Chromecast and Netflix have done this for a while now to facilitate some sort of hand-off.
I don’t have the details handy, but a few years ago I was `adb shell` into my device to debug something untreated and did a quick `netstat` and noticed a few ports that were open / did not expect. Tracked them down to Netflix, specifically.
zb3 12 minutes ago [-]
Yes, I rely on this for my internal app to serve scriptlets to ublock origin. I hope they won't take it away, at least make it possible for the user to keep this behaviour..
I also rely on this for another internal app that opens a rsync server..
merelysounds 31 minutes ago [-]
For iPhone users, the last point in the article’s FAQ addresses iOS; excerpt below:
> No evidence of abuse has been observed in iOS browsers and apps that we tested. That said, similar data sharing between iOS browsers and native apps is technically possible. (…) It is possible that technical and policy restrictions for running native apps in the background may explain why iOS users were not targeted by these trackers.
cosmic_cheese 26 minutes ago [-]
It’d be difficult to make work reliably on iOS due to how it handles background processes. Processes can’t just hang around forever, they’re expected to quickly and efficiently finish their task and close until their next scheduled run (which is determined by the system — devs can request to run whenever they want, but processes that are badly behaved get downranked and run less often). If its task is taking too long the system unceremoniously kills the process.
This is limiting and makes implementing programs like Syncthing more challenging but also helps keep the battery eaters and eternal listeners until control.
dherls 33 minutes ago [-]
Another scummy tracking move from Meta, shouldn't be surprised.
In general I think browsers should prevent websites reaching out to localhost without explicit opt-in from the user.
Rendered at 20:40:39 GMT+0000 (Coordinated Universal Time) with Vercel.
https://news.ycombinator.com/item?id=44169115
https://news.ycombinator.com/item?id=44182204
https://news.ycombinator.com/item?id=44235467
"Localhost tracking" explained. It could cost Meta €32B - https://news.ycombinator.com/item?id=44235467 - June 2025 (274 comments)
Meta found 'covertly tracking' Android users through Instagram and Facebook - https://news.ycombinator.com/item?id=44182204 - June 2025 (93 comments)
Meta pauses mobile port tracking tech on Android after researchers cry foul - https://news.ycombinator.com/item?id=44175940 - June 2025 (28 comments)
Covert web-to-app tracking via localhost on Android - https://news.ycombinator.com/item?id=44169115 - June 2025 (344 comments)
https://android.googlesource.com/platform/frameworks/base/+/...
Chromecast and Netflix have done this for a while now to facilitate some sort of hand-off.
I don’t have the details handy, but a few years ago I was `adb shell` into my device to debug something untreated and did a quick `netstat` and noticed a few ports that were open / did not expect. Tracked them down to Netflix, specifically.
I also rely on this for another internal app that opens a rsync server..
> No evidence of abuse has been observed in iOS browsers and apps that we tested. That said, similar data sharing between iOS browsers and native apps is technically possible. (…) It is possible that technical and policy restrictions for running native apps in the background may explain why iOS users were not targeted by these trackers.
This is limiting and makes implementing programs like Syncthing more challenging but also helps keep the battery eaters and eternal listeners until control.
In general I think browsers should prevent websites reaching out to localhost without explicit opt-in from the user.