I didn’t expect to be shocked by tracking tricks anymore — but then I read this piece on Ars Technica and, well… wow.
Turns out Meta and Yandex have been quietly using their tracking scripts — Meta Pixel and Yandex Metrica — to link your browser activity to your logged-in app identity. Not via cookies, not through ad clicks, but through local ports on your Android phone.
Here’s the playbook:
1. You visit a site with their pixel.
2. The pixel script reaches out — not to a remote server, but straight to the native Facebook, Instagram, or Yandex app running on your phone.
3. These apps are silently listening on localhost. The browser hands over a unique ID like fbp.
4. The app connects the dots: anonymous browsing becomes fully identifiable.
It works even in incognito. No click required. And consent? Over 75% of sites skip that entirely.
Yandex has been doing this since 2017. Meta joined in late 2024. Google only started blocking this in Chrome a few weeks ago — after researchers went public. Until then, nobody knew. Not even most developers using these trackers.
Both companies say it’s all for “better personalization.” Of course it is.
Want all my posts in one place? I put 350+ articles on GA4, BigQuery, attribution, and metrics into one searchable library.
Go here to explore it for FREE.
