Social media platforms have had some bad press in recent times, largely prompted by the vast extent of their data collection. Now Meta, the parent company of Facebook and Instagram, has upped the ante.

Not content with following every move you make on its apps, Meta has reportedly devised a way to also know everything you do in external websites accessed through its apps. Why is it going to such lengths? And is there a way to avoid this surveillance? ‘Injecting’ code to follow you Meta has a custom in-app browser that operates on Facebook, Instagram, and any website you might click through to from both these apps.

Now ex-Google engineer and privacy researcher Felix Krause has discovered this proprietary browser has additional program code inserted into it. Krause developed a tool that found Instagram and Facebook added up to 18 lines of code to websites visited through Meta’s in-app browsers.

This “code injection” enables user tracking and overrides tracking restrictions that browsers such as Chrome and Safari have in place. It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers”.

Krause published his findings online on August 10, including samples of the actual code.

Advertisement

In response, Meta has said it isn’t doing anything users didn’t consent to. A Meta spokesperson said: We intentionally developed this code to honour people’s [Ask to track] choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.

The “code” mentioned in the case is pcm.js – a script that acts to aggregate a user’s browsing activities. Meta says the script is inserted based on whether users have given consent – and information gained is used only for advertising purposes.

So is it acting ethically? Well, the company has done due diligence by informing users of its intention to collect an expanded range of data. However, it stopped short of making clear what the full implications of doing so would be.

People might give their consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences. And, in this case, users were not explicitly made aware their activities on other sites could be followed through a code injection.

Why is Meta doing this? Data are the central commodity of Meta’s business model. There is astronomical value in the amount of data Meta can collect by injecting a tracking code into third-party websites opened through the Instagram and Facebook apps.

Advertisement

At the same time, Meta’s business model is being threatened – and events from the recent past can help shed light on why it’s doing this in the first place.

It boils down to the fact that Apple (which owns the Safari browser), Google (which owns Chrome) and the Firefox browser are all actively placing restrictions on Meta’s ability to collect data.

Last year, Apple’s iOS 14.5 update came alongside a requirement that all apps hosted on the Apple app store must get users’ explicit permission to track and collect their data across apps owned by other companies.

Meta has publicly said this single iPhone alert is costing its Facebook business $10 billion (roughly Rs. 79,400 crore) each year.

Apple’s Safari browser also applies a default setting to block all third-party “cookies”. These are little chunks of tracking code that websites deposit on your computer and which tell the website’s owner about your visit to the site.

Advertisement

Google will also soon be phasing out third-party cookies. Firefox recently announced “total cookie protection” to prevent so-called cross-page tracking.

In other words, Meta is being flanked by browsers introducing restrictions on extensive user data tracking. Its response was to create its own browser that circumvents these restrictions.

How can I protect myself? On the bright side, users concerned about privacy do have some options.

The easiest way to stop Meta tracking your external activities through its in-app browser is to simply not use it; make sure you’re opening web pages in a trusted browser of choice such as Safari, Chrome or Firefox (via the screen shown below).

If you can’t find this screen option, you can manually copy and paste the web address into a trusted browser.

Advertisement

Another option is to access the social media platforms via a browser. So instead of using the Instagram or Facebook app, visit the sites by entering their URL into your trusted browser’s search bar. This should also solve the tracking problem.

I’m not suggesting you ditch Facebook or Instagram altogether. But we should all be aware of how our online movements and usage patterns may be carefully recorded and used in ways we’re not told about. Remember: on the Internet, if the service is free, you’re probably the product. 

Elliott Management, the hedge fund that pushed for big changes at Twitter two years ago, exited the stock during the second quarter, soon after Elon Musk announced plans to buy the social media company, a regulatory filing shows.

The filing on Monday, showed that Elliott no longer owned any common stock in Twitter on June 30. It had owned 10 million shares at the end of the first quarter.

Twitter’s shares, which closed at $44.50 (roughly Rs. 3,500) on Monday had climbed as high as $51.70 (roughly Rs. 4,100) in April, when Musk was offering to spend $44 billion (roughly Rs. 3,49,240 crore) to acquire the company. Shares dropped when he tried to pull out of the deal in early July.

Elliott invested in Twitter in early 2020 and called for the ouster of Jack Dorsey, one of the company’s co-founders and its CEO at the time.

The company and the hedge fund soon reached an agreement in which the hedge fund got a seat on Twitter’s board and Dorsey was replaced in late 2021. Elliott exited the board last year.

Advertisement

Some other prominent investors also cut their Twitter holdings.

Hedge fund D.E. Shaw & Company owned 932,716 shares at the end of the second quarter, after having selling 3.7 million shares.

Balyasny Asset Management sold 1.3 million shares to own 172,821 shares while SRS Investment Management sold 7 million shares to own 125,226 shares on June 30.

The so-called 13-F filings are closely watched for investment trends, even though the data is released with a delay and can be dated.

Some firms established new positions, with filings showing that Pentwater Capital and Segantii Capital Management made new bets to own 18 million and 7.3 million shares respectively. Citadel Advisors LLC added 3.3 million shares, and now owns 4 million shares.

Advertisement

© Thomson Reuters 2022

Facebook failed to detect blatant election-related misinformation in ads ahead of Brazil’s 2022 election, a new report from Global Witness has found, continuing a pattern of not catching material that violates its policies the group describes as “alarming.”

The advertisements contained false information about the country’s upcoming election, such as promoting the wrong election date, incorrect voting methods, and questioning the integrity of the election — including Brazil’s electronic voting system.

This is the fourth time that the London-based nonprofit has tested Meta’s ability to catch blatant violations of the rules of its most popular social media platform— and the fourth such test Facebook has flubbed. In the three prior instances, Global Witness submitted advertisements containing violent hate speech to see if Facebook’s controls — either human reviewers or artificial intelligence — would catch them. They did not.

“Facebook has identified Brazil as one of its priority countries where it’s investing special resources specifically to tackle election related disinformation,” said Jon Lloyd, senior advisor at Global Witness. “So we wanted to really test out their systems with enough time for them to act. And with the US midterms around the corner, Meta simply has to get this right — and right now.”

Brazil’s national elections will be held on October 2 amid high tensions and disinformation threatening to discredit the electoral process. Facebook is the most popular social media platform in the country. In a statement, Meta said it has “ prepared extensively for the 2022 election in Brazil.”

Advertisement

“We’ve launched tools that promote reliable information and label election-related posts, established a direct channel for the Superior Electoral Court (Brazil’s electoral authority) to send us potentially-harmful content for review, and continue closely collaborating with Brazilian authorities and researchers,” the company said.

In 2020, Facebook began requiring advertisers who wish to run ads about elections or politics to complete an authorisation process and include “paid for by” disclaimers on them, similar to what it does in the US. The increased safeguards follow the 2016 US presidential elections, when Russia used rubles to pay for political ads designed to stoke divisions and unrest among Americans.

Global Witness said it broke these rules when it submitted the test ads (which were approved for publication but were never actually published). The group placed the ads from outside Brazil, from Nairobi and London, which should have raised red flags.

It was also not required to put a “paid for by” disclaimer on the ads and did not use a Brazilian payment method — all safeguards Facebook says it had put in place to prevent misuse of its platform by malicious actors trying to intervene in elections around the world.

“What’s quite clear from the results of this investigation and others is that their content moderation capabilities and the integrity systems that they deploy in order to mitigate some of the risk during election periods, it’s just not working,” Lloyd said.

Advertisement

The group is using ads as a test and not regular posts because Meta claims to hold advertisements to an “even stricter” standard than regular, unpaid posts, according to its help center page for paid advertisements.

But judging from the four investigations, Lloyd said that’s not actually clear.

“We we are constantly having to take Facebook at their word. And without a verified independent third party audit, we just can’t hold Meta or any other tech company accountable for what they say they’re doing,” he said.

Global Witness submitted ten ads to Meta that obviously violated its policies around election-related advertising. They included false information about when and where to vote, for instance and called into question the integrity of Brazil’s voting machines — echoing disinformation used by malicious actors to destabilise democracies around the world.

In another study carried out by the Federal University of Rio de Janeiro, researchers identified more than two dozen ads on Facebook and Instagram, for the month of July, that promoted misleading information or attacked the country’s electronic voting machines.

Advertisement

The university’s Internet and social media department, NetLab, which also participated in the Global Witness study, found that many of those had been financed by candidates running for a seat at a federal or state legislature.

This will be Brazil’s first election since far-right President Jair Bolsonaro, who is seeking reelection, came to power. Bolsonaro has repeatedly attacked the integrity of the country’s electronic voting system.

“Disinformation featured heavily in its 2018 election, and this year’s election is already marred by reports of widespread disinformation, spread from the very top: Bolsonaro is already seeding doubt about the legitimacy of the election result, leading to fears of a United States-inspired January 6 ‘stop the steal’ style coup attempt,” Global Witness said.

In its previous investigations, the group found that Facebook did not catch hate speech in Myanmar, where ads used a slur to refer to people of East Indian or Muslim origin and call for their deaths; in Ethiopia, where the ads used dehumanising hate speech to call for the murder of people belonging to each of Ethiopia’s three main ethnic groups; and in Kenya, where the ads spoke of beheadings, rape and bloodshed.