Comment by netsharc

- Instagram/Facebook app listening on localhost port X.

- A website running JS on the browser tries to connect to localhost port X. If it succeeds it's now talking to Zuck's app.

- The JS can report whatever it wants to the app, and the app knows the identity of the browsing user, because ~100% of the time it's the user also logged into the app(s).