back to article Tax prep firms 'recklessly shared' your data with Google and Meta – senators

Incredible as it may seem, US tax preparation companies using Google and Meta tracking technology have been sending sensitive information back to the megacorps, not to mention other tech firms, it is claimed. Seven US lawmakers on Wednesday released a 54-page report [PDF] detailing the "outrageous, extensive, and potentially …

  1. DS999 Silver badge

    Why do browsers allow this?

    OK, I know why Chrome allows this.

    But why should Safari, there is no Apple tracking pixel. And why should Firefox, they don't have any business other than their browser. I would think it shouldn't be that hard to identify and simply skip past the HTML code that implements this in a downloaded web page before it is rendered.

    Time for Apple to piss off Facebook again, and time for Firefox to demonstrate why having a browser totally independent of Big Tech is so important.

    1. doublelayer Silver badge

      Re: Why do browsers allow this?

      Some browsers, including Firefox, do try to block it. There are also extensions that are designed to do so. The only problem is that both these companies quite like the idea of tracking all this information while pretending not to be going for personal data, so they will try to fight against the existing protections. It's an arms race between companies who make billions of advertising* and browser writers who don't always get to catch every change they make. The successes in blocking such things is one of the reasons Google pushes so much stuff through the W3C and why their incredible market share in browsers is so dangerous, since they're trying to expand the attack surface of possible fingerprinting techniques for the next time something they are using gets blocked.

      * The companies would probably make about the same amount without the tracking, because they're not that good at tracking people with it, but they're afraid that some advertiser would pull their business on the theory that the tracking actually works.

      1. DS999 Silver badge

        Re: Why do browsers allow this?

        That's stupid. The browser maker has absolutely no reason to encourage tracking pixels, except for companies that basically live on advertising i.e. Google's Chrome and the nameless browser integrated into Facebook's app.

        If they wanted to track what users are doing (show me the proof that either Safari or Firefox are logging every site people visit and sending that info back to home base) they don't need tracking pixels. They have the full URL history and every mouse move and keyboard stroke! A browser maker can gain zero additional information from tracking pixels.

        1. Michael Wojcik Silver badge

          Re: Why do browsers allow this?

          It's not possible in general to distinguish a tracking resource from a non-tracking resource.

          If I have my server inject an IMG element with SRC attribute that specifies an image server and a unique path for every response, then when the browser requests the image, the image server has a reliable way of associating that request with the one that served the page that included the IMG element. The returned image data might be a single-pixel transparent GIF, but the browser doesn't know that until it receives the response. Since the path changes, the browser can't cache it.

          And that's just the simplest form of web bug. There are many variants.

          HTTP requires the client identify the desired resource, obviously, and the resource identifier (the Request-URI) can be used as a side channel.

        2. doublelayer Silver badge

          Re: Why do browsers allow this?

          I realize I was being unclear. By "both these companies", I meant Google and Facebook, the two largest users of tracking pixels, not Mozilla and Apple, which by reading back I can see I did not make clear. My point was that, whatever efforts Mozilla (mostly just them) and occasionally Apple do to block trackers, Google and Facebook have stronger incentives and a lot more resources dedicated to bypassing those blocks. In Google's case, they also have an motivation and a method to try to prevent it being possible to block them in the future by adding things to Chrome and then to web standards.

          1. DS999 Silver badge

            Re: Why do browsers allow this?

            Sure Google and Facebook will have billions in incentive to find ways around things, but that doesn't mean Apple and Firefox shouldn't try. Worst case you make people's browsing experience better or help their privacy.

            When Netscape (long, long ago) introduced pop up blocking that made the web undeniably better. Of course the bad actors found other ways to get in our face with ads, but overlay ads will also very annoying are a lesser evil.

  2. Kevin McMurtrie Silver badge

    This is fine (room on fire)

    Public tech company employees are focused on vesting their stock, selling, and quitting. Leaking private data is fine if it provides an immediate value. Literally nobody cares if you go looking for somebody to fix it.

    The bubble bursting COVID-19 made short term focus even worse. Execs are having their $50 million retirement plans ruined so they'd do anything for a quick share price bump. Random layoffs, burn out employees, disband customer support, lie about product progress, SPAC tricks, ... anything goes.

    1. Anonymous Coward
      Anonymous Coward

      If it costs them nothing to screw you over...

      ...expect lube sales to skyrocket.

      Big enough fines to give these laws teeth even for small cases, and jail time for corporate officers responsible for a leak that causes serious harm, and with no personal liability shield.

      Vote for it, or for people that will pass it.

      1. Anonymous Coward
        Anonymous Coward

        Re: If it costs them nothing to screw you over...

        Yup. $200 per visitor should do it, since that's more than they're getting paid in the first place. Since they've already been caught, they would have to prove each visitor that DIDN'T get tracked.

  3. Anonymous Coward
    Anonymous Coward

    Who the bleep do you think pays for Mozilla's electic bill

    I'd fault you for not googling it, but burying the public record of the whole sordid mess was completed years ago, and unless you know some way to go back in time, you never see the public and bitter fight of this. Old time devs slugged it out on MDN over cookies and tracking systems. The" people are lazy" and "we want add money camps" won the day, and the foundation slowly dismantled forums where they faced public scrutiny and deleted the comment history (all of it, not just the critical posts, wouldn't want to be that obvious.)

    Sadly, there would be no Firefox without Netscape and Mozilla selling us out. Enough money wasn't coming in. But Google didn't become their number one sponsor out of boundless generosity. The company is a fig leaf Google, Apple, and Microsoft have worn at different times to cover their shame in the eyes of the regulators. (nothing to see here, certainly no illegal monopolies)

    They spun their Google sugar daddy relationship off as a way to fight Microsoft, and provided cover for Adwords to eat all it's competition until Apple took over the mobile market. They drug their heels blocking Facebook and Twitter from tracking people that weren't even signed into their site, or even had accounts.

    And the number one excuse for years has been that it's the individual site operators fault, even though they provide the platform that is being abused.

    Firefox will never be relevant again. It's stuck in the single digits, it's senior problem staff can't remember a time when their product was actually good. Not satisfied to stop there they keep making it a worse and more annoying clone of their competition instead of putting the things it used to do well front and center. And their attempts to pivot away from laundered ad money from Google and Bing search have been a lesson in hard sell harassment. I'm about as likely to sign up for pocket as to install the Reddit app on my phone.

    1. aerogems Silver badge

      Re: Who the bleep do you think pays for Mozilla's electic bill

      Google pre-DoubleClick acquisition was a very different company from the one it has become today. I'm sure that early on Google really did give Mozilla money because it helped drive traffic to their search engine, so for largely altruistic reasons by the standards of a for-profit company. After the DoubleClick infestation took root in the company it was more about trying to squeeze every last drop of blood from customers, employees, and anyone else.

  4. aerogems Silver badge
    FAIL

    We could do something sensible

    Like having the IRS send everyone an estimate of their tax bill, based on the info they already have from employers and whatnot, and then people can either accept it or say it should be some other amount.. Thus avoiding all the nasty possibilities of data being slurped by the likes of Google and Facebook. But to quote the late George Carlin, "We don't have time for rational solutions!"

    1. blackcat Silver badge

      Re: We could do something sensible

      The likes of Turbotax and the others make so much money from tax filing that they will never let that happen. Also the US govt is hecking lazy and would never do anything helpful.

      1. Michael Wojcik Silver badge

        Re: We could do something sensible

        Tweaking the tax code is also one of Congress's main ways of scoring points with contributors and voters. It's far too valuable for them to give it up.

  5. Pascal Monett Silver badge

    "the persistent ubiquity of spy pixels"

    Funny that. On all PCs that I control there is the persistent ubiquity of NoScript and UBlock Origin.

    I wonder why . . .

    That being said, this report is entirely from Democrats (and Bernie). I expect a flurry of Republicans to jump to the defense of poor little Google any minute now.

    1. aerogems Silver badge

      Re: "the persistent ubiquity of spy pixels"

      Nah, they think that "Big Tech" is "censoring" them because they're conservatives, and not because they're raging assholes who act like the rules don't apply to them. So they'll probably just keep quiet about this and find some way to talk about Hunter Biden's dick pics or use the word "woke" so much you wonder if it's a verbal tick.

    2. Michael Wojcik Silver badge

      Re: "the persistent ubiquity of spy pixels"

      NoScript and UBlock Origin and the like can certainly block many of the major tracking mechanisms, because using well-known mechanisms and not getting data from a small portion of users is fine with most sites. But they can't prevent all tracking because there is no perfect decision procedure for determining whether a resource – which can include anything on the page – has a nefarious purpose. Any HTTP request can be a side channel.

  6. Zippy´s Sausage Factory

    Just send the investigative department of the IRS into Google and Facebook to find out exactly what data was sent, where it went, how it was used, and then to determine who to prosecute.

    I think they'll get the message.

    1. CrazyOldCatMan Silver badge

      investigative department of the IRS

      Do they have the same powers as our Inland Revenue? Who (IIRC) have more power of entry than the police..

      1. PRR Silver badge
        Devil

        > our Inland Revenue?

        Zippy´s proposal forgets that the US IRS is horribly under-funded.

        Also that they are reluctant to go after any taxpayer big enough to be a Political Donor (to either party).

        "Senators" leaning on tax-prep firms is perhaps code-words for "Turbo/Block/Cut should make even larger political donations".

  7. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like