The Meta Pixel allow sites to track you

Meta Pixel used to be known as Facebook Pixel

You are welcome to email me if you want to hire my services. Together we can minimize how social media tracks your online activities.

The Meta Pixel is a snippet of JavaScript code that allows websites to track visitor’s activity. According to this Meta Developers Document, it loads a small library of functions to track various actions that a visitor might make on a website.

Meta refers to these interactions (where website visitor’s actions are being tracked), as ‘conversions’. Tracked conversions appear in Meta’s Ads Manager where they can be used to measure the effectiveness of their ads. Conversations are useful in ‘ad targeting’, used for defining custom audiences and analyzing the effectiveness of their ‘ad campaigns’.

Facebook caught collecting information

The article called Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients was posted on June 15 (2022) by Grace Oldham and Dhruv Mehrotra. Below is my brief overview of their compelling findings, unless you want to read their original article on The Markup.

They demonstrated that more than a third of the websites in question sent data to Facebook when someone made an appointment for an ‘abortion consultation’ or ‘pre-termination screening’. And, at least 39 sites actually sent Facebook details such as the person’s name, email address, or phone number.

How does Meta actually track us? In the mentioned article, Facebook and crisis pregnancy centers were using the data that ‘the pixel’ collects… Grace created a new Facebook profile in late April solely for this investigation. While logged in to Facebook, she visited the 294 crisis pregnancy center websites known to use ‘the pixel’ for tracking. And, she was clicking through each website and, when available, filling out appointment request forms. To minimize tracking, she conducted her research using a clean browser with cleared browsing cache.

In early May, Grace and Dhruv used Meta’s Privacy Center to download and review the data of the clean Facebook account. They found that Facebook retained data about her interactions with 88 percent of those crisis pregnancy center websites. They were also linking her online behaviour to her Facebook profile.

Facebook does not have an incentive to crack down on violations of its advertising policies. That costs them money to do. As long as they’re not legally obligated to do so, why would they expend any resources to fix this? The more data they get, the more targeted advertising they can do, and that’s the gravy train for them: targeted ads. If they’re proactive about cutting off sites like that, it impacts their revenue in multiple ways.

Serge Egelman, research director of the Usable Security & Privacy Group (UC Berkeley’s International Computer Science Institute)
Facebook explains the Meta Pixel

On their website, Facebook says: “If you’re logged into Facebook and visit a website with the Like button, your browser sends us information about your visit.

And: “If you’re logged out or don’t have a Facebook account and visit a website with the Like button or another social plugin, your browser sends us a more limited set of info.

Thanks to the Facebook Pixel, Meta is tracking everyone!

DuckDuckGo desktop browser

As a Mac user, I use the DuckDuckGo desktop browser app for Mac. I do that to minimize websites from tracking me. While the DDG browser uses the DDG search engine by default, one could change it to use another search engine of your choice. One could opt for the Google search engine for instance.

On the rare occasion that I may want to see a different set of search results (in the DDG browser), I would actually ‘use the Google search engine’ in my DDG desktop browser. Google arranges my search results to benefit their paying advertisers, not me. Obviously, I am their product, as would be the case with Facebook as well. It is not surprising that they are tracking my activities.

Even so, it does happen sometimes that I have a need to see another set of search results. I would not change my browser’s search engine setting, when this happens. I would simply type ‘google.com’ in the address bar of my DDG browser. Doing so would take me to https://www.google.com/. Thus, I would be using Google’s native search engine, embedded on their search page. Google can indeed track my search activity on their site. In this case, that level of tracking would be inevitable. I limit all the other forms of tracking as much as possible, for this very reason.

At that point, an unsolicited popup would remind me that ‘Google recommends using Chrome’, and that I could ‘more easily search on Google with their fast, secure browser’. I am steadfast and not lured by such proposed (popup) distractions. I use the DDG desktop browser for its tracking protection in the first place.

Why do I use several browsers?

I use different browsers for different purposes, always optimized to limit the relentless tracking by the Meta Pixel and other trackers. I containerize activities into certain browsers. My personal favourite is the Brave browser. It is safe out of the box, but takes a bit of tuning to suppress some annoying things that I don’t need to see. I will write a ‘How To’ guide for this at some point…

Since I administer several Google Workspace accounts, I use the Chrome browser for that purpose. And, I do all my website administration and upgrades in the Vivaldi browser. While it also requires a bit tuning to suppress some features that I don’t use, it is lovely.

Google or Microsoft are usually the ones who attempt to lure me into switching to their browser… I do not appreciate that when I am inside any of the browsers that I use frequently. And also not when I am simply just using the DDG desktop browser. I use the DDG browser because it limits unsolicited tracking!

If you are not on a regular Mac user, there are other ways that you could get DDG protection. If you don’t want to wait for DDG’s Windows browser app to be released, add the DuckDuckGo Browser Extension to your browser. Or, you could install and use the DuckDuckGo Mobile App.

How Does the DuckDuckGo App/Extension Protect My Privacy? should answer any DDG questions you may have… DDG is great, but it is only one possible way to ensure that websites are not tracking you online…

Other private browsing options

You could use the Firefox browser and add the uBlock Origin browser extension.

uBlock is a free and open-source, cross-platform browser extension for content filtering, primarily aimed at neutralizing privacy invasion in an efficient, user-friendly method. And, if you’re going to be doing this, why not then also use Firefox’s Facebook Container add-on browser extension?

This add-on isolates Meta sites (including Facebook, Instagram, and Messenger) from the rest of your web surfing experience. It is an elegant alternative for setting boundaries for Facebook and other Meta websites, and limits effectively ‘where Meta can track you’.

You can further improve your security profile if you stop saving your passwords in your browser!

Move any saved passwords over to a proper password vault. Before 2023, I would have advised that you move to LastPass, but now I recommend that existing LastPass users move on ASAP. I am not getting affiliate commission for recommending Bitwarden, I simply trust them with the responsibility of keeping my password vaults secure!

— Norman Atterbury

LastPass breach — should you move on?

I used LastPass as my password vault
LastPass logo

I was urging my clients and family to use LastPass as their password vault. If you were one of these people, you probably know this did not end very well… and you could email me if you would rather hire my services, to handle this for you.

LastPass has not been handling their latest security breach in a manner that makes me confident that they are protecting everyone’s password vault! On December 22nd, 2022, their update said that “the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

It is safe to assume the attackers would have obtained the metadata associated with every user’s account! This makes future potential attempts to use brute-force decryption to crack open users’ accounts an undeniable possibility.

MOVE ON to another Password Manager

I prefer Bitwarden for my own use, although Dashlane and 1Password are excellent alternatives to my choice. I have used most Password Managers available, and any one (that is trustworthy) is better than thinking up ‘your own’ passwords, and writing them down. As a human, you cannot create passwords with enough entropy, i.e. not complicated enough — use a Password Manager!

Bitwarden is based on open source technology, which means they are being scrutinized every step of the way, unlike the proprietary (secret) technologies that almost every of their competitor cling to.

For me, Bitwarden is the easiest way to secure all of your passwords and sensitive information, and they provide a tool to import password vaults from other providers.

Do not reuse your old master password

Create a new master password, and then change all the passwords inside your newly established password vault. Since your old password vault was most likely among those which were downloaded, the attackers will keep it on a hard-drive until one of their minions can crack into it, one day…

You want to be sure that when that happens, every password in your old password vault will have been replaced with a new randomly created one.

Create an impressive master password

I recommend taking a line from one of your favourite books, and modifying it…

Remembering a sentence (that you could even highlight in an actual book) to reference, is relatively simple. Just be sure you join the words with a symbol, such as a hyphen or an ‘!’, and then capitalize the first letter in some of words, and add a few numbers and symbols.

THE LONGER IT IS THE SAFER YOU ARE

For instance, if you used this sentence (out of some book): The Bluebells represent the Party and Winston and Julia’s love affair.

And then converted it into: The-Bluebells-Represent-The-Party&Winston&Julia’s-love-affair-44 — to become the string of characters you use as your new password.

In the example above…
  1. the ‘blank spaces‘ became hyphens
  2. he word ‘and‘ became the symbol ‘&
  3. the number ‘44’ represents some year that is special for you — do not use your birth year
THIS WOULD BE A SAFE PASSWORD

Once you think you have come up with a password you can remember, why not test it at Security.org’s How secure is my password? Make sure it is in fact, good enough to protect your new password vault.

Do not settle for any password for which the results suggest that a computer might take less than 1 million years to crack it.

— Norman Atterbury