“Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.”
While this is true, it’s worth clarifying that GrapheneOS in particular is able to run apps sandboxed, so they can’t communicate with eachother as they can on a stock OS.
Having said that, no one should expect that their right to privacy is given (or fought for), unless they take it first. Yes, laws and all, but user education is the bigger issue.
Users were onboarded onto the Internet before they had an understanding of the differences between cyberspace and meatspace, and how that could affect them. Placing the blame (and solutions) solely on third-parties is a dangerous mistake.