Social media platforms have had some bad press lately, largely due to the pervasive nature of data collection. Now, Meta, the parent company of Facebook and Instagram, has already upped the ante.
Dissatisfied with following their every move on the apps, Meta has reportedly developed a method to track everything they do on external websites they access. Through Its applications. Why go to such lengths? And is there a way to avoid this tracking?
‘Enter’ code to follow you
Meta has a custom in-app browser that works on Facebook, Instagram, and any website you can click on from both apps.
Now, former Google engineer and privacy researcher Felix Krauss has discovered that this proprietary browser has added additional programming code. Krause developed a tool that found Instagram and Facebook had added up to 18 lines of code to websites visited by Meta’s in-app browsers.
This “code injection” enables user tracking and overrides the tracking restrictions browsers like Chrome and Safari have in place. It allows Meta to collect sensitive user data, including “every button and link, text selections, screenshots, as well as any input such as passwords, addresses and credit card numbers.”
Krause published his findings online on August 10, including samples of the actual code.
In response, Meta said he wasn’t doing anything the users didn’t approve of. A Meta spokesperson said:
We have deliberately prepared this code to respect people [Ask to track] Choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.
The “code” referred to in the case is pcm.js – a script used to integrate the user’s browsing activities. According to Meta, the script is inserted based on users giving their consent – and the information obtained is used only for advertising purposes.
So is it ethical? Well, the company has done its due diligence in notifying users of its intent to collect expanded data. However, he refrained from making clear what the full implications of doing so would be.
People can give their consent to be tracked in general terms, but “informed” consent implies full knowledge of the potential consequences. And, in this case, users were not clearly informed that their activities on other websites could be tracked by code injection.
Why does Meta do this?
Data is the central commodity of the Meta business model. There is an astronomical cost to the amount of data that can be collected by entering meta tracking code into third-party websites accessed through the Instagram and Facebook apps.
At the same time, Meta’s business model is under threat — and recent events could shed light on why it’s doing so in the first place.
It turns out that Apple (which owns the Safari browser), Google (which owns Chrome), and the Firefox browser are actively fighting the ability to collect metadata.
Last year, Apple’s iOS 14.5 update came with a requirement that apps hosted on Apple’s App Store must obtain users’ explicit consent.
Meta has publicly stated that this single iPhone alert costs Facebook $10 billion in business annually.
Apple’s Safari browser implements a default setting to block all third-party “cookies”. These are small tracking codes that websites place on your computer and tell the website owner about your visit to the site.
Google will also soon remove third-party cookies. And Firefox recently announced “Total Cookie Protection” to prevent so-called cross-page cookies.
In other words, Meta is being sidelined by browsers that introduce restrictions on the tracking of user data on a broad scale. His response was to create his own browser that bypassed these limitations.
How can I protect myself?
On the bright side, privacy-conscious users have some options.
Meta The easiest way to stop external activity being tracked by the in-app browser is to simply stop using it. Make sure you are opening websites in a trusted browser such as Safari, Chrome or Firefox (via the screenshot below).
If you can’t find this screen option, you can manually copy the web address and paste it into a trusted browser.
Another option is to access social media platforms through a browser. So instead of using the Instagram or Facebook app, visit the sites by entering their URL into the search bar of your trusty browser. This should also solve the tracking problem.
I’m not suggesting you get rid of Facebook or Instagram entirely. But we all need to be aware of how our online activity and usage patterns are being carefully recorded and used in ways we don’t know about. Remember: If the service is free on the Internet, you are probably a potential product.
This article is reprinted from the discussion under a Creative Commons license. Read the original article.