Get the top HN stories in your inbox every day.
zaptheimpaler
charcircuit
>Why can't we just get access to the _RAW_ data being sent or stored about us?
Because most of it isn't interesting or relevant to you. Most data being sent isn't actually data about you, but data about the product.
>On mobile devices its even worse
This is because mobile devices are more secure and privacy preserving than the desktop platform. What you think is locking you out is actually just the platform locking everyone out so that they cripple the capabilities of malicious apps. Also keep in with that device users and app developers are both stakeholders. App developers want to keep their platforms secure which can conflict with the interests of the device users. The platform tries to balance the needs of everybody to try and make the best platform possible for all parties.
zaptheimpaler
> Because most of it isn't interesting or relevant to you. Most data being sent isn't actually data about you, but data about the product.
Thanks but that's for me to decide. And all of the privacy abuses in clear view by Meta and others over the past few years make that assertion sound ridiculous. In my view the owner of a device has a right to have complete visibility into said device's communications.
bruce511
Personally I agree that this endless back-door privacy leakage is unwelcome.
That said, the idea that we have self-described "rights" waters down the concept of actual "rights".
Things like Miranda rights, 2nd ammendment rights and so on are codified trade-offs between public good and personal good. Often these rights are local, and differ from country to country. Some travel, some don't. Most people in the UK presume they have free-speech rights (they don't) but pretty-much no-one in the UK believes they "have the right to bear arms."
I don't negate your point. I too have a desire not to leak data to corporations from my devices. Equally I choose which browser I use, which sites I visit, which OS I run, and so on.
I guess I'm saying that I understand that companies don't exist for my benefit, but for theirs, and I balance their desires with my desires when making my choices.
Tsiklon
Perhaps more generously, to Firefox, they’re interpreting Firefox user strings as an app sending data to them. For curiosity, where did you pull that data from?
SirSavary
MuffinFlavored
What Chrome extension do I have to enable to make it so Facebook doesn't know this level of data?
Edit: looks like https://privacybadger.org/ or https://ublockorigin.com/
thanksgiving
Thank you for sharing.
I can see it as well. I don't understand it either. I use facebook container on the desktop. Perhaps it is on Android or iPhone? I would also like to know what data Firefox shared with Facebook about me.
jkaplowitz
What's the equivalent for people who don't have Facebook accounts? I presume data about me has been sent to Facebook despite that fact.
spikefromspace
Also note that they allow for server side data as well so companies can send via backends and circumvent any ad blockers. Good companies do respect a users preferences but not all do.
tppiotrowski
What's the mechanism here? I thought it's sharing a cross domain cookie that allows you to identify a user as they surf from one domain to another.
spikefromspace
Fingerprinting and tracking links are common for unindentified users. Cross domain cookies are harder to fo outside of chrome. For known users, you can sync data to Facebook with email addresses, names, phone numbers etc. This is likely why you see most websites these days trying to collect that info from you as early as possible.
luckylion
You click on a tracking link, Server 1 now has a unique ID associated with that click. S1 forwards you to S2 with a unique identifier. S2 now has that unique ID associated with you. You buy something on S2. S2 sends a request to S1 saying "unique ID #123 bought something for $40".
frereubu
The Facebook Conversions API: https://www.facebook.com/business/help/2041148702652965?id=8...
spikefromspace
Additionally, data brokers and data clean rooms now allow you to share data making it easier as well. Snowflake, liveramp, etc all offer super easy (and privacy compliant according to them) ways of implementing this.
jboy55
I tried to request my data from a couple of meida companies, (criteo, apogee), criteo required a image of my drivers license, and Apogee just ignored it.
undefined
nerdponx
Fingerprinting?
luckylion
You need some syncing though, otherwise Facebook wouldn't know who that user is that almost bought your stuff and that you now want to retarget.
dwild
Facebook could probably just ask to send whatever you got about the user and they'll deal with the identification. User agent + IP is probably more than enough. Worst case they just build a JS that can be included and give the full fingerprint.
marketingtech
Meta offers their own...it's not hidden.
https://chrome.google.com/webstore/detail/facebook-pixel-hel...
But this doesn't cover server-side data transfer. https://developers.facebook.com/docs/marketing-api/conversio...
Xelynega
Correct me if I'm wrong, but the tool in the OP sounds like a crowdsourcing effort to collect the data the Facebook tool can tell you across multiple users and multiple sites.
That's not really the same thing as a tool that tells a single person that the site they're on uses meta pixel as it happens.
kripy
Correct. The Facebook Pixel Helper is used to test that the pixel has been installed correctly and events, both standard and custom, are firing correctly.
N3Xxus_6
I actually work in an industry that utilizes these a lot. Google, tiktok, meta etc. I implement the code on our customers sites. It's crazy how much data these scripts collect.
glitchcrab
> It's crazy how much data these scripts collect
And you're ok with this?
marketingtech
Businesses choose to send this data to the ad platforms for their own benefits - better targeting, measurement, and ML optimization of their ad campaigns.
The businesses are legally accountable for the data they're sending and complying with privacy laws, but to most platforms it's a dumb pipe for whatever data the business chooses to send.
bscphil
> Businesses choose to send this data to the ad platforms for their own benefits - better targeting, measurement, and ML optimization of their ad campaigns.
I think the post you're replying to is concerned about the moral rights of the people whose data is sent, not whether sending the data is beneficial or harmful to the business that sends it.
iamacyborg
From experience, most folks who implement these tags don’t understand the scope of what they’re actually doing, and most are likely doing so without consulting a legal team or understanding the legal implications of the tracking they’re deploying.
Xelynega
Probably more OK then they are with making their life uncomfortable to look for another job with similar benefits. It's not just a moral decision in a void.
tppiotrowski
My privacy stance has evolved to just assume everything I do online is public.
Even if we fight and succeed in stopping a tracking mechanism (third-party cookies) we discover that another one is developed (fingerprinting). It's times when you think you have privacy/no one is watching that you're most susceptible to doing something you might regret.
If you consciously acknowledge that your digital life is public, you can consider performing activities using other mediums. Calling instead of messaging. Shopping at stores with cash. Journaling in a paper notebook.
toss1
Wise choices, yet that we must make them is sad.
bitL
Why not use Tor Browser for private things then?
alasdair_
The thing that really got me, personally, was searching psychologytoday.com for a mental health professional and seeing that Facebook had a copy of everything I'd searched for, without me ever agreeing to any kind of data sharing.
[disclaimer: I worked at Facebook at the time. I was still appalled.]
matheusmoreira
Is it still safe to assume that uBlock Origin blocks all of this?
lostmsu
No, I got majority of my history in https://www.facebook.com/off_facebook_activity
Hydraulix989
I wish more energy was directed to also understanding what data Google and TikTok collect from their users.
elmomle
This is great and important work. I think it would be substantially more approachable if it began with an "Abstract" or "Summary" section. Like it or not, most folks just want the headlines; the presentation of the details is only important if people understand and care about the core ideas.
tl;dr for the website: meta pixels are everywhere on the web and gathering your interactions and inputs on all kinds of sites--including ones related to your guilty pleasures, your taxes, your health, school, etc.
mulligan
I think these folks fail to connect the pixel with its purpose. The sites and apps who advertise want to understand who is converting, they provide this information to the advertiser so they can correlate the users who saw an ad to a purchase.
By keeping the purpose vague, it makes it seem nefarious.
vorpalhex
I'll give you $5 if you give me access to your email account in full and let me see what you buy, what newsletters you sign up for, etc. I won't even steal any of your data or anything nefarious outside of collect some stats for my own uses.
If you let Facebook do this for free, you should at least take the $5 from me.
Xelbair
the actual purpose IS nefarious.
ranting-moth
Does Firefox's Enhanced Tracking Protection block this properly?
https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...
dang
Recent and related:
Tax filing websites have been sending users’ financial information to Facebook - https://news.ycombinator.com/item?id=33705532 - Nov 2022 (74 comments)
Tax-filing websites have been sending users financial info to Meta - https://news.ycombinator.com/item?id=33753058 - Nov 2022 (18 comments)
tobr
Could you add back the “How” in the title?
Get the top HN stories in your inbox every day.
I went to look at the off-site facebook history on my profile. Its truly scary the amount of data they have. The worst part is this:
https://imgur.com/a/A8JVQOR
So Mozilla, which is one of the companies behind the effort to understand the Meta Pixel, is also sending data to Facebook? I was not a member of the Rally study.
What the f** is going on? Is Firefox itself tracking me too? Or maybe some extension? Which extension? How am i supposed to tell without hoping that the right person magically sees this comment or going 100% technical and running packet captures and Wireshark?
Why can't we just get access to the _RAW_ data being sent or stored about us?
As of now, VS Code will send encrypted data to Microsoft when you use it. So my machine, OS, applications all send data about me to companies, and I'm not even allowed to know what it is (not to single them out, VS Code is just one example I have inspected myself). I don't claim to understand SSL all that well, but i think they used certificate pinning and pre-master secrets that makes it impossible or very difficult for anyone outside MS to decrypt the data in any way...
This is all completely normal now. On mobile devices its even worse. Its not even possible to completely inspect the data a phone/tablet sends without rooting it and many are already impossible to bootloader unlock or root/jailbreak.
With certificate pinning, on an encrypted smartphone volume with a hardware key, that is only unlocked just in time by the OS (the way android works now), it is LITERALLY impossible to know what data is being transmitted or received over SSL on your own device. You are not allowed to know.