Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta Apps (and Yandex)

Original Article ↗ Hacker News Discussion ↗

Browser choices and privacy tradeoffs

  • Several commenters agree with the article’s “stop using Chrome” message but emphasize the core issue is Google’s ad-business ownership, not the codebase itself.
  • Firefox is the most frequently suggested alternative (often with uBlock Origin), with reminders it once reached ~31% share and was eating IE’s lunch before Chrome. Some lament Mozilla’s recent direction and funding dependence on Google; forks like LibreWolf, Zen, Mullvad, and Orion are mentioned.
  • Safari is polarizing: praised for privacy defaults and battery life, but criticized for being closed-source, crash-prone, lagging on web standards/PWAs, and hard to develop for. This fuels the “Safari is the new IE” narrative.
  • Brave is lauded for built-in blocking and for already mitigating the localhost trick used in this incident, but some distrust it due to past controversies and delayed security patches. Vivaldi and Chromium forks like Supermium get niche mentions.

Adblockers, tracking, and media conflicts

  • Many call the WaPo advice incomplete or non-credible because it omits “use an adblocker,” suspecting ad-driven outlets won’t openly recommend them.
  • There’s debate over how dependent WaPo is on ads vs subscriptions, but consensus that adtech-funded media have structural conflicts when giving privacy guidance.
  • uBlock Origin and NoScript are cited as highly effective at blocking third-party trackers and ads; limitations around first-party tracking are noted. Some argue blocking JavaScript or using strict modes is a valid but breakage-prone strategy.

Meta/Yandex localhost/WebRTC technique

  • Commenters clarify the attack: Meta and Yandex Android apps ran a localhost server and abused WebRTC metadata to pull identifiers (e.g., cookies) from the browser’s sandbox into the app, then tied them to logged-in identities.
  • This did not break same-origin universally; it depended on sites embedding their trackers. It’s characterized as “effectively malware.”
  • Mitigations: uninstall/disable the apps, rely on browsers that block localhost intrusion by default, and longer-term OS and browser changes. Preinstalled, non-removable Meta apps on some phones are highlighted as a hard problem.

Mobile privacy, messaging, and lock-in

  • Some suggest avoiding Android entirely (or using GrapheneOS) if privacy is paramount; skepticism is expressed about Google’s willingness to close privacy holes like app enumeration.
  • Avoiding WhatsApp is hard in regions where it’s a social default (e.g., parents’ school groups). Workarounds include separate phones or Android work profiles (Shelter/Island) to isolate the app.
  • Telegram vs WhatsApp vs Signal sparks debate: WhatsApp’s E2EE is acknowledged, but its broader data collection and Meta ownership are seen as major downsides.

Ethics of surveillance tech work

  • Strong moral criticism of Meta/Yandex: engineers are accused of knowingly building hostile surveillance features for money, then quietly removing them when exposed.
  • Others argue most employees compartmentalize, chase compensation or “interesting problems,” and diffuse responsibility up the management chain—the “banality of evil” in corporate form.