Researchers discovered that when a user clicks any button or link after filling out a form, user data may be leaked to Meta.
According to a study, Meta Platforms and TikTok capture hashed personal information from web forms even when the user does not submit the form or grant authorization.
According to researchers from KU Leuven, Radboud University, and the University of Lausanne, both Meta Pixel and TikTok Pixel offer a feature called Automatic Advanced Matching (AAM) that captures hashed personal IDs from web forms in an automated manner.
Pixels are a type of code that allows platforms to track visitor behaviour. This data can be used to serve adverts to consumers based on their interests, preferences, and online behaviour. It can also track the effectiveness of advertisements.
The hashed personal identifiers are then used to target adverts on the platforms in question, track conversions, and develop new custom audiences.
Meta and Tiktok acquire user data
According to Meta’s and TikTok’s instructions, AAM should collect data when a user submits a form.
Researchers discovered that when a user clicks links. Or buttons that don’t look like submit buttons, both platforms capture hashed personal data.
The scripts in Meta and TikTok don’t even try to recognise submit buttons. According to the researchers. These sites capture hashed personal information. Even when a user abandons a form and clicks a button or link to go away from the website.
The researchers also looked at 1 lakh websites to see. Whether there were any data leaks caused by unrelated button or link hits.
They discovered that when a user clicks any button or link. After filling out a form, 8,438 US and 7,379 EU sites may leak user data to Meta. They also discovered 154 US and 147 EU websites that were leaking user data to TikTok.
According to the researchers. Users’ email addresses are transmitted to tracking, marketing, and analytics domains. Before submitting forms and giving consent.