Skip to content(if available)orjump to list(if available)

Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta Apps (and Yandex)

Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta Apps (and Yandex)

140 comments

·June 7, 2025
Visit

xnx

Without the suggestion to install an adblocker, this is not credible advice.

ninth_ant

A media outlet which depends on ad revenue as a primary income source is unlikely to suggest this.

Ditching these deeply invasive products remains a good idea, independent on any decision to use ad blockers or not.

The Meta/Yandex incident in particular is straight-up malware and everyone should remove their apps.

alkonaut

Getting privacy advice from an adtech funded outlet sounds like reading democracy advice from the Chinese ruling party or vegetarianism advice from lions to be honest.

It might be correct-and-incomplete but they just have no credibility on the topic.

gamblor956

WaPo is dependent on subscription revenue, not ads. They limit the number of articles non subscribers can read.

They're also owned by one of the richest men in the world...

timewizard

> which depends on ad revenue

They're more tightly bound than that. They're dependent on Google Display Ads. Which really makes their whole diatribe that much more pathetic.

Any media company that decided to traffic the ads themselves, from their own servers, and inline with their own content, would effectively be immune from ad blocking.

> Ditching these deeply invasive products remains a good idea

While still allowing random third party javascript to run unchecked on a parent website.

kulahan

> While still allowing random third party javascript to run unchecked on a parent website.

Lol, why are you commenting as if somehow allowing it to run negates the other good ideas in some way? Obviously some is better than none, and all is better than some, but each step takes more effort.

labster

Hosting the ads on the same server as the content is done in some cases, but doesn’t result in any immunity. If the ads are sufficiently annoying, it only leads to a merry little game with the adblocker annoyance list community, where they figure out new regexen to block the content, deploying daily. Bypass the blocks too effectively, and the adblocker will accidentally start blocking website content. Users will assume the website itself is broken, and visit less.

Self-hosting ads is not really a winning game unless your ads are non-animated, non-modal static text and images.

jonhohle

It’s odd that orgs like NYT don’t run their own ad services. I’m sure they have a dedicated department for ad sales for physical copies. They’re large enough that companies would work directly with them. And they would have at least some editorial control on what is displayed on their site.

godelski

The advice is fine, just incomplete.

It is better than nothing and definitely for the more "normies" advice. Let's start there and then we can get them onto adblock and other stuff.

Btw, the ArsTechnica article they link offers more advice[0]

[0] https://arstechnica.com/security/2025/06/meta-and-yandex-are...

mmooss

That may not be viable for many non-technical users, which is their audience. On HN, it would be an error to omit ad blockers; the Washington Post has a different audience. I expect that most would find installing and learning a new browser to be too much effort and too hard to understand.

userbinator

The FBI recommends using an adblocker: https://news.ycombinator.com/item?id=41483581

mingus88

They will not bite the hand that feeds them.

But I am glad they are pushing people toward other browsers because that is the biggest step. Once you have taken that step, installing the most popular extensions is trivial.

Guess what the highest rated extensions are?

jfengel

Does the ad blocker prevent leaks of your information?

I know it blocks a use of your information against you (targeted ads). And any external source is a potential leak (e.g. the kinds of things that CORS is supposed to reduce).

But does an ad blocker specifically leak more, or just reduce the incentive to collect that information?

demosthanos

A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.

This blocks most existing tracking methods. The only thing you're not protected from is first-party tracking by the site you're actually visiting, which is impossible to fully protect against.

zahlman

>prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.

Incidentally, just blocking JavaScript with NoScript kills quite a lot of ads (obviously, not first-party ones if you've white-listed their JavaScript for site functionality; but I try to avoid that when there isn't real demonstrated value) without any need for an explicit ad blocker.

blacksmith_tb

1st-party would likely be prevented by disabling cookies? Obviously they could fingerprint every visitor on every request, but most just set an ID cookie and check it on subsequent pages I think, since that's good enough for tracking most people (who aren't actively trying not to be tracked). Of course, that breaks things that need a session (like a cart), but depending on what you want from a site, it could be fine.

weaksauce

they don't load up the ads at all so they can't know your information in the first place at least from the ads themselves. if the website is sharing information directly there's nothing you can do outside of some kind of vpn and never logging on to any services.

antithesizer

Yes they block tracking

eastbound

I think there was a Defcon where they showed that some ad networks let the advertiser themselves provide the image/video. By targeting only people who first visited a given website, they know who you are. And by adding selectors on the ad, they extract your characteristics, including location.

It looks very stretched, but the real magic happens when this data is sold in bulk. It allows recouping who is where. Your target person may or may not be in each dataset, their location isn’t known like clockwork, but that allows determining where they work, where they sleep and who they’re with. One ad is useless as a datapoint, but recouping shows reliable patterns. And remember most people on iPhone still don’t have an adblocker.

ryandrake

I would bet money that the techie they asked to put the list together included "use an adblocker." And then the higher-up who approves articles like this said "shit! wait... no, no, no, delete that one!!" These corporations are deeply deceptive.

xnx

Source article: https://www.washingtonpost.com/technology/2025/06/06/meta-pr...

HelloUsername

> Source article

Thx. Even the source in the slashdot article links to msn...

bitpush

Written by the same person who wrote Washington Post article.

All very confusing.

boomboomsubban

MSN is all rehosted articles I believe. Several times I've searched major paper headlines to read the full story on MSN.

No idea what kind of deal these places have with Microsoft.

null

[deleted]

aucisson_masque

What about the other app ? Now that this trick is known, either it’s completely fixed, including in system webview, or all the other usual spyware ,that the play store is full of, are going to use it to track their user.

Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.

I believe Google isn’t interested in Android user privacy in any way, even when it’s to their own benefit.

At this point either use iPhone, grapheneos or no phone at all.

ThinkBeat

I dont yet understand this attack.

The WP article says:

"" Millions of websites contain a string of computer code from Meta that compiles your web activity. It might capture the income you report to the government, your application for a student loan and your online shopping. ""

If I read that correctly then they are capturing all https web content you access in clear text and uploads it all to Meta? Then Meta

I thought the exploit was used to track where you visited, not the full data of each webpage.

bink

It does sound fantastical. A piece of code that can violate the same origin policy would be a huge vulnerability. Meta could be working with other sites to share data on users via code running on both sites, but snooping on tax data without the IRS helping? Unlikely.

I can only assume they're suggesting that companies like Intuit and H&R Block are sharing this data with Meta, but that seems like a huge violation of privacy and with tax data it might even be illegal.

macNchz

It's effectively malware—this article has some more detail: https://arstechnica.com/security/2025/06/meta-and-yandex-are...

Basically, they created a channel between the browser and a localhost webserver running in their native apps, by abusing the ability to set arbitrary metadata on WebRTC connections. That way, they were able to exfiltrate tracking cookies out of the browser's sandbox to the native app, where they could be associated with your logged-in user identity.

meroes

Hmm how can I use being forced to use Chrome for work, for me tax wise…

If I’m a contractor forced to use Chrome and mobile devices, can I deduct a separate work phone?

I really hate having it my iPhone, at least maybe I can claw something back this way?

0_____0

I believe it is good form to keep work and personal machines completely separate, including phones. If you ever have to hand over your devices for discovery in a law suit I think you will come to the same conclusion.

Xorakios

I very much agree. Retired now but I used to have a separate phone for each major client for HIPAA compliance but it's good advice everywhere (and $50 year-old android phones and $15/month Tracfone accounts aren't just for criminals!)

m-localhost

Zen Browser (FF) on Win and Firefox on iOS (for sync) works well for me. Edge for all M365 related stuff. Still use Chrome for web dev. Not sure what to move on in that regard...

t-writescode

I'm a relatively new web dev and I've been quite happy with Firefox's Web Dev tools. What does Chrome's dev tools give someone that Firefox's doesn't? I can edit css on the fly, see where a css rule is being overwritten, debug javascript, etc.

arealaccount

FF dev tools just don’t work sometimes, notably with iframes, sometimes with source maps, and other edge case types things.

I use FF for 99% of dev, open Chrome maybe once a quarter. It’s a better browser.

nine_k

One an develop in FF, but has to test in Chrome. (Same with developing in Chrome and also testing in FF.)

helph67

Thirty months old but I'm guessing they haven't improved! https://www.techradar.com/news/nearly-half-of-all-online-tra...

p0w3n3d

I've noticed that recent Chrome version does not allow me to download the pdf I'm viewing. I had to open it in Firefox. The Chrome browser only allowed me to save it to drive (cloud)

Aurornis

I downloaded a PDF within updated Chrome earlier this morning without problems. I would be looking at your setup to see what makes it unique.

Grazester

You can absolutely download PDFs on the all Chrome versions including the most recent. You need to do is set chrome to download them instead of open them.

I am a developer but have to deal with questions on this regularly from people's at my company due to the IT department being small.

Legend2440

Seems weird. I'm in Chrome right now and I can right-click on PDFs and click save as.

gosub100

I have the opposite problem: I want to simply render the pdfs so I can, you know, read them. not download them like they are data to be fed into another app.

charcircuit

Did you try finding a print button?

Henchman21

To… save? I get that you can print to a file and it’ll save it that way of course, but damn that strikes me as really confusing for non-techies

cosmicgadget

Save or export would make more sense but printing to pdf has been the way to do it forever.

kulahan

This is how I get around that same issue, but it truly is a hacky workaround.

thrill

right-click save-as?

thadk

Anyone have tips on how to avoid having the WhatsApp app on your phone?

baobun

Give your WA contacts alternative contact method. Uninstall. Stop using WhatsApp.

tdiff

Use telegram

null

[deleted]

dlachausse

Safari reports that it blocked 16 trackers on WaPos home page. So it’s probably best to avoid them for privacy too.

bn-l

What is the alternative to chrome that doesn’t crash or is not noticeably slower?

wussboy

Full time Firefox user. I run hundreds of tabs for days on end and need to restart it every week or so. Well worth it to not use Chrome. Need to open a site in Chrome about once a month

abhinavk

The upcoming version has "Unload tabs" built in to the context menu. That should result in restarts limited to updates.

HelloMcFly

I use the Auto Discard Tabs plug-in, just lets tabs time-out after a set amount of time

SoftTalker

I've used Firefox for years and it very rarely crashes. Individual tabs will crash occasionally, but rarely the entire browser.

password4321

I use Chrome for Google workspace, Firefox for ongoing personal logins, and Brave incognito for other browsing (restarting completely for a new session when changing gears).

Last week's discussion on a profile management tool offered several insights into how others a bit further down this path use their browsers of choice: https://news.ycombinator.com/item?id=44132752

mrweasel

Firefox? Weird question. I haven't even installed Chrome in the past 7 years. Firefox is fast (but I obviously don't know if Chrome is faster) and it never crashes.

mmooss

What experiences have you had with crashing, noticeably slower browsers? I haven't seen that in any modern browsers.

ramon156

What's wrong with FireFox?

And if you're not a fan of FireFox, Ladybird is becoming a thing in 2026

Madmallard

[flagged]

NexRebular

I use Vivaldi[1]. Also has built-in ad-blocker although I'm not sure how good it is compared to Ublock or others.

[1] https://vivaldi.com/

dijksterhuis

seconded. been loving vivaldi since i switched.

wyattblue

Brave Browser: https://brave.com/

GolfPopper

Brave has some controversies: https://en.wikipedia.org/wiki/Brave_(web_browser)#Controvers...

guywithahat

I mean those aren't real controversies though, it's more like "we added a VPN feature and included the VPN, but have now removed it". A real controversy would be like Mozilla who was pushing for censorship and silencing "bad actors" in the years after the first Trump election.

duxup

I use firefox full time, it works great for me.