“Localhost tracking” explained. It could cost Meta 32 billion.

It is a very perverse method to steal user data, fooling regulators and operating system designers. On Android phones only, if the facebook or instagram app are installed and a session has been opened at some point in time. Not clear about WhatsApp/Messenger
<https://www.zeropartydata.es/p/localhost-tracking-explained-it-could>
     Zero Party Data (EN version)
     *“Localhost tracking” explained. It could cost Meta 32 billion.*
     You just can't finish off Zuckerberg.
     Jorge García Herrero
     jun 10, 2025
     What happened?
     Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.
     Next, we preview what may (and should) become the combined sanctioning smackdown of the century, and then we explain — in simple terms (because it’s complicated) — what Meta was doing.
     *It smells like record fine spirit*
     Meta faces simultaneous liability under the following regulations, listed from least to most severe: GDPR, DSA, and DMA (I’m not even including the ePrivacy Directive because it’s laughable).
     GDPR, DMA, and DSA protect different legal interests, so the penalties under each can be imposed cumulatively.
     The combined theoretical maximum risk amounts to approximately €32 billion** (4% + 6% + 10% of Meta’s global annual revenue, which surpassed €164 billion in 2024).
     Maximum fines have never before been applied simultaneously, but some might say these scoundrels have earned it.
     If you want to go straight to the breakdown of infractions and penalties, click here.
     ... (continues on the link)
--
Cheers, Carlos.