Social media platforms have had some bad press lately, largely due to the sheer scale of their data collection.
Now Meta, the parent company of Facebook and Instagram, has followed suit.
Not content with just tracking every step you take within its apps, Meta has reportedly developed a way of also knowing everything you do on external websites that are accessed through his apps.
Why is it so far? And is there a way to avoid this surveillance?
“Inject” code to follow you
Meta has a custom in-app browser that works on Facebook, Instagram, and any website you can click through to from those two apps.
Now former Google engineer and privacy researcher Felix Krause has discovered that this proprietary browser contains additional program code. Krause developed a tool that found that Instagram and Facebook added up to 18 lines of code to websites visited through Meta’s in-app browsers.
This “code injection” enables user tracking and overrides the tracking limitations that browsers like Chrome and Safari have. It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as all form inputs such as passwords, addresses, and credit card numbers.”
Krause posted his findings online on August 10, including samples of the actual code.
In response, Meta has said it doesn’t do anything that users haven’t consented to. A meta speaker said:
We purposely developed this code to honor people [Ask to track] Choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.
The “code” mentioned in this case is pcm.js – a script that aggregates a user’s browsing activity. According to Meta, the script is inserted based on user consent – and the information obtained is only used for advertising purposes.
So is it ethical? Well, the company has done due diligence by informing users about its intention to collect an extended spectrum of data. However, it was not made clear what the overall impact would be.
People can give their consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences. And in this case, users were not explicitly made aware that their activities on other websites could be tracked through code injection.
Why is Meta doing this?
Data is the core of Meta’s business model. The amount of data Meta can collect is astronomical by inserting a tracking code into third-party websites opened through the Instagram and Facebook apps.
At the same time, Meta’s business model is under threat – and recent events may help shed light on why it’s doing this in the first place.
It boils down to Apple (owning the Safari browser), Google (owning Chrome), and the Firefox browser actively restricting Meta’s ability to collect data.
Last year, Apple’s iOS 14.5 update came with the requirement that all apps hosted on the Apple App Store must get users’ explicit permission to track and collect their data across apps from other companies.
Meta has said publicly that this single iPhone alert is costing its Facebook business $10 billion each year.
Apple’s Safari browser also applies a default setting to block all third-party “cookies”. These are small pieces of tracking code that websites put on your computer that tell the website owner that you have visited the website.
Google will also soon be phasing out third-party cookies. And Firefox recently announced “Total Cookie Protection” to prevent so-called cross-page tracking.
In other words, Meta is flanked by browsers that introduce restrictions on extensive tracking of user data. His answer was to develop his own browser that circumvents these limitations.
How can I protect myself?
On the plus side, users concerned about privacy have a few options.
The easiest way to stop Meta from tracking your external activity through its in-app browser is to simply not use it; Make sure you open webpages in a trusted browser of your choice such as Safari, Chrome or Firefox (via the screen shown below).
If you cannot find this screen option, you can manually copy and paste the web address into a trusted browser.
Another option is to access the social media platforms through a browser. So instead of using the Instagram or Facebook app, visit the websites by typing their URL in the search bar of your trusted browser. This should also solve the tracking issue.
I’m not suggesting you give up Facebook or Instagram altogether. But we should all be aware of how our online movements and usage patterns can be carefully recorded and used in ways of which we are not informed. Remember, if the service is free on the internet, chances are you are the product.
By David Tuffley, Lecturer in Applied Ethics and Cybersecurity, Griffith University
This article was republished by The Conversation under a Creative Commons license. Read the original article.
MORE: Facebook turned over teen’s news about her abortion to police
MORE: Facebook’s AI chatbot still thinks Donald Trump is president
Get the top news, feel-good stories, analysis and more
https://metro.co.uk/2022/08/15/instagram-and-facebook-stalk-you-on-sites-accessed-through-their-apps-17184243/ Instagram and Facebook track you on websites accessed through their apps