• Tax filing websites have been sending users’ financial information to Facebook

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Tax filing websites have been sending users’ financial information to Facebook

    • This topic has 3 replies, 4 voices, and was last updated 1 week ago.


    The Markup found services including TaxAct, TaxSlayer, and H&R Block sending sensitive data.

    Major tax filing services such as H&R Block, TaxAct, and TaxSlayer have been quietly transmitting sensitive financial information to Facebook when Americans file their taxes online, The Markup has learned.

    The data, sent through widely used code called the Meta Pixel, includes not only information like names and email addresses but often even more detailed information, including data on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts.

    When users sign up to file their taxes with the popular service TaxAct, for example, they’re asked to provide personal information to calculate their returns, including how much money they make and their investments. A pixel on TaxAct’s website then sent some of that data to Facebook, including users’ filing status, their adjusted gross income, and the amount of their refund, according to a review by The Markup. Income was rounded to the nearest thousand and refunds to the nearest hundred. The pixel also sent the names of dependents in an obfuscated — but generally reversible — format…

    TaxAct wasn’t the only tax filing service using the Meta Pixel. Tax preparation giant H&R Block, which also offers an online filing option that attracts millions of customers per year, embedded a pixel on its site that gathered information on filers’ health savings account usage and dependents’ college tuition grants and expenses…

    3 users thanked author for this post.
    Viewing 1 reply thread
    • #2500602

      Other than the first paragraph Alex quoted, there is no mention anywhere in that Verge article that the issue appears to be limited only to the web versions of these products.

      I have been using TaxAct for nearly 20 years (switched after some egregious TurboTax behavior), but have only used their offline/desktop product. As near as I can tell, this is not affected.

      The real problem, of course, is the widespread use of the Facebook (er, “Meta”) pixel, which as another underlying link pointed out, is not new nor limited to tax companies. (Incidentally, that’s also why I have had FB IPs blocked on my computer for years.)

      Yet that themarkup.org article also mentions:

      If a [user] is using a tracker blocker such as uBlock Origin or EFF’s Privacy Badger, these tools will likely block the Meta Pixel’s network requests, thus preventing the pixel from sending data to Meta […]

      A similar limitation would occur if a [user] uses Mozilla Firefox’s Facebook Container extension. This add-on silos Facebook activity and blocks network requests made by the Meta Pixel on sites other than Facebook itself


      … which seems to me to be a significant point to have been omitted in the Verge article.



      4 users thanked author for this post.
      • #2500670

        I don’t know about H&R Block and Facebook, but I think H&R Block or Chrome shares your tax info with advertisers. Why?

        I used H&R Block tax software. I do not have or every had a Facebook account and have never accessed Facebook. Before filing my income tax return I had ads to buy some tax software with some made up figure of how much return you could get with the ad’s software. After filing my return, the ads changed the random figure and the amount that the ad showed that I could save using their software was the exact amount of my just filed return.

        Appears that other sources besides Facebook are sharing your tax info.

        HTH, Dana:))

    • #2500658

      Thanks, Alex. This “Facebook Tracking Pixel” and it’s like need to be made illegal, along with so many other privacy-busting shenanigans.

      And all to have corporations know everything about you down to the color of your bathroom roll…

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      "Courage isn’t the absence of fear; it's being scared to death and going on anyway. The man who says he's fearless is a fool, and I won't have him in my command.” —Unknown

      1 user thanked author for this post.
    Viewing 1 reply thread
    Reply To: Tax filing websites have been sending users’ financial information to Facebook

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: