Does anybody with a STRONG BACKGROUND IN WEBSITE PRIVACY have time to vet this research? Are TikTok and Meta pixels REALLY doing the things claimed? I'm concerned it may be overstating things in an attempt to sell its tag monitoring tools.
https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels
Runtime analysis confirms what privacy researchers have warned about: Meta and TikTok ad pixels harvest product-level commerce data, scrape PII from checkout forms, and can transmit data before consent management platforms activate.
The hashing both platforms use? The FTC ruled in 2024 it does not constitute anonymisation. Deterministic SHA-256 hashes of emails and phone numbers are trivially matched against existing platform databases. The BetterHelp enforcement action proved this isn't theoretical.
The underrated risk: every merchant running these pixels feeds competitive intelligence — pricing, conversion rates, catalogue data — directly into platforms that sell targeting to their rivals.
One claim to treat with caution: Jscrambler reports Meta's automatic events feature captured partial payment card details (last four digits, expiry, cardholder name) from checkout pages. The mechanism is plausible — the feature scans visible DOM elements by default — but this specific finding hasn't been independently reproduced yet.
Source: Jscrambler Security Research Team, cross-verified against Meta's own documentation, FTC enforcement actions (BetterHelp, Nomi), and independent CMP vendor warnings.
https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels
@n_dimension @dangoodin The jscrambler site seems to be saying that the "pixels" are actually programs that felch PII right off the pages where they exist.
IDK what to think about that. Clearly the websites including that Tiktok/Meta code are allowing it and are in effect "sharing data with our partners". That points to a general and massive cultural failure in IT, not the least of which is the browser architecture that would allow 3rd party scripts to do this.
The rise of lawsuits centered around the use of Meta Pixel has created a challenging legal landscape for businesses and is a stark reminder from those who just recently dealt with the ADA lawsuits and needed to make changes to their websites to become compliant. This tracking tool, which collects user data and integrates […]
@tasket @n_dimension @dangoodin absolutely credible
relevant old news: https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites
@tasket @n_dimension @dangoodin
Let's ask this the other way around. Waterfox with Ghostery and PrivacyBadger running should give them very little to work with, correct? Or am I fooling myself?
(mind you, I use neither AI-Meta-Book nor Tiktok, but of course that doesn't mean that I'm not exposed to their scripts on any non-Mastodon page that I visit...)
@tasket
Well that was easy... added uBlock Origin.
There appears to be some overlap between it and ghostery, but ghostery claims that especially for ad-blocking they cover more...
I don't think having both will hurt me (except likely burning more CPU cycles.
Thanks
@dangoodin Generally speaking this article doesn't describe anything new or novel. You can accomplish most of what's detailed here with a Hubspot account.
The main difference for Meta and TikTok is how enormous the platforms are and how wide their data reach is for each user. But because their popular, their tracking gets more impressions than other sites.
There's really nothing hyperbolic here, unfortunately.
@dangoodin @briankrebs Checks out. If anything, it's only scratching the surface. Many (most?) businesses are unknowing accomplices.
pblakez
Dan Goodin
Que
Wulfy—Speaker to the machines
tasket
r0k
klausfiend
Dirk Hohndel
joriki
Grant_H
Janeishly
Kevin Karhan 
andrew_meir
Josh
Konform Browser
Curt