Instagram and Facebook track you on websites accessed through their apps. What can you do there?
Social media platforms have gotten some bad press lately, largely due to the vast scope of their data collection. Now Meta, the parent company of Facebook and Instagram, has upped the ante.
Not content with just tracking every move you make on its apps, Meta has reportedly devised a way to also know everything you do on the external websites you access. through its applications. Why is he going so far? And is there a way to avoid this surveillance?
‘injection’ code to follow you
Meta has a custom built-in browser that works on Facebook, Instagram, and any website you might click on from those two apps.
Felix Krause, a former Google engineer and privacy researcher, discovered that this proprietary browser contains additional program code. Krause has developed a tool that found Instagram and Facebook have added up to 18 lines of code to websites visited through Meta’s built-in browsers.
This “code injection” enables user tracking and overrides tracking restrictions put in place by browsers such as Chrome and Safari. It allows Meta to collect sensitive user information, including “every button and link typed, text selections, screenshots, as well as all form inputs, such as passwords, addresses and numbers credit card”.
In response, Meta said it wasn’t doing anything that users hadn’t consented to. A Meta spokesperson said:
We intentionally developed this code to honor people [Ask to track] choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.
The “code” mentioned in the case is pcm.js – a script that acts to aggregate a user’s browsing activities. Meta indicates that the script is inserted based on users’ consent – and the information obtained is only used for advertising purposes.
So, is he acting ethically? Well, the company has done its due diligence in informing users of its intention to collect a wide range of data. However, he refrained from specifying what the full implications of such a decision would be.
People can consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences. And, in this case, users were not explicitly told that their activities on other sites could be tracked through code injection.
Why is Meta doing this?
Data is the core product of Meta’s business model. The amount of data Meta can collect by injecting tracking code into third-party websites opened through Instagram and Facebook apps is astronomical.
At the same time, Meta’s business model is under threat – and events from the recent past may help shed some light on why it is doing this in the first place.
It comes down to the fact that Apple (which owns the Safari browser), Google (which owns Chrome), and the Firefox browser all actively place restrictions on Meta’s ability to collect data.
Read more: Trick or Conspiracy? Whistleblowers claim Facebook deliberately dropped important non-news pages into the news blackout
Last year, Apple’s iOS 14.5 update came with a requirement that all apps hosted on Apple’s App Store must obtain users’ explicit permission to track and collect their data on apps owned by other companies.
Meta a publicly said that this iPhone alert alone costs his Facebook business $10 billion a year.
Apple’s Safari browser also applies a default setting to block all third-party “cookies”. These are small pieces of tracking code that websites place on your computer that notify the website owner of your visit to the site.
Google will also soon delete third-party cookies. And Firefox recently announced “total cookie protection” to prevent so-called cross-page tracking.
In other words, Meta is flanked by browsers that introduce restrictions on deep tracking of user data. His response was to create his own browser that bypasses these restrictions.
How can I protect myself?
On the bright side, privacy-conscious users have some options.
The easiest way to prevent Meta from tracking your external activities through its in-app browser is to simply not use it. make sure you open web pages in a trusted browser of choice such as Safari, Chrome or Firefox (via the screen below).
If you can’t find this screen option, you can manually copy and paste the web address into a trusted browser.
Another option is to access social media platforms through a browser. So, instead of using the Instagram or Facebook app, visit the sites by entering their URL into the search bar of your trusted browser. This should also fix the tracking issue.
I’m not suggesting that you ditch Facebook or Instagram altogether. But we should all be aware of how our online movements and usage patterns can be carefully recorded and used in ways we are unaware of. Remember: on the Internet, if the service is free, you are probably the product.
Read more: Is it even possible to regulate Facebook effectively? Time and time again, attempts lead to the same result