Tax preparation sites don’t just exploit you, they also help Facebook do it


campaign action

There is a snippet of code included on the popular TaxAct website used for electronic filing of returns called Meta Pixel. It includes this data, although not all companies transmit all of it. Facebook can use this information to write advertising algorithms and target them more effectively. It gets this data from tax preparation companies “regardless of whether the person using the tax filing service has an account on Facebook or other platforms operated by its owner Meta.”

H&R Block has one that “collected information about filers’ health savings account usage and dependents’ scholarships and tuition expenses.” Another, TaxSlayer, “included phone numbers, the name of the user filling out the form, and the names of any dependents added to the return.” The Verge says specific demographic information was “masked but still usable by Facebook to link a user to an existing profile.”

A tax preparation site run by Ramsey Solutions, built on a version of TaxSlayer, “collected even more personal data from a tax return summary page, including income information and tax amounts. repayment. This information was not sent immediately upon visiting the page, only when visitors clicked on the drop-down headers to see more details about their report. Intuit’s TurboTax, remarkably since they are among the biggest spenders on having taxpayers depend on their site, was the least awful, only sending usernames and information about when users last logged in. are connected.

Once The Markup contacted these companies, some of them removed the pixel. “We were NOT aware and were never made aware that personal tax information was being collected by Facebook from the Pixel,” Megan McConnell, spokeswoman for Ramsey Solutions, said in a statement. “As soon as we discovered this, we immediately notified TaxSlayer to deactivate the Ramsey SmartTax Pixel.” Molly Richardson for TaxSlayer said they’ve removed the pixel and are evaluating how it’s being used. “Our customers’ privacy is of the utmost importance, and we take concerns about our customers’ information very seriously,” she said. Intuit’s Rick Heineman said the company’s pixel will no longer send usernames.

That’s smart considering how awful it is. Mandi Matlock, a lecturer at Harvard Law School specializing in tax law, told The Markup that their findings on how “some of the most sensitive information” about taxpayers is “exploited” are “appalling”. Shocking but not surprising, said Jon Callas, director of public interest technologies at the Electronic Frontier Foundation. “The practice is ubiquitous.

As for Meta, it told The Markup that there are limits to the types of data it collects and that its help page says it prohibits data such as bank account and credit card numbers. credit, or “account information or financial status of an individual”. Except that two of the sites sent revenue figures to Facebook. Which is pretty much information about the financial status.

The markup pulled all of this information together in a partnership with Mozilla Rally called Pixel Hunt, recruiting people to install a browser extension that captured data shared to Facebook through the pixel and copied it for the project.

Earlier this year, with the help of Pixel Hunt participants, The Markup found sensitive data sent to Facebook on the Department of Education’s federal student aid application website, pregnancy websites in crisis and leading hospital websites.

Crisis pregnancy websites. “More than a third of websites sent data to Facebook when someone made an appointment for an ‘abortion consultation’ or ‘pre-termination screening.’ And at least 39 sites sent details on Facebook such as the person’s name, email address or phone number,” The Markup reported earlier this year.

Facebook, in response to this report, shifted the blame to advertisers. “Advertisers should not send sensitive information about people through our business tools,” Meta spokesperson Dale Hogan said in an emailed statement. “This is against our policies and we teach advertisers how to properly configure business tools to prevent this from happening. Our system is designed to filter out potentially sensitive data that it is able to detect. It is designed for that, whether it is or not?

Meanwhile, federal lawmakers are trying to push through a data privacy bill during the lame duck session. The main hurdle is, of course, Republicans who want a weaker federal bill to preempt state laws that offer stronger protections. It’s also a key demand from the tech industry, but lawmakers in states that have these strict laws want the federal bill to be stronger or allow states to enact stricter bans.

The likelihood of Congress doing anything about it — either fixing how we file our taxes or addressing the myriad privacy issues Facebook poses — is slim to none.

Daily Kos is the largest progressive organization online, but we don’t have billionaire backers. We rely on readers like YOU. Donate $5 to help us keep fighting for progressive values.

The 2022 election is officially in overtime, with a runoff in Georgia. We need to take out every last Democratic voter for Raphael Warnock. Click here to volunteer in any way possible.


Comments are closed.