i would love to have a software engineer's union, not so much to get better working conditions but to be able to say stuff like "i can't implement that unethical feature, it's against union rules and i'd lose my membership".
> Meta must face a lawsuit alleging that it secretly tracked Android users' browsing activity on mobile websites that embedded Meta's analytics pixel, and linked that activity to users' identities, a federal judge ruled Monday.
> The decision, issued by U.S. District Court Judge Rita Lin in San Francisco, grew out of a class-action complaint initially brought last June by California resident Devin Rose (and later joined by other Android users).
> Rose alleged that between September 2024 and June 2025, Meta exploited Android's localhost -- a feature that allows software developers to test applications -- to connect users’ mobile web browsing to their Facebook and Instagram profiles.
> UPDATE: As of June 3rd 7:45 CEST, Meta/Facebook Pixel script is no longer sending any packets or requests to localhost. The code responsible for sending the _fbp cookie has been almost completely removed. Yandex has also stopped the practice we describe below.
I've seen it and at least in Chrome it seems to be treating all URLs which are based on an IP address as "local", regardless of the class of the address.
I'd be inherently suspicious of any website in the wild attempting to contact a bare IP address. Aside from localhost, my default assumption would be that such a website is either trying to circumvent my hosts file (or circumvent my other DNS configuration, e.g. pi-hole or DNS-over-HTTPS), malware trying to reach a command-and-control server, or malware trying to circumvent my adblocker.
i would love to have a software engineer's union, not so much to get better working conditions but to be able to say stuff like "i can't implement that unethical feature, it's against union rules and i'd lose my membership".
I’m curious if unions helped or hurt the autoworkers when automation and outsourcing was gutting that industry in the US.
Obviously we know where it ended up, but like, was it more or less painful.
Start one. Unions are worker owned. You could also join the IWW.
Take a lead, let me sign up :)
same
> Meta must face a lawsuit alleging that it secretly tracked Android users' browsing activity on mobile websites that embedded Meta's analytics pixel, and linked that activity to users' identities, a federal judge ruled Monday.
> The decision, issued by U.S. District Court Judge Rita Lin in San Francisco, grew out of a class-action complaint initially brought last June by California resident Devin Rose (and later joined by other Android users).
> Rose alleged that between September 2024 and June 2025, Meta exploited Android's localhost -- a feature that allows software developers to test applications -- to connect users’ mobile web browsing to their Facebook and Instagram profiles.
May 12, 2026
Looks like they stopped doing it
https://localmess.github.io
> UPDATE: As of June 3rd 7:45 CEST, Meta/Facebook Pixel script is no longer sending any packets or requests to localhost. The code responsible for sending the _fbp cookie has been almost completely removed. Yandex has also stopped the practice we describe below.
Chrome and Firefox have deployed / are deploying local-network-access which prompts the user when apps try this.
I was just about to say that my question in regards to this was "what are web browsers doing about it?"
I've seen it and at least in Chrome it seems to be treating all URLs which are based on an IP address as "local", regardless of the class of the address.
I'd be inherently suspicious of any website in the wild attempting to contact a bare IP address. Aside from localhost, my default assumption would be that such a website is either trying to circumvent my hosts file (or circumvent my other DNS configuration, e.g. pi-hole or DNS-over-HTTPS), malware trying to reach a command-and-control server, or malware trying to circumvent my adblocker.