From 9to5mac.com

Meta is facing a class action lawsuit after both Facebook and Instagram were found to be using an App Tracking Transparency workaround to track users on the web, even after they were denied permission to do so.

The company is accused not just of breaking Apple’s privacy rules, but also violating both state and federal laws …

Background

App Tracking works by Apple assigning a unique identifier to your device. It doesn’t reveal any details about you, but does allow them to see (for example) that iOS user 30255BCE-4CDA-4F62-91DC-4758FDFF8512 has visited gadget websites, and therefore would be a good target for gadget ads.

It also allows them to see that iOS user 30255BCE-4CDA-4F62-91DC-4758FDFF8512 was shown an ad for a particular product on a particular website, then subsequently went to a particular retailer site to buy it – therefore that ad was (likely) successful.

With App Tracking Transparency, app developers must ask you if you want to allow that tracking. If you say no (as most people do), then the apps are not allowed to use that system.

Facebook and Instagram each have their own embedded web browsers, which are used whenever a user taps a link in either app. This means that Meta can track activity in those browsers.

The theoretical risk of this was already well understood, but security researcher Felix Krause last month found concrete evidence that Meta was actually doing this.

He found that both apps injected their tracking code into every website shown, including when clicking on ads. In the most extreme case, this would enable Meta to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.

Krause doesn’t suggest Meta is going that far, of course. His research didn’t allow him to see what data the company was extracting, but he was able to confirm that they do extract something.

I don’t have a list of precise data Instagram sends back home. I do have proof that the Instagram and Facebook app actively run JavaScript commands to inject an additional JS SDK without the user’s consent, as well as tracking the user’s text selections. If Instagram is doing this already, they could also inject any other JS code.

Class action lawsuit

Bloomberg reports that two users have now sued Meta in a proposed class action lawsuit.

Meta Platforms Inc. was sued for allegedly building a secret work-around to safeguards that Apple Inc. launched last year to protect iPhone users from having their internet activity tracked.

In a proposed class-action complaint filed Wednesday in San Francisco federal court, two Facebook users accused the company of skirting Apple’s 2021 privacy rules and violating state and federal laws limiting the unauthorized collection of personal data. A similar complaint was filed in the same court last week […]

Responding to the report, Meta acknowledged that the Facebook app monitors browser activity, but denied it was illegally collecting user data.

A Meta spokesperson told us: “These allegations are without merit and we will defend ourselves vigorously. We have designed our in-app browser to respect users’ privacy choices, including how data may be used for ads.”

A class action suit is when others affected are invited to join the action against the defendant. Generally this means no more than filling in an online form if the case is successful, and compensation awarded (which is generally just a few dollars per person). A judge has to approve the conversion of the lawsuit to a class action.

Photo: Glen Carrie/Unsplash

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You can read the original article here

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox


5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.


close

Don't miss a beat!!

We’d love to keep you updated with the latest tech news from across the internet!

Don't worry, we don’t spam!

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

More in Apple