The Facebook browser collects confidential information

Typically, when clicking a link on Facebook or Instagram, the user is redirected to a separate browser within the app instead of switching to Chrome or Firefox. However, according to former Google engineer Felix Krauss, meta code is embedded in this browser. Collect informations.

“Meta embeds code on every webpage visited, including clicks on ads. This allows tracking of all user interactions, including all buttons and links clicked, text selections, images, screenshots, and any content entered. Like passwords, addresses, etc., and credit card numbers,” explains frill.

Krause, now a privacy researcher, has developed a tool that can list additional commands that a browser adds to a website, thereby detecting embed code. The tool easily detects changes in browsers and in-app browsers.

However, for Facebook and Instagram, this tool finds up to 18 lines of added code. These plugins require no installation and rely on the Meta pixel, which allows Meta to track users across the web and serve targeted ads based on the browser they are using.

According to Krause, the embedded code is only visible in Facebook and Instagram browsers, not WhatsApp.

Meanwhile, a meta spokesman said the embed code in the browser is there to “serve user preferences.” The company states that it is only used to collect data before targeting certain types of habits for advertising or statistical purposes. The meta for in-app browser transactions says “Save payment info for autofill only”.

In the past, JavaScript injections were often classified as malicious attacks. According to cybersecurity firm Feroot, these attacks “enable an attacker to compromise a website or web application to collect sensitive information such as personally identifiable information (PII) or payment information.”

Bao Lam (Consequences Nanny)