Tax Companies Are Sending Consumers’ Private Information To Facebook

big tech, facebook, taxes, Technology

By Aaron Rein

November 30, 2022

Tax filing providers like H&R Block, TaxAct, TaxSlayer, and more have secretly collected sensitive data on users and sent it to Meta, formerly known as Facebook.

Independent newsroom The Markup has found that when users of these web programs entered data, such as banking information, it was also quietly being sent to Meta with a plugin called Meta Pixel, which was hidden in the code of the sites.

Meta Pixel is a JavaScript-powered piece of code that Meta advertises as a snippet that “allows you to track visitor activity on your website.” While the purpose of this code is generally expected to be used for slightly more mundane applications like user interest, time spent looking at images, and similar activity, it also has the potential to be used to gather data maliciously.

In an investigative piece done in collaboration between The Markup and The Verge, it was revealed that out of the 150 million electronic tax returns done yearly by U.S. citizens, many are filed with these companies. In fact, H&R Block, one of the companies called out, announced to investors in 2019 that 20.2 million of the tax returns filed that year alone were processed via their services. TaxAct boasts 3 million clients every year according to a press release this year. Tax Slayer claims 10 million clients last year. Just these three companies on their own made up almost a quarter of all tax returns filed electronically. As such, the amount of customers whose information may have been exposed is just as large.

While all of the sensitive data is hashed (a form of encryption) on route to Meta, it wouldn’t take much more than a key at Meta in order to decode the private information. Meta publicly uses this unhashed data in order to curate Instagram and Facebook profiles.

Some companies like Intuit TurboTax still used Pixel to send data, but at least obscured who each piece of information belonged to. Unfortunately, The Markup discovered that this information was still possible to link to already existing profiles.

Many companies that were discovered to be sending this information did respond to requests for comment. TaxAct, Taxslayer, and H&R Block all pledged to remove Meta Pixel elements from their tax filing websites and investigate why these elements were used on the website in the first place. In addition, as of The Markup’s publication, Intuit TurboTax modified their implementation of Meta Pixel to be less invasive. However, TaxAct has continued to send similar data to Google, and H&R Block has kept Meta Pixel on their student loan and health insurance pages.

This discovery was made possible due to The Markup’s contributors, who pledged to install programs on their computers to intercept Meta Pixel communications. Many other companies in different fields were found with similar practices in effect.

Consumers may wonder how this could have been avoided, and how they may be able to avoid these abusive practices in the future. At least with taxes, there aren’t many alternatives to “doing your taxes.” The United States’ tax filing system is incredibly privatized. Citizens are nearly mandated to either hire a personal accountant or use a provider like TaxAct, Taxslayer, or H&R Block to file tax returns if they desire to finish in a reasonable timeframe.

According to a survey conducted by seoClarity in 2021, Facebook is the second least trusted tech giant by Americans, with 42.6% of surveyed individuals indicating that they “distrusted” the company. Only TikTok ranked lower, with 43% of individuals indicating their distrust.

While Facebook may have adopted a name change, they have not been able to shed their charred brand identity.

Facebook has been censoring large amounts of posts, according to the RoyalPatriot. These include posts about Hunter Biden’s infamous laptop scandal.

The good news is that there are some methods for protection from Facebook/Meta, but they aren’t foolproof. Firefox browser users may already be aware of “Facebook Container,” an extension developed by internet privacy company Mozilla. The extension deliberately separates any transactions between the user and Facebook if possible, or warns the user before they may send data to Facebook.

The report comes as the Internal Revenue Service (IRS) is requiring third-party payment processors like Venmo to keep track of users’ transactions, as previously reported by American Pigeon.