Thousands of businesses found handing tons of user data to Facebook

Data center
(Image credit: Shutterstock)

Alarming new research has found supposedly private user data is being shared between Facebook and thousands of companies through hidden tracking techniques.

In the study, users downloaded a three year span of data from Facebook which found that on average, each individual had their data shared by 2,230 companies.

While the individuals who submitted their data for this research were not demographically adjusted, they are of a demographic group that is more inclined to be privacy conscious, hinting that the average Facebook user’s data may have been shared far wider.

Data is the new oil, and you're leaking more than you think

The research was conducted by Consumer Reports, a non-profit, independent organization seeking to provide transparency on how consumer data is used, and found that for the 709 volunteers who submitted their data there were 186,892 companies that shared their data with Facebook.

The data was collected using Facebook’s own transparency tools which provided the researchers with a unique look into how data is transferred from a company’s servers to Meta’s servers in an incognito form of tracking called “server-to-server.”

While many companies commonly observed in the top 100 list for each user included brands such as Amazon, Walmart, and Home Depot, there were also over 7,000 companies listed in the data which had unreadable names written with random letters and numbers. Moreover, a number of companies listed in the data had very generic names that could be referring to several very different companies.

The data gathered was split into two identifiable categories known as ‘events’ and ‘custom audiences.’ The first kind is data collected from user interactions with a brand or organization collected by a Meta tracking pixel when a page is visited or a product is purchased. The second form of data is collected to create audiences with similar interests to be targeted by advertisements on Facebook.

In a statement to The Markup, Meta spokesperson Emil Vazquez said, “We offer a number of transparency tools to help people understand the information that businesses choose to share with us, and manage how it’s used.” However, The Markup points out that there are several hoops to jump through in order to reach this data through Facebook’s settings.

The Markup also spoke to Caitriona Fitzgerald, Deputy Director of the Electronic Privacy Information Center on the topic of server-to-server tracking, with Fitzgerald stating that “This type of tracking which occurs entirely outside of the user’s view is just so far outside of what people expect when they use the internet. They don’t expect Meta to know what stores they walk into or what news articles they’re reading or every site they visit online.”

Consumer reports concluded their research with a number of policy recommendations including implementing data minimization provisions so that companies only collect the bare minimum amount of data needed to provide a service, provide streamlining tools for opt-out requests by implementing an authorized agent to process opt-out requests on behalf of consumers, and providing greater scrutiny over the types of adverts that can be shown to consumers on Facebook to eliminate scams and fraudulent advertisements.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.