Facebook will “stalk you” even if you’re NOT in the app if you make a simple mistake

FACEBOOK and Instagram can follow you around the web – but only if you make a simple mistake.

Social media platforms have had some bad press lately, largely due to the sheer scale of their data collection.


Be sure to open Facebook links in a trusted web browser


Be sure to open Facebook links in a trusted web browserPhoto Credit: The Conversation/Facebook

now Metathe parent company of Facebook and Instagram, has upped the ante.

Not content with just tracking every step you take within its apps, Meta has reportedly developed a way of also knowing everything you do on external websites that are accessed through his apps.

Why is it so far? And is there a way to avoid this surveillance?

“Inject” code to follow you

Facebook Blocks Popular Features on iPhone - Is Yours Affected?
The Facebook AI bot thinks MUSK should buy firmly - but he likes another tech titan more

Meta has a custom in-app browser that works on Facebook, Instagram, and any website you can click through to from those two apps.

Now former Google engineer and privacy researcher Felix Krause has discovered that this proprietary browser contains additional program code.

Krause has developed a tool that found Instagram and Facebook added up to 18 lines of code to websites visited via Meta’s in-app browsers.

This “code injection” enables user tracking and overrides the tracking limitations that browsers like Chrome and Safari have.

It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as all form inputs such as passwords, addresses, and credit card numbers.”

Krause published his Results online on August 10, including samples of the actual code.

In response, Meta has said it doesn’t do anything that users haven’t consented to.

A meta-speaker said: “We purposely developed this code to honor people [Ask to track] decisions on our platforms.”

“The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.”

The “code” mentioned in this case is pcm.js – a script that aggregates a user’s browsing activity.

According to Meta, the script is inserted based on user consent – and the information obtained is only used for advertising purposes.

So is it ethical? Well, the company has done due diligence by informing users about its intention to collect an extended spectrum of data.

However, it was not made clear what the overall impact would be.

People can give their consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences.

And in this case, users were not explicitly made aware that their activities on other websites could be tracked through code injection.

Why is Meta doing this?

Data is the core of Meta’s business model.

The amount of data Meta can collect is astronomical by inserting a tracking code into third-party websites opened through the Instagram and Facebook apps.

At the same time, Meta’s business model is under threat – and recent events may help shed light on why it’s doing this in the first place.

It boils down to Apple (owning the Safari browser), Google (owning Chrome), and the Firefox browser actively restricting Meta’s ability to collect data.

Last year Apple’s iOS 14.5 update came along with a requirementthat all apps hosted on the Apple App Store must obtain users’ explicit permission to track and collect their data across apps from other companies.

meta has publicly said that single iPhone alert costs his Facebook business $10 billion every year.

Apple’s Safari browser also applies a default setting to block all third-party “cookies”.

These are small chunks tracking codethat websites store on your computer and that notify the website owner of your visit to the website.

Google will also soon be phasing out third-party cookies.

And Firefox recently announced “Total Cookie Protection” to prevent so-called cross-page tracking.

In other words, Meta is flanked by browsers that introduce restrictions on extensive tracking of user data.

His answer was to develop his own browser that circumvents these limitations.

How can I protect myself?

On the plus side, users concerned about privacy have a few options.

The easiest way to stop Meta from tracking your external activity through its in-app browser is to simply not use it

Make sure you open websites in a trusted browser of your choice like Safari, Chrome or Firefox

If you cannot find this screen option, you can manually copy and paste the web address into a trusted browser.

Another option is to access the social media platforms through a browser.

So instead of using the Instagram or Facebook app, visit the websites by typing their URL in the search bar of your trusted browser.

This should also solve the tracking issue.

I’m not suggesting you give up Facebook or Instagram altogether.

But we should all be aware of how our online movements and usage patterns can be carefully recorded and used in ways of which we are not informed.

Remember, if the service is free on the internet, chances are you are the product.

This article was originally written for The conversation by David Tuffley, Associate Professor of Applied Ethics and Cybersecurity at Griffith University.

The best tips and hacks for phones and gadgets


Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…

Get the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at Facebook will “stalk you” even if you’re NOT in the app if you make a simple mistake

Fry Electronics Team

Fry is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button