user consent Archives

AppWizard

June 4, 2025

Meta Pixel halts Android localhost tracking after disclosure

Security researchers have found that Meta and Yandex used native Android applications to access localhost ports, allowing them to link web browsing data with user identities and bypass privacy protections. Following these findings, Meta stopped its data transmission to localhost and removed much of the tracking code to comply with Google Play policies. A report from researchers at IMDEA Networks, Radboud University, and KU Leuven detailed how apps like Facebook and Instagram collected web cookie data via the loopback interface. This method allowed the companies to associate browsing sessions with user identities, undermining privacy measures. Meta's tracking process involved the Meta Pixel script, which transmitted cookies to native apps through various protocols. Meta began using this technique in September 2024 but ceased these practices by June 3rd, 2025. Yandex's localhost tracking dates back to 2017, and while they did not respond to inquiries, browser vendors have implemented mitigations against these practices. Proposed solutions include a new permission for local network access to prevent such tracking in the future.

AppWizard

June 3, 2025

Facebook, Yandex Apps Secretly Track Users Via Hidden Ports, Research Claims

Recent findings from IMDEA Networks Institute indicate that Facebook and Instagram apps have been tracking Android users' web browsing activities without consent, bypassing privacy controls and functioning even in incognito mode. This tracking affects millions of websites using Meta's tracking code. Yandex has employed similar tracking techniques since 2017, creating a cross-platform surveillance network. The tracking exploits Android’s permission system by establishing background services that listen on network ports, allowing the apps to capture browsing data and associate it with users' accounts. Meta's pixel is present on about 5.8 million websites, while Yandex Metrica is on around 3 million sites, potentially impacting billions of users. Approximately 78% of sites with Meta’s pixel and 84% of Yandex's sites attempted localhost communications without user consent. This tracking method operates at the operating system level, unaffected by cookie clearing, incognito modes, or privacy settings. Researchers have demonstrated that malicious apps could exploit this technique to gather users' browsing histories. Many website operators were unaware of these localhost communications, leading to confusion and complaints. In response, major browser vendors are implementing measures to block these tracking methods. Meta ceased this tracking on June 3rd, coinciding with the research's public release. The research highlights a significant security gap in mobile platforms regarding localhost communications, emphasizing the need for stricter policies and vetting processes.

AppWizard

June 3, 2025

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Recent developments in browser technology have raised concerns about user privacy and data tracking by companies like Meta and Yandex. In response, several Android browsers are enhancing user privacy by blocking abusive JavaScript linked to web trackers. DuckDuckGo has implemented measures to block domains and IP addresses associated with trackers, preventing the transmission of identifiers to Meta and restricting access to Yandex Metrica. Following feedback, DuckDuckGo's developers updated their blacklist to include missing addresses. The Brave browser uses extensive blocklists to prevent identifier sharing and blocks requests to localhost without user consent. Vivaldi forwards identifiers to local Android ports by default but allows users to adjust settings to block trackers. Researchers warn that these solutions may not be foolproof and emphasize the ongoing challenge of maintaining effective blocklists. Chrome and most other Chromium-based browsers execute JavaScript as intended by Meta and Yandex, while Firefox has faced challenges with SDP munging and has not yet announced plans to address this behavior.

Winsage

May 23, 2025

Microsoft to Make Windows Agentic for New Web Experience

Microsoft is transforming Windows into an agentic AI platform, a significant evolution in its operating system history. At the Microsoft Build 2025 event, CEO Satya Nadella discussed the need to update legacy internet systems for the rise of AI agents, likening this phase of generative AI to past technological revolutions. Microsoft is developing an ‘agentic web’ to allow intelligent agents to interact with data and users. To support this, the Model Context Protocol (MCP), developed by Anthropic, will be embedded in Windows, enabling AI agents like GitHub Copilot to perform tasks beyond code generation, such as installing software and modifying system settings with user consent. Microsoft introduced Foundry Local, a tool that allows AI features to run offline on PCs, enhancing response times and privacy. The company also launched Copilot Tuning, enabling enterprises to customize AI agents using their own data and workflows. Additionally, Microsoft announced NLWeb, an open standard to convert any website into an agentic platform, facilitating AI agents' understanding and interaction with web content. Microsoft is collaborating with companies like Tripadvisor to implement NLWeb for autonomous travel arrangements.

Winsage

May 21, 2025

Windows 11 Introduces Enhanced Administrator Protection to Strengthen Security Against Elevated Privilege Attacks

Microsoft has launched Administrator Protection for Windows 11, a feature designed to enhance cybersecurity by preventing privilege escalation attacks. This feature creates a security boundary around administrative operations, reducing the attack surface for cybercriminals. It introduces a hidden, system-managed local user account that generates isolated admin tokens, preventing user-level malware from compromising elevated processes. Administrator Protection eliminates auto-elevation functionality, requiring users to explicitly authorize administrative actions. It utilizes a System Managed Administrator Account (SMAA) that generates non-persistent admin tokens for specific tasks, which are discarded after use. The feature is currently available to Windows Insiders in the Canary channel and will expand to the Dev channel, with broader deployment expected in the 24H2 release. Compatibility challenges may arise in complex development environments, such as with Visual Studio.

Winsage

May 6, 2025

Microsoft pushes fix for Windows 11 update 0x80240069 errors

Microsoft has resolved an issue that affected the delivery of Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) after the installation of the April 2025 security updates. Users reported upgrade problems, specifically encountering error code 0x80240069 during attempts to update from Windows 11 23H2 or 22H2. The update complications primarily impact enterprise environments using WSUS, while home users are less likely to experience these issues. Microsoft is rolling out a fix through Known Issue Rollback (KIR) for enterprise-managed devices, requiring IT administrators to implement the KIR Group Policy on affected endpoints. Additionally, Microsoft is addressing a separate issue where some PCs were upgraded to Windows 11 despite Intune policies preventing such upgrades.

Tech Optimizer

May 5, 2025

How to Easily Uninstall McAfee Antivirus Completely

McAfee can appear on computers without user consent, often pre-installed on new laptops or bundled with other software. To uninstall McAfee on Windows 10 or 11, users can access the Settings app or Control Panel to remove it. For Mac users, the McAfee Total Protection Uninstaller can be used, but some residual files may need to be deleted manually. If standard uninstallation methods fail, the MCPR removal tool can be used to thoroughly clean up remnants of the software. Uninstalling McAfee is generally not detrimental, as many users prefer alternative antivirus solutions or rely on built-in protections provided by their operating systems.

Winsage

April 16, 2025

Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks

Microsoft is addressing an issue where some Windows devices are prompted to upgrade to Windows 11 despite Intune policies preventing such upgrades, a problem attributed to a "latent code issue" since April 12. A targeted code fix is being deployed, and users are advised to pause Windows feature updates via Intune until the resolution is fully rolled out. Users who upgraded to Windows 11 inadvertently will need to manually revert to their previous version. Additionally, in November 2024, certain Windows Server 2019 and 2022 devices were upgraded to Windows Server 2025 without user consent, and Microsoft acknowledged the problem but did not provide guidance on reverting these upgrades. Microsoft has also resolved an issue with prompts for upgrading to Windows Server 2025, clarifying that notifications were intended only for those seeking in-place upgrades.

AppWizard

April 10, 2025

How Gaming Is Regulated On Android’s App Store

The Google Play Store offers millions of mobile games and enforces strict regulations to ensure user safety and legal compliance. These regulations cover content policies, monetization practices, data protection, technical requirements, and regional compliance. Games must adhere to content policies that prohibit hate speech, excessive violence, and misrepresentation, and must be rated by the International Age Rating Coalition (IARC). Monetization strategies require developers to use Google’s payment system for in-app purchases and disclose pricing and refund policies. Gambling games must have the necessary licenses and disclose odds for loot boxes. Data privacy guidelines mandate clear communication about data collection and user consent. Technical standards require games to function well across devices and be free from security threats. Google employs automated and manual reviews to enforce compliance, with consequences for violations ranging from warnings to permanent bans. Regional compliance is necessary, particularly in areas with strict regulations like China and the EU.

Winsage

April 10, 2025

Windows 11 update reportedly creates a mysterious folder on your system drive, which is certainly confusing

A new folder named ‘inetpub’ has appeared on Windows 11 24H2 system drives following the April update, linked to Microsoft’s web server software for developers. The folder is empty, harmless, and can be deleted without adverse effects. Many users have reported removing it safely, while others may choose to keep it if it doesn't cause inconvenience. The folder's creation may be related to adjustments made to IIS components and has caused confusion among users, with reports of its appearance across various devices. There is a possibility that the folder could reappear even after deletion, indicating a need for a permanent fix from Microsoft.