Meta Pixel “scandal” surprises too many tax-payers

Welcome to the internet in 2023.
13 July 2023

Your data online meets…the world. Sources: Shutterstock & Meta

Getting your Trinity Audio player ready...

The revelation that Meta’s tracking technology, Pixel, was deployed on three US tax return preparation websites has caused shockwaves that have spread as far as the Senate. A report by Democrats urges further investigation to see exactly what information Meta had access to.

In a letter to the IRS and several other peri governmental organizations, the seven signatories say there has been “a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms.”

The tax preparation companies installed Pixel code snippets on their websites that allowed them to monitor users’ activities while on site. The data is sent to Meta, which correlates it and helps companies optimize their activities for marketing or site optimization.

It’s worth noting that the tax-preparation companies also ran similar code snippets from Google, which denied tracking users.

Meta Pixel’s tracking

What’s most surprising about the “revelations” is the revelation that many people are surprised. Tracking end-users is commonplace, bordering on ubiquitous on the modern ‘web. Whether using a browser or mobile app, internet users are constantly tracked through Meta’s Pixel, Google Analytics cookies, or any number of the many thousands of tracking methods.

On this author’s smartphone, for example, there have been 29,313 tracking attempts recorded in the last week. A tracking attempt typically comprises third-party software installed in an app (or website) attempting to “phone home” with data such as location, network, phone ID, ZIP code, email address, contacts lists, and many more juicy digital tidbits.

Mastodon reactions to Meta Pixel scandals in the NHS

Source: Fosstodon.org

That situation has led to the emergence of many ad-blocking, anti-tracking and -fingerprinting methods, including browser add-ons such as UBlock Origin, Privacy Badger, and NoScript. A game of cat-and-mouse is constantly played out by digital advertisers and anti-tracker software developers, with new methods of fingerprinting users springing up as quickly as prophylactic methods are spun up.

Tracking technology is deliberately simple to deploy on an organization’s internet real estate (websites and apps) and is often free to use. Data is collected by the third party and can be used for its own purposes. In addition to Meta, there’s Google, Adobe, OneSignal, Microsoft, Urban Airship, Criteo, Amazon, Index Exchange, Bing, Improve Digital, Adform, Yahoo, Twitter, Zemanta, Yieldlab, et al. ad nauseam – there are literally thousands of companies offering tracking methods.

Meta Pixel in black and white

The small print of the Pixel documentation does note that some users may need to be wary of GDPR legislation, and those wishing to collate data from iOS devices may struggle due to Apple’s shutting down of default tracking capabilities on apps available from its App Store.

Small print from Meta Pixel documentation.

Source: Meta

The horror exhibited in the tone of the Democrats’ lawmakers’ letter to the IRS and its watchdog exhibits the kind of naivete that is all too prevalent. Similar tones of outrage are present when journalists “discover” that TikTok (owned by Bytedance) allows access to American and Australian citizens’ data by Chinese people working for a Chinese company.

News item on TikTok saying it allows Chinese people to see Americans' data

Source: Buzzfeed

Australian users' data sent to China.

Source: The Guardian

The truth is that any company deploying tracking technology for whatever reason on its website or in its apps is sending data to the company that supplies the tracking code. If an organization works in any area where privacy is important to its users, it must know that its real estate is handing information to a third party.

Although companies may only be interested in their customers’ traversals around their websites, the data collected by the tracking technology company may not be limited. Similarly, those signing up for the “free” tiers of user tracking may get only limited metrics (until they start to pay up, of course). But the tracking company – you can be sure – will absorb all the information it can.

That a third party receiving data may be in Beijing or San Francisco is irrelevant. Companies need to know that using off-the-shelf tracking technology supplied by a third-party spills their information to that third party. Whether that’s a good deal to get internal marketing insights is highly debatable.