Instagram and Facebook are stalking you. What can you do about it?

tech.hindustantimes.com:

Social media platforms have had some bad press in recent times, largely prompted by the vast extent of their data collection. Now Meta, the parent company of Facebook and Instagram, has upped the ante.

Not content with following every move you make on its apps, Meta has reportedly devised a way to also know everything you do in external websites accessed through its apps. Why is it going to such lengths? And is there a way to avoid this surveillance?

‘Injecting' code to follow you

Meta has a custom in-app browser that operates on Facebook, Instagram and any website you might click through to from both these apps.

Now ex-Google engineer and privacy researcher Felix Krause has discovered this proprietary browser has additional program code inserted into it. Krause developed a tool that found Instagram and Facebook added up to 18 lines of code to websites visited through Meta's in-app browsers.

This “code injection” enables user tracking and overrides tracking restrictions that browsers such as Chrome and Safari have in place. It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers”.

Krause published his findings online on August 10, including samples of the actual code.

In response, Meta has said it isn't doing anything users didn't consent to. A Meta spokesperson said:

We intentionally developed this code to honour people's [Ask to track] choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.

The “code” mentioned in the case is pcm.js – a script that acts to aggregate a user's browsing activities. Meta