Services including TaxAct, TaxSlayer, and H&R Block were discovered transferring confidential data by the Markup.
The Markup has found that major tax preparation companies including H&R Block, TaxAct, and TaxSlayer have been covertly sending private financial data to Facebook when Americans file their taxes online.
Data on names and email addresses as well as frequently even more specific information, such as information on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts, are provided through a commonly used code known as the Meta Pixel.
Whether or whether the person utilizing the tax filing service has an account on Facebook or other platforms run by its owner Meta, the information transmitted to the firm can be utilized to power its advertising algorithms.
The Internal Revenue Service processes around 150 million computerized individual tax returns each year, and The Markup discovered that the pixel is used by some of the most popular e-filing firms.
For instance, users of the well-known service TaxAct are required to give personal information in order to calculate their returns, such as their income and investment information. According to an examination by The Markup, a pixel on TaxAct’s website then relayed some of that information to Facebook, including users’ filing status, their AGI, and the size of their return. Refunds were rounded up to the nearest hundred and income to the nearest thousand. Additionally, the pixel transmitted dependents’ names in an obscured but typically reversible manner.
The Markup discovered comparable financial data—but not names—being provided to Google through its service by TaxAct, which claims to have about 3 million “consumer and professional users” on its website.
The Meta Pixel was used by other tax filing services besides TaxAct. The world’s largest provider of tax preparation services, H&R Block, which additionally provides an online filing option that draws millions of customers each year, integrated a pixel on its website that collected data on users’ use of health savings accounts and the grants and costs associated with dependents’ college tuition.
As part of Facebook’s “advanced matching” system, which collects information on website visitors in an effort to connect them to Facebook accounts, TaxSlayer, a different popular filing service, submitted personal information to the social media corporation. Phone numbers, the name of the user filling out the form, and the names of any dependents added to the return were among the data collected by the pixel on TaxSlayer’s website. Similar to TaxAct, Facebook was able to link a user to an existing profile despite the fact that precise demographic information about the person was obscured. According to TaxSlayer, 10 million federal and state tax returns were completed last year.
The Markup also discovered the pixel code on a tax preparation website run by Ramsey Solutions, a firm that provides software and financial planning services and makes use of a TaxSlayer service. From a tax return summary page, that pixel collected even more sensitive data, such as details on income and refund amounts. This information was only supplied after users clicked drop-down headings to view more of their report’s details on the website.
The pixel was used by even Intuit, the business that handles America’s leading online file system. However, Intuit’s TurboTax only sent usernames and the most recent sign-in time to Meta instead of financial information. The company completely removed the pixel from all sites after sign-in.
The protection of our customers’ data is something we take very seriously, according to Nicole Coburn, a TaxAct spokesman, in an email. “TaxAct always attempts to abide by all IRS laws.” The business “frequently evaluate[s] our processes as part of our continuous commitment to privacy, and will assess the information,” according to H&R Block spokesperson Angela Davied.
In an email, Ramsey Solutions spokesperson Megan McConnell stated that the business “installed the Meta Pixel to give a more tailored customer experience.”
The statement read, “We did NOT know and were never told that Facebook was collecting personal tax information through the Pixel.” We quickly notified TaxSlayer to deactivate the Pixel from Ramsey SmartTax as soon as we learned of it.
TaxSlayer removed the pixel to assess its use, according to spokesman Molly Richardson, who responded to The Markup’s email. She said that Ramsey Solutions “decided to remove the pixel” as well, stressing that “our customers’ privacy is of the utmost importance” and that “we take concerns regarding our customers’ information extremely seriously.”
While Intuit “may share some non-tax-return information, such as username, with marketing partners to deliver a better customer experience,” like not showing Intuit ads on Facebook to people who have accounts already, the company’s pixel “does not track, gather, or share information that users enter in TurboTax while filing their taxes.” The business claimed to be in accordance with laws but changed the pixel so that usernames are no longer sent.
The Markup’s results, according to Mandi Matlock, a tax law lecturer at Harvard Law School, reveal that taxpayers are “giving some of the most sensitive information that they own, and it’s being exploited.”
This is horrible, she remarked. “It is, really.”
After The Markup approached TaxAct for comment, the company’s website stopped sending financial information to Meta on Monday, but it still received dependents’ identities. The website kept sending Google Analytics money-related data. Additionally, as of Monday, TurboTax ceased sending usernames through the pixel at sign-in, and TaxSlayer and Ramsey Solutions disabled the pixel from their tax filing websites. The website for H&R Block was still disseminating information on college tuition assistance and health savings accounts.
How Meta Pixel monitors users
Anyone who wants the pixel code can get it for free from Meta, which gives companies the freedom to use it wherever they want on their websites.
The businesses and Facebook both benefit from using the code. When a customer visits a company’s website, the pixel may keep track of the things they browsed, like a T-shirt, for instance. The company can locate an audience that could already be interested in its items by targeting its Facebook advertisements to people who looked at that shirt.
Meta also benefits financially. The business claims it can use the information it gathers from devices like the pixel to power its algorithms, giving it knowledge of people’ online behaviors.
Facebook has seen success with this tactic. The business informed Congress in 2018 that there were over 2 million pixels on the web, a significant data collection effort that most internet users never saw.
The technique is widespread, according to Jon Callas, director of public interest technology at the Electronic Frontier Foundation, who described his reaction to The Markup’s findings as “shock but not surprise.”
The Markup’s analysis of sensitive data collection shows that some of it is related to the Meta Pixel’s default behaviors, while other instances appear to be the result of customizations made by tax filing services, people working on their behalf, or other software that has been installed on the website.
For instance, the normal setup of the Meta Pixel automatically collects the title of a page the user is seeing, along with the web address of the page and other data. This is how Meta Pixel gathered health savings account and college spending information from the H&R Block website. It was able to obtain salary data from Ramsey Solutions because it was presented as a summary that could be enlarged by clicking. The pixel identified the summary as being a button, because by default, the pixel captures text from a clicked button.
Automatic advanced matching was a feature used in the TaxSlayer and TaxAct pixels. This function examines forms for areas where it suspects there may be personally identifiable data, such as a phone number, first name, last name, or email address, and then transmits any such data it finds to Meta. This function on TaxSlayer’s website gathered contact information and the names of taxpayers and their dependents. It gathered dependents’ names on TaxAct.
According to Meta, the hashing method used to encrypt the data supplied by the matching feature is done so in order to “help preserve user privacy.” The pre-obfuscated version of the data may, however, usually be found by the corporation. In fact, Meta specifically used the hashed data to connect additional pixel data to Facebook and Instagram identities.
When The Markup created a test pixel linked to a business account, this pixel functionality was disabled by default but could be enabled by selecting a toggle during setup.
A “custom event,” which is sent only if the pixel is specified outside of the default by a website operator or another application the website operator adds to their site, is what TaxAct used to send dollar figures like adjusted gross income to Meta. Inquiries about whether and why TaxAct configured the pixel in this way went unanswered.
There are restrictions on the kinds of data that Meta claims the pixel will allow it to gather. The corporation claims that it uses automatic filtering to block potentially sensitive data and does not want sensitive information, including financial data, delivered to it. According to its help center, providing information such as bank account or credit card details or “knowledge regarding an individual’s financial account or status” is prohibited.
Still, The Markup discovered that two tax sites supplied Facebook one specific form of banned data – income. TaxAct may have also been transmitting a parameter with the name “student loan interest” before the pixel started filtering it before it was delivered, according to data it supplied to Facebook.
The Markup monitored websites’ pixel usage from January to July of this year as part of the Pixel Hunt, a collaboration with Mozilla Rally. Participants in the initiative installed a browser extension that gave The Markup a copy of all the information given with Meta via the pixel.
Through data given by Pixel Hunt participants, The Markup first learned that tax preparers were disclosing sensitive information. The Markup subsequently created accounts on the businesses’ websites and used the “Network” portion of Chrome DevTools, a feature included with Google’s Chrome browser, to reproduce and validate the data.
The Markup discovered sensitive data transferred to Facebook earlier this year with the aid of Pixel Hunt participants on the Education Department’s federal student aid application website, crisis pregnancy websites, and the websites of prominent hospitals.
Because Meta gathers so much information, occasionally even the firm doesn’t know where it goes. In a leaked memo from Facebook’s privacy engineers earlier this year, Vice reported that the firm couldn’t guarantee it wouldn’t use specific data for specific objectives because it “does not have an acceptable level of control and explainability over how our systems use data.”
Facebook has “extensive systems and controls to handle data and comply with privacy standards,” a corporate spokeswoman claimed at the time, according to Vice.
Dale Hogan, a representative for Meta, referred to the organization’s policies on sensitive financial information in answer to The Markup’s inquiries over the use of the pixel by the tax websites.
Hogan stated in an email that advertisers “should not transmit sensitive information about people through our Business Tools.” “Doing so is against our regulations, and we train advertisers on how to set up Business tools correctly to avoid this,” the statement reads. Our technology is built to weed out any potentially sensitive information it can find.
An email from a Google representative, Jackie Berté, stated that the company “has strict policies against advertising to people based on sensitive information” and that Google Analytics data is “obfuscated, meaning it is not tied back to an individual.” Additionally, she added, “our policies prohibit customers from sending us data that could be used to identify a user.”
Tax data is strictly regulated by the IRS.
Between 2001 and 2019, Nina Olson, the executive director of the nonprofit Center for Taxpayer Rights, served as the Internal Revenue Service’s national taxpayer advocate, a position in the organization designed to represent the interests of taxpayers.
She helped draft the rules governing the disclosure of tax information as part of her responsibilities at the IRS. Olson stated that the IRS standards governing the use of data by private tax filing firms are “extremely stringent” on purpose.
According to the rules she helped create, tax preparers, including e-filing companies, are only permitted to use the information that taxpayers provide for certain limited purposes; anything beyond simply facilitating filing requires the user’s signed consent that specifies the recipient and the specific information being disclosed.
Even the font size of requests for disclosure is regulated by the government, which states that it must be “the same size as, or larger than, the typical or standard body text used by the website or software program.”
While Olson said she was not aware of any criminal cases that had been pursued, the penalty for sharing data without consent could be severe: fines and even jail time are possible.
The Markup searched the websites of tax preparation services for disclosures that expressly named Facebook or Meta, but it was unable to locate any. Some businesses, however, incorporated rather extensive disclosure agreements.
For instance, TaxAct asked customers to consent to the sibling firm, TaxSmart Research LLC, receiving their tax information so that it may “create, promote, and provide goods and services” for users. TaxSmart Research LLC may work with service providers and business partners to complete these responsibilities, it was further stated. In contrast, H&R Block included almost the same disclosure request so that “H&R Block Personalized Services, LLC” could offer its own products. Although users had the choice to opt out of sharing tax information with Facebook on certain sites, The Markup’s tests revealed that data was shared with Facebook regardless of the users’ choices.
According to Olson, any disclosure by a tax preparer must specify the precise objective and recipient in order to be in compliance. Do they have a list stating that they will reveal the return amounts, your children, and whatever else on Facebook? she questioned. If not, they might be breaking the law. Regarding whether any of the websites that shared tax information were in violation of the law, the IRS declined to comment or respond to any inquiries.
There is no escape for taxpayers
There aren’t many options available to American taxpayers outside using private businesses to file their taxes.
In contrast to other nations, the United States has a substantially privatized tax filing system that frequently necessitates the employment of outside tax preparers. In other nations, the taxpayers simply give their approval to the estimates that the government does. However, as a result of a successful lobbying campaign by private businesses, tax preparers in the US now serve as the official go-between for taxpayers and the government.
Today, tax preparation is a significant sector in the United States, worth more than $11 billion, according to market research.
Although there is a free preparation and filing alternative, it is only available to those making $73,000 or less and might be challenging to utilize. Companies are accused for not making the option easily accessible even when they provide their tax software at no cost as part of an agreement with the IRS.
The Markup discovered using the pixel that the IRS even successfully guides taxpayers attempting to file for free to some of the businesses. The Free File Alliance, an arrangement including a few tax preparation firms, includes TaxAct and TaxSlayer. H&R Block and TurboTax have previously participated in the program.
Harvard’s Matlock claimed that The Markup’s findings demonstrated the nearly unavoidable implications of entrusting a government requirement to for-profit businesses. According to her, the procedure leaves users with no alternative but to give their data to Facebook in order to comply with the law.
It’s aggravating, she added, since taxpayers are being forced into the hands of these private, for-profit businesses in order to fulfill their tax filing duties. “Really, we don’t have a choice in the issue.”
ChatGPT Will Soon “See, Hear, And Speak” With Its Latest AI Update
A major update to ChatGPT lets the chatbot respond to images and voice conversations. The AI will hear your questions, see the world, and respond.
OpenAI, the non-profit group behind ChatGPT and DALL-E, announced the “multimodal” update in a blog post on Monday, saying it will add voice and image features to ChatGPT Plus and Enterprise over the next two weeks.
The post said it would be available for other groups “soon after.” It was unclear when it would be added to free versions.
Part of this update may be like Siri and Alexa, where you can ask a question and get the answer.
Anyone who’s used ChatGPT knows its AI isn’t a sterile search engine. It can find patterns and solve complex problems creatively and conversationally.
According to OpenAI, “Snap a picture of a landmark while traveling and have a live conversation about what’s interesting about it” could expand these abilities. To decide what to make for dinner, take pictures of your fridge and pantry at home and ask questions for a recipe. Take a photo, circle the problem set, and have it share hints with your child after dinner to help them with a math problem.
This development “opens doors to many creative and accessibility-focused applications,” said OpenAI. They added that it will pose “new risks, such as the potential for malicious actors to impersonate public figures or commit fraud.”
The update currently only allows voice chat with AI trained with specific voice actors. It seems you can’t ask, “Read this IFLScience article in the voice of Stephen Hawking.”
However, current AI technology can achieve that.
Track People and Read Through Walls with Wi-Fi Signals
Recent research has shown that your Wi-Fi router’s signals can be used as a sneaky surveillance system to track people and read text through walls.
Recently, Carnegie Mellon University computer scientists developed a deep neural network that digitally maps human bodies using Wi-Fi signals.
It works like radar. Many sensors detect Wi-Fi radio waves reflected around the room by a person walking. This data is processed by a machine learning algorithm to create an accurate image of moving human bodies.
“The results of the study reveal that our model can estimate the dense pose of multiple subjects, with comparable performance to image-based approaches, by utilizing WiFi signals as the only input,” the researchers wrote in a December 2022 pre-print paper.
The team claims this experimental technology is “privacy-preserving” compared to a camera, despite concerns about intrusion. The algorithm can only detect rough body positions, not facial features and appearance, so it could provide a new way to monitor people anonymously.
They write, “This technology may be scaled to monitor the well-being of elder people or just identify suspicious behaviors at home.”
Recent research at the University of California Santa Barbara showed another way Wi-Fi signals can be used to spy through walls. They used similar technology to detect Wi-Fi signals through a building wall and reveal 3D alphabet letters.
WiFi still imagery is difficult due to motionlessness. “We then took a completely different approach to this challenging problem by tracing the edges of the objects,” said UC Santa Barbara electrical and computer engineering professor Yasamin Mostofi.
A futurist predicts human immortality by 2030
Ray Kurzweil, a computer scientist and futurist, has set specific timelines for humanity’s immortality and AI’s singularity. If his predictions are correct, you can live forever by surviving the next seven years.
Kurzweil correctly predicted in 1990 that a computer would beat human world chess champions by 2000, the rise of portable computers and smartphones, the shift to wireless technology, and the Internet’s explosion before it was obvious.
He even checked his 20-year-old predictions in 2010. He claims that of his 147 1990 predictions for the years leading up to 2010, 115 were “entirely correct” 12 were essentially correct, and 3 were entirely wrong.
Of course, he miscalculates, predicting self-driving cars by 2009.
Though bold (and probably wrong), immortality claims shouldn’t be dismissed out of hand. Kurzweil has made bold predictions like this for years, sticking to his initial dates.
“2029 is the consistent date I have predicted for when an AI will pass a valid Turing test and therefore achieve human levels of intelligence,” Kurzweil said in 2017. “I have set the date 2045 for the ‘Singularity’ which is when we will multiply our effective intelligence a billion fold by merging with the intelligence we have created.”
Kurzweil predicts we will “advance human life expectancy” by “more than a year every year” by 2030. Part of this progress toward the singularity 15 years later will involve nanobots in our bloodstream repairing and connecting our brain to the cloud. When this happens, we can send videos (or emails if you want to think about the duller aspects of being a freaking cyborg) from our brains and backup our memories.
Kurzweil believes the singularity will make humans “godlike” rather than a threat.
We’ll be funnier. Our sexiness will increase. We’ll express love better,” he said in 2015.
“If I want to access 10,000 computers for two seconds, I can do that wirelessly,” he said, “and my cloud computing power multiplies ten thousandfold. We’ll use our neocortex.”
“I’m walking along and Larry Page comes, and I need a clever response, but 300 million modules in my neocortex won’t work. One billion for two seconds. Just like I can multiply my smartphone’s intelligence thousands-fold today, I can access that in the cloud.”
Nanobots can deliver drug payloads into brain tumors, but without significant advances in the next few years, it’s unlikely we’ll get there in seven years. Paralyzed patients can now spell sentences and monkeys can finally play Pong with brain-computer interfaces.
Kurzweil says we’re far from the future, with human-AI interactions mostly the old way. His accuracy will be determined by time. Fortunately, his predictions predict plenty of time.
- Gadgets9 years ago
Why the Nexus 7 is still a good tablet in 2015
- Mobile Devices9 years ago
Samsung Galaxy Note 4 vs Galaxy Note 5: is there room for improvement?
- Editorials9 years ago
Samsung Galaxy Note 4 – How bad updates prevent people from enjoying their phones
- Mobile Devices9 years ago
Nexus 5 2015 and Android M born to be together
- Gaming9 years ago
New Teaser For Five Nights At Freddy’s 4
- Mobile Devices9 years ago
Google not releasing Android M to Nexus 7
- Gadgets9 years ago
Moto G Android 5.0.2 Lollipop still has a memory leak bug
- Mobile Devices9 years ago
Nexus 7 2015: Huawei and Google changing the game