Research from an ex-Google engineer has found that Meta has been putting code in different websites to track its users’ activity outside Facebook and Instagram. Several reports have said that Meta is capable of tracking text choices and text input, these include passwords, emails, and other confidential details of the users by just clicking a link inside the two applications using the “in-app browser.”
Felix Krause, the privacy researcher, and the ex-Google engineer said that tracking codes were injected into every website shown and these are clicking on ads, enabling them to monitor interactions, like every button and link tapped, text selections, screenshot, and even passwords and credit card numbers.
The report also stated that the two platforms inject Meta Pixel, a tracking JavaScript code, in all links and websites. Through this, it allows the applications to track the browsing history of the users on an external website with their consent.
Meta released a statement that states that “We intentionally developed this code to honor people’s [Ask to track] choices on our platforms,” a spokesperson said. “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels.”
They also added that the company seeks the users’ consent whenever they save payment information. This was done for the purpose of the “Autofill” feature. Moreover, Meta also clarified that “Meta Pixel is made to track visitor activity on websites.