23 comments

[ 2.4 ms ] story [ 71.3 ms ] thread
> A pixel on TaxAct’s website then sent some of that data to Facebook, including users’ filing status, their adjusted gross income, and the amount of their refund, according to a review by The Markup.

A pixel is a powerful thing.

My uninformed mental model was that it’s rgb info but guessing there’s more to it?

I suppose theoretically one could use a small handful of pixels to encode a lot that way though.

It's probably requesting the pixel. All the info is on the request data.

This is a very common pattern.

Pixel is just a term of art. Facebook (or whomever) have their JavaScript on the page, which sends information back. Historically, this would be a GET request for a 1x1 image, with all the information of interest packed into query params on the request. Hence, the “pixel” colloquialism.
(comment deleted)
Isn't it great that nothing can make our lives easier unless we're giving up proportionally more in data, privacy, or liberty?
There really needs to be a crackdown on all this nonsense. I wonder if it would be feasible to create an infrastructure where everybody has a data pool and other companies can read the data with permission but it’s illegal for them to store anything. That way you could see who accesses your data and you could also revoke access.
This sounds absolutely, positively impossible. There can never be such a thing as read access without “store access”.

Taken to the extreme, a person could read the data and then literally handwrite it down on a piece of paper. That’s storage. It is nearly impossible to prevent that.

Also, if it’s illegal to duplicate the data, then it would have no purpose to be read from. For example, the system needs to access your birthdate field. Is using that piece of info somewhere considered storage, if it persists in any way? Probably.

So what this means is that the next best thing we can do is enforce read access to trustworthy parties only, with confidence for now and the future.

> This sounds absolutely, positively impossible. There can never be such a thing as read access without “store access”.

but there could be very clear rules just how many $$$ in fines you have to pay per data point if you ever get caught with your pants down. The issue with these leaks is that the perps never have to pay for them.

edit: that being said, I don't think a single such pool is a good idea since it would become the prime target for every hacker on the planet, right next to 1pass.

Still, I don’t understand. If it’s illegal for a data point to be stored, how could it be used anywhere with confidence? If your microservice returns an illegal datum, and a consuming service needs to use it somewhere, how is that secondary usage not a form of storage? This is before taking into consideration things such as cached responses, temporary files, RAM, and other downstream services. You would also have to prove that datum wasn’t derived from anywhere else. What a legislative nightmare this sounds like!
Yeah what I'm writing about there not being a pain signal applies either way; even if you have a good reason to store data, leaking them should hurt.

But even so, many times a website seems to ask for data they absolutely strictly don't need. Electronics shop -> doesn't need my gender, nor birth date really.

If someone does need my birth date, they typically a) don't need to store it but just verify, and b) what they'd really need would be a trusted third party (like my govt ID) certifying that date. And even then, often just properties about it like "is over 21" or such. Which is incidentally what my german ID allows to do, albeit in a way too complicated way.

(comment deleted)
I like this idea and have been wondering about it.

Right now it is considered normal for every company to keep personal data, but what if it was forbidden to store anything for longer than say 10 minutes and it is only allowed to keep anything in random access memory, not persistent storage? What if the person dealing with a company could generate a random identifier to allow for time-limited access to their data through a standard API?

What if the companies/organizations were by law required to ONLY access personal data through that API with all access being logged and auditable by the individual? If during an audit code (due to reasonable suspicion) it is found that the company is storing the data instead of reading and forgetting immediately, the company would face heavy fines.

Would this be enough? Probably not to deter bad actors... Maybe companies should not have access to any personal data in the first place? Only post office/delivery company would need to know where the mail for temporary ID must be delivered to.

Same with phone numbers, they don't need them. Only phone companies need to be able to resolve the temporary ID to make a call. It would FINALLY deal with the spam even though I guess phone companies are skimming money off that, so they won't be too happy if the legislation required it.

Exceptions can be made, but if there are fewer exceptions, the data would be far more tightly controlled.

When in Rome, do as the Romans do.

You might be mad at the cheap (or not so cheap) Chinese (or not so Chinese) smartphone manufacturer whose firmware updates come with crap apps and even trojans preinstalled, but that little business only wants to have a tiny piece of cake the big guys share. Can we scold it for swindling data if famous corporations do the same?

So, does the GPDR (or the CCPA) prevent this for EU citizens? I'm a bit of a GPDR skeptic, but coming from a place where I'd like to see improvements in privacy legislation and more clarity. Is this specific practice, transmitting tax data to a 3rd party, outlawed in Europe?
Theoretically, yes. Practically lots of companies still ignore GDPR rules or have just not prioritized doing so (yet). If the business is tracking people and selling data, some just keep going until a fine hits...
In most European countries, a third party is never involved in the tax filing process. The tax agency sends you a prefilled form that you just have to approve in most cases.

Also, all tax records in my country used to be public until recently and I think even now that information is somewhat easy to get.

I looked at what apps on Android are doing on my phone yesterday. The amount of info apps are sending to Facebook and Google analytics is just jaw dropping.
Could you explain how you did this? I'm curious what mine is sending.