The three websites—which together help more than 25 million Americans file their taxes annually—use Meta’s JavaScript code (called “Meta Pixel”) to capture user data and send it Facebook’s way, according to the nonprofit tech investigations newsletter The Markup. H&R Block, one of the country’s most recognizable tax filing firms, was found using Meta Pixel to obtain users’ health savings account usage data as well as dependents’ college expense information. TaxAct was caught using the code to track users’ filing status, dependents, adjusted gross income, and refund totals. TaxAct appears to have lazily attempted to anonymize this data by scrambling dependent names and rounding income and refunds to the nearest thousand and hundred respectively; however, The Markup found the former obfuscation to be easily reversible.
TaxSlayer appears to have used Meta Pixel to capture the most detailed user information. Using a “Meta Pixel Inspector” it developed earlier this year, The Markup found that TaxSlayer habitually gathered users’ names, phone numbers, and dependent names. A specific form of TaxSlayer incorporated into personal finance celebrity Dave Ramsey’s websites also obtained users’ income and refund totals. When The Markup asked Ramsey Solutions about its use of Meta Pixel, the company said it hadn’t known about the code’s data-grabbing element and allegedly removed it from its sites. TaxAct similarly stopped capturing users’ financial data but continued to record dependents’ names.
But why? What incentive does Facebook have to grab Americans’ tax information? As it nearly always does, the answer comes down to money. Meta, Facebook’s parent company, regularly uses its approximately 2 million Meta Pixels to capture web users’ browsing activity, demographic data, and more. This information is then used to ensure Facebook and Instagram users are seeing ads they might actually click, thus supporting Meta’s lucrative marketing operations.
The IRS, having been made aware of the tax websites’ Meta Pixel usage, could render Facebook’s tax data harvesting financially useless. Websites that share users’ tax information without consent can face steep fines, and as of Tuesday, H&R Block, TaxAct, and TaxSlayer lacked the disclosures necessary to claim consent.
Now Read:
- IRS Accidentally Makes 120,000 Taxpayers’ Data Public
- Microsoft Adds Identity Theft Monitoring Service to 365 Suite
- New Ransomware Attack Tries to Frame Security Researchers
No comments:
Post a Comment