You just can't finish off Zuckerberg.
Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.
Next, we preview what may (and should) become the combined sanctioning smackdown of the century, and then we explain — in simple terms (because it’s complicated) — what Meta was doing.
Meta faces simultaneous liability under the following regulations, listed from least to most severe: GDPR, DSA, and DMA (I’m not even including the ePrivacy Directive because it’s laughable).
GDPR, DMA, and DSA protect different legal interests, so the penalties under each can be imposed cumulatively.
The combined theoretical maximum risk amounts to approximately €32 billion** (4% + 6% + 10% of Meta’s global annual revenue, which surpassed €164 billion in 2024).
Maximum fines have never before been applied simultaneously, but some might say these scoundrels have earned it.
If you want to go straight to the breakdown of infractions and penalties, click here.
You’re reading ZERO PARTY DATA. The newsletter about the crazy crazy world news from a data protection perspective by Jorge García Herrero and Darío López Rincón.
In the spare time this newsletter leaves us, we like to solve complicated issues about GDPR & AI Act. If you’ve got one of those, give us a little wave. Or contact us by email at jgh(at)jorgegarciaherrero.com.
Below is a simplified explanation of a very technical process, rigorously detailed on the website set up by the researchers who uncovered Meta’s latest major blow to the GDPR specifically, and to other regulations more broadly, as we’ll see.
Credit where it’s due — it’s ingenious. Ingenious in the sense of breaking (yet again) the record for a privacy-related fine, but hey!... ingenious.
This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.
Meta accomplishes this through two invisible channels that exchange information:
(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.
(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.
Thanks to the outstanding human beings who revealed this scandal: Tim Vlummens, Narseo Vallina-Rodriguez, Nipuna Weerasekara, Gunes Acar, and Aniketh Girish.
The entire flow of the _fbp cookie from web to native and the server is as follows:
The user opens the native Facebook or Instagram app, which eventually is sent to the background and creates a background service to listen for incoming traffic on a TCP port (12387 or 12388) and a UDP port (the first unoccupied port in 12580-12585). Users must be logged-in with their credentials on the apps.
The user opens their browser and visits a website integrating the Meta Pixel.
At this stage, websites may ask for consent depending on the website's and visitor's locations.
The Meta Pixel script sends the _fbp cookie to the native Instagram or Facebook app via WebRTC (STUN) SDP Munging.
The Meta Pixel script also sends the _fbp value in a request to https://www.facebook.com/tr along with other parameters such as page URL (dl), website and browser metadata, and the event type (ev) (e.g., PageView, AddToCart, Donate, Purchase).
The Facebook or Instagram apps receive the _fbp cookie from the Meta Pixel JavaScript running on the browser. The apps transmit _fbp as a GraphQL mutation to (https://graph[.]facebook[.]com/graphql) along with other persistent user identifiers, linking users' fbp ID (web visit) with their Facebook or Instagram account.
If I understood it, you can too — trust me.
“The user opens the native Facebook or Instagram app, which eventually goes into the background and creates a background service to listen for incoming traffic on a TCP port (12387 or 12388) and a UDP port (the first free port between 12580 and 12585). Users must have logged in with their credentials in the apps.”
Translation:
You open the Facebook or Instagram app like normal.
Then you go do something else on your phone (the app remains running in the background).
Without telling you, the app keeps running and “listens” for traffic — like having a hidden microphone eavesdropping on internal calls.
Technically, it does this by opening local network “ports” (like little internal doors in your phone) through which it can receive messages.
It’s important to clarify that this only happens if you've already logged into those apps with your account.
(Insert your favorite ultra-private vice here — let’s say mine is watching chick sexers doing their thing. Just saying.)
“The user opens their browser and visits a website that integrates Meta’s Pixel.”
You open Chrome, Firefox, or any browser on the same phone.
You turn on VPN and incognito mode and, confidently like a fool, head straight to that website — which, by coincidence, has a Meta Pixel embedded.
This pixel, with your consent, collects data about your actions (visits, clicks, purchases...) and sends it to Meta.
What has now been proven is that, before you even had the chance to give consent, the pixel starts the localhost tracking process we're explaining here.
Theoretically, this should have been explained when asking for cookie consent. Obviously, it wasn’t — because it was blatantly illegal.
I mean, even if you had clicked the “consent” button on the chick sexer website, that consent can’t cover something you were never informed about (note that this trick even caught Google off guard).
“The Meta Pixel script sends the _fbp cookie to the native Instagram or Facebook app via WebRTC (STUN) using SDP modification (SDP Munging).”
The Pixel script in your browser tries to send information to the Facebook/Instagram app that’s “listening” in the background.
It uses a technique called WebRTC, normally used for voice or video calls (like Zoom or Google Meet), but here it’s being used to secretly transmit data between the browser and the app.
Additionally, a technical trick called “SDP Munging” allows the browser to insert data (like the _fbp cookie identifier) into the WebRTC “initial handshake” message.
In this way, the _fbp (a temporary cookie supposedly limited to your current web session) is sent directly to the native app that’s listening. In other words, the website you didn’t want anyone to know you visited just passed your identification cookie to your Facebook/Instagram app. It’s still just an alphanumeric string at this point.
But that alphanumeric sausage, my friend — is you.
Android has many flaws, but in the relevant part here, it’s specifically designed to prevent apps from doing this — from listening to local ports like localhost.
“The Meta Pixel script also sends the _fbp value in a request to https://www.facebook.com/tr along with other parameters such as the page URL (dl), website and browser metadata, and the event type (ev) (e.g., PageView, AddToCart, Donate, Purchase).”
WHAT?
At the same time, the Pixel sends the same information (the _fbp cookie) to Meta’s servers over the internet, along with:
The URL you’re visiting
Your browser and operating system
The type of event performed (e.g., “page view,” “add to cart” or, in the case of chick sexer videos... better not know, trust me)
It’s like the Pixel is sending the same letter through two routes:
(a) directly to Facebook’s servers, and
(b) to the Facebook app inside your phone.
“The Facebook or Instagram apps receive the _fbp cookie from the Meta Pixel JavaScript running in the browser. The apps transmit _fbp as a GraphQL mutation to (https://graph[.]facebook[.]com/graphql) along with other persistent user identifiers, linking the user's fbp ID (web visit) with their Facebook or Instagram account.”
The app, upon receiving the _fbp identifier, bundles it together with your real account (the one you’re logged into in the app).
Then, it sends it all to Meta’s servers, where they can now say:
“Aha! This _fbp identifier (from that questionable website you just visited) belongs to Jorge García Herrero, Instagram user.”
“Chick sexers? Seriously, bald guy?”
And just like that, they link your web activity (browser) to your real identity (account) — even if you never logged into your account in that browser or gave any explicit consent for it.
Meta has used a technical loophole that privacy protection systems didn’t anticipate — in fact, they were specifically designed to prevent it.
You aren’t using the app (but have a session open in the background).
You haven’t logged into your account in the browser.
You’re browsing in incognito mode.
You’re using a VPN.
You delete cookies at the end of every session.
Once again, Meta has blatantly disregarded the requirement to obtain informed user consent before collecting and combining personal information from different sources.
22% of the most visited websites in the world are affected. In the U.S., 17,223 sites with the Meta Pixel and 1,312 with Yandex Metrica initiated this tracking without user consent. Over 8 years (Yandex) and at least 9 months (Meta), billions of users were tracked without their knowledge.
Complete browsing history with specific URLs
Products added to cart and purchases made
Registrations on websites and completed forms
Temporal behavioral patterns across websites and apps
Direct linking to real identities on social networks
You access Facebook and Instagram via the web, without having the apps installed on your phone
You browse on desktop computers or use iOS (iPhones)
You always used the Brave browser or the DuckDuckGo search engine on mobile
As stated at the beginning, Meta faces simultaneous liability under the following regulations, ranked from lesser to greater severity (not including the ePrivacy Directive — it’s a joke at this point):
GDPR: Requires consent to process personal data for ad personalization. Meta also violated the principles of data minimization and privacy by design. (Up to 4% of global annual turnover)
DSA (Art. 26): Explicitly prohibits personalized advertising based on profiles created from special categories of personal data (e.g., sexual orientation, political views, health data).
If such data could be inferred from users’ interactions on websites and apps (which is almost certain, given the scale of the violation — reaching 25% of the world’s most visited sites), the penalty could reach 10% of turnover.
CJEU has been clear about this one (“Fondas” C-184/20 and Bundeskartellamt).
Meta was declared a VLOP (Very Large Online Platform) in February 2024 and was already under investigation for violations involving content moderation transparency, child protection, and election integrity.
DMA (Art. 5.2): The most damaging one: it specifically prohibits combining personal data between core platform services without the user’s explicit consent, as defined by GDPR. The localhost tracking technique combines data across at least Facebook and Instagram, and potentially WhatsApp and Messenger as well.
The DMA carries the highest financial risk — fines up to 10% of global turnover (€16.4 billion), increasing to 20% for repeat offenses.
Meta was designated a gatekeeper in September 2023 and received its first DMA fine in April 2025: €200 million for its “pay or consent” model.
Meta will undoubtedly claim it already had user consent to do this, but here’s the truth: it needed three specific consents to process the data (GDPR), access the device (ePrivacy), and combine profiles across services (DMA). It only requested one — and even that with a coercive “pay or okay” alternative.
Unfortunately, Meta’s most recent fine was precisely over its “pay or okay” approach.
GDPR, DMA, and DSA protect different legal rights, so the penalties under each can be imposed cumulatively.
The combined theoretical maximum risk amounts to approximately €32 billion (4% + 6% + 10% of Meta’s global annual revenue, which exceeds €164 billion).
Maximum fines have never before been applied simultaneously, but one could argue these bad guys have earned it.
Several factors favor setting that precedent: Meta’s long record of violations (it holds the record for GDPR fines in Europe), its lack of cooperation with regulatory investigations, the systemic impact of this scheme given its market dominance, and the clear intent to bypass all technical and legal protections established for users.
Jorge García Herrero
Data Protection Officer
Read the original article
Comments
Previous discussion:
Covert web-to-app tracking via localhost on Android (341 comments):
By 1vuio0pswjnm7 2025-06-1019:54 NB. Comment totals may still be increasing as discussion continues
Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta Apps (and Yandex) (328 comments)
https://news.ycombinator.com/item?id=44210689
Meta found 'covertly tracking' Android users through Instagram and Facebook (95 comments)
https://news.ycombinator.com/item?id=44182204
Meta pauses mobile port tracking tech on Android after researchers cry foul (28 comments)
https://news.ycombinator.com/item?id=44175940
Covert web-to-app tracking via localhost on Android (6 comments)
https://news.ycombinator.com/item?id=44169314
Covert Web-to-App Tracking via Localhost on Android (6 comments)
https://news.ycombinator.com/item?id=44169314
Meta and Yandex Spying on Your Android Web Browsing Activity
https://news.ycombinator.com/item?id=44177637
New research highlights privacy abuse involving Meta and Yandex
https://news.ycombinator.com/item?id=44171535
Meta and Yandex exfiltrating tracking data on Android via WebRTC (3 comments)
Remember in 2014 when the Android Twitter app started sending a list of all your installed applications back to Twitter? https://news.bloomberglaw.com/privacy-and-data-security/twit...
Ever since then I refused to install native versions of apps that could be used in a browser. I don't use Facebook or Instagram so I don't know if that works anymore, and I recall testing that they were intentionally crippling Facebook Messenger at one point.
Then the past decade of native apps requesting tons of permissions and users just clicking agree. Why should Facebook be able to read my Wi-Fi network or Bluetooth? Of course there is something shady going on. Beacons tracking people walking around brick and mortar stores. https://en.wikipedia.org/wiki/Facebook_Bluetooth_Beacon
Such a shame because native apps are so much more pleasant and performant to use than web apps.
By dcminter 2025-06-1020:35 > they were intentionally crippling Facebook Messenger at one point [in a browser]
They were/did. I was using Messenger Lite for a bit which was ok, but they killed that and the mobile browser mode.
I still need FB for some events and contacts, but I refuse to have the fat messenger app installed so now I end up using the damn thing in desktop mode which is ... painful.
All I seem to see in my feed these days is "suggested for you" so it's a lot less addictive than it was back in the day. Not sure why they're so determined to drive the user base away, but that does seem to be the plan.
By const_cast 2025-06-1021:192 reply Web apps have been sabotaged so severely for years now, and it really peeves me. Half the time they bombard the UI with "use the app!!1" popups and the other half of the time they just don't work.
The worst part is that a lot of native apps these days are just web views. You can't even be bother to use the native UI toolkit and you expect me to download your app? If this is just safari with extra steps then let me use safari!
It stuns me that eBay is so determined to get you to use the app that they will divert someone who has landed on the site and started typing a search term presumably with the explicit intention of buying something in order to sell them on the idea of installing an app instead!
Just ... let me give you money without interrupting me ... please?
By const_cast 2025-06-1120:33 Yes, it's the same thing I see with logins. How many more sales could we be making if we didn't require a user account? A lot, I would imagine. Most people are going to be seeing your site for 5 minutes, buy what they need, and then get a confirmation email. That process should be something you're optimizing for - but evidently, the promise of juicy data is more important than actual sales. Hopefully that user account is worth more than a few cents!
Exhibit A: parking apps. Why do I need an app? And why do I need an account? What if I just... don't pay? How many people are doing that? Probably a lot.
So let's spin up a contract with a local towing company and burn all this money for non-compliant customers instead of just getting our heads out of our asses and streamlining the process. I bet you if you just put a tap-to-pay meter then 99% of the non-compliance will just - poof - disappear.
By Saris 2025-06-1022:30 I like using ublock origin since I can create filters for those popups.
I felt a prude at the time but eschewed native apps for browser versions and haven't regretted. Didn't benefit from notification distraction anyway. Apple and Google just didn't get their houses in order to be taken seriously.
If it ain't on F-Droid, I'll wait.
There is another can of worms hidden in plain sight right here, I feel like.
From the article:
This is only what's observably true of a particular app under the hood from straightforwardly jacking into it with Frida or performing any other deeper analysis.You’re not affected if (and only if) You access Facebook and Instagram via the web, without having the apps installed on your phoneWhat's to say Meta/Google/OtherAnalyticsCorp/OtherMegaCorp hasn't already, on a large scale, colluded with[bought out] app developers to simply share session data out-of-band as another tentacle?
Rather, is it even reasonable to assume they all haven't been doing this all this time? (Maybe these also fall squarely under what GDPR, DSA, and DMA were supposed to mitigate? I'm not an expert here.. just my cynicism kicking in.)
I too go through fairly great pains to try to minimize unneeded apps on my device.
Indeed. I read elsewhere that some Android manufacturers even ship with Facebook bits that don't show up in the app listing and cannot be removed.
We desperately need a viable open hardware / open source OS competitor in the phone space.
By fsflover 2025-06-167:20 > We desperately need a viable open hardware / open source OS competitor in the phone space.
It already exists. Sent from my Librem 5.
By Lu2025 2025-06-1114:39 >I refused to install native versions of apps that could be used in a browser.
Same. After AT&T force obsolesced my perfectly working phone back in February 2022 (it had the bands but they simply didn't want to support it!) I kept it as a dedicated app phone. No web browsing, no stored credentials or cookies, just an app sandbox. Sending a ray of diarrhea to companies who force us to use apps instead of web. I'm looking at you, Chipotle.
this is still perfectly legal and allowed.
every app can scan your apps and recently opened ones "for security".
same for your contacts.
whatsapp (only meta product i need to touch in our fleet) will do both at very fast intervals, and upload a contact list diff if it detect changes.
the whole issue here was that meta bypassed the user matching on the web without paying google "cookie matching" price
By BobaFloutist 2025-06-1117:082 reply It's so obnoxious that whatsapp refuses to function if you don't let it scan your contacts.
I genuinely think that should be illegal.
By pydave 2025-06-215:23 WhatsApp doesn't entirely brick itself. You can send and receive messages, but can't assign names to anyone or start group chats.
I agree it should be prevented. It seems so absurd and is clearly not necessary. Android should have an option to let it see an empty/phony address book, so it can't tell that you've blocked it.
By extraduder_ire 2025-06-122:08 That's purely down to iOS's contacts API not telling apps if they have full access to contacts if you refuse or supply a subset. Genuinely wish android's APIs worked the same way.
I currently store all my contacts in an app that doesn't expose them through the contacts API for this reason.
By aendruk 2025-06-1118:41 I wonder if it’s improved recently. I’ve been cursing at Facebook for years for holding hostage the ability to create WhatsApp group chats when I’ve declined to expose all of my contacts to it, but I just checked again and there’s a “Skip” button now that proceeds to the phone number UI.
By emmelaich 2025-06-2123:55 Same on Android.
By raxxorraxor 2025-06-117:051 reply "Legal" is missing the point by a mile and is irrelevant.
ok, get the point of being enraged by the one thing while ignoring the same other 4 things that are above board and do the same thing
By raxxorraxor 2025-06-1115:35 It is just that I expect applications to behave well. I am not a fan of mobile OS because they have a bad security model in my opinion. It sets wrong incentives with trying to mitigate badly behaving apps. That other forms of software environments are possible is empirically proved but another topic.
If an app does everything it "legally" could, it would have become malware long before. The principle of that argument is quite similar to that of poor mobile ecosystems we sadly are subjected to. Of course other factors were as important to create these "security" models.
I also think that this plainly isn't or wasn't legal in any jurisdiction because Twitter lacked informed consent if this particular case ever got in front of a judge.
That Twitter isn't the only guilty party is true, like we know from the article.
By globalise83 2025-06-1019:5610 reply This system was designed and implemented by engineers who committed code in a source control system with their name attached, and the changes were requested by product managers in tickets in the ticketing system with their name attached. Those engineers and product managers should be personally liable for an equivalent % of their annual salary as Facebook is liable for a % of its annual revenue.
Sounds like the modern version of the CS Lewis quote:
> The greatest evil is not now done in those sordid dens of crime that Dickens loved to paint. It is not done even in concentration camps and labour camps. In those we see its final result. But it is conceived and ordered (moved, seconded, carried, and minuted) in clean, carpeted, warmed and well-lighted offices, by quiet men with white collars and cut fingernails and smooth-shaven cheeks who do not need to raise their voices.
By sometimes_all 2025-06-117:03 Too true. See also the movie Conspiracy.
I like the idea, but I see no reason to shield the management that demanded this of the rank and file. Accountability should go all the way up the chain.
Yes, but it should include everyone involved, from top to bottom. We won't get those data theft misfeatures if engineers refused to work on them out of personal liability.
By jiggawatts 2025-06-116:244 reply I once bluntly refused to deploy an app to production because it was a finance system that handled billions of dollars and the personal data of a million children. The HTTPS certificates couldn’t be organised on time (don’t ask), so I simply refused to deploy it using HTTP only “just for now” (=years).
The look of stunned shock on the project manager’s face is something I’ll never forget.
He was apoplectic with mixed rage and incredulity.
“How dare you refuse a direct order!?” — but now picture a red face and spittle literally flying around the room.
He immediately called my supervisor and up all the way to the CEO of my consultancy.
That’s what happens when individual contributors push back. In general there are zero legal, corporate, or personal protections.
“Do as I say or consequences.” is the norm.
In this situation I was incredibly lucky that the CEO trusted my judgement and told the PM to take a hike. Even if I had been fired I would have been okay.
Most people can’t take risks like that on principle.
That’s fundamentally why enshittification happens, and why every mobile apps’ data collection dragnet would make an NSA spook blush.
Only consequences for directors and up matter. They're the ones that need to feel the fear, not the poor outsourcer struggling to put food on his family table.
By gizzlon 2025-06-117:57 > Most people can’t take risks like that on principle.
I actually think many people could, and the more who do, the easier it gets
How many software developers do you think are struggling to put food on the table?
By noisy_boy 2025-06-1115:03 Would they be as confident of putting food on the table if they were not in SV or were in an age-group subject to ageism or had an immigration status that is subject to indirect pressure etc etc? All software engineer != unconditional privilege
By myaccountonhn 2025-06-1123:30 If you're on a work visa you can be sent back if you lose your job afaik.
By Lu2025 2025-06-1114:45 > He was apoplectic with mixed rage and incredulity. “How dare you refuse...
If that's a reaction to a "no" in a professional setting, imagine what he could do in personal life.
By kstrauser 2025-06-1115:52 Respect.
By pixxel 2025-06-1513:00 [dead]
I dont think we should fine any of the people that worked on it. In the end the decision makers are the ones being paid to be responsible so they should be held responsible.
However, there is a conversation to be had about engineers writing code that they fully know is illegal. Imo there should be a punishment for staying complicit and not reporting it to the authorities. Like that time Volkswagen components detected when they were under test and performed differently.
By bgw254 2025-06-1517:07 I think assuming engineers know about the legality of some of these features is a far fetch. Pixel tracking has been a thing for more than a decade now, Google does it, Meta does it and theyre but the two biggest players but a lot of companies track and read cookies for personalization reasons. It may feel wrong but it is hard to blame an engineer for thinking of it as just another normal feature. The PMs, Managers and leadership should be responsible for this but at Meta, Managers are trackers and slave masters, not thinkers. Features are to be delivered fast, there is no room to think and plan. Metrics rule everything even when they are clearly evil.
Its unethical for sure, seems like some engineers will do anything for their salary, but if they don't do it somebody else will and it is an exciting technical challenge.
Its better to blame the management and higher ups or zuck himself directly. Blame the people who finance it and profit from it, not the people who coded it. Follow the money
> Its unethical for sure, seems like some engineers will do anything for their salary, but if they don't do it somebody else will and it is an exciting technical challenge.
I remember finding this out as a very junior engineer straight out of university. I was once asked to write code to cheat at a benchmark to make my company's product look better than it actually was. I had deep misgivings about this, but as a brand new junior developer, I was very hesitant to speak up. Eventually I told my manager I didn't feel comfortable with the ethics of working on that project, and he was totally cool with it! He said "No problem, we'll take that task out of your queue and give it to "Jim", he'll do it instead." Jim was thrilled and wrote the benchmarking cheating code himself.
There's always someone willing to do it.
By bormaj 2025-06-1023:21 In other more heavily regulated industries, whistleblowers are fortunately compensated and protected for raising such ethical issues. I wonder how far tech can go before we start to see similar government agencies and rules put in place to do the same.
By afavour 2025-06-1023:27 Or blame them all. “If I don’t do it someone else will” hasn’t been accepted as an excuse historically, I don’t see a good reason to change that now.
(also, is it an exciting technical challenge? It’s a POST request to localhost!)
By nightshift1 2025-06-111:40 and they call themselves "engineer"
By throw10920 2025-06-113:53 This is such an incredibly bad (ignorant and/or malicious) idea in so many ways, chief of which is the incredible power asymmetry between bosses and subordinates in Facebook (and most other companies).
By ribosometronome 2025-06-1020:014 reply How would the EU fine American engineers who live and are paid in America?
By joelfried 2025-06-1020:05 They would fine them by having a court case and saying they are guilty and owe money. Collecting on it would be awfully difficult, but you know, people do like trips to Europe.
That said, I think fining the company seems pretty plausible. They won't, but it'd be nice if they did.
By okanat 2025-06-1021:07 Well some of them definitely has savings in Europe and like to travel destinations in Europe.
By acatnamedjoe 2025-06-1020:141 reply Can't America fine them? Surely this is illegal there too?
By sevensor 2025-06-1112:48 This is the company that abetted genocide in Burma. Their programmers are outside EU jurisdiction. You expect them to do anything other than pay the fine, shrug, and continue to set the world on fire?
By haliskerbas 2025-06-1020:332 reply [deleted]
How often you're asked has no bearing on the morality or criminality of the ask.
Hitmen can't just say "but I keep getting hired to kill people."
By throw10920 2025-06-113:512 reply Comparing engineers writing tracking code for ads, to hitmen killing people, is an extremely dishonest and emotionally manipulative comparison. These things aren't even in the same category, and you know it.
By kevinventullo 2025-06-1115:03 You're right, hitmen only affect a relatively small number of people while software developers can easily worsen the lives of thousands if not millions.
By throw10920 2025-06-121:19 This drivel isn't funny when a kid does it, let alone an adult. Please start arguing in good faith (and making valid points that don't sound like they came from a toddler).
By hooverd 2025-06-1021:15 do what engineers in other fields do
By FuckButtons 2025-06-110:371 reply Let’s be real, the people who are culpable are truly culpable are the ones who gave them the ok to build this in the first place.
By account42 2025-06-1110:24 If you hire a hitman both you and the hitman are liable. Same here.
By aduwah 2025-06-1021:07 Yeah and let's take away the income from the PMs and Engineers and leave the people who actually call the shots unharmed.
Once I worked at a place that actually made a calculation of how much an outage costed to the company and gave it to the engineers who resolved the issue to "think" about how bad they were.
What you propose is equally confused and wrong
