Facebook (now known as Meta) has reportedly been rewriting websites that its users visit, allowing the company to track them across the web after they click links in its app by “injecting” tracking code. The security researcher that sounded the alarm say that the tracking code allows Mark Zuckerberg to “monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers.”
The Guardian reports that a security researcher alleges that Facebook has been rewriting websites that its users visit and allowing the company to track them across the web after clicking links in its apps.
Facebook and Instagram have been taking advantage of the fact that users who click links are taken to webpages in an “in-app browser” which is controlled by the apps rather than redirecting them to their device’s native browser.
Felix Krause, a privacy researcher who founded an app development tool acquired by Google in 2017, stated: “The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers.”
Facebook said in a statement that injecting a tracking code was in line with users’ preferences on whether or not they allowed apps to follow them and the code was only used to aggregate data before being applied for targeted advertising or measurement purposes for users that opted out of tracking.
“We intentionally developed this code to honor people’s [Ask to track] choices on our platforms,” a Facebook spokesperson said. “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels.”
The spokesperson added: “For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.”
Read more at the Guardian here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan