Thursday, 24 November 2022

Tax Filing Websites Caught Sending Users’ Financial Data to Facebook

(Photo: Olga DeLawrence/Unsplash)
Filing your taxes is already stressful enough without the worry that your data will end up in the wrong hands. Thanks to several tax websites’ newly-discovered data sharing practices, this concern is likely to be prevalent during the 2023 tax filing season. H&R Block, TaxAct, and TaxSlayer have been found to send users’ financial data to none other than Facebook.

The three websites—which together help more than 25 million Americans file their taxes annually—use Meta’s JavaScript code (called “Meta Pixel”) to capture user data and send it Facebook’s way, according to the nonprofit tech investigations newsletter The Markup. H&R Block, one of the country’s most recognizable tax filing firms, was found using Meta Pixel to obtain users’ health savings account usage data as well as dependents’ college expense information. TaxAct was caught using the code to track users’ filing status, dependents, adjusted gross income, and refund totals. TaxAct appears to have lazily attempted to anonymize this data by scrambling dependent names and rounding income and refunds to the nearest thousand and hundred respectively; however, The Markup found the former obfuscation to be easily reversible.

(Photo: H&R Block)

TaxSlayer appears to have used Meta Pixel to capture the most detailed user information. Using a “Meta Pixel Inspector” it developed earlier this year, The Markup found that TaxSlayer habitually gathered users’ names, phone numbers, and dependent names. A specific form of TaxSlayer incorporated into personal finance celebrity Dave Ramsey’s websites also obtained users’ income and refund totals. When The Markup asked Ramsey Solutions about its use of Meta Pixel, the company said it hadn’t known about the code’s data-grabbing element and allegedly removed it from its sites. TaxAct similarly stopped capturing users’ financial data but continued to record dependents’ names.

But why? What incentive does Facebook have to grab Americans’ tax information? As it nearly always does, the answer comes down to money. Meta, Facebook’s parent company, regularly uses its approximately 2 million Meta Pixels to capture web users’ browsing activity, demographic data, and more. This information is then used to ensure Facebook and Instagram users are seeing ads they might actually click, thus supporting Meta’s lucrative marketing operations.

The IRS, having been made aware of the tax websites’ Meta Pixel usage, could render Facebook’s tax data harvesting financially useless. Websites that share users’ tax information without consent can face steep fines, and as of Tuesday, H&R Block, TaxAct, and TaxSlayer lacked the disclosures necessary to claim consent.

Now Read:



No comments:

Post a Comment