies like this are allowed to operate with so little legal scrutiny. These firms trade in personal information without our knowledge or consent. What baffles me even more is that they aren’t serious about protecting the one thing that is central to their business model: data. Just last year, we saw news of a massive data breach at a data broker called National Public Data, which exposed 2.7 billion records. And now another data broker, LexisNexis, a major name in the industry, has reported a significant breach that exposed sensitive information from more than 364,000 people. A hacker at work (Kurt "CyberGuy" Knutsson)LexisNexis breach went undetected for months after holiday hackLexisNexis filed a notice with the Maine attorney general revealing that a hacker accessed consumer data through a third-party software development platform. The breach happened on Dec. 25, 2024, but the company only discovered it months later. LexisNexis was alerted on April 1, 2025, by an unnamed individual who claimed to have found sensitive files. It remains unclear whether this person was responsible for the breach or merely came across the exposed data.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSA spokesperson for LexisNexis confirmed that the hacker gained access to the company’s GitHub account. This is a platform commonly used by developers to store and collaborate on code. Security guidelines repeatedly warn against storing sensitive information in such repositories; however, mistakes such as exposed access tokens and personal data files continue to occur.The stolen data varies from person to person but includes full names, birthdates, phone numbers, mailing and email addresses, Social Security numbers and driver's license numbers. LexisNexis has not confirmed whether it received any ransom demand or had further contact with the attacker. An individual working on their laptop (Kurt "CyberGuy" Knutsson)Why the LexisNexis hack is a bigger threat than you realizeLexisNexis isn’t a household name for most people, but it plays a major role in how personal data is harvested and used behind the scenes. The company pulls information from a wide range of sources, compiling detailed profiles that help other businesses assess risk and detect fraud. Its clients include banks, insurance companies and government agencies.In 2023, the New York Times reported that several car manufacturers had been sharing driving data with LexisNexis without notifying vehicle owners. That information was then sold to insurance companies, which used it to adjust premiums based on individual driving behavior. The story made one thing clear. LexisNexis has access to a staggering amount of personal detail, even from people who have never willingly engaged with the company.Law enforcement also uses LexisNexis tools to dig up information on suspects. These systems offer access to phone records, home addresses and other historical data. While such tools might assist in investigations, they also highlight a serious issue. When this much sensitive information is concentrated in one place, it becomes a single point of failure. And as the recent breach shows, that failure is no longer hypothetical. A hacker at work (Kurt "CyberGuy" Knutsson)7 expert tips to protect your personal data after a data broker breachKeeping your personal data safe online can feel overwhelming, but a few practical steps can make a big difference in protecting your privacy and reducing your digital footprint. Here are 7 effective ways to take control of your information and keep it out of the wrong hands:1. Remove your data from the internet: The most effective way to take control of your data and avoid data brokers from selling it is to opt for data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Review privacy settings: Take a few minutes to explore the privacy and security settings on the services you use. For example, limit who can see your social media posts, disable unnecessary location-sharing on your phone and consider turning off ad personalization on accounts like Google and Facebook. Most browsers let you block third-party cookies or clear tracking data. The FTC suggests comparing the privacy notices of different sites and apps and choosing ones that let you opt out of sharing when possible.3. Use privacy-friendly tools: Install browser extensions or plugins that block ads and trackers (such as uBlock Origin or Privacy Badger). You might switch to a more private search engine (like DuckDuckGo or Brave) that doesn’t log your queries. Consider using a browser’s "incognito" or private mode when you don’t want your history saved, and regularly clear your cookies and cache. Even small habits, like logging out of accounts when not in use or using a password manager, make you less trackable.GET FOX BUSINESS ON THE GO BY CLICKING HERE4. Beware of phishing links and use strong antivirus software: Scammers may try to get access to your financial details and other important data using phishing links. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.5. Be cautious with personal data: Think twice before sharing extra details. Don’t fill out online surveys or quizzes that ask for personal or financial information unless you trust the source. Create separate email addresses for sign-ups (so marketing emails don’t go to your main inbox). Only download apps from official stores and check app permissions.6. Opt out of data broker lists: Many data brokers offer ways to opt out or delete your information, though it can be a tedious process. For example, there are sites like Privacy Rights Clearinghouse or the Whitepages opt-out page that list popular brokers and their opt-out procedures. The FTC’s consumer guide, "Your Guide to Protecting Your Privacy Online," includes tips on opting out of targeted ads and removing yourself from people-search databases. Keep in mind you may have to repeat this every few months.7. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.Kurt’s key takeawayFor many, the LexisNexis breach may be the first time they realize just how much of their data is in circulation. Unlike a social media platform or a bank, there is no clear customer relationship with a data broker, and that makes it harder to demand transparency. This incident should prompt serious discussion around what kind of oversight is necessary in industries that operate in the shadows. A more informed public and stronger regulation may be the only things standing between personal data and permanent exposure.CLICK HERE TO GET THE FOX NEWS APPShould companies be allowed to sell your personal information without your consent? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Home Meta and Yandex Spying on Android Users Through Localhost Ports: The Dying State of Online Privacy News Meta and Yandex Spying on Android Users Through Localhost Ports: The Dying State of Online Privacy 7 min read Published: June 4, 2025 Key Takeaways Meta and Yandex have been found guilty of secretly listening to localhost ports and using them to transfer sensitive data from Android devices. The corporations use Meta Pixel and Yandex Metrica scripts to transfer cookies from browsers to local apps. Using incognito mode or a VPN can’t fully protect users against it. A Meta spokesperson has called this a ‘miscommunication,’ which seems to be an attempt to underplay the situation. Wake up, Android folks! A new privacy scandal has hit your area of town. According to a new report led by Radboud University, Meta and Yandex have been listening to localhost ports to link your web browsing data with your identity and collect personal information without your consent. The companies use Meta Pixel and the Yandex Metrica scripts, which are embedded on 5.8 million and 3 million websites, respectively, to connect with their native apps on Android devices through localhost sockets. This creates a communication path between the cookies on your website and the local apps, establishing a channel for transferring personal information from your device. Also, you are mistaken if you think using your browser’s incognito mode or a VPN can protect you. Zuckerberg’s latest method of data harvesting can’t be overcome by tweaking any privacy or cookie settings or by using a VPN or incognito mode. How Does It Work? Here’s the method used by Meta to spy on Android devices: As many as 22% of the top 1 million websites contain Meta Pixel – a tracking code that helps website owners measure ad performance and track user behaviour. When Meta Pixel loads, it creates a special cookie called _fbp, which is supposed to be a first-party cookie. This means no other third party, including Meta apps themselves, should have access to this cookie. The _fbp cookie identifies your browser whenever you visit a website, meaning it can identify which person is accessing which websites. However, Meta, being Meta, went and found a loophole around this. Now, whenever you run Facebook or Instagram on your Android device, they can open up listening ports, specifically a TCP port (12387 or 12388) and a UDP port (the first unoccupied port in 12580-12585), on your phone in the background.  Whenever you load a website on your browser, the Meta Pixel uses WebRTC with SDP Munging, which essentially hides the _fbp cookie value inside the SDP message before being transmitted to your phone’s localhost.  Since Facebook and Instagram are already listening to this port, it receives the _fbp cookie value and can easily tie your identity to the website you’re visiting. Remember, Facebook and Instagram already have your identification details since you’re always logged in on these platforms. The report also says that Meta can link all _fbp received from various websites to your ID. Simply put, Meta knows which person is viewing what set of websites. Yandex also uses a similar method to harvest your personal data. Whenever you open a Yandex app, such as Yandex Maps, Yandex Browser, Yandex Search, or Navigator, it opens up ports like 29009, 30102, 29010, and 30103 on your phone.  When you visit a website that contains the Yandex Metrica Script, Yandex’s version of Meta Pixel, the script sends requests to Yandex servers containing obfuscated parameters.  These parameters are then sent to the local host via HTTP and HTTPS, which contains the IP address 127.0.0.1, or the yandexmetrica.com domain, which secretly points to 127.0.0.1. Now, the Yandex Metrica SDK in the Yandex apps receives these parameters and sends device identifiers, such as an Android Advertising ID, UUIDs, or device fingerprints. This entire message is encrypted to hide what it contains. The Yandex Metrica Script receives this info and sends it back to the Yandex servers. Just like Meta, Yandex can also tie your website activity to the device information shared by the SDK. Meta’s Infamous History with Privacy Norms This is not something new or unthinkable that Meta has done. The Mark Zuckerberg-led social media giant has a history of such privacy violations.  For instance, in 2024, the company was accused of collecting biometric data from Texas users without their express consent. The company settled the lawsuit by paying $1.4B.  Another of the most famous lawsuits was the Cambridge Analytica scandal in 2018, where a political consulting firm accessed private data of 87 million Facebook users without consent. The FTC fined Meta $5B for privacy violations along with a 100M settlement with the US Securities and Exchange Commission.  Meta Pixel has also come under scrutiny before, when it was accused of collecting sensitive health information from hospital websites. In another case dating back to 2012, Meta was accused of tracking users even after they logged out from their Facebook accounts. In this case, Meta paid $90M and promised to delete the collected data.  In 2024, South Korea also fined Meta $15M for inappropriately collecting personal data, such as sexual orientation and political beliefs, of 980K users. In September 2024, Meta was fined $101.6M by the Irish Data Protection Commission for inadvertently storing user passwords in plain text in such a way that employees could search for them. The passwords were not encrypted and were essentially leaked internally. So, the latest scandal isn’t entirely out of character for Meta. It has been finding ways to collect your data ever since its incorporation, and it seems like it will continue to do so, regardless of the regulations and safeguards in place. That said, Meta’s recent tracking method is insanely dangerous because there’s no safeguard around it. Even if you visit websites in incognito mode or use a VPN, Meta Pixel can still track your activities.  The past lawsuits also show a very identifiable pattern: Meta doesn’t fight a lawsuit until the end to try to win it. It either accepts the fine or settles the lawsuit with monetary compensation. This essentially goes to show that it passively accepts and even ‘owns’ the illegitimate tracking methods it has been using for decades. It’s quite possible that the top management views these fines and penalties as a cost of collecting data. Meta’s Timid Response Meta’s response claims that there’s some ‘miscommunication’ regarding Google policies. However, the method used in the aforementioned tracking scandal isn’t something that can simply happen due to ‘faulty design’ or miscommunication.  We are in discussions with Google to address a potential miscommunication regarding the application of their policies – Meta Spokesperson This kind of unethical tracking method has to be deliberately designed by engineers for it to work perfectly on such a large scale. While Meta is still trying to underplay the situation, it has paused the ‘feature’ (yep, that’s what they are calling it) as of now. The report also claims that as of June 3, Facebook and Instagram are not actively listening to the new ports. Here’s what will possibly happen next: A lawsuit may be filed based on the report. An investigating committee might be formed to question the matter. The company will come up with lame excuses, such as misinterpretation or miscommunication of policy guidelines. Meta will eventually settle the lawsuit or bear the fine with pride, like it has always done.  The regulatory authorities are apparently chasing a rat that finds new holes to hide every day. Companies like Meta and Yandex seem to be one step ahead of these regulations and have mastered the art of finding loopholes. More than legislative technicalities, it’s the moral ethics of the company that become clear with incidents like this. The intent of these regulations is to protect personal information, and the fact that Meta and Yandex blatantly circumvent these regulations in their spirit shows the absolutely horrific state of capitalism these corporations are in. Krishi is a seasoned tech journalist with over four years of experience writing about PC hardware, consumer technology, and artificial intelligence.  Clarity and accessibility are at the core of Krishi’s writing style. He believes technology writing should empower readers—not confuse them—and he’s committed to ensuring his content is always easy to understand without sacrificing accuracy or depth. Over the years, Krishi has contributed to some of the most reputable names in the industry, including Techopedia, TechRadar, and Tom’s Guide. A man of many talents, Krishi has also proven his mettle as a crypto writer, tackling complex topics with both ease and zeal. His work spans various formats—from in-depth explainers and news coverage to feature pieces and buying guides.  Behind the scenes, Krishi operates from a dual-monitor setup (including a 29-inch LG UltraWide) that’s always buzzing with news feeds, technical documentation, and research notes, as well as the occasional gaming sessions that keep him fresh.  Krishi thrives on staying current, always ready to dive into the latest announcements, industry shifts, and their far-reaching impacts.  When he's not deep into research on the latest PC hardware news, Krishi would love to chat with you about day trading and the financial markets—oh! And cricket, as well. View all articles by Krishi Chowdhary Our editorial process The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors. More from News View all View all

Shopping has always been a battle. Companies work hard to convince you that their product is better, while also trying to ensure you pay the highest possible price for your purchase. That’s fair enough, and most of us are accustomed to researching everything we buy to make sure we’re not being ripped off.But modern technology has changed the game. Companies have been hoovering up information about us for years now, and that means they have a pretty good idea about our shopping habits—including what we’re willing to pay for specific products and services, something called Individualized Consumer Data (ICD). New tools like artificial intelligence are now making it very, very easy for companies to engage in what’s known as surveillance pricing.What is surveillance pricing?As its most basic, surveillance pricing is when companies put together a profile of you and your shopping habits, then adjust prices specifically for you. A basic example would be shopping for a television: Two people go to Amazon to look at the same television. One person sees a price of $499, while the other sees $599—for the exact same television, at the exact same moment. The discrepancy is due to their different spending habits and other information that Amazon has gathered about them—their ICD—that tells the company that one person would be willing to spend that extra $100, and the other wouldn’t.Companies create those profiles by scraping an incredibly large volume of information about you from a wide variety of sources. Internet cookies, your shopping history, your IP address (and the geographic and demographic information it provides), are just the basics—the profiling goes much deeper. Even behaviors like how far you scroll when searching for products or what you leave in your shopping cart and never buy contribute to a detailed picture of who you are as a consumer.You might be thinking that most of your personal and financial information is protected to some extent by privacy laws and policies, and you would be right. A lot of this stuff is anonymized. But the sheer amount of information that you leak when you go online—not just cookies and IP addresses, but the browser you use, the plugins you have installed, your time zone, screen size, devices, even system fonts on your computer—can be collected to create a detailed “fingerprint” of your online life. Combined with data gathered from loyalty apps and other sources, this means that an “anonymous” profile of you can be reliably created and identified. In other words, companies may not know that it’s you shopping for that TV, but they know that a unique consumer with specific habits is shopping for one, and thus they can tweak their pricing as needed very effectively.The signs to look out forWhat’s fun about surveillance pricing is how hard it is to tell it’s happening. After all, you surf to a site to buy something, you see a price, you assume that’s just the price that’s been calculated. How can you know that someone else will see a higher or lower price?It’s not easy. You can look for a few subtle signs and try a few experiments if you suspect you’re running into surveillance pricing:Changed prices. If you go back to a specific website regularly and notice that the price changes, it might be because you’re using a different device or because some other aspect of your online fingerprint has changed. Or it might be because your ICD tells the company that you always visit multiple times looking for a lower price.Inconsistent pricing. If you know someone who is shopping for the same item on the same platform and they’re getting different pricing, that’s a potential clue.Reactive advertising. Even if you haven’t noticed price changes, seeing ads that are narrowly targeted to you can be a sign that ICD is being collected and used on you. For example, if web searches or comments on your social media channels seem to inspire related ads, there’s a good chance that your online fingerprint is specific enough to be used for surveillance pricing.Defending against surveillance pricingSurveillance pricing is harmful to consumers because it means you wind up paying more for items simply because of where you live or other extraneous factors—it’s inherently unfair. Defending against it, however, can be challenging—there are basically four strategies you can employ against surveillance pricing, and none of them are magic bullets.Comparison shopThe simplest way to combat suspected surveillance pricing is to shop around for items at different stores—including physical locations, if possible—to get a clear idea of what the “normal” price should be. This can be time-consuming and not always effective, as different online platforms may all use similar surveillance techniques against you.Another aspect of this is to engage your friends and family who live in different areas and use different devices (Android phones versus iPhones, for example). A news station recently had several people from around the country check the prices of different products online, and found prices swung by several hundred dollars depending on location and other factors. If you can ask people who live in different areas to check prices, you can at least determine if you’re getting an okay deal, comparatively.Use a VPNOne of the most common pieces of advice whenever pricing issues come up is to use a Virtual Private Network (VPN) to mask your location—you’ve probably seen this advice in conjunction with finding the lowest airline prices for trips. It seems to make sense: If retailers are charging more for people living in affluent zip codes, changing your reported location should defend against that.I tried this, using a VPN to change my IP address to locations in Mexico, the Netherlands, Japan, and different areas of the U.S., and actually saw no price changes whatsoever. One reason this might not work is because your IP address and associated location are just one piece of your online fingerprint, and companies can still track you when you mask it (your browser gives away a lot of information—you can see just how much at this site). Another reason this might not work as well as you expect is because companies can pretty easily tell that you’re using a VPN because the IP addresses they assign their users are used over and over again, often by several people at the same time. This creates patterns that allow companies to flag those IP addresses as VPNs.However, that doesn’t mean that using a VPN is pointless in the fight against surveillance pricing. If you routinely surf the net behind a VPN and combine that with other steps like incognito browsing, regularly clearing cookies from your browser, and deleting your internet history, you deny trackers a wealth of information about you, which can help cloak your identity, making it harder to create that online fingerprint.Avoid loyalty appsLoyalty apps that offer coupons and discounts to regular shoppers are, of course, data vacuums that make it very easy to create a profile about you and your shopping habits. For a few measly discounts, you’re basically giving companies everything they could possibly need to track and profile you—and they can (and do) sell that information to other retailers. If you want to make it harder for them to use surveillance pricing against you, giving up those little perks is probably necessary.Use different devicesThe final piece of advice for defeating surveillance pricing is the one thing that did actually make a difference when I tested it. I randomly searched Amazon for a 65-inch TV made by TCL. On my desktop browser, it was listed at $469.95. When I switched to my phone, it was suddenly $479.00. Less than $10 isn’t a huge difference, but changing devices was the only strategy that yielded any results at all for me, and indicates that checking prices on different devices is an effective strategy for ensuring you’re getting the best possible price despite what your profile might say about your shopping habits.Of course, all of this checking and device-swapping takes time and effort, so you have to consider whether the money you might save by getting around surveillance pricing is worth the time you put into it. Using a VPN with an incognito browser regularly is probably the best passive strategy you can employ to frustrate attempts to profile you without making it into a second job.Last year the Federal Trade Commission opened an investigation into surveillance pricing, which could lead to new rules and enforcement to end the practice, and several states have some kind of legislation to regulate or ban the practice in the works. But until those become reality, keep your eyes open.

Signal is taking proactive steps to ensure Microsoft’s Recall feature can’t screen capture your secured chats, by rolling out a new version of the Signal for Windows 11 client that enables screen security by default. This is the same DRM that blocks users from easily screenshotting a Netflix show on their computer or phone, and using it here could cause problems for people who use accessibility features like screen readers. While Signal says it’s made the feature easy to disable, under Signal Settings > Privacy > Screen Security, it never should’ve come to this. Developer Joshua Lund writes that operating system vendors like Microsoft “need to ensure that the developers of apps like Signal always have the necessary tools and options at their disposal to reject granting OS-level AI systems access to any sensitive information within their apps.” Despite delaying Recall twice before finally launching it last month, the “photographic memory” feature doesn’t yet have an API for app developers to opt their users’ sensitive content out of its AI-powered archives. It could be useful for finding emails or chats (including ones in Signal) using whatever you can remember, like a description of a picture you’ve received or a broad conversation topic, but it could also be a massive security and privacy problem. Lund notes that Microsoft already filters out private or incognito browser window activity by default, and users who have a Copilot Plus PC with Recall can filter out certain apps under the settings, but only if they know how to do that. For now, Lund says that “Signal is using the tools that are available to us even though we recognize that there are many legitimate use cases where someone might need to take a screenshot.”