I’ve been checking out the localhost tracking vulnerability and there’s something I can’t work out: it’s not even a terribly obscure or convoluted exploit, especially Yandex’s implementation that’s been chugging for more than 8 years over basic HTTP. It’s just a glaring sandboxing workaround that’s been exclusive to this OS for more than a decade.

No matter how many ways I look at it, I haven’t come up with a reasonable explanation for how it was ignored, by demonstrably capable engineers, unless Google itself had use for it in the first place. And that fits a pattern of selective competence in information security that they just can’t seem to quit.

In short it’s the data collection backdoors they leave themselves that defeat the otherwise top-tier security of their consumer offerings, and it’s why I’ll probably never trust anything they’ve touched until I’ve taken it apart and put it back together again.

So no, you probably shouldn’t use it. Trusting the privacy or security claims of any adtech company will always be a mistake.