Hacker News new | past | comments | ask | show | jobs | submit login
Tax filing websites have been sending users’ financial information to Facebook (theverge.com)
280 points by dannykwells on Nov 23, 2022 | hide | past | favorite | 74 comments



> The data, sent through widely used code called the Meta Pixel, includes not only information like names and email addresses but often even more detailed information, including data on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts

The investigators on this have included some of the data they saw being shared that you can see at their GitHub[0]

[0]: https://github.com/the-markup/meta-pixel-taxes


I hate this situation so much.

I can block a lot with my browser but then often websites stop working, so while that is a solution since I have the technical knowledge to handle it there is no way in hell I am going to tell my parents to install something that will block this stuff.

Throw in the tracking in apps and potential server side tracking that there is nothing I can do about.

We need some serious laws to be implemented. I have removed Facebook and google as much out of my life as possible, but they still collect data about me without my consent and it is very frustrating.

I despise that other people can consent to have my data given to these companies (by my data being on their devices as my phone number, texts, whatever) and then these companies can consent for me to have my data sent just by going to their website.


At the very least I should get paid for my data. If I steal a patent that google has you better believe I am going to be paying up, but they can collect my personal data (or my personal intellectual property for lack of a better term) and not pay me a dime for it. I get if you are using their services for free then that kind of makes sense, but if you are not using any of their services why in the hell should they be able to act like the NSA.


The worse is the payroll companies leaking to equifax. In some states you can “disclose” car loan data on consumers to a certain extent, mortgage balances, etc.

Each one alone is troublesome and when aggregated it’s super annoying every American can basically be a voyeur target for a few dollars, and not even have to option to consent to this happening.


I kind of like the term “digital voyeurism” for this, though it is a euphemism for “spying.”


They should not be allowed to collect any data even if they offer their services for free. Personal information is not a currency. We are not cattle to be sold to advertisers.


"We are not cattle to be sold to advertisers."

Someone just crawled out from under a rock.


No, this is not what you want - because the straightforward outcome would be that your personal data was declared to be worth $X, which you were compensated for and then traded away as consideration to use the service. So then the service has an ongoing license to your data, which they sublicense to Facebook, and absolutely nothing changes besides legally cementing their surveillance regime. What we need is the definition of consent ala the GDPR that does not allow personal information to be permanently bought but only temporarily licensed with the requirement of ongoing consent that can be withdrawn at any time.


It needs to be bid on. Garden variety capitalism and market activity.


You're going to need to expand more, because you're ultimately still implying some sort of new right to control your personal data compared to how things are.

"Market activity" occurs at the level of abstraction above the foundation of what ownership is defined as. Define ownership wrong, and it turns into just another sleight of hand where you've theoretically got rights, but in practice it's impractical to extract yourself and assert them in a meaningful sense.

Defining rights properly is what my comment was focused on. After that is done, you can build whatever system you like for companies to encourage users to allow the use of their personal data.


I don’t even want to be paid. Let me see it! It could be useful to me. Also, let me change it. I am not as interested in gambling as YouTube seems to think.


Those are the kinds of moments I wish I had some charisma and run for an office myself, because I genuinely feel I lack any kind of real representation as a constituent.

The issue, however, is simple. There is real money on the table so anyone even thinking of running ( and making a change ) must be able to withstand likely quick and solid stomp, must be techy enough to understand the risks and PRy enough to be able to move in today's media landscape. Those skills tend of be somewhat rare on their own. Combination of those traits is likely more rare.

<< Throw in the tracking in apps and potential server side tracking that there is nothing I can do about.

And after that, almost inevitable hacks ( inevitable due to misaligned incentives for companies ).


Even if you could somehow guarantee that there will never be hacks, I'd say that the very existence of this data is almost exclusively to the detriment of the "consumer". If, for example, one of the anti-abortion states wanted to subpoena Meta for location data of all of its residents who flew out of state to visit an abortion clinic, they easily could. If an insurance company wanted to partner with Google to see if you're getting your 10k steps every day, or speeding in your car, and adjust your rates accordingly, they easily could. We're living in a dogshit digital panopticon, and we need to take laws to reign this in extremely seriously.


> Those are the kinds of moments I wish I had some charisma and run for an office myself, because I genuinely feel I lack any kind of real representation as a constituent.

If you won you'd still be beholden to the constituents as their representative, and seeing as how they, as a whole, do not align with your personal position, you're not going to be any further ahead. At least not without moving to a new constituency where the people are more likely to align – which is something you can also do as a constituent.


To an extent - but a politician might have to deal with 30 different issues, and choosing the right stance on 5 of them will get you enough support to get elected.

Say the right things on taxes, guns and abortion and you can get elected regardless of your stance on nuclear power or microplastics or cryptocurrency.


The election is merely the hiring process. Getting elect is necessary, but not where the job ends. It is post-election when the constituents start hammering you with their demands and as their representative you have to find the general sentiment of the crowd.

It is true that not everyone believes in the democratic process and, as such, will never speak to their representative again, if they even managed to during the election campaign, but then they're not really constituents in any meaningful sense and can be safely ignored.


You don't get elected on your personality alone, but rather on some sort of electoral platform. Presumably, your platform aligns with your personal position, and part of your mandate is precisely to make good on those promises.


The constituents would never want you to actually follow through with your platform as, even if well intentioned, is long outdated by the time you are able to do anything with it. Making decisions based on outdated and incomplete information would be considered horrendous by any reasonable person.

A platform merely provides points of interest to open the door to talk to the people who are interviewing you for the position. It's a cover letter, so to speak.

There is good reason why the constituents will show up at your office following the election to go over what actually needs to be done, just as any employer would. This is where the actual direction is set. There may end up be some overlap with the platform here – even a broken clock is right twice a day – but only after deeper consideration.

If you are not speaking to your hired representative regularly to ensure that your input in the direction is given, you're not participating in democracy. And, well, I guess as the saying goes: If you don't participate you can't complain. What is certain is that representatives, even the best ones, are not mind readers.


Regarding your last part, it is true that hacks are a serious concern. I guess I just can't bring myself to think about that (for this data) since I already feel powerless. Plus these companies are already doing stuff with my data that I don't want so how much worse could hackers be? (I know seriously much worse but for me there is not much difference between Facebook/google having this data and hackers... I still did not consent to it).

I agree on people running. I have been saying for several years that if a candidate came out and said "I don't have a strong technical understanding of [insert important technical discussion], but here are the people I will keep personally employed to help me with that to answer that question" will mean a lot to me. But I also know that admitting you don't know something will be picked up by the media and they will be destroyed for saying that, even though in admitting it is really a great sign.

Many of the people in power may have people that can explain it, but they will never truly understand it. Especially when they have so many other things they also have to deal with.


Wouldn't a more effective strategy be to put pressure on tax companies to stop using this data for advertising? Which, I guess, is what the article is trying to do.


You shouldn't call it "advertising". That term seems benign.

"advertising" makes people think it will be used to sell them sweaters in a pop up ad, but it can be easily used to deny access to housing, jobs or loans.


Serious laws have been implemented in the countries we bemoan for being "socialist." This is free market capitalism doing its thing. Just remember this when you hear the libertarians blather on about government and how the market will sort this all out. Uh-huh.


>"This is free market capitalism doing its thing."

This "free capitalism" does not mind when Government protects their copyright, patents etc. etc. They should not mind Government protecting us either. Otherwise let's get even and remove their protections. Then see how they like it.


Reminds me of the big bank bailouts in 2008 - capitalism on the way up, socialism on the way down. They only want to win, never lose. They will rapidly switch between whatever "ism" is needed to ensure they always win.


Without the socialist government robbing you through taxes there would be no need for the "tax websites" so there would be nothing to send to facebook.


they suck. no question. all you can do is blackhole all facebook domains in your /etc/hosts file.


The US government isn't going to stop this shit anytime soon, since it was their idea in the first place.

https://en.wikipedia.org/wiki/DARPA_LifeLog

> LifeLog was a project of the Information Processing Techniques Office of the Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense (DOD). According to its bid solicitation pamphlet in 2003, it was to be "an ontology-based (sub)system that captures, stores, and makes accessible the flow of one person's experience in and interactions with the world in order to support a broad spectrum of associates/assistants and other system capabilities". The objective of the LifeLog concept was "to be able to trace the 'threads' of an individual's life in terms of events, states, and relationships", and it has the ability to "take in all of a subject's experience, from phone numbers dialed and e-mail messages viewed to every breath taken, step made and place gone".[1]

> The LifeLog program was canceled on February 3, 2004 (one day before the launching of Facebook),

If you live in any other country, you should lobby your government to ban Facebook, to ban all foreign social media entirely. But I fear the situation is hopeless for us Americans.


I just watched the first four Die Hard movies and it’s amazing how much it changed in Die Hard 4, which came out after 9/11.

In the first three movies, the bad guys are basically after money, the cops are all disorganized fools, and it’s just this one guy with the right skills that foils the plot.

In the fourth movie, the bad guys are after your whole country, your freedom, and your daughter, the cops are supported by the feds who are are very cool and powerful, and the feds from their all-seeing command center masterfully assist the guy with skills to foil the bad guys. Also the bad guys can log in to any webcam they want any control any computer system at the press of a button.

Watching this reminded me of the mass cultural delusion that took over USA in the 2000’s. This LifeLog program follows from the idea that anything and everything that can be done to foil a potentially all powerful adversary should be done, and things like individual privacy have no meaning whatsoever.

What’s interesting looking back at these movies, knowing for example how the cops behaved at the Uvalde elementary school shooting, is that the portrayal of the police in the first three movies is way more accurate than the fourth.


Its an interesting concept, and it keeps being reinvented over the years. Sometimes people even dump their measurements into the public domain, often via an HN post!

There is a nice symmetry here, too, in that such a tool could be a force for great good, but it could also be used as a force for great evil. Such a tool would give "you" (the thinking, rational, speaking you) a great deal of leverage over the behavior of your future self using the same techniques honed by Tik Tok, Facebook and Twitter. It would give you a great deal of awareness and control over your Situation, to assess and minimize risk. (The application to opportunity is harder to imagine than risk, but I'm sure it's there, too.)

Certainly there's nothing physically impossible about such a system ultimately being under your personal control, with an ur-5th amendment protection against intrusion, and civilizational infrastructure to guard against intentional and unintentional hw and sw flaws that subvert that protection guarantee. But all of that would require a real and dangerous commitment to individual autonomy and responsibility on par with the 2nd Amendment. Do the risks of making bad people more effective outweigh the benefit of making everyone more effective? How does that tradeoff compare with a similar tradeoff around the 2nd Amendment?


"The government" is hardly a single organism with a unified will. So I wouldn't expect one organization doing or proposing an idea would mean the rest of the government organizations would just be like "oh dang they're right, it was our idea, better not touch it."


[flagged]


Easy with the conspiracy theories! As we all know, every three letter agency is 100% good. All the bad stuff is behind them and they'll never do any of it ever again. They told us so; don't you trust them?


By shear fortunate coincidence, we happen to live in a time when all our institutions are pure and good, for the first time in human history!


And it's comments like these which spoil training data for AGIs :)


So Facebook was their project? Not surprised.


There’s no evidence that is true.


So much web software shamelessly includes malware. When you need proprietary software to do anything sensitive, a better approach is to pirate an installable software package, install and fully update it, make sure it works, kill the VM's Internet access and never reenable it, and communicate only via Samba on the local network. This takes care of OS, developer, and distributor malware in one fell swoop.

(I agree with another comment saying we need privacy legislation that would stop this sort of thing, but in the mean time the only thing you can change is yourself)


hah! - this is getting downvotes and yet there is some truth in it. Anyone with experience over time has seen the erosion of privacy and repeated data leaks from consumer-facing companies.. in the case of tax preparation software, leaking explicitly private and sensitive financial details with names and unique identifying information, directly.

What choice is there when commercial companies push user-hostile and perhaps directly illegal leaks like this?

I will not advocate software piracy on a sealed VM like the pp here, but please consider the skill, time and effort it takes to write acceptable consumer software, as a direct barrier to entry for "fair" players, and then add network effects.. With that, consider the personal productivity software that has been built slowly and well over two decades in an open way.. where the user of the software has the right and ability to examine, modify and use the code.

I predict that intrusion and forced-interference into tax transactions will increase over time in almost every jurisdiction around the world. There really is no better time than now to re-examine your own practices with software on the open net.


You could pay for the software and do the same thing. But if you still have to spend so much effort making sure the publisher isn't attacking you, what obligation do you have? It's a low trust economy and thus law of the jungle. A privacy law akin to the GDPR could increase the level of trust and support straightforwardly participating in that economy. All we have right now is the dumpster fire drumbeat of whichever companies were found abusing their users this week, with vanishingly small reason to not keep doing it once they're out of the limelight.


What. The. Fuck.

Tax is arguably on the same level of confidently as health data, and companies entrusted with this information just sells it off?

Tax was supposed about giving government your money. There wasn't supposed to be private information disclosed as a result of filling taxes. This is beyond outrageous

What. The. Fuck...


FB lays off 11,000 people.

I overcome my hate for FB and feel a little bit of sympathy for these people, might even want to hire a few if/when situation presents itself.

Then I read this, I’m reminded of what FB is and who all created this system, all sympathy vanishes.


It is important to say, and it is simply not mentioned, that this problem is an American problem.


These problems while not uniquely American, are certainly made worse by the US attitude to both data privacy and tax returns.


Could you give examples from countries with similar problems?


If you think these companies aren't doing this in every country then I have a pixel to sell you


In some other countries (many? Most? idk) you file taxes directly on the government's website. No private third party is involved. In France for example, in a simple case (employee) it can take as low as few minutes to file your taxes for the year. Contrast that to the US dystopic situation where lobbying by TurboTax and the likes pushes people to pay to file their taxes.


Thanks to GDPR I can use this website https://www.smartsteuer.de/online/ without Third Party Cookies (example for German taxes)


"If you aren't the customer, you're the product" apparently is a lie. You're the product no matter what. Unless I missed it in the article, I doubt paying $100 for the advanced tax prep excluded me from this.


You are Facebook's product and TaxAct's potential customer. TaxAct is sending that data so they can ad-target you to sell you tax software.


No way the companies whose job is to find loopholes to save a couple bucks would leave that money on the table.


Will add this to the long list of reasons why Facebook employees should not act indignant when the public assumes the worst from their employer.


Because of course they have.

That being said, credit bureaus and data brokers seem just as bad as Facebook, just less visible.


What happens if you send MetaPixel a CCPA demand?


Could anyone comment on simpletax?


Of course! Why not?


"Tax filing websites" is a strange invention. Tax should be filled with the tax office.

Involving third parties in the process can only make things more complex. Even if that market should grow and attract entrepreneurs it's all artificial rent seeking, and not positive for the economy at large.


Allow me to present the strangest thing then: A tax filing website – made by the tax office! Such a thing exists, in Germany, aptly named „Elster“ (magpie).


Hopefully Facebook will self-implode with Zuck's Metaverse taking the whole org with it. Call your Congress person and ask them if they're being sponsored by the likes of FB or these tax webpages. Then ask them to stand up for your consumer rights.


someone else will replace them and have their own version of FB pixel. government needs to put a stop to these shady practices but that's too much work, isn't it? who is going fund their next election campaign if they act tough.

Meanwhile the US government is spending $15 million (https://www.propublica.org/article/files-taxes-free-inflatio...) to study free tax filing. the keyword is study, not implement.


Out with facebook, in with tiktok.


You're not wrong that something will always fill the void left.


[flagged]


OK, but please don't fulminate on HN. You may not owe $BigCo better but you owe this community better if you're participating in it.

This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.


It's not just the social web. Google is almost as bad and their social media platform failed spectacularly. Advertising as an industry has no limits to what they'll collect and how they'll use it.


> Meta is one of the most deplorable companies in existence

Interesting take.

So, a third party decides to use Meta's advertising tools. Why is this Meta's fault? Why not the third-party?

Also, if these companies are willing to send this data to Meta, did you stop and ask where else they might be sending it?


[flagged]


Yikes... If this is your stance, there's no point in debating this with you.


[flagged]


We've banned this account for breaking the site guidelines. Please don't create accounts to do that.

https://news.ycombinator.com/newsguidelines.html


Meta/Google wouldn't exist without their customers paying them money. I don't think you can lay the blame entirely on one entity here. The core problem is that companies who use the tools created by Meta/Google do benefit materially from user targeting, and when there is an inter-dependency it creates a strong incentive to keep things going.


Big Tobacco is not evil even though they knowingly sell addictions that end in lung cancer, because people give them money, right?

This is spoken like someone who works for one of these companies.


We have a fundamental disagreement. I don't agree that ad personalization and data collection is similar (in any way) to selling addictive drugs and substances that directly cause physical harm.

You implying that I support it is silly. Please don't do that. I'm against spying tech, and lets not polarize the discussion.


I take issue with you trying to downplay these issues in a way that reads a lot like victim blaming.

Surveillance capitalism literally exploits human dopamine responses to make almost everyone spend more hours of their lives scrolling on these platforms than they want to or would be if there was no profit motive. It -is- an addictive drug system.

We have endless examples of adtech fueling the need to create ever more addictive platforms that we have tremendous evidence are a major component in the compromised mental health of millions, promoting anti-covid conspiracies, automatically putting malleable personalities into hate group filter bubbles, swaying elections, increasing suicide rates, etc etc. Also it even helps nicotine companies connect with new customers.

Smoking rates have been dropping and not everyone smokes anymore. Surveillance capitalism products however currently addict -billions- of people. These companies literally sell behavior changes as a service to the highest bidder causing harm to nearly every sector of our society.

You are right that surveillance capitalism is not the same Big Tobacco. It is so much worse. It empowers big tobacco, big pharma, scams, casinos, hate groups, climate change denialism, and election manipulators to be maximally successful.

I frankly do not know how anyone that works for companies like Facebook, Tiktok, Twitter, or Google live with themselves.


I don't work in the industry, but what would you say to the people that do work at Meta who have good intentions and rationalize it by thinking to themselves, 'At least I can try to limit how bad they are, and if they didn't hire a good person like me, they would just hire a bad person doesn't care about the public.'?


They're honestly lying to themselves to rationalize their choice to be paid a lot to do bad things.

At the end of the day, we all live under this system and are forced to participate.


What would a facebook run only by a person who "doesn't care about the public" look like and how could it be worse than knowingly manipulating what depressed teenages see on their feed, which is a thing current facebook did?

If there IS anyone "good" in facebook, they don't have nearly the effect they hope, facebook isn't being reigned in at all.


If they have no other job prospects, are on an H1B visa, and are thus trapped at Meta I'd say "I'm so sorry." Otherwise I'd say, "You DO know you're directly contributing to the decline of humanity and destruction of millions of lives, yes?"





Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: